Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
Welcome to BSidesLV 2016, our 8th annual BSides in beautiful Las Vegas, Nevada!
View analytic

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Tuesday, August 2
 

08:30

Doxing yourself through FOIA: understanding agency data structures to reverse engineer FOIA requests.
Limited Capacity full

This workshop will teach you to Dox yourself or a subject using the Freedom of Information Act or Privacy Act. It will present information about federal agency data management, and how understanding agency practices improves agency FOIA responses.

Speakers
avatar for Caitlin Henry

Caitlin Henry

Attorney, @sue_the_fed
Kelly Henry, an Oakland-based attorney specializes in Freedom of Information and Public Records Act requests. You can read about some of her cases, and find resources for drafting your own requests here http://caitlinkellyhenry.com/foia. Kelly Henry also teaches in the Criminal Justice Department at Sonoma State University and the Anthropology and Social Change department at CIIS.


Tuesday August 2, 2016 08:30 - 12:30
Training Ground I & II Siena

08:30

Mobile App Attack
Limited Capacity full

This full-fledged hands-on training will get the attendees familiar with the various Android as well
as iOS application analysis techniques and bypassing the existing security models in both the
platforms. The main objective of this training is to provide a proper guide on how the mobile
applications can be attacked and provide an overview of how some of the most important security checks for the applications are applied and get an in-depth understanding of these security checks.
The training will also include a CTF challenge designed by the trainer in the end where the attendees will use their skills learnt during the workshop to solve this challenge.

Speakers
avatar for sneha rajguru

sneha rajguru

Security Consultant, Payatu Technologies
Sneha works as a Security Consultant with Payatu Technologies Pvt.Ltd. and holds C.E.H and E.C.S.A certifications. Her area of interest lies in Web application and mobile application security and fuzzing. She has discovered various serious application flaws within open source applications such as PDFLite.Jobberbase, Lucidchart and many opensource wordpress plugins and many more. She is also an active member of Null – The open security community... Read More →


Tuesday August 2, 2016 08:30 - 12:30
Training Ground I & II Siena

10:00

Opening Keynote Pt. I & II
Join us for our opening Keynote's one-two punch, when Lorrie Cranor, Chief Technologist at the Federal Trade Commission, starts the conference off with the "why"of why we need to start training our clients and end users to reevaluate their thinking on mandatory password changes. Immediately following Lorrie's timely message, Michael Kaiser, Executive Director of Staysafeonline.org and Chief Executive of the National Cyber Security Alliance (NCSA) gives us the "how", providing us with ways and means to effectively get the word out to the masses and make sure the change starts here and now.

Speakers
avatar for Lorrie Cranor

Lorrie Cranor

Chief Technologist, US Federal Trade Commission
Lorrie Faith Cranor is a Professor of Computer Science and of Engineering and Public Policy at Carnegie Mellon University where she is director of the CyLab Usable Privacy and Security Laboratory (CUPS) and co-director of the MSIT-Privacy Engineering masters program. In 2016 she is on leave from CMU while serving as Chief Technologist at the US Federal Trade Commission. She is also a co-founder of Wombat Security Technologies, Inc. She has... Read More →
avatar for Michael Kaiser

Michael Kaiser

Michael Kaiser joined the National Cyber Security Alliance (NCSA) in 2008. As NCSA’s chief executive, Mr. Kaiser engages diverse constituencies—business, government and other nonprofit organizations—in NCSA’s broad public education and outreach efforts to promote a safer, more secure and more trusted Internet. Mr. Kaiser leads NCSA in several major awareness initiatives, including National Cyber Security Awareness Month... Read More →


Tuesday August 2, 2016 10:00 - 11:00
Chill-Out Room Florentine C/D

10:00

PvJ CTF
The Pros V Joes CTF is an event where the average Joe can have a chance to defend along with Professionals in the field, to learn from them while having fun. The game consists of live combat, with each team of Joes defending a network from a Red Cell of professional hackers.

This will be PvJ’s 4th year at BSidesLV. We’re overhauling the Gaming Grid, The Scoreboard and the Scoring Engine to feature some new surprises this year.

As in the past, this game is designed to give regular Joes their first taste of live-fire security, where they have to defend networks against Professionals who know how to break in.

For the Pros, this is a chance to flex your muscles, showing how good you are against live threats. Or, if you we accept you to our standing Red Team, it’s a chance to show your skills in pwning all the things.

For both colors of Pro, red and blue, it is a chance to lend your experience to help others improve their game.

The environment to host this CTF is laced with various surprises to keep the game interesting. The networks that the Blue Teams must defend will be a mix of Windows and Linux, with the typical Internet services (web, DNS, mail, etc) and a mix of obscure systems and services. The flags will also be more complicated than last year.

Senior Staff
avatar for Dichotomy

Dichotomy

Senior Staff, BSidesLV
Pros Vs Joes Capture the Flag Games Master


Tuesday August 2, 2016 10:00 - 19:00
Chill-Out Room Florentine C/D

11:00

Hire Ground - Opening Remarks
Jack Daniel kicks off the Hire Ground track by sharing his own career story and sets the tone for the track. 

Senior Staff
avatar for Jack Daniel

Jack Daniel

Director, Treasurer, NOC lead, Security BSides Las Vegas
Talk to me about BSides, bartending, Tiki, storytelling, community building, careers, stress management, burnout, and stuff. Oh, and we can talk about infosec if you insist.


Tuesday August 2, 2016 11:00 - 11:30
Hire Ground Florentine B

11:00

IATC Introduction and Overview

I Am The Cavalry track kicks off with an introduction to the topics and overview of the two day session. Whether you have been The Cavalry from the beginning, or are just curiously stopping by, there will be something for everyone. Participants who have yet to be introduced to the initiative will be; those who are very familiar will be updated on activities and progress over the last year. And we will describe the vision for the day's activities. Even if you miss this first session, you can join for any of the others.


Speakers
avatar for Joshua Corman

Joshua Corman

CTO | Founder | Founder, Sonatype | I am The Cavalry | Rugged
Joshua Corman is a Founder of I am The Cavalry (dot org) and Director of the Cyber Statecraft Initiative for the Atlantic Council. Corman previously served as CTO for Sonatype, Director of Security Intelligence for Akamai, and in senior research & strategy roles for The 451 Group and IBM Internet Security Systems. He co-founded @RuggedSoftware and @IamTheCavalry to encourage new security approaches in response to the world’s increasing... Read More →


Tuesday August 2, 2016 11:00 - 11:30
I Am The Cavalry Copa Lounge - Downstairs in the Casino

11:00

Network Access Control: The Company-Wide Team Building Exercise That Only You Know About
Although the first word in NAC is "Network", NAC involves many other technologies - and that means many other groups need to be involved and committed to the NAC project for it to have any real chance of success. Learn about all the pieces that fit together to make an effective Network Access Control solution and, even better, talking points to use in order to get those pieces in place for you and your organization.

Mentor
avatar for Wendy Nather

Wendy Nather

Research Director, R-CISC
Wendy Nather is Research Director at the Retail Cyber Intelligence Sharing Center (R-CISC), where she is responsible for advancing the state of resources and knowledge to help organizations defend their infrastructure from attackers. She was previously Research Director of the Information Security Practice at independent analyst firm 451 Research, covering the security industry in areas such as application security, threat intelligence... Read More →

Speakers
avatar for Dean Webb

Dean Webb

Networking-Forums.Com
I work in the field of network security, with particular focus on NAC, firewalls, and firewall management.


Tuesday August 2, 2016 11:00 - 11:30
Proving Ground Florentine E

11:00

Managing Security with the OWASP Assimilation Project.
IT shops have trouble reliably doing the basics well: 30% of all break-ins come through systems not in inventory, 30% of servers are doing nothing useful, getting systems hardened is difficult, 70% of people who get into compliance with PCI-DSS aren’t in compliance a year later, remediation of known serious patches happens slowly if at all, 90% of all sites have suffered from outages of services which aren’t monitored, and keeping a suite of helpful tools correctly configured over time is time-consuming and expensive. Then of course, there’s the problem of demonstrating to upper management that you’re actually making progress against a formidable task. These are the problems the OWASP Assimilation project addresses.

It compares security configuration against best practices, keeps network-facing checksums up to date, provides attack surface visualization, alerts on many kinds of events, and also improves availability through monitoring systems and services.

This talk will give an overview of the project and a live demo.

Speakers
avatar for Alan Robertson

Alan Robertson

CTO, Assimilation Systems
Professional: Continuous Compliance, Availability, Scalability, Monitoring, Integrity, Business Resilience, open source, OWASP Assimilation Project, | | I founded the open source Linux-HA/Pacemaker project, the OWASP Assimilation Project, and the IT Best Practice project.


Tuesday August 2, 2016 11:00 - 11:45
Breaking Ground Florentine A

11:00

Toward Better Password Requirements
While we often discuss examples of poor password requirements, it’s also useful to consider a sample set of good requirements and practices. NIST Special Publication 800-63, which defines authentication requirements for Federal Government agencies, is currently being revised and seeks to establish requirements that are aligned with current understanding of threats and user behavior. This talk will discuss the rationale for these changes and opportunities for comment.

As authentication threats have evolved and we have learned more about user behavior, what were considered best practices several years ago are no longer current. For this reason, guidance on user authentication needs periodic revision. NIST Special Publication 800-63, which sets technical requirements for authentication and identity proofing by the Federal Government, is currently in the process of such a revision.

SP 800-63B, subtitled “Authentication and Lifecycle Management”, is a new document dealing specifically with user authentication. It changes the requirements for memorized secrets (passwords) in several ways:
- Emphasis on long, memorable passwords
- No use of composition rules
- No hints and prompts (name of first pet, etc.)
- Use of dictionary of compromised passwords to disallow poor choices
- No arbitrary (e.g., periodic) password changes

Beyond the realm of passwords per se, SP 800-63B also clarifies and strengthens the requirements for two-factor authentication and account recovery. The use of SMS (text messaging) as an out-of-band authentication mechanism has been deprecated due to security issues that have been seen with this technique. Requirements for account recovery have also been strengthened, in an effort to avoid having account recovery act as an authentication back door, particular for two-factor authentication.

Speakers
avatar for Jim Fenton

Jim Fenton

Internet Technologist, Altmode Networks
Jim Fenton is a consultant and researcher with a focus on user-centric identity, messaging, and Internet privacy and security issues. His primary consulting focus is currently in the area of user authentication standards, currently supporting the National Institute of Standards and Technology (NIST). He is an active participant in the Identity Ecosystem Steering Group and is an advisor to Disconnect, a maker of Internet privacy tools... Read More →


Tuesday August 2, 2016 11:00 - 11:50
Passwords16 Tuscany

11:00

Data Science or Data Pseudo-Science? Applying Data Science Concepts to Infosec without a PhD
Looking to learn how to apply fuzzy linear Bayesian regression entropy clustering to your security analyst toolbox? Then this talk is not for you. The goal of this presentation is to demystify and de-bullshit the world of data science for us mere security mortals. I will explain key concepts behind buzzwords such as machine learning, k-means, Bayesian Probability, Lambda Architecture and how they apply to real world security use cases. The presentation will cover how analysts can get started using data science concepts without a PhD and using data they are already collecting in their environment to gain insight into previously unseen threats.

Speakers
avatar for Ken Westin

Ken Westin

Ken is a creative technologist with 16 years experience building and breaking things through the use/misuse of technology. His technology exploits and endeavors have been featured in Forbes, Good Morning America, Dateline, New York Times, The Economist and others. He has presented at DEF CON, RSA, Black Hat and BSides around the country and other conferences. In the past he developed forensic and data mining tools to aid in the unveiling of... Read More →


Tuesday August 2, 2016 11:00 - 11:55
Ground Truth Florentine F

11:00

What Snowden and I Have in Common - Reflections of an ex-NSA Hacker

NSA takes very seriously its mandate to do “what NSA does” against foreign entities and NOT U.S. citizens. The rules were clarified in the late 70's in the Foreign Intelligence Surveillance Act (FISA). FISA was written after the findings of the "Church Proceedings" were published as part of the fallout of the Watergate scandal.

I've only heard the Church Proceedings mentioned twice in my lifetime - once twenty years ago when I was investigated for violating the charter when I led a forensic team to help the Dept. of Justice after their website was defaced, and the second time was in hearing news reports about Edward Snowden. This is why I'm sometimes heard to say, "I was the first Edward Snowden".

I will share the story of how I was almost fired from NSA for violating the same law that NSA has been accused of violating based on the information disclosed by Edward Snowden several years ago. The goal is to shed some light on how NSA really operates, from someone who used to be on the inside, in order to take the whole Snowden debate to a different level. I do not intend to sway anyone's opinion, but merely want to offer some details that should help anyone make a more informed decision about NSA, its mission, and the laws by which it is governed.

 


Speakers
avatar for Jeff Man

Jeff Man

Security Strategist, Tenable Network Security
Jeff Man is a Strategist and Security Evangelist at Tenable Network Security. He has over 30 years of experience working in all aspects of computer, network, and information security, including risk management, vulnerability analysis, compliance assessment, forensic analysis and penetration testing. Earlier in his career, Jeff held security research, management and product development roles with NSA, the DoD and private-sector enterprises... Read More →


Tuesday August 2, 2016 11:00 - 11:55
Underground Firenze

11:00

Shall We Play A Game? 30 Years of the CFAA
2016 marks the 30th anniversary of the Computer Fraud and Abuse Act (CFAA), the main anti-hacking law in the US. Since its inception, the CFAA has been deeply contentious, with strong criticism raised that it is overly broad and vague, too harsh (or conversely not harsh enough) in sentencing, and that it is fundamentally unable to keep up with the speed of evolution of the technology usage it is designed to police.

Perhaps more troubling for the security community, the CFAA contains both civil and criminal causes of action, enabling some technology vendors to use it as a handy stick to threaten security researchers away from making important disclosures. This, combined with the factors above, is widely believed to be creating a chilling effect on security research. Yet recent attempts to update the CFAA have proven fruitless and highly contentious, with disagreement and frustration on all sides of the debate.

In this session, we will discuss the purpose and history of the CFAA, high profile cases and lessons learned, the impact on security research, and our predictions for the future of the CFAA. To cover all that ground, this session will be an unusual mixture of presentation and panel. In the first half, Jen Ellis (security research advocate) and Leonard Bailey (DOJ) will provide a factual overview of the law. In the second half, Leonard will be joined by Nate Cardozo (EFF lawyer), Cristin Flynn Goodwin (Microsoft lawyer), and Tod Beardsley (Rapid7 security researcher) to discuss their varied points of view on this contentious law, and their hopes for future application and developments.

Speakers
avatar for Tod Beardsley

Tod Beardsley

Security Research Manager, Rapid7
Tod Beardsley is the Security Research Manager at Rapid7. He has over twenty years of hands-on security experience, reaching back to the halcyon days of 2400 baud textfile BBSes and in-band telephony switching. Since then, he has held IT Ops and IT Security positions in large footprint organizations such as 3Com, Dell, and Westinghouse, as both an offensive and defensive practitioner. Today, Tod speaks at security and developer conferences on... Read More →
avatar for Nate Cardozo

Nate Cardozo

Senior Staff Attorney, Electronic Frontier Foundation
NATE CARDOZO is a Senior Staff Attorney on the Electronic Frontier Foundation’s digital civil liberties team. In addition to his focus on free speech and privacy litigation, Nate works on EFF's Who Has Your Back? report and Coders' Rights Project. Nate has projects involving cryptography and the law, automotive privacy, government transparency, hardware hacking rights, anonymous speech, electronic privacy law reform, Freedom of Information... Read More →
avatar for Jen Ellis

Jen Ellis

VP of community and public affairs, Rapid7
Jen Ellis is the Vice President of Community and Public Affairs at Rapid7, a security data and analytics company. In this role, Jen’s primary focus is on building productive collaboration between those in the security community and those operating outside it. She works extensively with security researchers, technology providers and operators, and various Government entities to help them understand and address cybersecurity challenges. She... Read More →
avatar for Cristin Goodwin

Cristin Goodwin

Assistant General Counsel, Microsoft
Cristin Flynn Goodwin is the Assistant General Counsel for Cybersecurity in Microsoft’s Trustworthy Computing division.  Cristin counsels Microsoft businesses on a range of cybersecurity legal issues, and is the lead counsel for Microsoft’s Government Security Program (GSP) which provides governments with a structured, legal means to access source code and affirm there are no back doors in Microsoft products or services, as... Read More →


Tuesday August 2, 2016 11:00 - 12:25
Common Ground Florentine G

11:00

Lock Pick Village
Join us from 1000 to 1845 on Tuesday and Wednesday to learn all about lock picking, from locks and tumblers to picks, rakes and tension bars. We'll have a few contests and classes going throughout the days.

Senior Staff

Tuesday August 2, 2016 11:00 - 19:00
Chill-Out Room Florentine C/D

11:30

Hire Ground - Open Sessions
During the Open Session, you'll have a chance to participate in several career development activities - such as resume reviews and critiques, mock interviews and general networking with both industry pros, career pros, and other friends of BsidesLV. 

Take time during these sessions to have more specific conversations about your background and get answers to some career questions.



Tuesday August 2, 2016 11:30 - 12:00
Hire Ground Florentine B

11:30

Calling All Hacker Heroes: Go Above And Beyond

So you've taken the red pill, realized the cavalry isn't coming, and you know it's up to us, hackers and security researchers, to save the day. How can we make this a reality? How do we take the impact of our work to the next level? This talk will focus on the ways security research matters, and how to use your time, ideas and hard work to create greater positive impact in the world, as hacker heroes.


Speakers
avatar for Keren Elazari

Keren Elazari

Security Analyst, International Author & Senior Researcher, Tel Aviv University Interdisciplinary Cyber Research Center
Since 2000, Keren has worked with leading Israeli security firms, government organizations, Big 4 firms, Fortune 500 and groundbreaking startup companies. As an independent analyst and strategic advisor , Keren covers emerging security trends and technologies and helps global organizations navigate complex cyber security issues. | Her research work and writing about security has been featured by NATO, Scientific... Read More →


Tuesday August 2, 2016 11:30 - 12:00
I Am The Cavalry Copa Lounge - Downstairs in the Casino

11:30

Intro to Storage Security, Looking Past the Server
Data is all around us. We tend to overlook where & how it is stored as a possible attack surface. This session hopes to educate you on how that box of disks you call a SAN/NAS works, and tips how to protect it. It truly is the heart of your business.

Mentor
avatar for Cheryl Biswas

Cheryl Biswas

Consultant, Threat Intel, KPMG
@3ncr1pt3d

Speakers
avatar for Jarett Kulm

Jarett Kulm

Principal Technologist, High Availability, Inc.
I'm JK-47 ( @JK47TheWeapon), Principal Technologist for a VAR based in PA & CO. I focus on Storage, Databases, VMware, & Cisco Datacenter products. With more than 20 years of industry experience, I strive to help customers big data dreams become reality! | | I am also a member of the #NetappATeam, #CiscoChampions, and former delegate of Storage Field Day #SFD6 #SFD8 | | My hobbies include locksport, 3d printing, RPi/Arduino... Read More →


Tuesday August 2, 2016 11:30 - 12:00
Proving Ground Florentine E

11:45

Are You A PenTexter? Open-Sourcing Pentest Reporting and Automation.
This talk will announce a new OWASP project: PenText, a fully open-sourced XML-based pentest document automation system. The PenText system is a document automation framework that supports the entire pentesting lifecycle: from the initial inquiry, through pentest scoping, quotations, pentesting, and reporting, through the final invoice.

During this talk, we will demonstrate the OWASP PenText system live, in the context of our larger Pentesting ChatOps infrastructure (RocketChat, Hubot, and Gitlab). We will describe the basics of how the OWASP PenText system is architected (XML, XSLT, XSL-FO), and show how the system can be used to manage the entire lifecycle of pentesting data, including the automatic generation of documentation at various points in the process (including quotations, pentest reports, and invoices).

