2015 Talks

http://bit.ly/BSidesDE2015Schedule

includes all abstracts and bios not also listed here

Villages and Events:

Pros V Joes CTF

Audience:

Students and professionals who want to learn the details of computer compromise through hands on experience in a live combat scenario.

Speaker(s): Eric Arnoth

Description:

The Pros vs Joes CTF is a live combat Capture The Flag event. The Pros are Information Security professionals or advanced in their knowledge of securing / compromising computers and networks. These professionals will help the Joes to improve their skills through the course of two days of attack and defend. On the first day, teams of Joes, captained by a Pro, protect their network from the Red Cell. On the second day, the Red Cell disolves and joins the Joe teams, which then attack each other.

The game is completely virtual, players only need bring a laptop for connecting to the gaming environment via the Internet. Laptops will NOT be in the line of fire.

At the end of each day, there will be a debrief to reveal how compromises occurred, with discussion for how to better defend.


Wireless Village WCTF

Audience:

We cater to those who are new to this game and those who have been playing for a long time. Each WCTF begins with a presentation on How to WCTF. We also have a resources page on our website that guides participants in their selection of equipment to bring.

Speaker(s): @Wifi_village and @WCTF_US

Description:

The Wireless Village is a group of experts in the areas of information, WiFi, and radio frequency with the common purpose to teach the exploration of these technologies with a focus on security. We focus on teaching classes on Wifi and Software Defined Radio, presenting guest speakers and panels, and providing the very best in Wireless Capture the Flag (WCTF) games to promote learning.

The Wireless Village plans to hold a WCTF contest during Bsides DE.


Forensics Village

Audience:

Forensic pros, interested amateurs, and newbies that want to get started.

Speaker(s): Jon Lucenius

Description:

This is the first year of a forensic village at BSidesDE! This area will feature an intense forensic contest, two talks, and conducting live forensics against the CTF as opportunities arise.

Bring your own laptop or use our loaner machine – either way you will be in an environment where you can be the forensic examiner, working a real life historical major case. We intend to test all aspects of your forensic abilities, including log analysis, image extraction, logical reasoning, investigative sense, and anti-forensic detection skills to name a few.

In addition to the forensics and ANTI-forensic contest above, there will be two talks on wildly different but relevant forensic topics.

We’ll be there for both days, stop by for a little, stay the whole time, or just come over and hang out. This is an opportunity to bring your forensic questions and get them answered from a professional perspective. New to forensics, no problem, we’ll help you get started – we were new once too!


Startup Village

Audience:

Everyone interested in Tech and Business.

Speaker(s): Joshua Marpet – @quadling

Description:

Tech people are valued in the industry. We’re in one of the few negative unemployment industries that there is. But we want more. We want control of our own destiny! How do we do that? Start your own company! Ok, how do I do that? Should I do that? Why would I do that? Oh god, it’s scary!! How do I raise money? Who do I talk to??? We’re going to bring the people in to talk to. They want to meet you. You want to meet them. It’s a match made in heaven!


Classes

Physical Penetration Testing (Low tech or no tech)

Audience:

Intro to active tester.

Speaker(s): Keith Pachulski – @sec0ps

Description:

This training presentation will be a complete walk through on how to perform physical security penetration tests. This is NOT a lockpicking class. We will be covering common tools and tactics used to gain access to target facilities as well as provide videos from real world testing and hands on demonstrations of physical and electronic tools. Additionally, common issues that penetration testers run into will also be discussed, such as personal psychological issues (insertion mentality), manipulating people efficiently and quickly and learning when to not talk.

Topics topics to include:
– Onsite and remote advance work
– Penetration of the external barriers
– Penetrating the facility
– Penetrating the people
– Deploying boxes on the network for remote network access and audio/video surveillance.


Web Hacking 101 Hands-on with Burp Suite

Audience:

Anyone looking to “break into” the web app security field (lame pun intended)

Speaker(s): David Rhoades – @mavensecurity

Description:

A high-energy demo-laden caffeine-laced session that will introduce the student to the techniques needed to remotely detect and validate the presence of common vulnerabilities in web-based applications using Burp Suite, the industries’ most popular toolkit. Testing will be conducted from the perspective of the end user (as opposed to a source code audit).

