IPLOG, ( A beginner’s IDS for the WIN! )
Audience: Students or beginner level sysadmins.
Speaker(s): Nathan Gibbs – @Christ_Media
CEO of Christ Media
Print, Web, Software, and Network Designer
Has been hacking since age 2 when he tried to own the household power grid with a screwdriver and wound up getting
owned instead. 🙂
http://www.slideshare.net/NathanGibbs3 Why is IPLOG a beginner’s IDS for the WIN? Find out at #BSidesDE 2014 🙂
IPLOG provides the beginner level sysadmin with actionable network intelligence, without the deployment and administration complexities of a more advanced IDS solution.
This talk will cover & compare the deployment of tcpdump/wireshark, IPLOG, & SNORT, as IDS platforms, with IPLOG falling in the middle ground between tcpdump & SNORT.
Cook Like A Hacker!
Speaker(s): Jim Gilsinn – @jimgilsinn
Jim Gilsinn is a Senior Investigator at Kenexis Security. He has over 23 years of engineering experience, including 13 years in industrial control system (ICS) performance and cyber security. Jim is responsible for designing and assessing secure and reliable ICS/SCADA networks and security programs.
Cook like a hacker, and I don’t mean Ramen noodles, take-out pizza, and a bowl of cereal. A lot of hacking involves using a basic set of equipment, learning a powerful set of tools, following a basic set of procedures, a lot of improvising and experimenting, and learning from your mistakes. Cooking is the same. You can cook amazing meals, but it means that you have to be willing to apply a hacker-type mindset to an area that doesn’t involve computers.
Compromising the Perimeter
Audience: This talk is intended for all audiences be they red or blue team who are interested in learning more about physical security/red team type testing.
Speaker(s): Keith Pachulski – @sec0ps & Robert Chuvala – @dicipulus
Keith Pachulski is currently working as a Security Consultant for Dell – SecureWorks. Keith has more than 22 years of experience in physical and information security. He is currently responsible for the performance of red team testing, vulnerability assessments, penetration testing, application security assessments, wireless security assessments, compliance assessments (PCI-DSS, HIPAA, ISO 27001(2), FISMA), security strategy, security training, secure network design, policy development, best practices assessments (CERT, NSA, NIST, ISO) and security education and awareness. He has created and managed a Managed Security Services program for a private sector company supporting clients internationally. He has extensive experience working in the Federal sector performing vulnerability assessments, penetration testing and compliance assessments.
Robert Chuvala is a Security Consultant at Dell – SecureWorks. Prior to that he worked at Accuvant Labs. In a previous life he worked at a helpdesk for a large manufacture for 8 years. I experienced first hand the shortcuts that network support people will take to make their small network run on a worldwide network to whom you are but a small byte of the global administrators concerns. I learned to be self sufficient but stayed off the radar of monitoring tools that would have gotten me in trouble. Prior to all of this, I social engineered my way into facilities as a salesman trying to find purchasing agents that needed to buy the widgets I sold.
The presentation address the common methods and tactics used to physical penetration facilities and inserting persistent access devices into the network. Discussion on why those methods work as well as the ways to correct the flaws discussed during the presentation. The incorrect perceptions of physical security vs the reality of physical security from an executive level. Some tool demonstrations will be performed to detail common methods for bypassing physical security controls (not lock picking).
Being the change, how to create secure end users
Audience: Security and Technology Professionals looking to change the security awareness level and culture at their orgainzation.
Speaker(s): Michael Spurgeon
Over 10 years of experience in technology and cyber security.
Expert of bridging the communication barrier between executives and security professionals.
Learn how to transition employees into secure end users. We’ll touch on computer security awareness training, executive briefings, risk assessments, communication, budget and much more. After attending this session, security and technology professionals will be fully equipped to lead the culture change within their organization.
That awkward moment you find out you’re responsible for data preservation.
Audience: Security leadership and/or systems administration.
