Loading…
BSidesLV 2017 has ended

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Underground [clear filter]
Tuesday, July 25
 

11:30

Banking on Insecurity: The ongoing fairytale of securing financial institutions
So many banks in so little time. We should expect cyber attacks on financial institutions because it’s just so much easier to pillage online than to coordinate a get-away car, guns and comfortable ski masks. Over the past year, exploits against banks have seriously upped the game: jackpotting ATMs, DDoS, messing with trusted messengers. The recent attacks on Polish banks initially went unnoticed. That’s a mistake we can’t afford to make, but the attackers are banking on it. When source code revealed that a much bigger player was involved, everyone jumped in. But that was days later. What are we missing because we choose to see what we expect, instead of what is really there? After last year’s massive breaches, and some significant financial attacks, financial organizations need to be prepared. The attackers aren’t just going after the money. They want the data too.

Presenters
avatar for Cheryl Biswas

Cheryl Biswas

Strategic Threat Intel Analyst
Cheryl Biswas is a Strategic Threat Intel Analyst with a major bank whose name she cannot share in Toronto, Canada, where she monitors and assesses international relations, threat actors, vulnerabilities and exploits. In her previous role with KPMG Canada, she was a Cyber Security... Read More →


Tuesday July 25, 2017 11:30 - 12:25
Underground (Florentine E) 255 E Flamingo Rd, Las Vegas, NV 89169

14:00

Navigating the Alternative Facts of Malware Prevention
This talk, given by two individuals not linked to any anti-malware vendor, is the result of over two years of research covering several dozen tools in the anti-malware space, in an effort to find the ideal tool for our corporate environment. It is intended to be an in-depth focus on the evolution of the space, the tools, and the technologies behind them, with a “no holds barred” approach to presenting our evaluation methodology and results.

Presenters
avatar for Rodrigo Brenes

Rodrigo Brenes

Security Operations | Incident Response, National Instruments
Professional on Information Technology with over seven years of work experience in the Information Security field. He has worked for large companies, including HP and IBM on Enterprise Vulnerability Management and Secure Operation Center, and he is currently employed as the Information... Read More →
avatar for Josh Sokol

Josh Sokol

Information Security Program Owner, National Instruments
Information Security has always been Josh's passion and in early 2010 National Instruments finally gave him the opportunity to become the Information Security Program Owner.  Today, he continues to run their security program handling everything from compliance to enterprise risk... Read More →


Tuesday July 25, 2017 14:00 - 14:55
Underground (Florentine E) 255 E Flamingo Rd, Las Vegas, NV 89169

15:00

Inside MormonLeaks: the why, the how, and the what
MormonLeaks gained national recognition in October 2016 when private videos of conversations between the highest of Mormon officials were leaked on YouTube. Shortly thereafter, the organization launched a way for sources to securely, safely, and anonymously submit confidential church documents for later public release. The Mormon Church has a history of hiding things that directly effect it's membership, their neighbors, and local and national politics. With transparency as the goal, MormonLeaks is committed to remaining neutral and publishing all verifiable documents which they receive. Come listen to the lead engineer on the project talk about the organization's history, motivations, tech, mistakes, successes, and future.

Presenters
avatar for Privacy P. Pratt

Privacy P. Pratt

Lead Engineer & Technical Advisor, MormonLeaks
My psuedonym comes from Parley P. Pratt, an early leader of the Mormon Church. I am the lead engineer of mormonleaks.io.


Tuesday July 25, 2017 15:00 - 15:55
Underground (Florentine E) 255 E Flamingo Rd, Las Vegas, NV 89169

17:00

Ask the EFF
"Ask the EFF" will be a panel presentation and unrecorded question-and-answer session with several staff members of the Electronic Frontier Foundation, the nation’s premiere nonprofit digital civil liberties group. Each staffer will discuss a particular issue that has been in the news or on EFF’s docket this year.

