BSidesLasVegas 2015 Aug. 4, 2015 to Aug. 5, 2015, Las vegas,usa

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open Source Tools Jason Trost , Nicholas Albright In this workshop we will present an overview of the current state of the art ...
Pentesting PLCs 101 Arnaud Soullie There is a lot of talking about ICS, SCADA and such nowadays, but only few ...
(Un)Keynote: INCITE CLUB: WendyLady vs. ErrataRob or, “Fly THIS Sideways!” Robert Graham , Wendy Nather Hacking isn’t just reindeer games any more. The ones and zeros are turning into real-world, ...
I Am The Cavalry Track Introduction and Overview Nicholas J. Percoco , Josh Corman We will provide a brief overview of I Am The Cavalry, as well as outline ...
A Security/Usability Review of Wordpress 2FA Plugins Per Thorsheim So 2FA was supposed to save the world from passwords, huh? This review of a ...
Speaking Metrics to Executives Michael St. Vincent Just as strong CIOs have moved from talking about processors and routers, leaders in information ...
Underground Wi-Fi Hacking for Web Pentesters Greg Foss There is an ever-increasing trend with Internet Service Providers of all sizes providing open wireless ...
Injection on Steroids: Code-less Code Injections and 0-Day Techniques Tomer Bitton , Udi Yavo We expose additional new user- and kernel-mode injection techniques. One of these techniques we’ve coined ...
Verum - How Skynet Started as a Context Graph Gabriel Bassett vow that we've all seen an 'intelligence' stream, we can safely say it's not doing ...
Practical Application Whitelisting Evasion Casey Smith Organizations continue to tout Application Whitelisting as one of the best counter-measures to deploy. We ...
Barely Legal: the Hacker’s Guide to Cybersecurity Legislation Jen Ellis Cybersecurity is a hot topic in DC, and everyone is building an agenda on it. ...
Hack the Future Keren Elazari This talk is about inspiring hackers to be the change agents of the future, with ...
Dropping hell0days: Business Interaction for Security Professionals - Or Anyone Else Elliot Johnson This talk is focused on how to better interface with the business leaders of your ...
Unspeakable Passwords: Pronounceable or Diceware Jeffery Goldberg Jeff Goldberg from AgileBits (1Password) will discuss the pros and cons of pronounceable random passwords ...
Getting the data out using social media Dakota Nelson , Gabriel Butterick , Byron Wasti You’ve made it into the network - but can you get data out? Today’s Internet ...
When steganography stops being cool David Sancho The art and science of concealing stuff inside other stuff is what we know as ...
Leading in a "Do"-ocracy Tim Krabec , Tod Beardsley , Chris Nickerson , Beau Woods What is a "do"-ocracy, and what does it take to lead one? While some people ...
Practice Safe Cyber: The Miseducation of American Students on Internet Safety Vivienne Pustell What students are told to watch out for online: sexual predators. What they should actually ...
State of Medical Device Cyber Safety Scott Erven , Beau Woods Beau and Scott will give an overview of the medical device space and talk about ...
Check That Certificate Jacob Jernigan , Andrew Sorensen Why are developers frequently disabling certification validation in their software? Is it because they are ...
#radBIOS: Wireless networking with audio Richo Healey Wireless comms nearly always focus on the EM spectrum- RF, microwave, even laser. But what ...
An introduction of the Kobra, a client for the Badger version 2.0, providing tactical situational awareness, physical tampering protection, and automatic process mitigation Kobra Devices , Preventing Process Forking , And Disk. Ahmed Fawaz,Edmond Rogers,William Rogers
Pentesting with Docker Tom Steele Docker allows us to run processes in "isolated" containers. Logically, we can think of containers ...
Pushing on String: Adventures in the 'Don't Care' Regions of Password Strength Cormac Herley The gap between the effort needed to withstand online and offline password guessing attacks is ...