The OWASP PenText system was built and tested by the globally-distributed team at Radically Open Security. This system is at the heart of our own pentesting workflow, and we feel passionately that this 100% free and open-sourced framework will also be useful to your organization.

Speakers
avatar for Peter Mosmans

Peter Mosmans

Lead Pentester, Radically Open Security
I currently lead a team of passionate, idealistic, and overall excellent pentesters around the globe at Radically Open Security. Being a builder first, I started in the nineties as software engineer working on Internet banking applications for European financial institutions. Later on I started specializing in pentesting complex and feature-rich web applications. | I'm a contributor to several open source security projects and maintain an... Read More →
avatar for Melanie Rieback

Melanie Rieback

CEO/Co-founder, Radically Open Security
Dr. Melanie Rieback is the CEO/Co-founder of Radically Open Security, the world’s first non-profit computer security consultancy company. She is also a former Assistant Professor of Computer Science at VU who performed RFID security research (RFID Virus and RFID Guardian), that attracted worldwide press coverage, and won several awards (VU Mediakomeet, ISOC Award, NWO I/O award, IEEE Percom Best Paper, USENIX Lisa Best Paper). Melanie worked as... Read More →


Tuesday August 2, 2016 11:45 - 12:30
Breaking Ground Florentine A

12:00

Deep Adversarial Architectures for Detecting (and Generating) Maliciousness
Deep Learning has begun to receive a lot of attention in information security for detecting malware, categorizing network traffic, and domain name classification, to name a few applications. Yet one of the more interesting recent developments in deep learning embodies the technical challenges of infosec, but has yet to achieve widespread attention—adversarial models. This talk reviews key concepts of deep learning in an intuitive way. Then we demonstrate how, in a non-cooperative game theoretic framework, adversarial deep learning can be used to produce a model for robustly detecting malicious behavior while simultaneously producing a model to conceal malicious behavior. In particular, the framework pits a detector (think: defender) and a generator (think: malicious actor) against one another in a series of adversarial rounds. During each round, the generator aims to produce samples that bypass the detector, and the detector subsequently learns how to identify the impostors. During this process, the generator's ability to produce samples to bypass defenses improves. Meanwhile, the detector becomes hardened (i.e., more robust) against adversarial blind spot attacks simulated by the generator.

The majority of this talk details our unique framework for adversarial sequence generation that leverages repurposed autoencoders and introduces novel neural elements to simplify the adversarial training process. We focus on two infosec behavior obfuscation/detection applications that leverage our adversarial sequence generation in a natural language processing (NLP) framework: (1) generating and detecting artificial domain names for malware command-and-control, and (2) generating and detecting sequences of Windows API calls for malicious behavior obfuscation and detection. While our solutions to these two applications are promising in their own right, they also signpost a broader strategy for leveraging adversarially-tuned models in information security.

Speakers
avatar for Hyrum Anderson

Hyrum Anderson

Principal Data Scientist, Endgame, Inc.
Hyrum Anderson is a principal data scientist at Endgame. Prior to joining Endgame he worked as a data scientist at FireEye Labs, Mandiant, Sandia National Laboratories and MIT Lincoln Laboratory. He received his PhD in Electrical Engineering (signal processing + machine learning) from the University of Washington and BS/MS degrees from BYU. Research interests include large-scale malware classification, adversarial drift, domain shift... Read More →


Tuesday August 2, 2016 12:00 - 12:30
Ground Truth Florentine F

12:00

Navigating Different Career Paths in Security
Lorrie is now the Chief Technologist for the FTC and has a great career in academia. This fireside chat will discuss her career, working for the government and her recommendations on how to strategize your career.

Speakers
avatar for Lorrie Cranor

Lorrie Cranor

Chief Technologist, US Federal Trade Commission
Lorrie Faith Cranor is a Professor of Computer Science and of Engineering and Public Policy at Carnegie Mellon University where she is director of the CyLab Usable Privacy and Security Laboratory (CUPS) and co-director of the MSIT-Privacy Engineering masters program. In 2016 she is on leave from CMU while serving as Chief Technologist at the US Federal Trade Commission. She is also a co-founder of Wombat Security Technologies, Inc. She has... Read More →


Tuesday August 2, 2016 12:00 - 12:30
Hire Ground Florentine B

12:00

Panel: Progress On Cyber Safety

Cyber Safety industries (Medical, Automotive, Home, and Public Infrastructure) have come a long way in the last few years, but still have a long way to go. We will talk about the quiet successes, where these industries need to go, and how to help get them there.


Speakers
avatar for Frank Barickman

Frank Barickman

Electronics Team Lead, National Highway Traffic Safety Administration
Mr. Barickman has been conducting advanced automotive safety research for the past 22 years. As the Electronics Team Lead with the National Highway Traffic Safety Administration, he has been responsible for leading research in driver assistance systems, vehicle dynamics, electronic control systems, and automated vehicles. Throughout his career, Mr. Barickman has needed to make vehicles and their electronics perform in ways they were not... Read More →
avatar for Michael McNeil

Michael McNeil

Global Product Security & Services Officer, Royal Philips
Michael C. McNeil is the current Global Product Security & Services Officer for Royal Philips.  In this capacity, McNeil is responsible for leading the global product security program for the company and insuring consistent repeatable processes are deployed throughout their products and services in the Healthcare market.  Prior to this assignment, McNeil was the former Global Chief Privacy & Security Officer at Medtronic... Read More →
avatar for Chris Nickerson

Chris Nickerson

IDS Administrator, DNC
Born on an off-shore drilling platform, autonomous country, know as Sealand, he didn't hold a recognized citizenship until 23yo. Convicted of selling black market ASCII porn he was sentenced to 10 years of binary data entry, carpal tunnel became his reality. Which sparked a career change and a return to school to become a proctologist although he really had a foot fetish. An avid apiarist, he insists on only using locally-sourced, organic... Read More →
avatar for Beau Woods

Beau Woods

I Am The Cavalry
Beau Woods is the deputy director of the Cyber Statecraft Initiative at the Atlantic Council, and core contributor to the I Am The Cavalry initiative. Beau works with policymakers, industry, civil society groups, NGOs, and individual stakeholders to safeguard human life, public safety, and global security. Beau has been a part of the information security industry and hacker community for over a decade, is a frequent presenter, media... Read More →
avatar for Saša Zdjelar

Saša Zdjelar

Software Security Design Lead and Supervisor of the Software Security Group (SSG), ExxonMobil Corporation
Saša (“Sasha”) is the Software Security Design Lead and Supervisor of the Software Security Group (SSG) at ExxonMobil Corporation where he has been working since graduating in 2005 from the University of Florida with a Bachelor’s and Master’s degrees. Saša has been involved with information risk management, application/software security, network security, mobile device/application security, 3rd party provider... Read More →


Tuesday August 2, 2016 12:00 - 12:30
I Am The Cavalry Copa Lounge - Downstairs in the Casino

12:00

What's Up Argon2? The Password Hashing Winner A Year Later
Argon2 is the winner of the Password Hashing Competition (PHC), as announced in July 2015. Since then the reference code of Argon2 on GitHub received more than 1000 stars and has bindings for most popular languages and platforms. People implemented Argon2, cryptanalyzed it, deployed it. Argon2 supersedes legacy password hashes PBKDF2, bcrypt, scrypt, and will likely become the standard algorithm for memory-hard hashing and key derivation. In this talk I'll review what's been accomplished in a year, and I'll explain when you should use Argon2 and how you can best fine-tune it for your application.

Speakers
avatar for JP Aumasson

JP Aumasson

Principal Cryptographer, Kudelski Security
Jean-Philippe (JP) Aumasson is Principal Cryptographer at Kudelski Security, in Switzerland. He designed the popular cryptographic functions BLAKE2 and SipHash, and the new authenticated cipher NORX. He has spoken at Black Hat, DEFCON, RSA, CCC, SyScan, Troopers. He initiated the Crypto Coding Standard and the Password Hashing Competition projects, and co-wrote the 2015 book "The Hash Function BLAKE". JP tweets as @veorq.


Tuesday August 2, 2016 12:00 - 12:30
Passwords16 Tuscany

12:00

Automation of Penetration Testing and the future
The push for automation and commoditization is changing penetration testing as we know it. And change is not always a good thing.

This talk will cover the use of automation and the reason for the trend. We will delve into what this means for skilled penetration testers / exploit developers and the probable outcome of bigger and more breaches. We will also explore the current trend of paying for a “9-5 job” in infosec in relation to automation.

What are the potential costs of automating more for less?

The sacrifice of quality and integrity as cheaper, faster, crappier pentests being pushed/sold

Losing skilled people and top end talent as we scan all the things

The increased potential of exploit devs being sold on the black market for short term gain, long term pain.

The negative impact on the group/society

Recently, a panel discussion at Derbycon 2015 raised concerns around what the future holds for pentesters and the integrity of the practice. Currently the security market pays for talent and skills, but they do not pay for the building of skills. This talk will reiterate these ideas but also present the probable future of a skills loss. That future being; people that can run scanners, a gap in middle talent and a small end talent of exploit devs/vulnerability researchers, ultimately ending up in a complete eradication of top tier talent. With new courses rolling out, and the demand high, are we breeding a new generation looking to InfoSec for a lucrative 9-5 job in pentest puppy mills

For those of us already working in InfoSec, we understand our roles in terms of passion and dedication, and the constant commitment to ongoing learning to keep our knowledge honed. However, in the eyes of the consumer, there is little difference between a vulnerability scan and a pen test. What they do notice is pricing. That is creating a lucrative market in a competitive field with the idea that anybody can do them, and the cheaper, the better. Welcome to the culture of “good enough.”

Mentor
Speakers
avatar for Haydn Johnson

Haydn Johnson

I do stuff, I go places. Haydn Johnson has over 3 years of information security experience, including network/web penetration testing, vulnerability assessments, identity and access management, and cyber threat intelligence. He has a Masters in Information Technology, the OSCP certification and has recently gained the GXPN certification. Haydn regularly contributes to the InfoSec community primarily via Twitter and has spoken at BSides Toronto... Read More →


Tuesday August 2, 2016 12:00 - 12:30
Proving Ground Florentine E

14:00

Cruise Line Security Assessment OR Hacking the High Seas
The purpose of taking a cruise is to relax and enjoy some much needed time off from the day to day grind. Like most people taking a vacation, there is not much thought put in to how the cruise ships operate or how secure your stored information is on the ship. In this assessment, three major cruise lines have been evaluated in several different areas over the last 10 years including social engineering, internet cafe security, physical security, wifi vulnerabilities, segregation of passenger network from operations network, financial transactions, and more. Some vulnerabilities are simple hacks to allow one to obtain free wifi without detection, some are more complex that allow one to explore the ship in more obscure ways. In this presentation, successes and failures of hacking the high seas will be discussed.

Mentor
avatar for Adam Brand

Adam Brand

Director, Protiviti
Adam Brand: Adam Brand has more than 16 years’ experience in information technology and security. He is a Director with Protiviti, where he has assisted companies in resolving major security incidents and maturing their information security programs. Adam has been heavily involved with the “I am The Cavalry” movement, a group of researchers focused on information security issues that can affect human life and safety. He has recently focused... Read More →

Speakers
avatar for Chad M. Dewey

Chad M. Dewey

Instructor, Saginaw Valley State University
Chad M. Dewey is a Computer Science and Information Systems instructor at Saginaw Valley State University in Michigan. With a background in network and information security, and his interests including all things security, he takes a particular interest in the security of IoT such as medical equipment, automobiles, cruise ships, and other "weird stuff".


Tuesday August 2, 2016 14:00 - 14:25
Proving Ground Florentine E

14:00

Rock Salt: A Method for Securely Storing and Utilizing Password Validation Data
Rock Salt™ is a method for storing and accessing password verification data on multi-user computer systems that resists remote attacks. Along with commonly-employed measures that limit the number of unsuccessful attempts to login or otherwise verify a password, it allows users to choose relatively simple passwords with full security. The secret component cannot be easily leaked or exfiltrated by malware, does not require periodic backup and is isolated in a way that allows it to be protected by conventional security measures, such as safes, alarm systems and video surveillance, from attackers who somehow gain access to the computing facility.

Speakers
avatar for Arnold Reinhold

Arnold Reinhold

A G Reinhold
Arnold Reinhold has been involved with password and passphrase security since the mid-1990s. He is the developer of Diceware, CipherSaber and HEKS, the first password hash designed to consume memory resources as well as CPU time. | | He has worked on spacecraft navigation at NASA, apparel industry automation at Marcon, computer-aided design software at Computervision Corp. and helped found Automatix Inc., an early robotics and machine vision... Read More →


Tuesday August 2, 2016 14:00 - 14:50
Passwords16 Tuscany

14:00

Welcome to The World of Yesterday, Tomorrow!
30 years ago, the United States suffered a pivotal moment within our space program when the Space Shuttle Challenger exploded. This incident forever changed the way risk was handled by that program, with hard lessons learned at the cost of human lives.

Information security failure is plagued by flawed decision making, communication breakdowns, and lack of involvement in critical discussions, to name just a few. And it gets worse: managers think technology solves security problems, and staff can’t communicate problems effectively up the chain. Unrelenting pressure to meet the demands of business can result in loss of effectiveness of a security program.

The root causes that led to the shuttle’s O-ring failure were process and communications breakdowns revealing wide disconnects between management and the engineers. This talk will focus on analyzing those breakdowns and disconnects, and what lessons NASA learned from them that can be put to use today to improve your information security program and posture.

The lessons of our past have much to teach us about our future – but only if we are paying attention. Come learn how the information security programs we are charged with building and maintaining today can learn from the failures of our past.

This talk is intended for all audiences from analysts to executives. Audience members are welcome to share their views during the presentation to provide a greater depth to the takeaways we can all benefit from.

Speakers
avatar for Joel Cardella

Joel Cardella

Sr Security Consultant, Rapid7
Joel Cardella has over 24 years of experience in information technology, having run a gamut from network operations, sales support, data center management, field operations and information security. He has worked in industries including telecommunications, healthcare and manufacturing. Prior to Rapid7 he held the role of Regional Security Officer for North America for a multinational manufacturing company. | | Joel is interested in the... Read More →


Tuesday August 2, 2016 14:00 - 14:55
Common Ground Florentine G

14:00

Flaying out the Blockchain Ledger for Fun, Profit, and Hip Hop
If somebody tweets about having $15 million dollars worth of Bitcoin stolen, how hard would it be to figure out if they were lying? In this talk, I will discuss parsing the Bitcoin blockchain ledger and putting the data into a more searchable and easily-analyzed database, correlating social media posts with transaction timestamps and historical exchange rates, and other interesting observations and use-cases. Finally, I will release the code to allow others to ask questions more easily of the blockchain ledger and discuss future plans.

Speakers
AM

Andrew Morris

Endgame, Inc.


Tuesday August 2, 2016 14:00 - 14:55
Ground Truth Florentine F

14:00

Active Incident Response
Description withheld at presenter's request.

Speakers
BC

Brian Candlish

security researcher from Australia, mostly interested in threat intel/hunting/malware/beer


Tuesday August 2, 2016 14:00 - 14:55
Underground Firenze

14:00

Breaking the Payment Points of Interaction (POI)
The payment industry is becoming more driven by security standards. However, the corner stones are still broken even with the latest implementations of these payments systems, mainly due to focusing on the standards rather than security. The best example for that is the ability to bypass protections put in place by points of interaction (POI) devices, by simple modifying several files on the point of sale or manipulating the communication protocols. In this presentation, we will explain the main flaws and provide live demonstrations of several weaknesses on a widely used pinpad. We will not exploit the operating system of the pinpad, but actually bypass the application layer and the business logic protections, i.e. the crypto algorithm is secure, but everything around it is broken. As part of our demos, we will include EMV bypassing, avoiding PIN protections and scraping PANs from various channels.

Speakers
avatar for Nir Valtman

Nir Valtman

Head of Application Security, NCR Corporation
Nir Valtman is heading the application security of the software solutions for NCR Corporation. Before the acquisition of Retalix by NCR, Nir lead the security of the R&D in the company. As part of his previous positions, he was working in several application security, penetration testing and systems infrastructure security positions. Nir is a frequent speaker at leading conferences around the world, including Black Hat, Defcon, OWASP etc. Nir has... Read More →
avatar for Patrick Watson

Patrick Watson

Application Security Architect, NCR Corporation
Patrick Watson is an Application Security Architect specializing in electronic payment systems. He joined Radiant Systems, later acquired by NCR Corporation, to build payment middleware for point of sale suites. Working with over 50 payment processor interfaces, primarily in the petroleum market, Patrick has designed and implemented many of the security systems protecting your credit card and personal data. No stranger to PA-DSS and PCI DSS, he... Read More →


Tuesday August 2, 2016 14:00 - 15:00
Breaking Ground Florentine A

14:00

Cyber Safety And Public Policy
Security research has had some clear wins in the past year, but if you weren’t paying attention you may not have noticed. Amanda and Jen will walk through these and what they mean, from the DMCA exemptions, to fixing proposed legislation, to work killing bad bills. Policymakers have started recognizing a need to work with hackers, and vice-versa. It’s not going to get better until we understand the landscape and what’s worked. 

There will be guest speakers filling in details of their progress, and what's next.

Speakers
avatar for Amanda Craig

Amanda Craig

Senior Cybersecurity Strategist, Microsoft
Amanda Craig is a Senior Cybersecurity Strategist in Trustworthy Computing’s Global Security Strategy and Diplomacy (GSSD) team at Microsoft. As part of GSSD, she focuses on policy issues related to cloud security, cyber risk management, and coordinated vulnerability disclosure, working to address complex global change and to advance trust in the computing ecosystem. She is the co-author of two Microsoft publications, Transforming... Read More →
avatar for Jen Ellis

Jen Ellis

VP of community and public affairs, Rapid7
Jen Ellis is the Vice President of Community and Public Affairs at Rapid7, a security data and analytics company. In this role, Jen’s primary focus is on building productive collaboration between those in the security community and those operating outside it. She works extensively with security researchers, technology providers and operators, and various Government entities to help them understand and address cybersecurity challenges. She... Read More →
avatar for Allan Friedman

Allan Friedman

Director of Cybersecurity, US Department of Commerce
Dr. Allan Friedman is the Director of Cybersecurity Initiatives at National Telecommunications and Information Administration in the US Department of Commerce. Prior to joining the Federal government, Friedman was a noted infosec and technology policy researcher at a range of institutions, including George Washington University, the Brookings Institution, and Harvard University. Wearing the hats of both a technologist and a policy scholar... Read More →
avatar for Suzanne Schwartz

Suzanne Schwartz

Associate Director for Science and Strategic Partnerships, Emergency Preparedness/Operations & Medical Countermeasures (EMCM) Director (Acting), FDA's Center for Devices and Radiological Health (CDRH)
Suzanne B. Schwartz, MD, MBA is the Associate Director for Science and Strategic Partnerships in the Center for Devices and Radiological Health (CDRH) at the FDA. She also continues to serve as the Director (Acting) of CDRH’s Emergency Preparedness/Operations and Medical Countermeasures program. Suzanne represents CDRH/FDA across inter-Agency initiatives for the Public Health Emergency Medical Countermeasures Enterprise (PHEMCE) for... Read More →


Tuesday August 2, 2016 14:00 - 15:00
I Am The Cavalry Copa Lounge - Downstairs in the Casino

14:00

How to securely build your own IoT enabling embedded systems: from design to execution and assessment
Limited Capacity full

ABSTRACT:
The Internet of Things (IoT) is the next Internet revolution that aims at interconnecting devices that we use on a daily basis e.g. household appliances, wearables, cars, cameras, and sensors. Enabling the IoT can be done by introducing new smart devices, or by equipping legacy devices with sensors to accommodate them with smart capabilities. But how secure are these IoT appliances? And why limit yourself to commercial off-the-shelf devices if you can design and build them yourself?