Speaker(s): Ray Hawkins
Ray Hawkins an experienced Information Security Professional with more than 15 years experience – currently serving as an Information Security Officer for a large Healthcare company.
Adding a business & legal critical function such as Data Preservation and e-Discovery support to your InfoSec portfolio can be exciting and disruptive. Join us for this case study as we share how we on-boarded this function in less than six months including: technology specification, acquisition and implementation; process implementation, case management, and finally lessons learned and the path ahead. You’ll be better equipped to support this in your own company, understand the importance of scope and requirements and the role of adaptability in changing and improving over time.
Password Cracking 101: An Introduction to Getting The Keys to the Network
Audience: Everyone with an interest in password cracking, with a primary focus on beginners.
Speaker(s): Peter Clemenko III – @aoighost
Peter Clemenko III is a student at Wilmington University who has a love for password cracking. He achieved the highest individual student score at the 2014 US Cyber Challenge Delaware Cyber Camp primarily through password cracking, and is currently working on various projects involving security on both blue and red team related issues. His primary background is digital forensics, but he is working on expanding to red team as well.
Passwords are the keys to the kingdom in the digital realm. The problem is that word lists only go so far; and you will frequently need to go beyond what the word list provides. This talk will give a basic rundown of password cracking, with a focus on the use of Hashcat, some neat tricks to help you be able to crack passwords that aren’t in your word list, and building your word list. The primary objective of this talk is to give absolute beginners a basic rundown on how crack passwords beyond just using a basic word list.
What Dungeons and Dragons Taught Me About Infosec
Speaker(s): Joey – @l0stkn0wledge
Joey is a reluctant CISSP with eight years experience in network security and currently works securing networks in his own special way as a senior network security engineer for Tenacity Solutions. When he finally finds some free time, he works on his countless, incomplete projects and trying to share his twisted view of the world with anyone crazy enough to listen.
What can anyone possible learn about working in the information security world from a library of fantasy books, stacks of paper character sheets and handfuls of plastic polyhedrons? Surprisingly quite a bit. This talk will dive into some of the core background behind Dungeons and Dragons (and really any RPG) and show how some of the same concepts that many of us learned during our nerdy days rolling D20s apply to the infosec community and the work that we now face on a daily basis.
SDR ALL THE THINGS
Audience: Basic level of wireless anything; this class is a bootstrap style of instruction.
Speaker(s): @dntlookbehindu, @Zero_ChaosX, @simonj_dc
After an unsuccessful adult film career under the pseudonym “Chubby Cox”, Zero has settled comfortably into his backup career of Wireless Security. Specializing in Wifi security, he has also branched out into bluetooth, radio, and sdr. Currently, he is working on the best Linux distro to ever grace the face of the earth, Pentoo. This bio is entirely unbiased.
SimonJ likes to mess with wireless technology from time to time, though his most notable contribution to FOSS was winning the religious debate over whether clickable send buttons are necessary in chat interfaces.
In this class, we’ll review radio theory, antenna design, software defined radios, the tools used, and wrap up with exercises/challenges for everyone who sits in. The class is modular, so feel free to jump in and out based on your experience level with the sub topic. If you know nothing or are an expert, please come by as we’ll all learn something new!
Security Shark Tank
Audience: People who want to learn the physical limitations of the human body.
Speaker(s): Marcus J. Carey – @marcusjcarey
Marcus J. Carey is the founder of FireDrillMe Inc., an Austin-based security startup, dedicated to assessing information security personnel, products, and procedures.
As a member of the information security community, I know many smart people who have amazing solutions to real world problems. We often lack the resources to make a dent in an ecosystem dominated by well funded incumbents. I believe given the right opportunities and funding we can challenge the status quo and build great products and businesses.
In this talk I will share my experience of pitching my security dreams to technology incubators, angel investors, and venture capitalists.
Give Yourself a Hand 2014
Audience: People who want to learn the physical limitations of the human body.
