Villages and Events
- Amateur (Ham) Radio Examination
- A Bro Primer – Lets work together BRO!
- Intro to Python Programming, Snake wrangling for kids and adults
- Learning Lessons & Imparting Wisdom of Past NSA IAM/IEM & IA-CMM processes
- Web Hacking 101 Hands-on with Burp Suite
- Advanced soft skills: Using efficacy to get sh*t done
- Bash patterns
- Beyond a Mystery Nation – North Korea Hackers
- Cats, Cats, & Moar Katz – Windows Post-Exploitation
- CTF Environments as a Teaching Tool
- Cybersecurity in a digital world
- Cybersecurity Leadership for the Digital Era
- Doing and Proving Security on a Budget
- DNC data in the hands of a trained intelligence professional
- From red team to CISO..wtf do I do now?
- Hacking Perceptions or: How I Learnt to Stop Worrying and Love the End User
- IPv6 Security Defense redo and how not to get it wrong!
- Kids Crypto
- Large-Scale Machine Learning for Malware Characterization using Graphs
- Ninja Looting Like A Pirate
- Non-Crypto Attacks on Crypto Messengers
- Physical Security Testing – Recon Fundamentals
- Reverse Engineering Ransomware: Disassembling the Malware that holds your Data Hostage
- Security Through the Eyes of a Fly Fisherman
- Sending ciphered messages to your friends that the teacher can’t figure out!
- System Administration for Kids
- Threat Intelligence Automation Using Jupyter
- Why is the Internet still working?
- Windows Management Instrumentation for Good and Evil
Villages and Events:
Anyone interested in forensics
Speaker(s): Jon Lucenius
This is the Third Annual installment of the Forensic Village. Once again, we welcome all levels of experience and challenges – we had plenty last year! Whether you need our help to understand deeper forensic investigations (wild and whacky challenges accepted) or just want to show us how much you know – we will welcome your interest and participation. Similar to last year, we will have a few forensic talks so stop by for more great stuff!
Bio: In the ever evolving world of things – there has always been forensics, digital or otherwise. I started working with computers at home back in 1979 on small black and green headed monitors, writing stuff, wondering what happened, and what can be done to make things better. Since then I’ve done graphics, websites, and a good bit of hacking for banks and the like. My current job is putting it all together to solve cases and find bad guys – nowadays they call me a Forensic Investigator among other things.
Pros V Joes CTF
Students and professionals who want to learn the details of computer compromise through hands on experience in a live combat scenario.
Speaker(s): Eric Arnoth
The Pros vs Joes CTF is a live combat Capture The Flag event. The Pros are Information Security professionals or advanced in their knowledge of securing / compromising computers and networks. These professionals will help the Joes to improve their skills through the course of two days of attack and defend. On the first day, teams of Joes, captained by a Pro, protect their network from the Red Cell. On the second day, the Red Cell disolves and joins the Joe teams, which then attack each other.
The game is completely virtual, players only need bring a laptop for connecting to the gaming environment via the Internet. Laptops will NOT be in the line of fire.
At the end of each day, there will be a debrief to reveal how compromises occurred, with discussion for how to better defend.
Anyone interested in Wireless hacking
Speaker(s): @wifi_village and @wctf_us
The Wireless Village is a group of experts in the areas of information security, WiFi, and radio frequency with the common purpose to teach the exploration of these technologies with a focus on security. We focus on teaching classes on Wifi and Software Defined Radio, presenting guest speakers and panels, and providing the very best in Wireless Capture the Flag (WCTF) practice to promote learning.
The Wireless Village plans to hold a Wireless Capture the Flag (WCTF) contest during BsidesDE.
We cater to those who are new to this game and those who have been playing for a long time. Each WCTF begins with a presentation on How to WCTF. We also have a resources page on our website that guides participants in their selection of equipment to bring.
Keep an eye on @wctf_us, and @WIFI_Village for details.
Bio: Visit http://wctf.us/crew.html for information about our crew.
Amateur (Ham) Radio Examination
Anyone interested in getting/upgrading an Amateur Radio license
Speaker(s): Hackers for Charity
Want to get an Amateur Radio license or upgrade? Want to help others get licensed or teach using ham radio? Looking for public service training or serving as part of ARRL’s ARES field training team? You can even arrange an Amateur Radio contact for your students with the International Space Station! Before you go on air, you need to be licensed and know the rules. You can do all this and more by getting your license.
Bio: This event is sponsored by Hackers for Charity (http://www.hackersforcharity.org) with great support from Jim (N3UZ) and Kathryn (KT3AN) Smith, volunteer examiners and the Northern Delaware area coordinators for the FCC VEC program. The Smith’s are huge amateur radio supporters running frequent examinations around Delaware and nearby states.