Our workshop will (1) guide all participants through all steps that are required to build their own Internet of Things enabling embedded systems and (2) give an introduction on the assessment of security and exploitation of vulnerabilities in embedded systems.
Our, very practically oriented, workshop will consist of a presentation that briefly explains all required steps to build and assess the security of embedded systems and a guided hands-on lab session in which all participants will actually program and exploit their own basic, but smart temperature sensor.

The presentation will provide the participants with all the means to design their own IoT-enabling embedded systems and will focus on how to transfer ideas into real plans and designs. We will elaborate on how to gather information on the required electronics, where to buy them, how to use their datasheets and we will even teach the audience how they can design, print and test their ideas on self-designed PCBs. Topped off with some of our lessons learned and practical tips ‘n tricks, the main presentation will provide the audience with everything they need to know to start building.

The guided and hands-on lab session will even take everything a step further. We will provide the participants with an already assembled version of the smart temperature sensor we have designed during the presentation and we will go into writing and flashing our own bare-metal ARM firmware.

After we have all successfully created our first embedded system, we will move towards a basic firmware analysis and exploitation session by flashing our temperature sensor board with custom made, but vulnerable firmware. This will allow us to assess our embedded system by reverse engineering the firmware with Radare and gdb and exploit it using basic shellcode.

WORKSHOP REQUIREMENTS:
PLEASE BRING THE FOLLOWING HARDWARE TO THE WORKSHOP:
- LAPTOP CAPABLE TO BOOT FROM USB (PREFERRED!) OR RUN VIRTUAL MACHINES (e.g. via VirtualBox)
- 2 MINI USB CABLES
- 2 AVAILABLE USB PORTS
- IF POSSIBLE: USB-TO-SERIAL ADAPTER (e.g. http://ebay.to/2a595mP or http://bit.ly/2a1fUY4)
(we will bring our personal stock to provide adapters for 25 participants, so bring yours if you have one yourself)

If you would not be capable to bring 2 usb cables and/or a usb-to-serial adapter, there will be a possibility to borrow one from our personal stock (a small security deposit of 10 USD might be asked). We only have usb cables/usb-to-serial adapters for 25 participants, so please bring yours if you have one.

Vulnerable temperature board
The hands-on workshop requires, next to what is listed above, a smart, but vulnerable, temperature sensor board. As these are custom build (based on an ARM development board (http://bit.ly/29StwW0) and our own PCB+components), we will provide them for you. Again, a small security deposit of 40 USD will be asked at the start of the workshop (so make sure you have some cash). This also gives you the possibility to keep/buy the development and victim boards for 40 USD after the workshop.

As we only have 40 of them, the hands-on workshop part of this workshop will be limited to 40 participants (first come, first serve).

Speakers
avatar for Jens Devloo

Jens Devloo

Senior Technology Consultant, PwC
Jens is a Technology Consultant within the Advisory service line of PwC since September 2014. At PwC, Jens is involved in a wide variety of more technical assignments with a focus on IoT and mobile. In every project, Jens is dedicated to reach the same goal: to help the client reach its objectives using new, emerging technologies (e.g. wireless communication networks, mobile applications, cloud solutions, etc.). Prior to joining PwC, Jens... Read More →


Tuesday August 2, 2016 14:00 - 18:00
Training Ground I & II Siena

14:00

Mobile App Attack
Limited Capacity full

This full-fledged hands-on training will get the attendees familiar with the various Android as well
as iOS application analysis techniques and bypassing the existing security models in both the
platforms. The main objective of this training is to provide a proper guide on how the mobile
applications can be attacked and provide an overview of how some of the most important security checks for the applications are applied and get an in-depth understanding of these security checks.
The training will also include a CTF challenge designed by the trainer in the end where the attendees will use their skills learnt during the workshop to solve this challenge.

Speakers
avatar for sneha rajguru

sneha rajguru

Security Consultant, Payatu Technologies
Sneha works as a Security Consultant with Payatu Technologies Pvt.Ltd. and holds C.E.H and E.C.S.A certifications. Her area of interest lies in Web application and mobile application security and fuzzing. She has discovered various serious application flaws within open source applications such as PDFLite.Jobberbase, Lucidchart and many opensource wordpress plugins and many more. She is also an active member of Null – The open security community... Read More →


Tuesday August 2, 2016 14:00 - 18:00
Training Ground I & II Siena

14:30

Security Vulnerabilities, the Current State of Consumer Protection Law, & how IOT Might Change It

If a consumer purchases software (like, perhaps, a word processor or a note taking software) and that leads to some harm- perhaps the software allows malware to run on their computer, locking all their data for ransom, or their private data is stolen, then do they have any recourse? 

In the area of private law suits, a consumer would likely first look to products liability. Product liability law acts as a form of insurance to protect users - if a product is built in an unsafe way, and it injures you, you may sue the retailer or manufacturer of the product. 

There are three general theories a consumer can recover under:

  1. Design defect: the product was designed in an unsafe way
  2. Manufacturing defect: the specific instance of a product was assembled incorrectly and had a one-off manufacturing flaw
  3. Failure to warn claim: the product had non-obvious ways it could harm the consumer, that the consumer should be told about


Although these suits are common for defective products such as lawn mowers, coffee makers, and other consumer goods, they are not used by purchasers or users of software. The primary reason why this is so far is that products liability is so focused on physical harms- it covers serious injuries like losing your finger to a bagel cutter, for instance, and the fact that until somewhat recently, most software couldn’t physically harm you. (Although alternatively, some users can recover if they had a contract with the software creator or provider - as in the Trustwave Incident Response suit)

The rise of the Internet of Things is about to change a lot of that. There have already been a small number of cases where liability was found where buggy software caused physical harm to some consumers. Returning to the fridge, what if someone could connect remotely to your fridge, and adjust the temperature to be a little too warm, leading you to get food poisoning? What if they could do so without the temperature display in the fridge changing, so it looked like it was still cold enough?

This talk will explore the background of product liability law, and discuss how and why IOT might bring about a change in expanding coverage of software flaws.


Mentor
avatar for Chris Eng

Chris Eng

VP Research, Veracode
Chris Eng is vice president of research at Veracode. In this role, he leads the team responsible for integrating security expertise into Veracode’s technology. Throughout his career, he has led projects breaking, building, and defending web applications and commercial software for some of the world’s largest companies. | | Chris is a frequent speaker at premier industry conferences, such as BlackHat, RSA, OWASP, and CanSecWest, where... Read More →

Speakers
avatar for Wendy Everette

Wendy Everette

George Mason Law School, George Mason University
@wendyck worked as a software developer at Amazon.com, Google, and Meetup before deciding to do something really dumb and go to law school. She has spoken at BSides Charm 2016 on Vulnerability Disclosure and Consumer Protection Law, and won the 2016 ShmooCon Firetalks. She graduated from George Mason Law School in May 2016 and will be doing a fellowship in computer security law in Washington D.C. this year. | | Come tell me about your... Read More →


Tuesday August 2, 2016 14:30 - 15:00
Proving Ground Florentine E

14:30

Resume Reviews, Mock Interviews and Networking...Oh My!
During the Open Session, you'll have a chance to participate in several career development activities - such as resume reviews and critiques, mock interviews and general networking with both industry pros, career pros, and other friends of BsidesLV. 

Take time during these sessions to have more specific conversations about your background and get answers to some career questions.



Tuesday August 2, 2016 14:30 - 15:30
Hire Ground Florentine B

15:00

How to Get and Maintain your Compliance without ticking everyone off
How often do we strive for perfect compliance only to realize it’s never going to happen? During out discussion we’ll walk through managing the challenges security professionals face and how creativity and outreach can get the job done, while still being able to call yourself a true Security Professional.

Mentor
Speakers
avatar for Robert J. Carson

Robert J. Carson

Dir of Security, Cherwell
I love building and improving immature security programs .


Tuesday August 2, 2016 15:00 - 15:30
Proving Ground Florentine E

15:00

What we've learned with Two-Secret Key Derivation
Slides and videos from the talk:
  • Slides (PDF, 1.2MB)
  • Video 1 "Chena creates team, signs up, save Emergency Kit" (MP4,  119.1MB)
  • Video 2 "Chena adds account to 1Password Mac" (MP4, 56.2MB)
  • Video 3 "Morgan joins the Team" (MP4, 51.4MB
  • Video 4 "Morgan gets data recovered" (MP4, 165.1MB)

Submited Abstract:

To ensure that AgileBits does not hold data that can be used for password cracking, we introduced Two-Secret Key Derivation (2SKD) into our client-side KDF. The two secrets are user's Master Password and a high entropy Account Key.

As described in our Passwords15 (Cambridge) talk, we introduced what we are now calling "Two-Secret Key Derivation" (2SKD) in our client side KDF which derives both an authentication secret and a key encryption key.

Our 2SKD combines the user's Master Password (MP) with an high entropy "Account Key" (AK) to derive the keys (or key encryption keys) needed for authentication and encryption. The goal is so that nothing stored on our servers or off of the users machine could be used in a password cracking attack. The AK is a high entropy (128-bit) secret generated by the client when the user first enrolls, and it is stored on the users local device.

At the time we designed this, we had a number of concerns about how well this would work for our users and the additional risks to data availability it creates.

The additional risk to data availability comes from the fact that if they either lose their AK _or_ they forget their MP, there is no way for anyone that they have not already shared their data with to be able to decrypt it. We address this risk through a combination of nudging the user toward certain behaviors and through a user data recovery mechanism that gives team Owners (but not us) copies of certain data encryption keys. These mechanisms appear to be largely, but not entirely, successful.

Additional responsibility is placed on the user to provide the AK when enrolling a new client and so to transport the AK from client device to client device securely. We provide a UI that is designed to alleviate that burden. These will also be described.

At this point, it appears that the largest problem users face with 2SKD is confusion. They do not understand what the AK is for and what it does and doesn't protect them from. This is reflected in the most common complaint that "it isn't really 2FA", a perfectly true statement but is nothing to complain about.

Speakers
avatar for Jeffrey Goldberg

Jeffrey Goldberg

Chief Defender Against the Dark Arts, AgileBits
Jeffery Goldberg is the Chief Defender Against the Dark Arts at AgileBits, creators of the password manager 1Password.
avatar for Julie Haugh

Julie Haugh

Red Shirt Superhero, AgileBits, Inc
I wear a red cape and protect people from the forces of evil.


Tuesday August 2, 2016 15:00 - 15:50
Passwords16 Tuscany

15:00

Exposing the Neutrino EK: All the Naughty Bits
The Angler Exploit Kit (EK) is now dead. In the wake of Angler's death, Neutrino has taken the lion's share of the EK market. As such, Neutrino has evolved into one of the most critical threats to users of the Information Superhighway. Try as we might, we simply cannot avoid our users from being redirected to EK landing pages. The simple question is: WHY DAMNIT?! This talk focuses on the ins and outs of the new king of the hill: Neutrino. We will discuss the modern EK along with Neutrino's dominance. We will then break down exactly how Neutrino works: We'll start with compromised site redirection methods, rock some landing page de-obfuscation, have fun reversing Flash, and end with exploit + shellcode analysis. If you'd like to know exactly how this little bastard does its dirty work, bring your butt to the talk!

Speakers
avatar for Ryan Chapman

Ryan Chapman

Computer Incident Response Analyst, Bechtel Corporation
Ryan Chapman works as an incident response analyst for Bechtel Corporation. Ryan enjoys the challenge of handling incidents, reversing malware, and automating tasks for the security operations center. He also loves public speaking and has presented at venues such as BSides, CactusCon, Splunk .Conf, and others. Ryan has a fondness for doing stand-up comedy, retro gaming, and plays plenty of Street Fighter. Hadouken!


Tuesday August 2, 2016 15:00 - 15:55
Common Ground Florentine G

15:00

Defeating Machine Learning: Systemic Deficiencies for Detecting Malware
Malware detection tools have evolved significantly over the last several decades in response to increasingly complex threats. Machine learning has emerged as a particularly robust solution and is often touted as the ultimate zero-day malware detection technology. As adoption increases, it is important to recognize and explore shortcomings and vulnerabilities of machine learning solutions.

In this talk, we discuss several of these shortcomings and attempt to dispel the false sense of security surrounding the use of the term “machine learning”. We then do a deep dive into a particular vulnerability that is systemic to virtually all malware detection technologies – that defeating one instance of a security solution allows an attacker to defeat all deployed instances. This stems from the fact that previous and current solutions (*including* those that employ machine learning) distribute identical deployments.

We propose a new deployment paradigm that addresses the shared deployment problem above, ensuring near-equal efficacy but high diversity among security solution deployments. We then present promising comparative results between machine learning classifiers trained and distributed using this paradigm vs. classifiers trained using traditional methods.

Speakers
avatar for Wes Connell

Wes Connell

Threat Researcher, BluVector
I'm especially motivated and passionate for dramatically improving data hunting tradecraft within the cyber security domain. I have a very broad range of technical interests - particularly in the security dimension of hardware, software, systems, and networks. When I'm not hacking the planet, I enjoy playing more golf than is healthy and painfully rooting for the Washington Capitals.
avatar for Ryan Peters

Ryan Peters

Applied Data Scientist, BluVector
Ryan Peters is a data scientist and software engineer at BluVector, developing machine learning approaches for malware detection. He holds a Bachelor's degree in Biomedical Engineering from Case Western Reserve University and a Master's degree in Biomedical Engineering from Duke University with a focus on computational modeling.


Tuesday August 2, 2016 15:00 - 15:55
Ground Truth Florentine F

15:00

Generation C: "Hacker" Kids and the Innovation Nation
Our society currently suffers from two moral panics - the fear of losing our global leadership in technology entrepreneurship, on the one hand, and our fear of internet criminality, on the other. Parents also face this set of moral panics in the context of their own kids. They want to give their kids the chance to become the next tech startup founder, but they simultaneously want to maximally protect their kids from internet harms and "dangerous hackers." 

Because our technology policy and law do not currently recognize that kids' technology learning and tinkering sometimes blurs the lines between entrepreneurship and computer intrusion, we risk setting up our society's most tech-inclined kids to fail. It is precisely the most technologically-curious kids who are most likely to both generate the next generation ideas for tech entrepreneurship/ pursue careers in e.g. security AND accidentally run afoul of our (confused) computer intrusion laws. 

The reasons we have ended up in this confused technology policy position rests in part because of three dynamics. The first is a disagreement among psychologists over developmental processes and technology. The second is the legal disconnect among the various legal regimes governing entrepreneurship, self-education, and technology tinkering. The third is a social devaluation of kids' ideas and entrepreneurship. This talk explores these three dynamics and makes a series of proposals for technology policy and legal reforms to improve the technology entrepreneurship "pipeline." 

Speakers
avatar for Andrea Matwyshyn

Andrea Matwyshyn

law professor, Northeastern/Princeton/Stanford
Talk to me about All the Law Things. I write long journal articles about law and security that a few people read. Now, I'm working on a book about kid hackers. | | I used to be the FTC's Senior Policy Advisor/Academic in Residence. In the Fall I'm heading off to the UK on a Fulbright at Oxford . | | My first con talk was at BlackHat 2003.


Tuesday August 2, 2016 15:00 - 15:55
Underground Firenze

15:00

Beyond the Tip of the IceBerg -- Fuzzing Binary Protocol for Deeper Code Coverage.

Some fuzzers are blackbox while others are protocol aware. Even the ones that are made protocol aware, the fuzzer writer typically has to get the protocol specification and implement packet awareness logic in the fuzzer. Unfortunately, just because the fuzzer is protocol aware, it does not guarantee anything about the code coverage by the fuzzer. To make matters worse, what if we wish to attack a proprietary binary protocol with no protocol specification or source code access. Tools like AFL cannot come in handy because of we cannot compile the code, or give a function name to be monitored. There are other limitations like -- if we want to fuzz the 3rd packet in the protocol sequence, it is not possible with tools like AFL.

The presentation deals with this specific scenario where the target protocol is completely unknown (proprietary) and we do not have access to the source code or protocol specs. The tool we have developed builds a feedback loop between the client and the server components. The packet is then mutated optimally to increase the code coverage based on this feedback that the server component of our tool sends to the client component. The tool does not need target binary compilation and there is no need for the daemon to be restarted along with the feedback monitor. We fuzz using the runtime monitoring of the target daemon.

Looking forward to seeing you at the talk !!  


Speakers
avatar for Mrityunjay Gautam

Mrityunjay Gautam

Manager, Product Security Team, Citrix Systems, Inc.
Mrityunjay leads the product security team for Citrix Systems in Santa Clara, US. His passion is to build intelligence into security toolkits to launch smarter attacks and build deeper defences for software systems. He has been working in the security industry for over 10 years and has presented at a few conferences in the past -- Sector, c0c0n, ICCTA, IEEE etc.
AM

Alex Moneger

I enjoy working on security topics relating to bits and bytes such as crypto exploit dev, fuzzing and binary instrumentation. I have presented at several security conferences (Defcon, Nuit Du Hack, Shmoocon, ...) on the above topics. | I also have written more or less useful security tools such as numstitch, scapy-http2, fuzzmon… as well as contributed to some open source security tools (scapy-ssl_tls, run tracer, afl…) | In my day job... Read More →


Tuesday August 2, 2016 15:00 - 16:00
Breaking Ground Florentine A

15:00

State Of Healthcare Cyber Safety

A year ago a predominant mode of thinking was that “nobody would ever hurt patients; there’s no money in it.” After a spate of Ransomware incidents that have shut hospitals, nobody says that anymore. There’s been a lot of quiet progress - and some much more visible - in making medical devices safer. Manufacturers, the FDA, physicians, and security researchers are recognizing they can - and must - depend on each other to improve patient safety and medical treatment. Hear about our Hippocratic Oath for Connected Medical Devices, how much the FDA is pushing, what hospitals are doing, and other stories of progress as models for success.

There will be guest speakers filling in details of their progress, and what's next.


Speakers
avatar for Colin Morgan

Colin Morgan

Global Product Security, Sr. Manager, Johnson & Johnson
Colin Morgan, Johnson & Johnson Information Security & Risk Management, is leading the company’s Global Product Security initiative to integrate cybersecurity into the Johnson & Johnson product development lifecycle and post market surveillance processes. This effort is focused on developing fundamental cybersecurity policies, standards and processes; establishing integral partnerships with both internal and external organizations; driving... Read More →
avatar for Jay Radcliffe

Jay Radcliffe

Security Researcher, Rapid7
Jay Radcliffe has been working in the computer security field for over twelve years, and is currently a Senior Security Researcher and consultant at Rapid7. Coming from the managed security services industry, Jay has used just about every security device made over the last decade. Recently, Jay has presented ground breaking research on security vulnerabilities in medical devices at Black Hat and Defcon. As he is a type I diabetic, Jay has... Read More →
avatar for Suzanne Schwartz

Suzanne Schwartz

Associate Director for Science and Strategic Partnerships, Emergency Preparedness/Operations & Medical Countermeasures (EMCM) Director (Acting), FDA's Center for Devices and Radiological Health (CDRH)
Suzanne B. Schwartz, MD, MBA is the Associate Director for Science and Strategic Partnerships in the Center for Devices and Radiological Health (CDRH) at the FDA. She also continues to serve as the Director (Acting) of CDRH’s Emergency Preparedness/Operations and Medical Countermeasures program. Suzanne represents CDRH/FDA across inter-Agency initiatives for the Public Health Emergency Medical Countermeasures Enterprise (PHEMCE) for... Read More →
avatar for Beau Woods

Beau Woods

I Am The Cavalry
Beau Woods is the deputy director of the Cyber Statecraft Initiative at the Atlantic Council, and core contributor to the I Am The Cavalry initiative. Beau works with policymakers, industry, civil society groups, NGOs, and individual stakeholders to safeguard human life, public safety, and global security. Beau has been a part of the information security industry and hacker community for over a decade, is a frequent presenter, media... Read More →


Tuesday August 2, 2016 15:00 - 16:00
I Am The Cavalry Copa Lounge - Downstairs in the Casino

15:30

#recruiterfail vs #candidatefail
There exists a tremendous lack of understanding between both candidates and recruiters regarding the job application and interview process. Candidates are frustrated by bad outreach emails (we'll just say SPAM) from recruiters. Recruiters shake their heads in disbelief at the constant mistakes candidates make, sabotaging their own job search efforts.