This is a hands-on session. Attendees are encouraged to bring a PC, Mac, or Linux box running either Oracle VirtualBox or VMware Player (both are free). All of the tools and targets used during the session will be available to the attendees in a single virtual machine file.

To prepare wait until the day before the event then grab the latest version of the Web Security Dojo from here: https://www.mavensecurity.com/web_security_dojo/

NOTE: It’s best to wait a few days prior to the event to be sure you have the latest version of “the Dojo” since that will be used during the session.

Time permitting the following topics will be covered:
Web Primer (HTML, HTTP, Cookies; just the basics)
Introduction to Burp Suite
Threat Classification Systems (OWASP Top Ten & WASC Threat Classes)
Vulnerability Category: A3: Cross-Site Scripting (XSS)
Vulnerability Category: A4: Insecure Direct Object References
Vulnerability Category: A1: Injection (SQL, XML entity, etc.)

NOTE: Since the student will have all of the tools and targets in a single virtual machine, they are free to continue the learning after the session in the privacy of their own localhost. No network required. The Web Security Dojo includes various PDF walk-through guides for some of the targets.


Talks

Raspberry Pi, Kismet, and PCI 11.1

Audience:

Anyone that needs to be PCI compliant- little or no experience is required, attendees can easily implement this solution while gaining some basic Linux and Raspberry Pi experience.

Speaker(s): Bob Hewitt

Video: https://www.youtube.com/watch?v=jh00gU-9s2o

Description:

PCI 11.1 requires testing for the presence of wireless access points (802.11), and to detect and identify all authorized and unauthorized wireless access points on a quarterly basis. Learn how to use Raspberry Pi along with Kismet to comply with this requirement by identifying new wireless access points on a continuous basis for a fraction of the cost of commercial products. This is an easy project for anyone that needs to be PCI compliant regardless of their experience level.


OSINT for Fun & Games

Audience:

Anyone unfamiliar with OSINT.

Speaker(s): Brian Martin of Liticode

Video: https://www.youtube.com/watch?v=LJSWswevl7s

Description:

Open Source Intelligence (OSINT) is the material garnered from publicly available resources and assembled into useful information for an intelligence apparatus. This can be governmental, political, commercial, or personal. This introductory field overview encompasses the origins, the foundational readings, the resources, and real world examples of the information in question. There is a real demand for people in the government and commercial space, who are able to acquire, distill, and or assemble OSINT into useful materials for political or commercial gain.


Kids – Learn to Bypass Parental Controls!

Audience:

Everyone – talk is geared to kids and concerned parents

Speaker(s): Walt Berstler – @kingofbigwheels

Description:

Unable to install your own mobile apps? Blocked from surfing the Internet? Is your DVR locked down with Parental Controls? Learn how to bypass those controls – and not get caught. Your parents have been finding ways around restrictions for years – in fact, some of them get paid to do it! Now it’s your turn.


A Brief History of the Information Security Industry

Audience:

Anyone new to the Industry

Speaker(s): Space Rogue – @spacerog

Video: https://www.youtube.com/watch?v=jh00gU-9s2o

Description:

An introduction and overview of the Information Security Industry as it is today and how it got there from an industry veteran. The focus is on the companies and their related technology that created the industry. This talk starts with information security in general with the creation of the first locks circa 1000BC through the development of the Internet, encryption, anti virus, firewalls, etc., and the companies that created them such as RSA, DEC, Checkpoint and others. The focus is on the companies and the market forces that shaped them.This look at history and the present day is then extrapolated to attempt to look into the near future and what might be coming. This talk is recommended for anyone who is new to the industry or anyone who wants to understand where we came from and where we might be heading.


