BSidesLasVegas 2016 Aug. 2, 2016 to Aug. 3, 2016, las vegas,usa

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
Doxing yourself through FOIA: understanding agency data structures to reverse engineer FOIA requests. Caitlin Kelly Henry This workshop will teach you to Dox yourself or a subject using the Freedom of ...
Mobile App Attack Sneha Rajguru This full-fledged hands-on training will get the attendees familiar with the various Android as well ...
Opening Keynote Pt. I & II Lorrie Faith Cranor , Michael Kaiser Join us for our opening Keynote's one-two punch, when Lorrie Cranor, Chief Technologist at the ...
PvJ CTF Dichotomy The Pros V Joes CTF is an event where the average Joe can have a ...
Hire Ground - Opening Remarks Jack Daniel Jack Daniel kicks off the Hire Ground track by sharing his own career story and ...
IATC Introduction and Overview Joshua Corman I Am The Cavalry track kicks off with an introduction to the topics and overview ...
Network Access Control: The Company-Wide Team Building Exercise That Only You Know About Wendy Nather , Dean Webb Although the first word in NAC is "Network", NAC involves many other technologies - and ...
Managing Security with the OWASP Assimilation Project. Alan Robertson IT shops have trouble reliably doing the basics well: 30% of all break-ins come through ...
Toward Better Password Requirements Jim Fenton While we often discuss examples of poor password requirements, it’s also useful to consider a ...
Data Science or Data Pseudo-Science? Applying Data Science Concepts to Infosec without a PhD Ken Westin Looking to learn how to apply fuzzy linear Bayesian regression entropy clustering to your security ...
What Snowden and I Have in Common - Reflections of an ex-NSA Hacker Jeff Man NSA takes very seriously its mandate to do “what NSA does” against foreign entities and ...
Shall We Play A Game? 30 Years of the CFAA Tod Beardsley , Nate Cardozo , Jen Ellis , Cristin Goodwin , Leonard Bailey 2016 marks the 30th anniversary of the Computer Fraud and Abuse Act (CFAA), the main ...
Lock Pick Village Steve Pordon Join us from 1000 to 1845 on Tuesday and Wednesday to learn all about lock ...
Calling All Hacker Heroes: Go Above And Beyond Keren Elazari So you've taken the red pill, realized the cavalry isn't coming, and you know it's ...
Intro to Storage Security, Looking Past the Server Cheryl Biswas , Jarett Kulm Data is all around us. We tend to overlook where & how it is stored ...
Are You A PenTexter? Open-Sourcing Pentest Reporting and Automation. Melanie Rieback , Peter Mosmans This talk will announce a new OWASP project: PenText, a fully open-sourced XML-based pentest document ...
Deep Adversarial Architectures for Detecting (and Generating) Maliciousness Hyrum Anderson Deep Learning has begun to receive a lot of attention in information security for detecting ...
Navigating Different Career Paths in Security Lorrie Faith Cranor Lorrie is now the Chief Technologist for the FTC and has a great career in ...
Panel: Progress On Cyber Safety Chris Nickerson , Michael Mcneil , Beau Woods , Frank Barickman , Saša Zdjelar Cyber Safety industries (Medical, Automotive, Home, and Public Infrastructure) have come a long way in ...
What's Up Argon2? The Password Hashing Winner A Year Later Jp Aumasson Argon2 is the winner of the Password Hashing Competition (PHC), as announced in July 2015. ...
Automation of Penetration Testing and the future Kevin Riggins , Haydn Johnson The push for automation and commoditization is changing penetration testing as we know it. And ...
Cruise Line Security Assessment OR Hacking the High Seas Adam Brand , Chad M. Dewey The purpose of taking a cruise is to relax and enjoy some much needed time ...
Rock Salt: A Method for Securely Storing and Utilizing Password Validation Data Arnold Reinhold Rock Salt™ is a method for storing and accessing password verification data on multi-user computer ...
Welcome to The World of Yesterday, Tomorrow! Joel Cardella 30 years ago, the United States suffered a pivotal moment within our space program when ...
Flaying out the Blockchain Ledger for Fun, Profit, and Hip Hop Andrew Morris If somebody tweets about having $15 million dollars worth of Bitcoin stolen, how hard would ...
Active Incident Response Brian Candlish , Christian Teutenberg Description withheld at presenter's request.
Breaking the Payment Points of Interaction (POI) Nir Valtman , Patrick Watson The payment industry is becoming more driven by security standards. However, the corner stones are ...
