2016 Talks

Villages and Events:

Forensics Village

Speaker(s): Jon Lucenius


In the ever evolving world of digital things – there has always been forensics. Like home computers, I started back in 1979 on small black and green things, writing stuff, wondering what happened, and what can be done to make things better. Since then I’ve done graphics, websites, and a good bit of hacking for banks and the like. My current job is putting it all together to solve cases and find bad guys – nowadays they call me a Cyber Forensic Investigator.”


This is the Second Annual installment of the Forensic Village. We will once again welcome all levels of experience and challenges! Whether you want to show us how much you know (there were plenty of you last year) or need our help to get something forensicated (please bring your wild and whacky challenges and questions) – we will welcome your interest and participation. We have a few forensic talks in the wings as well so stay tuned more great stuff!

Wireless Village WCTF

Speaker(s): @WiFi_Village, @wctf_us


The Wireless Village is a group of experts in the areas of information
security, WiFi, and radio frequency with the common purpose to teach the
exploration of these technologies with a focus on security. We focus on
teaching classes on Wifi and Software Defined Radio, presenting guest
speakers and panels, and providing the very best in Wireless Capture the
Flag (WCTF) practice to promote learning.

The Wireless Village plans to hold a Wireless Capture the Flag (WCTF)
contest during BsidesDE.

We cater to those who are new to this game and those who have been
playing for a long time. Each WCTF begins with a presentation on How to
WCTF. We also have a resources page on our website that guides
participants in their selection of equipment to bring.

Keep an eye on @wctf_us, and @WIFI_Village for details.


Physical Penetration Testing – The Finale

Speaker(s): Keith Pachulski – @sec0ps


Keith Pachulski, Security Consultant. Keith has more than 23 years of experience in physical and information security. He is currently responsible for the performance of physical and electronic penetration tests, vulnerability assessments, application security assessments, wireless security assessments, compliance assessments and security training. Keith performs physical security services and executive security services as an independent contractor. In the past he was CSO overseeing the operations of 13 companies and created/managed a Managed Security Services program for a private sector company supporting clients internationally. He has extensive experience working in the Federal sector performing vulnerability assessments, penetration testing and compliance assessments.”


This day long class will be a complete walk through on how to perform physical security assessments and tests. This is NOT a lock-picking class. We will be covering common tools and tactics used to gain access to target facilities as well as provide videos from real world testing and hands on demonstrations of physical and electronic tools. Additionally, common issues that penetration testers encounter into will also be discussed, such as personal psychological issues (insertion mentality), manipulating people efficiently and understanding the most common physical security controls encountered during testing.

Additional topics to include:
– Onsite and remote advance work (recon/surveillance)
– Penetration of the external barriers
– Penetrating the facility/internal barriers
– Penetrating the people (security personnel and attacking human targets)
– Deploying low power boxes on the network for remote network access and audio/video surveillance.


Owning MS Outlook with powershell

Speaker(s): Andrew Cole @colemination


Andrew Cole (@colemination) is a security researcher with an obsessive passion for Windows PowerShell. In a past life he was a Military Intelligence Systems Maintainer, a Cryptologic Network Warfare Specialist, and Journeyman Interactive Operator for the US Army. He currently works for Chiron Technology Services’ Information Operations Team as a Computer Network Exploitation (CNE) instructor and content developer, and has previously spoken at B-Sides Augusta and NolaCon.”


Most companies, businesses, and organizations rely on Microsoft Outlook for managing email. This talk explores how Outlook can be leveraged for the benefit of red teams and penetration testers using only Windows PowerShell. Going beyond the basics of mere data mining, we will explore manipulating exchange rules to better enable client-side exploitation opportunities and gain further access. From there we’ll move on to maintaining access, covering everything from basic and dynamic triggering methods to collection automation techniques.