The Internet of ... Mainframes?! WTF? Soldier Of Fortran In early 2013 Soldier of Fortran had an idea. What if there were mainframes on ...
Analogue Network Security Winn Schwartau In 1973, the Bell-Lapadula security model was introduced and is fundamentally still how security is ...
Exploit Kit Shenanigans: They’re Cheeky! Ryan J. Chapman The “Exploit Kit Shenanigans: They’re Cheeky!” workshop will consist of attendees pulling apart a few ...
Violent Python Sam Bowne Even if you've never programmed before, you can quickly learn how to make simple hacking ...
The Journey To ICS Larry Vandenaweele The goal of the talk is to provide a starting point for security professionals that ...
How can we ensure safer Medical Devices? Scott Erven , Beau Woods The goal is to identify 2-3 good projects with strong support and leadership in the ...
What would fix passwords? Some weekly password audits. Pretty graphs to prove it! (A Haiku) Rick Redman , Dale Corpron KoreLogic will demonstrate how one enterprise was able to dramatically minimize their risk posed by ...
Catching Linux Post-Exploitation with Auditd Eric Gershman Many Linux administrators are required to deploy Auditd in order to meet government or industry ...
I Amateur Radio (And So Can You!) Kat Sweet Ham radio: it’s the 100 year-old technology that refuses to die. Whether you’re a wireless ...
NSA Playset: Bridging the Airgap without Radios Michael Leibowitz This talk introduces a new entrant into the NSA Playset: BLINKERCOUGH. BLINKERCOUGH is a C&C ...
Don’t hate the Disclosure, Hate the Vulnerability: How the government is bringing researchers and vendors together to talk vulnerability disclosure. Allan Friedman Good information security policy requires addressing a myriad of complicated, inter-related issues, while still adhering ...
What's New Pussycat: Recent Improvements to Powercat Mick Douglas , Luke Baggett Powercat allows testers to accurately replicate a variety of sophisticated command and control techniques used ...
Breachego Christian Heinrich , Daniel Cuthbert This presentation will demonstrate a large number of Maltego Remote Transforms that achieve a significant ...
Adding +10 Security to Your Scrum Agile Environment Josh Louden Scrum agile development is one of the many methodologies in which software can be developed. ...
How to WCTF Russell Handorf Ever wanted to compete in the Wireless Capture the Flag but didn't know if you ...
State of Automotive Cyber Safety Josh Corman Josh and Craig will give an overview of the Automotive space and talk about the ...
Tell Me Who You Are, and I Will Tell You Your Lock Pattern Marte Løge You are predictable, your passwords are predictable, and so are your PINs. This simple fact ...
Fight back – raising awareness @infosec Petri Koivisto Why do we need security awareness? Apps/tools/services are under constant research (read: hacking) every day. ...
How Portal Can Change Your Security Forever Katrina Rodzon When used correctly gamification can be one of the most effective tools for changing behavior ...
Crema: A LangSec-inspired Language Jacob Torrey We discuss the potential for significant reduction in the size and complexity of verification tasks ...
Hacking Our Way Into Hacking Kat Sweet It may seem like everyone in infosec has always been a hacker. However, many of ...
Scrutinizing WPA2 Password Generating Algorithms in Wireless Routers Eduardo Novella This presentation discusses a strategy for reverse-engineering router firmware to analyze algorithms used to generate ...
What the heck is this radio stuff, anyway? Nick Kartsioukas This talk will give the basics of radio frequency communication, to provide a foundation upon ...
How can we ensure safer Automobiles? Josh Corman The goal is to identify 2-3 good projects with strong support and leadership in the ...
Poppin' (Digital) Locks Devin Egan This presentation demonstrates how open source tools can be used to bypass modern digital locks ...
SIEMple technology Bill Davison This talk will go through the steps that should be considered when implementing a solution ...
Your Electronic Device, Please: Understanding the Border Search Exception & Electronic Devices Whitney Merrill Border searches are an exception to the Fourth Amendment’s warrant requirement. The border search exception ...
