Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Tuesday, July 25
 

08:00

Industrial Control System Network Analysis
Limited Capacity full
Adding this to your schedule will put you on the waitlist.

Industrial Control Systems (ICS) are the silent machines that control the world all around us. ICS systems are used to control elevators, subways, building HVAC systems and the electricity we use. The convergence of information technology (IT) and operational technology (OT) in the ICS marketplace has been taking place over the last 20 years. This convergence, while increasing ICS operational efficiency, is also increasing cyber risk. In this course, you will learn how to identify the protocols being used in OT networks, how to decode them and the tools and procedures to perform network assessments on these networks.

Presenters
avatar for Dennis Murphy

Dennis Murphy

Lead ICS Security Engineer, SecurityMatters
Designing, installing and maintaining process automation networks is where I started my career 25 years ago. Most of my experience with SCADA systems was in the integration of data between the IT and OT networks. In 2005, I realized how security was more of an afterthought in my... Read More →


Tuesday July 25, 2017 08:00 - 11:55
Training Ground 1 (The Platinum, Opal Room) 211 E Flamingo Rd, Las Vegas, NV 89169

08:00

Intro to Practical Network Signature Development for Open Source IDS
Limited Capacity full
Adding this to your schedule will put you on the waitlist.

In “Practical Network Signature Development for Open Source IDS” we will teach expert methods and techniques for writing network signatures to efficiently detect the greatest threats facing organizations today. Students will gain invaluable information and knowledge including the configuration, usage, architecture, traffic analysis fundamentals, signature writing, and testing of a modern network IDS, such as Suricata and Snort. Student will be given handouts to help them develop and read with IDS signatures. Lab exercises will train students how to analyze and interpret hostile network traffic into agile IDS rules for detecting threats, including but not limited to: Exploit Kits, Ransomware, Phishing Attacks, Crimeware Backdoors, Targeted Threats, and more. Students will leave the class armed with the knowledge of how to write quality IDS signatures for their environment, enhancing their organization’s ability to respond and detect threats.

Presenters
JM

Jack Mott

Jack is a Security Researcher on the Emerging Threats Research team at Proofpoint where he spends all day long in packet-land playing with malware and writing comprehensive IDS rules for the ETPRO and OPEN ruleset. In addition to IDS sigs, writes sigs for ClamAV and Yara to hunt... Read More →
avatar for Francis Trudeau

Francis Trudeau

Cyber Anarchy Watchdog, Emerging Threats / Proofpoint
It's time that we became uber-efficient with our interactive policy mobility. This is no time to bite the bullet with our interactive reciprocal programming. At base level, this just comes down to knowledge-based management options. I can make a window to discuss your holistic... Read More →
avatar for Jason Williams

Jason Williams

Pcap Eater, Emerging Threats / Proofpoint
Network Monitoring, IDS, IPS, NSM, Suricata, Rules, Anti-Phishing, Malware, Threat Stuff, Malware Reversing Stuff, La Croix, Coffee, Club Mate, Destiny. In reverse order.


Tuesday July 25, 2017 08:00 - 11:55
Training Ground 3 (The Platinum, Platinum Room) 211 E Flamingo Rd, Las Vegas, NV 89169

08:00

Hands-on OSINT Crash Course for Hackers
Limited Capacity full
Adding this to your schedule will put you on the waitlist.

Open source intelligence gathering (OSINT) is an important part of the reconnaissance phase of a penetration test. The more connected we are, the more information about people and assets is held by seemingly everything. This information can be juicy for both penetration testers and malicious threat actors. Learning what sources of information is available to start an engagement is a crucial step in completing a thorough but effective exploration. Risks associated with leveraging, misusing or selling discovered material is all too real. Especially considering 2017 US Senate investigations regarding foreign influence. All tools and techniques can be further advanced, ninjafied with Python, Ruby or PowerShell. The target audience is the curious, beginning to seasoned penetration testers and those who wish to start their own OSINT journey.
Attendees will have full access to an open source workbook used during the workshop. All tools and documentation are open source and/or Creative Commons. The workshop is a hands-on learning journey, using interesting and fun targets to stimulate. Testers can spend more than half their time performing recon, learn how to minimize time and effort. Learn about tools of the trade, APIs, metadata and more. Lastly, how to communicate good OSINT for client reporting utilizing time relevance, accurate data and target appetite.

Presenters

Tuesday July 25, 2017 08:00 - 17:55
Training Ground 2 (The Platinum, Pearl Room) 211 E Flamingo Rd, Las Vegas, NV 89169

09:00

Pros vs Joes CTF - Play begins!
Staff
avatar for Dichotomy

Dichotomy

Senior Staff, BSidesLV
Pros Vs Joes Capture the Flag Games Master


Tuesday July 25, 2017 09:00 - 09:15
Chill Out Room (Florentine C&D) 255 E Flamingo Rd, Las Vegas, NV 89169

09:45

Silent Auction Bidding Opens
As a member of the InfoSec Community, you no doubt understand the pressing need for community support groups. BSides Las Vegas has a deep tradition of fostering and helping these groups; this year is no different. BSides will be holding its annual Charity Silent Auction and Raffle with all the proceeds going to FOUR specific groups.

•    Electronic Frontier Foundation (https://eff.org)
•    Hak4Kidz (https://hak4kids.com)                                        
•    #brainbabe (https://www.brainbabe.org)                    
•    Geeks Without Bounds (https://gwob.org)                                    

Our efforts to help makes these groups grow and succeed can’t take effect unless we have the support of everyone in our community.

Tuesday July 25, 2017 09:45 - 10:00
Chill Out Room (Florentine C&D) 255 E Flamingo Rd, Las Vegas, NV 89169

10:00

Something Wicked: Defensible Social Architecture in the context of Big Data, Behavioral Econ, Bot Hives, and Bad Actors
Infosec is a game of 3D speed chess, and we’re on the board moving faster and faster every day. So why does it feel like we’re pawns on the sidelines, suiting-up and picking teams? Today’s defenders need to design and architect systems that operate in real-time at internet scale, but that also protect millions of customers, transactions, endpoints, and actions on any given day. As scale and complexity grow exponentially, manual intervention must be the exception and not the expectation. At the same time security strategy must include the economic angle: how to balance the needs of users with the capabilities of incentivized bad actors. Many systems are turning to new design-driven approaches, infused with data and ML/AI, to help drive defenses optimized for the human factor directly into the fabric of their platform.

In this talk we’ll explore the technology and economics that are crucial to our success, as well as the path security must take to meet the challenges of our new normal: dynamic social systems with large threat surfaces, expanding complexity, invisible interdependencies, and unpredictable attackers.

Presenters
avatar for Allison Miller

Allison Miller

Allison Miller (@selenakyle) has been working in the intersection of cybersecurity, human behavior, and predictive analytics for almost two decades. A proven innovator in the security industry, she has pioneered the use of data-driven detection technologies within security, anti-fraud/anti-abuse, and payments/commerce systems around the world. In addition, Allison is active in the security community as an advisor and leader, and continues to conduct and share research on topics in risk, cybersecurity, and economics... Read More →


Tuesday July 25, 2017 10:00 - 10:45
Chill Out Room (Florentine C&D) 255 E Flamingo Rd, Las Vegas, NV 89169

10:50

How To Lose Friends and Influence People (An Apology)
Through our over-dependence on undependable things, we have created the conditions such that any outlier can have a profound impact on public safety, liberties, economic & (inter)national security.

 Our choices define us. In our 25th hacker pilgrimage to Vegas, the time has come for us to make some hard choices: what we choose to celebrate, condemn, tolerate... and our choices have escalating consequences. We must choose who we will be, the roles we will play, the priorities & principles we will promote, how we will treat each other, and how we will engage the outside world.

We all need to be better. To do so, we must confront some of our daemons, challenge & open ourselves to new models, find and empower new teammates, and be willing to experiment.

Presenters
avatar for Josh Corman

Josh Corman

Founder, I am The Cavalry
Joshua Corman is a Founder of I am The Cavalry (dot org) and Director of the Cyber Statecraft Initiative for the Atlantic Council. Corman previously served as CTO for Sonatype, Director of Security Intelligence for Akamai, and in senior research & strategy roles for The 451 Group and IBM Internet Security Systems. He co-founded @RuggedSoftware and @IamTheCavalry to encourage new security approaches in response to the... Read More →


Tuesday July 25, 2017 10:50 - 11:25
Chill Out Room (Florentine C&D) 255 E Flamingo Rd, Las Vegas, NV 89169

11:30

How To Accidentally Get A Job In InfoSec.
Johnny Xmas will share with us the story of his extremely tangential path to Infosec, from recording studio intern to penetration tester, with stops at some great places like "pharmaceutical college" and "literal homelessness" along the way. Prepare to have your imposter syndrome cured and your resume boosted with this tale of just how far a pair of cat ears can get you!

Presenters
avatar for Johnny Xmas

Johnny Xmas

Sr. Penetration Tester, RedLegg Tradecraft Labs
Johnny Xmas is a penetration tester for the Chicago-Based MSS and Security Assessment firm RedLegg International ( https://www.redlegg.com ), and has been speaking Internationally on the topics of Information Security, Career Advancement and Social Engineering for nearly 15 years... Read More →


Tuesday July 25, 2017 11:30 - 11:55
Hire Ground (Florentine B) 255 E Flamingo Rd, Las Vegas, NV 89169

11:30

A Day in the Life of a Product Security Incident Response Manager
Public security incidents continue to plague software companies, and each public event brings with it a loss of reputation, customer confidence, and even market cap. We’ve all read headline after headline about vulnerabilities found in products with a PR quote from the software vendor saying they will issue a software update; but what happens leading up to the public disclosure? Who is working at the software vendor ensuring customers are safe?

We will go behind the scenes of a Product Security Incident Response Team (PSIRT) including definition of a PSIRT, its responsibilities, vulnerability lifecycles, emergency response events, customer support, researcher outreach, and other PSIRT duties. The talk will provide examples of the type of reports that PSIRT teams deal with on a daily basis, including reports from traditional end users, enterprise customers, researchers, and other sources.

The value of a PSIRT will be highlighted with recommendations for how to get started if your organization is looking to build a PSIRT, and thoughts on the various struggles associated with the endeavor

Presenters
avatar for Tyler Townes

Tyler Townes

Senior Security Program Manager, BlackBerry
Tyler works at BlackBerry Product Security as a Security Program Manager. His focus areas include SDLC and sustained engineering, vulnerability and risk management across multiple operating systems. Tyler is currently researching pre-acquisition and post-acquisition security pro... Read More →


Tuesday July 25, 2017 11:30 - 11:55
Proving Ground (Florentine G) 255 E Flamingo Rd, Las Vegas, NV 89169

11:30

Lockpick Village - Beginner lesson
Staff
avatar for Wendy Knox Everette

Wendy Knox Everette

Cyberlawyer
Wendy spent her first 18 years in New Jersey where she grew to appreciate a good slice of pizza. After college, she worked as a software developer at Amazon.com and Google. She received her JD from the George Mason University School of Law and completed a Fellowship in computer s... Read More →
avatar for Kat Sweet

Kat Sweet

Information Security Analyst, Duo Security
Kat recently moved from Madison to Ann Arbor to work for Duo Security (MFA FTW!), becoming perhaps the first Duonaut ever whose relocation involved a boat ride. Outside of work, she has an affinity for wielding pointy objects, including lockpicks, knitting needles, and, as of las... Read More →


Tuesday July 25, 2017 11:30 - 12:00
Chill Out Room (Florentine C&D) 255 E Flamingo Rd, Las Vegas, NV 89169

11:30

Hidden Hot Battle Lessons of Cold War: All Learning Models Have Flaws, Some Have Casualties
In a pursuit of realistic expectations for learning models can we better prepare for adversarial environments by examining failures in the field? All models have flaws, given any usual menu of problems with learning; it is the rapidly increasing risk of a catastrophic-level failure that is making data /robustness/ a far more immediate concern. This talk pulls forward surprising and obscured learning errors during the Cold War to give context to modern machine learning successes and how things quickly may fall apart in evolving domains with cyber conflict.

Presenters
avatar for Davi Ottenheimer

Davi Ottenheimer

product security, mongoDB
flyingpenguins, Cyberwar History, Threat Intel, Hunt, Active Defense, Cyber Letters of Marque, Cloudy Virtualization Container Security, Adversarial Machine Learning, Data Integrity and Ethics in Machine Learning (Formerly Known as Realities of Securing Big Data).


Tuesday July 25, 2017 11:30 - 12:00
Ground Truth (Firenze) 255 E Flamingo Rd, Las Vegas, NV 89169

11:30

GO Forth And Reverse
GO may not longer be the "newest" language, however it is fairly new in terms of reverse engineering. Over the past few years there has been an uptick in malware and non-malicious binaries being distributed in the wild -- though there has been very little documentation provided on how to reverse engineer these things. In an effort to increase community knowledge we will go over how GO works, how to approach reversing it and demo the updated open source kit for reverse GO binaries. We will also tackle how people currently "harden" binaries and how we suggest people should further harden their binaries.

Presenters
avatar for Tim Strazzere

Tim Strazzere

Security Engineer, Cloudflare
Tim “diff” Strazzere is the Security Engineer at Cloudflare, specializing in mobile, MacOS and Linux security. Along with writing security automation software, he specializes in reverse engineering, malware analysis and vulnerability research. Some interesting past projects i... Read More →


Tuesday July 25, 2017 11:30 - 12:25
Breaking Ground (Florentine A) 255 E Flamingo Rd, Las Vegas, NV 89169

11:30

Destructive Malware and Interstate Rivalries: The Evolution of Digital Weapons and Geopolitical Conflict
Global stability is more precarious than at any time since the end of the cold war. At the same time, the mass proliferation of digital weapons, including destructive wiper malware, is lending new meaning to asymmetric capabilities. Unsurprisingly, some states are empirically more conflict prone than others, and it is these interstate rivalries that exhibit a higher propensity to use destructive wiper malware. Within this strategic backdrop, we’ll walk through the evolution of wiper malware through a series of real-world examples of its role in interstate rivalries. This includes both the technical features and modes of compromise, as well as its strategic effects and key role in escalating tensions between these conflict-prone states. We’ll conclude with an interactive discussion of the evolution and integration of wiper malware with ransomware, as well as what the proliferation of these digital weapons forebodes for geopolitical rivalries and future conflict.

Presenters
avatar for Mark Dufresne

Mark Dufresne

Director, Threat Research and Adversary Prevention, Endgame
Mark Dufresne is the Director of Threat Research and Adversary Prevention at Endgame. He is responsible for Endgame's efforts to understand cyber threats and develop capabilities to detect and prevent malicious adversary techniques. Prior to joining Endgame, Mark worked at NSA fo... Read More →
avatar for Andrea Little Limbago

Andrea Little Limbago

Chief Social Scientist, Endgame
Dr. Andrea Little Limbago is the Chief Social Scientist at Endgame, researching and writing on geopolitics and cybersecurity, data science, and directing the company’s technical content. Her writing has been featured in numerous outlets, including Politico, the Hill, and Christ... Read More →


Tuesday July 25, 2017 11:30 - 12:25
Common Ground (Florentine F) 255 E Flamingo Rd, Las Vegas, NV 89169

11:30

Optimizations for Bitcoin key cracking
There is a saying in security - "attacks only get better". At DEF CON 23, a tool called "brainflayer" was released, able to crack Bitcoin keys generated from passwords. Work has continued on it with the addition of a slew of optimizations that have more than quadrupled the speed, and features to crack other cryptocurrencies and weak key generation techniques.

Many password cracking tools, including brainflayer, have optimizations in how they compute and look up hashes, but when cracking Bitcoin keys the biggest bottleneck is computing public keys from private keys. This talk will cover the various techniques used to make that faster, some special case optimizations, touch on how more general tricks are applied, and go over new features since release.

Presenters
avatar for Ryan Castellucci

Ryan Castellucci

Principal Security Researcher, White Ops
Ryan Castellucci has been interested in cryptography and computer security since childhood. He has been doing work on Bitcoin key cracking for several years, first presenting on it at DEF CON 23. By day, Ryan does browser security research to detect bots, scrapers and other forms... Read More →


Tuesday July 25, 2017 11:30 - 12:25
Ground1234! (The Tuscany, Tuscany Room) 255 E Flamingo Rd, Las Vegas, NV 89169

11:30

IATC Kickoff
“Our dependence on connected technology is growing faster than our ability to secure it, affecting human life, public safety, national security, and global GDP.” This realization launched I Am The Cavalry four years ago at BSidesLV. While there’s been a lot of progress and enlightenment among government and corporate leaders, in the footrace with adversaries, defenders started way behind. As I Am The Cavalry enters its fifth year. Our BSidesLV track will highlight many of the successes for Cyber Safety, and build capabilities for scale, speed, and agility so we can look forward to what’s needed and what’s next.
Josh Corman and Beau Woods will kick off the track, giving a brief overview of I Am The Cavalry, mention some notable wins, and give a roadmap for the two day track. And Keren Elazari will deliver a rousing keynote, laying a foundation for BSidesLV participants to help make us safer, sooner, together.

Presenters
avatar for Josh Corman

Josh Corman

Founder, I am The Cavalry
Joshua Corman is a Founder of I am The Cavalry (dot org) and Director of the Cyber Statecraft Initiative for the Atlantic Council. Corman previously served as CTO for Sonatype, Director of Security Intelligence for Akamai, and in senior research & strategy roles for The 451 Group and IBM Internet Security Systems. He co-founded @RuggedSoftware and @IamTheCavalry to encourage new security approaches in response to the... Read More →
avatar for Keren Elazari

Keren Elazari

Security Analyst, Author & Researcher, www.k3r3n3.com
As an independent analyst and strategic advisor, I write , research and speak about emerging security trends and technologies and help global organizations navigate complex cyber security issues. My research and writing about security has been featured by NATO, WIRED, TED, Sci... Read More →
avatar for Beau Woods

Beau Woods

Deputy Director, Cyber Statecraft Initiative, Atlantic Council/I Am The Cavalry
Beau Woods is the deputy director of the Cyber Statecraft Initiative at the Atlantic Council, and core contributor to the I Am The Cavalry initiative. Beau works with policymakers, industry, civil society groups, NGOs, and individual stakeholders to safeguard human life, public s... Read More →


Tuesday July 25, 2017 11:30 - 12:25
IATC (Siena) 255 E Flamingo Rd, Las Vegas, NV 89169

11:30

Banking on Insecurity: The ongoing fairytale of securing financial institutions
So many banks in so little time. We should expect cyber attacks on financial institutions because it’s just so much easier to pillage online than to coordinate a get-away car, guns and comfortable ski masks. Over the past year, exploits against banks have seriously upped the game: jackpotting ATMs, DDoS, messing with trusted messengers. The recent attacks on Polish banks initially went unnoticed. That’s a mistake we can’t afford to make, but the attackers are banking on it. When source code revealed that a much bigger player was involved, everyone jumped in. But that was days later. What are we missing because we choose to see what we expect, instead of what is really there? After last year’s massive breaches, and some significant financial attacks, financial organizations need to be prepared. The attackers aren’t just going after the money. They want the data too.

Presenters
avatar for 3ncr1pt3d

3ncr1pt3d

Security Consultant, Threat Intel
I'm a security consultant whose fascination with Stuxnet has expanded to APTs, ICS SCADA, mainframes, and Threat Intel. I like building bridges and security awareness. Once upon a time, there was a bank ...


Tuesday July 25, 2017 11:30 - 12:25
Underground (Florentine E) 255 E Flamingo Rd, Las Vegas, NV 89169

12:00

What A Career In Public Service Is Really About
When Bobbie Stempfley graduated with an Engineering degree, she couldn't find a job. Her first internship was opening boxes and shredding documents for the Army. While shredding, she read, observed, and learned more about the information security infrastructure than her colleagues. This launched a several decade career in public service ending with her last position as Deputy Assisant Secretary Office of Cybersecurity and Communication for DHS. Throughout her career she has lead and inspired many to tackle some of the most difficult and boring challenges out there to make the world a better place. Come spend a few minutes learning about career perspectives slightly different than your usual run of the internet.

Presenters
avatar for Bobbie Stempfley

Bobbie Stempfley

Director, CERT, Software Engineering Institute
I enjoy working in the public's interest both inside and outside of the government. Focusing on the hard problems where the technology and engineering meet the practices and policy and the people.


Tuesday July 25, 2017 12:00 - 12:25
Hire Ground (Florentine B) 255 E Flamingo Rd, Las Vegas, NV 89169

12:00

From SOC to CSIRT
The transition from a Security Operation Center to a Cyber Security Incident Response Team (CSIRT) isn’t just a branding change. It is a change from the ineffectual monitoring for compliance driven events like failed logins and system outages to actively building detection for indications of adversarial activity through detailed investigation and threat intelligence gathering.
A recent CSIS study shows a perceived skills gap in cybersecurity which inhibits organizations from creating an effective CSIRT. Another survey by SANS supports the perception of ineffectual incident response capabilities. Universities are failing to produce entry level Security Professionals capable of stepping into IR positions. I will discuss ways an organization can overcome this staffing challenge through internal and open source training opportunities as well as the need to drive change in academic curriculum to better prepare collegiate graduates for careers in incident response.

Presenters
avatar for Ben  Butz

Ben Butz

Incident Handler, Target Corporation
Ben is an incident responder at Target Corp’s CSIRT and possesses 8 years of information security experience defending networks in the military as well as the defense and retail industries. Ben has had the opportunity to guide the development of two cyber security incident res... Read More →


Tuesday July 25, 2017 12:00 - 12:25
Proving Ground (Florentine G) 255 E Flamingo Rd, Las Vegas, NV 89169

12:00

Deep Learning Neural Networks – Our Fun Attempt At Building One
There’s a lot of talk about the benefits of deep learning (neural networks) and how it’s the new electricity that will power us into the future. Medical diagnosis, computer vision and speech recognition are all examples of use-cases where neural networks are being applied. This begs the question, what do neural-net applications for cyber security use-cases look like? Specifically how does the process work when applying neural-nets to detect malicious URLs?  Follow along as we go from no machine learning knowledge to neural net.  Along the way you’ll learn what it took to classify URLs as malicious or benign as well as lessons learned directly from our practical attempt at this challenge.  Come find out if we had mad success or abject failure; a fun time either way!