How to Recruit Purple Squirrels, Pink Unicorns and other Mythical Security Creatures. Or If You Are a Pink Unicorn, How Best to Work with Recruiters

Audience:

Everyone who wants to better understand how to recruit and/or find a job in the security field.

Panelists and Moderator

Lee Wanless is a Resource Manager with G2 Inc and has been active in the recruiting arena since 2006. The past 6 years have been focused on engaging and hiring highly cleared cybersecurity systems and software engineers within the Intelligence Community and Department of Defense. In addition to the aforementioned Lee also supports G2’s Federal & Commercial Practice his focus has been engaging cybersecurity engineers in support of NIST most notably recruiting security policy experts in support of NIST’s Cybersecurity Framework.

Lee is active in the security community attending network security events and MeetUps. Lee resides with his wife, two children and German Shepherd in Columbia MD. He can be reached at Lee.Wanless@G2-Inc.com @LeeWanless

Lamont Price

At age thirteen LaMont Price took over one of the worst paper routes in the neighborhood. He recruited his best friend to help and within 30 days he optimized the customer experience using one simple tactic. The result: a young kid with too much tip money for the next few months. For the last 16 years he continues to share his successful strategies in marketing and recruiting to colleges students and small businesses. LaMont is currently a Sr. Recruiter for Tenable Network Services in Columbia, Maryland.

@lamontprice

Neal Anders  Lead Software Engineer, Research & Development at Tenable Network Security

Kathleen Smith, CMO, ClearedJobs.Net – Kathleen has worked in the recruiting marketing community 12 years and is constantly search for ways to have recruiters and jobseekers better understand each other.

@YesItsKathleen

Description:

Recruiters and job seekers are at odds in the battle for better candidates and jobs. The are horror stories shared in communities, in blogs and on videos about the recruiter who didn’t know one code from another, or tried to recruit the founder of Ruby on Rails to be an admin. So what do we do? After sharing some of the horror stories from both sides, let’s get down to clear tactics that job seekers and recruiters can use to work together. Hear from security recruiters and jobseekers how they have handled these situations. This session is for anyone looking to find a new job, hire new employees or understand how recruiting is an important part of any company’s success.
We will be a panel of two great recruiters who “”get it”” working with security candidates and one security professional who has fun dissecting poor recruiter behavior on Twitter.



How Evil Kirk Uses Maltego

Audience:

Beginner to Intermediate. Should have some knowledge of Maltego.

Speaker(s): Robert McMahon

Video: https://www.youtube.com/watch?v=HMw92Ed401I

Description:

How to use Maltego to enumerate information from inside a domain, get domain users, computers, shares, files on remote computers and much more with the click of a button by using new local transform API for Maltego that allows you harness the power of .NET. After the talk we will release the API and the transforms mentioned in the presentation.


Padawans – Hacking 101

Audience:

Open to all but benefit those with a passion…and a Laptop w/ Kali VM

Speaker(s): Don Hess

Description:

Learning The Ways of the Force…ing your way into someone’s vulnerable network. Going over the Hacker’s Methodology for the Padawans to understand the Force. Also understand that “”With Great Power Comes Great Responsibility”” and how not to get into trouble with the Dark Side. Then I would like to demo/workshop introduction to Armitage (Gotta support Raphael) and help mentor those interested in exploring WILMU’s CTF environment. Understand that this is an introduction and “”Much to learn, you still have.””

(Seriously Star Wars: Episode VII is around the corner)


Processing 101 for kids

Audience:

Not skilled and for kids

Speaker(s): Corbin R Frisvold

Description:

A talk and (hopefully) hands on teaching of the processing language just to keep kids occupied. I will have hands on demos and programs for the kids to download and fix once they learn. I hope that they all have a lot of fun. This talk can take around 3 hours and then sometime for kids to work on their own. But i might bring in robots they can program with processing so it may take several hours.


“Reasonable” security or are the lawyers coming?

Audience:

Anybody who has data they’d like to protect as well as people who protect data.

Speaker(s): Alex Muentz, law talking guy

Description:

Breaches are still in the news and we’re failing to stop them. Will other groups get involved? Will it be scary?