More info -> http://n3uz.com
A Bro Primer – Lets work together BRO!
Anyone interested in intrusion detection systems
his talk is going to be about BRO IDS. How one can start using Bro, it’s installation, configuration and basic setup to start playing around with it. This talk is targeted towards the beginners, to get their feet wet in Bro zone, as it is such a powerful and wonderful open source tool that can produce lot of value right from the basic installation. The talk will cover how to analyze your Bro logs and some interesting stuff to look for in the log files, some real world examples, and furthermore, if time permits, some advance use-cases of Bro IDS. This talk is intended to give public a general awareness of how to get most out of the open source free tools out there, such as Bro, and how it provides wonderful insights in the network traffic for Security analysts.
For conducting the lab, we would require all the participants :
-To have VM environment setup on your laptops.
-On your chosen VM environment (Workstation, Player, Fusion, VirtualBox, etc.), create a new VM using Ubuntu Server 16.04 LTS 64b (ISO)
with following characteristics:
typical, 2GB of ram or more, 8GB of disk or more.
during creation, add “”ssh”” to the system by typing space to set an “”x”” in the box “”[ ]””.
set the VM in network NAT mode (later can be changed to bridge).
verify when running on the VM, you can ping the Internet (e.g. “”ping 22.214.171.124″”, the google DNS server).
verify you can ssh into the VM from your shell environment.
Bio: I came to US in 2013 for pursuing MS in Computer Engineering from University of Delaware, and graduated with MS in 2015, currently working as a Security Engineer in University’s Technical Security Group full time, and majorly look into the IDS/IPS devices we have to monitor the traffic for anomaly or intrusion detection. I live in Newark DE, and enrolled as a part-time Ph.D student in UD as well, research focusing on different cyber-security domains.
Intro to Python Programming, Snake wrangling for kids and adults
Anyone interested in learning Python
This fun and exciting class gets your feet wet in the world of Python programming! Python is an incredible useful, powerful and flexible language. By the end of the class you will have a basic working knowledge of Python and programming concepts such as variables, loops, if-else statements and more!
Bio: @heavhacker is the Engineer Of Things at Power Home Remodeling and has been running the coding club at his daughters school for the last 3 years. In his spare time, he and @BiaSciLab like to work with Raspberry Pis, Arduinos, Hacking and 3d printing. Member of DC201, DC610
Learning Lessons & Imparting Wisdom of Past NSA IAM/IEM & IA-CMM processes
Speaker(s): Joe Klein, CISSP
Your success in the cyber security compliance domain requires knowledge of the pertinent laws, regulations, compliance nuances and publications. You must apply this knowledge along with the ability to successfully create a work product which is valuable to the customer as well as something you and your team are proud to deliver. The processes you use during an audit, assessment, or penetration test significantly influence the quality of the deliverable.
So the fundamental question is, what methods do you use and how to you measure the success and maturity of your processes?
This presentation is about leveraging the knowledge and wisdom of the NSA’s Information Security (INFOSEC) Assessment Methodology (IAM) and INFOSEC Evaluation Methodology (IEM) to perform the examination of security vulnerabilities of systems from the organizational and technical perspective. Also, we will introduce the Information Assurance Capability Maturity Model (IA-CMM). The IA-CMM framework has been proven to increase the quality of the work product while streamlining the processes and decreasing the time and cost to deliver products.
Key takeaways from this presentation:
• How to improve your pre-activity, activity and post-activity processes
• How to use the “Oracle Method” to engage decision makers, business owner and technology teams in the course of identifying and justifying the risk decision, be they FIPS 199, FIPS 200 or some other risk compliance requirement
• Setting customer expectations on timelines and deliverables
• Identifying and communicating both positive and negative environmental, human, and data classification vulnerabilities
• Addressing after action items and improving internal processes with lessons learned activities
• Developing measurements and trending results, which generate existing organizational and system vulnerability critical metrics
Bio: For over 35 years, Joe Klein has had the roles of auditor, assessor, penetration testing, red team, professor, SOC monkey, security/cloud architect, incident handler/hunt team, threat intel, security ‘researcher’ and CSO of several organizations.
Joe Klein, CISSP, share his experiences and his lessons learned engaging with his clients. He is a Fellow for the IPv6 Forum. He is CEO & Founder of Disrupt6, the provider of Indicators of IntentTM (IOIs) Threat Intelligence for the Internet of Things (IoT). Joe Klein is often requested to speak at professional security venues and routinely participates in high-level government working groups as an expert on secure implementation of IPv6. He is a 30-year veteran of the IT and IA industry. He has extensive experience in DoD, US Government and commercial sectors, focusing on information assurance, network security, IoT security and IPv6.