Presenters
avatar for Ladi Adefala

Ladi Adefala

Sr. Security Strategist - FortiGuard Labs, Fortinet
Ladi Adefala has served in a variety of strategic technical and leadership roles focused on advanced cyber security. As a FortiGuard Labs cyber security expert with Fortinet, he's engaged in cyber threat intelligence and research efforts. His research interests include cyber thre... Read More →


Tuesday July 25, 2017 12:00 - 12:30
Ground Truth (Firenze) 255 E Flamingo Rd, Las Vegas, NV 89169

12:30

Mentoring, Networking, Resume Review
This is a great time to come and network with recruiters who are hiring and looking to talk to you about their companies. You can also come into Hire Ground and have your resume reviewed. Also be on the lookout for Career Mentors who have "Blinky Badges" they are available to answer your tough questions about your career. Remember networking is the number one way to find a job - come and network

Tuesday July 25, 2017 12:30 - 14:25
Hire Ground (Florentine B) 255 E Flamingo Rd, Las Vegas, NV 89169

14:00

Google Apps Scripts Kill Chain
Google Apps Scripts is a JavaScript cloud scripting language that provides easy ways to automate tasks across Google products and third party services and build web applications. However, it also provides relatively easy ways for attackers to automate infiltration, propagation, exfiltration and maintaining access to a compromised G Suit powered organization. While the platform has been used successfully for C&C (Carabank) previously, we feel it only scratched the surface as potential vectors.

Presenters
MB

Maor Bin

Research Lead, Proofpoint
I'm working as a research lead at Proofpoint, as part of the SaaS Protection product. We are researching customers' data in order to identify risks and threats in their cloud environment. We're also researching new and innovative attack vectors, so we would be able to block it w... Read More →


Tuesday July 25, 2017 14:00 - 14:25
Common Ground (Florentine F) 255 E Flamingo Rd, Las Vegas, NV 89169

14:00

Your model isn't that special: zero to malware model in Not Much Code and where the real work lies
Deep learning has become pervasive in a plethora of consumer applications. And there are good reasons why all the kids are doing it these days. (1) True end-to-end deep learning ameliorates, in many applications, the need to laboriously hand-craft features for ingest by a model. (2) A robust menagerie of flexible deep learning APIs (tensorflow, theano, keras, caffe, torch, mxnet, cntk, …) have made exotic deep learning architectures and ideas extremely accessible. (3) Especially in domains of object classification, machine translation, and speech recognition, deep learning solutions dominate the leaderboards, advancing state of the art performance year over year. What does this all mean? Lazy people can achieve state-of-the-art performance with very little work and a few lines of code, and don’t really have to speak math or machine learning, or really even have any domain expertise.

But what about for information security? In this talk, I’ll walk through steps to create a deep learning malware model from scratch: data curation, sample labeling, architecture specification, model training and model validation. I’ll review bleeding-edge concepts in deep learning that have disrupted other domains and show how they can be applied (sometimes poorly!) to the hardest parts of building a malware classification model. Finally, I’ll highlight what separates the easy-to-code models from product-worthy performance, and try to justify why I should still be employed as a data scientist after having demonstrated how easy this all is. Hint: the reasons have less to do with your model, and more to do with your data.

Presenters
avatar for Hyrum Anderson

Hyrum Anderson

Technical Director of Data Science, Endgame, Inc.
Hyrum Anderson is the teachnical director of data scientist at Endgame. Prior to joining Endgame he worked as a data scientist at FireEye Labs, Mandiant, Sandia National Laboratories and MIT Lincoln Laboratory. He received his PhD in Electrical Engineering (signal processing... Read More →


Tuesday July 25, 2017 14:00 - 14:25
Ground Truth (Firenze) 255 E Flamingo Rd, Las Vegas, NV 89169

14:00

How to escalate privileges to administrator in latest Windows.
Attackers hope getting administrator privileges always. If they had get it, they can do anything. Therefore, they try to get administrator privileges in various ways, such as account stealing, privilege escalation, UAC bypass.

I have found one way to escalate privileges to administrator without using vulnerability. I hope you to see the demo, understand the mechanism, and prepare against the attacks.

Presenters
avatar for Soya Aoyama

Soya Aoyama

Researcher, Fujitsu System Integration Laboratories Limited
Soya Aoyama is cyber security researcher at Fujitsu System Integration Laboratory. But this work has not been three years. | Previously, Soya was developing LAN driver, Bluetooth profile, Winsock application etc. | The first presentation of cyber security was AVTOKYO 2016.


Tuesday July 25, 2017 14:00 - 14:25
Proving Ground (Florentine G) 255 E Flamingo Rd, Las Vegas, NV 89169

14:00

Koadic C3 - Windows COM Command & Control Framework
Koadic, or COM Command & Control, is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript), with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.

An in-depth view of default COM objects will be provided. COM is a fairly underexplored, large attack surface in Windows. Post exploitation with PowerShell has grown in popularity in recent years, and seeing what can be done with just the basic Windows Script Host is an interesting exploration. We will also share lots of weird Windows scripting quirks with interesting workarounds we discovered during the course of development.

It is possible to serve payloads completely in memory from stage 0 to beyond, as well as use cryptographically secure communications over SSL and TLS (depending on what the victim OS has available). We also found numerous ways to "fork to shellcode" in an environment which traditionally does not provide such capabilities.

Koadic also attempts to be compatible with both Python 2 and Python 3. Koadic is used via a slick shell, with CLI improvements that we also committed into Metasploit. Koadic's code will be released under the Apache 2.0 license. It consolidates techniques from original research as well as amazing previous research by @subTee, @enigma0x3, and @tiraniddo.

Presenters
avatar for Aleph _Naught

Aleph _Naught

Senior Security Researcher, RiskSense
Zach Harding is a senior security analyst at RiskSense, Inc. Zach formerly served in the US Army as a combat medic. He, along with Sean Dillon and others, improved leaked NSA code to release the "ExtraBacon 2.0" Cisco ASA exploit package. He is an avid tester of every penetration... Read More →
avatar for zerosum0x0

zerosum0x0

Senior Security REsearcher, RiskSense, Inc.
Sean Dillon is a senior security analyst at RiskSense, Inc. He has an established research focus on attacking the Windows kernel, and was the first to reverse engineer the DOUBLEPULSAR SMB backdoor. He is a co-author of the ETERNALBLUE Metasploit module and other contributions to... Read More →


Tuesday July 25, 2017 14:00 - 14:55
Breaking Ground (Florentine A) 255 E Flamingo Rd, Las Vegas, NV 89169

14:00

Measuring the Use and Abuse of Brain Wallets
Bitcoin brain wallets, were way of turning nothing but a password into a keypair, at least until it was widely understood what a bad idea this was. The wake of data left behind includes a very interesting corpus of passwords to analyze and logs of attacker activity - after all blockchains never forget. This talk focuses on what we can learn from this. Do people select stronger passwords when more money is on the line? How quickly does bitcoin sent to weak brain wallets get drained? How many distinct thieves can be identified?

Presenters
avatar for Ryan Castellucci

Ryan Castellucci

Principal Security Researcher, White Ops
Ryan Castellucci has been interested in cryptography and computer security since childhood. He has been doing work on Bitcoin key cracking for several years, first presenting on it at DEF CON 23. By day, Ryan does browser security research to detect bots, scrapers and other forms... Read More →
avatar for Marie Vasek

Marie Vasek

Assistant Professor, University of New Mexico
Marie Vasek is an assistant professor in the computer science department at the University of New Mexico. She helps lead StopBadware, an anti-malware organization for which she started working in 2011. Her research focuses on cybercrime measurement, particularly web-based malware... Read More →


Tuesday July 25, 2017 14:00 - 14:55
Ground1234! (The Tuscany, Tuscany Room) 255 E Flamingo Rd, Las Vegas, NV 89169

14:00

Public Policy of Things
Cybersecurity policy is becoming more and more of a hot topic on Capitol Hill, with topics like the WannaCry outbreak, healthcare cybersecurity, and power grid cybersecurity taking top billing. Jessica will walk through some of the hearings, bills, and events that have happened over the past year, and then discuss how security researchers and the security community at large can get involved to help guide policymakers as they work to address cybersecurity challenges.

Presenters
avatar for Jessica Wilkerson

Jessica Wilkerson

Professional Staff Member, House Energy and Commerce
Jessica Wilkerson is a Professional Staff Member with the House Committee on Energy and Commerce, covering cybersecurity issues across the Committee's broad jurisdiction. As part of that work, she has investigated issues in the telecommunications, commercial, energy, and healthc... Read More →


Tuesday July 25, 2017 14:00 - 14:55
IATC (Siena) 255 E Flamingo Rd, Las Vegas, NV 89169

14:00

Navigating the Alternative Facts of Malware Prevention
This talk, given by two individuals not linked to any anti-malware vendor, is the result of over two years of research covering several dozen tools in the anti-malware space, in an effort to find the ideal tool for our corporate environment. It is intended to be an in-depth focus on the evolution of the space, the tools, and the technologies behind them, with a “no holds barred” approach to presenting our evaluation methodology and results.

Presenters
avatar for Rodrigo Brenes

Rodrigo Brenes

Security Operations | Incident Response, National Instruments
Professional on Information Technology with over seven years of work experience in the Information Security field. He has worked for large companies, including HP and IBM on Enterprise Vulnerability Management and Secure Operation Center, and he is currently employed as the Info... Read More →
avatar for Josh Sokol

Josh Sokol

Information Security Program Owner, National Instruments
Josh Sokol, CISSP, graduated from the University of Texas at Austin with a BS in Computer Science in 2002. Since that time, he has worked for several large companies, including AMD and BearingPoint, spent some time as a military contractor, and is currently employed as the Inform... Read More →


Tuesday July 25, 2017 14:00 - 14:55
Underground (Florentine E) 255 E Flamingo Rd, Las Vegas, NV 89169

14:00

Elastic-ing All the Things - Saving anything at elastic stack and having fun with detections
Limited Capacity full
Adding this to your schedule will put you on the waitlist.

Millions of events could easily be generated in your network daily. Your devices will generate events from simple and inoffensive daemon or application errors to very important events, that defensive and offensive would want to alert on. But by the end of the day how are you going to save or log all that information? How will you enrich this data generated by your users, tools, and devices? How you will correlate them? How
will you create detection alerts and reports ?

In this training our idea is to teach a fast track about how you could use Elastic Stack to cover all the steps of a event logs journey. From local log generation to Hero Detection, showing the attendee how to create smart configurations that will parse and split your data into key fields, transform your logs, correlate, and filter them to create useful outputs to be used in detection and network security analysis.

This workshop will be entirely based on Elastic Stack and basic Python scripts (donít be afraid, we will provide what is needed for the course). Simulating situations with some opensource offensive and defensive tools that will show how the attendees could create great stuff on the cheap, improving your detection capabilities and metrics. And once successful, the important: ask for a raise!

Presenters
avatar for Felipe “Pr0teus

Felipe “Pr0teus" Esposito

Security Researcher
Felipe “Pr0teus” has 10 years experience in T.I, masters degree in Computer Systems and network. His interests includes Network Covert Channels,Information visualization, Log analysis and Incident Response. Currently working for Rio de Janeiro state court as Network Security Admin, working hard to make... Read More →
avatar for Rodrigo Montoro

Rodrigo Montoro

Security Researcher
Rodrigo “Sp0oKeR” Montoro has 15 years of experience deploying open source security software (firewalls, IDS, IPS, HIDS, log management) and hardening systems. Currently he is Security Researcher/ SOC. Prior to joining Clavis he worked as a Senior Security administrator at Su... Read More →


Tuesday July 25, 2017 14:00 - 17:55
Training Ground 3 (The Platinum, Platinum Room) 211 E Flamingo Rd, Las Vegas, NV 89169

14:00

Extreme Mobile Application Exploitation
Limited Capacity full
Adding this to your schedule will put you on the waitlist.

This full-fledged hands-on workshop will get the attendees familiar with the various Android as well as iOS application analysis techniques and bypassing the existing security models in both the
platforms. The main objective of this workshop is to provide a proper guide on how the mobile
applications can be attacked and provide an overview of how some of the most important security
checks for the applications are applied and get an in-depth understanding of these security checks.

The workshop will also include a CTF challenge designed by the trainer in the end where the attendees will use their skills learnt during the workshop to solve this challenge.

This workshop will mainly focus on the following :
1. Reverse engineer Dex code for security analysis.
2. Jailbreaking/Rooting of the device and also various techniques to detect Jailbreak/Root.
3. Runtime analysis of the apps by active debugging.
4. Modifying parts of the code, where any part can be specified as some functions, classes and
to perform this check or to identify the modification, we will learn how to find and calculate
the checksum of the code. Our objective in this section will be to learn, Reverse Engineering
an application, get its executable binaries , modify these binaries accordingly, resign the
application.
5. Runtime modification of code. Objective is to learn how the programs/codes can be changed
or modified at runtime. we will learn how to perform introspection or overriding the default
behavior of the methods during runtime and then we will learn how to identify if the
methods have been changed). For iOS we can make use of tool Cycript, snoop-it etc.
6. Hooking an application and learn to perform program/code modification.
7. By the end of workshop, based on the course content CTF challenges written by the trainer will be launched, where the attendees will use their skills learnt in the workshop to solve the CTF challenges.
The workshop will begin with a quick understanding on the architecture, file system,permissions and security model of both iOS and Android platform.
NOTE:
1. The tools and techniques used in the workshop are all open source and no special proprietary
tools need to be purchased by the attendees for analysis post the training. Some of the tools
taught in the training will be helpful in analysis and automating test cases for security testing
of the mobile apps:
✔ Drozer
✔ Introspy
✔ Apktool
✔ Dex2jar
✔ Cycript
✔ JD-Gui
✔ SSL Trust killer

Presenters
avatar for Sneha Rajguru

Sneha Rajguru

Payatu Software Labs LLP, Payatu Software Labs LLP
India


Tuesday July 25, 2017 14:00 - 17:55
Training Ground 1 (The Platinum, Opal Room) 211 E Flamingo Rd, Las Vegas, NV 89169

14:30

IMSI Catchers And The Happy Yellow Helicopter: Security Challenges At Standing Rock
Geeks Without Bounds coordinated the Internet connectivity, radio support, and renewable power for the Dakota Access Oil Pipeline protest camps at the Standing Rock Sioux Reservation in North Dakota from September 2016 to February 2017. Within hours of arriving at Standing Rock, Lisha Sterling discovered problems with her mobile phone, and that began an investigation into the various ways that cyberwarfare techniques were being used against protesters by a consortium of governmental and private security agencies. This talk includes photos and stories from Standing Rock about physical sabotage, IMSI catchers, airborne surveillance, and mystery devices which drain phone and car batteries instantly, along with lessons learned that can be used in a range of situations where activists face heavy-handed opposition.

Presenters
avatar for Myron Dewey

Myron Dewey

Owner, Digital Smoke Signals
MYRON DEWEY M.A, | | Founder and owner of Digital Smoke Signals, | Dewey is Newe/Numah - Paiute/Shoshone from the Walker River Paiute Tribe, | Agui Diccutta Band (Trout Eaters) and Temoke Shoshone. | He is a professor, journalist, filmmaker/editor, digital storytell... Read More →
avatar for Lisha Sterling

Lisha Sterling

Executive Director, Geeks Without Bounds
Lisha Sterling has been supporting open source technology in low resource situations for the past 8 years. Before that she worked as a software developer and systems administrator at the usual string of startups and big tech companies starting in 1993. In 2016 she went to Standi... Read More →


Tuesday July 25, 2017 14:30 - 14:55
Common Ground (Florentine F) 255 E Flamingo Rd, Las Vegas, NV 89169

14:30

Rate the Recruiter
Rate the Recruiter - Monthly, weekly and sometimes daily, you are being contacted by Talent Acquisition professionals that claim to have the next best career step available for you. What can you do to cut through the noise and find the best career advocates in your field? We will give you some tips to help "Rate the Recruiter" and identify the Top Talent Specialists in your field. By strategically picking your resources, you can gain access to Hiring Managers, Top Companies and Great Employment Opportunities.

Presenters
avatar for Ashley Bush

Ashley Bush

University and Employer Brand Recruiter, Tenable
Professionally-speaking, I am a branding nerd. Whether it's improving your personal brand, professional brand, or your company's brand as an employer...you've got my attention. I have been in Talent Acquisition for four years, starting my career (I know, I'm still in the "starti... Read More →
avatar for Brian Sheridan

Brian Sheridan

Recruiter, Tenable
Brian is a Corporate Recruiter with Tenable and has 7 years of experience between in-house and agency. Specializing in high-growth organizations, Brian has a passion for creating excellent Candidate Experience and helping people navigate through a complicated job market. Brian... Read More →


Tuesday July 25, 2017 14:30 - 14:55
Hire Ground (Florentine B) 255 E Flamingo Rd, Las Vegas, NV 89169

14:30

Two-Factor Auth - Demand Bidirectional
Two-factor authentication has become almost commonplace in defending against ubiquitous credential brute-forcing and has reduced the criticality of password theft.

However there is a component of the original RFC (request-for-comment) that has been overlooked and undervalued. Meaning that 2FA in its current form is not as effective at mitigating phishing and replay attacks as it could be.

This talk will demonstrate attacks against time-based and HMAC-based OTP (one-time pad) authentication, and will propose detailed countermeasures and mitigations for these attacks.

Presenters
avatar for Joe Kirwin

Joe Kirwin

Senior Security Engineer, Pivotal


Tuesday July 25, 2017 14:30 - 14:55
Proving Ground (Florentine G) 255 E Flamingo Rd, Las Vegas, NV 89169

14:30

Lockpick Village - Beginner lesson
Staff
avatar for Wendy Knox Everette

Wendy Knox Everette

Cyberlawyer
Wendy spent her first 18 years in New Jersey where she grew to appreciate a good slice of pizza. After college, she worked as a software developer at Amazon.com and Google. She received her JD from the George Mason University School of Law and completed a Fellowship in computer s... Read More →
avatar for Kat Sweet

Kat Sweet

Information Security Analyst, Duo Security
Kat recently moved from Madison to Ann Arbor to work for Duo Security (MFA FTW!), becoming perhaps the first Duonaut ever whose relocation involved a boat ride. Outside of work, she has an affinity for wielding pointy objects, including lockpicks, knitting needles, and, as of las... Read More →


Tuesday July 25, 2017 14:30 - 15:00
Chill Out Room (Florentine C&D) 255 E Flamingo Rd, Las Vegas, NV 89169

14:30

Getting insight out of and back into deep neural networks
Deep learning has emerged as a powerful tool for classifying malicious software artifacts, however the generic black-box nature of these classifiers makes it difficult to evaluate their results, diagnose model failures, or effectively incorporate existing knowledge into them.  In particular, a single numerical output – either a binary label or a ‘maliciousness’ score – for some artifact doesn’t offer any insight as to what might be malicious about that artifact, or offer any starting point for further analysis.  This is particularly important when examining such artifacts as malicious HTML pages, which often have small portions of malicious content distributed among much larger amounts of completely benign content. 

In this applied talk, we present the LIME method developed by Ribeiro, Singh, and Guestrin, and show – with numerous demonstrations – how it can be adapted from the relatively straightforward domain of “explaining” text or image classifications to the much harder problem of supporting analysts in performing forensic analysis of malicious HTML documents.  In particular, we can not only identify features of the document that are critical to performance of the model (as in the original work), but also use this approach to identify key components of the document that the model “thinks” are likely to contain malicious elements.  This allows analysts to quickly assess both the validity of the model’s conclusion and rapidly identify regions that require additional inspection and evaluation.  In doing so the deep learning model is converted from a gnomic “black box” into a useful exploratory tool for malicious artifacts, even when the deep learning model itself may label the sample incorrectly. 

We complement this work by showing how knowledge extracted by this method – as well as existing expert knowledge – can be readily re-incorporated into deep learning models.

Presenters
RH

Richard Harang

Principal Data Scientist, Sophos
Richard Harang is a Principal Data Scientist at Sophos with over seven years of research experience at the intersection of computer security, machine learning, and privacy. Prior to joining Sophos, he served as a scientist at the U.S. Army Research Laboratory, where he led the r... Read More →


Tuesday July 25, 2017 14:30 - 15:25
Ground Truth (Firenze) 255 E Flamingo Rd, Las Vegas, NV 89169

15:00

The Commoditization of Security Solutions: Will You Be Replaced by a Small Script?
Security technologies and solutions change constantly. Today's new hotness will be tomorrow's old news and distinguishing features will be defaults in the next version. The insane pace of the digital arms race makes it difficult to keep up with the latest trends and skills. In this talk I'll explore this phenomenon & look at examples over the last 30 years to demonstrate a consistent pattern in the technology lifecycle. Then I'll outline proactive steps to prepare yourself to maintain a career in this field. By the end of this talk, you'll walk away with practical guidance on preparing for the future, avoiding burnout, and building your skill-set in a way that will prevent you from being replaced by a small shell script or the next security appliance.

Presenters
avatar for Nathan Sweaney

Nathan Sweaney

Senior Security Consultant, Secure Ideas
Nathan Sweaney works for Secure Ideas testing pens and consulting clients. He's been in the infosec industry for a decade or so working with a wide range of clients and technologies. He hails from the great state of Oklahoma and wishes you'd all keep flying over it & leave us alo... Read More →


Tuesday July 25, 2017 15:00 - 15:25
Hire Ground (Florentine B) 255 E Flamingo Rd, Las Vegas, NV 89169

15:00

Pwn All The Mobile Porn Apps
This talk will examine egregious security vulnerabilities found in adult content mobile applications. Highlights include: lack of HTTPS usage, code execution in update mechanisms, and less then stellar vendor responses.

Presenters

Tuesday July 25, 2017 15:00 - 15:25
Proving Ground (Florentine G) 255 E Flamingo Rd, Las Vegas, NV 89169

15:00

The Black Art of Wireless Post-Exploitation: Bypassing Port-Based Access Controls Using Indirect Wireless Pivots
Most forms of WPA2-EAP have been broken for nearly a decade. EAP-TTLS and EAP-PEAP have long been susceptible to evil twin attacks, yet most enterprise organizations still rely on these technologies to secure their wireless infrastructure. The reason for this is that the secure alternative, EAP-TLS, is notoriously arduous to implement. To compensate for the weak perimeter security provided by EAP-TTLS and EAP-PEAP, many organizations use port based NAC appliances to prevent attackers from pivoting further into the network after the wireless has been breached. This solution is thought to provide an acceptable balance between security and accessibility.

The problem with this approach is that it assumes that EAP is exclusively a perimeter defense mechanism. In a wireless network, EAP actually plays a subtle and far more important role. WPA2-EAP is the means through which the integrity of a wireless network’s physical layer is protected. Port-based access control mechanisms rely on the assumption that the physical layer can be trusted. Just as NACs can be bypassed on a wired network if the attacker has physical access to the switch, they can also be bypassed in a wireless environment if the attacker can control the physical layer using rogue access point attacks.