This talk will discuss the influence regulators, lawyers and insurers currently have and how their involvement will likely affect our jobs, our industry and the organizations we work for.


IoT Security

Audience:

Everyone interested in learning more about IoT. Justin Klein Keane is a recognized security expert working in the IoT industry and one of the chapter leaders of Philadelphia OWASP. Justin is a member of BuildItSecure.ly, the Industrial Internet Consortium, and the OWASP IoT project.

Speaker(s): Justin C. Klein Keane

Video: https://www.youtube.com/watch?v=s5AOkqyCvHg

Description:

It’s been called junk hacking or stunt hacking, but Internet of Things (IoT) security is serious business. The risks and challenges of IoT create a new and vital security and privacy landscape. From resource constraints, to hostile deployment environments, to machine-to-machine (M2M) trust, to autonomous operations, the hurdles to IoT are both unique and formidable. This session will cover the different domains of IoT security from the home to the operating room and the factory floor, outline some of the classic security and privacy challenges that face IoT in novel ways, and the new security and privacy concerns specific to the IoT space. This talk will also cover existing frameworks for assessing IoT security and privacy as well as influential organizations in the space. The presentation will identify the broadest attack surfaces of IoT and common attacks used to compromise IoT deployments. This talk should inform the audience about the problems of the domain, the organizations working to influence change, and resources for those interested in learning more about IoT security.


Technology? Business? How do they intersect, and do I care?

Audience:

Everyone interested in Tech and Business

Speaker(s): Joshua Marpet @quadling

Description:

I’ve been a CEO of a startup product company for a bit over a year now. It’s so far removed from technology, I can’t even tell you. Well, I can try. Let’s talk about how investors, marketers, and Shark Tank-ish type people will look at, evaluate, and decide if you’re worth their time. Have an amazing idea for a new technology or problem solver? Most of the time, they won’t care. 🙂 Not a joke. Want to know why? Come to the talk!


Cyber Intent: Cybersecurity

Audience:

Mid-level security professionals

Speaker(s): Joe Klein & GS McNamara

Description:

The current status of cyber security lacks any judge of visitor intent. We are throwing out valuable intelligence available in the earliest stages of the cyber kill chain, instead choosing to react haphazardly in the later, more expensive stages. We fail to identify the digital bank robbers before they enter and create an expensive, drawn out, and potentially fatal hostage situation. If we were looking out, we could have just locked the door.

Up to this point organizations have chosen to immediately block attacks instead of using them as an opportunity to gather intelligence about their persistent adversary. It’s been a simple business decision because recording attack activity against an organization’s real infrastructure has an associated operational cost that is just too high to bear. But intent tells you a lot about your visitors, potentially allowing you to classify them into good/bad even before a breach occurs.

As an example, predictive policing is a concept that would fair a whole lot better in the cyber world than the real. Removed from the social concerns about profiling, we can fully use it as well as predictive analytics to identify malicious activity early, and then prioritize our human response to handle the truly advanced of the APTs.

Intent is equally important as pre-breach forensics to law enforcement and prosecutors. Being able to establish intent is the differentiator between some classes of crime in the real world, leading to different levels of severity in penalties. Without capturing valuable intelligence surrounding intent, a defendant can allege that their action was a crime of opportunity and not that of a concerted effort. Stalking or any other crime incorporating purposeful or repetitive behavior cannot even be identified in the cyber realm. Today we don’t look into the mindset of the attacker, and so either they’re not caught or they get off easy.


Practical IPv6 Setup and Security for your Home

Audience:

People with Basic knowledge in Networking

Speaker(s): Hristo Asenov @h_asenov

Video: https://www.youtube.com/watch?v=5h8KRlR594Q

Description:

IPv6 is turned on by default in most modern Operating Systems. However, many people are unaware of its capabilities. In this talk, I will explain how to create a publicly addressable IPv6 home network, even if your ISP has not enabled support for it yet. DNS registration, network reachability and home router IPv6 support will be also covered. Security implications of running an IPv6 capable home network and its mitigations will be discussed.


