BSidesLV 2017 has ended

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Common Ground [clear filter]
Tuesday, July 25

11:30 PDT

Destructive Malware and Interstate Rivalries: The Evolution of Digital Weapons and Geopolitical Conflict
Global stability is more precarious than at any time since the end of the cold war. At the same time, the mass proliferation of digital weapons, including destructive wiper malware, is lending new meaning to asymmetric capabilities. Unsurprisingly, some states are empirically more conflict prone than others, and it is these interstate rivalries that exhibit a higher propensity to use destructive wiper malware. Within this strategic backdrop, we’ll walk through the evolution of wiper malware through a series of real-world examples of its role in interstate rivalries. This includes both the technical features and modes of compromise, as well as its strategic effects and key role in escalating tensions between these conflict-prone states. We’ll conclude with an interactive discussion of the evolution and integration of wiper malware with ransomware, as well as what the proliferation of these digital weapons forebodes for geopolitical rivalries and future conflict.

avatar for Mark Dufresne

Mark Dufresne

Director, Threat Research and Adversary Prevention, Endgame
Mark Dufresne is the Director of Threat Research and Adversary Prevention at Endgame. He is responsible for Endgame's efforts to understand cyber threats and develop capabilities to detect and prevent malicious adversary techniques. Prior to joining Endgame, Mark worked at NSA for... Read More →
avatar for Andrea Little Limbago

Andrea Little Limbago

Chief Social Scientist, Endgame
Dr. Andrea Little Limbago is the Chief Social Scientist at Endgame, researching and writing on geopolitics and cybersecurity, data science, and directing the company’s technical content. Her writing has been featured in numerous outlets, including Politico, the Hill, and Christian... Read More →

Tuesday July 25, 2017 11:30 - 12:25 PDT
Common Ground (Florentine F) 255 E Flamingo Rd, Las Vegas, NV 89169

14:00 PDT

Google Apps Scripts Kill Chain
Google Apps Scripts is a JavaScript cloud scripting language that provides easy ways to automate tasks across Google products and third party services and build web applications. However, it also provides relatively easy ways for attackers to automate infiltration, propagation, exfiltration and maintaining access to a compromised G Suit powered organization. While the platform has been used successfully for C&C (Carabank) previously, we feel it only scratched the surface as potential vectors.


Maor Bin

Research Lead, Proofpoint
I'm working as a research lead at Proofpoint, as part of the SaaS Protection product. We are researching customers' data in order to identify risks and threats in their cloud environment. We're also researching new and innovative attack vectors, so we would be able to block it when... Read More →

Tuesday July 25, 2017 14:00 - 14:25 PDT
Common Ground (Florentine F) 255 E Flamingo Rd, Las Vegas, NV 89169

14:30 PDT

IMSI Catchers And The Happy Yellow Helicopter: Security Challenges At Standing Rock
Geeks Without Bounds coordinated the Internet connectivity, radio support, and renewable power for the Dakota Access Oil Pipeline protest camps at the Standing Rock Sioux Reservation in North Dakota from September 2016 to February 2017. Within hours of arriving at Standing Rock, Lisha Sterling discovered problems with her mobile phone, and that began an investigation into the various ways that cyberwarfare techniques were being used against protesters by a consortium of governmental and private security agencies. This talk includes photos and stories from Standing Rock about physical sabotage, IMSI catchers, airborne surveillance, and mystery devices which drain phone and car batteries instantly, along with lessons learned that can be used in a range of situations where activists face heavy-handed opposition.

avatar for Myron Dewey

Myron Dewey

Owner, Digital Smoke Signals
MYRON DEWEY M.A, Founder and owner of Digital Smoke Signals, Dewey is Newe/Numah - Paiute/Shoshone from the Walker River Paiute Tribe, Agui Diccutta Band (Trout Eaters) and Temoke Shoshone. He is a professor, journalist, filmmaker/editor, digital storyteller, historical trauma... Read More →
avatar for Lisha Sterling

Lisha Sterling

Executive Director, Geeks Without Bounds
Lisha Sterling has been supporting open source technology in low resource situations for the past 8 years. Before that she worked as a software developer and systems administrator at the usual string of startups and big tech companies starting in 1993. In 2016 she went to Standing... Read More →

Tuesday July 25, 2017 14:30 - 14:55 PDT
Common Ground (Florentine F) 255 E Flamingo Rd, Las Vegas, NV 89169

15:00 PDT

Purple Team: How This Color Can Help You And Your Organisation Learn and Get Better
You have heard of Red Team, Red vs. Blue Team and Purple Team exercises, but these approaches often miss two crucial aspects: communication and mentoring. An organisation doesn’t need to be overly mature to conduct a Purple Team exercise. This type of exercise can be divided into multiple stages when the business risks are well defined with communication and mentoring at the core of the engagement.