In this presentation, we will apply this concept by presenting a novel type of rogue access point attack that can be used to bypass port-based access control mechanisms in wireless networks. In doing so, we will challenge the assumption that reactive approaches to wireless security are an acceptable alternative to strong physical layer protections such as WPA2-EAP using EAP-TLS. Finally, we will talk about how to defend against these attacks by exploring ways in which EAP-TLS can be made easier to implement.

Presenters
avatar for Gabriel Ryan

Gabriel Ryan

Security Engineer, Gotham Digital Science
Gabriel is a pentester, CTF player, and Offsec R&D. He currently works for Gotham Digital Science, where he provides full scope red team penetration testing capabilities for a diverse range of clients. Previously he has worked at OGSystems and Rutgers University. He also is a mem... Read More →


Tuesday July 25, 2017 15:00 - 15:55
Breaking Ground (Florentine A) 255 E Flamingo Rd, Las Vegas, NV 89169

15:00

Purple Team: How This Color Can Help You And Your Organisation Learn and Get Better
You have heard of Red Team, Red vs. Blue Team and Purple Team exercises, but these approaches often miss two crucial aspects: communication and mentoring. An organisation doesn’t need to be overly mature to conduct a Purple Team exercise. This type of exercise can be divided into multiple stages when the business risks are well defined with communication and mentoring at the core of the engagement.

This presentation will describe how and why to execute a Purple Team exercise, as well as how to encourage upper management’s participation in this type of engagement. We will discuss techniques for executing a Purple Team exercise, along with the various types and levels of testing to assess the business risk using real case studies. This presentation will also include how to most effectively mentor the Blue Team.

Similarly to a Red Team, Purple Team exercises assess the business risks that can impact the business as a whole. The main difference between these two being that the Blue Team is involved throughout the engagement. Daily, weekly or monthly meetings are set with communication as the main objective. The Blue Team is responsible to detect, monitor and analyze the Red Team’s activities throughout the engagement. They communicate regularly with the Red Team to find solutions related to their findings rather than waiting for a finalized report that ultimately summarizes to the words “You’ve been pwned”.

Multiple levels of Blue Team involvement and mentoring approaches will be shown during the presentation. We will review different types of tests from predefined attack scenarios, which include real Red Team examples. We will focus on how this type of exercise can help the entire organisation improve their security from both a technical and strategic perspective, which will increase the value of this engagement when selling it to upper management.

Presenters
avatar for Patrick Mathieu

Patrick Mathieu

Owner / Senior Security Consultant, Hackfest.ca / SecurityCompass.com
Patrick is co-founder of Hackfest.ca largest hacking conference in Canada and has been involved in computer security and hacking for more than 20 years. He is currently employed as pentester and lead Purple Team at a Toronto consulting company and and he’s specialized in applic... Read More →


Tuesday July 25, 2017 15:00 - 15:55
Common Ground (Florentine F) 255 E Flamingo Rd, Las Vegas, NV 89169

15:00

Sex, Secret and God: A Brief History of Bad Passwords
Most of what we've been told over the years about what makes a good password has been wrong, so it's no surprise most people pick bad passwords. This talk will cover the history of password policy and password cracking starting from the days before computers had passwords up to modern password cracking and modern protections against it. Along the way I'll cover Richard Stallman's little-known history as a password cracker, the golden days of password guessing featured in movies like Hackers and WarGames, and draconian IT password policies and why they don't work. By the end everyone should have plenty of ammunition to take back to their IT department and get rid of those horrible password policies.

Presenters
avatar for Kyle Rankin

Kyle Rankin

Vice President, Engineering Operations, Final, Inc.
Kyle Rankin is the Vice President of Engineering Operations for Final Inc.; the author of Linux Hardening in Hostile Networks, DevOps Troubleshooting, The Official Ubuntu Server Book, and Knoppix Hacks, among other books; and an award-winning columnist for Linux Journal magazine... Read More →


Tuesday July 25, 2017 15:00 - 15:55
Ground1234! (The Tuscany, Tuscany Room) 255 E Flamingo Rd, Las Vegas, NV 89169

15:00

Feds
Feds <3 H4ckers. No really, it's true! Some Feds do anyway. We've arranged for some live, tame Feds to make their way out to Las Vegas to prove it! This panel will let them highlight some of the ways they show that they <3 us, and give YOU the BSidesLV participants, a chance to ask questions.

Presenters
avatar for Suzanne Schwartz

Suzanne Schwartz

Associate Director for Science and Strategic Partnerships, Emergency Preparedness/Operations & Medical Countermeasures (EMCM) Director (Acting), FDA's Center for Devices and Radiological Health (CDRH)
Suzanne B. Schwartz, MD, MBA is the Associate Director for Science and Strategic Partnerships in the Center for Devices and Radiological Health (CDRH) at the FDA. She also continues to serve as the Director (Acting) of CDRH’s Emergency Preparedness/Operations and Medical Countermeasures program. Suzanne represents CDRH/FDA across inter-Agency initiatives for the Public Health Emergency Medical Countermeasures Enterprise (PHEMCE) for chemical, biological, radiological and nuclear threats (CBRN), natural disasters and emerging infectious diseases. As... Read More →
avatar for Jessica Wilkerson

Jessica Wilkerson

Professional Staff Member, House Energy and Commerce
Jessica Wilkerson is a Professional Staff Member with the House Committee on Energy and Commerce, covering cybersecurity issues across the Committee's broad jurisdiction. As part of that work, she has investigated issues in the telecommunications, commercial, energy, and healthc... Read More →


Tuesday July 25, 2017 15:00 - 15:55
IATC (Siena) 255 E Flamingo Rd, Las Vegas, NV 89169

15:00

Inside MormonLeaks: the why, the how, and the what
MormonLeaks gained national recognition in October 2016 when private videos of conversations between the highest of Mormon officials were leaked on YouTube. Shortly thereafter, the organization launched a way for sources to securely, safely, and anonymously submit confidential church documents for later public release. The Mormon Church has a history of hiding things that directly effect it's membership, their neighbors, and local and national politics. With transparency as the goal, MormonLeaks is committed to remaining neutral and publishing all verifiable documents which they receive. Come listen to the lead engineer on the project talk about the organization's history, motivations, tech, mistakes, successes, and future.

Presenters
avatar for Privacy P. Pratt

Privacy P. Pratt

Lead Engineer & Technical Advisor, MormonLeaks
My psuedonym comes from Parley P. Pratt, an early leader of the Mormon Church. I am the lead engineer of mormonleaks.io.


Tuesday July 25, 2017 15:00 - 15:55
Underground (Florentine E) 255 E Flamingo Rd, Las Vegas, NV 89169

15:30

Breaking the Fourth Wall - Hacking a 50 years old myth
Follow me on a journey where we p0wn one of the most secure platforms on earth.
A giant mammoth that still powers the most critical business functions around the world: The Mainframe!
Be it a wire transfer, an ATM withdrawal, or a flight booking, you can be sure that you've used
the trusted services of a mainframe at least once during the last 24 hours.
In this talk, I will present methods on pentesting mainframe applications, deploying shells
and elevating privileges on the system, all starting with zero authentication.
If you are interested in mainframes or merely curious to see a what a shell looks like on MVS, you'll want to attend this session.

Presenters

Tuesday July 25, 2017 15:30 - 15:55
Proving Ground (Florentine G) 255 E Flamingo Rd, Las Vegas, NV 89169

15:30

Transfer Learning: Analyst-Sourcing Behavioral Classification
Information Security (InfoSec) operations analysts are deluged with data, and that is with not even reviewing a significant portion of an organization’s logged data - and certainly not in anything close to real-time. Additionally, too many of the alerts generated by log reviews (e.g., by a SIEM) are false positives - an unnecessary distraction for analysts, and a contribution to the embarrassing number of false negatives. With log volumes growing significantly year over year, a radical change in approach is needed.

Enter AI. Not just machine learning, but AI; specifically, active learning. In this presentation, we will discuss how to augment a critical shortage of trained analyst personnel with active learning, institutionalize their knowledge of benign traffic and attacks, and how to share that knowledge between organizations.

Presenters
avatar for Ignacio Arnaldo

Ignacio Arnaldo

Chief Data Scientist, Patternex
I am working at PatternEx, a Bay Area startup developing an artificial intelligence platform for InfoSec. The platform leverages state-of-the-art machine learning and artificial intelligence algorithms for real-time attack prevention in enterprise applications.
avatar for Tim Mather

Tim Mather

Chief Security Strategist, PatternEx
Long-time information security practitioner, single parent of three (all cats - rescues).


Tuesday July 25, 2017 15:30 - 16:00
Ground Truth (Firenze) 255 E Flamingo Rd, Las Vegas, NV 89169

15:30

Mentoring, Networking, Resume Review
This is a great time to come and network with recruiters who are hiring and looking to talk to you about their companies. You can also come into Hire Ground and have your resume reviewed. Also be on the lookout for Career Mentors who have "Blinky Badges" they are available to answer your tough questions about your career. Remember networking is the number one way to find a job - come and network

Tuesday July 25, 2017 15:30 - 17:25
Hire Ground (Florentine B) 255 E Flamingo Rd, Las Vegas, NV 89169

15:45

Pros vs Joes CTF - Contest play ends!
Staff
avatar for Dichotomy

Dichotomy

Senior Staff, BSidesLV
Pros Vs Joes Capture the Flag Games Master


Tuesday July 25, 2017 15:45 - 16:00
Chill Out Room (Florentine C&D) 255 E Flamingo Rd, Las Vegas, NV 89169

16:00

Lockpick Village - Contest
Staff
avatar for Wendy Knox Everette

Wendy Knox Everette

Cyberlawyer
Wendy spent her first 18 years in New Jersey where she grew to appreciate a good slice of pizza. After college, she worked as a software developer at Amazon.com and Google. She received her JD from the George Mason University School of Law and completed a Fellowship in computer s... Read More →
avatar for Kat Sweet

Kat Sweet

Information Security Analyst, Duo Security
Kat recently moved from Madison to Ann Arbor to work for Duo Security (MFA FTW!), becoming perhaps the first Duonaut ever whose relocation involved a boat ride. Outside of work, she has an affinity for wielding pointy objects, including lockpicks, knitting needles, and, as of las... Read More →


Tuesday July 25, 2017 16:00 - 16:30
Chill Out Room (Florentine C&D) 255 E Flamingo Rd, Las Vegas, NV 89169

17:00

Microservices And FaaS For Offensive Security
There are more cloud service providers offering serverless or Function-as-a-service platforms for quickly deploying and scaling applications without the need for dedicated server instances and the overhead of system administration. This technical talk will cover the basic concepts of microservices and FaaS, and how to use them to scale time consuming offensive security testing tasks. Attacks that were previously considered impractical due to time and resource constraints can now be considered feasible with the availability of cloud services and the neverending free flow of public IP addresses to avoid attribution and blacklists.

Key takeaways include a guide to scaling your tools and a demonstration on the practical benefits of utilising cloud services in performing undetected port scans, opportunistic attacks against short lived network services, brute-force attacks on services and OTP values, and creating your own whois database, shodan/censys, and searching for the elusive internet accessible IPv6 hosts.

Presenters
avatar for Ryan Baxendale

Ryan Baxendale

Centurion Information Security
Ryan works as a penetration tester in Singapore where he leads a team of professional hackers. While his day is filled mainly with web and mobile penetration tests, he is more interested developing security tools, discovering IPv6 networks, and mining the internet for targeted lo... Read More →


Tuesday July 25, 2017 17:00 - 17:25
Breaking Ground (Florentine A) 255 E Flamingo Rd, Las Vegas, NV 89169

17:00

I Club and So Can You
Founding and running information security clubs has enriched my life in concrete, positive ways. In this talk, I encourage others to form groups devoted to hacking and security. By doing so, I hope that listeners go on to kickstart security scenes in their hometowns while also enjoying the same benefits that I enjoyed. Much of the advice comes from personal, hands-on experience. I will be discussing the misconceptions that I had about running an information security club, the struggles encountered, and the successes enjoyed.

Presenters
avatar for Christopher Lamberson

Christopher Lamberson

Christopher Lamberson spends much of his time building Splunk dashboards and doing security related oddjobs for Columbus State University. Much of the money earned in these part-time positions goes straight to feeding his learning addiction. Other than that, he is president of a... Read More →


Tuesday July 25, 2017 17:00 - 17:25
Proving Ground (Florentine G) 255 E Flamingo Rd, Las Vegas, NV 89169

17:00

Pros vs Joes CTF - End of Day Hotwash
Staff
avatar for Dichotomy

Dichotomy

Senior Staff, BSidesLV
Pros Vs Joes Capture the Flag Games Master


Tuesday July 25, 2017 17:00 - 17:30
Chill Out Room (Florentine C&D) 255 E Flamingo Rd, Las Vegas, NV 89169

17:00

All The Sales President’s Men
As technologists and hackers many of us have skills in intelligence gathering or social engineering, but we might not stop to think about how those same skills are being used against us to influence our purchasing decisions as we evaluate vendors for new projects. Now I know you're thinking, "I can spot that a mile away.". No free lunch, vendor party, or booth giveaway is going to sway ME, right? Well, I've got a confession to make - it goes way beyond that. I can be your ally, your advocate, and an asset to your organization. I can also be the secret weapon of the sales team - the guy who speaks both languages - sales and tech.

Let me walk you through what happens behind the scenes during the sales cycle at a typical tech company to influence you into buying from them.

Presenters
avatar for Patrick McNeil

Patrick McNeil

Principal Solutions Architect
I'm a programmer, network engineer, and operations specialist who went astray and got into security. As a reluctant Security Solutions Architect I'd prefer to work in a technical role, but I find myself good at what I do. I'm a telecom security enthusiast and #telephreak at he... Read More →


Tuesday July 25, 2017 17:00 - 17:55
Common Ground (Florentine F) 255 E Flamingo Rd, Las Vegas, NV 89169

17:00

The Human Factor: Why Are We So Bad at Security and Risk Assessment?
How does the science of human perception and decision making influence the security sector? How can we use information about how people make decisions to create more successful security professionals? In the 1970s, “fringe” psychologists began to question the phenomenon of decision making, seeking to understand the mechanism by which individuals will make seemingly unfathomable choices in the face of obvious deterrents. When one has any personal stake in a situation (e.g. what to eat for dinner or who to vote for) our ability to take stock and react reasonably becomes nearly non-existent.

There are numerous academic studies on decision-making and perception whose insights have been applied to various industries over the years with surprising success. Why do we make unintelligent choices? Why are we are so overwhelmingly deficient at risk assessment? This session will explore how the science of decision making applies to the security sector, empowering attendees to walk away with a better understanding of how these concepts can be leveraged to build more robust and useful security tools, as well as more successful training models. Supported by the research of Nobel prize-winning psychologist Daniel Kahneman, I will introduce these techniques and discuss how they can help security in several practical ways.

Presenters
avatar for John Nye

John Nye

VP, Cybersecurity Strategy, CynergisTek, Inc.
John Nye is Vice President of Cybersecurity Strategy for CynergisTek and has spent the majority of the last decade working in Information Security, half that time working exclusively as a professional penetration tester. Besides testing and improving security, John has a passion... Read More →


Tuesday July 25, 2017 17:00 - 17:55
Ground Truth (Firenze) 255 E Flamingo Rd, Las Vegas, NV 89169

17:00

Think Complex Passwords Will Save You?
Have you ever tried to crack a password that was just too difficult to crack? This talk will focus on some new techniques for cracking passwords that work 100% of the time. In 2012 I released an FPGA-based DES cracking service with Moxie Marlinspike for cracking MSCHAPv2 and quickly started seeing it being used for cracking other things besides MSCHAPv2. In this presentation we'll take a look at some of the research we've done into other widely used protocols and services that still rely on DES for security and provide an quick intro into the https://crack.sh API so you too can use this service for your own projects.

Specifically, we will demonstrate tools for doing exhaustive brute-force cracking of MSCHAPv2 (PPTP VPNs, WPA-Enterprise), des_crypt() hashes, Kerberos5, and release a free real-time service for cracking MSCHAPv1 (Windows Lanman and NTLMv1 authentication) in a matter of seconds.

Presenters
DH

David Hulton

Chairman, ToorCon
David Hulton organizes the ToorCon suite of conferences and has spent nearly 20 years doing security research mostly focused on reverse engineering and cracking crypto. He’s mostly known for developing the bsd-airtools wireless attack tools in the early 2000’s, developing and... Read More →


Tuesday July 25, 2017 17:00 - 17:55
Ground1234! (The Tuscany, Tuscany Room) 255 E Flamingo Rd, Las Vegas, NV 89169

17:00

Healthcare in Critical Condition
Over the past year, healthcare has been under assault from bad actors, yet has had important bright spots that highlight the progress being made. WannaCry impacted 20% of UK healthcare trusts, and Nyetya/NotPetya hurt patient care Ukranian hospitals for days. Meanwhile, FDA guidance and workshops made clear their expectation that medical device makers will engage with the security research community, and a high-profile example proved the value of collaboration to protect patient safety.

Presenters
avatar for Josh Corman

Josh Corman

Founder, I am The Cavalry
Joshua Corman is a Founder of I am The Cavalry (dot org) and Director of the Cyber Statecraft Initiative for the Atlantic Council. Corman previously served as CTO for Sonatype, Director of Security Intelligence for Akamai, and in senior research & strategy roles for The 451 Group and IBM Internet Security Systems. He co-founded @RuggedSoftware and @IamTheCavalry to encourage new security approaches in response to the... Read More →
avatar for Christian Dameff

Christian Dameff

Christian Dameff is an emergency medicine physician and researcher. Published works include topics such as therapeutic hypothermia after cardiac arrest, novel drug targets for myocardial infarction patients, and other Emergency Medicine related works with an emphasis on CPR optim... Read More →
avatar for Jeff Tulley

Jeff Tulley

Jeff Tully is a pediatrician and researcher with an interest in understanding the ever-growing intersections between health care and technology. Prior to medical school he worked on “hacking” the genetic code of Salmonella bacteria to create anti-cancer tools, and throughout medi... Read More →


Tuesday July 25, 2017 17:00 - 17:55
IATC (Siena) 255 E Flamingo Rd, Las Vegas, NV 89169

17:00

Ask the EFF
"Ask the EFF" will be a panel presentation and unrecorded question-and-answer session with several staff members of the Electronic Frontier Foundation, the nation’s premiere nonprofit digital civil liberties group. Each staffer will discuss a particular issue that has been in the news or on EFF’s docket this year.

Presenters
avatar for Nate Cardozo

Nate Cardozo

Senior Staff Attorney, Electronic Frontier Foundation
NATE CARDOZO is a Senior Staff Attorney on the Electronic Frontier Foundation’s digital civil liberties team. In addition to his focus on free speech and privacy litigation, Nate works on EFF's Who Has Your Back? report and Coders' Rights Project. Nate has projects involving cr... Read More →
avatar for Kurt Opsahl

Kurt Opsahl

Deputy ED and General Counsel, Electronic Frontier Foundation
Kurt Opsahl is the Deputy Executive Director and General Counsel of the Electronic Frontier Foundation. In addition to representing clients on civil liberties, free speech and privacy law, Opsahl counsels on EFF projects and initiatives. Opsahl is the lead attorney on the Coders... Read More →


Tuesday July 25, 2017 17:00 - 17:55
Underground (Florentine E) 255 E Flamingo Rd, Las Vegas, NV 89169

17:30

How To Hack Recruiting: Turning the Tables (Panel)
Are you sick of applying for jobs and never hearing back? See that perfect position posted and wonder what the hell you have to do to even get a human being to look at your resume? Has trying to get a foot in the door at your dream company turned into a nightmare? That makes, well, all of us. But if you want looking for work a whole lot less work, the good news is, you can hack your way into getting hired. You just have to think like a recruiter. But assuming you have marketable skills and actual experience in something other than not calling people back, you probably can't kill off enough brain cells to crack the recruiter code.
That's why this session will reveal how recruiting really works, from what happens when you apply for a job to how recruiters source, screen and select candidates to how offer negotiation really works. We'll pull back the curtain and look at how hiring happens today, the rules of the recruiting game and how to beat recruiters at their own game. You'll learn every secret hiring pros don't want you to know, and how to white hat your way into the world of work, without all the work (and the BS, buzzwords and banalities of the talent trade).

Presenters
avatar for Steve Levy

Steve Levy

Principal, Recruiting Inferno
Steve Levy brings an atypical combination of recruiting expertise and a technical experience to his performance-focused engagements with clients. He was one of the earliest members of the original ERE community and in 2004, was the first official ERE Blogger and Group Leader. Tod... Read More →
avatar for Pete Radloff

Pete Radloff

Principal Technical Recruiter, comScore
Pete Radloff is a veteran recruiter, sourcer and consultant, who has been in the industry since 2000, with experience in both agency and corporate settings. Pete’s passion stretches across several areas of talent acquisition, including recruitment and sourcing, social media, em... Read More →
avatar for Kris Rides

Kris Rides

CEO, Tiro Security
I'm not an Australian..... this accent is from the other side of the world! | | Please don't look for the guy in a full Tuxedo as I'm not packing it for this Vegas visit. I'm a trained Social Engineering Penetration Tester and Founder of an InfoSec specialist recruitment a... Read More →


Tuesday July 25, 2017 17:30 - 17:55
Hire Ground (Florentine B) 255 E Flamingo Rd, Las Vegas, NV 89169

17:30

Zero Trust Networks: In Theory and in Practice
The world is changing, but our network security models are having trouble keeping up. In a time where remote work is regular and cloud mobility is paramount, the perimeter security model is showing its age -- badly.

We deal with VPN tunnel overhead and management. We spend millions on fault-tolerant perimeter firewalls. We carefully manage all entry and exit points on the network, yet still we see ever-worsening breaches year over year. The Zero Trust model aims to solve these problems.

Zero Trust networks are built with security at the forefront. No packet is trusted without cryptographic signatures. Policy is constructed using software and user identity rather than IP addresses. Physical location and network topology no longer matter. The Zero Trust model is very different, indeed.

In this talk, we'll discuss the philosophy and origin of the Zero Trust model, what it brings to the table, and how to think about building one.

Presenters
avatar for Doug Barth

Doug Barth

Site Reliability Engineer, Stripe
Doug is a Site Reliability Engineer at Stripe. With a deep interest in software, hardware, and production systems, he has spent his career using computers to solve hard problems. He helped deploy PagerDuty's IPsec mesh network, and wrote on a book about Zero Trust Networks.
avatar for Evan Gilman

Evan Gilman

Scytale
Evan Gilman is a site reliability engineer currently focusing on the SPIFFE standard at Scytale. With roots in academia, Evan finds passion in both reliable, performant systems, and the networks they run on. When he’s not building automated network systems, he can usually be fo... Read More →


Tuesday July 25, 2017 17:30 - 18:25
Breaking Ground (Florentine A) 255 E Flamingo Rd, Las Vegas, NV 89169

18:00

The Struggle Is Real: My Journey With Mental Health Issues
Talks on mental health are starting to emerge across the infosec sphere. This is a great thing, because openness and honesty about our mental states leads to better mental health. This is my attempt to tell my story about my strong personal opposition to my own better mental health and why I am (slowly) changing my mind. We take care of our bodies, why not our minds and hearts?