Angler Lurking in the Domain Shadows Nick Biasini A new technique has been discovered being leveraged by Angler Exploit Kit in the wild. ...
Making & Breaking Machine Learning Anomaly Detectors in Real Life Clarence Chio Machine learning techniques used in network intrusion detection are susceptible to 'model poisoning' by attackers. ...
Stress, Burnout, Rinse, Repeat Jack Daniel , Martin Mckeay , Chris Sumner , Josh Corman , Scott Thomas , P0lr Stories of burnout in tech professionals are not rare, particularly in security pros. Building on ...
Privileges in the Real World: Securing Password Management Andrey Dulkin This presentation presents insights from a recently-conducted study on the exposure of networks to credential ...
How I learnt hacking in highschool Lokesh Pidawekar One can not start attacking systems in the wild to try new hacking technique. Hacking ...
Radare2 an open source reverse engineering framework Anton Kochkov , Maxime Morin Radare2 is a complete framework dedicated to reverse engineering. Written in C, completely portable, and ...
You Hack, We Capture: Attack Analysis with Honeypots Ioannis Koniaris Honeypots are systems aimed at deceiving malicious users or software that launch attacks against the ...
Introduction to the Career Track Josh Marpet Introducing the event and presenting general interviewing tips
Security Questions Considered Harmful Jim Fenton Many sites require users to provide answers to "security questions," which are typically used as ...
ZOMG It's OSINT Heaven! Tazz Tazz Tazz, also once tagged as an “Internet Mall Cop” by a 16-year old know-it-all, will ...
WhyMI so Sexy? WMI Attacks, Real-Time Defense, and Advanced Forensic Analysis William Ballenthin , Matthew Graeber , Claudiu Teodorescu Windows Management Instrumentation (WMI) is a remote management framework that enables the collection of host ...
A hackers guide to using the YubiKey - how to add inexpensive 2-factor authentication to your next project. Russ Gritzo The YubiKey is a small, relatively inexpensive, USB hardware crypto token that can be used ...
Have I seen you before? Daniel Reich , Maxim Pevzner Logs! Packets! NetFlow! So much data but yet we struggle to wade through the volumes ...
All You Need Is One: A ClickOnce Love Story Ryan Gandrud , Cody Wass ClickOnce is a deployment solution that enables fast, easy delivery of packaged software. It is ...
Being the Paid Expert in the Room: Consulting for a Company or On Your Own Beau Woods N/A
It’s All Geek to Me Chris Pogue N/A
I Forgot My Password Michal Špaček Users often forget their passwords, so applications often must have a password reset mechanism. There ...
Classic Misdirection: Social Engineering to Counter Surveillance Peter Clemenko Good OPSEC is not enough, sometimes you're already being watched. Sometimes good OPSEC goes wrong ...
WiFi Pineapple: Winning the WiFi Battlefield Sebastian Kinne , Darren Kitchen Why crack the network when you can be the network? Join Sebastian Kinne and Darren ...
Phishing: Going from Recon to Credentials Adam Len Compton , Eric Gershman This presentation will quickly explore some of the common phishing attack tools and techniques. Additionally, ...
TAPIOCA (TAPIOCA Automated Processing for IOC Analysis) Ryan J. Chapman , Moses Schwartz These days, many security groups want to become "intel shops,” and threat intelligence is all ...
Haking the Next Generation David healwhans Schwartzberg Kids are wired to learn. They are learning while they are playing, so why not ...
Who Watches the Watchers? Metrics for Security Strategy Michael Roytman Security Metrics are often about the performance of information security professionals - tranditional ones are ...
Harvesting Passwords from Source Code, Scripts, and Code Repositories Philippe Paquet This presentation will discuss post-exploitation methods for harvesting passwords from source code, scripts, code repositories, ...
