BSidesLV 2017 has ended

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Training Ground [clear filter]
Tuesday, July 25

08:00 PDT

Industrial Control System Network Analysis
Limited Capacity full
Adding this to your schedule will put you on the waitlist.

Industrial Control Systems (ICS) are the silent machines that control the world all around us. ICS systems are used to control elevators, subways, building HVAC systems and the electricity we use. The convergence of information technology (IT) and operational technology (OT) in the ICS marketplace has been taking place over the last 20 years. This convergence, while increasing ICS operational efficiency, is also increasing cyber risk. In this course, you will learn how to identify the protocols being used in OT networks, how to decode them and the tools and procedures to perform network assessments on these networks.

avatar for Dennis Murphy

Dennis Murphy

Lead ICS Security Engineer, SecurityMatters
Designing, installing and maintaining process automation networks is where I started my career 25 years ago. Most of my experience with SCADA systems was in the integration of data between the IT and OT networks. In 2005, I realized how security was more of an afterthought in my... Read More →

Tuesday July 25, 2017 08:00 - 11:55 PDT
Training Ground 1 (The Platinum, Opal Room) 211 E Flamingo Rd, Las Vegas, NV 89169

08:00 PDT

Intro to Practical Network Signature Development for Open Source IDS
Limited Capacity full
Adding this to your schedule will put you on the waitlist.

In “Practical Network Signature Development for Open Source IDS” we will teach expert methods and techniques for writing network signatures to efficiently detect the greatest threats facing organizations today. Students will gain invaluable information and knowledge including the configuration, usage, architecture, traffic analysis fundamentals, signature writing, and testing of a modern network IDS, such as Suricata and Snort. Student will be given handouts to help them develop and read with IDS signatures. Lab exercises will train students how to analyze and interpret hostile network traffic into agile IDS rules for detecting threats, including but not limited to: Exploit Kits, Ransomware, Phishing Attacks, Crimeware Backdoors, Targeted Threats, and more. Students will leave the class armed with the knowledge of how to write quality IDS signatures for their environment, enhancing their organization’s ability to respond and detect threats.


Jack Mott

Jack is a Security Researcher on the Emerging Threats Research team at Proofpoint where he spends all day long in packet-land playing with malware and writing comprehensive IDS rules for the ETPRO and OPEN ruleset. In addition to IDS sigs, writes sigs for ClamAV and Yara to hunt... Read More →
avatar for Francis Trudeau

Francis Trudeau

Cyber Anarchy Watchdog, Emerging Threats / Proofpoint
It's time that we became uber-efficient with our interactive policy mobility. This is no time to bite the bullet with our interactive reciprocal programming. At base level, this just comes down to knowledge-based management options. I can make a window to discuss your holistic... Read More →
avatar for Jason Williams

Jason Williams

Pcap Eater, Emerging Threats / Proofpoint
Network Monitoring, IDS, IPS, NSM, Suricata, Rules, Anti-Phishing, Malware, Threat Stuff, Malware Reversing Stuff, La Croix, Coffee, Club Mate, Destiny. In reverse order.

Tuesday July 25, 2017 08:00 - 11:55 PDT
Training Ground 3 (The Platinum, Platinum Room) 211 E Flamingo Rd, Las Vegas, NV 89169

08:00 PDT

Hands-on OSINT Crash Course for Hackers
Limited Capacity full
Adding this to your schedule will put you on the waitlist.

Open source intelligence gathering (OSINT) is an important part of the reconnaissance phase of a penetration test. The more connected we are, the more information about people and assets is held by seemingly everything. This information can be juicy for both penetration testers and malicious threat actors. Learning what sources of information is available to start an engagement is a crucial step in completing a thorough but effective exploration. Risks associated with leveraging, misusing or selling discovered material is all too real. Especially considering 2017 US Senate investigations regarding foreign influence. All tools and techniques can be further advanced, ninjafied with Python, Ruby or PowerShell. The target audience is the curious, beginning to seasoned penetration testers and those who wish to start their own OSINT journey.
Attendees will have full access to an open source workbook used during the workshop. All tools and documentation are open source and/or Creative Commons. The workshop is a hands-on learning journey, using interesting and fun targets to stimulate. Testers can spend more than half their time performing recon, learn how to minimize time and effort. Learn about tools of the trade, APIs, metadata and more. Lastly, how to communicate good OSINT for client reporting utilizing time relevance, accurate data and target appetite.