We'll pull examples of #recruiterfail scenarios, as well as #candidatefail examples in an attempt to break down the barriers between cadndiates and recruiters in a fun and comfortable way. We'll provide you with a few tips on how to deal with recruiters, but also considerations for how you may want to change the way you present yourself (online, correspondence, and in-person) during the process.

Speakers
Sponsors
avatar for Tenable Network Security

Tenable Network Security

Recruiting, Tenable Network Security
At Tenable, we are all about innovation, creativity and purpose, with a passion for designing solutions that change people’s lives and make a difference in the world. Network security is one of the world’s fastest growing fields, and our fresh ideas and proven products are revolutionizing the industry. We have big plans for continued global growth in 2016 and beyond, and we are looking for people who are creative, adaptable and... Read More →


Tuesday August 2, 2016 15:30 - 16:00
Hire Ground Florentine B

16:00

State Of Automotive Cyber Safety

It’s been two years since I Am The Cavalry launched the 5-Star Automotive Cyber Safety Framework. The Auto-ISAC launched, there’s a new Automotive Security Review Board, DEF CON hosts a car hacking village, and automakers are flocking to security conferences. What’s really changed in Automotive Cyber Safety and what’s just window dressing? What have been the lasting effects of car hacking on the automakers and the minds of the public? Most importantly, what’s needed, what’s next, and how can security researchers continue to be a part of the solution? 

There will be guest speakers filling in details of their progress, and what's next.


Speakers
avatar for I Am The Cavalry

I Am The Cavalry

I Am The Cavalry
Many people identify with the I Am The Cavalry initiative, but want to maintain a low profile. This account represents those who will be speaking and participating who might not want themselves highlighted.
avatar for Joshua Corman

Joshua Corman

CTO | Founder | Founder, Sonatype | I am The Cavalry | Rugged
Joshua Corman is a Founder of I am The Cavalry (dot org) and Director of the Cyber Statecraft Initiative for the Atlantic Council. Corman previously served as CTO for Sonatype, Director of Security Intelligence for Akamai, and in senior research & strategy roles for The 451 Group and IBM Internet Security Systems. He co-founded @RuggedSoftware and @IamTheCavalry to encourage new security approaches in response to the world’s increasing... Read More →


Tuesday August 2, 2016 16:00 - 17:00
I Am The Cavalry Copa Lounge - Downstairs in the Casino

17:00

How to Become "The" Security Pro
Three security professionals walk into a bar: A Security Pro, THAT Security Pro and THE Security pro.

I used to only be 'A' security pro - as a result I didn't get any of the recognition or reward I worked towards. Not even my mother used to visit my blog. In this talk, I distill some of the key skills and traits taken from personal experience as well as industry professionals to present strategies you can employ to increase your value internal to your organisation as well as in the industry. For most, simply putting in the hours isn't enough to move up from being A security person to becoming THAT or even THE security person.

Speakers
avatar for Javvad Malik

Javvad Malik

Security Advocate, AlienVault
The man, the myth, the blogger. London-based Javvad Malik is the Security Advocate at AlienVault. An active blogger, event speaker and industry commentator who is possibly best known as one of the industry’s most prolific video bloggers with his signature fresh and light-hearted perspective on security. Prior to joining AlienVault, Javvad was a senior analyst with 451 Research providing technology vendors, investors and end users with strategic... Read More →


Tuesday August 2, 2016 17:00 - 17:30
Hire Ground Florentine B

17:00

I Love myBFF (Brute Force Framework)
This presentation will feature the release of a new open source tool which combines fingerprinting and brute forcing against some common web applications, including Citrix, HP, Juniper, and MobileIron, to add intelligence to password guessing. Better yet, this tool is modular, allowing the easy expansion of the tool to include not only other web applications, but also other services. We will look at different password guessing techniques, their shortcomings, and how myBFF can address these shortcomings. The best part is that the tool will do more than just tell you if a credential pair is valid! You don’t want to miss this!

Speakers
avatar for Kirk Hayes

Kirk Hayes

Security Consultant, Rapid7


Tuesday August 2, 2016 17:00 - 17:30
Passwords16 Tuscany

17:00

Pushing Security from the Outside
In this talk I will discuss my experiences in furthering security in my company from the outside (I don't work on the security or IT). You will learn about my approach to encourage security with my team, peers and other employees. I will share my efforts to social engineer our security team and security leadership to increase security in our company. I will cover both my successes and failures and provide ideas and insights to help improve security within your company that can be used from the outside, like me, or if you work in security on a daily basis.

Mentor
avatar for Kat Sweet

Kat Sweet

Kat Sweet wrote her first line of code in her mid-twenties and never looked back. Now she’s a network security student at Madison Area Technical College, where she also serves as president of her school's IT student organization. Outside of class, you can find her fixing other people's computers, teaching, and wielding pointy objects (mainly lockpicks and knitting needles). She has a ham radio Extra class license, and organizes ham exams... Read More →

Speakers
avatar for Chris DeWeese

Chris DeWeese

I work a manufacturing company leading a awesome team of programmers who write software to support test of our products. Security is my hobby and maybe someday my full time career. When not working I can be found surfing the interwebs and sometimes the ocean. I also enjoy running, walking with my dog, going to baseball games, sci-fi, comics, photography and sampling and brewing craft beer.


Tuesday August 2, 2016 17:00 - 17:30
Proving Ground Florentine E

17:00

How to travel to high-risk destinations as safely as possible
While the best security advice about dangerous locations is often "don't be there", travel is often necessary. Danger can take many forms, some of which have been known and discussed for years, but threats to computing devices are new and constantly evolving.

We will describe threats, current countermeasures, and areas for future research, with a focus on configuration of existing tools, operational security/procedural advice, and open source software.

Speakers
RL

Ryan Lackey

Product Manager (Security), CloudFlare


Tuesday August 2, 2016 17:00 - 17:55
Common Ground Florentine G

17:00

Why it's all snake oil - and that may be ok
Every few years, security vendors entice us with “next generation” security products with 0day detection and we must decide if this product will be our salvation or it’s more snake oil full of empty promises. Basic theorems of computer science mathematically guarantee that many of the claims made by vendors are false without certain allowances, but that doesn’t mean that the products are useless. Take a walk through the history of exploitation and computer science to learn how to ask the questions that will allow you to see if the vendor’s claims can be achieved in your organization or whether you’re being sold a bill of goods.

Speakers
avatar for Pablo "@Ngree_H0bit" Breuer

Pablo "@Ngree_H0bit" Breuer

Director, Center for Information Warfare and Innovation
Pablo is a computer scientist and INFOSEC professional with over twenty years experience in the public and private sector. He is currently the director of the Center for Information Warfare and Innovation, a military associate professor at the Naval Postgraduate School in Monterey, CA and lecturer at California State University Monterey Bay. He collects malware, 'sploits and memes.


Tuesday August 2, 2016 17:00 - 17:55
Ground Truth Florentine F

17:00

An Adversarial View of SaaS Malware Sandboxes
Anyone attending this conference knows the usefulness of running malware in a sandbox to perform triage, speed security analysts' workflow, extract indicators of compromise (IOCs), and to gather useful information for detection and mitigation. When analysts do this, what are the OPSEC concerns regarding tipping the adversary off? Which sandbox providers are better than others in this regard?

In this talk we will present some research on taking an adversarial view of the free and widely used SaaS malware sandboxes. When an adversary's malware is detonated in a sandbox, what network artifacts can they see? Can they determine which sandbox provider based on the network? How do malware and related IOCs submitted to these sandboxes propagate to security companies and ultimately threat intelligence feeds? In this talk, we will answer all these questions and more.

Speakers
avatar for Jason Trost

Jason Trost

VP of Threat Research, Anomali, Inc.
Jason Trost is the VP of Threat Research at Anomali, Inc. and leads Anomali Labs, the research team. He has worked in security for more than ten years, and he has several years of experience leveraging big data technologies for security data mining and analytics. He is deeply interested in network security, DFIR, honeypots, big data and machine learning. He is currently focused on building highly scalable systems for processing, analyzing, and... Read More →


Tuesday August 2, 2016 17:00 - 17:55
Underground Firenze

17:00

Operation Escalation: How Commodity Programs Are Evolving Into Advanced Threats
Companies shouldn’t be so quick to dismiss low-level threats like adware, click-fraud malware and other commodity programs. These threats aren’t as harmless as they initially appear.

Cybereason’s research team has observed multiple instances of attackers upgrading commodity threats into more dangerous and complex programs. These enhanced programs function as remote access tools and carry out malicious actions in addition to flooding a person’s browser with ads or conducting click-fraud campaigns. Hackers, intent on maximizing their assets, are in some cases then selling this access to high-value companies on the black market. We’ve named this type of attack Operation Escalation.

In his BSides Las Vegas talk, Cybereason CISO Israel Barak, will present a specific case in which one of the company’s customers, a Fortune 500 enterprise, was victimized by this type of attack. Israel will dissect the operation and show the attack’s timeline and what actions the hackers took to transform basic Kovter click-fraud malware into an advanced tool. These actions included adding DGA communication capabilities and evasion mechanisms. Israel will discuss what’s motivating attackers to add these features and present approaches companies can use to protect themselves against this new threat.

Speakers

Tuesday August 2, 2016 17:00 - 18:00
Breaking Ground Florentine A

17:30

Evaluating a password manager
Password managers are a really polarizing topic. Lets come together for a while and talk about how to evaluate the security of a password manager and what our ideal password managing solution looks like. Let's come to a non-biased opinion about individual password managers.

Speakers
avatar for Evan Johnson

Evan Johnson

Security Systems Engineer, CloudFlare
I'm Evan Johnson. I work at CloudFlare and previously worked at LastPass. I developed a password manager in my spare time called passgo, https://github.com/ejcx/passgo. On twitter he is @ejcx_


Tuesday August 2, 2016 17:30 - 18:00
Passwords16 Tuscany

17:30

DNS Hardening - Proactive Network Security Using F5 iRules and Open Source Analysis Tools
DNS is the engine that drives the Internet. Almost all Internet activity makes use of DNS to properly route traffic. Most times, end users and service providers set up their DNS and promptly forget about the service. Rarely do they look at the log data or analyze traffic hitting their DNS servers. Providers can limit cache server exposure through access lists. Authoritative servers can gain some protection by using Anycast addressing. But in the end, DNS typically remains vulnerable to DNS amplification attacks, DDoS and other malicious traffic and is a lynchpin for almost every network.

As a DNS service provider, we faced unique challenges. How could we offer open DNS cache resolution while protecting the integrity of our service? How could we use data collected to uncover network compromise? How could we detect and mitigate DNS attacks before they impact customer-facing services? How could we give customers the tools needed to isolate compromised machines on their LAN? This is the abbreviated story of that journey. The answers are found in the data combined with the use of open source tools including Graylog, Elasticsearch and Kibana. My hope is that sharing our experiences can make life better for your network.

Mentor
avatar for Dave Lewis

Dave Lewis

Global Security Advocate, Akamai Technologies
Dave Lewis has almost two decades of industry experience. He has extensive experience in IT operations and management. Currently, Lewis is a Global Security Advocate for Akamai Technologies. He is the founder of the security site Liquidmatrix Security Digest and cohost of the Liquidmatrix podcast. Lewis writes a column for CSO Online and Forbes.

Speakers
avatar for Jim Nitterauer

Jim Nitterauer

Senior Security Specialist, AppRIver, LLC
He is currently a Senior Security Specialist at AppRiver, LLC. His team is responsible for global network deployments and manages the SecureSurf global DNS infrastructure and SecureTide global SPAM & Virus filtering infrastructure as well as all internal applications and manages security operations for the entire company. He holds a CISSP certification. He is also well-versed in ethical hacking and penetration testing techniques and has been... Read More →


Tuesday August 2, 2016 17:30 - 18:00
Proving Ground Florentine E

17:30

Resume Reviews, Mock Interviews and Networking...Oh My!
During the Open Session, you'll have a chance to participate in several career development activities - such as resume reviews and critiques, mock interviews and general networking with both industry pros, career pros, and other friends of BsidesLV. 

Take time during these sessions to have more specific conversations about your background and get answers to some career questions.



Tuesday August 2, 2016 17:30 - 18:30
Hire Ground Florentine B

18:00

Why does everyone want to kill my passwords?
We get it, passwords are a problem. They're a pain to remember, they're always too short (or too long), and the people we trust them with can't even seem to keep them out of hackers' hands. But are the alternatives any better? 

Hardly a day goes by that I don't see an article claiming that it's time to kill the password and some new product promises to finally do just that. But how secure and usable are these solutions? 

I set out to find this out for myself, trying out as many password killers as I could find for an extended review of how well they work in real-life scenarios. 

Some of these products are meant to make passwords easier to use, some make them more secure, and some intend to replace them completely. Some of the products really sucked, but others do show some potential. 

In this talk will explain what it was like living with these various authentication tools and what I learned about multifactor authentication.

Speakers
avatar for Mark Burnett

Mark Burnett

Consultant, Mark Burnett
Mark, aka m8urnett, is an independent security analyst with over 17 years of security industry experience. He is author of several security books--including Perfect Passwords--and has written for many other web sites, newsletters, and print magazines. Much of his day job involves application and OS security, and developing training material.


Tuesday August 2, 2016 18:00 - 18:50
Passwords16 Tuscany

18:00

DYODE: Do Your Own DiodE for Industrial Control Systems.
While data diodes have been used for a long time on classified networks, the high cost and complexity of implementation have kept them away from a lot of valid use cases on industrial control systems. During our assignments, we encountered many situations in which time or availability constraints were not really high -but the security risk was- and a commercial data diode way too costly. This often meant directly connecting external networks to the ICS, only to exchange a flat file once a day or near real-time data at a very slow rate.

We developed a working data diode using standard components and open source libraries. We want to prove with this project that it is possible to produce a simple, working, ICS oriented data diode for about $200. We absolutely do not aim at replacing current commercial data diodes, but hopefully open the way for cheaper, simpler devices that are currently not available on the market by providing a working example with open-source code (that will soon be published on github). The principles of using COTS components to make a data diode are not brand new (see “previous work” below), but we aim at providing a package software solution to ease the creation process, with a specific focus on ICS.

This is an ongoing project, with a lot of room for improvement, but it is already working for basic functions.

Speakers
avatar for Arnaud Soullie

Arnaud Soullie

Senior consultant, WAVESTONE
Arnaud Soullié (@arnaudsoullie) is a senior security auditor working at Wavestone. In five years, he performed 100+ penetration tests and security audits. His topics of interest include Industrial Control Systems and Windows Active Directory security, two topics that tend to collide nowadays. His hobbies include motorbike riding and drinking (french) wine (not at the same time fortunately).


Tuesday August 2, 2016 18:00 - 18:55
Common Ground Florentine G

18:00

How to make sure your data science isn’t vulnerable to attack
Using the example of vulnerability data, this talk is about what happens when data science and security collide. 

When you let a data scientist loose on security data there’s a ton of things you (and they) need to think about. What you think data science is, and what you expect to get from it. Why ‘insight’ is hard to get. How to win the battle of caveats vs usability. And how to communicate analysis when it’s used to solve operational problems or report up to management. 

Tl;dr - this talk is about how easily it can all go wrong – and how to stop that happening.

Speakers
avatar for Leila Powell

Leila Powell

Security Data Scientist, Panaseer
Hi - I'm a data scientist working in security. I used to use supercomputers to study the evolution of galaxies as an astrophysicist. Now I tackle more down-to-earth challenges, (yes, the puns get that bad), helping companies use different data sets to understand and address security risk. As part of the team at Panaseer (a London based security start up), I work with security functions in global financial firms, applying data science to help... Read More →


Tuesday August 2, 2016 18:00 - 18:55
Ground Truth Florentine F

18:00

A Peek Behind Vegas Surveillance
Find out about the current watch state in this fine city. This presentation is NOT about catching card counters. That information is out and old. What this presentation will focus on is the techniques, terminology, history, present, and future of the surveillance used as you walk the Vegas Strip and other city casinos. With this knowledge, can we think of other areas where surveillance may exist? Maybe surveillance on a global scale....

Tuesday August 2, 2016 18:00 - 18:55
Underground Firenze

18:00

Ingress Egress: The emerging threats posed by augmented reality gaming.
Augmented reality gaming's first breakout hit has millions of players, and a "game board" that spans the globe, so why are so many fans of Ingress, published by Google spinoff Niantic Labs, unhappy? In brief, it comes down to an exploitable game infrastructure, an active community of people designing and building tools to exploit that infrastructure, and a massive player base that doesn't realize how vulnerable they are. This session will reveal weaknesses in the game's communication infrastructure that have enabled people to build tools and services specifically for the purposes of harassment, cheating, and to track the movements and locations of players. We'll also tear apart a commercially-available game bot and reveal how the bot exploits vulnerabilities in the app to permit bot users to engage in antisocial behavior and destroy the cohesion of a three-year-old player community that spans the globe.

Speakers
avatar for Andrew Brandt

Andrew Brandt

Director of Threat Research, Blue Coat Systems
Andrew Brandt is the Director of Threat Research for Blue Coat Systems and runs a malware research lab in which malware behavior is monitored and recorded, both on infected endpoints and over the networks used to communicate, in order to facilitate comprehensive retrospective analysis. Prior to his work in infosec, he was a tech journalist and investigative reporter with a focus on issues surrounding online privacy and digital security.


Tuesday August 2, 2016 18:00 - 19:00
Breaking Ground Florentine A

18:00

CFPs 101
Have you ever wondered why CFP reviewers drink so much? Are you tired of having talks rejected from conferences without knowing why? Would you like to know what really makes reviewers happy or irritated to see? We can help! In our panel, we will discuss all of these things and more. The directors of BSides Las Vegas’ Proving Grounds join up for a panel moderated by David Mortman in order to discuss their experiences writing and reviewing CFPs from first-time speakers.

Speakers
avatar for Tottenkoph

Tottenkoph

Proving Grounds Director, Security BSides Las Vegas, Inc.
Talk to me about mentoring, learning theory, motivation and habit formation, and anything sci-fi/fantasy
avatar for Guy McDudefella

Guy McDudefella

Compliance Research Engineer, Tenable Network Security
Guy McDudefella started his first MS-DOS install at age 10 between the moment he deleted C:\DOS from the family computer and the moment he answered a phone call from his parents saying they were on their way home from the movies. He’s been a hacker ever since. He currently works for Tenable as a compliance research engineer, and is also a henchman for his 1.5 year old son, the Human Human Badge.
avatar for Michael Ortega

Michael Ortega

Director of Proving Grounds track. Panel discussion participant. | | Talk to me about Info Sec Management, Mentorship, Paleo and picking stuff up


Tuesday August 2, 2016 18:00 - 19:00
Proving Ground Florentine E

18:30

How to Stand Out to Talent Acquisition
Do you ever wonder what talent acquisition professionals look for in candidate profiles? Do you have questions about where to focus your professional brand?   An inside look into how talent acquisition professionals see and engage with candidates and what catches their eye and what turns them off so you can rise to the top when going for your next dream role.