Infojanitor is a senior security systems engineer with more than 20 years experience for a fortune 60 company currently assigned to a customer site in the Washington DC metropolitan area. As a senior engineer he is responsible for world-wide evaluation, certification and integrity testing of a variety of current and emerging technologies, network architectures, and devices.
In addition to electronic systems testing he has engaged in personal physical protection for more than 30 years and taught seminars in Europe, Asia, and The Americas.
Have you ever wondered what would happen if someone attempted to restrain you against your will? This seminar will help you answer that question it will include continued escape and control techniques for personal physical protection. These techniques are simple proven effective means of escaping from being grabbed or held by an attacker and reversing the position or escaping.
Cyber Security and other Emergent Features of Self-Organizing Systems
Audience: Everyone who wants to learn about a unique biologically inspired approach to the internet of things, cyber security, and self organizing systems.
Speaker(s): Dr. Sven Brueckner
Sven co-founded AXON Ghost Sentinel, and leads and manages all technology research and product development efforts. He has led and managed basic and applied research efforts for more than a decade, and has more than 20 years of experience in multi-agent systems research and self-organizing system technology development. Sven has pioneered technology in fields ranging from document discovery to population prediction to vehicle control to logistics optimization. He has led numerous agent-focused technology efforts, authored over twenty papers on agent-based and complex systems’ theory and application, and has been named inventor on several patent filings. Sven received a Dr. rer. nat. in Computer Science from Humboldt University in Berlin, Germany.
In the growing “Internet of Things” (IoT), more and more everyday objects are equipped with some processing power and networked to other such objects with the goal to orchestrate complex behaviors in interaction with the humans occupying the shared space. Well-hyped examples of such intended behaviors are of course home automation, intelligent traffic coordination, or healthcare support. To create such a complex system of individually active components, some researchers are turning to nature for guidance. There we find many examples of large-scale self-organizing systems comprising simple components (e.g., ants in a colony) within which robust and adaptive goal-oriented system-level behavior emerges (e.g., formation of efficient trail networks to bring food to the nest). But not only do we seek to engineer the desired primary system functions as emergent features of a self-organizing system, we also apply the approach to create the secondary function that all these IoT systems should have in common: Cyber Security. In our talk, we briefly provide an introduction to self-organization and emergence in natural and engineered systems and then outline our vision for swarming cyber security that AXON Ghost Sentinel is working towards.
Increasing Diversity in Tech
Speaker(s): Women’s Society of Cyberjutsu
Women’s Society of Cyberjutsu
Our primary mission is to advance women in cybersecurity by providing programs and partnerships that promote networking, education, mentoring, resource-sharing, and opportunities.
Look around the room and what do you see? A lot of white guys, right? So we love white guys but we’d like to see more diversity. Women and minorities are vastly under-represented in the tech arena. The Women’s Society of Cyberjutsu is actively working to change the playing field and we need your help! We would like to share some statistics and also our personal experiences in order to start a dialog about how we can all make a difference.
Space Rogue’s Happy Fun Time Hour
Audience: Anyone in infosec
Speaker(s): Space Rogue
Space Rogue is widely sought after by journalists and industry analysts for his unique views and perceptions of the information security industry. He has been called to testify before the Senate Committee on Governmental Affairs and has been quoted in numerous magazine and newspaper articles. He has also appeared on such TV shows as News Hour with Jim Lehrer, CNN Nightly News, ABC News Online with Sam Donaldson, and others.
A recognized name within the security industry, Space Rogue and his colleagues created the first security research think tank known as L0pht Heavy Industries and was a co-founder of the Internet security consultancy @Stake. While at L0pht Heavy Industries Space Rogue created the widely popular Hacker News Network, which quickly became a major resource on the Internet for daily information security news. Before HNN he ran the The Whacked Mac Archives, which at the time, was the largest and the most popular Macintosh security site on the Internet. He has also worked at several Internet Security companies such as Guardent and Trustwave.