avatar for Chris Kubecka

Chris Kubecka

CEO, Hypasec
The founder and CEO of HypaSec, Chris is an expert advisor and panelist for several governmentsand parliaments. She was head of the Information Protection Group for the Aramco family. Chris assumed the role with Aramco in order to respond and recover from a nation-state attack, Shamoon... Read More →

Tuesday July 25, 2017 08:00 - 17:55 PDT
Training Ground 2 (The Platinum, Pearl Room) 211 E Flamingo Rd, Las Vegas, NV 89169

14:00 PDT

Elastic-ing All the Things - Saving anything at elastic stack and having fun with detections
Limited Capacity full
Adding this to your schedule will put you on the waitlist.

Millions of events could easily be generated in your network daily. Your devices will generate events from simple and inoffensive daemon or application errors to very important events, that defensive and offensive would want to alert on. But by the end of the day how are you going to save or log all that information? How will you enrich this data generated by your users, tools, and devices? How you will correlate them? How
will you create detection alerts and reports ?

In this training our idea is to teach a fast track about how you could use Elastic Stack to cover all the steps of a event logs journey. From local log generation to Hero Detection, showing the attendee how to create smart configurations that will parse and split your data into key fields, transform your logs, correlate, and filter them to create useful outputs to be used in detection and network security analysis.

This workshop will be entirely based on Elastic Stack and basic Python scripts (donít be afraid, we will provide what is needed for the course). Simulating situations with some opensource offensive and defensive tools that will show how the attendees could create great stuff on the cheap, improving your detection capabilities and metrics. And once successful, the important: ask for a raise!

avatar for Felipe “Pr0teus

Felipe “Pr0teus" Esposito

Security Researcher
Felipe “Pr0teus” has 10 years experience in T.I, masters degree in Computer Systems and network. His interests includes Network Covert Channels,Information visualization, Log analysis and Incident Response. Currently working for Rio de Janeiro state court as Network Security Admin... Read More →
avatar for Rodrigo Montoro

Rodrigo Montoro

Security Researcher
Rodrigo “Sp0oKeR” Montoro has 15 years of experience deploying open source security software (firewalls, IDS, IPS, HIDS, log management) and hardening systems. Currently he is Security Researcher/ SOC. Prior to joining Clavis he worked as a Senior Security administrator at Sucuri... Read More →

Tuesday July 25, 2017 14:00 - 17:55 PDT
Training Ground 3 (The Platinum, Platinum Room) 211 E Flamingo Rd, Las Vegas, NV 89169

14:00 PDT

Extreme Mobile Application Exploitation
Limited Capacity full
Adding this to your schedule will put you on the waitlist.

This full-fledged hands-on workshop will get the attendees familiar with the various Android as well as iOS application analysis techniques and bypassing the existing security models in both the
platforms. The main objective of this workshop is to provide a proper guide on how the mobile
applications can be attacked and provide an overview of how some of the most important security
checks for the applications are applied and get an in-depth understanding of these security checks.

The workshop will also include a CTF challenge designed by the trainer in the end where the attendees will use their skills learnt during the workshop to solve this challenge.

This workshop will mainly focus on the following :
1. Reverse engineer Dex code for security analysis.
2. Jailbreaking/Rooting of the device and also various techniques to detect Jailbreak/Root.
3. Runtime analysis of the apps by active debugging.
4. Modifying parts of the code, where any part can be specified as some functions, classes and
to perform this check or to identify the modification, we will learn how to find and calculate
the checksum of the code. Our objective in this section will be to learn, Reverse Engineering
an application, get its executable binaries , modify these binaries accordingly, resign the
5. Runtime modification of code. Objective is to learn how the programs/codes can be changed
or modified at runtime. we will learn how to perform introspection or overriding the default
behavior of the methods during runtime and then we will learn how to identify if the
methods have been changed). For iOS we can make use of tool Cycript, snoop-it etc.
6. Hooking an application and learn to perform program/code modification.
7. By the end of workshop, based on the course content CTF challenges written by the trainer will be launched, where the attendees will use their skills learnt in the workshop to solve the CTF challenges.
The workshop will begin with a quick understanding on the architecture, file system,permissions and security model of both iOS and Android platform.
1. The tools and techniques used in the workshop are all open source and no special proprietary
tools need to be purchased by the attendees for analysis post the training. Some of the tools
taught in the training will be helpful in analysis and automating test cases for security testing
of the mobile apps:
✔ Drozer
✔ Introspy
✔ Apktool
✔ Dex2jar
✔ Cycript
✔ JD-Gui
✔ SSL Trust killer