Web Hacking 101 Hands-on with Burp Suite
Anyone looking to “break into” the web app security field (lame pun intended)
Speaker(s): David Rhoades – @mavensecurity
A high-energy demo-laden caffeine-laced session that will introduce the student to the techniques needed to remotely detect and validate the presence of common vulnerabilities in web-based applications using Burp Suite, the industries’ most popular toolkit. Testing will be conducted from the perspective of the end user (as opposed to a source code audit).
This is a hands-on session. Attendees MUST bring a PC, Mac, or Linux box running VirtualBox (https://virtualbox.org). That’s free and fully functional. (VMware Player is acceptable, but VirtualBox is better. Nuff said.).
All of the tools and targets used during the session will be available to the attendees in a single pre-configured virtual machine that is ready to hack out-of-the-box. A CTF-style in-class scoreboard will help you track your progress during the labs, and motivate you to outpace your fellow students. Bling and flair will be bestowed upon the worthy.
To prepare for this session wait until the day before the event then grab the latest version of the Web Security Dojo from here: https://www.mavensecurity.com/web_security_dojo/
NOTE: It’s best to wait a few days prior to the event to be sure you have the latest version of “the Dojo” since that will be used during the session.
Time permitting the following topics will be covered:
Web Primer (HTML, HTTP, Cookies; just the basics)
Threat Classification Systems (OWASP Top Ten & WASC Threat Classes)
Cross-Site Scripting (XSS)
SQL Injection (SQLi)
Local File Inclusion (LFI) / Remote File Inclusion (RFI)
Cross-Site Request Forgery (CSRF)
NOTE: Since the student will have all of the tools and targets in a single virtual machine, they are free to continue the learning after the session in the privacy of their own localhost. No network required. The Web Security Dojo includes PDF walk-through guides for some of the targets.
Advanced soft skills: Using efficacy to get sh*t done
Speaker(s): Claire Tills @ClaireTills
Soft skills are very buzzy right now. Communication is important for information
security in a lot of ways, some ways are more nuanced than others. If you’ve ever
had a brilliant or crucial recommendation totally ignored by an enduser or
executive that just didn’t grasp the gravity of the situation, efficacy may be for you.
Primarily used in health communication, efficacy is a concept used to advocate
everything from regular exercise to preparing for a natural disaster. This talk will
go over the concept of efficacy and illustrate how it might be used for information security situations.
Bio: Claire Tills recently received her M.A. in Communication from the
University of Maryland. With a professional background in
technology and security public relations, her research focuses on
the communicative side of information security. She applies
communication theories to InfoSec issues with the goal of
advocating security to a variety of endusers and improving
resilience after InfoSec crises like data breaches.
Speaker(s): Shawn Wilson
I keep running into “bash scripts” that look like old style shell scripts – capitalized variable names, tons of subshells piping all over the place, etc. This does not need to be the case – bash scripts can be written with some elegance
I hope this talk shows some mechanisms you can use to write nicer bash scripts
Bio: System administrator
Beyond a Mystery Nation – North Korea Hackers
Speaker(s): Nir Yosha @niryoo
As tensions between the US and North Korea rise, its state-sponsored hackers are gaining traction among security research firms.
In my talk, I look back at some of the latest attacks from the Lazarus group, including Sony Pictures and the NHS hospital hack.
Also, the forensics linking between the Lazarus group and the infamous WannaCry ransomware.
Financially motivated (Bangladesh central bank hack), espionage-driven (South Korea hacks) or warfare ready (destructive attacks), North Korea hackers continue to strike the western world.
What actions can be taken to prevent similar attacks? What predictions security firms have on North Korea hackers? Keep a sharp lookout!
Bio: Nir started his career as a squad leader in the Israeli Intelligence Corps. He helped with gathering intelligence tracking the growth of terrorist organizations.
Nir is a Threat Intelligence Engineer for the Threat Intelligence Platform company ThreatQuotient.
Nir publishes his posts on LinkedIn and speaks occasionally at security conferences.
Cats, Cats, & Moar Katz – Windows Post-Exploitation
Speaker(s): Alex Reuben
This talk focuses on common methods, techniques, and tools employed by penetration testers and attackers after compromising a Windows system. Live demos will be included to demonstrate the concepts of escalating privileges, moving laterally and expanding, and establishing persistence in a Windows environment. Tools demonstrated will include: Metasploit/Meterpreter (as a base for the attack) as well as Hashcat, Netcat, Mimikatz (for post-exploitation) and others will be touched on or mentioned. The purpose of this talk is to serve as an introduction into the concept of Windows post-exploitation as well as to explore technical aspects regarding the Windows operating system and the tools used to exploit its flaws.