Cyber Safety And Public Policy Allan Friedman , Jen Ellis , Suzanne Schwartz , Amanda Craig Security research has had some clear wins in the past year, but if you weren’t ...
How to securely build your own IoT enabling embedded systems: from design to execution and assessment Jens Devloo , Vito Rallo The Internet of Things (IoT) is the next Internet revolution that aims at interconnecting devices ...
Security Vulnerabilities, the Current State of Consumer Protection Law, & how IOT Might Change It Chris Eng , Wendy Everette If a consumer purchases software (like, perhaps, a word processor or a note taking software) ...
How to Get and Maintain your Compliance without ticking everyone off Drbearsec , Rob Carson How often do we strive for perfect compliance only to realize it’s never going to ...
What we've learned with Two-Secret Key Derivation Jeffrey Goldberg , Julie Haugh Video 1 "Chena creates team, signs up, save Emergency Kit" (MP4, 119.1MB) Video 2 "Chena ...
Exposing the Neutrino EK: All the Naughty Bits Ryan J. Chapman The Angler Exploit Kit (EK) is now dead. In the wake of Angler's death, Neutrino ...
Defeating Machine Learning: Systemic Deficiencies for Detecting Malware Ryan Peters , Wes Connell Malware detection tools have evolved significantly over the last several decades in response to increasingly ...
Generation C: "Hacker" Kids and the Innovation Nation Andrea m. Matwyshyn Our society currently suffers from two moral panics - the fear of losing our global ...
Beyond the Tip of the IceBerg -- Fuzzing Binary Protocol for Deeper Code Coverage. Mrityunjay Gautam , Alex Moneger Some fuzzers are blackbox while others are protocol aware. Even the ones that are made ...
State Of Healthcare Cyber Safety Jay Radcliffe , Christian quaddi Dameff , Beau Woods , Suzanne Schwartz , Colin Morgan A year ago a predominant mode of thinking was that “nobody would ever hurt patients; ...
#recruiterfail vs #candidatefail Matt Duren There exists a tremendous lack of understanding between both candidates and recruiters regarding the job ...
State Of Automotive Cyber Safety Joshua Corman , I Cavalry It’s been two years since I Am The Cavalry launched the 5-Star Automotive Cyber Safety ...
How to Become "The" Security Pro Javvad Malik Three security professionals walk into a bar: A Security Pro, THAT Security Pro and THE ...
I Love myBFF (Brute Force Framework) Kirk Hayes This presentation will feature the release of a new open source tool which combines fingerprinting ...
Pushing Security from the Outside Kat Sweet , Chris Deweese In this talk I will discuss my experiences in furthering security in my company from ...
How to travel to high-risk destinations as safely as possible Ryan Lackey While the best security advice about dangerous locations is often "don't be there", travel is ...
Why it's all snake oil - and that may be ok Pablo Breuer Every few years, security vendors entice us with “next generation” security products with 0day detection ...
An Adversarial View of SaaS Malware Sandboxes Jason Trost , Aaron Shelmire Anyone attending this conference knows the usefulness of running malware in a sandbox to perform ...
Operation Escalation: How Commodity Programs Are Evolving Into Advanced Threats Israel Barak Companies shouldn’t be so quick to dismiss low-level threats like adware, click-fraud malware and other ...
Evaluating a password manager Evan Johnson Password managers are a really polarizing topic. Lets come together for a while and talk ...
DNS Hardening - Proactive Network Security Using F5 iRules and Open Source Analysis Tools Dave Lewis , Jim Nitterauer DNS is the engine that drives the Internet. Almost all Internet activity makes use of ...
Why does everyone want to kill my passwords? Mark Burnett We get it, passwords are a problem. They're a pain to remember, they're always too ...
DYODE: Do Your Own DiodE for Industrial Control Systems. Arnaud Soullie , A Kokos While data diodes have been used for a long time on classified networks, the high ...
How to make sure your data science isn’t vulnerable to attack Leila Powell Using the example of vulnerability data, this talk is about what happens when data science ...
Ingress Egress: The emerging threats posed by augmented reality gaming. Andrew Brandt Augmented reality gaming's first breakout hit has millions of players, and a "game board" that ...
CFPs 101 Tottenkoph , Michael A. Ortega , Guy Mcdudefella Have you ever wondered why CFP reviewers drink so much? Are you tired of having ...
How to Stand Out to Talent Acquisition Tara Griesbach Do you ever wonder what talent acquisition professionals look for in candidate profiles? Do you ...
The New Hacker Pyramid Myrcurial , Genevieve , Security Intern , Wintr , Coolacid That’s right, The New Hacker Pyramid is back again at BSidesLV for 2016. Be in ...