This presentation will describe how and why to execute a Purple Team exercise, as well as how to encourage upper management’s participation in this type of engagement. We will discuss techniques for executing a Purple Team exercise, along with the various types and levels of testing to assess the business risk using real case studies. This presentation will also include how to most effectively mentor the Blue Team.

Similarly to a Red Team, Purple Team exercises assess the business risks that can impact the business as a whole. The main difference between these two being that the Blue Team is involved throughout the engagement. Daily, weekly or monthly meetings are set with communication as the main objective. The Blue Team is responsible to detect, monitor and analyze the Red Team’s activities throughout the engagement. They communicate regularly with the Red Team to find solutions related to their findings rather than waiting for a finalized report that ultimately summarizes to the words “You’ve been pwned”.

Multiple levels of Blue Team involvement and mentoring approaches will be shown during the presentation. We will review different types of tests from predefined attack scenarios, which include real Red Team examples. We will focus on how this type of exercise can help the entire organisation improve their security from both a technical and strategic perspective, which will increase the value of this engagement when selling it to upper management.

avatar for Patrick Mathieu

Patrick Mathieu

Owner / Senior Security Consultant, Hackfest.ca / SecurityCompass.com
Patrick is co-founder of Hackfest.ca largest hacking conference in Canada and has been involved in computer security and hacking for more than 20 years. He is currently employed as pentester and lead Purple Team at a Toronto consulting company and and he’s specialized in application... Read More →

Tuesday July 25, 2017 15:00 - 15:55 PDT
Common Ground (Florentine F) 255 E Flamingo Rd, Las Vegas, NV 89169

17:00 PDT

All The Sales President’s Men
As technologists and hackers many of us have skills in intelligence gathering or social engineering, but we might not stop to think about how those same skills are being used against us to influence our purchasing decisions as we evaluate vendors for new projects. Now I know you're thinking, "I can spot that a mile away.". No free lunch, vendor party, or booth giveaway is going to sway ME, right? Well, I've got a confession to make - it goes way beyond that. I can be your ally, your advocate, and an asset to your organization. I can also be the secret weapon of the sales team - the guy who speaks both languages - sales and tech.

Let me walk you through what happens behind the scenes during the sales cycle at a typical tech company to influence you into buying from them.

avatar for Patrick McNeil

Patrick McNeil

Principal Solutions Architect
I'm a programmer, network engineer, and operations specialist who went astray and got into security. As a reluctant Security Solutions Architect I'd prefer to work in a technical role, but I find myself good at what I do. I'm a telecom security enthusiast and #telephreak at heart. Even... Read More →

Tuesday July 25, 2017 17:00 - 17:55 PDT
Common Ground (Florentine F) 255 E Flamingo Rd, Las Vegas, NV 89169

18:00 PDT

The Struggle Is Real: My Journey With Mental Health Issues
Talks on mental health are starting to emerge across the infosec sphere. This is a great thing, because openness and honesty about our mental states leads to better mental health. This is my attempt to tell my story about my strong personal opposition to my own better mental health and why I am (slowly) changing my mind. We take care of our bodies, why not our minds and hearts?

avatar for Joel Cardella

Joel Cardella

Joel Cardella has over 24 years of experience in information technology, having run a gamut from network operations, sales support, data center management, field operations and information security. He has worked in industries including telecommunications, healthcare and manufacturing... Read More →

Tuesday July 25, 2017 18:00 - 18:25 PDT
Common Ground (Florentine F) 255 E Flamingo Rd, Las Vegas, NV 89169