Bio: I am a Delaware Tech Terry campus graduate (Information Security), current Wilmington University student (Computer & Network Security), and first-time speaker at a security conference. I have been attending security conferences and competitions since the start of my time at Delaware Tech including events such as BSidesDE/DC/NOVA/Charm, ShmooCon, CCDC, SANS NetWars, and USCC training camps. I look forward to giving my first presentation at BSides Delaware and giving back to the community I’ve spent the last 3 years of my life being a part of.
CTF Environments as a Teaching Tool
The talk consists of a panel discussion about how CTF’s and competitions can greatly benefit anybody interested in the technology field. The panel discussion is represented by 4 people, consisting of a veteran, having gone to upwards of 10 competitions, 2 intermediate competition goers, and one beginner. This is so we can represent the different opinions about going to a competitions at different stages. There will be an example CTF which we will use to demo the different techniques and lessons that are taught during an actual competition. The panel will accept questions from the audience at any point. We will also have questions pertaining to the subject set up beforehand.
Bio: Hannah Tattan, Shelby Ramsey, Sheena Crawford, and Alex Reuben are all current or former students of Delaware Technical Community College Terry Campus. This will be our first presentation at BSidesDE and look forward to sharing our experience with the InfoSec community.
Cybersecurity in a digital world
Speaker(s): firstname.lastname@example.org/ James Akwaka
Technology has changed lives for the better, however, its consequences are enormous and we are feeling the effects of it. Since technology is digital, there is an urgent need to protect systems, data, businesses and our lives. However, with Cybersecurity being the answer, we must take a holistic view of cybersecurity and how it affects every aspect of our lives today.
Bio: Student and aspiring cybersecurity consultant
Cybersecurity Leadership for the Digital Era
Speaker(s): Dr. Mansur Hasib – https://www.linkedin.com/in/mansurhasib/
Our hyperconnected world, comprised of myriad networks – both machine and human – has brought us to the precipice of a fundamental revolution and redefinition of the human experience and our socio-political and military world order. Failure of executives to grasp this pivotal change, and their concomitant failure to tailor organizational and business strategy to the new reality, is the primary cause of organizational malaise and the massive cybersecurity breaches we have experienced.
Guided by the learning models of the past, too many current executives in power do not understand what cybersecurity is. They do not understand the importance of people or the need for perpetual innovation. This session explains cybersecurity as a key mission driver powered by people who are perpetually innovating.
In this session award winning author and educator, Dr. Mansur Hasib’s shares the key lessons from his book Cybersecurity Leadership so everyone can understand why we need a different breed of executives who recognize, embrace, adapt, and rapidly develop digital strategies appropriate for this new world in order to leap ahead in the future power structure of this new world order.
Bio: Award winner author and educator, Dr. Mansur Hasib is the only cybersecurity and healthcare leader, author, speaker, and media commentator in the world with 12 years’ experience as Chief Information Officer, a Doctor of Science in Cybersecurity (IA), and the prestigious CISSP, PMP, and CPHIMS certifications.
Dr. Hasib has over 30 years experience in leading organizational transformations through digital leadership and cybersecurity strategy in healthcare, biotechnology, education, and energy. Dr. Hasib currently serves as Program Chair of the Cybersecurity Technology program in The Graduate School at UMUC. UMUC now has the world’s largest cybersecurity education program with 12,000 students and over 400 practitioner scholar faculty members.
Dr. Hasib enjoys table tennis, comedy, and travel and has been to all 50 states of the USA. Follow him on Twitter @mhasib or LinkedIn: www.linkedin.com/in/mansurhasib. To contact Dr. Hasib visit: www.cybersecurityleadership.com.
Doing and Proving Security on a Budget
Speaker(s): Alex Muentz
Security is hard. Proving that you’re doing the right things sounds harder. It shouldn’t be with a little guidance. I’ll discuss methods to create and maintain a security program that meets your needs and those of your business partners/associates/customers. We’ll talk about frameworks, certifications and showing your work. As always, I’ll also bring up your potential allies in and outside your organization who can help. There will be time for Q&A at the end.
Bio: Alex Muentz is a Senior Security Advisor at Leviathan Security and has been helping clients build, extend and maintain security programs that meet all the buzzwords while actually reducing your security risk.