Space Rogue has written articles that are often quoted or referred to by other major media outlets. He has spoken before numerous audiences including BlackHat, Defcon, Shmoocon, SecTor, HOPE, H2K, and others. He has been quoted and filmed by a wide variety of different media outlets from Austrian TV to MTV, and from Wired to MSNBC.
Currently Space Rogue is a Strategist for Tenable Network Security.
Space Rogue does away with the traditional fifty minute talk on one topic with “Space Rogue’s Happy Fun Time Hour” where he will talk about five different topics (or more) in this fifty minute session. Topics that may or may not be covered may or may not include MAPP, Cyber, Chipotle, Hype, Pokemon, Government, Cyber, Squirrels, HNN, and Misogyny.
This talk will be completely stunt hacking free and will contain 0% Android content.
Making everybody happy- security and compliance for third party vendors
Audience: Ages 8-80. Seriously, anybody trying to ensure the security of data entrusted to third parties or those third parties.
Speaker(s): Alex Muentz
Alex Muentz is an information security professional and attorney. You’ve likely caught his talks at other infosec conferences.
When he’s not explaining law to tech people or technology to his clients, he tries to spend more time with his wife and cats.
Are you attempting to do security or compliance, either from a vendor management or vendor’s point of view? These tasks don’t have to be an either/or proposition.
For the vendor-managers: It’s possible to reduce the effort of your security surveys while separating the good, struggling and ugly (without having to be the Man with No Name…)
For the vendors, especially at smaller shops: It’s possible to do ‘good enough’ security and compliance within a budget and document it, too.
Examples of how to do it and how not to do it will be given.
The Hacker Mystique
Speaker(s): Aunshul Rege
Aunshul Rege is an Assistant Professor with the Department of Criminal Justice at Temple University.
The glorification of cybercrimes and cybercriminals in the media and popular culture has helped with the promotion and sustenance of the ‘hacker myth’, portraying them as dramatic, all powerful ‘bad-guys’, anonymous, untraceable, and part of an impenetrable underworld. Is this truly the case? This talk shares preliminary findings from interviews and focus groups conducted at HOPE X, where hackers shared their thoughts on the hacker mystique. The talk also seeks feedback on how to proceed.
Project KidHack – Teaching Kids (and even some adults) Security through Gaming
Speaker(s): @grecs – NovaInfosec.com
grecs has almost two decades of experience, undergraduate and graduate engineering degrees, and a really well known security certification. Despite his formal training, grecs has always been more of a CS person at heart going back to his VIC-20, Commodore 64, and high school computer club days. After doing the IT grind for five years, he discovered his love of infosec and has been pursuing this career since. Currently, he spends his days doing cybersecurity paperwork drills in building multi-billion dollar government systems. At night he runs a local infosec website and tries to get some hands-on skillz.
Wanna teach your kid to be a hacker but don’t know where to start? Security is a fairly complex topic but games offer the best way for kids to learn the basics. This presentation not only reviews a sample of existing games that teach security fundamentals to a younger audience but also discusses a new crowdsourced project to catalog similar fun and entertaining ways to teach kids security. This project could help spur interest in later university and other programs and potentially a career … or at least make our children a more security-conscience adult in whatever field they choose.
Technology is worth 5%
Speaker(s): Joshua Marpet – CEO of Bijoti.be
Joshua Marpet is the CEO of Bijoti, a startup dedicated to manage security for midmarket companies. He’s done just about everything, from Senior Information Security Analyst at the Federal Reserve bank of Philadelphia, to ex-cop.
Bijoti is his first foray into startup security products, and it’s been a wild ride, with plenty more to come.
Building a startup in an accelerator, especially when connected to an open source project, is an exercise in learning about an entirely new world. That new world is Finance and Business. Not “I can start and run a business”, but exit strategies, multipliers, financial models, and N-tier reselling margins.
Heck, that doesn’t even include the finance part! It’s crazy, and fascinating, all in the same breath. Let’s talk about how hard it is, and why you’re not doing it, and why you should.