Incident Response Explained by Dora The Explorer and IR training Game

Audience:

Anyone can listen and play

Speaker(s): Bryan Bechard

Description:

I have a presentation on the basics of how to create an incident response program. I use the cartoon Dora the explorer as my inspiration and show hoe she uses many infosec principles to maneuver in her world. Then we put our skills to the test in a mock red vs blue team exercise that pits hackers against infosec pros for command of a companies network. Each game takes about 15 minutes to go through and then you get to switch sides and play again.


Hello Ransomware, Goodbye Data?

Audience:

Any level that has to deal with malware

Speaker(s): Dave Vargas, dvargas@vat

Description:

Malware is such an effective attack tool that it continues to be used by threat actors to endanger organizational data. In this presentation, attendees will be introduced to a new and powerful family of malware known as ransomware. The term ransomware will be defined and there will be a thorough explanation of why it poses such a significant threat. The presentation will review the logical evolution of ransomware from its origins as “rogue software” to the more malicious encrypting versions that we see today. There will be a discussion of the main ransomware families along with a review of the threat actors who are primarily responsible for their distribution. To truly understand the threat that ransomware poses, however, security professionals must know what happens to systems once they are compromised. As a result, the audience will be shown a typical compromise — from initial infection to the payment of a bitcoin ransom (God forbid). Despite ransomware’s effectiveness, there are protections against it and the presentation will review those innovative solutions and best practices that can best mitigate this threat. The presentation will conclude by discussing those ransomware trends that we can expect to see in the future, including the franchising of specific ransomware. By the end of the session, attendees will possess the knowledge necessary to win the battle against ransomware.


Wireshark for Post-Incident Analysis

Audience:

Everyone because Wireshark is an open source tool with various practical applications in the field.

Speaker(s): Daniel Rico

Description:

In an analytic world with a vast wealth of tools, often the simplest methods are the best for determining an attack chain. Wireshark provides the perfect platform for the “dirty” analysis that no one wants to get into. Rather than sifting through false positives provided by IDS/IPS alerts, Wireshark, and a bit of patience, can show summarize an attack. The dissection of anomalous traffic into segments using Wireshark can provide a framework for the reconstruction of an attack. A hands-on approach to traffic analysis. Providing post-mortem PCAPs of an attack, individuals will be asked to determine a method of attack using whatever tools available. Reconstruction of an attack and the determination attack patterns will be then decoded and reconstructed using nothing but Wireshark.


A tiny datacenter, On my head

Audience:

Anyone interested in a unique hardware project

Speaker(s): Nate Lager (@Gangrif) and Kiera Lager

Description:

For DerbyCon 2015, I had a crazy thought, and we put it into action. A CTF inside of a derby. Find out how you too can turn a Raspberry Pi into a self contained mobile datacenter (with or without the hat).

Come and learn the basics on this build, and see how it was assembled. Including a Raspberry Pi, WiFi access, containerization with Docker, and an OLED display.

Presented by Myself, and my 5 year old daughter/derby display model.


Mechanics of an ICS/SCADA Man-In-The-Middle Attack

Audience:

Everyone

Speaker(s): Jim Gilsinn @JimGilsinn

Video: https://www.youtube.com/watch?v=mjfhwxPQIwY

Description:

What does a man-in-the-middle (MITM) attack look like on an ICS/SCADA system? It isn’t hard to find videos, presentations, and tutorials on IT-based MITM attacks, but ICS/SCADA systems don’t react the same way in the presence of an attack. These systems, for the most part, were never designed with security in mind, so strange things happen when you run some of the freely available attack tools.

In this talk, I’ll describe a series of MITM attacks that were run against an ICS/SCADA test system. I’ll talk about how the control system reacted to the attacks. I’ll also show some different configurations that were used during the testing and how the packet streams differed.