DNC data in the hands of a trained intelligence professional
*This talk will not be streamed, but will be recorded and released on delay
Speaker(s): Jon “Wally” Prather and Dave Marcus
Proactive hacking against political targets is not new by any means. This is true regardless of political affiliation, country, religion, etc.… The political hacks we will be discussing occurred between 2012 – 2017 and have shown the world that there is an huge need and desire to use political information for more effective propaganda. However, this presentation will not focus on politics but rather how a competent foreign intelligence service would use this data for target development and effective propaganda. This presentation is not even about the data; its about the process…
When exposed or leaked data comes into the public eye what happens? News media skims through what they can, political opponents look for ammo, blame is placed, and lawsuits begin. What about the long game? A determined adversary would look at this data and ask: how can I develop assets and long term access into specific organizations at the right level?
What does a senior intelligence analyst do with the data? This presentation by the McAfees Advanced Programs Group answers that question. All data presented has been anonymized and sanitized to protect any individuals and organizations.
This is what Foreign Intelligence Services are doing with the data, bet money on that.
Bio: Jon “Wally” Prather is an intel pro with SME in multiple intel disciplines including HUMINT and targeting with 15 years’ experience, primarily in maritime counterterrorism/ counterinsurgency ops with the USMC, Special Ops and Irregular Warfare. Wally has provided support to combat and interagency operations in the Middle East, Southeast Asia, and Africa with over four years deployed to combat, hostile and sensitive environments to include East Africa, Afg, and Iraq.
Dave Marcus currently serves as Director of McAfee’s Advanced Programs Group (APG) as well as being one of McAfee’s Principal Engineers. Mr. Marcus’s current focus is on building the APG’s Intelligence-as-a-Service offerings and intelligence platform. His responsibilities include further developing the APG’s intelligence methodology, targeted intelligence research, social network analysis as well as babysitting precocious analysts. In his spare time he lifts heavy things, is a family kinda dude and a hacker of things.
From red team to CISO..wtf do I do now?
This will be a candid, hopefully interactive, conversation on some of the challenges I faced when entering a CISO role in the healthcare industry after 10 years as a consultant performing compliance, penetration testing and red teaming activities.
Entering the environment, burning down everything and starting fresh. Defining the framework, developing vulnerability and patch management, encryption requirements through continuous monitoring.
You will get an arm chair view of the program development, implementation and progress after one year.
Bio: Anonynous CISO in the Healthcare Industry
Hacking Perceptions or: How I Learnt to Stop Worrying and Love the End User
SOC teams and even IT departments in general are often seen as a barrier or an authority to be feared or disliked. This makes it harder for us to do our jobs effectively. End users try to skirt the rules, make excuses, or roll their own solutions to avoid talking to or upsetting the SOC team. This is generally because a) we suck at communication, and b) we really do view end users as imbeciles. The adversarial relationship is not conducive for business or security. This talk is about delineating some of these issues, and looking at some of the solutions.
Bio: I’m a network and systems administrator.
IPv6 Security Defense redo and how not to get it wrong!
Over the last 35 years, I have been fascinated by the use and abuse of hardware and network protocols. As Dr. Sandy Clark (Mouse) puts it, “finding the cracks between the standards.”
Since 2001, I have been experimenting with IPv6 and its associated transition protocols which connect islands of IPv6 across seas of IPv4. This first generation suite of RFC’s lacked operational polish but provided endless hours of fun. Some of the fun included bypassing name brand firewalls, router ACL’s and IDS’s via directed attacks using Teredo, 6to4, ISATAP and other protocols, as well as creating demo malware used to provide command and control channels invisible to commercial products.
During this time I have helped write standards for the US and EU governments, tested many pitiful security devices, and created even more devastating attacks. But more importantly, also created new defenses which increase the cost to the attackers. Sadly, many people implement IPv6 just like IPv4, based on suggestions and recommendations from router and security product vendors because they don’t care to know better.
Over 30 techniques have been tested and validated, of which five will be presented today. They include:
o Denied topology enumeration.
o Create unfindable public servers.
o Identify bad actors and bots during their surveillance phase.
o Quickly expose malware infection and associated command and control, even when the host-based protection fails.
o Increase the security of new IPv6 devices, before they are delivered.
In short, deny attackers critical information and measurably reduce your attack surface.
Bio: Joe Klein, CISSP, share his experiences and his lessons learned engaging with his clients. He is a Fellow for the IPv6 Forum. He is CEO & Founder of Disrupt6, the provider of Indicators of IntentTM (IOIs) Threat Intelligence for the Internet of Things (IoT). Joe Klein is often requested to speak at professional security venues and routinely participates in high-level government working groups as an expert on secure implementation of IPv6. He is a 30-year veteran of the IT and IA industry. He has extensive experience in DoD, US Government and commercial sectors, focusing on information assurance, network security, IoT security and IPv6.