18:30 PDT

Regulatory Nets vs. The Fishing Hook Of Litigation
What sort of legal and policy choices would lead to more secure and safer software and computing-enabled devices? The patchwork of existing legal regimes in the US is based on regulations imposed on a few verticals (finance, healthcare, and education in particular), and a complex web of compliance frameworks, contractual provisions, and consumer lawsuits. As we think about making software safer and more secure for users, the policy choices we preference now may have long reaching effects. This talk will explore the implications of relying on software liability or other ex-post options vs. regulations or similar ex-ante choices.

avatar for Wendy Knox Everette

Wendy Knox Everette

Wendy spent her first 18 years in New Jersey where she grew to appreciate a good slice of pizza. After college, she worked as a software developer at Amazon.com and Google. She received her JD from the George Mason University School of Law and completed a Fellowship in computer security... Read More →

Tuesday July 25, 2017 18:30 - 18:55 PDT
Common Ground (Florentine F) 255 E Flamingo Rd, Las Vegas, NV 89169

19:00 PDT

Pwning Software-Defined Networking (SDN)
Software-Defined Networking (SDN) has become an emerging solution to existing virtualized networking problems. Major contributors to the use of SDN is sought through the growing scale of computing power and clustered virtualization solutions. The use of SDN has shown much momentum in newer iterations of hypervisors and provides an area of discussion for vulnerability research. This talk provides a brief introduction to SDN, its components of a switch and a controller, and vectors for fuzzing. To facilitate the focus of SDN in an open source configuration, Floodlight, Open vSwitch (OVS) and the Open Flow protocol will be the prime targets for this talk. Although there are numerous vendor-specific variants, this talk is tailored to individuals who are new to the SDN paradigm, and those who want to learn more about vulnerability research in SDN.


Tommy Chin

Grimm (SMFS, Inc.)

Tuesday July 25, 2017 19:00 - 19:25 PDT
Common Ground (Florentine F) 255 E Flamingo Rd, Las Vegas, NV 89169

19:30 PDT

Hacking the Law: A Call for Action – Bug Bounties Legal Terms as a Case Study
While the bug bounty economy is booming, a novel survey of bug bounty terms reveals that platforms and companies often put hackers in “legal” harm’s way, shifting the risk for civil and criminal liability towards hackers instead of authorizing access and creating “safe harbors”. This is a call for action to hackers to unite, negotiate and influence the emerging landscape of cyberlaw, since hackers’ actions speak louder than scholars’ words. I suggest simple steps that could and should be taken, in order to minimize the legal risks of thousands of hackers participating in bug bounties, and create a “rise-to-the-top” competition over the quality of bug bounty terms. Hackers will learn not only which terms they should beware of in light of recent developments in anti-hacking laws, but which terms they, individually and through the platform, should demand to see to ensure “authorized access”. Most importantly, this is a case study of how a united front of hackers could demand and negotiate important rights, similar to what is done by organizations in other industries. Contracts and laws will continue to play a role in the highly regulated cyber landscape, conflicts of interests will inevitably arise, therefore hackers should not only pay attention to the fine print, but unite and negotiate for better terms.

avatar for Amit Elazari

Amit Elazari

Amit is a doctoral law candidate at UC Berkeley School of Law and a CTSP Fellow at Berkeley School of Information. She is the first Israeli LL.M. graduate to been admitted to the doctoral program at Berkeley or any other top U.S. doctoral program in law, on a direct-track basis. Her... Read More →

Tuesday July 25, 2017 19:30 - 19:55 PDT
Common Ground (Florentine F) 255 E Flamingo Rd, Las Vegas, NV 89169
Wednesday, July 26

10:00 PDT

Hadoop Safari : Hunting For Vulnerabilities
With the growth of data traffic and data volumetric analysis needs, “Big Data” has become one of the most popular fields in IT and many companies are currently working on this topic, by deploying Hadoop clusters, which is the current most popular Big Data framework. As every new domain in computer science, Hadoop comes (by default) with truly no security. During the past years we dug into Hadoop and tried to understand Hadoop infrastructure and security.

This talks aims to present in a simple way Hadoop security issues or rather its “concepts”, as well as to show the multiples vectors to attack a cluster. By vectors we mean practical vectors or to sum it up: how can you access the holy “datalake” after plugging your laptop onto the target network.