avatar for Sneha Rajguru

Sneha Rajguru

Payatu Software Labs LLP, Payatu Software Labs LLP

Tuesday July 25, 2017 14:00 - 17:55 PDT
Training Ground 1 (The Platinum, Opal Room) 211 E Flamingo Rd, Las Vegas, NV 89169
Wednesday, July 26

08:00 PDT

Practical Malware Analysis - Hands-On
Limited Capacity full
Adding this to your schedule will put you on the waitlist.

Learn how to analyze Windows malware samples, with a hands-on series of projects in a fun, CTF-style environment. There are four levels of analysis challenges.

1. Basic static analysis with file, strings, PEiD, PEview, Dependency
Walker, and VirusTotal
2. Basic dynamic analysis with Process Monitor, Process Explorer,
RegShot, and Wireshark
3. Advanced static analysis with IDA Pro Free and Hopper
4. Advanced dynamic analysis with Ollydbg and Windbg

The first challenges are easy enough for beginners, and the later ones
get difficult enough to interest intermediate security professionals.
We will demonstrate the challenges, discuss the technologies and
techniques, and help participants get through them as needed.

These challenges use harmless malware samples from the "Practice
Malware Analysis" book by Michael Sikorski and Andrew Honig.

All materials and challenges are freely available at samsclass.info,
including slide decks, video lectures, and hands-on project
instructions. They will remain available after the workshop ends.

Participants should be familiar with basic C programming. Experience with developing Windows applications, assembly language, and debuggers is helpful but not necessary.

Participants must bring a laptop (any OS) with VMware or VirtualBox
installed on it. Each participant will need a 32-bit Windows virtual
machine to run malware samples. USB sticks with a Windows Server 2008 VM will be available for students to copy. Some projects also use a Kali Linux VM to simulate the Internet, but that's not required.

avatar for Sam Bowne

Sam Bowne

Instructor, CCSF
Sam Bowne has been teaching computer networking and security classes at CCSF since 2000. He has given talks and hands-on trainings at DEF CON, DEF CON China, HOPE, BSidesSF, BSidesLV, RSA, and many conferences and colleges. Formal education: B.S. and Ph.D. in Physics Industry credentials... Read More →
avatar for Devin Duffy

Devin Duffy

Intern, Uber
I really love hearing about different malware attack vectors and APT campaigns. I'm currently seeking a junior pentesting position.
avatar for Dylan James Smith

Dylan James Smith

Dylan James Smith has assisted with hands-on workshops at B-Sides LV, DEF CON, RSA and other conferences. He has worked in and around the computer support industry since adolescence. Now he’s old(er.) Currently focused on learning and teaching "the cybers."

Wednesday July 26, 2017 08:00 - 11:55 PDT
Training Ground 3 (The Platinum, Platinum Room) 211 E Flamingo Rd, Las Vegas, NV 89169

08:00 PDT

Effective YARA
Limited Capacity full
Adding this to your schedule will put you on the waitlist.

YARA is a simple and highly effective way to identify, classify, and categorize files. It also happens to be a powerful and free sleuthing tool - think pattern matching on steroids - that belongs in every intelligence, incident response or SOC team. It runs on any platform, is open source and is small enough to be an easy inclusion to any trusted tool set. Its ability to sift through data, identify files based on logic - not just by simple comparison but also via fuzzy logic - makes YARA pretty unbeatable. It can used simply for insight on an isolated event or in sophisticated manner as part of an incident response or research laboratory. Those not using YARA are missing out on key intelligence capability. Its ease of use and ability to rapidly deploy means you can get into YARA quickly but can just as easily lead to missing the sophisticated and powerful ways to use it.

avatar for Monty St John

Monty St John

Intelligence Chief, Cyberdefenses
Monty St John is the lead security trainer and intelligence chief for CyberDefenses and a frequent contributor to community and industry events. Previous contributions have focused on research and interests in banking and healthcare security topics. His current research focuses... Read More →

Wednesday July 26, 2017 08:00 - 17:55 PDT
Training Ground 2 (The Platinum, Pearl Room) 211 E Flamingo Rd, Las Vegas, NV 89169

09:00 PDT

Crams and Exams for Hams

Ham Tech Review and Exam Session

In this session we’ll be providing a 30-45 minute review for the tech level exam, providing details on each of the subject areas (including operating practice, rules, and basic RF and electronics theory). While the registration is full, if there is a chair, you are more then welcome to sit in.