Presenters
avatar for Joel Cardella

Joel Cardella

Joel Cardella has over 24 years of experience in information technology, having run a gamut from network operations, sales support, data center management, field operations and information security. He has worked in industries including telecommunications, healthcare and manufact... Read More →


Tuesday July 25, 2017 18:00 - 18:25
Common Ground (Florentine F) 255 E Flamingo Rd, Las Vegas, NV 89169

18:00

Recruiter Smack Down (Panel)
This is a chance to hear what was covered in the sessions today and have recruiters and community experts agree or disagree with the presentations along with understand the key takeaways from the day. Great time to also ask questions and get a debate going. 

Moderators
avatar for Matt Duren

Matt Duren

Recruiting Manager, Tenable
Matt Duren has been in recruiting since he graduated college in 2001. Starting out in a technical staffing agency, Matt quickly transitioned to corporate recruiting and has lead recruiting teams responsible for IT and college recruiting, as well as Employment Branding. Matt is... Read More →

Presenters
avatar for Jen Havermann

Jen Havermann

Over 20 years quietly lurking in the industry, in public and private sectors. I've had different security roles: instructor, information system security officer/manager, accreditor, system /network admin/engineer, vulnerability assessment/pentesting, incident response, cyber secu... Read More →
avatar for Steve Levy

Steve Levy

Principal, Recruiting Inferno
Steve Levy brings an atypical combination of recruiting expertise and a technical experience to his performance-focused engagements with clients. He was one of the earliest members of the original ERE community and in 2004, was the first official ERE Blogger and Group Leader. Tod... Read More →
avatar for Pete Radloff

Pete Radloff

Principal Technical Recruiter, comScore
Pete Radloff is a veteran recruiter, sourcer and consultant, who has been in the industry since 2000, with experience in both agency and corporate settings. Pete’s passion stretches across several areas of talent acquisition, including recruitment and sourcing, social media, em... Read More →


Tuesday July 25, 2017 18:00 - 18:25
Hire Ground (Florentine B) 255 E Flamingo Rd, Las Vegas, NV 89169

18:00

HHS Task Force (Panel)
“Healthcare cybersecurity is in critical condition,” announced the US Department of Health and Human Services at the end of its year-long task force, analyzing the current state of the field. Distinguished members of the HHS Task Force will discuss its process, findings, and recommendations. Find out why they felt their own health suffered as a result of serving on the task force. There were no easy problems or solutions.

Presenters
avatar for Josh Corman

Josh Corman

Founder, I am The Cavalry
Joshua Corman is a Founder of I am The Cavalry (dot org) and Director of the Cyber Statecraft Initiative for the Atlantic Council. Corman previously served as CTO for Sonatype, Director of Security Intelligence for Akamai, and in senior research & strategy roles for The 451 Group and IBM Internet Security Systems. He co-founded @RuggedSoftware and @IamTheCavalry to encourage new security approaches in response to the... Read More →


Tuesday July 25, 2017 18:00 - 18:25
IATC (Siena) 255 E Flamingo Rd, Las Vegas, NV 89169

18:00

Introduction to Reversing and Pwning
Beginner oriented talk on reverse engineering and pwning, details are confined to the linux x86 platform. Practical exercises are made available and attendees encouraged to work through exercises ask questions.

Presenters
avatar for David Weinman

David Weinman

Security Research Engineer, Synack
Security Researcher from the Pacific Northwest, love board things, hacking and school. Evergreen State College Grad. CTF with GNU-E-Ducks, OpenToAll. | | Interests include reversing iOS things, game consoles, IoT


Tuesday July 25, 2017 18:00 - 18:25
Proving Ground (Florentine G) 255 E Flamingo Rd, Las Vegas, NV 89169

18:00

Behavioral Analysis from DNS and Network Traffic
Using behavioral analysis, it's possible to observe and create a baseline of average behavior on a network, enabling intelligent notification of anomalous activity. This talk will demonstrate methods of performing this activity in multiple environments. Attendees will learn new methods which they can apply to further monitor and secure their networks.

Presenters
avatar for Josh Pyorre

Josh Pyorre

Security Analyst, Cisco Umbrella (formerly OpenDNS)
I've been in security for about 20 years, starting as a field service engineer, moving on to sysadmin and running my own consulting company. I then worked at NASA as their first analyst for their new SOC. After a few years, I went to work for Mandiant to help them build their SOC... Read More →


Tuesday July 25, 2017 18:00 - 18:55
Ground Truth (Firenze) 255 E Flamingo Rd, Las Vegas, NV 89169

18:00

Cash in the aisles: How gift cards are easily exploited
It is commonly thought that gift cards must be activated to have any monetary value. Often displayed on countertops and lining grocery store aisles, seemingly worthless unactivated gift cards are free for anyone to grab a handful. However, weaker security features than the average credit card makes these gift cards nearly as valuable as cash. Mass produced, their numbers follow a predictable pattern and have limited built-in security, such as a chip or pin, to prevent fraud.

Presenters
avatar for William Caput

William Caput

Information Security researcher and pen-tester. Former Marine and supporter of the EFF.


Tuesday July 25, 2017 18:00 - 18:55
Ground1234! (The Tuscany, Tuscany Room) 255 E Flamingo Rd, Las Vegas, NV 89169

18:00

Skip tracing for fun and profit
This talk covers skip tracing TTPs and countermeasures in the digital and human domains. The audience will be guided through two real world examples of how a regular citizen can use open source tools, exploits, and social engineering to assist law enforcement and profit. Some examples include phishing websites tailored to a fugitive’s resume, geolocating a target through video game clients, and using social media meta-data to build pattern-of-life. As the audience is moved through the process step by step, online and offline countermeasure such as USPS forwarding, false resume writing, and secure communications will also be covered.

Presenters
avatar for Rhett Greenhagen

Rhett Greenhagen

Senior Threat and Malware Researcher, Mcafee
Rhett Greenhagen has worked in the NetSec/IC for over a decade. He specializes in open source intelligence, cyber counter-intelligence, profiling, exploitation, malware analysis, and technical research and development. Career highlights include Primary Forensic Investigator for t... Read More →


Tuesday July 25, 2017 18:00 - 18:55
Underground (Florentine E) 255 E Flamingo Rd, Las Vegas, NV 89169

18:30

SniffAir – An Open-Source Framework for Wireless Security Assessments
SniffAir is an open-source wireless security framework. Its primary purpose is to provide pentesters, systems admins, or others eager about wireless security a way to collect, manage, and analyze wireless traffic. SniffAir was born out of the hassle of managing large or multiple pcap files while thoroughly cross-examining and analyzing the traffic, looking for potential security flaws or malicious traffic.
We created SniffAir to collect all the traffic broadcasted, grouping them by Client or Access Point. SniffAir can be instructed to parse the information based on rules created by the user. These rules help define the scope. Using these rules, SniffAir moves the in-scope data to a new set of tables, allowing the framework to compare against the original table for anomalies. The user can then perform queries, which display the information required in a clear and concise manner – perfect for facilitating attacks.

Presenters
avatar for Steven Darracott

Steven Darracott

Security Consultant, Optiv
Steven is currently employed by Optiv Security Inc. as a Security Consultant on the Attack and Penetration team where he performs numerous wireless security assessments annually.
avatar for Matthew Eidelberg

Matthew Eidelberg

Security Consultant, Optiv
Matthew Eidelberg is a husband, father, and security fanatic. Matthew currently works as a Security Consultant on Optiv’s Attack and Penetration team. He has a passion for wireless, malware, red teaming and spends his free time taking things apart. @Tyl0us on Twitter


Tuesday July 25, 2017 18:30 - 18:55
Breaking Ground (Florentine A) 255 E Flamingo Rd, Las Vegas, NV 89169

18:30

Regulatory Nets vs. The Fishing Hook Of Litigation
What sort of legal and policy choices would lead to more secure and safer software and computing-enabled devices? The patchwork of existing legal regimes in the US is based on regulations imposed on a few verticals (finance, healthcare, and education in particular), and a complex web of compliance frameworks, contractual provisions, and consumer lawsuits. As we think about making software safer and more secure for users, the policy choices we preference now may have long reaching effects. This talk will explore the implications of relying on software liability or other ex-post options vs. regulations or similar ex-ante choices.

Presenters
avatar for Wendy Knox Everette

Wendy Knox Everette

Cyberlawyer
Wendy spent her first 18 years in New Jersey where she grew to appreciate a good slice of pizza. After college, she worked as a software developer at Amazon.com and Google. She received her JD from the George Mason University School of Law and completed a Fellowship in computer s... Read More →


Tuesday July 25, 2017 18:30 - 18:55
Common Ground (Florentine F) 255 E Flamingo Rd, Las Vegas, NV 89169

18:30

Internet of Cars
It's been almost a year since the DMCA exemption made hacking your own car legal and 3 years since I Am The Cavalry launched our 5 Star Automotive Cyber Safety Framework. We've had demonstrations of vehicle hacks, research on secure over the air updates, and new open source hardware projects to simplify RE'ing your vehicle. Has there been a wave of vuls in vehicle systems? What are automakers doing to secure connected vehicles? What about that whole Vehicle-to-Vehicle communication mandate? Where is automotive security is going, what has the impact of policy been, and, most importantly - how can more researchers get involved in helping to find solutions to all this? This session will have guest speakers bringing some exciting "inside" perspective to these questions and more.

Presenters
avatar for Abe Chen

Abe Chen

Head of Product Security, NIO
Abe T. Chen is a recognized security leader in end-to-end digital and physical investigations, advanced layered security architectures, compliance/risk mitigation methodologies, and product security. | Abe has made a career of successfully bringing bleeding-edge security techn... Read More →
avatar for Chris King

Chris King

Cyber Defense Manager, Rockwell Automation
Chris is a member of I am the Cavalry and a security researcher focusing on cyber-physical systems, vulnerability disclosure issues, and security policy. At his day job, Chris is the Cyber Defense manager at Rockwell Automation, a leading industrial automation company. He mana... Read More →
avatar for Kevin Tierney

Kevin Tierney

Director - Product Cybersecurity, General Motors
Kevin is a Director of Product Cybersecurity at GM and leads the team focused on in-vehicle security architecture, red team, governance and risk management, and advanced development.


Tuesday July 25, 2017 18:30 - 19:25
IATC (Siena) 255 E Flamingo Rd, Las Vegas, NV 89169

19:00

Writing Malware Without Writing Code
What are the motivations and mechanics of code re-use by malware coders?
The talk begin with a few in-the-wild examples of bad guys re-using existing source code.
Later, the main course will be served - an experimental malware written especially for the talk from publicly available code snippets, created by almost purely by copy-paste.

Presenters
avatar for Gal Bitensky

Gal Bitensky

Sr. Security Researcher, Minerva Labs
A 29-year-old geek from Tel-Aviv, breaker of stuff. Currently working as a senior malware psychologist in the Israeli start-up Minerva labs. Experienced in various fields, ranging from web application security and Windows internals to SCADA. Fluent in exotic languages like PHP, L... Read More →


Tuesday July 25, 2017 19:00 - 19:25
Breaking Ground (Florentine A) 255 E Flamingo Rd, Las Vegas, NV 89169

19:00

Pwning Software-Defined Networking (SDN)
Software-Defined Networking (SDN) has become an emerging solution to existing virtualized networking problems. Major contributors to the use of SDN is sought through the growing scale of computing power and clustered virtualization solutions. The use of SDN has shown much momentum in newer iterations of hypervisors and provides an area of discussion for vulnerability research. This talk provides a brief introduction to SDN, its components of a switch and a controller, and vectors for fuzzing. To facilitate the focus of SDN in an open source configuration, Floodlight, Open vSwitch (OVS) and the Open Flow protocol will be the prime targets for this talk. Although there are numerous vendor-specific variants, this talk is tailored to individuals who are new to the SDN paradigm, and those who want to learn more about vulnerability research in SDN.

Presenters
TC

Tommy Chin

Grimm (SMFS, Inc.)


Tuesday July 25, 2017 19:00 - 19:25
Common Ground (Florentine F) 255 E Flamingo Rd, Las Vegas, NV 89169

19:00

The Attack Chain Of A Nation-State (Equation Group)
In April 2017, The Shadow Brokers release a collection of hacking tools belonging to the Equation group, one of the more sophisticated nation-state threat actors known to date. This collection contained several zero-day exploits some of which targeted Windows OS.
The good thing is that Microsoft was able to patch its supported OSes before the tools were made available to the general public. The bad side is that some of these exploits also work on obsolete OSes such as Windows XP and Server 2003, and those will never be patched by Microsoft.
According to Bloomberg Businessweek, by April 27th nearly half a million computers were found to be infected by these tools. As a security vendor, this made us consider the need to patch also the legacy systems.
In this talk we’ll showcase the tradecraft of a nation-state threat actor and present our research of the April leak:
• Technical analysis of the SMB exploit, EternalBlue
• Description of the DoublePulsar backdoor - including bugs we found in this backdoor and how it differs from other backdoors.
• A patch for legacy OS that we made freely available to the public.

Presenters
avatar for Tal Liberman

Tal Liberman

Security Research Team Leader, enSilo
Tal has a strong interest in cyber-security, mainly focusing around OS-internals, reverse-engineering and low-level research. As a cyber security research team lead at enSilo, Tal’s team is responsible for reverse engineering OS internals, exploits, and malware and integrating... Read More →
OM

Omri Misgav

Security Researcher, enSilo
Omri has participated in R&D of large-scale defensive security solutions and did low-level research while taking part of an incident response team. As a security researcher at enSilo he digs into OS internals and exploits, as well as reverse engineering of malware. Omri is intrig... Read More →


Tuesday July 25, 2017 19:00 - 19:25
Underground (Florentine E) 255 E Flamingo Rd, Las Vegas, NV 89169

19:00

Sympathy for the Developer
In the realm of software security, developers are without question a major focus of blame, setting security teams to be in conflict with engineering. In general, the unwritten rule is that developers who make security mistakes either don't know, or don't care to know the "right" way to do things. What if this was framed differently? This talk is to present evidence that software security flaws occur at a fairly steady rate independent of which team or organization is developing the code.

In other words, everyone poops. This talk aims to present evidence based on previous reports, and new research, to show that bugs happen and the rate that they are being introduced hasn’t noticeably gone down during the past five years. Focusing specifically on how often SQL injection weaknesses are found in new applications using Veracode’s static scanning engine. Security flaws are going to occur, I propose the area for improvement is in finding them early and assisting developers with fixing them.

Presenters
avatar for Sarah Gibson

Sarah Gibson

Application Security Consultant, Veracode
Nerdy about web application security. | Currently talks to developers about how to make their applications more secure.


Tuesday July 25, 2017 19:00 - 19:30
Ground Truth (Firenze) 255 E Flamingo Rd, Las Vegas, NV 89169

19:00

Going Passwordless
Many people now recognize that passwords can be a problem for many of our web citizens. They are forgotten, weak, stolen, rarely changed, annoying, and difficult to manage. Let's examine new passwordless authentication schemes being used in the modern era, when they should be used, and release tooling to help service providers eliminate their passwords if they are so inclined.

Presenters
avatar for Evan Johnson

Evan Johnson

Security, Segment
Security of all kinds! Software engineering. Distributed systems.


Tuesday July 25, 2017 19:00 - 19:55
Ground1234! (The Tuscany, Tuscany Room) 255 E Flamingo Rd, Las Vegas, NV 89169

19:30

YARA-as-a-Service (YaaS): Real-Time Serverless Malware Detection
This will be the official public launch of BinaryAlert, a newly developed open-source serverless AWS pipeline where any file uploaded to an S3 bucket is immediately scanned with a configurable set of YARA rules. An alert will fire as soon as any match is found, giving an incident response team the ability to quickly contain the threat before it spreads.

The serverless design leads to strong security, automatic scalability, and very low cost. The YARA ruleset can be updated at any time, triggering a re-analysis of the entire bucket and alerting if any new matches are found. BinaryAlert is fully managed with Terraform configuration files and can be deployed in minutes with a single command.

This talk will review the flexibility and popularity of YARA rules, explain the BinaryAlert architecture and demo a deployment followed by a triggered alert (starting from only an empty AWS account).

Presenters
avatar for Austin Byers

Austin Byers

Software Engineer | CSIRT, Airbnb
I joined Airbnb in 2016 as a software engineer on the security team. Since then, I've been working on Airbnb's encryption services and incident response tools, including Cipher and the open-source StreamAlert project, respectively. | | Prior to my professional work, I was th... Read More →


Tuesday July 25, 2017 19:30 - 19:55
Breaking Ground (Florentine A) 255 E Flamingo Rd, Las Vegas, NV 89169

19:30

Hacking the Law: A Call for Action – Bug Bounties Legal Terms as a Case Study
While the bug bounty economy is booming, a novel survey of bug bounty terms reveals that platforms and companies often put hackers in “legal” harm’s way, shifting the risk for civil and criminal liability towards hackers instead of authorizing access and creating “safe harbors”. This is a call for action to hackers to unite, negotiate and influence the emerging landscape of cyberlaw, since hackers’ actions speak louder than scholars’ words. I suggest simple steps that could and should be taken, in order to minimize the legal risks of thousands of hackers participating in bug bounties, and create a “rise-to-the-top” competition over the quality of bug bounty terms. Hackers will learn not only which terms they should beware of in light of recent developments in anti-hacking laws, but which terms they, individually and through the platform, should demand to see to ensure “authorized access”. Most importantly, this is a case study of how a united front of hackers could demand and negotiate important rights, similar to what is done by organizations in other industries. Contracts and laws will continue to play a role in the highly regulated cyber landscape, conflicts of interests will inevitably arise, therefore hackers should not only pay attention to the fine print, but unite and negotiate for better terms.

Presenters
avatar for Amit Elazari

Amit Elazari

BerkeleyLaw
Amit is a doctoral law candidate at UC Berkeley School of Law and a CTSP Fellow at Berkeley School of Information. She is the first Israeli LL.M. graduate to been admitted to the doctoral program at Berkeley or any other top U.S. doctoral program in law, on a direct-track basis... Read More →


Tuesday July 25, 2017 19:30 - 19:55
Common Ground (Florentine F) 255 E Flamingo Rd, Las Vegas, NV 89169

19:30

Hak4Kidz Water Balloon fight
Join all the usual water balloon gladiators in the Tuscany parking lot for this year's charity waterballoon fight. All proceeds go to Hak4Kidz. $10 buy-in gets you all the balloons you can throw. $20 and you can bring your own equipment. (Super Soakers, etc.)

Tuesday July 25, 2017 19:30 - 20:30
The Tuscany Parking Lot 255 E Flamingo Rd, Las Vegas, NV 89169

20:00

QueerCon Mixer
Queercon is excited to be part of BSides Las Vegas again this year. Join us at the Tuscany pool from 8:00 PM until 11:30 for the Queercon BSides Mixer!

Tuesday July 25, 2017 20:00 - 23:30
The Tuscany Pool 255 E Flamingo Rd, Las Vegas, NV 89169

21:30

The New Hacker Pyramid
"We keep screwing up, and yet they keep asking us to return."

The New Hacker Pyramid returns yet again at BSidesLV 2017. Join us for games, drinks, and retro-fun. There will be prizes, audience participation, a number of secret guest appearances, and an EXTRA SPECIAL EVENT that you will have to be there to see! Things are so secret WE don't even know what they are!

Tuesday July 25, 2017 21:30 - 23:30
Chill Out Room (Florentine C&D) 255 E Flamingo Rd, Las Vegas, NV 89169
 
Wednesday, July 26
 

08:00

Practical Malware Analysis - Hands-On
Limited Capacity full
Adding this to your schedule will put you on the waitlist.

Learn how to analyze Windows malware samples, with a hands-on series of projects in a fun, CTF-style environment. There are four levels of analysis challenges.

1. Basic static analysis with file, strings, PEiD, PEview, Dependency
Walker, and VirusTotal
2. Basic dynamic analysis with Process Monitor, Process Explorer,
RegShot, and Wireshark
3. Advanced static analysis with IDA Pro Free and Hopper
4. Advanced dynamic analysis with Ollydbg and Windbg

The first challenges are easy enough for beginners, and the later ones
get difficult enough to interest intermediate security professionals.
We will demonstrate the challenges, discuss the technologies and
techniques, and help participants get through them as needed.

These challenges use harmless malware samples from the "Practice
Malware Analysis" book by Michael Sikorski and Andrew Honig.

All materials and challenges are freely available at samsclass.info,
including slide decks, video lectures, and hands-on project
instructions. They will remain available after the workshop ends.

Participants should be familiar with basic C programming. Experience with developing Windows applications, assembly language, and debuggers is helpful but not necessary.

Participants must bring a laptop (any OS) with VMware or VirtualBox
installed on it. Each participant will need a 32-bit Windows virtual
machine to run malware samples. USB sticks with a Windows Server 2008 VM will be available for students to copy. Some projects also use a Kali Linux VM to simulate the Internet, but that's not required.

Presenters
avatar for Sam Bowne

Sam Bowne

City College San Francisco, City College San Francisco
Sam Bowne has been teaching computer networking and security classes at CCSF since 2000. He has given talks at DEFCON, HOPE, BayThreat, LayerOne, and Toorcon, and taught classes and many other schools and teaching conferences. He has a B.S. in Physics from Edinboro University o... Read More →
avatar for Devin Duffy

Devin Duffy

Intern, Uber
I really love hearing about different malware attack vectors and APT campaigns. I'm currently seeking a junior pentesting position.
avatar for Dylan James Smith

Dylan James Smith

Dylan James Smith has assisted with hands-on workshops at B-Sides LV, DEF CON, RSA and other conferences. He has worked in and around the computer support industry since adolescence. Now he’s old(er.) Currently focused on learning and teaching "the cybers."


Wednesday July 26, 2017 08:00 - 11:55
Training Ground 3 (The Platinum, Platinum Room) 211 E Flamingo Rd, Las Vegas, NV 89169

08:00

Effective YARA
Limited Capacity full
Adding this to your schedule will put you on the waitlist.