Speakers
avatar for Tara Griesbach

Tara Griesbach

Talent Acquisition Manager, Rapid7
Tara is Talent Acquisition Manager for North America at Rapid 7, a security data and analysis company. In this role, Tara's primary focus is on leading a team of world class talent scouts who are consistently delivering the best and brightest talent to our innovative and fast growth organization. | Talk to me about: How to win the war of talent, what makes people tick and the most amazing off the grid vacation you've taken(I'm always looking... Read More →


Tuesday August 2, 2016 18:30 - 19:00
Hire Ground Florentine B

19:15

Super Soaked Hackers Water Balloon Fight for Hak4Kidz #SSH4K
IT”S BACK!!! AND BIGGER AND BETTER THAN EVER!
On Tuesday night, around 7:15, we’ll again be commandeering part of the Tuscany parking lot, for a good old-fashioned water balloon fight! We’ve purchased 1000 water balloons from Bunch O’ Balloons, but feel free to bring more! (Bunch O’ Balloons will be the only balloons allowed, for quality control purposes and must be filled from the BSidesLV Security Operations controlled water spigot.)

For just a $20 buy-in per person, you can participate in the water balloon fight until we run out of balloons! Buy-in will be Tuesday evening, at the fight site, cash only. We’re also allowing super soakers, water pistols and other water fight toys, for an extra $10 buy-in cost, since you’ll have an obvious advantage. (Must bring your own toys.) There are no losers in this fight, as everyone will end up being a Super Soaked Hacker!

There will be a designated Soak Zone and observers outside of that zone are off-limits. You will receive one warning, if you deviate from the rules. On a second infraction, you will be removed from the fight – NO REFUNDS!

Come join us for a much needed cool down after a long day in Vegas, before we get ready for the QueerCon Mixer at the pool at 7:30!

All monies collected from this event will go to benefit Hak4Kidz. Much thanks to @healwhans and @queercon for helping us with the logistics, planning and promotion of this event.

Want to help us promote? Use the hashtag #SSH4K along with #BSidesLV

Tuesday August 2, 2016 19:15 - 20:00
Tuscany Casino Parking Lot

19:30

QueerCon Mixer
Join us from 1930 - 0000 for an evening of fun socializing and cash drinks poolside, hosted by our good friends from QueerCon. All genders, orientations and identities welcomed and encouraged. All we ask is that you come with an open mind and an open heart. Come hang with the Queer Kids and reconnect with some old friends, or make some new ones! 

Tuesday August 2, 2016 19:30 - Wednesday August 3, 2016 00:00
Tuscany Pool

21:30

The New Hacker Pyramid
That’s right, The New Hacker Pyramid is back again at BSidesLV for 2016.

Be in the audience for your chance to join a Security Celebrity for a chance to win FABULOUS PRIZES including the GRAND PRIZE of ????? (we don’t know yet, but it’ll be awesome dammit).

9:30 PM, Tuesday August 3rd, in the Chill-Out Room.

Mentor
Artists
avatar for Wintr

Wintr

Network and Security Analyst, unit2

Senior Staff
avatar for CoolAcid

CoolAcid

Sr Staff with BSidesLV. | Primary lead for the SpeakerOPS group. | Run the HackerPyramid Gameshow. | Problem Solver.


Tuesday August 2, 2016 21:30 - Wednesday August 3, 2016 00:00
Chill-Out Room Florentine C/D
 
Wednesday, August 3
 

08:30

Mobile App Attack
Limited Capacity full

This full-fledged hands-on training will get the attendees familiar with the various Android as well
as iOS application analysis techniques and bypassing the existing security models in both the
platforms. The main objective of this training is to provide a proper guide on how the mobile
applications can be attacked and provide an overview of how some of the most important security checks for the applications are applied and get an in-depth understanding of these security checks.
The training will also include a CTF challenge designed by the trainer in the end where the attendees will use their skills learnt during the workshop to solve this challenge.

Speakers
avatar for sneha rajguru

sneha rajguru

Security Consultant, Payatu Technologies
Sneha works as a Security Consultant with Payatu Technologies Pvt.Ltd. and holds C.E.H and E.C.S.A certifications. Her area of interest lies in Web application and mobile application security and fuzzing. She has discovered various serious application flaws within open source applications such as PDFLite.Jobberbase, Lucidchart and many opensource wordpress plugins and many more. She is also an active member of Null – The open security community... Read More →


Wednesday August 3, 2016 08:30 - 12:30
Training Ground I & II Siena

08:30

Pentesting Industrial Control Systems : Capture the Flag!
Limited Capacity full

There is a lot of talking about ICS, SCADA and such nowadays, but only few people have the opportunity to get their hands dirty and understand how it works. The goal of this workshop is to give the knowledge required to start attacking SCADA networks and PLCs, and give hands-on experience on real devices and have fun hacking a model train !

In this workshop, you will learn the specifics of performing a penetration test on Industrial Control Systems, and especially on Programmable Logic Controllers (PLCs). We will cover the main components and the commonly associated security flaws of Industrial Control Systems, aka SCADA systems. We will discover how they work, how they communicate with the SCADA systems, to learn the tools, tactics and procedures you can use to p*wn them.

Then we will move on to real-world by attacking real PLCs from two major manufacturers on a dedicated setup featuring robot arms and a model train, in an exciting CTF-style exercice.

Speakers
avatar for Arnaud Soullie

Arnaud Soullie

Senior consultant, WAVESTONE
Arnaud Soullié (@arnaudsoullie) is a senior security auditor working at Wavestone. In five years, he performed 100+ penetration tests and security audits. His topics of interest include Industrial Control Systems and Windows Active Directory security, two topics that tend to collide nowadays. His hobbies include motorbike riding and drinking (french) wine (not at the same time fortunately).


Wednesday August 3, 2016 08:30 - 12:30
Training Ground I & II Siena

10:00

Ground Truth Keynote: Great Disasters of Machine Learning
This presentation sifts through the carnage of history and offers an unvarnished look at some spectacular past machine learning failures to help predict what catastrophes may lay ahead, if we don't step in. You've probably heard about a Tesla autopilot that killed a man...

Humans are great at failing. We fail all the time. Some might even say intelligence is so hard won and infrequent let's dump as much data as possible into our "machines" and have them fail even faster on our behalf at lower cost or to free us. What possibly could go wrong?

Looking at past examples, learning from failures, is meant to ensure we avoid their repetition. Yet it turns out when we focus our machines narrowly, and ignore safety decision controls or similar values, we simply repeat avoidable disasters instead of achieving faster innovations. They say hindsight is 20-20 but you have to wonder if even our best machines need corrective lenses. At the end of the presentation you may find yourself thinking how easily we could have saved a Tesla owner's life.


Speakers
avatar for Davi Ottenheimer

Davi Ottenheimer

president, flyingpenguin
Recent Work: InfoSec History, Threat Intelligence, Counter-Intelligence, Hunt, Digital Forensics, Active Defense, Cyber Letters of Marque, Cloud Security, Secure Virtualization and Containers, Resilient Communication and Ethics in Machine Learning (Formerly Known as Big Data).


Wednesday August 3, 2016 10:00 - 10:30
Ground Truth Florentine F

10:00

Hacking Is Easy, Hiring Is Hard: Managing Security People
The common view of management is that it's easier than reverse engineering.  This talk will show you some of the challenges of managing security professionals and walk you through some of the more interesting parts of recruiting, managing, leading and retaining rock-star level talent in the hardest, most difficult industry.  Once you understand what it means to manage, you may find that you no longer want to manage, but you understand how to make your managers happy, how to succeed when being recruited and how to make yourself successful in your job and your career.

Speakers

Wednesday August 3, 2016 10:00 - 10:30
Hire Ground Florentine B

10:00

IATC Day 2: Introduction and Overview

Welcome back! We will recap yesterday’s session, as well as set the agenda and overview of the second day of the track. Whether you have been The Cavalry from the beginning, or are just curiously stopping by, there will be something for everyone. If you missed any part of Day 1, you’ll get up to speed, if you were there, you’ll get a tight summary, and in either case you’ll see what the day ahead holds.


Speakers
avatar for Joshua Corman

Joshua Corman

CTO | Founder | Founder, Sonatype | I am The Cavalry | Rugged
Joshua Corman is a Founder of I am The Cavalry (dot org) and Director of the Cyber Statecraft Initiative for the Atlantic Council. Corman previously served as CTO for Sonatype, Director of Security Intelligence for Akamai, and in senior research & strategy roles for The 451 Group and IBM Internet Security Systems. He co-founded @RuggedSoftware and @IamTheCavalry to encourage new security approaches in response to the world’s increasing... Read More →
avatar for Beau Woods

Beau Woods

I Am The Cavalry
Beau Woods is the deputy director of the Cyber Statecraft Initiative at the Atlantic Council, and core contributor to the I Am The Cavalry initiative. Beau works with policymakers, industry, civil society groups, NGOs, and individual stakeholders to safeguard human life, public safety, and global security. Beau has been a part of the information security industry and hacker community for over a decade, is a frequent presenter, media... Read More →


Wednesday August 3, 2016 10:00 - 10:30
I Am The Cavalry Copa Lounge - Downstairs in the Casino

10:00

Mapping the Human Attack Surface
Organizations often generate attack surfaces but fail to include the most susceptible link, the Human. By fully mapping the relationships between Users, Privileges, and High Value Assets we can apply graph analytics to locate where user relationships and privileges converge and concentrate creating high-risk areas for organizations. These “super-user” accounts become appealing targets for attackers to target and pivot from when maneuvering through the network.

Mentor
avatar for Master Chen

Master Chen

VoIP Administrator, Stimulus Technologies
Techno-enthusiast. | Hacker. | Student of Life. | Teacher of Shaolin.

Speakers
LD

Louis DiValentin

Associate Principal Data Scientist, Accenture CyberSecurity Lab


Wednesday August 3, 2016 10:00 - 10:30
Proving Ground Florentine E

10:00

Hunting high-value targets in corporate networks.
So you got into a network, but now what? You might be swimming in a corporate environment full of thousands of systems and users. If you’re in a goal-oriented penetration testing scenario, it’s important to quickly and efficiently find the crown jewels. In this presentation we will present post-exploitation strategies and techniques for finding the interesting bits in a big network. We will be releasing several tools and describing practical data collection and analysis techniques for converting a compromise into success criteria.

Speakers
avatar for Patrick Fussell

Patrick Fussell

Penetration Tester, Payment Software Company, Inc.
While working in the information security industry over the past 5 years Patrick Fussell has worked in numerous roles to increase the security of electronically stored data for customers while always improving his skill set. With a background predominantly in penetration testing, security assessment, and auditing he spent much of the last few years working with a wide range of consulting and analysis based engagements. Currently based out of... Read More →
avatar for Josh Stone

Josh Stone

Penetration Tester, PSC
Josh Stone has been in infosec for over 15 years, working variously in incident response, forensics, architecture, penetration testing, application testing, and more. He's worked in manufacturing, financial, educational, and payment card industries. Josh's research focus is in post-exploitation tools and techniques, trying to find creative ways around the barriers people build around the crown jewels in their networks.


Wednesday August 3, 2016 10:00 - 10:45
Breaking Ground Florentine A

10:00

Crafting tailored wordlists with Wordsmith
Standard wordlists such as Uniq and Rockyou are great when used with a variety of hashcat rules and big hash sets. But what about the hashes that you aren't able to crack? And what about smaller hash sets from smaller targets?

Queue Wordsmith, a tool that creates wordlists that are tailored to the target. Based on the target’s U.S. State, Wordsmith creates geo-location based wordlists that contains the names of cities, landmarks, roads, sports teams, zip codes, area codes, popular names and more. Generated wordlists can be used by themselves or as a supplement to other wordlists for brute force attacks or hash cracking. 

Speakers
avatar for Sanjiv Kawa

Sanjiv Kawa

Penetration Tester, Payment Software Company
Most of my interests are with penetration testing networks and applications. I've recently started to get into development, automation and reverse engineering. When my laptop battery dies I tend to go mountain biking, snowboarding, play guitar or watch Arsenal.
avatar for Tom Porter

Tom Porter

Penetration Tester, Payment Software Company
Tom (@porterhau5) is a penetration tester by trade, however his roots are on the blue team writing netflow analytics and providing network situational awareness. Tom holds a handful of certifications from SANS (GPEN, GCIH, GCIA), as well as degrees in Mathematics and CS. When there's not a baseball game nearby, he can be found scripting, participating in CTFs, dissecting packets, tinkering in his homelab, performing password analysis, or... Read More →


Wednesday August 3, 2016 10:00 - 10:50
Passwords16 Tuscany

10:00

Don't Repeat Yourself: Automating Malware Incident Response for Fun and Profit
Even for a larger incident response team handling all of the repetitive tasks related to malware infections is a tedious task. Our malware analysts have spent a lot of time chasing digital forensics from potentially infected Mac OS X systems, leveraging open source tools, like OSXCollector. Early on, we have automated some part of the analysis process, augmenting the initial set of digital forensics collected from the machines with the information gathered from the threat intelligence APIs. They helped us with additional information on potentially suspicious domains, URLs and file hashes. But our approach to the analysis still required a certain degree of configuration and manual maintenance that was consuming lots of attention from malware responders.

Enter automation: turning all of your repetitive tasks in a scripted way that will help you deal faster with the incident discovery, forensic collection and analysis, with fewer possibilities to make a mistake. We went ahead and turned OSXCollector toolkit into AMIRA: Automated Malware Incident Response and Analysis service. AMIRA turns the forensic information gathered by OSXCollector into actionable response plan, suggesting the infection source as well as suspicious files and domains requiring a closer look. Furthermore, we integrated AMIRA with our incident response platform, making sure that as little interaction as necessary is required from the analyst to follow the investigation.

Thanks to that, the incident response team members can focus on what they excel at: finding unusual patterns and the novel ways that malware was trying to sneak into the corporate infrastructure.

Speakers
avatar for Kuba Sendor

Kuba Sendor

Software Engineer, Yelp
Kuba Sendor (@jsendor) is working at Yelp security team where he automates malware incident response and together with his teammates makes sure that Yelp's infrastructure stays secure. Previously he worked at SAP in the Security and Trust research group where he participated in the initiatives related to access control and privacy in the digital world. | He holds double MSc degree in Computer Science from AGH University of Science and... Read More →


Wednesday August 3, 2016 10:00 - 10:55
Common Ground Florentine G

10:00

Ask The EFF
Join us for an unrecorded Q&A sesssion with everyone's favorite Digital Civil Rights organization.

Wednesday August 3, 2016 10:00 - 11:25
Underground Firenze

10:00

PvJ CTF
The Pros V Joes CTF is an event where the average Joe can have a chance to defend along with Professionals in the field, to learn from them while having fun. The game consists of live combat, with each team of Joes defending a network from a Red Cell of professional hackers.

This will be PvJ’s 4th year at BSidesLV. We’re overhauling the Gaming Grid, The Scoreboard and the Scoring Engine to feature some new surprises this year.

As in the past, this game is designed to give regular Joes their first taste of live-fire security, where they have to defend networks against Professionals who know how to break in.

For the Pros, this is a chance to flex your muscles, showing how good you are against live threats. Or, if you we accept you to our standing Red Team, it’s a chance to show your skills in pwning all the things.

For both colors of Pro, red and blue, it is a chance to lend your experience to help others improve their game.

The environment to host this CTF is laced with various surprises to keep the game interesting. The networks that the Blue Teams must defend will be a mix of Windows and Linux, with the typical Internet services (web, DNS, mail, etc) and a mix of obscure systems and services. The flags will also be more complicated than last year.

Senior Staff
avatar for Dichotomy

Dichotomy

Senior Staff, BSidesLV
Pros Vs Joes Capture the Flag Games Master


Wednesday August 3, 2016 10:00 - 18:00
Chill-Out Room Florentine C/D

10:00

Lock Pick Village
Join us from 1000 to 1845 on Tuesday and Wednesday to learn all about lock picking, from locks and tumblers to picks, rakes and tension bars. We'll have a few contests and classes going throughout the days.

Senior Staff

Wednesday August 3, 2016 10:00 - 18:45
Chill-Out Room Florentine C/D

10:30

A Noobs Intro Into Biohacking, Grinding, DIY Body Augmentation
Controlling devices through implanted chips used to be purely science fiction. Now, through the efforts of brave souls known as grinders this type of biohacking, and other do-it-yourself body modification, is not just reality, this movement is becoming more widespread, as it gets assimilated and adopted by tech enthusiasts. See this world from the fresh eyes of a would-be grinder, with a background in tech support and ministry, as he himself explores his own creation amplified through current, off-the-shelf technology.

Mentor
avatar for Johnny Xmas

Johnny Xmas

Sr. Penetration Tester, RedLegg Tradecraft Labs
| Johnny Xmas is a penetration tester for the Chicago-Based MSS and Security Assessment firm RedLegg International, and has been speaking Internationally on the topics of Information Security, Career Advancement and Social Engineering for nearly 15 years. You may recall him from various local news appearances, his work on the 2015 TSA keys leak, or as the Hacking Expert on Gamespot \ MATPAT’s “Reality Check” series. His infamous mixture... Read More →

Speakers
avatar for Doug Copeland

Doug Copeland

SysAdmin, Coastal Bend District, UMC
IT Gunslinger for Hire; not a Hacker, or Cracker, New Father, Lucky Husband to an Amazing Wife, ENTJ


Wednesday August 3, 2016 10:30 - 11:00
Proving Ground Florentine E

10:30

Resume Reviews, Mock Interviews and Networking...Oh My!
During the Open Session, you'll have a chance to participate in several career development activities - such as resume reviews and critiques, mock interviews and general networking with both industry pros, career pros, and other friends of BsidesLV. 

Take time during these sessions to have more specific conversations about your background and get answers to some career questions.



Wednesday August 3, 2016 10:30 - 11:30
Hire Ground Florentine B

10:30

Uncomfortable Truths
This facilitated discussion will outline some uncomfortable truths about securing safety-critical systems. Is information security as we know it fundamentally worse than the status quo? Will we have time to prevent catastrophe, or are we doomed to witness our predictions coming true? How long until new legislation or tighter enforcement hits the security research community? Are there some vulnerabilities where normal thinking on disclosure break down? It’s time we started seriously investigating these questions and others.

Speakers
avatar for I Am The Cavalry

I Am The Cavalry

I Am The Cavalry
Many people identify with the I Am The Cavalry initiative, but want to maintain a low profile. This account represents those who will be speaking and participating who might not want themselves highlighted.
avatar for Joshua Corman

Joshua Corman

CTO | Founder | Founder, Sonatype | I am The Cavalry | Rugged
Joshua Corman is a Founder of I am The Cavalry (dot org) and Director of the Cyber Statecraft Initiative for the Atlantic Council. Corman previously served as CTO for Sonatype, Director of Security Intelligence for Akamai, and in senior research & strategy roles for The 451 Group and IBM Internet Security Systems. He co-founded @RuggedSoftware and @IamTheCavalry to encourage new security approaches in response to the world’s increasing... Read More →
avatar for Beau Woods

Beau Woods

I Am The Cavalry
Beau Woods is the deputy director of the Cyber Statecraft Initiative at the Atlantic Council, and core contributor to the I Am The Cavalry initiative. Beau works with policymakers, industry, civil society groups, NGOs, and individual stakeholders to safeguard human life, public safety, and global security. Beau has been a part of the information security industry and hacker community for over a decade, is a frequent presenter, media... Read More →


Wednesday August 3, 2016 10:30 - 12:30
I Am The Cavalry Copa Lounge - Downstairs in the Casino

10:35

No Silver Bullet. Multi contextual threat detection via Machine Learning.
Current threat detection technologies lack the ability to present an accurate and complete picture of how threats are executed and fail to put together the multi contextual relationship of exploit chain indicators. A combination of behavioral and machine learning technologies can provide a more effective and complete assessment and prevention of threats in organizations relying on dispersed, static single indicator technologies. This approach also makes use of current static and single threat indicator technologies using Big Data computational models.