Presenters
avatar for Nate Cardozo

Nate Cardozo

Senior Staff Attorney, Electronic Frontier Foundation
Nate Cardozo is a Senior Staff Attorney on EFF’s civil liberties team where he focuses on cybersecurity policy and defending coders’ rights.Nate has litigated cases involving electronic surveillance, freedom of information, digital anonymity, online free expression, and government... Read More →
avatar for Eva Galperin

Eva Galperin

Director of Cybersecurity, Electronic Frontier Foundation
Eva Galperin is the Director of Cybersecurity at the Electronic Frontier Foundation (EFF) and technical advisor for the Freedom of the Press Foundation. She is noted for her extensive work in protecting global privacy and free speech and for her research on malware and nation-state... Read More →
avatar for Kurt Opsahl

Kurt Opsahl

Deputy Executive Director and General Counsel, Electronic Frontier Foundation
Kurt Opsahl is the Deputy Executive Director and General Counsel of the Electronic Frontier Foundation. In addition to representing clients on civil liberties, free speech and privacy law, Opsahl counsels on EFF projects and initiatives. Opsahl is the lead attorney on the Coders... Read More →


Tuesday July 25, 2017 17:00 - 17:55
Underground (Florentine E) 255 E Flamingo Rd, Las Vegas, NV 89169

18:00

Skip tracing for fun and profit
This talk covers skip tracing TTPs and countermeasures in the digital and human domains. The audience will be guided through two real world examples of how a regular citizen can use open source tools, exploits, and social engineering to assist law enforcement and profit. Some examples include phishing websites tailored to a fugitive’s resume, geolocating a target through video game clients, and using social media meta-data to build pattern-of-life. As the audience is moved through the process step by step, online and offline countermeasure such as USPS forwarding, false resume writing, and secure communications will also be covered.

Presenters
avatar for Rhett Greenhagen

Rhett Greenhagen

Senior Threat and Malware Researcher, Mcafee
Rhett Greenhagen has worked in the NetSec/IC for over a decade. He specializes in open source intelligence, cyber counter-intelligence, profiling, exploitation, malware analysis, and technical research and development. Career highlights include Primary Forensic Investigator for the... Read More →


Tuesday July 25, 2017 18:00 - 18:55
Underground (Florentine E) 255 E Flamingo Rd, Las Vegas, NV 89169

19:00

The Attack Chain Of A Nation-State (Equation Group)
In April 2017, The Shadow Brokers release a collection of hacking tools belonging to the Equation group, one of the more sophisticated nation-state threat actors known to date. This collection contained several zero-day exploits some of which targeted Windows OS.
The good thing is that Microsoft was able to patch its supported OSes before the tools were made available to the general public. The bad side is that some of these exploits also work on obsolete OSes such as Windows XP and Server 2003, and those will never be patched by Microsoft.
According to Bloomberg Businessweek, by April 27th nearly half a million computers were found to be infected by these tools. As a security vendor, this made us consider the need to patch also the legacy systems.
In this talk we’ll showcase the tradecraft of a nation-state threat actor and present our research of the April leak:
• Technical analysis of the SMB exploit, EternalBlue
• Description of the DoublePulsar backdoor - including bugs we found in this backdoor and how it differs from other backdoors.
• A patch for legacy OS that we made freely available to the public.

Presenters
avatar for Tal Liberman

Tal Liberman

Security Research Team Leader, enSilo
Tal has a strong interest in cyber-security, mainly focusing around OS-internals, reverse-engineering and low-level research. As a cyber security research team lead at enSilo, Tal’s team is responsible for reverse engineering OS internals, exploits, and malware and integrating their... Read More →
OM

Omri Misgav

Security Researcher, enSilo
Omri has participated in R&D of large-scale defensive security solutions and did low-level research while taking part of an incident response team. As a security researcher at enSilo he digs into OS internals and exploits, as well as reverse engineering of malware. Omri is intrigued... Read More →