Speaker(s): Avi @_llzes
A thorough dive of basic ciphers and puzzles for kids so they can walk away from the conference with lots of graph paper, pens, and tons of puzzles. A fun way for kids to learn and understand the basics of how to encipher/decipher things with a list of recommended projects and things they can do to incorporate it into their daily lives after the conference is over. Possibly hit a high level view of RSA with a fun way to memorise the RSA algorithm, too!
Large-Scale Machine Learning for Malware Characterization using Graphs
Speaker(s): John Cavazos
The cybersecurity industry agrees that data breaches cannot be stopped. The key reason for these seemingly unstoppable data breaches is that security products have failed to detect and block all malware. We contend that advanced analytics, involving machine learning and high performance computing, is the key to developing a systematic understanding of malware. Bad actors have embraced automation to construct malware, and it is estimated that over a hundred thousand new malware variants are being released every hour.
In contrast, many security companies that are trying to analyze and detect malware still construct products manually. Unfortunately, manually constructing malware analysis platforms that identify important trends and capabilities in malicious software cannot keep up with the massive amounts of new malware variants being created daily.
Cyber 20/20 Inc., a spin-off company from the University of Delaware, has developed a malware analysis platform using state-of-the-art malware characterization methods and the latest machine learning techniques to identify current unknown malware, zero day exploits, and advanced persistent threats. This is a truly interdisciplinary research project involving high performance computing, big data storage, compiler-based characterization, and machine learning all applied to an increasingly important cybersecurity problem. We will present research to detect malware from files (e.g., binaries or documents) that are entering an organization’s networks through email, web, and ftp. By using large-scale malware analysis and machine learning techniques, we have built highly accurate malware detection models that perform better than other state-of-the-art malware detection methods.
Bio: John Cavazos is an Associate Professor in the Computer and Information Sciences Department at the University of Delaware and previously a JP Morgan Chase Faculty Fellow in the Institute for Financial Services Analytics. John is also CEO and Founder of Cyber 20/20, a cybersecurity company that focuses on using deep machine learning, program analysis, and high performance computing for malware detection and analysis. John’s research interests are in high-performance computing, machine learning, predictive analytics, compilers, and the application of these technologies to hard problems.
Ninja Looting Like A Pirate
Speaker(s): infojanitor @infojanitor
There is a vast amount of information that exist in the modern world. More so than has ever existed in any society at any time in the history of mankind. Companies, individual, organizations, and nations keep adding to this massive sea of data. Wouldn’t you like to get your hands on some of it?
This presentation will show you how to do just that very thing using simple search tool commands and Boolean logic. You will learn how to navigate this sea of data and find repositories that others in the sea have placed online. These repositories a.k.a. loot which they believe to be safe from looting but, in fact are not because they have little to no protection. You will learn and need only a few simple techniques that allow you to find their loot and take it for yourself.
These techniques are not new, in fact they are very old by Information Technology time. However they are as relevant today as they were more than twelve years ago when people first started to compile them. The techniques will enable you to navigate through the flood of information that you normally get when web searching to find the specific treasures that you seek. These techniques will also help you to optimize your search time and provide a greater focus of the desired target online than you have ever had before. All accomplished from a “simple” search engine you use every day.
Bio: Infojanitor is (mostly) a computer security professional currently working for a fortune 100 company that fed his initial techno lust using a commodore 64 in the mid 1980’s. Spent some time working at the John’s Hopkins Applied Physics Lab (JHU/APL) communications shop making databases and learning about PC’s, Sun systems and other technologies. Served ten years in US Air Force as a keyboard jockey performing database work sometimes while actually armed in other countries. He then spent the next 13 years after the Air Force working for a private security company performing perimeter protection engagements around the world. Legally robbing banks, breaking into lofty institutions and making things not show up on the public relation’s radar for customers for which he still maintains non-disclosure agreements (NDA’s). Yet, still finds the time to scour the web, look through Internet lockers, and pick up rouge 1or 0 in his spare time.
Non-Crypto Attacks on Crypto Messengers
End to end encryption is becoming more common in messenger apps like WhatsApp, Signal, etc. while at the same time governments and others around the world are looking to intercept and attack them. In this session, we wanted to discuss some interesting attacks on messaging apps that are not attacking the cryptography itself.