Speakers
avatar for Rod Soto

Rod Soto

Senior Security Researcher, Splunk
Rod Soto has over 15 years of experience in information technology and security. Currently working as a Security Researcher at Splunk User Behavioral Analytics. He has spoken at ISSA, ISC2, OWASP, DEFCON, Hackmiami, Bsides and also been featured in Rolling Stone Magazine, Pentest Magazine, Univision and CNN. Rod Soto was the winner of the 2012 BlackHat Las vegas CTF competition and is the founder and lead developer of the Kommand && KonTroll... Read More →
avatar for Joseph Zadeh

Joseph Zadeh

Senior Data Scientist, Splunk Inc.
I love working on behavior based prediction problems and artificial intelligence so some of my favorite themes to talk about are: Covert channel detection (especially encrypted), probabilistic identity resolution, behavior based intrusion detection and machine learning for security . Behavioral intrusion detection is a really interesting topic because it highlights the limitations of machine learning as an algorithmic solution to a... Read More →


Wednesday August 3, 2016 10:35 - 11:30
Ground Truth Florentine F

10:45

Powershell-Fu – Hunting on the Endpoint

Hunting is the art of searching for badness and unauthorized activity on our own systems or network.  By knowing what is normal in our networks and what is possible of adversaries, the hunter can identify malware, signs of unauthorized activity, and indicators of compromise lurking within. In this session, we will explore how to hunt for malware and compromises on windows endpoints using built-in Powershell commands and scripts.  We will explore how to validate what’s running on our systems and identify some of the tell-tale signs that you’ve been pwned. The failure of automated prevention and detection coupled with a disappearing perimeter means hunting will become an increasingly important skill among defenders. The skills demonstrated will be useful on your own local system or remotely against hundreds or even thousands of systems.


Speakers
avatar for Chris Gerritz

Chris Gerritz

Co-Founder and CEO, Infocyte
Chris is co-founder of Infocyte, a malware and threat hunting product developer. Chris is a pioneer in defensive cyberspace operations having helped establish and lead the U.S. Air Force's Enterprise Hunt Team.  | | Prior to co-founding Infocyte, Chris served as the Air Force Computer Emergency Response Team (AFCERT)'s first Chief of Counter-Cyber Operations. In this role, he led a team of 28 operators tasked with finding, tracking, and... Read More →


Wednesday August 3, 2016 10:45 - 11:30
Breaking Ground Florentine A

11:00

Stop the Insanity and Improve Humanity: UX for the Win
What is UX? Why is it important in cybersecurity? We have a problem in our industry; too many tools, too many interfaces, not enough people, not enough time, attackers eating our lunch, etc. With so many different interfaces, even the experts lose efficiency, not to mention the hurdle new cyber security professionals face. How can we bridge the gap between tools and people within our industry, and then reach outside of the industry to empower others with our security tools?

Mentor
Speakers
avatar for Robin Burkett

Robin Burkett

Sr. Analyst, Accenture Labs, Security R&D


Wednesday August 3, 2016 11:00 - 11:30
Proving Ground Florentine E

11:00

Making Password Meters Great Again
Password meters have become ubiquitous, some are decent, but the majority are actually harmful. While attempts have been made to create strength meters that better reflect the realities of how passwords are cracked, most meters though are naive to such a degree that they give an incredibly dangerous false since of security.

This talk looks at the best and worst of current password meters - from the useful education they provide, to the absurd feedback that has become so common. To address the flaws in current methods, a new method for calculating the real-world strength of passwords is introduced. Based on the techniques used in cracking passwords, including hashing details, a new method has been developed to provide more useful information about the actual strength of a password.

Speakers
avatar for Adam Caudill

Adam Caudill

Senior Application Security Consultant, AppSec Consulting
Adam Caudill is a security consultant with over 15 years of experience in security and software development; with a focus on application security, secure communications, and cryptography. Active blogger, open source contributor, and advocate for user privacy and protection. His work has been cited by many media outlets and publications around the world, from CNN to Wired and countless others.


Wednesday August 3, 2016 11:00 - 11:50
Passwords16 Tuscany

11:00

Survey says… Making progress in the Vulnerability Disclosure Debate
The vulnerability disclosure debate isn’t new. But as more vendors realize that they are software vendors, and as DMCA exceptions affect companies that touch citizens around the world, we need to get this right. The US Department of Commerce has sought to bring together important stakeholders, including security researchers and technology vendors to identify common ground and a path forward for better security for everyone. This presentation will share some preliminary observations, and allow the security community to weigh in on this important process.

Speakers
avatar for Amanda Craig

Amanda Craig

Senior Cybersecurity Strategist, Microsoft
Amanda Craig is a Senior Cybersecurity Strategist in Trustworthy Computing’s Global Security Strategy and Diplomacy (GSSD) team at Microsoft. As part of GSSD, she focuses on policy issues related to cloud security, cyber risk management, and coordinated vulnerability disclosure, working to address complex global change and to advance trust in the computing ecosystem. She is the co-author of two Microsoft publications, Transforming... Read More →
avatar for Jen Ellis

Jen Ellis

VP of community and public affairs, Rapid7
Jen Ellis is the Vice President of Community and Public Affairs at Rapid7, a security data and analytics company. In this role, Jen’s primary focus is on building productive collaboration between those in the security community and those operating outside it. She works extensively with security researchers, technology providers and operators, and various Government entities to help them understand and address cybersecurity challenges. She... Read More →
avatar for Allan Friedman

Allan Friedman

Director of Cybersecurity, US Department of Commerce
Dr. Allan Friedman is the Director of Cybersecurity Initiatives at National Telecommunications and Information Administration in the US Department of Commerce. Prior to joining the Federal government, Friedman was a noted infosec and technology policy researcher at a range of institutions, including George Washington University, the Brookings Institution, and Harvard University. Wearing the hats of both a technologist and a policy scholar... Read More →


Wednesday August 3, 2016 11:00 - 12:25
Common Ground Florentine G

11:30

Owning Your Career on a Daily Basis
The only person who is truly responsible for your career advancement is you. From the kinds of projects you take on to the way you interact with your peers and partners, the decisions you make every day have the most impact on your ability to make professional progress. In this talk, we’ll provide real-world examples that demonstrate how to own your career: exhibiting technical leadership, identifying impactful projects, building trust, and delivering results.  

Speakers
avatar for John Darrow

John Darrow

Sr. Principal Engineer, Amazon
John works on software and other tech to power Amazon's physical fulfillment, logistics and material handling operations. In particular he enjoys the challenge of resource optimization, automation, robotics, computer vision and other intersections of virtual and physical worlds. John has worked on many different aspects of Amazon over the past 18 years.

Sponsors

Wednesday August 3, 2016 11:30 - 12:00
Hire Ground Florentine B

11:30

There is no security without privacy
I believe I can demonstrate that privacy helps security and that the choice of "privacy or security" is a false choice constantly chanted by the government bodies.

Society is constantly asked to "voluntarily" give up privacy for the sake of security across the globe. In some cases, society is tricked into giving up legal rights and hundreds of years of legal doctrine in a single bill such as the "patriot act". In the end, we have less privacy and I would argue less security.

Up with crypto and down with backdoors, warrantless wiretaps, secret courts and other freedom stomping ideas.
Privacy is on life support and needs your help! I will tell you what you can do to help in your professional and private lives.


Wednesday August 3, 2016 11:30 - 12:00
Proving Ground Florentine E

11:30

Why Can't We Be Friends?
Description withheld at presenter's request.

Speakers

Wednesday August 3, 2016 11:30 - 12:25
Underground Firenze

11:30

Domains of Grays.
One of the most consistently reliable means for an attacker to gain access to an organization's computing resources is via phishing - by socially engineering an authorized user into providing access to the attacker by inadvertently disclosing their credentials. There are numerous ways that are currently in use to prevent phishing already, but there is always room for improvement. In this case, we propose taking a spam-mitigation measure, greylisting, and applying it to DNS such that it will hamper the ability of phishers to complete a common type of attack. Additionally, this methodology will also mitigate other, similar threats that rely on fast resolution of DNS in order to function correctly. We will be providing a POC implementation for DNS greylisting so that you can evaluate its effectiveness as well.

Speakers
avatar for Eric Rand

Eric Rand

Systems Mangler, Brown Hat Security
An amateur blacksmith, an amateur radio operator, and a professional know-it-all, Eric has had a deep appreciation for the lore surrounding the IT world for many years. When he's not digging through obscure fora to find out who thought XCHG EAX:EAX was a good idea for a NOP command, Eric is either forging coathooks or stitching together various systems that were never designed to work together. He lives in the mountains of southern California... Read More →


Wednesday August 3, 2016 11:30 - 12:30
Breaking Ground Florentine A

11:35

Labeling the VirusShare Corpus: Lessons Learned
A machine learning researcher needs a nice dataset to work with, but all of the publicly available malware datasets have major issues. We'll start by reviewing the basics of machine learning on malware: what works, what doesn't, and what data is out there. We'll introduce the VirusShare dataset, show how we fixed the labels issue (using VirusTotal) so that it may be used for supervised machine learning, and discuss why this corpus should be used as a standard for machine learning research. Finally, we'll look at pyspark, and how it can be used to both summarize the corpus and to help us find which chunks have high concentrations of particular families of malware.

Speakers
avatar for John Seymour

John Seymour

University of Maryland, Baltimore County
John Seymour is a Data Scientist at ZeroFOX, Inc. by day, and Ph.D. student at University of Maryland, Baltimore County by night. He researches the intersection of machine learning and InfoSec in both roles. He's mostly interested in avoiding and helping others avoid some of the major pitfalls in machine learning, especially in dataset preparation (seriously, do people still use malware datasets from 1998?) He has spoken at both DEFCON and his... Read More →


Wednesday August 3, 2016 11:35 - 12:30
Ground Truth Florentine F

12:00

Proactive Password Leak Processing
An average person on the Internet reuses their same password across multiple sites more often than we’d prefer, which has increasingly resulted in account compromise headaches felt both by them and the sites they visit. Most organizations have limited options to prevent password reuse altogether, but they can take advantage of the same data used by attackers: password leaks.

Large companies (like Microsoft, Google, Facebook, and Yahoo!) have started proactively searching for the passwords leaked by other sites and then finding matches within their own user populations. They can then force a password change or require supplemental authentication to make certain the legitimate user keeps control of their account.

This presentation discusses what exactly is involved in processing this ill gotten data, as well as whether it makes sense for your organization to integrate this into your information security program.

Speakers
avatar for Bruce Marshall

Bruce Marshall

Founder, PasswordResearch.com
Bruce is a security consultant that founded the PasswordResearch.com web site over a decade ago. He aims to introduce more professionals to new and existing authentication research so they can better justify secure system design and policy choices. He has previously shared his experiences with authentication and other topics at the Black Hat, SANS, and InfoSec World conferences.


Wednesday August 3, 2016 12:00 - 12:25
Passwords16 Tuscany

12:00

Improving Your Personal Value Proposition to Take that Next Step in Your Career
For many penetration testers and other security professionals, making yourself more attractive to employers or taking that next step up means improving your personal value proposition. Showing off your technical aptitude on finding more vulnerabilities than anyone else is not enough. Your personal value proposition is based on effectiveness - taking that knowledge, translating it for a non-technical audience, and helping them understand the business risk so they can make an informed decision.

Come to this session where we will discuss the value in understanding business and relating it to your security work. We’ll present tips on how to portray and present findings that will make you more effective in your job. And we’ll also share areas for skills improvement within security organizations that will also help you improve your personal value proposition.

Speakers
Sponsors

Wednesday August 3, 2016 12:00 - 12:30
Hire Ground Florentine B

12:00

You Don't See Me - Abusing Whitelists to Hide and Run Malware
This talk will outline a method for exploiting security software with a focus on unauthorized whitelisting. Many security products have the ability to permit or ignore a detected threat which ensures administrative override is available in the event a false positive is encountered. In most cases this requires user interaction by clicking a button labelled Accept/Ignore/Permit which tells the software to ignore this threat going forward. By learning how the application reads and writes these exemptions, we can uncover vulnerabilities that may lead to exploitation of these components. If an exploit can be found and written into a piece of malware, it's possible for the malware to whitelist itself without any interaction from the end user! Instead of being detected and quarantined, the malware is free to do its thing while the security software turns a blind eye.

The flow of the presentation will start with talking about why whitelisting exists and various methods used by different products to achieve this. This part can be summarized as "everyone does it differently". The next part talks about the process to discover how the application handles exemptions including the steps, tools and techniques used. The last part talks about things to look for that may indicate a whitelist component is vulnerable to abuse and where to begin exploiting.

The talk will borrow heavily from my professional work experiences as well as my personal side projects. To date, these methods have been applied to 5 different security products, 3 of which have successfully resulted in malware executing on the host after the successfully whitelisting itself. 1 product has been fixed, 1 is pending a fix and a third has yet to be reported. In the interest of responsible disclosure, I would like this talk to not include any product names and remain generic with a focus on the issue around abusing whitelists as opposed to specific proven scenarios.

Mentor
avatar for Richo Healey

Richo Healey

Security Engineer, Stripe
richo likes his ducks flat and his instruction sets reduced. He breaks things at Stripe, works on Rust, and will hopefully update his bio before the con.

Speakers
avatar for Michael Spaling

Michael Spaling

University of Alberta
Trekkie, Lego fan and lover of all things sci-fi. I work at a large research intensive University located in Edmonton, Canada with a focus on operational security. During my downtime I enjoy making things work in ways that were never intended.


Wednesday August 3, 2016 12:00 - 12:30
Proving Ground Florentine E

14:00

Automated Dorking for Fun and Pr^wSalary
A dork is a specialized search engine query which reveals unintentional data leaks and vulnerable server configurations.

In order to catalogue vulnerable hosts with minimal manual intervention we’re now introducing an open-source framework for grabbing newly published dorks from various sources and continuously executing them in order to establish a database of exposed hosts.

A similar project (SearchDiggity, closed source, Windows only) had its latest release in 2013 and the latest blog post was published in 2014.

Mentor
avatar for Ming Chow

Ming Chow

Senior Lecturer, Tufts University
Ming Chow is a Senior Lecturer at the Tufts University Department of Computer Science. His areas of work are in web and mobile security and web and mobile engineering. He teaches courses largely in the undergraduate curriculum including Data Structures, Web Programming, Web Engineering, Music Apps on the iPad, Mobile Medical Devices and Apps, Senior Capstone Project, and Introduction to Computer Security. His course Introduction to Game... Read More →

Speakers
avatar for Filip Reesalu

Filip Reesalu

Security Researcher, Recorded Future
Security Researcher @ Recorded Future. | Spent a few years in engineering and data science positions before transitioning over to figuring out clever ways to use open source intelligence for defence.


Wednesday August 3, 2016 14:00 - 14:30
Proving Ground Florentine E

14:00

Modeling Password Creation Habits with Probabilistic Context Free Grammars
People are not good at being unpredictable. It’s common knowledge that with passwords certain words are more common than others. Same goes for mangling rules. The problem comes into incorporating that knowledge into real world use cases. Probabilistic context free grammars (PCFGs) are one approach that can help turn the way we talk about password creation habits into how we actually model them. While the most obvious use for these techniques is to crack passwords, PCFGs also show promise with generating honeywords, (synthetic passwords), and designing more user friendly and secure password creation policies. To put it another way, by more effectively modeling how users create passwords we can design better security solutions.

This talk will focus on recent advancements with using PCFGs in the area of password research.

Speakers
avatar for Matt Weir

Matt Weir

Mitre
I've been cracking passwords for about 10 years now. I got my start working in the E-Crimes and Investigative Technologies (ECIT) lab at Florida State University, and I've been obsessed with building and breaking authentication systems ever since. I've been the local rep for the John the Ripper team at numerous Defcons though I'm also a huge fan of Hashcat. I also enjoy reading academic papers and trying to figure out how to use their findings in... Read More →


Wednesday August 3, 2016 14:00 - 14:50
Passwords16 Tuscany

14:00

The Future of BSides

This event represents the 271st BSides event since the first one was held at a house a few miles west of here in late July 2009.  BSides events have been held in 94 cities in 25 countries, touching every continent except Antarctica.  There were 60 events in 2014, 62 in 2015, and there will likely be even more this year.

These events are the result of the efforts of thousands of local organizers and volunteers around the world who make their events happen and build their local communities.

The BSides global organization, aka The Mothership, provides a variety of services to the organizers and to the BSides community at large.  In this session members of the global Board will quickly review a bit of BSides history, then discuss the current role of the the global organization including the various services provided to organizers and others in the BSides community, as well as the challenges faced by the Board.  We will then move to a discussion of possible future directions for the global organization, opening the conversation up to include Genevieve Southwick and Thomas Fischer and the community at large.

The goal of this session is to start a conversation which will continue in person at BSidesLV and online in the mail lists.

Speakers
avatar for Jack Daniel

Jack Daniel

Director, Treasurer, NOC lead, Security BSides Las Vegas
Talk to me about BSides, bartending, Tiki, storytelling, community building, careers, stress management, burnout, and stuff. Oh, and we can talk about infosec if you insist.
avatar for Thomas Fischeer

Thomas Fischeer

Global Security Advocate & Principal Threat Researcher, Digital Guardian
With over 25+ years experience, Thomas has a unique view on security in the enterprise with experience in multi domains from policy and risk management,  secure development and incident response and forensics. Thomas has held roles varying from security architect in large fortune 500 company to consultant for both industry vendors and consulting organisations. Thomas currently plays a lead role in advising customers while investigating... Read More →
avatar for Michelle Klinger

Michelle Klinger

With over 10 years of experience in information security, Michelle K. has had 6 years of experience performing information security assessments using various standards such as: NIST, HIPAA, ISO17799:27002, & PCI DSS. She’s also had several years of developing security strategies for organizations in various industries. Currently, Michelle is a security architect/consultant developing the security strategy of her organization with security... Read More →
avatar for David Mortman

David Mortman

CFP SuperChair, BSidesLV
Mortman wears a monocle by day and is a panemologist by night. He’s been doing this security thing for far longer than he’d like to consider, but if his career were a person it could legally drink.
avatar for Genevieve Southwick

Genevieve Southwick

President, Executive Producer, CEO, Security BSides Las Vegas, Inc.
Anything and everything BSidesLV. Event planning, production, logistics, operations. Let me know what you love about the conference, what you like, what you dislike and how you think we can make it better. | Pastafarian, Humanist; Handbasket Driver, Trip Hazard, Trigger Warning; Existential hacking in the age of Discordia. EP/CEO/PotB @bsideslv & CEO/Owner @sqrlhrdrprodllc


Wednesday August 3, 2016 14:00 - 14:55
Common Ground Florentine G

14:00

Determining Normal: Baselining with Security Log and Event Data
Take a look at almost every log management best practice guide and you will find a bullet point for determining "normal" activity or analyzing trends.  These guides, and most log management best practices in general, lack the details for practically determining what is "normal" and how to investigate abnormal activity.

 

This presentation intends to outline practical strategies for determining "normal" activity using baseline analysis with logs and security events.  Topics will include overview of baselines and the necessary statistics, determining what to baseline with threat modeling, developing the baseline, reviewing the anomalous data, and tuning. 

Speakers
avatar for Derek Thomas

Derek Thomas

Senior Information Security Consultant, eSentire
Derek is a security consultant focused on log management, threat detection, and security monitoring.  Derek enjoys developing use cases, watching logs like an operator in The Matrix, and looking for interesting ways to detect post exploitation activity.  He is a family man that is also actively involved in the Michigan Security (#MiSec) community. 