YARA is a simple and highly effective way to identify, classify, and categorize files. It also happens to be a powerful and free sleuthing tool - think pattern matching on steroids - that belongs in every intelligence, incident response or SOC team. It runs on any platform, is open source and is small enough to be an easy inclusion to any trusted tool set. Its ability to sift through data, identify files based on logic - not just by simple comparison but also via fuzzy logic - makes YARA pretty unbeatable. It can used simply for insight on an isolated event or in sophisticated manner as part of an incident response or research laboratory. Those not using YARA are missing out on key intelligence capability. Its ease of use and ability to rapidly deploy means you can get into YARA quickly but can just as easily lead to missing the sophisticated and powerful ways to use it.

Presenters
avatar for Monty St John

Monty St John

Intelligence Chief, Cyberdefenses
Monty St John is the lead security trainer and intelligence chief for CyberDefenses and a frequent contributor to community and industry events. Previous contributions have focused on research and interests in banking and healthcare security topics. His current research focuse... Read More →


Wednesday July 26, 2017 08:00 - 17:55
Training Ground 2 (The Platinum, Pearl Room) 211 E Flamingo Rd, Las Vegas, NV 89169

09:00

Pros vs Joes CTF - Play begins!
Staff
avatar for Dichotomy

Dichotomy

Senior Staff, BSidesLV
Pros Vs Joes Capture the Flag Games Master


Wednesday July 26, 2017 09:00 - 09:15
Chill Out Room (Florentine C&D) 255 E Flamingo Rd, Las Vegas, NV 89169

09:00

Crams and Exams for Hams

Ham Tech Review and Exam Session

In this session we’ll be providing a 30-45 minute review for the tech level exam, providing details on each of the subject areas (including operating practice, rules, and basic RF and electronics theory). While the registration is full, if there is a chair, you are more then welcome to sit in.

After the review session is complete, people are welcome to drop by anytime during the training time to check for an open chair and write their ham exam (leave yourself at least 45 minutes to write).  We can also facilitate general and extra.

If you do not already have a callsign, please register for an FRN at the FCC site, or we will make you do it in front of us while you send your SSN over the con wifi. You can register at https://apps.fcc.gov/coresWeb/publicHome.do.  Applicants without an SSN are required to do this in advance.

You must have photo ID (foreign passports OK) and use your real name and US address (consider using a PO box).  There is no fee for the session.


Presenters
avatar for Falcon Darkstar Momot

Falcon Darkstar Momot

Senior Security Consultant, Leviathan Security Group
Falcon is a senior penetration tester at Leviathan Security Group who works on everything from cryptosystem design to security program operation. He also studies LangSec as an M. Sc. student at Athabasca University, and captures flags with Neg9. His alter ego is AF7MH, licensor... Read More →


Wednesday July 26, 2017 09:00 - 12:25
Training Ground 1 (The Platinum, Opal Room) 211 E Flamingo Rd, Las Vegas, NV 89169

10:00

The New Cat and Mouse Game: Attacking and Defending Machine Learning Based Software
Machine learning is increasingly woven into software that determines what objects our cars recognize as obstacles, whether or not we have cancer, what news articles we should read, and whether or not we should have access to a building or device. Thus far, the technology community has focused on the benefits of machine learning rather than the security risks. And while the security community has raised concerns about machine learning, most security professionals aren't also machine learning experts, and thus can miss ways in which machine learning systems can be manipulated. My talk will help to close this gap, providing an overview of the kinds of attacks that are possible against machine learning systems, an overview of state-of-the-art methods for making machine learning systems more robust, and a live demonstration of the ways one can attack (and defend) a state-of-the-start machine learning based intrusion detection system.

Presenters
avatar for Joshua Saxe

Joshua Saxe

Chief Data Scientist, Sophos
Joshua Saxe is Chief Data Scientist at Sophos, where he and his team focus on developing breakthrough security data science technologies. Highlights of his work have included leading research to develop neural networks for detecting malicious PE, URL and HTML content, developing... Read More →


Wednesday July 26, 2017 10:00 - 10:25
Ground Truth (Firenze) 255 E Flamingo Rd, Las Vegas, NV 89169

10:00

Scamming the Scammers - Becoming the Robin Hood of the phones
In the world of information, it's easy to see how people can get tricked. Social Engineering is spreading like wildfire on the phones, on the internet, and even in your very own city. Phone scams are becoming more of a problem, and it doesn't seem like it's stopping soon.

Attending this talk with help you gain more understanding on how these scams are structured, where your data is, how data is transmitted between scammers, how "employees" are funded for these operations, an example call center setup, and most importantly: how to stop this phenomenon.

Presenters
avatar for Nathan Clark

Nathan Clark

This summer, witness a Canadian, self-taught, self-proclaimed, rebellious information technology administrator hack his way into die hard situations. | | Featuring Nathan Clark, and his whole suite of tools, you can't miss all the action packed adventures. | | In all se... Read More →


Wednesday July 26, 2017 10:00 - 10:25
Proving Ground (Florentine G) 255 E Flamingo Rd, Las Vegas, NV 89169

10:00

CheckPlease - Payload-Agnostic Implant Security
In this talk, we present CheckPlease, our new repository of implant security modules. CheckPlease is unique in that it is payload-agnostic, meaning we implement every module in PowerShell, Python, Go, Ruby, C#, Perl, and C. In our talk, we not only present on a breadth of new techniques, but we also walk step-by-step through their implementations in newer languages that are seemingly a major increase in payload deliverance.

CheckPlease will serve as the central repository for implant security and, as a byproduct, sandbox detection. In our opinion, the future of sandbox detection is in implant security; by targeting your payload, your odds of executing in a sandbox decrease dramatically. This talk will provide insight into the newest implant security techniques, their implementations, and how payloads in new languages interact with the Windows API.

Presenters
avatar for Brandon Arvanaghi

Brandon Arvanaghi

Associate Consultant, Mandiant
Brandon Arvanaghi is a security consultant at Mandiant (a FireEye company). At Mandiant, he has written tools for webshell detection and malware sandbox evasion. He is the author of SessionGopher, CheckPlease, and a contributor to PowerShell Empire. Prior to Mandiant, Brandon con... Read More →
avatar for Christopher Truncer

Christopher Truncer

Mandiant
Christopher Truncer (@ChrisTruncer) is a red teamer with Mandiant. He is a co-founder and current developer of the Veil-Framework, a project aimed to bridge the gap between advanced red team and penetration testing toolsets. Chris began developing toolsets that are not only desig... Read More →


Wednesday July 26, 2017 10:00 - 10:55
Breaking Ground (Florentine A) 255 E Flamingo Rd, Las Vegas, NV 89169

10:00

Hadoop Safari : Hunting For Vulnerabilities
With the growth of data traffic and data volumetric analysis needs, “Big Data” has become one of the most popular fields in IT and many companies are currently working on this topic, by deploying Hadoop clusters, which is the current most popular Big Data framework. As every new domain in computer science, Hadoop comes (by default) with truly no security. During the past years we dug into Hadoop and tried to understand Hadoop infrastructure and security.

This talks aims to present in a simple way Hadoop security issues or rather its “concepts”, as well as to show the multiples vectors to attack a cluster. By vectors we mean practical vectors or to sum it up: how can you access the holy “datalake” after plugging your laptop onto the target network.

Moreover, you will learn how Hadoop (in)security model was designed explaining the different security mechanisms implemented in core Hadoop services. You will also discover tools, techniques and procedures we created and consolidated to make your way to the so-called “new black gold”: data. Through different examples, you will be enlightened on how these tools and methods can be easily used to get access to data, but also to get a remote system access on cluster members.

Eventually and as Hadoop is the gathering of several services and projects, you will apprehend that patch management in this field is often complicated and known vulnerabilities often stay actionable for a while.

LAST-MINUTE EDIT:
Just a last-minute reminder for attendees: the time slot for our talk has been changed from the 25th 15:00 to the 26th 10:00.
The venue is still Florentine F on the Common Ground track.

POST-CONFERENCE UPDATE:
Slides have been attached to this post.
Video is online (https://youtu.be/B3mMTaer2is?t=5170) 

Presenters
avatar for Mahdi Braik

Mahdi Braik

Security Consultant, Wavestone
I am a pentester for Wavestone, a consulting company. I am passionate and very interested by several topics related to infosec as web application security, exploit development and reverse engineering.
avatar for Thomas Debize

Thomas Debize

Consultant, Wavestone
I am a French security enthusiast and work as infosec | auditor at Wavestone, a consulting company. | I work on all kinds of security audits, penetration tests and incident responses. I like to git push new infosec tools (check | https://github.com/maaaaz) and write some bl... Read More →



Wednesday July 26, 2017 10:00 - 10:55
Common Ground (Florentine F) 255 E Flamingo Rd, Las Vegas, NV 89169

10:00

Safer Storage and Handling of User Answers to Security Questions
Like it or not, security question password reset isn’t going away. Most organizations find it to be a cost effective approach that seems to work in practice. While there are many problems with this approach, one has received little attention: how to safely store the answers. I show that common methods used for storing password validation information are not suitable for security questions, and propose better alternatives.

Presenters
avatar for Arnold Reinhold

Arnold Reinhold

A G Reinhold
Arnold Reinhold has been involved with password and passphrase security since the mid-1990s. He is the developer of Diceware, RockSalt, CipherSaber and HEKS, the first password hash designed to consume memory resources as well as CPU time. | | He has worked on spacecraft nav... Read More →


Wednesday July 26, 2017 10:00 - 10:55
Ground1234! (The Tuscany, Tuscany Room) 255 E Flamingo Rd, Las Vegas, NV 89169

10:00

Hacking Is Easy, Hiring Is Hard: Managing Security People
The common view of management is that it's easier than reverse engineering. This talk will show you some of the challenges of managing security professionals and walk you through some of the more interesting parts of recruiting, managing, leading and retaining rock-star level talent in the hardest, most difficult industry. Once you understand what it means to manage, you may find that you no longer want to manage, but you understand how to make your managers happy, how to succeed when being recruited and how to make yourself successful in your job and your career.

Wednesday July 26, 2017 10:00 - 10:55
Hire Ground (Florentine B) 255 E Flamingo Rd, Las Vegas, NV 89169

10:00

Why is China all up in my SQL server?
Starting early in 2017, the honeypots I run in my lab began to receive a strangely large volume of inbound SQL connections from all over Asia, but mainly from China. Fortunately, I am recording the traffic of virtually everything that hits my dirty network, and discovered that the attacks appear to be automated, run at high volumes, and engage in a sophisticated and complex attempt to break into Microsoft SQL Server. In this presentation, I will provide a full walkthrough of the attack, detailing the methods in use and countermeasures you can employ to protect your server. I'll also provide historical and reputational context about the attackers' originating IP addresses and the other dirty stuff coming from those addresses. And let me tell you, it's pretty dirty.

Presenters
avatar for Andrew Brandt

Andrew Brandt

Director of Threat Research, Symantec
Andrew Brandt is a network forensics and incident response nerd who loves running malware just to watch machines die. In his spare time he builds retro videogame platforms and rides mountain bikes, preferably in the dead of night. If you meet in person, talk to him about new musi... Read More →


Wednesday July 26, 2017 10:00 - 10:55
Underground (Florentine E) 255 E Flamingo Rd, Las Vegas, NV 89169

10:30

Technical Tactics: Embedded Linux Software BOM
Manufacturers in the medical, industrial and automotive industries can no longer just design a product and sell it, unchanged, for a decade. Keeping their products up to date on OS and library versions is crucial for maintaining safety and security. This is a herculean task for many manufacturers. Many do not even know what libraries are installed on their device. Those that do find it hard to keep up to date on known library vulnerabilities.

I will go over how to use open source tools to generate a software Bill of Materials for an embedded linux system (even one you didn't design! *wink wink*) and how to cross reference that BOM with the NIST NVD to search for known 3rd party vulnerabilities. I will then show how to integrate that process into a continuous integration system so that you can get automated updates when new CVEs are discovered.

Presenters
avatar for daniel beard

daniel beard

Director, MedISAO
Daniel is VP of Technology at Promenade Software, a medical device software services company and Director of MedISAO, an information sharing and analysis organization specifically targeting small-to-medium medical device manufacturers. | | Talk to him about anything regardi... Read More →


Wednesday July 26, 2017 10:30 - 10:40
IATC (Siena) 255 E Flamingo Rd, Las Vegas, NV 89169

10:30

Mining Software Vulns in SCCM / NIST’s NVD– The Rocky Road to Data Nirvana
Patch management for 3rd-party software can be a significant challenge. The raw data for effective vulnerability management is available in MS’ SCCM (software inventory) and NIST’s NVD (vulnerability database). However extracting the relevant information from complex, sometimes undocumented data structures poses significant challenges.

We set the stage first with a brief overview of SCCM / NVD data structures as well as a look at a (non-typical but interesting!) production environment. Then we’ll take a quick dive into data wrangling / Machine Learning fundamentals applied to this problem: feature extraction, choice of approach, algorithm choice and turning.

Once the technical challenges are resolved, the path to “Data Nirvana” can still be strewn with significant non-technical hurdles to overcome as well. We will discuss some practical “been there, done that” examples. Following a “Lessons Learned” summary, there will be a demo of the tool.

Presenters
avatar for Loren Gordon

Loren Gordon

Security Architect, Ubisoft
With over 25 years’ experience, Loren has done extensive stints at 2 large financial institutions, a major retailer, a world-class telco, a service bureau or two, and now Ubisoft (the greatest gaming company ever!). Loren has worked on everything from mobile phones, laptops and... Read More →


Wednesday July 26, 2017 10:30 - 10:55
Ground Truth (Firenze) 255 E Flamingo Rd, Las Vegas, NV 89169

10:30

Applied OSINT: Enabling Better Social Engineering for Better Pen Tests
Social engineering attacks remain the most effective way to gain a foothold in a targeted organization. But those attacks are only as good as the information used to create them. This presentation will arm you with the latest open-source intelligence (OSINT) tools and techniques needed for gathering detailed information on your targets, turning your social engineering ops into carefully targeted precision strikes that can greatly improve your results. We'll also cover steps that you can take to reduce your own OSINT exposure, protecting you and your organization. You'll see techniques for phishing, vishing, pretexting, impersonation, and more. Tool demonstrations will include how to make the best use of OSINT Websites and standalone tools such as Datasploit and recon-ng.

Presenters
avatar for Joe Gray

Joe Gray

Enterprise Security Consultant, Sword & Shield Enterprise Security
Joe Gray joined the U.S. Navy directly out of High School and served for 7 years as a Submarine Navigation Electronics Technician. Joe is an Enterprise Security Consultant at Sword and Shield Enterprise Security in Knoxville, TN. Joe also maintains his own blog and podcast called... Read More →


Wednesday July 26, 2017 10:30 - 10:55
Proving Ground (Florentine G) 255 E Flamingo Rd, Las Vegas, NV 89169

10:45

Technical Tactics: Fear & loathing in building management systems
Since December 2015 I've had a bit of an unhealthy obsession with building management systems. Having first identified a building that shouldn't have been on the internet (see itnews.com.au/news/the-it-flaw-that-left-an-aussie-natsec-agency-base-open-to-attack-459743) I had enumerated facilities from airports to nuclear reactors in Australia. This is not however all bad news. Over the past 18-24 months Ive had a range of outcomes with stakeholders from legal threats all the way to pragmatic approaches to securing applications and environments and I wanted to share the lessons I've learnt.

Presenters
avatar for Edward Farrell

Edward Farrell

director, Mercury ISS


Wednesday July 26, 2017 10:45 - 10:55
IATC (Siena) 255 E Flamingo Rd, Las Vegas, NV 89169

11:00

Building a Benign Data Set
Though featurization is important, the datasets used to make conclusions are just as important, if not more so. Information Security researchers often cannot release data, resulting in lack of benchmark datasets and causing cross-dataset generalization to be understudied in this domain. Despite this fact, presence of dataset bias (especially negative set bias) is now common knowledge in machine learning for malware classification. For these reasons, we have developed a standard for benign datasets to be used toward machine learning in the malware classification domain. We are also releasing a sample benign data set designed to minimize these problems.

Presenters
avatar for Rob Brandon

Rob Brandon

Security Researcher, Booz-Allen-Hamilton
Rob is currently a security researcher with the Booz-Allen Hamilton Dark Labs. He has over a decade of experience in the security field, primarily in the areas of network traffic analysis, forensics, reverse engineering, and machine learning. Rob holds a PhD in Computer Science... Read More →
avatar for John Seymour

John Seymour

University of Maryland, Baltimore County
John Seymour is a Senior Data Scientist at ZeroFOX, Inc. by day, and Ph.D. student at University of Maryland, Baltimore County by night. He researches the intersection of machine learning and InfoSec in both roles. He’s mostly interested in dataset bias (seriously, do people st... Read More →


Wednesday July 26, 2017 11:00 - 11:25
Ground Truth (Firenze) 255 E Flamingo Rd, Las Vegas, NV 89169

11:00

Hacking Tech Interviews
Learn how to hack tech interviews to your advantage in this story-filled talk from an infosec consulting director who has conducted over 120 tech interviews in the past few years. There are a surprising number of people that aren't aware of some key basic steps to take before, during, and after a tech interview to maximize their chances of success. First-hand accounts of interviews gone horribly wrong and ones that went surprisingly well will be shared, along with a summary of key learnings across the interviews.

Presenters
avatar for Adam Brand

Adam Brand

Director, Protiviti
Adam Brand: Adam Brand has more than 17 years’ experience in information technology and security. He is a Director with Protiviti, where he helps companies secure their environments and also leads Protiviti's medical device security practice. Related to his talk at BSidesLV, Ad... Read More →


Wednesday July 26, 2017 11:00 - 11:25
Hire Ground (Florentine B) 255 E Flamingo Rd, Las Vegas, NV 89169

11:00

One OSINT Tool to Rule Them All
The purpose of this talk is to share the results of a comparative analysis between different automated Open Source Intelligence (OSINT) gathering tools. To do so, a list of reputable, popular and open source tools was compiled and then compared against three (3) different benchmarks: Data variety, Data quality and Currency. I then added useful details such as an overview of tool Modules, Output formats,  Supported Operating Systems (OS) and more. The results include a table which will help security professionals easily find the appropriate tool for their type of engagement, their available time and the type of information they seek. Finally, the talk will answer some practical questions a security professional might have during engagements, such as: “What tool is the best for e-mail lists?" "What tools are awesome for beginners?" and others! :-)

Presenters
avatar for Emilie St-Pierre

Emilie St-Pierre

Security Analyst, Rapid7
Émilie St-Pierre is currently a security analyst at Rapid7, where she asks a lot of questions and works on offensive engagements. She has been a part of the infosec community for 5 years and has been co-hosting the weekly Greynoise podcast for the past 2 years. Émilie is a Dire... Read More →


Wednesday July 26, 2017 11:00 - 11:25
Proving Ground (Florentine G) 255 E Flamingo Rd, Las Vegas, NV 89169

11:00

Network Forensic Analysis in an Encrypted World
The movement to encrypt network communications has created a new set of challenges and critical choices for information security and risk operations personnel and executives. Network security monitoring (NSM) and network forensics is essential to secure a modern enterprise but many wonder if the changing landscape will shift the balance of power to attackers. While encryption renders many legacy network security monitoring tools useless, there are compelling cases for maintaining user privacy.

This talk will examine how the increasing adoption of encryption in common network protocols impacts security architectures and present new techniques to build threat intelligence and detection streams that operate on top of encrypted traffic. Further, the talk will present research and statistics based upon the techniques to show how real threat actors have been detected and shut down even when hiding behind the veil of encryption. The talk will close by presenting a maturity model helping organizations to understand their maturity level in terms of monitoring encrypted traffics. Attendees will leave no longer wondering how encrypting “all the things” prevents their team from analyzing those things.

Presenters
avatar for William Peteroy

William Peteroy

Co-Founder and CEO, ICEBRG
William has over a decade of experience in network and software security. Prior to co-founding ICEBRG, William worked in a number of business and technical leadership positions as a Technical Lead, Technical Director and Subject Matter Expert for the Department of Defense (DoD) a... Read More →
avatar for Justin Warner

Justin Warner

Principal Security Engineer, ICEBRG
Justin Warner (@sixdub) is a security engineer at ICEBRG focusing on helping customers to gain large visibility into their enterprise and ultimately detect and analyze malicious activity. Justin is an Air Force Academy graduate, former USAF Cyber Ops officer, and former red team... Read More →


Wednesday July 26, 2017 11:00 - 11:55
Breaking Ground (Florentine A) 255 E Flamingo Rd, Las Vegas, NV 89169

11:00

TMTO...Y?
Yes it is 2017 and you have not traveled back in time. This talk is about "instant" password recovery, the new advances in this field, and uses of these "lossy hash tables". There are people actively using these to crack passwords. When time is critical. We'll discuss optimizations and optimal settings along with general sizes and times.

Presenters
avatar for Steve Thomas

Steve Thomas

Steve specializes in crypto and password research. Steve was one of the panelists for the Password Hash Completion. "I do stuff... sometimes." Like PAKE to HSM or finding bugs in Signal Protocol, CryptoCat, Adobe ColdFusion 9's password encryption key generator, and password hash... Read More →


Wednesday July 26, 2017 11:00 - 11:55
Ground1234! (The Tuscany, Tuscany Room) 255 E Flamingo Rd, Las Vegas, NV 89169

11:00

Lightning Talks: Thinking Different

Beau Woods, Deputy Director of the Cyber Statecraft Initiative and core contributor to I Am The Calvalry, will host discussions on multidisciplinary approaches to solving some of the most important and complex problems in security today. 

Join him for this session at 11 am and the Red/Blue Q&A session that follows at noon.

***

Significant Soft Skills - It Takes a Village

Security requires more than just technical solutions. There’s a difference between knowing how to solve a problem and being able to effectively communicate that to someone else whose buy-in is needed to move things forward. Real impact and change require people to agree to an action plan and put processes in place to ensure the right things happen in a coordinated and repeatable manner.

Caroline Wong, VP of Security Strategy at Cobalt, will share key stories from her career where effective communication was critical to getting the job done (including an e-commerce firm’s response to an international security incident and one CISO’s approach to justifying a 15x information security budget for his team). She will also discuss an approach that any security professional can use to easily talk about risk tolerance with a non-security expert.

***

Healthcare Data Protection Hazards - The Big Picture is Key

Protecting medical data is one of the cyber security industry's top challenges today. Banks and credit card companies now have processes and technology in place to protect customers from financial fraud, but stolen medical records can directly affect someone, potentially for the rest of their life.

Robert Wood, Director of Trust at Nuna, will discuss approaches to identifying and talking about risk effectively; creating stories around various technical and process-related scenarios to communicate what needs to be done to get buy-in for appropriate controls.