Bio: I am technology generalist focused on solving problems. Some of things I have done include: developing visual SQL tools, contributing to mobile apps to help people get healthier, and helping non-profits preserve books. I also participated in the development of many anti-spam standards used today (SPF and DomainKeys), and created the Abuse Reporting Format (ARF – RFC 5965) used for exchanging spam reports by most ISPs today. Among other things I authored RFC 4180 which documents the CSV format.
Physical Security Testing – Recon Fundamentals
Speaker(s): Keith Pachulski – @sec0ps
This talk is intended to be an overview of how to perform recon during the physical testing portion of a penetration test or during the intel development for a red team. This talk may also be useful for physical security personnel looking to better understand common methods used to obtain target information before an attack against their employer begins.
We will cover the Physical Security Testing Methodology, and where recon fits as well as the escalation path between phase 1 and 2 of this seven-phase process. OSINT methods used to identify the target location(s) as well as other properties that may be owned by the client. Differences in open source SATINT and correlating that information with on the ground HUMINT. We will then walk through common information gathering techniques to include fields of view, security personnel, communications, personnel access control and authorization, physical access controls, lighting and CPTED/Environmental Design.
Bio: Keith Pachulski, is currently the Information Security Officer for Health Network Laboratories (HNL) in Allentown, PA. Keith has over 24 years of experience in the physical and information security realms. Previously he was responsible for the management and performance of onsite red team tests for SecureWorks specializing in onsite attacker emulation. Additionally he performed physical and network penetration tests, web application assessments and wireless assessments. Prior to that, he was a CSO overseeing the operations of 13 companies and responsible for the creation and management of a Managed Security Services program for a private sector company supporting clients internationally. He has extensive experience working in the Federal (DHS, DoED, AF, DOD) sector as a security contractor performing vulnerability assessments, physical/network penetration testing and compliance assessments.
Reverse Engineering Ransomware: Disassembling the Malware that holds your Data Hostage
Speaker(s): Chris Magistrado @REal0day
As more and more important information is being stored on computers, our data is rapidly becoming more valuable. Because of this, malware authors have now moved to encrypting important documents and files for monetary gain. From malware that claims it has encrypted your files (WinLock), to ransomware that deletes your folders based on time increments (Jigsaw), we will disassemble different malware samples to get a better understanding of what happens when the bad guys try to scam you out of your money.
Bio: I began my career in Information Security as a Security Analyst. From there, I pivoted to Research Support at a University. Currently I am an independent researcher with interests in the following: [“Cryptography”, “Cryptocurrencies”, “CTFs”, “Economics”, “Malware Analysis”, “Machine Learning”, “Reverse Engineering”]
Security Through the Eyes of a Fly Fisherman
Speaker(s): Bruce Potter @gdead
If you think security is a complex problem to solve, you should try using artificial flies to catch trout in ice cold streams. Trout are smart, can hide in dark corners, and can frustrate you day after day. Sound familiar? I’ve learned many lessons about fly fishing standing waist-deep in water not catching anything. Many of these lessons apply to computer security… and not in the way you might think. While there’s an obvious play around “the trout represents the attacker and you have to figure out how to catch them” I don’t think that’s really the lesson to take from the art and craft that is fly fishing. This talk will go over the basics of fly fishing including gear, anatomy of artificial flies, mechanics of the cast, and what to do when you catch a fish. Along the way I’ll provide connections to our lives as security professionals and give you tips to help you advance in your trade and career. At the end of the talk, hopefully you’ll be a better security professional and maybe will also join me in the ranks of people who stand in cold water trying to catch fish that don’t want to be caught.
Bio: Bruce Potter is the CISO at Expel. Bruce is responsible for cyber risk management at Expel and ensuring the secure operations of Expel’s services. He also ensures employees are pronouncing CISO correctly (it’s ciz-oh). Previously, Bruce co-founded Ponte Technologies, a cybersecurity research and engineering company that did work with organizations ranging from hedge funds to intelligence agencies. After Ponte Technologies was acquired by the KeyW Corporation, Bruce served as KeyW’s CTO for 2 years. In another life, Bruce founded the Shmoo Group and helps run the yearly hacker conference, ShmooCon, in Washington DC. Bruce has co-authored several books and written numerous articles on security (or the lack thereof). He as also spoken at many conferences including DefCon, Blackhat, and O’Reilly Security as well as private events at USMA, the Library of Congress, and other government agencies.
Sending ciphered messages to your friends that the teacher can’t figure out!
This kid friendly lab and talk starts with a quick history of ciphers. Covering the classic substitution cyphers and why they are poor choices for messaging. Then moving into some simple methods to create complex ciphers. It ends with constructing a Pringles Enigma or Paper Enigma that the participants get to take home!
Note: Some math will be happening, so bring your smartphones or calculators!