Bio-Hacking: Implantable chip attack vector Rod Soto , Seth Wahle Implantable electronic devices are becoming more common nowadays. Specifically subdermal implants are now being used ...
Did you make a difference today? Kevin Mcdonald We will explore options for finding purpose and meaning in your security career and the ...
Social Media in Incident Response Program Joetta Lesueur In an age of darkness, a world full of fear, we must have those that ...
Better Spectrum Monitoring with Software Defined Radio Michael Ossmann Many of the current crop of SDR platforms support a very wide range of operating ...
Backdooring MS Office documents with secret master keys Yoshinori Takesako , Shigeo Mitsunari Recent MS Office documents are normally encrypted very strongly, making them difficult to brute force. ...
Advancing Internet Security Research with Big Data and Graph Databases Andrew Hess The OpenDNS IntelDB is a graph database system that captures and stores all security-related data ...
Towards Standardizing Comparisons of Password Guessability Blase Ur , Sean Segreti This talk compares the performance of numerous guessing approaches and human experts to understand how ...
Cats and Mice - Ever evolving attackers and other game changers Eric Kmetz After a couple years working in various tech-related industries Eric found himself in the Social ...
Welcome back, Emcee sets tone for the afternoon Josh Marpet N/A
Stronger Password-Based Encryption Using I/O Hardness Greg Zaverucha Password-based encryption needs all the help it can get to withstand brute-force attacks. We repurpose ...
FAA, FTC, FCC - FU: How Three F'ing Agencies are Shaping Info Sec Elizabeth Wharton A look at three "F'ing" government agencies whose recent oversight and regulatory actions are shaping ...
Wi-Door - Bind/Rev Shells for your Wi-Fi Vivek Ramachandran The Windows Hosted Network provides a way to share your Wi-Fi connection. Unfortunately, this feature ...
Building an Empire with PowerShell Will Schroeder , Justin Warner Offensive PowerShell had a watershed year in 2014. But despite the multitude of useful projects, ...
Yes, you too can perform daring acts of Live Acquisition. D0n Quix0te In this talk D0n Quix0te will discuss scripting of common Windows forensics utilities for Live ...
Fishing To Phishing - It’s all about slimy creatures. Wayne Crowder Hacking a fish finder should be something that hasn't been seen or talked about. The ...
Intro to Data Science for Security Rob Bird , Alex Shagla-mckotch In this workshop, students will learn basics of data science as they apply to analyzing ...
Android App Security Auditing Sam Bowne Students will set up an environment that makes it easy to test Android apps for ...
Open Up A Can of OSINT On 'Em Tim Helming There's a great deal that you can learn about online adversaries using Open Source Intelligence ...
Prize for the worst story, audience vote by applause Kris Rides N/A
Auth for Encrypted Services with Server Side APT Steve Thomas This presentation will discuss several bad designs for encrypting data stored in the cloud, and ...
+10 Knowledge: Sharing What You Learn For the Benefit of the Everyman. Ashley Miller Does what we teach and share reach beyond our community and into the every-day life ...
Blind Hashing Jeremy Spilman Dubbed 'Security by Obesity' on Reddit, Blind Hashing entangles password hashes with a massive pool ...
Maximizing Bro Detection John B. Althouse Bro is an open source traffic analysis tool mainly deployed in Universities. This talk will ...
Software-Defined Radio Signal Processing with a $5 Microcontroller. Jared Boone Can you do useful software-defined radio work without hauling around your monster Core i7 laptop? ...
For love of country: 15 years of Security Clearance Decisions Kevin Tyers A look at 15 years of security clearance adjudication data in order to gain some ...
Insider Tricks for Bug Bounty Success Phil Purviance If you are new to Bug Bounties, learn how to start reporting bugs for cash. ...
PBKDF2: Performance Matters Joseph Birr-pixton Structural problems in how PBKDF2 was originally described mean almost all implementations give attackers an ...