***

Cyber Mutual Assistance – Bringing Mutual Assistance to Electric Utility Operators

Owners and operators of the electric grid in the United States are facing an unprecedented number of physical and cyber security risks. This session will discuss the methods that electric utilities are using to address the wide variety of risks, with special focus on a new program called “Cyber Mutual Assistance”

Based on lessons learned from major destructive cyber incidents overseas, and from exercises in North America, the Cyber Mutual Assistance program was developed. It is an extension of the electric power industry’s longstanding approach of sharing critical personnel and equipment when responding to emergencies.

David Batz, Senior Director of Cyber & Infrastructure Security at Edison Electric Institute, will be providing information about the Cyber Mutual Assistance program, one example of a variety of industry initiatives developed by the Electricity Subsector Coordinating Council (ESCC) to provide resilience and restoration capability to entities in the electricity sector.

***

Stopping a Cyber Hurricane - A Call for Proactive National Cybersecurity

A hurricane and malicious cyber activity are analogous based on their ability to affect our nation’s critical infrastructure, our safety, and our security. But, hurricanes are unpredictable, natural events in a domain no human can control, while significant malicious cyber activity starts in a human’s mind and exists in a domain humans exert some control over. Current US government efforts to counter significant malicious cyber activity are focused on using existing agencies to prepare for and react to these threats.

Steven Luczynski, Deputy Director of Cyber Plans and Operations for the Under Secretary of Defense for Policy at the Pentagon, will discuss methods for the government and private industry to take a more proactive approach to counter these threats before they can affect our nation. The potential exists to build upon the model used in the fight against drug trafficking to synchronize capabilities across a wide-range of government agency authorities, in conjunction with improved private industry participation. While there are numerous legal and regulatory concerns to address, it will take leadership from all levels, particularly from the bottom up, to initiate the effort required to solve these complex issues.


Presenters
avatar for David Batz

David Batz

Senior Director, Cyber & Infrastructure Security, Edison Electric Institute
Leveraging over 20 years of utility experience, David Batz brings significant industry knowledge in understanding and applying appropriate security solutions to address emerging threats and issues. | In addition to providing technical knowledge of security and network issues... Read More →
avatar for Steven Luczynski

Steven Luczynski

Deputy Director, Cyber Plans and Operations, Office of the Secretary of Defense (Policy)
Steve Luczynski currently serves as the Deputy Director, Cyber Plans and Operations for the Under Secretary of Defense for Policy at the Pentagon. He works with national policymakers, interagency counterparts, and combatant command staff to support the Department of Defense miss... Read More →
avatar for Caroline Wong

Caroline Wong

VP of Security Strategy, Cobalt
Caroline is a dynamic cybersecurity expert with more than a decade of industry experience as a day-to-day manager at eBay and Zynga, product manager at Symantec, and managing consultant at Cigital (now Synopsys). She is currently VP of Security Strategy at Cobalt, a company that... Read More →
avatar for Robert Wood

Robert Wood

Director, Trust and Security, Nuna
Robert Wood runs the trust and security team at Nuna, whose core directive is to protect one of the nation's largest collective healthcare data sets. Previously, Robert was a Principal Consultant at Cigital where he founded and led the red team assessment practice and worked with... Read More →



Wednesday July 26, 2017 11:00 - 11:55
IATC (Siena) 255 E Flamingo Rd, Las Vegas, NV 89169

11:00

Accessibility: A Creative Solution to Living Life Blind
Not many people with disabilities have given a talk at hacker conferences on how they do what they do. This talk will focus and have demonstrations on how technologies and innovation improves life for those who are blind.

Presenters
avatar for Shaf Patel

Shaf Patel

Director, SNCooperative
Shaf Patel is a blind developer, hacker, locksmith, Muslim and tech enthusiast from London, UK. He | has a passion for cyber security, coding, encryption, audio production, music, social engineering, disability advocacy and human rights. He also enjoys traveling, reading and me... Read More →


Wednesday July 26, 2017 11:00 - 11:55
Underground (Florentine E) 255 E Flamingo Rd, Las Vegas, NV 89169

11:00

Baby Got Hack Back
You’ve heard it before: the bad guys are winning; US companies are under attack every day, and defenders are on the losing end of the war. We are less resourced and, held back by the legal framework, less free to act, to fight back against our adversaries. This is not just a common lament in security circles, it is also the foundation of the ‘hack back’ argument. It continues that organizations on the receiving end of attacks should be able to defend themselves the same way US citizens can defend themselves against intruders in their homes. Defenders should be able to fight back, launch a counterstrike. This is hack back. And today it is illegal for private entities in the US. But there is increasing noise about legalizing it, with a bill introduced to do just that earlier this year, and a number of foreign governments also discussing it. The arguments that support it are appealing, yet it is widely opposed by many in the security community, with dire warnings about potential consequences of authorizing such measures.

This talk will examine the arguments for and against hack back; the current legal constraints; potential outcomes of authorizing it; and how hack back fits within both broader cybersecurity policy discussions, and other security program practices, such as active defense. We will begin with an objective, balanced overview from the Department of Justice’s Leonard Bailey and Rapid7’s Jen Ellis (40 mins) of the legal and practical dimensions of hack back. They will then be joined by advocates for and against authorizing hack back for a lively debate (40 mins). There may also be some bad rapping, but we make no promises.

Presenters
avatar for Leonard Bailey

Leonard Bailey

Leonard Bailey joined the Department of Justice’s Terrorism and Violent Crime Section (TVCS) in 1991 and served as Special Counsel and Special Investigative Counsel to the Department’s Inspector General in the late 1990’s. In 2000, he joined the Computer Crime and Intellec... Read More →
avatar for Jen Ellis

Jen Ellis

VP of community and public affairs, Rapid7
Jen Ellis is Rapid7’s Vice President of Community and Public Affairs. She believes security practitioners are the guardians of Society’s trust in technology, and works extensively with security professionals, technology providers/operators, and various Government entities to... Read More →
avatar for Robert Graham

Robert Graham

Errata Security
Robert Graham is the CEO of Errata Security, a pentest/consultingfirm. He's known for creating the first IPS, the BlackICE series ofproducts, sidejacking, and masscan. In his spare time, he scans theInternet. He has been speaking at several conferences a year for thepast decade... Read More →
avatar for Davi Ottenheimer

Davi Ottenheimer

product security, mongoDB
flyingpenguins, Cyberwar History, Threat Intel, Hunt, Active Defense, Cyber Letters of Marque, Cloudy Virtualization Container Security, Adversarial Machine Learning, Data Integrity and Ethics in Machine Learning (Formerly Known as Realities of Securing Big Data).


Wednesday July 26, 2017 11:00 - 12:25
Common Ground (Florentine F) 255 E Flamingo Rd, Las Vegas, NV 89169

11:30

A System Dynamics Approach to CNO Modelling
This paper is based in the field of System Dynamics (SD) Modelling. Recent research of Advanced Persistent Threats (APTs) has focused on development of tools, tactics, and procedures (TTP). However, developing an understanding of the managing bodies and bureaucracies that drive these actors and their computer network operations (CNOs) is just as significant as understanding their TTP. This paper proposes a model that focusses on how the APTs allocate and utilize their resources. The assumption is that in this allocation there is an optimal way to operate to either attack or defend infrastructure. This model strives to explain the optimal resource allocation of APTs and targets based on the feedback loops present in SD.

Presenters
avatar for Sara Mitchell

Sara Mitchell

Recent Masters Graduate, Carnegie Mellon University
Recent graduate of the Information Security Policy and Management program at the Heinz College at Carnegie Mellon University. Studies and research experiences focused on threat intelligence and modelling.


Wednesday July 26, 2017 11:30 - 11:55
Ground Truth (Firenze) 255 E Flamingo Rd, Las Vegas, NV 89169

11:30

(In)Outsider Trading - Hacking stocks using public information and influence.
This talk will take a look at how inadvertently leaked technical information from businesses, can be used to successfully trade stocks. This results in making huge profits. We look at different methods of influencing the stock market, such as DDOS attacks (at critical time periods) and simple techniques such as Phish-baiting CEO's to acquire sensitive, relevant information that can be applied in the real world to make massive gains in profit.

We will also take a look at historic trends. How previous hacks, breaches and DDOS attacks have affected stock prices and investor confidence over time. Specific reference will be made towards listed companies and a POC will hopefully be completed by the presentation date.

Presenters
avatar for Richard Hocking

Richard Hocking

Penetration Tester, Telspace Systems
Love all things related to logic breaking and hacking.


Wednesday July 26, 2017 11:30 - 11:55
Proving Ground (Florentine G) 255 E Flamingo Rd, Las Vegas, NV 89169

11:30

Lockpick Village - Beginner lesson
Staff
avatar for Wendy Knox Everette

Wendy Knox Everette

Cyberlawyer
Wendy spent her first 18 years in New Jersey where she grew to appreciate a good slice of pizza. After college, she worked as a software developer at Amazon.com and Google. She received her JD from the George Mason University School of Law and completed a Fellowship in computer s... Read More →
avatar for Kat Sweet

Kat Sweet

Information Security Analyst, Duo Security
Kat recently moved from Madison to Ann Arbor to work for Duo Security (MFA FTW!), becoming perhaps the first Duonaut ever whose relocation involved a boat ride. Outside of work, she has an affinity for wielding pointy objects, including lockpicks, knitting needles, and, as of las... Read More →


Wednesday July 26, 2017 11:30 - 12:00
Chill Out Room (Florentine C&D) 255 E Flamingo Rd, Las Vegas, NV 89169

11:30

Mentoring, Networking, Resume Review
This is a great time to come and network with recruiters who are hiring and looking to talk to you about their companies. You can also come into Hire Ground and have your resume reviewed. Also be on the lookout for Career Mentors who have "Blinky Badges" they are available to answer your tough questions about your career. Remember networking is the number one way to find a job - come and network

Wednesday July 26, 2017 11:30 - 13:55
Hire Ground (Florentine B) 255 E Flamingo Rd, Las Vegas, NV 89169

12:00

Abusing Webhooks for Command and Control
You are on the inside of the perimeter. And maybe you want to exfiltrate data, download a tool, or execute commands on your command and control server (C2). Problem is - the first leg of connectivity to your C2 is denied. Your DNS and ICMP traffic is being monitored. Access to your cloud drives is restricted. You've implemented domain fronting for your C2 only to discover it is ranked low by the content proxy, which is only allowing access to a handful of business related websites on the outside.

We have all been there, seeing frustrating proxy denies or triggering security alarms making our presence known.
Having more choices when it comes to outbound network connectivity helps. In this talk we'll present a technique to establish such connectivity with the help of HTTP callbacks (webhooks). We will walk you through what webhooks are, how they are used by organizations. We will then discuss how you can use approved sites as brokers of your communication, perform data transfers, establish almost realtime asynchronous command execution, and even create a command-and-control communication over them, bypassing strict defensive proxies, and even avoiding attribution.

Finally, we’ll show the tool that will use the concept of a broker website to work with the external C2 using webhooks.

Presenters
avatar for Dimitry Snezhkov

Dimitry Snezhkov

Sr. Security Consultant, IBM X-Force Red
Sr. Security Consultant for X-Force Red at IBM, currently focusing on offensive security testing, code hacking and tool building.


Wednesday July 26, 2017 12:00 - 12:25
Breaking Ground (Florentine A) 255 E Flamingo Rd, Las Vegas, NV 89169

12:00

Rethinking P@ssw0rd Strength Beyond Brute-force Entropy
Everywhere you need a password, the requirements follow a basic pattern: X length; must contain (or not contain?!?) lowercase, uppercase, digits, and symbols; must be rotated every Y days. But is that enough? This talk rethinks how we approach password strength, or “entropy”, in the real world.

There are many people who create passwords nonrandomly and think they’re making their passwords look random, but many common “clever” tricks aren’t so, and in fact are very guessable. Rather than calculating entropy as if the passwords were created randomly, we can find new and clever ways of calculating entropy given this knowledge.

Presenters
avatar for Ross Dickey

Ross Dickey

Senior Software Engineer, Rapid7
I am a SysAdmin turned Software Engineer turned DevOp turned security-minded DevOp. I have been in the industry for 14 years but strong into security for over three. Starting around the time of the Ashley Madison hack I've had a passion for passwords, and their use and misuse b... Read More →


Wednesday July 26, 2017 12:00 - 12:25
Ground1234! (The Tuscany, Tuscany Room) 255 E Flamingo Rd, Las Vegas, NV 89169

12:00

Red/Blue Q&A: Pressure Test Lightning Talk Ideas
Following up on their Lightning Talks, the four presenters will let the audience explore their ideas in more detail and pressure test their assumptions. A little friendly red teaming and improv can improve effectiveness.

Presenters
avatar for David Batz

David Batz

Senior Director, Cyber & Infrastructure Security, Edison Electric Institute
Leveraging over 20 years of utility experience, David Batz brings significant industry knowledge in understanding and applying appropriate security solutions to address emerging threats and issues. | In addition to providing technical knowledge of security and network issues... Read More →
avatar for Steven Luczynski

Steven Luczynski

Deputy Director, Cyber Plans and Operations, Office of the Secretary of Defense (Policy)
Steve Luczynski currently serves as the Deputy Director, Cyber Plans and Operations for the Under Secretary of Defense for Policy at the Pentagon. He works with national policymakers, interagency counterparts, and combatant command staff to support the Department of Defense miss... Read More →
avatar for Caroline Wong

Caroline Wong

VP of Security Strategy, Cobalt
Caroline is a dynamic cybersecurity expert with more than a decade of industry experience as a day-to-day manager at eBay and Zynga, product manager at Symantec, and managing consultant at Cigital (now Synopsys). She is currently VP of Security Strategy at Cobalt, a company that... Read More →
avatar for Robert Wood

Robert Wood

Director, Trust and Security, Nuna
Robert Wood runs the trust and security team at Nuna, whose core directive is to protect one of the nation's largest collective healthcare data sets. Previously, Robert was a Principal Consultant at Cigital where he founded and led the red team assessment practice and worked with... Read More →


Wednesday July 26, 2017 12:00 - 12:25
IATC (Siena) 255 E Flamingo Rd, Las Vegas, NV 89169

12:00

Your Facts Are Not Safe with Us: Russian Information Operations as Social Engineering
Over the past few years, Russia has proven itself to be an undeniable master of information operations. The techniques vary, but the majority of them focus on creating new realities and subverting Western values. This makes response efforts much more challenging, and Russia’s info ops strategies have become a key part of the arsenal the country draws upon in achieving its aims both at home and abroad.

By describing personal experience with a steady diet of state-sponsored propaganda while studying abroad in Russia, and by examining the country’s annexation of the Ukrainian peninsula of Crimea as a case study, I will give you an in-depth look at Russia’s info ops and why they’re so effective. I will explain why it’s useful to frame Russian information operations as large-scale social engineering and the implications that has for mitigating the security problems involved.

Presenters
avatar for Meagan Keim

Meagan Keim

Graduate Student, University of Maryland University College
Meagan Dunham Keim is a Russian language nerd and InfoSec enthusiast who studied Global Security and Russian at the University of Wisconsin-Madison. She is also an alumna of the Russian Flagship, which is an intensive language and cultural studies program with a study abroad comp... Read More →


Wednesday July 26, 2017 12:00 - 12:25
Proving Ground (Florentine G) 255 E Flamingo Rd, Las Vegas, NV 89169

12:00

Kick up the Jams
With the rise of drones, there is a similar rise in anti-drone countermeasures - and, accordingly, counter-anti-drone measures, etc.

This talk will cover the basics of how electronic countermeasures are implemented, how extant counter-drone systems work, and the historical countermeasures for those sorts of things.

Presenters
avatar for Eric Rand

Eric Rand

Systems Mangler, Brown Hat Security
An amateur blacksmith, an amateur radio operator, and a professional know-it-all, Eric has had a deep appreciation for the lore surrounding the IT world for many years. When he's not digging through obscure fora to find out who thought XCHG EAX:EAX was a good idea for a NOP comma... Read More →



Wednesday July 26, 2017 12:00 - 12:25
Underground (Florentine E) 255 E Flamingo Rd, Las Vegas, NV 89169

12:00

The Role of Data Visualization in Improving Machine Learning Models
Improving a machine learning model is impossible without a clear understanding of its current performance. In order to get that understanding, the Endgame data science team build Bit Inspector. Bit Inspector is an internal data visualization tool that Endgame uses to communicate the proficiency of our binary classification product, MalwareScore, through various data visualizations. Bit Inspector includes plots and metrics used to judge the ultimate performance of a model overall and across many sample subclasses. It also displays details about individual samples that can provide context about misclassifications. Bit Inspector has grown to include model performance summaries and real time performance tracking, and has proven valuable not just for data scientists, but also for project and product managers and executives to better understand the efficacy of MalwareScore. By tracking the right metrics through data visualizations, a data science team can stay focused on improving the model and communicating that improvement to stakeholders.

Presenters
avatar for Phil Roth

Phil Roth

Data Scientist, Endgame
As a data scientist at Endgame, Phil develops data products that help security analysts find and respond to threats. This work has ranged from tuning a machine learning algorithm to best identify malware to building a data exploration platform for HTTP request data. Previously, h... Read More →


Wednesday July 26, 2017 12:00 - 12:30
Ground Truth (Firenze) 255 E Flamingo Rd, Las Vegas, NV 89169

14:00

Data visualization in security: Still home of the WOPR?
Visualization of security data has not advanced significantly since the days of the WOPR in War Games. Other tech industries have embraced the role of modern user interfaces to facilitate and expedite data search, analysis and discovery, which has significantly helped users in those industries gain insights from a big data environment. In contrast, the security industry prefers to relegate everyone into command line prompts and clunky interfaces with minimal functionality and an inability to scale to the volume, velocity, and variety of security data. I’ll address the core challenges and impact of the industry’s failure to take data visualization and user experience seriously, and provide recommendations on key areas that would most benefit from modern data visualization. Through the use of attack timelines, I’ll demonstrate how we, as an industry, must move beyond familiar visualization conventions (that tend to break at scale) and provide functional data visualization that is usable for analysts and operators across all levels of expertise.

Presenters
avatar for Matthew Park

Matthew Park

UX Lead, Endgame
Matthew Park is the UX Lead at Endgame. He directs the company in implementing thoughtful and practical workflows, visualizations, and experiences into our platform. Matt and his team translate user requirements into intuitively functional interfaces. Matthew’s prior backgroun... Read More →


Wednesday July 26, 2017 14:00 - 14:25
Ground Truth (Firenze) 255 E Flamingo Rd, Las Vegas, NV 89169

14:00

Hacking College, a Cybersecurity Career, and Certifications
Cybersecurity expert Marcus Carey shares his experience with building a credible career in Cybersecurity. He’ll share insights on how to hack the system to quickly attain certifications, earn college degrees at a fraction of the time and cost, and how to ace job interviews.

Presenters

Wednesday July 26, 2017 14:00 - 14:25
Hire Ground (Florentine B) 255 E Flamingo Rd, Las Vegas, NV 89169

14:00

Robust Defense for the rest of Us
While browsing CFP's for conferences this summer, one speaking track named "The Art of Defense" had a statement that “only the largest enterprises can afford a robust defense”. I disagree, and argue that in many ways small-to-medium-size businesses can be more secure than large enterprises. I will provide an overview of the security program my team and I built that achieves enterprise-level protection AND regulatory compliance WITHOUT a massive budget or huge silo'd teams. Consider it a case study or howto for building an effective security program at a small business.

Presenters
avatar for Russell Mosley

Russell Mosley

Director, Infrastructure & Security, DYNAXYS
Russell is the Director, Infrastructure & Security of a software and financial services company in the DC area and an organizer with BSides Charm (Baltimore is Charm City!) Russell has seventeen years' experience in IT operations and enterprise defense and is responsible for the... Read More →


Wednesday July 26, 2017 14:00 - 14:25
Proving Ground (Florentine G) 255 E Flamingo Rd, Las Vegas, NV 89169

14:00

SECSMASH: Using Security Products to own the Enterprise'
Enterprise security tools provide a deep level of insight, and access, to the organizations they are designed to protect. Although, in the right hands these tools can be powerful assets for a blue team, they can be equally valuable for an attacker. Attackers can subvert legitimate functionality to gain and maintain access to an enterprise's crown jewels.
Solutions such as Splunk, Tanium, Tripwire, Carbon Black Response, in addition to providing detailed reporting on an organizations assets, all offer the ability to run commands or scripts for administrative purposes on end points. Many of these systems by default, or only, run commands as the 'System' user on Windows. This can be leveraged to gain access to critical systems, pivot into 'segmented' networks, and maintain stealthy command and control.
Unfortunately, these tools are commonly deployed with inadequate hardening, or with excessive number of administrative user accounts. One reason for this could be the prior knowledge required to leverage the power of these applications in a safe and controlled manner during a pentest, causing them to largely go unnoticed, or unreported on most tests. We want to bring awareness to the importance of protecting deployed security tools and provide a framework for pentesters and red team teamers to leverage these tools on engagements. The tool we are releasing is called secsmash, and provides a handy commandline tool to turn credentials you've acquired for a supported tool into enterprise pwnage.

Presenters
KD

Kevin Dick

Information Security Consultant, Tevora
Information security consultant at Tevora since 2012. Wore a lot of hats initially, including solution integration work, auditing, and penetration testing. | | Kevin now leads Tevora's penetration testing and red teaming group. | | Areas of focus include Network, web... Read More →
avatar for Steven Flores

Steven Flores

Information Security Consultant, Tevora
Steven is a former Marine and now penetration tester/red teamer from Southern California. When he isn't brewing awesome coffee he enjoys doing research on different threat techniques and tool development.


Wednesday July 26, 2017 14:00 - 14:55
Breaking Ground (Florentine A) 255 E Flamingo Rd, Las Vegas, NV 89169

14:00

Minimum Viable Risk Management Program
Most information risk management programs are cumbersome and expensive, requiring expertise and time that smaller organizations may not have. In addition, many attempts to start an information risk management program fail when the program seems to have no relevance to the organization except during audits. This talk will cover a risk management program that is lightweight, useful, and can scale as the organization matures without having to throw out existing work and start over. This process has been successfully implemented; the first stages require no specialized tools.

Presenters
avatar for Rachael Lininger

Rachael Lininger

Leviathan Security Group
Information security analyst, risk consultant, Cthulhu cultist. Lawful good. Opinions belong to her autocorrect, not her employer. @0xdaeda1a


Wednesday July 26, 2017 14:00 - 14:55
Common Ground (Florentine F) 255 E Flamingo Rd, Las Vegas, NV 89169

14:00

Protecting Windows Credentials: An Excessive Guide for Security Professionals
Average users might never be safe from credential-theft on Windows, but security professionals have a significant enough threat model and have the necessary skills to protect themselves beyond clicking on a few UAC prompts. Through some extreme hardening measures, a handful of 3rd party and custom tools, and perhaps a few over-the-top security practices, you will learn to turn a default Windows installation into a highly secure computing environment.