After the review session is complete, people are welcome to drop by anytime during the training time to check for an open chair and write their ham exam (leave yourself at least 45 minutes to write).  We can also facilitate general and extra.

If you do not already have a callsign, please register for an FRN at the FCC site, or we will make you do it in front of us while you send your SSN over the con wifi. You can register at https://apps.fcc.gov/coresWeb/publicHome.do.  Applicants without an SSN are required to do this in advance.

You must have photo ID (foreign passports OK) and use your real name and US address (consider using a PO box).  There is no fee for the session.

avatar for Falcon Darkstar Momot

Falcon Darkstar Momot

Senior Security Consultant, Leviathan Security Group
Falcon is a senior penetration tester at Leviathan Security Group who works on everything from cryptosystem design to security program operation. He also studies LangSec as an M. Sc. student at Athabasca University, and captures flags with Neg9. His alter ego is AF7MH, licensor... Read More →

Wednesday July 26, 2017 09:00 - 12:25 PDT
Training Ground 1 (The Platinum, Opal Room) 211 E Flamingo Rd, Las Vegas, NV 89169

14:00 PDT

Advanced Wireless Attacks Against Enterprise Networks
Limited Capacity full
Adding this to your schedule will put you on the waitlist.

This workshop will instruct attendees on how to carry out sophisticated wireless attacks against corporate infrastructure. Attendees will learn how to attack and gain access to WPA2-Enterprise networks, bypass network access controls, and perform replay attacks to gain administrative control over an Active Directory environment. External wireless adapters and preconfigured live USBs will be provided to all workshop attendees, and material learned in the lectures will be practiced within a realistic lab environment.

Areas of focus include:

- Wireless reconnaissance and target identification within a red team environment
- Attacking and gaining entry to WPA2-EAP wireless networks
- LLMNR/NBT-NS Poisoning
- Firewall and NAC Evasion Using Indirect Wireless Pivots
- MITM and SMB Relay Attacks
- Downgrading modern SSL/TLS implementations using partial HSTS bypasses

avatar for Gabriel Ryan

Gabriel Ryan

Security Engineer, Gotham Digital Science
Gabriel is a pentester, CTF player, and Offsec R&D. He currently works for Gotham Digital Science, where he provides full scope red team penetration testing capabilities for a diverse range of clients. Previously he has worked at OGSystems and Rutgers University. He also is a member... Read More →

Wednesday July 26, 2017 14:00 - 17:55 PDT
Training Ground 3 (The Platinum, Platinum Room) 211 E Flamingo Rd, Las Vegas, NV 89169

14:00 PDT

Auditing Of IoT Devices
Limited Capacity full
Adding this to your schedule will put you on the waitlist.

In this workshop we will show a workflow to analyze security posture of an IoT device. We will start with a high level evaluation of architecture of solution (IoT device - mobile app - cloud) and proceed to specific techniques and tools most effective for vulnerability search on IoT devices. Information shared in this workshop will allow you to quickly identify vulnerabilities present in your device using a set of documented actions.

avatar for Martin Rakhmanov

Martin Rakhmanov

Security Research Manager, Trustwave
Martin Rakhmanov is a Security Research Manager at Trustwave SpiderLabs where his focus is database vulnerability research and product development.
avatar for Vladimir Zakharevich

Vladimir Zakharevich

Sr. Security Researcher, SpiderLabs Team at Trustwave
Vladimir Zakharevich is a Senior Security Researcher at Trustwave SpiderLabs, based out of New York. At SpiderLabs he is working on vulnerability research and product development of vulnerability assessment software. His focus is security of IoT, mobile applications and databases... Read More →

Wednesday July 26, 2017 14:00 - 17:55 PDT
Training Ground 1 (The Platinum, Opal Room) 211 E Flamingo Rd, Las Vegas, NV 89169