IDS is dead, long live IDS

Audience:

Infosec Practictioners with any level of experience, or those aspiring to the field

Speaker(s): Eric Arnoth

Video: https://www.youtube.com/watch?v=PjiphbRRJZ0

Description:

For almost 20 years defenders have depended upon signature based technologies such as intrusion detection and antivirus. In the last several years, however, significant changes have made these technologies almost ineffective. This talk will examine what happened and how defenders need to respond in a post-signature world to survive.


Advanced Cyber Detection: Kill Chain Evolution

Audience:

Everyone–people familiar with the kill chain can learn new ways to leverage the Kill Chain. People unfamiliar with IT Security in general could benefit from learning how threat actors operate.

Speaker(s): Paul Neslusan @Nescafe187

Description:

When the kill chain first became part of the security conversation back around 2008, it was quite useful. It gave people a vision for people to follow, and allowed security professionals to provide a clear narrative to people outside of the security realm.
Now that the Kill Chain model has been applied for a little over a half a decade, we have learned a few things.


R2-D2 where are you?

Audience:

Spawn Camp

Speaker(s): Sam Kinch @spatiald

Description:

The super affordable Edison robot for learning and inventing. Edison is Lego compatible, easy to program and has built-in programs that are activated by driving over barcodes. Students find robotics highly engaging which assists in rapid learning in areas such as science, technology, engineering and maths (STEM). However there are other educational elements can be leveraged from this high level of engagement. Throughout our lesson plans students provide written responses to describe their programs and the actions that their robots take. In the design brief worksheets students get to plan and create their own programs. They also write descriptive behaviors for icons used in their program.


Flow Chart Self-Defense

Audience:

Anyone who has ever wanted to learn some of the limitations of the human machine

Speaker(s): Infojanitor

Description:

Self-Defense is a process just like learning a tool or command line arguments. This seminar will cover some simple concepts to allow manipulation of the human machine that is your body. You live with and in the target all of your life. Now it’s time you learned how to protect yourself IRL not just in the logical sense. You will learn three simple concepts in your flow chart that are always leading to protecting yourself.

This seminar will cover these three simple concepts that will give you some of that knowledge. This knowledge should start you on the road to personal physical protection by identifying and exposing you to some of the weaknesses that exist in the human machine no matter how in shape the attacker appears.

We will not cover or say Cyber, you won’t become a Ninja, or compete in MMA but, you should get an simple understanding of how to protect yourself in an unfortunate event from three simple concepts and nullify the threat IRL.


Data you don’t store cannot be hacked!

Audience:

Anyone interested in limiting and/or avoiding data breaches and data breach discloures.

Speaker(s): Michael Spurgeon

Description:

In this talk we will discuss how organizations can increase the security of their information and drastically reduce the risk of data breaches. These methods work in conjunction with encryption.

PII
• Limit PII to a minimal amount of servers
• Limit access to PII
• Utilize unique IDs
• No PII in transit
• No PII as primary keys
• Check those backups for PII

Payment Processing
• Apple pay leads way
• No servers with stored card numbers or banking info
• No card numbers or banking info in transit
• EMV is a joke

Know the LAW
• What data requires breach disclosure in your HQ state
• Are driver’s license numbers included
• Educate leadership

Executive Support
• Properly document an explain data manipulation
• Security for 10 servers is cheaper than securing 100
• Don’t be a sitting duck


0wn the c0n – Two BSides for the price of one!

Audience:

Con-goers, con director curious types

Speaker(s): Alex Norman (@webyeti), Dorann Norman (@deedee0x00), Josh Marpet (@quadling)

Description:

An open forum with a small presentation to get us started, 0wn the c0n – BSides Edition will cover the 101 of putting on your own BSides. First we’ll cover the high level items that every conference must have such as tickets, talks, and volunteers. Then we’ll cover some of the extras t-shirts, extra tracks, villages, etc that you may want to add to make your con better or stand out from other events. After we’ve covered the basic ideas, we can go into detail on the differences between BSidesDC and BSidesDE. Differences in geographic location and type of location have effects, both positive and negative for each con. We’ll share some stories of things we’ve gotten right (sometimes accidentally) and some of the pain points and lessons we have learned (also sometimes accidentally). This is meant to be a guided open forum so if you have questions feel free to ask us!