Because Windows is a leaky bucket when it comes to user credentials, it's critical that you understand the Windows security model and mitigations available, but it is also important to use those features to the fullest, way beyond what a regular IT professional might apply. It's vital to know exactly what is happening on your system and be aware of any changes that might affect security. You must maximize the encryption facilities available to you and implement extra measures where appropriate.

Windows is a huge operating system with an attack surface to match. It has a legacy of insecurity but certainly is capable of becoming a solid computing environment. 

Presenters
avatar for Mark Burnett

Mark Burnett

Consultant, Mark Burnett
Mark Burnett is an infosec consultant and author. He has spent most of the last twenty years researching, consulting, writing, and sometimes just ranting about how to secure the software and operating systems we work with every day. Mark has written several books, published numer... Read More →


Wednesday July 26, 2017 14:00 - 14:55
Ground1234! (The Tuscany, Tuscany Room) 255 E Flamingo Rd, Las Vegas, NV 89169

14:00

Poking bears: Validating the truth from IoCs in attack postmortem reports
During the year leading up to the 2016 US presidential election, a number of security companies released detailed reports about attacks against government institutions, political parties, journalists, and others involved in the election. All these reports point in the same general direction at a group of threat actors who have become widely known. But as we know, attribution is a sticky subject where a lot can go wrong, and often does. In this session, we'll discuss the specific IoCs used to attribute the attacks, and share what related, supporting, or contradicting information Symantec knew about the network infrastructure used for these attacks, and how they relate to hostile behavior previously observed originating with these threat groups. In essence, this is the session where we'll discuss what we knew and know about these APT groups and their operations, and share in full our observations and data.

Presenters
avatar for Andrew Brandt

Andrew Brandt

Director of Threat Research, Symantec
Andrew Brandt is a network forensics and incident response nerd who loves running malware just to watch machines die. In his spare time he builds retro videogame platforms and rides mountain bikes, preferably in the dead of night. If you meet in person, talk to him about new musi... Read More →


Wednesday July 26, 2017 14:00 - 14:55
Underground (Florentine E) 255 E Flamingo Rd, Las Vegas, NV 89169

14:00

IATC Cyber Crisis Simulation
A SIMULATED crisis is unfolding on a national scale. Triggered by a yet-unknown adversary, what started as a technical issue has become a society-wide impact, affecting millions of citizens, several industries, and spanning government jurisdictions. Who is in charge, how do they cooperate with others, and how do they make decisions? BSidesLV and I Am The Cavalry are teaming up with the Atlantic Council to bring public policy makers together with security researchers and others, to find out how our nation would respond to a widescale “Cyber” crisis.

Presenters
avatar for Josh Corman

Josh Corman

Founder, I am The Cavalry
Joshua Corman is a Founder of I am The Cavalry (dot org) and Director of the Cyber Statecraft Initiative for the Atlantic Council. Corman previously served as CTO for Sonatype, Director of Security Intelligence for Akamai, and in senior research & strategy roles for The 451 Group and IBM Internet Security Systems. He co-founded @RuggedSoftware and @IamTheCavalry to encourage new security approaches in response to the... Read More →
avatar for Jay Healey

Jay Healey

Sr. Research Scholar, Columbia School of International Policy Affairs
Jason Healey is Sr. Research Scholar at Columbia University School for Int’l and Public Affairs. He is a Senior Fellow and previously was Director of the Cyber Statecraft Initiative of the Atlantic Council. Healey edited A Fierce Domain: Cyber Conflict, 1986 to 2012 and... Read More →
avatar for Beau Woods

Beau Woods

Deputy Director, Cyber Statecraft Initiative, Atlantic Council/I Am The Cavalry
Beau Woods is the deputy director of the Cyber Statecraft Initiative at the Atlantic Council, and core contributor to the I Am The Cavalry initiative. Beau works with policymakers, industry, civil society groups, NGOs, and individual stakeholders to safeguard human life, public s... Read More →


Wednesday July 26, 2017 14:00 - 15:55
IATC (Siena) 255 E Flamingo Rd, Las Vegas, NV 89169

14:00

Advanced Wireless Attacks Against Enterprise Networks
Limited Capacity full
Adding this to your schedule will put you on the waitlist.

This workshop will instruct attendees on how to carry out sophisticated wireless attacks against corporate infrastructure. Attendees will learn how to attack and gain access to WPA2-Enterprise networks, bypass network access controls, and perform replay attacks to gain administrative control over an Active Directory environment. External wireless adapters and preconfigured live USBs will be provided to all workshop attendees, and material learned in the lectures will be practiced within a realistic lab environment.


Areas of focus include:

- Wireless reconnaissance and target identification within a red team environment
- Attacking and gaining entry to WPA2-EAP wireless networks
- LLMNR/NBT-NS Poisoning
- Firewall and NAC Evasion Using Indirect Wireless Pivots
- MITM and SMB Relay Attacks
- Downgrading modern SSL/TLS implementations using partial HSTS bypasses

Presenters
avatar for Gabriel Ryan

Gabriel Ryan

Security Engineer, Gotham Digital Science
Gabriel is a pentester, CTF player, and Offsec R&D. He currently works for Gotham Digital Science, where he provides full scope red team penetration testing capabilities for a diverse range of clients. Previously he has worked at OGSystems and Rutgers University. He also is a mem... Read More →


Wednesday July 26, 2017 14:00 - 17:55
Training Ground 3 (The Platinum, Platinum Room) 211 E Flamingo Rd, Las Vegas, NV 89169

14:00

Auditing Of IoT Devices
Limited Capacity full
Adding this to your schedule will put you on the waitlist.

In this workshop we will show a workflow to analyze security posture of an IoT device. We will start with a high level evaluation of architecture of solution (IoT device - mobile app - cloud) and proceed to specific techniques and tools most effective for vulnerability search on IoT devices. Information shared in this workshop will allow you to quickly identify vulnerabilities present in your device using a set of documented actions.

Presenters
avatar for Martin Rakhmanov

Martin Rakhmanov

Security Research Manager, Trustwave
Martin Rakhmanov is a Security Research Manager at Trustwave SpiderLabs where his focus is database vulnerability research and product development.
avatar for Vladimir Zakharevich

Vladimir Zakharevich

Sr. Security Researcher, SpiderLabs Team at Trustwave
Vladimir Zakharevich is a Senior Security Researcher at Trustwave SpiderLabs, based out of New York. At SpiderLabs he is working on vulnerability research and product development of vulnerability assessment software. His focus is security of IoT, mobile applications and databases... Read More →


Wednesday July 26, 2017 14:00 - 17:55
Training Ground 1 (The Platinum, Opal Room) 211 E Flamingo Rd, Las Vegas, NV 89169

14:30

It’s Not Me, It’s You: How To Be A Better Hiring Manager or Rooting Out Excellent Candidates Despite Themselves
Interviewing is difficult. From both perspectives, the process often feels more like a Buzzfeed-style personality quiz than a high-impact event that defines careers and makes or breaks teams. However, much rests on these brief discussions, and interviewers rarely make the most of them. They can pass on excellent candidates because of misaligned priorities, overt generalizations, unrealistic expectations, and an unnecessarily stressful atmosphere. Alternatively, they can accept candidates that interview well or look good on paper but are not a good fit for the team. This session will help interviewers identify and correct common mistakes, which will bring the best out of every candidate and facilitate building strong teams.

Presenters

Wednesday July 26, 2017 14:30 - 14:50
Hire Ground (Florentine B) 255 E Flamingo Rd, Las Vegas, NV 89169

14:30

Exploration of Novel Visualizations for Information Security Data
Effective visualizations for information security data are challenging. Given the streaming nature of network data and the mix of numeric and categorical types (e.g. DNS records) visualizations that are meaningful and informative are often hard to find. Even highly successful application interfaces like Kibana and Splunk will often provide a simple set of volume-over-time histograms, pie/donut charts and line plots. Although these visualizations provide some information they are limited in application and fidelity.

In this presentation we’ll explore several novel visualization approaches for information security data. Our non-traditional approaches will explore dynamic updates, mixed categorical/numeric representations, animations and other experimental facets. We intend to present our findings ‘warts’ and all. The presentation will include approaches that worked reasonably well and those that flopped (which is often just as informative).

Presenters
avatar for Brian Wylie

Brian Wylie

Kitware Inc
Brian Wylie is a technical lead at Kitware Inc. His interests include networking, static analysis, and streaming architectures. Recent work includes modeling for SQL injection, hidden DNS and HTTP tunnels, streaming clustering and anomaly detection. Brian has spoken at ShmooCon... Read More →


Wednesday July 26, 2017 14:30 - 14:55
Ground Truth (Firenze) 255 E Flamingo Rd, Las Vegas, NV 89169

14:30

I got more games than Milton Bradley: Incentivize a positive change in your security culture
Security awareness training is one of the last defenses to dastardly effective social engineering threats. Yet traditional vendor purchased security awareness training is largely ignored by the workforce and can merely serve to ensure compliance without reducing the risk substantially. In fact a 2016 Ponemon Institute survey found that 52% of interviewed organizations found their vendor purchased security training product ‘somewhat or not effective’. Using American Campus Communities, the nation's largest developer, owner and manager of high-quality student housing communities, as a case study, this presentation will demonstrate to session attendees the difference between informational videos and a security awareness gamification program. Attendees will hear obstacles we faced, what worked and what didn't as we introduced a range of interactive games, contests, and rewards to motivate users to buy in to following security protocols.

Presenters
avatar for Drew Rose

Drew Rose

CEO | Founder, Living Security
Drew has a Bachelors of Science in Cybersecurity with a CISSP and a passion for building security programs and reducing risk. He has worked with institutions in the government, private and public sector. His specialty lies in understanding human behaviors and how emotions impact... Read More →


Wednesday July 26, 2017 14:30 - 14:55
Proving Ground (Florentine G) 255 E Flamingo Rd, Las Vegas, NV 89169

14:30

Lockpick Village - Beginner lesson
Staff
avatar for Wendy Knox Everette

Wendy Knox Everette

Cyberlawyer
Wendy spent her first 18 years in New Jersey where she grew to appreciate a good slice of pizza. After college, she worked as a software developer at Amazon.com and Google. She received her JD from the George Mason University School of Law and completed a Fellowship in computer s... Read More →
avatar for Kat Sweet

Kat Sweet

Information Security Analyst, Duo Security
Kat recently moved from Madison to Ann Arbor to work for Duo Security (MFA FTW!), becoming perhaps the first Duonaut ever whose relocation involved a boat ride. Outside of work, she has an affinity for wielding pointy objects, including lockpicks, knitting needles, and, as of las... Read More →


Wednesday July 26, 2017 14:30 - 15:00
Chill Out Room (Florentine C&D) 255 E Flamingo Rd, Las Vegas, NV 89169

15:00

Magical Thinking... and how to thwart it.
For all the progress we’ve made – as a community, as an industry, as a discipline – describing the brittleness of our IT infrastructure and 'the shape of the beast’ (what is this hacking stuff anyway?), we’re not seeing much in the way of obvious returns in two key areas : procurement and policy.

We know what's broken; we even mostly know how to fix it. We fight the good fight from the C-suite to Capitol Hill. Yet often we lose. Why?

Behind nearly every poor choice in procurement or policy is some species of magical thinking. Not idiocy, not ignorance, not malice, but a logical error in determining causality. These are not complicated fallacies, nor particularly difficult to spot, but they are seductive, they are omnipresent. And, unfortunately, they are often profitable. They are also critical to our understanding of *why* broken things stay broken, and why evidence-based policies are so elusive.

Attendees will explore imagined realities informing real policy and procurement decisions; they will additionally have the opportunity to learn and share battle-tested thwarting strategies.

Presenters
avatar for Mara Tam

Mara Tam

Senior Fellow, Center for Advanced Studies on Terrorism (CAST)
Mara is a Washington DC-based ICT security policy expert. Mara regularly serves as a private sector advisor to executive agencies on information security issues, focussing on the technical and strategic implications of regulatory and policy activity. Prior to her current roles, s... Read More →


Wednesday July 26, 2017 15:00 - 15:25
Ground Truth (Firenze) 255 E Flamingo Rd, Las Vegas, NV 89169

15:00

Interrogation Techniques for Fun and Profit: Designing better tools for your SOC team
SOC teams are consistently forced to create their own suites of in-house tools because commercial solutions rarely meet all that is expected of them in both usability and functionality. While creating customized tools helps internal teams ensure the tools meet their own needs, working with a large number of enterprises has shown that these teams often lack the approaches to extract the most impactful requirements. Adopting some targeted user experience research methods can help developers create better tools more quickly.

To help teams conduct fast actionable research on their own, I’ve compiled a set of questions that an in-house tool developer can use to clarify tool ideas, validate them, and direct tool design. In this talk we will walk through a fast mock research session to address either a predefined common problem or something suggested by the audience.

Presenters
avatar for Karolyn Bachelor

Karolyn Bachelor

Consultant, Brass Hill Research & Design
Karolyn Bachelor is a user experience consultant with Brass Hill Research & Design and has had clients in the security industry varying from start-up software firms to established enterprise companies. She is very much an all around user evangelist who thrives on helping teams ma... Read More →


Wednesday July 26, 2017 15:00 - 15:25
Proving Ground (Florentine G) 255 E Flamingo Rd, Las Vegas, NV 89169

15:00

Modern Internet-Scale Network Reconnaissance
Network reconnaissance is not what it used to be. The surge in cloud use and temporary infrastructure has turned standard network discovery on its head. Security folks on both sides of the fence are struggling to identify organizational assets as these trends accelerate. This talk will describe how to build an internet-scale network discovery platform using open source software (some old, some new) and a wide range of data sources, most of which are available at zero cost. For the last two years, the presenter has been using this platform to accelerate penetration tests, provide accurate pre-sales project scoping, and help defenders get a handle on their network footprint.

Presenters
U

underflow

Researcher, Fathom6
Underflow has spent the last twenty years finding vulnerabilities, writing exploits, and breaking into networks.


Wednesday July 26, 2017 15:00 - 15:55
Breaking Ground (Florentine A) 255 E Flamingo Rd, Las Vegas, NV 89169

15:00

DefCon DarkNet Badge Hardware And Software: An Introduction To Custom Badge Building
Every year at DefCon, vendors bring custom-designed electronic badges to sell and give away. These badges are primarily for entertainment, but in some cases are also presented as kits to introduce people to soldering and hardware hacking, and most of them are programmed with puzzles and games.

Getting into the world of badge making can be daunting. How are badge boards designed? How do I pick the right microcontroller for my badge? How do I program my badge to do something cool? This talk will be a crash course in badge design working from a concrete example badge. We’ll go step by step through the process. You might not know exactly how to build your own badge at the end of the talk, but what you will know is 1) it’s not as scary as it seems, 2) what pieces you’ll need to consider in designing your badge, and 3) where to go for more information.

Presenters
avatar for Edward Abrams

Edward Abrams

Manager, DarkNet Industries LLC
I'm a software developer who loves Drum and Bass. Naturally.
avatar for CmdC0de

CmdC0de

Day Job: VP of Engineering for a large software development company. | Professional history: Red Team lead, Security Researcher, and 15+ years in the online video game industry. | DarkNet: Been apart of the DefCon Darknet for 4 years, 3 years as the lead for badge firmwar... Read More →
avatar for Gater_Byte

Gater_Byte

Starting with DEFCON 17 I discovered the InfoSec/Hacker Community. Ever since, I have been finding ways to give to back to this amazing community. I enjoy mentoring and teaching others about security. In the last 4 years I have participated as a content creator and User Relation... Read More →


Wednesday July 26, 2017 15:00 - 15:55
Common Ground (Florentine F) 255 E Flamingo Rd, Las Vegas, NV 89169

15:00

Password Cracking 201: Beyond the Basics
"Are you a password cracker ... or do you just crack passwords?" -epixoip

My goal with this talk is to help occasional, casual, and non-specialist practitioners bootstrap themselves to the next level of password auditing.

After briefly touching on the basics, I will cover some common pitfalls, some non-obvious assumptions made by the experts, and other lessons from my pursuit of password cracking as a dedicated discipline.

Key takeaways include specific cracking techniques, perspectives on cracking culture, and ways to advance further under your own power.

Prerequisites: Previous experience with cracking tools (hashcat, John the Ripper) and concepts (brute force, masks, rules, keyspace, etc.) is helpful, because we won't spend a lot of time on the basics. But anyone interested in learning more about password cracking is welcome!

Presenters
avatar for Royce Williams

Royce Williams

Password auditor & enthusiast
After 13 years as a sysadmin for a regional ISP in Alaska, I jumped into security full time in 2012 for the financial sector and critical infrastructure. | | As an independent researcher and a Hashcat beta tester and contributor, my password research interests include delib... Read More →


Wednesday July 26, 2017 15:00 - 15:55
Ground1234! (The Tuscany, Tuscany Room) 255 E Flamingo Rd, Las Vegas, NV 89169

15:00

(Even More) Mainframes? On my Internet?
In 2015, Soldier of FORTRAN gave a talk about finding mainframes on the internet. It was a small, simple talk about some of his finds and the misadventures of using Nmap and friends. Since then he turned his operation in to a well oiled machine and has, essentially, completed his project. This talk will be about all the new mainframes he discovered, significant changes to Nmap and how it detects mainframes, including a discussion around Nmap and its change process, automating the discovery and posting of mainframes to Tumblr. It will also cover cow easy it was to use a VPS and massscan to scan the entire internet and how to feed that data in to Nmap so you can do this yourself!

Presenters
avatar for Soldier of FORTRAN

Soldier of FORTRAN

Supreme Commander, Zed Security
Soldier of Fortran is a mainframe hacker. Being a hacker from way back in the day (BBS and X.25 networks) he was always enamored by the idea of hacking mainframes. Always too expensive and mysterious he settled on hacking windows and linux machines, until 2010 when he finally got... Read More →


Wednesday July 26, 2017 15:00 - 15:55
Underground (Florentine E) 255 E Flamingo Rd, Las Vegas, NV 89169

15:00

Mentoring, Networking, Resume Review
This is a great time to come and network with recruiters who are hiring and looking to talk to you about their companies. You can also come into Hire Ground and have your resume reviewed. Also be on the lookout for Career Mentors who have "Blinky Badges" they are available to answer your tough questions about your career. Remember networking is the number one way to find a job - come and network!

Wednesday July 26, 2017 15:00 - 16:55
Hire Ground (Florentine B) 255 E Flamingo Rd, Las Vegas, NV 89169

15:30

Messing with Forensic Analysts: Modifying VSS Snapshots
Windows' VSS snapshots are great. The VSS service quielty runs in the background, periodically making snapshots of just about everything on the disk.
What happens if you accidentally delete a file? No worries. Pull a (somewhat old) copy out of a snapshot!
But what happens if you intentionally delete a file? And write over it 35 times? Well, you can also pull a copy out of a snapshot.
Snapshots are a treasure trove of information that people thought was gone. Forensic analysts use the data from them with little concern of tampering because there are no tools available to modify the contents of a snapshot. So, I decided to tamper with them. The snapshots, not the analysts.

This talk covers the basics of how VSS snapshots work and their on-disk format from the perspective of a malicious actor. A modified version of libvshadow, an open source VSS library, is presented which adds write support to VSS snapshots. The challenges and limitations experienced when modifying old snapshots are discussed, as well as a demonstration of the tool.

Presenters
JC

James Clawson

I'm James Clawson and I like messing stuff up. | I make things every once in a while too. I enjoy forensics, I love fuzzing, and I consider malware to be art. | When not busy driving drunk on the information super highway, I sometimes visit the zoo.


Wednesday July 26, 2017 15:30 - 15:55
Proving Ground (Florentine G) 255 E Flamingo Rd, Las Vegas, NV 89169

15:30

Is Data Visualization still necessary?
As researchers we all struggle and push the limits of available data visualization libraries. Availability of real time network flows have exceeded the capacity of current visualization libraries and the ability of the human to grasp densely visualized information. How much data is too much? We will explore the current state of the art in visualization as we try to answer the question of how to visualize backbone level enterprise data.

Presenters
avatar for Edmond Rogers

Edmond Rogers

University of Illinois
Edmond 'bigezy' Rogers, CISSP is actively involved with industry and in many research activities at the University of Illinois Information Trust Institute (ITI)’s TCIPG and CREDC Center, including work on ICS and SCADA visualization along with Smart Grid Security. Project work... Read More →
avatar for Grace Rogers

Grace Rogers

Front-End Designer, Kaedago
Grace Rogers is a student involved in several data analysis and visualization projects. She is currently designing the front end of CyPSA’s visualization tool for Kaedago. Additionally, Grace is working with researchers at the University of Illinois at Urbana-Champaign on a too... Read More →


Wednesday July 26, 2017 15:30 - 16:00
Ground Truth (Firenze) 255 E Flamingo Rd, Las Vegas, NV 89169

15:45

Pros vs Joes CTF - Contest play ends!
Staff
avatar for Dichotomy

Dichotomy

Senior Staff, BSidesLV
Pros Vs Joes Capture the Flag Games Master


Wednesday July 26, 2017 15:45 - 16:00
Chill Out Room (Florentine C&D) 255 E Flamingo Rd, Las Vegas, NV 89169

16:00

Lockpick Village - Contest
Staff
avatar for Wendy Knox Everette

Wendy Knox Everette

Cyberlawyer
Wendy spent her first 18 years in New Jersey where she grew to appreciate a good slice of pizza. After college, she worked as a software developer at Amazon.com and Google. She received her JD from the George Mason University School of Law and completed a Fellowship in computer s... Read More →
avatar for Kat Sweet

Kat Sweet

Information Security Analyst, Duo Security
Kat recently moved from Madison to Ann Arbor to work for Duo Security (MFA FTW!), becoming perhaps the first Duonaut ever whose relocation involved a boat ride. Outside of work, she has an affinity for wielding pointy objects, including lockpicks, knitting needles, and, as of las... Read More →


Wednesday July 26, 2017 16:00 - 16:30
Chill Out Room (Florentine C&D) 255 E Flamingo Rd, Las Vegas, NV 89169

17:00

Automating Crypto Bugs Discovery
We present a new and efficient approach to systematic testing of
cryptographic software: differential fuzzing. Unlike general-purpose
software fuzzing such as afl, differential fuzzing doesn't aim to find
memory corruption bugs (although they might come as a by-product), but
to find logic bugs. Compared to test vectors, differential fuzzing
provides greater code coverage. Compared to formal verification,
differential fuzzing is easier to apply, both for testers and
developers.