Wednesday August 3, 2016 14:00 - 14:55
Ground Truth Florentine F

14:00

How to Rob a Bank – or The SWIFT and Easy Way to Grow Your Online Savings Account
Bank heists make great stories. And this year, we got some really good stories to tell courtesy of a little trusted network known as SWIFT, and some banks that believed they were inherently protected by virtue of being connected. 

Except they weren’t. And hundreds of millions of dollars have revealed some ugly truths and dangerous assumptions.

There’s a whole lotta finger pointing going on. We know the golden rule: he who has the gold makes the rules. That would be the banks, and in this case, SWIFT, the trusted messengering system that does not want to be tainted by what’s really going on here. 

So, away from cameras, recording devices and safely out of earshot of my employer and those they serve (ahem), let’s talk about what’s inherently wrong with the banking system that hackers can manipulate and access. Let’s review some recent exploits and see where else they might lead. You can bet attackers are already mapping out those trails. And let’s play a little bit of Attribution Blame Game: which group, which country, which motive. Dibs on North Korea.

Speakers
avatar for Cheryl Biswas

Cheryl Biswas

Consultant, Threat Intel, KPMG
@3ncr1pt3d


Wednesday August 3, 2016 14:00 - 14:55
Underground Firenze

14:00

Six Degrees of Domain Admin - Using BloodHound to Automate Active Directory Domain Privilege Escalation Analysis
Active Directory domain privilege escalation is a critical component of most penetration tests and red team assessments, but to date, established methodology dictates a manual and often tedious process of gathering credentials, analyzing new systems we now have admin rights on, pivoting, and repeating this process until reaching our objective. Then -- and only then -- we can look back and see the path we took in its entirety. But that may neither be the only, nor the shortest, path we could have taken to achieve elevated privileges.

By combining the concept of derivative admin (the chaining or linking of administrative rights), existing tools, and graph theory, we can reveal the hidden and unintended relationships in Active Directory domains. For example, Bob is an admin on Steve’s system, and Steve is an admin on Mary’s system; therefore, Bob is effectively (and perhaps unintentionally) an admin on Mary’s system. While existing tools such as Nmap, PowerView, CrackMapExec, and others can gather much of the information needed to find these paths, graph theory is the missing link that gives us the power to find hidden relationships in this offensive data.

The application of graph theory to an Active Directory domain offers several advantages to attackers and defenders. Otherwise invisible, high-level organizational relationships are exposed. Most escalation paths can be efficiently and swiftly identified. Simplified data aggregation accelerates blue and red team analysis. Graph theory has the power and the potential to dramatically change the way you think about and approach Active Directory domain security.

Speakers
avatar for Andy Robbins

Andy Robbins

Offensive Network Services Lead, Veris Group LLC
Andy Robbins (@_wald0) is the Offensive Network Services lead for Veris Group's Adaptive Threat Division. He has performed penetration tests and red team assessments for a number of Fortune 500 commercial clients and major U.S. Government agencies. In addition, Andy researched and presented findings related to a business logic flaw with certain processes around handling ACH files affecting thousands of banking institutions around the country at... Read More →
avatar for Will Schroeder

Will Schroeder

Security Researcher, Adaptive Threat Division, Veris Group, LLC
Will Schroeder (@harmj0y) is a security researcher and pentester/red-teamer for Veris Group’s Adaptive Threat Division. He is a co-founder of the Veil-Framework, developed PowerView and PowerUp, is an active developer on the PowerSploit project, and is a co-founder and core developer of the PowerShell post-exploitation agent Empire. He has presented at a number of security conferences on topics spanning AV-evasion, post-exploitation, red... Read More →


Wednesday August 3, 2016 14:00 - 15:00
Breaking Ground Florentine A

14:00

Uncomfortable Approaches

To change the world we must first change ourselves; challenge our preconceived notions, and build new solutions. This second facilitated discussion will look at some ways we might be able to deal with the uncomfortable truths raised in the previous one. How do we resolve tensions and conflicts that exist in the things we believe to be true? After exhausting easy fixes, we must challenge ourselves to consider uncomfortable ones, even if we end up rejecting them.


Speakers
avatar for I Am The Cavalry

I Am The Cavalry

I Am The Cavalry
Many people identify with the I Am The Cavalry initiative, but want to maintain a low profile. This account represents those who will be speaking and participating who might not want themselves highlighted.
avatar for Joshua Corman

Joshua Corman

CTO | Founder | Founder, Sonatype | I am The Cavalry | Rugged
Joshua Corman is a Founder of I am The Cavalry (dot org) and Director of the Cyber Statecraft Initiative for the Atlantic Council. Corman previously served as CTO for Sonatype, Director of Security Intelligence for Akamai, and in senior research & strategy roles for The 451 Group and IBM Internet Security Systems. He co-founded @RuggedSoftware and @IamTheCavalry to encourage new security approaches in response to the world’s increasing... Read More →
avatar for Beau Woods

Beau Woods

I Am The Cavalry
Beau Woods is the deputy director of the Cyber Statecraft Initiative at the Atlantic Council, and core contributor to the I Am The Cavalry initiative. Beau works with policymakers, industry, civil society groups, NGOs, and individual stakeholders to safeguard human life, public safety, and global security. Beau has been a part of the information security industry and hacker community for over a decade, is a frequent presenter, media... Read More →


Wednesday August 3, 2016 14:00 - 16:00
I Am The Cavalry Copa Lounge - Downstairs in the Casino

14:00

Hands-on Cryptography with Python
Limited Capacity full

Learn essential concepts of cryptography as it is used on the modern Internet, including hashing, symmetric encryption, and asymmetric encryption. Then perform hands-on projects calculating hashes and encrypting secrets with RSA and AES, and compete to solve challenges including cracking Windows and Linux password hashes, short and poorly-chosen RSA public keys, and poorly-chosen AES keys.  We will also cover Blockchains, the technology behind Bitcoin.

No previous programming experience required. Students need to bring a computer that can run Python; any version of Mac, Windows, or Linux will be fine. I will have a few loaner computers for students who don't have a usable computer.

All materials, projects, and challenges are freely available at https://samsclass.info/124/Defcon-BSidesLV-2016-crypto.shtml

Speakers
avatar for Sam Bowne

Sam Bowne

City College San Francisco, City College San Francisco
Sam Bowne has been teaching computer networking and security classes at CCSF since 2000. He has given talks at DEFCON, HOPE, BayThreat, LayerOne, and Toorcon, and taught classes and many other schools and teaching conferences. He has a B.S. in Physics from Edinboro University of Pennsylvania and a Ph.D. in Physics from University of Illinois, Urbana-Champaign. Industry certs: CISSP, CEH, CCENT, WCNA, and more.


Wednesday August 3, 2016 14:00 - 18:00
Training Ground I & II Siena

14:00

Mobile App Attack
Limited Capacity full

This full-fledged hands-on training will get the attendees familiar with the various Android as well
as iOS application analysis techniques and bypassing the existing security models in both the
platforms. The main objective of this training is to provide a proper guide on how the mobile
applications can be attacked and provide an overview of how some of the most important security checks for the applications are applied and get an in-depth understanding of these security checks.
The training will also include a CTF challenge designed by the trainer in the end where the attendees will use their skills learnt during the workshop to solve this challenge.

Speakers
avatar for sneha rajguru

sneha rajguru

Security Consultant, Payatu Technologies
Sneha works as a Security Consultant with Payatu Technologies Pvt.Ltd. and holds C.E.H and E.C.S.A certifications. Her area of interest lies in Web application and mobile application security and fuzzing. She has discovered various serious application flaws within open source applications such as PDFLite.Jobberbase, Lucidchart and many opensource wordpress plugins and many more. She is also an active member of Null – The open security community... Read More →


Wednesday August 3, 2016 14:00 - 18:00
Training Ground I & II Siena

14:30

Latest evasion techniques in fileless malware
This talk will dive into latest file-less malware, how such types of malware can hide via new evasion techniques, their application in latest attacks then discuss what other possible ways file-less malware of the future could hide to evade detection.

In the past, malware developers have implemented different techniques to circumvent detection of their malicious code. For instance, memory resident malware load their code into the memory of legitimate processes, even operating system files, while rootkit malware cloak themselves in the kernel.

Unlike their predecessors, the main difference in the new types of file-less malware are that they no longer drop small compiled binaries on the compromised system during their malicious activities. They instead proceed with their attack directly from the windows registry in a real, file-less manner by self-destroying any temporary traces of themselves on the file system prior to executing the malicious code. These techniques have made such types of malware better at evading detection. To understand these new techniques further, different file-less malware examples such as Kovyer, Poweliks, XseKit, kovter, corBOT etc., will be examined.

In the modern computing world, achieving average persistency without much effort from a malware perspective has gotten easier as devices remain online for longer periods, likely to go to sleep more often with fewer reboots in between making it possible to keep malicious code running for days. In such context, the fact that file-less malware might need to trade off persistence for stealth is not so much an issue anymore and makes these types of malware most ideal for attacks where implementation of a long-term persistency is not really required for its success. For instance, in ransomware attacks family, file-less malware need to only remain alive long enough to encrypt and remove original files then ask for a ransom. In contrast, attacks where malware would need to remain undetected for months or even years -as in information gathering purpose for example -relying solely on file-less malware evading techniques might not be as effective.

Mentor
avatar for Andrew Hay

Andrew Hay

CISO, DataGravity
Andrew Hay is the CISO at DataGravity where he advocates for the company’s total information security needs and is responsible for the development and delivery of the company’s comprehensive information security strategy. Prior to that, Andrew was the Director of Research at OpenDNS (acquired by Cisco) and was the Director of Applied Security Research and Chief Evangelist at CloudPassage, Inc.

Speakers

Wednesday August 3, 2016 14:30 - 15:00
Proving Ground Florentine E

14:30

Resume Reviews, Mock Interviews and Networking...Oh My!
During the Open Session, you'll have a chance to participate in several career development activities - such as resume reviews and critiques, mock interviews and general networking with both industry pros, career pros, and other friends of BsidesLV. 

Take time during these sessions to have more specific conversations about your background and get answers to some career questions.



Wednesday August 3, 2016 14:30 - 15:30
Hire Ground Florentine B

15:00

Hacking Tech Interviews
Tech interviews can be tricky, but can also be hacked. What you do before, during, and after the interview can be tweaked to maximize your chances of being hired. Learn how to best approach tech interviews (and what not to do!) from a hiring manager at a major security consulting firm who conducts dozens of tech interviews each year.

Speakers
avatar for Adam Brand

Adam Brand

Director, Protiviti
Adam Brand: Adam Brand has more than 16 years’ experience in information technology and security. He is a Director with Protiviti, where he has assisted companies in resolving major security incidents and maturing their information security programs. Adam has been heavily involved with the “I am The Cavalry” movement, a group of researchers focused on information security issues that can affect human life and safety. He has recently focused... Read More →


Wednesday August 3, 2016 15:00 - 15:30
Hire Ground Florentine B

15:00

PLC for Home Automation and How It Is as Hackable as a Honeypot
The talk is about how to make PLCs work of your home automation and work as an ICS honeypot at the same time.

Current ICS honeypots are mostly based on CONPOT. It works very well, but is simulated and the readings of values don't usually change. As an intruder, it is easy to tell a CONPOT from a real working PLC. In this talk, I'd like to use home-made PLC and cheap industrial-level PLCs that you can buy from eBay and make them part of home automation. The system can pretend itself to be a factory with turbines, conveyor belts and boilers or any other realistic yet fun scenarios. Once it's hacked, you don't only see the results in the database, but optionally in the real world as well.

Mentor
SE

Scott Erven

Scott Erven is an Associate Director at Protiviti. He has over 15 years of information security and information technology experience with subject matter expertise in medical device and healthcare security. Scott has consulted with the Department of Homeland Security, Food and Drug Administration and advised national policymakers. His research on medical device security has been featured in Wired and numerous media outlets worldwide. Mr. Erven... Read More →

Speakers
avatar for Philippe Lin

Philippe Lin

Senior threat researcher, Trend Micro
Philippe Lin works in data analysis, machine learning, fast prototyping and threat research. He was a BIOS engineer in Open Computing Project. Active in open source communities, he is a hobbyist of Raspberry Pi / Arduino projects and the author of Moedict-Amis, an open source dictionary of an Austronesian language.


Wednesday August 3, 2016 15:00 - 15:30
Proving Ground Florentine E

15:00

Passphrases for Humans: A Cultural Approach to Passphrase Wordlist Generation
The idea of using passphrases for storing stronger secrets has been around since at least 1982, yet little work has been done to improve the usability of this method. Diceware, the de facto method and passphrase wordlist, contains wonderfully easy to remember words such as “aeneid”, “zh”, and “$$” (Let’s not get started on “h”, “hh”, “hhh” and “hhhh”). Moreover, extended language support for Diceware is often based on translations of the original wordlist, which contains numerous Americanisms such as “howdy”, “hubbub”, and “Boise”.

In this talk, we will discuss the problems facing passphrases in the present, and propose alternative approaches to passphrase wordlist generation. We will discuss our our own method for creating localized wordlists and how this method is being tested using Peerio as a real-world test site and analyzed by our academic partners. Specifically, we argue that accounting for cultural and social variables in language usage can provide stronger, more memorable, and in some cases shorter passphrases than existing models. Finally, we would like to open the discussion to assess possible faults with this method, identify potential improvements, and consider other ways in which we as a community can collaboratively improve the overall user experience of passphrases.

Speakers
avatar for Florencia Herra-Vega

Florencia Herra-Vega

CTO, Peerio
I’m a backend developer who enjoys explaining complex systems to anyone who will listen. I get excited about distributed systems and intuitive user interfaces. I’ve also been running community education programming on topics ranging from sexual health to introductions to coding for over a decade. I like thinking about digital security as harm reduction.
avatar for Skylar Nagao

Skylar Nagao

Product Manager, Peerio
A humanities geek who became interested in privacy after years of studying Foucault, panopticism, and post-structuralist theories of power. In attempts to become less arcane in daily conversation, this interest evolved into taking up critical literature studies focusing on how science-fiction can serve to guide real world cultural and political values. | | With Peerio, I take on much of the non-technical work, serving as user advocate... Read More →


Wednesday August 3, 2016 15:00 - 15:50
Passwords16 Tuscany

15:00

Hacking Megatouch Bartop Games
In this talk Mark will discuss the latest in his fixation with hacking antiquated and beloved hardware. Megatouch bartop games. The Megatouch was a fixture in many bars in the late nineties and early 2000s. After Mark bought a couple of the units used and discovered some dubious security features and familiar hardware inside, the idea to document the process of hacking and exploring the machine came about--with the ultimate goal of showing how much fun and learning can be had in the process.

The talk will walk through a dissection of the hardware used inside the games from zero knowledge to “geek,” including a custom ISA I/O card and the encrypted hardware key. I’ll walk the crowd through sniffing the key’s cleartext 1-wire bus to get the password, and explore what we can do with it. Then we’ll move over to the software side of things to find even more fun security fails and follies.

Speakers
MB

Mark Baseggio

Mark is an offensive security expert that specializes in physical security and network security consulting. Over his years in security Mark has conducted and overseen hundreds of penetration tests all over the world in multiple industries and disciplines, for medium sized businesses to large Fortune 500 corporations. Mark has delivered presentations to audiences internationally and is the co-creator of the BLEKey, custom hardware designed to... Read More →


Wednesday August 3, 2016 15:00 - 15:55
Common Ground Florentine G

15:00

CyPSA Cyber Physical Situational Awareness
CyPSA is primarily being developed to serve critical infrastructure in the electric industry, but, CyPSA provides for a way to inventory a physical device, determine the logical location of the device (cyber), and list the ranked operational impact of devices. The tool provides a list of ranked contingencies for internetworked devices. This tool can also provide for prioritization of defensive measures by considering factors such as network attack surface and common device types. The CyPSA engine is free to use with a fully open API so the engine can be used in industries other than the power grid.

Speakers
KD

Katherine Davis

University of Illinois
ER

Edmond Rogers

University of Illinois


Wednesday August 3, 2016 15:00 - 15:55
Ground Truth Florentine F

15:00

That Which Must Not Be Spoken Of: A Personal Look at Mental Health in Infosec
Sullen, Moody, Anti-Social, Awkward, Outcast, Misfits. Our people right? The heart and soul of the people running the internet and technology.  Sadly, it’s killing us, in some cases literally. Yet we still refuse to talk about it. It is more acceptable to say you’re a Windows NT fan then to admit to having mental health issues.

Half of this talk will be a very frank discussion about one person’s journey through several mental health issues and explain some different methods used to cope with that daily battle. The second part of the talk will dig into why we are not hearing more about this in our own community.

Speakers
avatar for Joel Cardella

Joel Cardella

Sr Security Consultant, Rapid7
Joel Cardella has over 24 years of experience in information technology, having run a gamut from network operations, sales support, data center management, field operations and information security. He has worked in industries including telecommunications, healthcare and manufacturing. Prior to Rapid7 he held the role of Regional Security Officer for North America for a multinational manufacturing company. | | Joel is interested in the... Read More →
avatar for Jay Radcliffe

Jay Radcliffe

Security Researcher, Rapid7
Jay Radcliffe has been working in the computer security field for over twelve years, and is currently a Senior Security Researcher and consultant at Rapid7. Coming from the managed security services industry, Jay has used just about every security device made over the last decade. Recently, Jay has presented ground breaking research on security vulnerabilities in medical devices at Black Hat and Defcon. As he is a type I diabetic, Jay has... Read More →


Wednesday August 3, 2016 15:00 - 15:55
Underground Firenze

15:00

Is that a penguin in my Windows?
One of the latest features coming out in Windows is the new Windows Subsystem for Linux. This brand new system provides translations for Linux syscalls via a new kernel interface. This talk will go over the technical details of this brand new interface with a focus on it's security implications. We'll go over features that might be beneficial to be leveraged by pentesters as well as what how the new subsystem can be abused by local exploits targeting Windows.

Speakers
avatar for Spencer McIntyre

Spencer McIntyre

SecureState
As a member of the Research and Development team at SecureState, Spencer McIntyre works to discover vulnerabilities within organizations systems and understand the underlying risks. Mr. McIntyre balances his focus between vulnerability and in-house tool development. During his time with SecureState, Mr. McIntyre has worked with a variety of clients across multiple industries, giving him experience in how each secures their data and the threats... Read More →


Wednesday August 3, 2016 15:00 - 16:00
Breaking Ground Florentine A

15:30

Exploiting the Recruitment Process
When hunting for your dream job in information security, companies are going to evaluate your resume, but much more. We will showcase the full evaluation process from resume submission to offer decision (and everywhere in-between) from both a hiring manager and recruiter perspective.  We will give you insight into how to differentiate yourself as a candidate in multiple ways and ensure that you are projecting the most positive profile possible. Doug As a bonus, we'll talk about the not-so-secret-sauce that will get you your dream job. It's community. You're here, so you get it, but we'll give you give you specific resources to use and use-case examples of how to make your dream job happen!

Speakers
avatar for Doug Munro

Doug Munro

Director of Recruiting, Veris Group, LLC
I'm excited to be attending BSidesLV 2016. I am the Director of Recruiting for one of the fastest-growing Cybersecurity firms in the country, so opportunities to spend time inside the community are the best part of the work. I can't wait for August!


Wednesday August 3, 2016 15:30 - 16:00
Hire Ground Florentine B

15:30

Automation Plumbing
There are many tools available to automate various security and forensics tasks. This talk will describe what we have successfully implemented in our services response framework, including:

-Data solutions, like Splunk and ElasticSearch and their API's
-Open source tools
-Custom code (Python, C++)
-Internal, self-service API's and their various frontends for consultants

Next, I will briefly discuss issues we have encountered and some suggested workarounds. Finally, I will cover some newer, experimental tools that we are trying out, including containers.