Tuesday July 25, 2017 19:00 - 19:25
Underground (Florentine E) 255 E Flamingo Rd, Las Vegas, NV 89169
 
Wednesday, July 26
 

10:00

Why is China all up in my SQL server?
Starting early in 2017, the honeypots I run in my lab began to receive a strangely large volume of inbound SQL connections from all over Asia, but mainly from China. Fortunately, I am recording the traffic of virtually everything that hits my dirty network, and discovered that the attacks appear to be automated, run at high volumes, and engage in a sophisticated and complex attempt to break into Microsoft SQL Server. In this presentation, I will provide a full walkthrough of the attack, detailing the methods in use and countermeasures you can employ to protect your server. I'll also provide historical and reputational context about the attackers' originating IP addresses and the other dirty stuff coming from those addresses. And let me tell you, it's pretty dirty.

Presenters
avatar for Andrew Brandt

Andrew Brandt

Director of Threat Research, Symantec
Andrew Brandt is a network forensics and incident response nerd who loves running malware just to watch machines die. In his spare time he builds retro videogame platforms and rides mountain bikes, preferably in the dead of night. If you meet in person, talk to him about new musi... Read More →


Wednesday July 26, 2017 10:00 - 10:55
Underground (Florentine E) 255 E Flamingo Rd, Las Vegas, NV 89169

11:00

Accessibility: A Creative Solution to Living Life Blind
Not many people with disabilities have given a talk at hacker conferences on how they do what they do. This talk will focus and have demonstrations on how technologies and innovation improves life for those who are blind.

Presenters
avatar for Shaf Patel

Shaf Patel

Director, SNCooperative
Shaf Patel is a blind developer, hacker, locksmith, Muslim and tech enthusiast from London, UK. He has a passion for cyber security, coding, encryption, audio production, music, social engineering, disability advocacy and human rights. He also enjoys traveling, reading and meeting... Read More →


Wednesday July 26, 2017 11:00 - 11:55
Underground (Florentine E) 255 E Flamingo Rd, Las Vegas, NV 89169

12:00

Kick up the Jams
With the rise of drones, there is a similar rise in anti-drone countermeasures - and, accordingly, counter-anti-drone measures, etc.

This talk will cover the basics of how electronic countermeasures are implemented, how extant counter-drone systems work, and the historical countermeasures for those sorts of things.

Presenters
avatar for Eric Rand

Eric Rand

Systems Mangler, Brown Hat Security
An amateur blacksmith, an amateur radio operator, and a professional know-it-all, Eric has had a deep appreciation for the lore surrounding the IT world for many years. When he's not digging through obscure fora to find out who thought XCHG EAX:EAX was a good idea for a NOP command... Read More →



Wednesday July 26, 2017 12:00 - 12:25
Underground (Florentine E) 255 E Flamingo Rd, Las Vegas, NV 89169

14:00

Poking bears: Validating the truth from IoCs in attack postmortem reports
During the year leading up to the 2016 US presidential election, a number of security companies released detailed reports about attacks against government institutions, political parties, journalists, and others involved in the election. All these reports point in the same general direction at a group of threat actors who have become widely known. But as we know, attribution is a sticky subject where a lot can go wrong, and often does. In this session, we'll discuss the specific IoCs used to attribute the attacks, and share what related, supporting, or contradicting information Symantec knew about the network infrastructure used for these attacks, and how they relate to hostile behavior previously observed originating with these threat groups. In essence, this is the session where we'll discuss what we knew and know about these APT groups and their operations, and share in full our observations and data.