We'll release CDF, a tool that implements differential fuzzing for most
common cryptographic APIs: RSA encryption and signatures, elliptic-curve
cryptography, or any symmetric-key schemes through a unified interface.
CDF combines differential fuzzing with a number of unit tests to detect
vulnerabilities specific to the cryptographic functions tested. It can
also detect timing leaks, thanks to state-of-the-art leakage detection
techniques.

CDF is coded in Go, and is trivially portable to various CPU
architectures. Unlike other tools, CDF runs its tests in a totally
black-box fashion: no source code is needed, you only need an executable
file such as a binary program, Python script, or shell script calling a
remote service.

We ran CDF on high-profile, widely used crypto software components.
CDF discovered issues in a number of libraries including Go's crypto
package, OpenSSL, and mbedTLS.

Presenters
avatar for Jean-Philippe Aumasson

Jean-Philippe Aumasson

Principal Research Engineer, Kudelski Security
Jean-Philippe (JP) Aumasson is Principal Research Engineer at Kudelski Security, in Switzerland. He obtained his PhD in cryptography from EPFL in 2010. JP designed the popular cryptographic functions BLAKE2 and SipHash, and the new authenticated cipher NORX. He presented at Black... Read More →
avatar for Yolan Romailler

Yolan Romailler

Kudelski Security
Yolan Romailler is a Security Researcher at Kudelski Seucrity, where he delves into (and dwells on) cryptography, crypto code, and other fun things. He graduated in mathematics at EPFL and later in information security at HES-SO, both in Switzerland. He tweets as @anomalroil.


Wednesday July 26, 2017 17:00 - 17:25
Ground1234! (The Tuscany, Tuscany Room) 255 E Flamingo Rd, Las Vegas, NV 89169

17:00

Hacking Office Politics for Cybersecurity Leaders
Who cares about office politics? At the end of the day, isn't it all about doing what's best for the business by protecting its assets? Or implementing the best technical idea? Sadly, no.

Technically savvy cybersecurity professionals often find themselves performing well in individual contributor roles and then getting promoted to management and executive positions. The rules of engagement, however, change as one moves up the corporate ladder. How does a cybersecurity leader communicate to non-cybersecurity experts the value of a program and all the expense that goes along with implementing information security activities? What's the best way to ensure that optimal decisions for the business are made when push comes to shove?

Presenters
avatar for Caroline Wong

Caroline Wong

VP of Security Strategy, Cobalt
Caroline is a dynamic cybersecurity expert with more than a decade of industry experience as a day-to-day manager at eBay and Zynga, product manager at Symantec, and managing consultant at Cigital (now Synopsys). She is currently VP of Security Strategy at Cobalt, a company that... Read More →
avatar for Robert Wood

Robert Wood

Director, Trust and Security, Nuna
Robert Wood runs the trust and security team at Nuna, whose core directive is to protect one of the nation's largest collective healthcare data sets. Previously, Robert was a Principal Consultant at Cigital where he founded and led the red team assessment practice and worked with... Read More →


Wednesday July 26, 2017 17:00 - 17:25
Hire Ground (Florentine B) 255 E Flamingo Rd, Las Vegas, NV 89169

17:00

Engineering My Way Into InfoSec
InfoSec is no longer reserved for those with the right degrees and certifications, or willing to pay the price for hacking into something. Now we can find university curriculum built upon the success stories touting professionals who went from “zero to hero”. Yet, while careers in Information Security are a hot topic, getting there isn't a straightforward journey for many. We need pilots to navigate the uncharted realms of this evolving field, willing to risk turbulence, trust their sense of direction through uncertainty and engineer what they need as and when they need it. I want to share my flight plan with you.

Disclaimer: The views presented here are solely my own and do NOT represent those of my employers, past or current.

Presenters
avatar for Nitha Suresh

Nitha Suresh

Cyber Security Consultant, KPMG
@ADN_SECURITY is a passionate Information Security | researcher and pentester, currently with a big four in Toronto, Canada as a | Cyber Security Consultant. After a masters degree in | information security, she decided to chart her own flight path | for a successful an... Read More →


Wednesday July 26, 2017 17:00 - 17:25
Proving Ground (Florentine G) 255 E Flamingo Rd, Las Vegas, NV 89169

17:00

Pros vs Joes CTF - End of Day Hotwash
Staff
avatar for Dichotomy

Dichotomy

Senior Staff, BSidesLV
Pros Vs Joes Capture the Flag Games Master


Wednesday July 26, 2017 17:00 - 17:30
Chill Out Room (Florentine C&D) 255 E Flamingo Rd, Las Vegas, NV 89169

17:00

Vaccination - An Anti-Honeypot Approach
Malware often searches for specific artifacts as part of its “anti-­VM\analysis\sandbox\debugging” evasion mechanisms, we will abuse its cleverness against it.
The "anti-­honeypot" approach is a method to repel (instead of luring) attackers, implemented by creating and modifying those artifacts on the potential victim’s machine.
Once the created artifacts are found by the malware – it will terminate.

The session will include motivations for attackers to use evasion techniques, some in-­the-­wild examples and effective countermeasures against it.
A short DIY­ vaccination live demo will be performed, including the execution and prevention of a live malware from recent cases (e.g. WannaCry, NotPetya\EternalPetya).

The script used in the demo to vaccinate the potential victim will be uploaded to GitHub and publicly shared under CC-BY-SA.

Presenters
avatar for Gal Bitensky

Gal Bitensky

Sr. Security Researcher, Minerva Labs
A 29-year-old geek from Tel-Aviv, breaker of stuff. Currently working as a senior malware psychologist in the Israeli start-up Minerva labs. Experienced in various fields, ranging from web application security and Windows internals to SCADA. Fluent in exotic languages like PHP, L... Read More →


Wednesday July 26, 2017 17:00 - 17:55
Breaking Ground (Florentine A) 255 E Flamingo Rd, Las Vegas, NV 89169

17:00

Hacks and Crafts: Improvised Physical Security Tools for Improvised Situations
Ever start unpacking your kit on a physical security assessment and then you realize you left your under door tool at home? This talk will teach you how to head into the hardware store and make whatever tools you need. I'll demonstrate live on stage how to build several physical security tools on the fly!

Wednesday July 26, 2017 17:00 - 17:55
Common Ground (Florentine F) 255 E Flamingo Rd, Las Vegas, NV 89169

17:00

Grappling Hooks on the Ivory Tower: This Year in Practical Academic Research
Five years before volume 1 issue 1 of Phrack, there was IEEE Security and Privacy. Where Merkle (of Merkle–Damgård; think SHA-2) showed us how to do crypto right in 1980. Where your favourite nation-state adversaries watch their secrets become public. Where Naval Postgraduate School showed off their secure kernel in 1981. Since then, professors and decidedly unprofessorial types have each, mostly separately, smashed and rebuilt security with their own separate armies of admirers, haters, and hangers-on.

We'll take you on a short trip through the parallel universe of academic infosec, and point out just the cool, practical stuff that came down from the ivory tower a few months ago. You'll see a bit of yourself reflected, how hackers shape the academic world, what academics have to say about our favourite bug-writing developers, and what is shaping TLS 1.3. We hope you'll also get inspired and do some science.

Presenters
avatar for Falcon Darkstar Momot

Falcon Darkstar Momot

Senior Security Consultant, Leviathan Security Group
Falcon is a senior penetration tester at Leviathan Security Group who works on everything from cryptosystem design to security program operation. He also studies LangSec as an M. Sc. student at Athabasca University, and captures flags with Neg9. His alter ego is AF7MH, licensor... Read More →
avatar for Brittany Postnikoff

Brittany Postnikoff

Born in the geographic center of Canada, Brittany is a privacy, security, and human factors researcher in the University of Waterloo Cryptography, Security, and Privacy (CrySP) lab. During the day, she focuses on using embedded artificial intelligences (sometimes thought of as "r... Read More →


Wednesday July 26, 2017 17:00 - 17:55
Ground Truth (Firenze) 255 E Flamingo Rd, Las Vegas, NV 89169

17:00

Why can't we be friends? (Ask a Fed.)
Do you dance madly on the lip of the volcano regarding your own research, or would like to research a particular topic that you feel might have a non desirable personal outcome? To you know someone who does these things? If so, you should come to this session and learn about some new process and relationships where more people can benefit than before. More details to be announced during the session.

Presenters
avatar for Dr. Russell Handorf

Dr. Russell Handorf

TL;DR- Cyber Ninjas, you're invited.


Wednesday July 26, 2017 17:00 - 17:55
Underground (Florentine E) 255 E Flamingo Rd, Las Vegas, NV 89169

17:00

IATC Mock Congressional Hearing
In the wake of a crisis, people inevitibly want answers. Who knew what, when? What could have been done to prevent it? Who will be held accountable? In the wake of our simulated crisis, we will hold a simulated Congressional hearing. Hard questions, grand standing, and much audience participation are expected, though no one will go to jail for perjury. We don't think. Led by current and former Congressional staff, some of our community who have actually testified before Congress will be in the hot seat and BSidesLV participants will get the chance to grill them...and maybe get grilled themselves. 

Presenters
avatar for Jay Healey

Jay Healey

Sr. Research Scholar, Columbia School of International Policy Affairs
Jason Healey is Sr. Research Scholar at Columbia University School for Int’l and Public Affairs. He is a Senior Fellow and previously was Director of the Cyber Statecraft Initiative of the Atlantic Council. Healey edited A Fierce Domain: Cyber Conflict, 1986 to 2012 and... Read More →
avatar for Jessica Wilkerson

Jessica Wilkerson

Professional Staff Member, House Energy and Commerce
Jessica Wilkerson is a Professional Staff Member with the House Committee on Energy and Commerce, covering cybersecurity issues across the Committee's broad jurisdiction. As part of that work, she has investigated issues in the telecommunications, commercial, energy, and healthc... Read More →


Wednesday July 26, 2017 17:00 - 18:45
IATC (Siena) 255 E Flamingo Rd, Las Vegas, NV 89169

17:30

How To Obtain 100 Facebooks Accounts Per Day Through Internet Searches
Back in 2016, it was very new the way how the Facebook mobile application implements content through "Instant articles". A user can view content from third parties directly in the Facebook platform without requiring to open the Browser, for instance. This content can also be shared, saved, opened in browser and so on.

In this talk, we will share how these Instant articles, and the way they were shared, lead us to the possibility to access Facebook accounts and how through internet searches this became a huge problem! We'll discuss how we identify the issue and how it was tested, reported, fixed, rewarded and also we talk about a new vector attack for further research.

Presenters
avatar for Yael Basurto

Yael Basurto

Security Snr Consultant, Deloitte MX
I work as a Cyber Security Snr. Consultant at Deloitte MX & I'm really into security & coding; due to my laziness I've wrote some code to automatize certain things at work, such as parsing nmap & nessus reports.
avatar for Guillermo Buendia

Guillermo Buendia

Cyber Security Consultant, Deloitte
Guillermo is a Cyber Security Penetration Testing Consultant at Deloitte Mexico; he has worked for many Financial Institutions and Public sector for the last 5 years.


Wednesday July 26, 2017 17:30 - 17:55
Ground1234! (The Tuscany, Tuscany Room) 255 E Flamingo Rd, Las Vegas, NV 89169

17:30

Recruiter Smack Down (Panel)
This is a chance to hear what was covered in the sessions today and have recruiters and community experts agree or disagree with the presentations along with understand the key takeaways from the day. Great time to also ask questions and get a debate going. 

Presenters
avatar for Matt Duren

Matt Duren

Recruiting Manager, Tenable
Matt Duren has been in recruiting since he graduated college in 2001. Starting out in a technical staffing agency, Matt quickly transitioned to corporate recruiting and has lead recruiting teams responsible for IT and college recruiting, as well as Employment Branding. Matt is... Read More →
avatar for Jen Havermann

Jen Havermann

Over 20 years quietly lurking in the industry, in public and private sectors. I've had different security roles: instructor, information system security officer/manager, accreditor, system /network admin/engineer, vulnerability assessment/pentesting, incident response, cyber secu... Read More →
avatar for Steve Levy

Steve Levy

Principal, Recruiting Inferno
Steve Levy brings an atypical combination of recruiting expertise and a technical experience to his performance-focused engagements with clients. He was one of the earliest members of the original ERE community and in 2004, was the first official ERE Blogger and Group Leader. Tod... Read More →
avatar for Pete Radloff

Pete Radloff

Principal Technical Recruiter, comScore
Pete Radloff is a veteran recruiter, sourcer and consultant, who has been in the industry since 2000, with experience in both agency and corporate settings. Pete’s passion stretches across several areas of talent acquisition, including recruitment and sourcing, social media, em... Read More →
avatar for Kris Rides

Kris Rides

CEO, Tiro Security
I'm not an Australian..... this accent is from the other side of the world! | | Please don't look for the guy in a full Tuxedo as I'm not packing it for this Vegas visit. I'm a trained Social Engineering Penetration Tester and Founder of an InfoSec specialist recruitment a... Read More →


Wednesday July 26, 2017 17:30 - 17:55
Hire Ground (Florentine B) 255 E Flamingo Rd, Las Vegas, NV 89169

17:30

Everything is Not Awesome: How to Overcome Barriers to Proper Network Segmentation
Attacks are more and more likely to come from internal network sources, possibly being allowed in by unwitting accomplices. While it’s commonplace to have a web server DMZ and possibly a guest wireless network, few organizations take any steps to further segment their networks that might help prevent or detect lateral movement by an attacker. If the current common approach is that internal attack surface management is just as important as external hardening, then why aren’t more defenders doing anything about it?  In this talk, we’ll look at common pitfalls that mire down internal segmentation efforts and ways to overcome them.

Presenters

Wednesday July 26, 2017 17:30 - 17:55
Proving Ground (Florentine G) 255 E Flamingo Rd, Las Vegas, NV 89169

18:00

Radio frequencies all around us! What data are you leaking and what is done with it?
We take it for granted that our mobile devices are helpful, brightening our lives, making us feel warm, fuzzy, connected and safe. Our devices let us know that the temperature is dropping and that it is closing the windows. What does this RF data look like, how easy is it to view and how much of it is sent to the manufacturer or third parties with implicit use of the app?

Presenters
avatar for Keya Lea Horiuchi

Keya Lea Horiuchi

After a few war driving and capture the flag competitions, Keya changed careers from an itinerant filmmaker and teacher to working within the realm of cyber security. When Keya isn't conducting security audits, information systems assessments, Wi-Fi assessments, pentests, network... Read More →


Wednesday July 26, 2017 18:00 - 18:25
Proving Ground (Florentine G) 255 E Flamingo Rd, Las Vegas, NV 89169

18:00

/.git/ing All Your Data
Organizations are using Git more than ever before, but are they securing it? Unfortunately, a large number of websites are leaving git exposed at the root of their site which allows anyone to grab the repository and exfil all flavors of source code. Even more, this exposed source code usually has sensitive data, credentials, and other fun stuff scattered about.

In this talk, I will walk you through various ways find sites that have exposed their git repositories to the world and what you can do with it. We will uncover database credentials of .gov sites, authentication keys, and more. I will also introduce you to tools that you can use to make the process easier as well as how to bypass broken/incomplete repos using git internals.

Presenters
avatar for Jesse Kinser

Jesse Kinser

Sr. Product Security Engineer, Salesforce
I am a Sr. Product Security Engineer at Salesforce. I am a frequent bug bounty researcher with a passion of learning new things(aka Serial Hobbyist). Past employers include an energy company, random startups, and the NSA.


Wednesday July 26, 2017 18:00 - 18:25
Underground (Florentine E) 255 E Flamingo Rd, Las Vegas, NV 89169

18:00

Lessons from the front lines: New York City Cyber Command
Colin Ahern, the Deputy Chief Information Security Officer of the City of New York will share the way forward for NYC Cyber Command. NYC Cyber Command has responsibility for cyber threats against nearly 300,000 employees, and over 400,000 workstations/servers and connected devices. Colin will lay out the approach to the complex technical and organizational challenges facing the Greatest City in the World with regards to current and future cyber threats.

Presenters
avatar for Colin Ahern

Colin Ahern

Deputy CISO, City of New York
Colin Ahern is the Deputy Chief Information Security Officer of the City of New York. Before joining the City, he was a security engineer and threat researcher in financial services. Colin also served seven years in the US Army, deploying twice to Afghanistan and commanding a com... Read More →


Wednesday July 26, 2017 18:00 - 18:55
Breaking Ground (Florentine A) 255 E Flamingo Rd, Las Vegas, NV 89169

18:00

How To Respond To Cops Who Want Your Passwords
There has been an outpouring of digital dissent in the wake of the new administration. If or when you get ordered by law enforcement to unlock your phone or digital devices or get served with a subpoena or warrant for your digital data and devices, what should you do?

This conversation is meant to provide a basic primer on what to expect from an encounter with law enforcement in various contexts - and some suggestions for how to best deal with them.

Presenters
avatar for Stephanie Lacambra

Stephanie Lacambra

Criminal Defense Staff Attorney, EFF
| Stephanie is a long-time indigent criminal defense trial attorney and immigration defense activist who graduated from UC Berkeley’s Boalt Hall School of Law in 2004. Before coming to EFF, she worked as a Deputy Federal Defender for two years at the Federal Defender’s Off... Read More →


Wednesday July 26, 2017 18:00 - 18:55
Common Ground (Florentine F) 255 E Flamingo Rd, Las Vegas, NV 89169

18:00

How to make metrics and influence people
Data science is not just a set of algorithms - it’s a discipline. There are many things we need to think about when we pull data from security tools, like vulnerability scanners, analyse it and present insights. This, however, is still only the beginning. In order for our analysis to have influence, we need to leverage this approach to create metrics that can actually drive improvement in security processes and help reduce risk.

During this process, there’ll be many painful questions to answer, like: “How do I choose what to measure?”; “Why doesn’t anyone seem engaged with theses metrics, even though they asked for them!?”; and “What do I when everyone seems to disagree on where the risk is?”

This talk will demonstrate how you can use data science to give everyone from IT Ops to the CISO a shared way of looking at a risk problem that they all buy into. We’ll review metrics that a team in a global financial are using to make strategic decisions and show how these relate directly to tactical tasks, enabling security and IT to prioritize effectively, and measure their success.

Presenters
avatar for Leila Powell

Leila Powell

Security Data Scientist, Panaseer
Hi - I'm a data scientist working in security. I used to use supercomputers to study the evolution of galaxies as an astrophysicist. Now I tackle more down-to-earth challenges, helping companies use different data sets to understand and address security risk. As part of the team... Read More →


Wednesday July 26, 2017 18:00 - 18:55
Ground Truth (Firenze) 255 E Flamingo Rd, Las Vegas, NV 89169

18:00

F! Passwords!
Passwords? Who needs those anymore. An examination of attempting to use 2FA for all corporate functions.

Presenters
avatar for David M. Zendzian

David M. Zendzian

CSO / Founder, Undisclosed
David is a systems and security expert with more than 25 years of Executive, Departmental, Team Management, and hands-on experience in Fortune 50 organizations, small businesses, and startups. David is currently the CSO and a founding member of an undisclosed financial company o... Read More →


Wednesday July 26, 2017 18:00 - 18:55
Ground1234! (The Tuscany, Tuscany Room) 255 E Flamingo Rd, Las Vegas, NV 89169

18:30

Silent Auction Bidding Closes!
Last chance to place your bid on the excellent array of goodies donated to benefit our supported charities! Come to the closing ceremony to see who paid how much for what!

Wednesday July 26, 2017 18:30 - 18:45
Chill Out Room (Florentine C&D) 255 E Flamingo Rd, Las Vegas, NV 89169

18:30

CTF all the things: Leveraging gamification to up your security game
Despite the fact that on any given weekend of the year you can find at least one capture the flag (CTF) event going on, many security professionals have still never played in one. Want to learn without the drudgery of studying a thick book? Want to retain more of what you learn by putting it into practice? Want to get to know other security professionals? Take advantage of this gamified method of improving your skills. Capture the flag and capture the fun.

Presenters
avatar for Matt Pardo

Matt Pardo

Web Application Security, Rapid7
Matt Pardo is obsessed with learning, and his latest focus is on web application security. In his pursuit of better ways to learn all the things a few years ago, he discovered CTFs and realized that the gamification aspect helped him to learn at an accelerated rate. It also expos... Read More →


Wednesday July 26, 2017 18:30 - 18:55
Proving Ground (Florentine G) 255 E Flamingo Rd, Las Vegas, NV 89169

18:30

How I Scanned The Internet For NSA Compromised Firewalls
Last summer the Equation Group's TTPs were leaked by a group known
as the ShadowBrokers. Unlike most people simply satisfied with rooting
their firewalls and moving on, I RTFM'd and worked out how the second
stage and implant software was meant to work. Armed only with incomplete
software, the NSA ANT catalogue, and a lot of motivation, I'll
take us on a journey of discovery that culminates
with an Internet wide scan of devices looking for NSA implant code.

Presenters
avatar for chuck mcauley

chuck mcauley

Chuck is responsible for gathering actionable application and security intelligence for Keysight products. Chuck has more than 15 years of experience working in the field of Computer and Network Security for Ixia Communications, BreakingPoint, Spirent Communications, and Imperfec... Read More →


Wednesday July 26, 2017 18:30 - 18:55
Underground (Florentine E) 255 E Flamingo Rd, Las Vegas, NV 89169

18:45

IATC Closing
Time to say goodbye, until next year. 

Wednesday July 26, 2017 18:45 - 18:55
IATC (Siena) 255 E Flamingo Rd, Las Vegas, NV 89169

19:00

BSides Las Vegas 2017 Closing Ceremony
Come join us as we say goodbye to the 2017 edition of BSides Las Vegas! Contest winners, winning raffle numbers, and silent auction high bidders will be announced. 

Staff
avatar for Genevieve Southwick

Genevieve Southwick

Executive Producer, Security BSides Las Vegas, Inc.
Anything and everything BSidesLV. Event planning, production, logistics, operations. Let me know what you love about the conference, what you like, what you dislike and how you think we can make it better. | Pastafarian, Humanist; Handbasket Driver, Trip Hazard, Trigger Warning; Existential hacking in the age of Discordia. EP/CEO/PotB @bsideslv... Read More →


Wednesday July 26, 2017 19:00 - 20:00
Chill Out Room (Florentine C&D) 255 E Flamingo Rd, Las Vegas, NV 89169

22:00

BSides Pool Party
Come chill out by the pool! Watch our live tiki carver and hear An Hobbes, Jackalope, Circuit Static, and Alchimyst playing all of the best music you’ve never heard before. Don't forget your swimsuit and conference badge!

Wednesday July 26, 2017 22:00 - Thursday July 27, 2017 04:00
The Tuscany Pool 255 E Flamingo Rd, Las Vegas, NV 89169