Moreover, you will learn how Hadoop (in)security model was designed explaining the different security mechanisms implemented in core Hadoop services. You will also discover tools, techniques and procedures we created and consolidated to make your way to the so-called “new black gold”: data. Through different examples, you will be enlightened on how these tools and methods can be easily used to get access to data, but also to get a remote system access on cluster members.

Eventually and as Hadoop is the gathering of several services and projects, you will apprehend that patch management in this field is often complicated and known vulnerabilities often stay actionable for a while.

Just a last-minute reminder for attendees: the time slot for our talk has been changed from the 25th 15:00 to the 26th 10:00.
The venue is still Florentine F on the Common Ground track.

Slides have been attached to this post.
Video is online (https://youtu.be/B3mMTaer2is?t=5170) 

avatar for Mahdi Braik

Mahdi Braik

Security Consultant, Wavestone
I am a pentester for Wavestone, a consulting company. I am passionate and very interested by several topics related to infosec as web application security, exploit development and reverse engineering.
avatar for Thomas Debize

Thomas Debize

Consultant, Wavestone
I am a French security enthusiast and work as infosec auditor at Wavestone, a consulting company. I work on all kinds of security audits, penetration tests and incident responses. I like to git push new infosec tools (check https://github.com/maaaaz) and write some blog posts... Read More →

Wednesday July 26, 2017 10:00 - 10:55 PDT
Common Ground (Florentine F) 255 E Flamingo Rd, Las Vegas, NV 89169

11:00 PDT

Baby Got Hack Back
You’ve heard it before: the bad guys are winning; US companies are under attack every day, and defenders are on the losing end of the war. We are less resourced and, held back by the legal framework, less free to act, to fight back against our adversaries. This is not just a common lament in security circles, it is also the foundation of the ‘hack back’ argument. It continues that organizations on the receiving end of attacks should be able to defend themselves the same way US citizens can defend themselves against intruders in their homes. Defenders should be able to fight back, launch a counterstrike. This is hack back. And today it is illegal for private entities in the US. But there is increasing noise about legalizing it, with a bill introduced to do just that earlier this year, and a number of foreign governments also discussing it. The arguments that support it are appealing, yet it is widely opposed by many in the security community, with dire warnings about potential consequences of authorizing such measures.

This talk will examine the arguments for and against hack back; the current legal constraints; potential outcomes of authorizing it; and how hack back fits within both broader cybersecurity policy discussions, and other security program practices, such as active defense. We will begin with an objective, balanced overview from the Department of Justice’s Leonard Bailey and Rapid7’s Jen Ellis (40 mins) of the legal and practical dimensions of hack back. They will then be joined by advocates for and against authorizing hack back for a lively debate (40 mins). There may also be some bad rapping, but we make no promises.

avatar for Leonard Bailey

Leonard Bailey

Leonard Bailey joined the Department of Justice’s Terrorism and Violent Crime Section (TVCS) in 1991 and served as Special Counsel and Special Investigative Counsel to the Department’s Inspector General in the late 1990’s. In 2000, he joined the Computer Crime and Intellectual... Read More →
avatar for Jen Ellis

Jen Ellis

VP, Community and Public Affairs, Rapid7
Jen Ellis is Rapid7’s Vice President of Community and Public Affairs. She believes security practitioners are the guardians of Society’s trust in technology, and works extensively with security professionals, technology providers/operators, and various Government entities to promote... Read More →
avatar for Robert Graham

Robert Graham

Errata Security
Robert Graham is the CEO of Errata Security, a pentest/consultingfirm. He's known for creating the first IPS, the BlackICE series ofproducts, sidejacking, and masscan. In his spare time, he scans theInternet. He has been speaking at several conferences a year for thepast decade. He... Read More →
avatar for Davi Ottenheimer

Davi Ottenheimer

product security, mongoDB
flyingpenguins, Cyberwar History, Threat Intel, Hunt, Active Defense, Cyber Letters of Marque, Cloudy Virtualization Container Security, Adversarial Machine Learning, Data Integrity and Ethics in Machine Learning (Formerly Known as Realities of Securing Big Data).