Preventing a Hostile Matrix: A VR and Game Security Call to Arms

Speaker(s): Peter Clemenko III @aoighost


Having escaped The Matrix, Peter was sent back in time to prevent The Matrix from happening in the first place. He succeeded, kind of, but then the future became CPAF, Section 9 became a thing, and all these people’s cyberbrains started getting hacked. After having a beer with Hideo Kuze and Motoko Kusanagi he realized it was time to go back to the past once again to help secure VR so that the cyberbrains of the future wouldn’t be used to hurt others through what became a common presentation layer attack vector.”


Virtual Reality is the next frontier, and as a new medium brings presentation closer to wetware which can have serious consequences if not done properly. This talk will go over a few problems found in game design mentality along with a few problems found in game assets for Unity3D, a common engine for VR. It will also cover some ways this could affect people if done wrong and some ideas on how to fix it. This is not a technical talk but rather a call to arms. This is our chance to start relatively fresh with a new communications medium, let’s seize the opportunity while we can to do this right.

This talk will cover psychological impacts of VR, done right, and done wrong, along with ways attackers could plausibly manipulate people with VR. It will also take into account previous mediums of communication and how they failed to remain secure, as well as the flaws in game development mentality, and how to bring security to game and VR development. There will also be a little public disclosure of the kinds of flaws you occasionally see in game development, and what we can do to fix this now, before it gets out of control.

How to Join the Infosec Community

Speaker(s): Micah Hoffman @WebBreacher


Micah is an active member in the NoVAHackers community, a certified SANS instructor, writes Recon-ng modules, and runs a number of open source projects. When not working, teaching, or learning, Micah can be found hiking or backpacking on the Appalachian Trail or on the many park trails in Maryland.”


In 2005, I was happy. I’d earned my CEH and CISSP certifications and was content in a job performing security testing. I’d heard about “hackers” and their “0-days” but had never met one nor developed an exploit myself. It was at my first Defcon in 2006 where I learned that hackers did more at conferences than merely attend talks. They participated. They shared. They picked locks! OMG THEY PICKED LOCKS! This was a community that I wanted to join but I didn’t know how.

If this sounds like you (or your friend), I encourage you to join me for this talk. We’ll laugh. We’ll cry. Oh and I will share my top strategies for joining the infosec community too!

Backbone Network Security Visibility In Practice

Speaker(s): Yang Xu


I’m a network security engineer with 7 years of experience in the field and currently a member of Netlab(Qihoo 360) where I focus on network/passive-dns data process/analysis and threat research.
Before joining NetLab(Qihoo 360), I was a security engineer in NSFOCUS and has been involved in many different projects, like SoC architecture design and implementation, and intranet-traffic anomaly detection.”


Threat Intelligence is extremely hot in the latest 2 years, meanwhile Threat Visibility is the first step to talk Threat Intelligence.

Our team is focused on collecting, processing, storage, analysis the security related basic data, in hope of sweeping away the dark corner of the internat and seeing more.

Now, we run the Chinese biggest public available PassiveDNS database (passivedns.cn), and the Global DDoS Attack Detection System (ddosmon.net) based on backbone network, meanwhile the Global Scanner Tracking System is expected to follow soon.

This talk will cover the following questions:
1, Intro – Monitor backbone network, Why and How
2, How we dealing with “”BIIIIIG Data”” in real-time
3, What Processing Module we use and what data feature matters
4, What can we get from backbone network monitor
a. All kinds of scanner: SYN scan/ UDP scan/ HTTP banner scan/ Subdomain scan(brute-force) …
b. All kinds of attacks: SYN flood/ Amplification attack/ DNS flood/ HTTP flood(CC)/ Random sub domain attack …
c. Profile!
5, Cases
6, In Addition:
a. MO
b. Side indicator
c. Partial data
d. Effect of GFW
e. Integration of third-party Data

Baking Pi: Homebrew Lab for Infosec Experiments

Speaker(s): Emlyne Forren


Infosec practitioner by day, zombie hunter by night; Emlyne is a relatively new light in the information security space, and is looking to grow any and all skill sets in this field. She works in the energy sector, protecting power grids and the like from attackers, and extends her work life as a hobby at home as well. When not seen behind a computer screen, Emlyne can be found looking down the reticle of Vortex optics or through a tinted visor as she rides her Triumph Street Triple. Cyber.”