Malware Analysis: N00b to Ninja in 240 Minutes

Audience:

Students and those that want to learn about basic malware analysis. Beyond basic Windows use students should also have some light experience in using Linux as well as know how to use VirtualBox, VMware, or the like. In order to get the most out of the workshop students should also have time to prep a basic environment from which we will start.

Speaker(s): @grecs

Description:

Knowing how to perform basic malware analysis can go a long way in helping infosec analysts do some basic triage to either crush the mundane or recognize when its time to pass the more serious samples on to the the big boys. This workshop, based on grecs’ Malware Analysis 101 – N00b to Ninja talks, covers several analysis environment options and the three quick steps that allows almost anyone with a general technical background to go from n00b to ninja (;)) in no time. Well … maybe not a “ninja” per se but the closing does address follow-on resources on the cheap for those wanting to dive deeper into the dark world of malware analysis.


Scratching the Surface: What We Know about Lockpicking Forensics So Far

Audience:

A basic knowledge of lockpicking will help, but is not required to understand the discussion.

Speaker(s): Preston Thomas @PNTinDC

Description:

“Every contact leaves a trace.” The basic principle of forensic investigation extends from trace evidence to network intrusion, and yes, to lockpicking, too.

This talk will provide a primer on the forensic detection and analysis of various methods of lockpicking and non-destructive entry, including bumping and impressioning. The main body of the talk summarizes the excellent work of Datagram, Deviant, Scuyler Towne, and others, as well as providing scientific and legal context for the task of detecting covert entry


Bootstrapping Threat Intelligence Out of Thin Air

Audience:

Techies in SOCs looking to defend their network more intelligently

Speaker(s): @grecs

Video: https://www.youtube.com/watch?v=zteXxWQD7KY

Description:

In the presentation that threat intel vendors do not want you to see, open source and internal data meets home grown resources to produce actionable threat intelligence that your organization can leverage to stop the bad guys. This presentation discusses using what your already have to bootstrap this capability using existing data management platforms with open and flexible schemas to ease identification of advanced threats. Specific topics covered include the advantages of using open and flexible platforms that can be molded into a data repository, a case tracking system, and an Indicator Database. By analyzing this data using techniques such as the Cyber Kill Chain and Diamond Model for Intrusion Analysis, organizations can create Campaign and Adversary tracking artifacts that evolve into actionable threat intelligence and guide other investigative activities such as Data Fusion and Hunting. And yeah … threat intel vendors still hold a role in ultimate threat intelligence nirvana but there is a lot you should do on your own first in order to better understand your requirements in searching for that ideal partner.


Building the Next Generation of InfoSec

Audience:

Everyone interested in developing infosec skills and more infosec professionals

Speaker(s): Brian @ForgottenSec

Video: https://www.youtube.com/watch?v=5sWSKsVCam0

Description:

Many infosec professionals would love to help those interested in joining the infosec community, but don’t know the available resources and options to volunteer. Many organizations building the programs for new professionals desperately need volunteers. This talk aims to identify resources and opportunities for us as professionals to help the pipeline. Helping also comes with the silver lining of being able to help develop new professionals which can allow for more visibility for choosing your organizations next intern. Resources continue to build and continue to target younger groups for learning infosec as programs targeting middle schoolers are becoming more frequent. I will be discussing many of the more popular programs that exist and how to participate.


SoHo SIGINT

Audience:

Basic radio knowledge.

Speaker(s): Russ Handorf

Description:

SoHo SIGINT is about the wandering musings of the value and use of collecting basic information about radio communications in your immediate residence. You’ll learn what worked, what doesn’t, what’s interesting and what’s not and hopefully enough to build something yourself. From WiFI, Bluetooth and Software Defined Radio intercepts and recordings, you’ll specifically learn about the hardware, software and other choices that might influence your own SoHo SIGINT collection.