Bio: @BiaSciLab is an energetic 10 yr. old with a passion for technology and stuffed animals. You do not want to miss this lab, it will be talked about for years! Come see the future of technology!
System Administration for Kids
Speaker(s): Corbin Frisvold @Sh4d0w_R4ng3r
System Administration for kids is a talk on what it’s like to be a teenager getting into the world of information security and penetration testing. I will be talking about my experiences with finding information and opportunities to put my knowledge to the test. I will also be providing insight on where other beginners and learners such as myself can get extra help and places to start in the field.
Bio: Corbin Frisvold is a 14 year old high school student venturing into the world of information security and penetration testing. He has attended B-Sides since it’s second meeting in 2011 and has been avid in his pursuit of technological knowledge. He hopes to go to more cons and events in the future to secure a future working with technology.
Threat Intelligence Automation Using Jupyter
Speaker(s): Robert Simmons
Keeping up with threats and intrusions to a network can be a time consuming effort. To consume or generate intelligence about these types of threats and operationalize it effectively in one’s organization can be a daunting task. There are a multitude of tools available for the tasks at hand, but many of them are standalone or are cloud based and require API interaction to leverage.
In this talk, we will discuss how our team uses Jupyter Notebook to take the difficulty out of automating a number of common tools used in threat intelligence and hunting. We will show how to inject task repeatability and centralization into the processes we demonstrate. The tools we will cover are Bro: a network security monitoring tool, Cuckoo Sandbox: an automated malware analysis sandbox, Thug: a low interaction honey client, and Volatility: a memory analysis framework. Finally, we will cover how we use Lastpass with Jupyter to keep track of and safely share API credentials.
Listeners of any background will learn techniques for interacting with standalone tools as well as cloud based API tools in a set of notebooks. Additionally, security practitioners will take away methods for immediately leveraging the tools covered in the talk and demo.
Bio: Robert Simmons is Director of Research Innovation at ThreatConnect, Inc. With an expertise in building automated malware analysis systems based on open source tools, he has been tracking malware and phishing attacks and picking them apart for years. Robert has spoken on malware analysis at many of the top security conferences including DEFCON, HOPE, and DerbyCon among others.
Robert, also known as Utkonos, has a background in biology, linguistics, and Russian area studies. He has lived extensively in Russia and Ukraine and has been known to swear profusely and constantly in Russian.
Why is the Internet still working?
Speaker(s): Jim Troutman @troutman
I have noticed that most InfoSec folks have a limited understanding of how the Internet that we all depend upon actually works and scales, and how issues like Krebs’ size DDoS attacks are dealt with on the modern Internet.
This talk will be a primer on how today’s Internet is put together verses the past, and why it continues to operate. It won’t make anyone an instant expert, but the material presented will be a distillation of history, cartography, topology, policy, legal, and actual operational experience that you won’t find in any other single presentation.
Topics will include: short history and origins of the Internet, definitions of Internet Service Provider Tiers, the difference between IP peering and IP transit, topology of the Internet, how Internet traffic distribution and costs have changed over time, Internet Exchange Points and Content Distribution Networks around the world, IPv4 address space exhaustion issues (and how you can still obtain IPv4 address space), IPv6 adoption, Internet growth metrics, network neutrality, BGP routing, DNS (root servers and Anycast), and remote triggered black-holes.
Bio: Troutman is an Internet “Old Timer” & Engineer, having first been online via a “paper TTY” with a 300 bps acoustic coupler modem in 1982. He has been an active user of the Internet & UNIX since 1987, and has been tasked with building and running Internet infrastructure off and on since the early 90s. He has held a wide variety of roles in Internet operations, engineering, and management at various regional ISPs, CLECs, ILECs, cable TV companies, and web hosts. He is a Director of the non-profit Northern New England Neutral Internet Exchange (NNENIX.NET) in Portland, Maine but his day job is roaming the countryside as a self-employed infrastructure consultant, based out of the great state of Maine.
Windows Management Instrumentation for Good and Evil
Speaker(s): Jaime Geiger
Windows Management Instrumentation (WMI) is a powerful resource for attackers and defenders alike. This talk will introduce WMI, why it is important, and various usage scenarios for both attackers and defenders. Complete with a few live demos that hopefully will still work when the talk is given.
Bio: Jaime is a security professional who dabbles in a bit of everything at the moment. He is a recent Rochester Institute of Technology graduate where he earned his B.S. in Computing Security. He currently works for GRIMM in the Northern Virginia area doing IT management, development, and recruiting. His true passion lies in teaching and sharing security knowledge with anyone who will listen.