Learning infosec practices and expanding your knowledge past the classroom has always been difficult. In the year of old crotchety hooligans, they use to beg/borrow/steal hardware in order to learn. Kids these days have new hotness’s available to them: cloud services, VPN’s, and more. But what is lost is that tactile control and feedback of owning that platform for learning.
In this talk, you’ll learn about the odyssey and exploration I took on developing a home laboratory on the cheap, leveraging modern tools as cost savers that will allow you to have the same learning experience our elders once had; minus the power bill, cooling requirements, and sketchy acquisition of hardware. Students, learn from this demonstration as to how you can grow your infosec ninja skills at home; experts, please provide improvement from your experiences!

VMs All The Way Down – How to create an inexpensive virtual lab as a powerful, flexible, InfoSec learning environment.

Speaker(s): John Hubbard @JHub908


John is a Community SANS Instructor and Lead Analyst for GlaxoSmithKline’s U.S. Security Operations Center. His daily responsibilities include detecting and defending against targeted attacks, threat hunting, incident response, and malware reverse-engineering. With degrees in Electrical and Computer Engineering focusing on cyber security, his interest and research spans from malware, penetration testing, and security monitoring, to mobile device attacks, car hacking, and the Internet of Things. He is GIAC GMON, GPEN, and GREM certified, is passionate about information security, and loves to attend all the conferences he can get to. In his free time, he studies malware, runs a honeypot network, and enjoys slowly turning his home into a data center. He maintains a web presence with his blog at 909research.com and on twitter @JHub908, where he writes on current threats, malware, security monitoring, and his growing virtualization lab.


Just getting started in InfoSec and need some guidance on virtualization? Used virtual machines before, but want to expand to a more complex, dedicated virtual lab? This talk will cover the numerous hardware and software options you should consider, and will discuss both simple and complex configurations. The focus will be on setting up a lab that is home friendly, inexpensive, and as flexible as possible. Offense and defense setups will be discussed, as well as recommendations for virtualization software, server hardware, and networking gear. You will leave with a list of VMs to use, an understanding of the benefits of hosted vs. bare metal hypervisors, different virtualization packages, and how to build an inexpensive lab that emulates a multi-tiered corporate environment.

The details of the investigation that resulted in the Mamba Ransomware discovery

Renato Marinho


Renato Marinho, MSc, is an information security researcher at Morpheus Labs. With more than 15 years of hands-on experience in the field he holds also professional certifications like CISSP, CRISC and PMP. He teaches Computer Forensics discipline at Universidade de Fortaleza (Brazil) and is a frequent presenter at different international conferences like Security BSides, Mind the Sec, WSKS Portugal, GTER/GTS and Brazilian CSIRTs Forum. ”


In this talk I will present the details and challenges of handling an incident suffered by a large multinational company with subsidiaries in Brazil, India and the United States that resulted in the Mamba discovery, the first ransomware to use, in fact, the Full Disk Encryption (FDE) strategy.
I’m going also to present the entire process of researching, publication and collaboration with CERTs from various countries, research laboratories and international security products players.

Factoring Macaroons: Building phish and MITM-proof decentralized two-factor auth

Jonathan Rudenberg @titanous


Jonathan leads development of Flynn, an open source platform as a service that hosts apps and databases. Before starting Flynn, Jonathan was a security consultant, participated in various bug bounty programs, and co-architected Tent, an open, decentralized, communication and storage protocol.


Macaroons are bearer credentials that implement flexible, cryptographically sound authorization and enable fast, stateless enforcement of arbitrary authorization policies without phoning home to single sign-on or other auth servers.

FIDO Universal Second Factor (U2F) is a widely deployed open standard for simple and inexpensive cryptographic hardware devices that provides an easy second factor for authentication.

This talk will provide an introduction to Macaroons and U2F, explain their cryptographic construction, and describe an open source project that combines them to provide an authentication and authorization system that completely eliminates phishing and defends against man-in-the-middle attacks.

To submit a talk or see what other talks are awaiting your votes or feedback check out the 2016 Call for Papers