Sharing: What the world knows about your network
Audience: Everyone. There are pieces for business types and technologists, but no code or deep mathmatics.
Speaker(s): Roy Stephan
Roy Stephan, CEO and Founder of PierceGTI, has founded 4 Internet and security companies as CEO or CTO focused on building cutting edge technologies for government, healthcare, and financial markets. Additionally, Roy was CTO for a major government contractor, where he spent a decade building their cyber and application development capabilities, and architecting solutions for customers as diverse as US Courts to Air Force One. Roy is a graduate of the University of Virginia engineering school where he also served on their industry advisory board.
No man is an island. We need to work better together in order to increase security and share awareness of threats that are hitting our markets. This talk outlines “Privacy Enabled Crowd-Sourcing” for threat data. It explores models of sharing that have worked or not worked in the past and drills in on how to apply algorithms developed by the US Census to create successful threat sharing programs.
Healthy Hacking Snacking
Audience: Everyone because it’s important for everyone to eat healthy to have a healthy brain for hacking
Speaker(s): Jillian Goodman, Applied Nutrition Major at University of Delaware
Jillian Goodman is a recent graduate of the Applied Nutrition program at the University of Delaware.
Hacking brains are smart brains, but so are healthy brains! So, clearly being a healthy eater as a hacker is important. The long hours spent at your computer and in hotels can surely influence the way hackers eat. Not getting the right nutrition can bring bad moods, weight gain, and make you too tired to keep your hacking abilities at full potential. With the right eating schedule and faster, easier, healthier meals, you could be at your prime in no time.
Securing Your Assets from Espionage
Speaker(s): Stacey Banks – @StaceyBanks
InfoSec Wonk. Geek. Pirate Captain. Triathlete. GRT.
Espionage at its root is a security concern. Consider, how many of your competitors are using your knowledge to cut their costs? Economic espionage includes a multitude of tactics used to gain your trade secrets, competitive knowledge, sources, and more. We will explore the issue from both the insider and outsider perspectives and review what steps can be taken to better protect against this continuing threat. Topics covered will include social engineering, insider theft, cybercrime, and what you can do to protect your information.
Hacking your way to good eats on the road
Speaker(s): Shalom ‘Spam’ Silbermintz
I’m just this guy, you know.
Don’t be reduced to a diet of fast food, powerbars, and energy drinks when on the road or at a conference. By applying the hacker mindset to this problem you can not just survive, but eat well. From sous vide ribs to rice maker stew to cold brew coffee, there’s a surprising amount of great tasting food you can make with just a little bit of effort. This talk will cover strategies, equipment, and tips for cooking & eating when you find yourself away from the comforts of home.
No Matter Where You Go, There You Are – Security answers you may not remember you already know.
Audience: People who are interested in building secure systems and networks, those who want to understand underlying concepts of hardware security enforcement and network segmentation, and those who want to know why what we’re doing often hasn’t worked.
Speaker(s): Bob Stratton (@strat) – General Partner, Mach37
Bob Stratton (@strat) is General Partner at Mach37, a business startup accelerator for information security product companies and a member of the Black Hat Content Review Board. He has worked as a pen tester (before you could buy it in a box), security officer for a tier-1 ISP, in the first commercial network IDS startup, and as a venture capitalist. He believes that the biggest win is when you do well by doing good. When he’s not looking at security companies, he likes to scan satellites, fly airplanes, build radios, and mess with fragrance chemistry.
You’ve all heard the Santayana quote about forgetting the past and being doomed to repeat it. People have been pondering computer security problems, doing research and inventing things since at least October of 1972. As with any field, people sometimes had ideas that were impractical, difficult to implement, or just too far ahead of their time. This talk will explore the possibility that real solutions to difficult problems may be right in front of us, but forgotten. Some mitigations upon which we depend everyday are mere approximations of what researchers originally had in mind.