Embedding Web Apps in MITMProxy Scripts Chris Czub MITMProxy is a popular open source Python-based HTTP(S) interception proxy. The developers have recently added ...
All Your RFz Are Belong to Me – Software Defined Radio Exploits Balint Seeber SDR can be used to accomplish a many varied thing in the wireless world, from ...
Sue the Fed, Hack your FBI File Caitlin Kelly Henry “Sue the Fed, Hack Your FBI File” will be a presentation and chance for Q&A ...
Life at a Startup, Tales From the Trenches: The Good, the Bad and the Ugly Josh Marpet N/A
It’s Not Just Your Answer: Hacking Tech Interviews Adam Brand You don’t need to be a walking search engine to win at security tech interviews. ...
Infosec careers, myth vs. reality Heather Pilkington Many people say that they want careers in information security, often latching onto the stories ...
Password Alert by Google Drew Hintz Password Alert is a free, open-source Chrome extension that protects your Google and Google Apps ...
What Lurks in the Shadow Cheryl Biswas What Lurks in the Shadow: Addressing the Growing Security Risk of Shadow IT & Shadow ...
Remote Access, the APT Ian Latter ThruGlassXfer (TGXf) is a new and exciting technique to exfiltrate files from a computer through ...
Rethink, Repurpose, Reuse... Rain Hell Michael Zupo What Hacker doesn’t like james bond type gadgets? Like the all in one, one in ...
No More Fudge Factors and Made-up Shit: Performance Numbers That Mean Something Russell Cameron Thomas This session presents a credible and powerful method to estimate an aggregate performance index from ...
Actionable Threat Intelligence: ISIS, SuperBall, SuperFish, and your less magical 8-ball Ian Amit Threat intelligence. You keep using that term. I'm not sure it means what you think ...
Some things you just can’t find on Google. Matt Duren , Brian Sheridan You know it’s important to ask questions to your interviewers, but you need to make ...
No More Graphical Passwords Mark Burnett What have we accomplished with passwords in the last fifty years? Embarrassingly little. We are ...
Out of Denial: A 12-Step Program for Recovering Admins Paul Lee With massive data breaches being announced almost daily, the number of IT professionals moving into ...
Longevity in InfoSec – Turning Passion into Expertise & Respect Tony Ucedavelez Whether your transitioning from another industry sector or one akin to InfoSec (like IT) or ...
Common Mistakes that Engineers make while Interviewing in a “Hot” market Sinda Allen What not to say, but if you do - how to change it into a ...
How Secure Are Multi-Word Random Passphrases? Bruce K. Marshall Passphrases in the style of XKCD 936 or Diceware have gained popularity, but are they ...
Why We Can't Have Nice Things: Original Research on Conflict Resolution Styles in Information Security & Risk Management Rachael Lininger Conflict can be a good thing, really. Without it, we get groupthink and dumbass decisions. ...
Why does InfoSec play bass? And other observations about hacker culture. Adrian Sanabria Shortly after I was convinced to join Twitter and get engaged with the security community, ...
AI and CND - implications for security in the era of Artificial Intelligence Dan Mitchell The purpose of this talk will be to illuminate, promote and create awareness for the ...
Crash The IoT Train Yourself: Intentionally Vulnerable WRT (IV-WRT) Paul Asadoorian , Nick Curran This presentation will discuss the previously-unreleased firmware distribution called “Intentionally Vulnerable WRT (IV-WRT)”. IoT, or ...
Ask the EFF Kurt Opsahl , Nate Cardozo , Nadia Kayyali "Ask EFF" will be a panel presentation and question-and-answer session with several staff members of ...
Are You Sure That You Still Need Passwords? Björn Pirrwitz , Daniele Vantaggiato Our mission is to remove username/password from internet. We are fools enough to think that ...
Serial Box - Primer for dealing with Serial and JTAG for basic hardware hacking Matthew Jakubowski While serial interfaces and tools to easily make use of them are more widespread than ...