Sample code will be provided for attendees to automate Splunk and ElasticSearch analysis and connect common forensic tools. This talk will contain some code and will be from a programmer's perspective, but you do not have to be an experienced programmer to understand the bulk of it.

Mentor
Speakers

Wednesday August 3, 2016 15:30 - 16:00
Proving Ground Florentine E

16:00

PeerLyst Meet and Greet
Come and meet the Peerlyst community and find out why you maybe should be a part of it. Richard Stiennon and Gary Hayslip will be there to say hi and answer your questions. 


Sponsors

Wednesday August 3, 2016 16:00 - 17:00
Hire Ground Florentine B

16:00

IATC Closing
So long and thanks for all the fish. We will recap the two day session, outline what we heard, and line up what needs to be done over the next year, to make us all safer, sooner, together. 

Speakers
avatar for Joshua Corman

Joshua Corman

CTO | Founder | Founder, Sonatype | I am The Cavalry | Rugged
Joshua Corman is a Founder of I am The Cavalry (dot org) and Director of the Cyber Statecraft Initiative for the Atlantic Council. Corman previously served as CTO for Sonatype, Director of Security Intelligence for Akamai, and in senior research & strategy roles for The 451 Group and IBM Internet Security Systems. He co-founded @RuggedSoftware and @IamTheCavalry to encourage new security approaches in response to the world’s increasing... Read More →


Wednesday August 3, 2016 16:00 - 17:00
I Am The Cavalry Copa Lounge - Downstairs in the Casino

17:00

Common Mistakes Seen in Interviews
Interviews can be intimidating, frustrating and sometimes pretty boring. From our panel of recruiters, you will hear some of the common mistakes jobseekers make in interviews - over and over again. Come listen and learn so you don't make these mistakes.

Speakers
DH

Daniel Harbison

Director of IT and Managed Services, Novacoast
avatar for Kris Rides

Kris Rides

CEO, Tiro Security
Trained Social Engineering Penetration Tester and Founder of an InfoSec specialist recruitment and professional services company, Tiro Security based out of Los Angeles. | | Come talk to me about Staffing, Penetration Testing, content protection, Vendor Risk Management and securing SMB's.


Wednesday August 3, 2016 17:00 - 17:30
Hire Ground Florentine B

17:00

Digging into SIEM Alerts with Visual Graph Analytics
Our responsibilities are expanding to include larger infrastructures, more applications, and a multitude of security products. As a result, security investigators must navigate big, inter-connected data. Traditional data visualization techniques, like lists, charts, and tables, are great for summaries, but hide individual entities and relationships. Graph visualization, on the other hand, models these entities and relationships as nodes and edges. By exposing structural and temporal information, we can reveal suspicious patterns and anomalies. Over the last year, I’ve been using Graphistry’s visual graph explorer to analyze one of our customer’s ArcSight SIEM. In this talk, I will share how I used graph visualization to better understand and detect malicious attack patterns hidden within millions of security logs.

Mentor
Speakers
PT

Paden Tomasello

Software Engineer, Graphistry
I recently graduated from UC Berkeley, and joined Graphistry because of my interests in performance programming and data analytics. Graphistry, originally spun out of some research done at UC Berkeley, is scaling visual graph analysis by leveraging the power of GPUs in the cloud. Since joining, we have directed our technology toward Security. I still consider myself a novice in this field, so I intend to learn as much as possible while... Read More →


Wednesday August 3, 2016 17:00 - 17:30
Proving Ground Florentine E

17:00

PAL is your pal: Bootstrapping secrets in Docker
Many services that run in Docker containers need to have highly sensitive secrets installed on them. Examples of this include SSL certificates and API keys. Services like Vault and Keywhiz were developed to manage secrets to central authority, however, most of these secret management services require a secret to be present. This presents a bootstrapping problem. To solve this, CloudFlare created PAL: a new tool for bootstrapping secrets in Docker containers.

PAL (Permissive Action Link, named after a tool used to prevent unauthorized detonation of nuclear devices) works by binding identity secrets to Docker containers and decrypting them at launch time through a service running on the host. Permissions require M of N authorization and are handled through a service called Red October. This allows you to simply and transparently bootstrap service-specific secrets.

In this talk I’ll describe the design and implementation of this service and how we use it at CloudFlare to protect secrets for our billing platform and private key infrastructure. We’ll also briefly discuss our plans to use PAL for password hashing and service authorization.

Speakers
NS

Nick Sullivan

Head of Cryptography, CloudFlare Inc.
Nick Sullivan is a leading cryptography and security technologist. He currently works on cryptographic products and strategy for CloudFlare. Previously, he held the prestigious title of "Mathemagician" at Apple, where he encrypted books, songs, movies and other varieties of mass media. | | Talk to Nick about crypto, TLS, infrastructure security, key management and startup security.


Wednesday August 3, 2016 17:00 - 17:50
Passwords16 Tuscany

17:00

An Evolving Era of Botnet Empires
Botnets are part of the dynamic infrastructure seen in modern large scale cyber attacks, spy networks, spamming, and the distribution of malware; such as ransomware. Join Andrea for an overview of the history of botnets, their evolving characteristics, and botnet detection methods.

Listener Takeaways:

• An overview of the evolution of botnets, including network communication changes and the change in botnet mechanics
• Understand popular uses for botnets, highlighting famous campaigns
• Learn about communications that happen between bots and servers after infection
• Learn about the type of malware commonly distributed through botnets
• A synopsis of the history and takedown attempt of Dridex
• Learn about botnet detection methods

Speakers
avatar for Andrea Scarfo

Andrea Scarfo

Security Analyst, OpenDNS
I began my career in support and sysadmin work, for 12 years. I was previously with Hewlett Packard and the Town of Danville, California. Security was always my passion. I obtained my CISSP and then began work for OpenDNS as a Security Analyst. Now, I spend my days working to make the Internet a safer place by hunting attackers and malware. @AScarf0


Wednesday August 3, 2016 17:00 - 17:55
Common Ground Florentine G

17:00

Dominating the DBIR Data
Data-driven security is all the rage. But what is the data? Is it a concrete truth of unerring accuracy? Is it a bunch of numbers made up to suit someone’s agenda? In this talk, we will explore the process that went into producing the data and analysis for the 2016 Verizon Data Breach Investigations report, with an eye towards lessons that you can take away and apply to the datasets you manage. There’s a reason the DBIR team says it takes more time to collect the data for the DBIR than to write it! From challenges and solutions to compromises and frustrations, we will give the audience a chance to learn from our experience what it takes to manage a research dataset.

Speakers
avatar for Anastasia Atanasoff

Anastasia Atanasoff

Information Security Data Scientist, Verizon
Anastasia (@mathl0v3r) is a mathematician on the Verizon Security Research team and a co-author of the 2016 Data Breach Investigations Report. She has a B.S. in Information Security, Computer Science and Mathematics and is pursuing her M.S. in Mathematics. In her previous role as a Security Analyst, she developed extensive Splunk experience and assisted in building out a security analytics program for a large pharmaceutical company.. In her... Read More →
avatar for Gabriel Bassett

Gabriel Bassett

Senior Information Security Data Scientist, Verizon
Gabriel (@gdbassett) is the senior information security data scientist specializing in data science, machine learning, and graph theory applications to cyber security on the Verizon Security Research team at Verizon Enterprise Solutions and a contributing author of the Verizon Data Breach Investigations Report and Protected Health Information Data Breach Report.  He has previously held cyber security risk management, testing, intelligence... Read More →


Wednesday August 3, 2016 17:00 - 17:55
Ground Truth Florentine F

17:00

Stealing Food From the Cat's Mouth
Description withheld at presenter's request.

Speakers

Wednesday August 3, 2016 17:00 - 17:55
Underground Firenze

17:00

Building an EmPyre with Python.
Many companies are deploying an increasing number of OS X hosts in their corporate networks, presenting a challenge to pentesters traditionally accustomed to Windows toolsets and tradecraft. Red teaming begets creativity, however, and if you encounter a Mac-heavy environment on an engagement, one must adapt and rise to the occasion.

This presentation covers our custom remote access tool, EmPyre, that we built in response to this very challenge. EmPyre is a Python-based RAT heavily focused towards OS X and built on the same secure communications and flexible architecture of the PowerShell Empire project. EmPyre features post-ex modules including keylogging, hash dumping, clipboard stealing, network situational awareness, lateral spread and more, as well as stager options ranging from macros to dylibs. We will also cover components of Mac tradecraft and how one can utilize EmPyre to execute a complete engagement in a predominantly OS X environment.

Speakers
SB

Steve Borosh

Penetration Tester /Red Teamer, Veris Group, LLC
avatar for Alexander Rymdeko-Harvey

Alexander Rymdeko-Harvey

Penetration Tester /Red Teamer, Veris Group, LLC
Alex Rymdeko-Harvey (@killswitch_gui) is a previous U.S. Army Soldier who recently transitioned and currently works at the Adaptive Threat Division at Veris Group as a penetration tester and red teamer. Alex has a wide range of skills and experience from offensive to defensive operations taking place in today's modern environments.
avatar for Will Schroeder

Will Schroeder

Security Researcher, Adaptive Threat Division, Veris Group, LLC
Will Schroeder (@harmj0y) is a security researcher and pentester/red-teamer for Veris Group’s Adaptive Threat Division. He is a co-founder of the Veil-Framework, developed PowerView and PowerUp, is an active developer on the PowerSploit project, and is a co-founder and core developer of the PowerShell post-exploitation agent Empire. He has presented at a number of security conferences on topics spanning AV-evasion, post-exploitation, red... Read More →


Wednesday August 3, 2016 17:00 - 18:00
Breaking Ground Florentine A

17:30

Scalability: Not as Easy as it SIEMs
Cyber security is a big data problem, the volume and velocity of data from devices requires a new approach that allows exploration at scale across enterprise data. Cyber security is facing a scaling limitation as the number of devices and traffic increases across networks, and current tools are not effective at addressing the key issues of scale and speed. Analysts and companies are inundated with alerts and are unable to distinguish noise from threats until it is too late. Open source big data technologies reduce costs and act as the building blocks of a scalable platform with the speed and scale necessary for enterprises to overcome these challenges.

Mentor
avatar for grecs

grecs

Founder, NovaInfosec.com
grecs has over 17 years experience, undergraduate and graduate engineering degrees, and a really well known security certification. Despite his formal training, grecs has always been more of a CS person at heart going back to his VIC-20, Commodore 64, and high school computer club days. After doing the IT grind for five years, he discovered his love of infosec and has been pursuing this career since. Currently, he spends his days doing... Read More →

Speakers
KK

Keith Kraus

Associate Principal, Accenture Labs
Keith Kraus is an associate principal for the Accenture Cybersecurity Lab in the Washington, DC, area. Over the past year, Keith has done extensive data engineering, systems engineering, and data visualization work in the cybersecurity domain. His main focus is on building a GPU-accelerated big data solution for advanced threat detection and cyber-hunting capabilities. Prior to working for the Accenture Cybersecurity Lab, Keith was a member of... Read More →


Wednesday August 3, 2016 17:30 - 18:00
Proving Ground Florentine E

17:30

Resume Reviews, Mock Interviews and Networking...Oh My!
During the Open Session, you'll have a chance to participate in several career development activities - such as resume reviews and critiques, mock interviews and general networking with both industry pros, career pros, and other friends of BsidesLV. 

Take time during these sessions to have more specific conversations about your background and get answers to some career questions.



Wednesday August 3, 2016 17:30 - 18:30
Hire Ground Florentine B

18:00

Ethical implications of In-Home Robots
What can in-home robots do, and what does it take to gain control of one? This talk will include an overview of the capabilities of in-home robots and related human-robot interaction research. Come discuss the security, privacy, and ethical implications of in-home robots, the Web-based applications used to control them, and the possibility of a future where we face more threats from inside our home than out.

Mentor
avatar for Guy McDudefella

Guy McDudefella

Compliance Research Engineer, Tenable Network Security
Guy McDudefella started his first MS-DOS install at age 10 between the moment he deleted C:\DOS from the family computer and the moment he answered a phone call from his parents saying they were on their way home from the movies. He’s been a hacker ever since. He currently works for Tenable as a compliance research engineer, and is also a henchman for his 1.5 year old son, the Human Human Badge.

Speakers
avatar for Brittany Postnikoff

Brittany Postnikoff

Brittany is an information privacy and security, human-computer interaction, and social robotics researcher rooted in academia. She holds an honours B.C.Sc. from the University of Manitoba, two college diplomas from Red River College, and soon an M.Math from the University of Waterloo. The once titled "hyper-geek" of her university department enjoys discussing theory, puzzles, robotics, books, and anything sci-fi or fantasy.


Wednesday August 3, 2016 18:00 - 18:30
Proving Ground Florentine E

18:00

The Deal with Password Alternatives
Many discussions on how to break passwords, but what to do about it? There are various methods, but its hard to ge tthe right infomation as to the differences without the vendor coolaid involved. 

This talk will take off from where red team leaves off and go through nearly all of the password alterntive possibilities. It will outline practical differences, pluses, cons, but also the technical layers that are typically overlooked and less understood. 

It will emphasize context within the commerical organizations that need to be managed at scale, resiliant, integrate with existing applications and lifecycle methodologies, and discuss the pitfalls of how each techonlogy can be implmented the wrong way and turn a security solution into one that is comprimised from the start. 

We will review password managers (single sign on), one-time password generators (how they actually work) from tokens to sms, RFID cards, PKI, smart cards, PIV, biometrics, and othe rmethods. 

Last, within organizations, identify credentials can't be assessed apart from identity management and relate systems, so we'll review the demands of actual implmentation and management to each.

Speakers
avatar for Terry Gold

Terry Gold

Principal Analyst, D6 Research
Terry is the founder and Principal Analyst of D6 Research, a vendor-neutral research and advisory firm specializing in security, identity management, and authentication across the physical, transactional and logical domains. For the past 15 years, Terry has specialized in assisting global organizations to assess their security posture and deploy strong identiy credentials such as PKI, smart cards, OTP, SSO, and other technologies as massive scale... Read More →


Wednesday August 3, 2016 18:00 - 18:50
Passwords16 Tuscany

18:00

Cross-platform Compatibility: Bringing InfoSec Skills into the World of Computational Biology
Want to put your hacking skills to good use? We’re talking about the ultimate good -- curing incurable diseases and improving the quality of life for billions of people. In our talk, we’ll discuss breakthroughs in computational biology and how easily you can help with the skills you already have.

Speakers
avatar for Rock Stevens

Rock Stevens

Grad Student, Univ of Maryland College Park
Rock Stevens began working in IT as an under-paid network administrator at the age of 15. He was selected as a 2015 Madison Policy Forum Military-Business Cybersecurity Fellow and is currently pursuing a master’s degree in Computer Science at the University of Maryland College Park.


Wednesday August 3, 2016 18:00 - 18:55
Common Ground Florentine G

18:00

QUESTIONING 42: Where is the “Engineering” in the Social Engineering of Namespace Compromises?
The most expensive domain name thus far in history was stolen in 1995 by sending a fax to the domain registrar. The same attack worked again in 2013 to hijack the DNS of another website. A FAX. In 2013. In 2015, a teenage hacker collective obtained control of the CIA Director’s email, partial credit card number etc. In 2016, the Director of National Intelligence and the Director of the Office of Science and Technology Policy were hacked by the same group in the same way. A quick search reveals an alarming number of such attacks where the initial attacks were widely publicized and the vulnerabilities hence previously known, with most requiring little effort and often no cost to patch. So where exactly is the status quo failing? And what exactly is this problem? Social engineering attack? Identity theft? Something else? 

It will quickly be evident that the complexity of thought required for the modeling, analysis, and detection of these types of attacks, ironically, belies the simplicity in their perpetration. There cannot be an effective solution without a comprehensive problem description; conventional theories fail to capture this problem meaningfully. This talk addresses the problems in the status quo and illustrates a methodology to comprehensively address this problem. Some very interesting findings from penetration tests are also discussed.

Speakers
avatar for Vineetha Paruchuri

Vineetha Paruchuri

Dartmouth College
Paruchuri recently graduated from Dartmouth College with a Master's degree in Computer Science, specializing in Information Security and Privacy. She also pursued relevant programs in business studies and law at the Tuck School of Business at Dartmouth and at the National Law School of India University respectively. She previously worked at the Global Research and Healthcare divisions of the General Electric Company (GE), the Aerospace Department... Read More →


Wednesday August 3, 2016 18:00 - 18:55
Ground Truth Florentine F

18:00

Why Snowden’s Leaks Were Inevitable
Edward Snowden has been vilified by the US Government while being held out as a hero by privacy rights activists.  After examining the publicly available data around the leaks, it’s fairly easy to reach the conclusion that the leaks we inevitable – whether or not you agree with Snowden.

Speakers

Wednesday August 3, 2016 18:00 - 18:55
Underground Firenze

18:00

One Compromise to Rule Them All

Welcome to the new age where technologies like DC/OS, Mesos, and Marathon will abstract your entire datacenter into a single logical computer but what happens when a single application or service within your DataCenter’s OS inevitability gets compromised?

Join us as we explore how a single compromise can enable an attacker to expand access by exploiting many of the technologies supporting a container centric datacenter including ZooKeeper, Marathon, Chronos, Mesos, Docker, and HAProxy. New modules will be released for EmPyre which will enable penetration testers and red teams to more efficiently identify and exploit vulnerabilities within these technologies.

Expertise in these technologies is not required since this presentation will cover briefly what you need to know about each service before highlighting how they can be manipulated by an attacker. The information presented is designed to be useful for both Offensive (Red Team) & Defensive (Blue Team) members.


Speakers
avatar for Bryce Kunz

Bryce Kunz

Red Team for the Marketing Cloud, Adobe
Bryce Kunz (a.k.a. @TweekFawkes) is an Information Security Researcher located in Salt Lake City, Utah. Bryce currently leads the security testing of Adobe's marketing cloud SaaS infrastructure via researching and developing custom exploits for web applications and other cloud based technologies. As a security professional, Bryce has spent time at various agencies (i.e. NSA, DoD, DHS, CBP) focusing on vulnerability research, penetration... Read More →


Wednesday August 3, 2016 18:00 - 19:00
Breaking Ground Florentine A

22:00

BSidesLV Pool Party Sponsored by STAGEFRIGHT #BBMFTW
What's to describe? It's a party - at a pool! So bring your swimsuit and we'll provide the beats, the beverages, the bites and the blow-up toys. If you're lucky, we might even have some towels! ;) The music may not be mellow, but the volume always is. The BSidesLV Pool Party is known for keeping the levels conversational, so you don't have to yell, or spend the night smiling and nodding. Plus, we go until 0400 Thursday, so you can still head over after attending those other parties that your boss said you had to go to. ;)

Artists
avatar for DJ Jackalope

DJ Jackalope

Cyber Intel Anaylst Consultant, Jackalope Industies
Miss Jackalope is a Las Vegas based DJ, promoter, and electronic music industry veteran. She has been involved with the music scene for 20 years, And basically does cyber threat intelligence, lockpicking, DJing, co-runs a vinyl sticker store called Vinyl Foundry, and other fun stuff for a living and well, fun. She'll likely be playing Breaks and Drum and Bass at the awesome BSides party! |
YC

YT Cracker

YTCracker (pronounced “whitey cracker”) is a formerly notorious computer hacker who stopped hacking everyone’s gibson and started around the universe amassing billions of fans, the majority of which do not live on planet earth.  YTCracker raps about all of the important things in life, like high frame rate and low latency pings. He has served as a corporate shill for the likes of G4TV (rip), Facebook, and Yahoo... Read More →


Wednesday August 3, 2016 22:00 - Thursday August 4, 2016 04:00
Tuscany Pool