Wednesday July 26, 2017 11:00 - 12:25 PDT
Common Ground (Florentine F) 255 E Flamingo Rd, Las Vegas, NV 89169

14:00 PDT

Minimum Viable Risk Management Program
Most information risk management programs are cumbersome and expensive, requiring expertise and time that smaller organizations may not have. In addition, many attempts to start an information risk management program fail when the program seems to have no relevance to the organization except during audits. This talk will cover a risk management program that is lightweight, useful, and can scale as the organization matures without having to throw out existing work and start over. This process has been successfully implemented; the first stages require no specialized tools.

avatar for Rachael Lininger

Rachael Lininger

Leviathan Security Group
Information security analyst, risk consultant, Cthulhu cultist. Lawful good. Opinions belong to her autocorrect, not her employer. @0xdaeda1a

Wednesday July 26, 2017 14:00 - 14:55 PDT
Common Ground (Florentine F) 255 E Flamingo Rd, Las Vegas, NV 89169

15:00 PDT

DefCon DarkNet Badge Hardware And Software: An Introduction To Custom Badge Building
Every year at DefCon, vendors bring custom-designed electronic badges to sell and give away. These badges are primarily for entertainment, but in some cases are also presented as kits to introduce people to soldering and hardware hacking, and most of them are programmed with puzzles and games.

Getting into the world of badge making can be daunting. How are badge boards designed? How do I pick the right microcontroller for my badge? How do I program my badge to do something cool? This talk will be a crash course in badge design working from a concrete example badge. We’ll go step by step through the process. You might not know exactly how to build your own badge at the end of the talk, but what you will know is 1) it’s not as scary as it seems, 2) what pieces you’ll need to consider in designing your badge, and 3) where to go for more information.

avatar for Edward Abrams

Edward Abrams

Manager, DarkNet Industries LLC
I'm a software developer who loves Drum and Bass. Naturally.
avatar for CmdC0de


Day Job: VP of Engineering for a large software development company. Professional history: Red Team lead, Security Researcher, and 15+ years in the online video game industry. DarkNet: Been apart of the DefCon Darknet for 4 years, 3 years as the lead for badge firmware and significant... Read More →
avatar for Gater_Byte


Starting with DEFCON 17 I discovered the InfoSec/Hacker Community. Ever since, I have been finding ways to give to back to this amazing community. I enjoy mentoring and teaching others about security. In the last 4 years I have participated as a content creator and User Relations... Read More →

Wednesday July 26, 2017 15:00 - 15:55 PDT
Common Ground (Florentine F) 255 E Flamingo Rd, Las Vegas, NV 89169

17:00 PDT

Hacks and Crafts: Improvised Physical Security Tools for Improvised Situations
Ever start unpacking your kit on a physical security assessment and then you realize you left your under door tool at home? This talk will teach you how to head into the hardware store and make whatever tools you need. I'll demonstrate live on stage how to build several physical security tools on the fly!

avatar for Jeff Toth

Jeff Toth

Pentester, NTT Security
Jeff is a penetration tester at NTT Security. He started his career working in regular old IT and quickly fell in love with security. Jeff is involved in the local community from giving talks at local events, teaching lockpicking monthly at Tampa Hackerspace and serving on the board... Read More →

Wednesday July 26, 2017 17:00 - 17:55 PDT
Common Ground (Florentine F) 255 E Flamingo Rd, Las Vegas, NV 89169

18:00 PDT

How To Respond To Cops Who Want Your Passwords
There has been an outpouring of digital dissent in the wake of the new administration. If or when you get ordered by law enforcement to unlock your phone or digital devices or get served with a subpoena or warrant for your digital data and devices, what should you do?

This conversation is meant to provide a basic primer on what to expect from an encounter with law enforcement in various contexts - and some suggestions for how to best deal with them.

avatar for Stephanie Lacambra

Stephanie Lacambra

Criminal Defense Staff Attorney, Electronic Frontier Foundation
Stephanie Lacambra is a criminal defense staff attorney for the Electronic Frontier Foundation. Stephanie is a long-time indigent criminal defense trial attorney and immigration defense activist who graduated from UC Berkeley’s Boalt Hall School of Law in 2004. Before coming to... Read More →

Wednesday July 26, 2017 18:00 - 18:55 PDT
Common Ground (Florentine F) 255 E Flamingo Rd, Las Vegas, NV 89169