Presenters
avatar for Andrew Brandt

Andrew Brandt

Director of Threat Research, Symantec
Andrew Brandt is a network forensics and incident response nerd who loves running malware just to watch machines die. In his spare time he builds retro videogame platforms and rides mountain bikes, preferably in the dead of night. If you meet in person, talk to him about new musi... Read More →


Wednesday July 26, 2017 14:00 - 14:55
Underground (Florentine E) 255 E Flamingo Rd, Las Vegas, NV 89169

15:00

(Even More) Mainframes? On my Internet?
In 2015, Soldier of FORTRAN gave a talk about finding mainframes on the internet. It was a small, simple talk about some of his finds and the misadventures of using Nmap and friends. Since then he turned his operation in to a well oiled machine and has, essentially, completed his project. This talk will be about all the new mainframes he discovered, significant changes to Nmap and how it detects mainframes, including a discussion around Nmap and its change process, automating the discovery and posting of mainframes to Tumblr. It will also cover cow easy it was to use a VPS and massscan to scan the entire internet and how to feed that data in to Nmap so you can do this yourself!

Presenters
avatar for Soldier of FORTRAN

Soldier of FORTRAN

Supreme Commander, Zed Security
Soldier of Fortran is a mainframe hacker. Being a hacker from way back in the day (BBS and X.25 networks) he was always enamored by the idea of hacking mainframes. Always too expensive and mysterious he settled on hacking windows and linux machines, until 2010 when he finally got... Read More →


Wednesday July 26, 2017 15:00 - 15:55
Underground (Florentine E) 255 E Flamingo Rd, Las Vegas, NV 89169

17:00

Why can't we be friends? (Ask a Fed.)
Do you dance madly on the lip of the volcano regarding your own research, or would like to research a particular topic that you feel might have a non desirable personal outcome? To you know someone who does these things? If so, you should come to this session and learn about some new process and relationships where more people can benefit than before. More details to be announced during the session.

Presenters
avatar for Dr. Russell Handorf

Dr. Russell Handorf

TL;DR- Cyber Ninjas, you're invited.


Wednesday July 26, 2017 17:00 - 17:55
Underground (Florentine E) 255 E Flamingo Rd, Las Vegas, NV 89169

18:00

/.git/ing All Your Data
Organizations are using Git more than ever before, but are they securing it? Unfortunately, a large number of websites are leaving git exposed at the root of their site which allows anyone to grab the repository and exfil all flavors of source code. Even more, this exposed source code usually has sensitive data, credentials, and other fun stuff scattered about.

In this talk, I will walk you through various ways find sites that have exposed their git repositories to the world and what you can do with it. We will uncover database credentials of .gov sites, authentication keys, and more. I will also introduce you to tools that you can use to make the process easier as well as how to bypass broken/incomplete repos using git internals.

Presenters
avatar for Jesse Kinser

Jesse Kinser

Sr. Product Security Engineer, Salesforce
I am a Sr. Product Security Engineer at Salesforce. I am a frequent bug bounty researcher with a passion of learning new things(aka Serial Hobbyist). Past employers include an energy company, random startups, and the NSA.


Wednesday July 26, 2017 18:00 - 18:25
Underground (Florentine E) 255 E Flamingo Rd, Las Vegas, NV 89169

18:30

How I Scanned The Internet For NSA Compromised Firewalls
Last summer the Equation Group's TTPs were leaked by a group known
as the ShadowBrokers. Unlike most people simply satisfied with rooting
their firewalls and moving on, I RTFM'd and worked out how the second
stage and implant software was meant to work. Armed only with incomplete
software, the NSA ANT catalogue, and a lot of motivation, I'll
take us on a journey of discovery that culminates
with an Internet wide scan of devices looking for NSA implant code.

Presenters
avatar for chuck mcauley

chuck mcauley

Chuck is responsible for gathering actionable application and security intelligence for Keysight products. Chuck has more than 15 years of experience working in the field of Computer and Network Security for Ixia Communications, BreakingPoint, Spirent Communications, and Imperfect... Read More →


Wednesday July 26, 2017 18:30 - 18:55
Underground (Florentine E) 255 E Flamingo Rd, Las Vegas, NV 89169