Pentesting Industrial Control Systems : Capture the Flag! Arnaud Soullie There is a lot of talking about ICS, SCADA and such nowadays, but only few ...
Ground Truth Keynote: Great Disasters of Machine Learning Davi Ottenheimer This presentation sifts through the carnage of history and offers an unvarnished look at some ...
Hacking Is Easy, Hiring Is Hard: Managing Security People Mike Murray The common view of management is that it's easier than reverse engineering. This talk will ...
IATC Day 2: Introduction and Overview Joshua Corman , Beau Woods Welcome back! We will recap yesterday’s session, as well as set the agenda and overview ...
Mapping the Human Attack Surface Master Chen , Louis Divalentin Organizations often generate attack surfaces but fail to include the most susceptible link, the Human. ...
Hunting high-value targets in corporate networks. Josh Stone , Patrick Fussell So you got into a network, but now what? You might be swimming in a ...
Crafting tailored wordlists with Wordsmith Sanjiv Kawa , Tom Porter Standard wordlists such as Uniq and Rockyou are great when used with a variety of ...
Don't Repeat Yourself: Automating Malware Incident Response for Fun and Profit Kuba Sendor Even for a larger incident response team handling all of the repetitive tasks related to ...
A Noobs Intro Into Biohacking, Grinding, DIY Body Augmentation Johnny Xmas , Doug Copeland Controlling devices through implanted chips used to be purely science fiction. Now, through the efforts ...
Uncomfortable Truths Joshua Corman , Beau Woods , I Cavalry This facilitated discussion will outline some uncomfortable truths about securing safety-critical systems. Is information security ...
No Silver Bullet. Multi contextual threat detection via Machine Learning. Rod Soto , Joseph Zadeh Current threat detection technologies lack the ability to present an accurate and complete picture of ...
Powershell-Fu – Hunting on the Endpoint Chris Gerritz Hunting is the art of searching for badness and unauthorized activity on our own systems ...
Stop the Insanity and Improve Humanity: UX for the Win Rachael Lininger , Robin Burkett What is UX? Why is it important in cybersecurity? We have a problem in our ...
Making Password Meters Great Again Adam Caudill Password meters have become ubiquitous, some are decent, but the majority are actually harmful. While ...
Survey says… Making progress in the Vulnerability Disclosure Debate Allan Friedman , Jen Ellis , Amanda Craig The vulnerability disclosure debate isn’t new. But as more vendors realize that they are software ...
Owning Your Career on a Daily Basis John Darrow , John Mcclintock , Amazon The only person who is truly responsible for your career advancement is you. From the ...
There is no security without privacy Christopher Payne , Craig Cunningham I believe I can demonstrate that privacy helps security and that the choice of "privacy ...
Why Can't We Be Friends? Russ Description withheld at presenter's request.
Domains of Grays. Eric Rand One of the most consistently reliable means for an attacker to gain access to an ...
Labeling the VirusShare Corpus: Lessons Learned John Seymour A machine learning researcher needs a nice dataset to work with, but all of the ...
Proactive Password Leak Processing Bruce K. Marshall An average person on the Internet reuses their same password across multiple sites more often ...
Improving Your Personal Value Proposition to Take that Next Step in Your Career Scott Takaoka , Versprite For many penetration testers and other security professionals, making yourself more attractive to employers or ...
You Don't See Me - Abusing Whitelists to Hide and Run Malware Richo Healey , Michael Spaling This talk will outline a method for exploiting security software with a focus on unauthorized ...
Automated Dorking for Fun and Pr^wSalary Ming Chow , Filip Reesalu A dork is a specialized search engine query which reveals unintentional data leaks and vulnerable ...
Modeling Password Creation Habits with Probabilistic Context Free Grammars Matt Weir People are not good at being unpredictable. It’s common knowledge that with passwords certain words ...
The Future of BSides David Mortman , Jack Daniel , Mike Dahn , Thomas Fischeer , Michelle Klinger , Genevieve Southwick This event represents the 271st BSides event since the first one was held at a ...
Determining Normal: Baselining with Security Log and Event Data Derek Thomas Take a look at almost every log management best practice guide and you will find ...
How to Rob a Bank – or The SWIFT and Easy Way to Grow Your Online Savings Account Cheryl Biswas Bank heists make great stories. And this year, we got some really good stories to ...
Six Degrees of Domain Admin - Using BloodHound to Automate Active Directory Domain Privilege Escalation Analysis Rohan Vazarkar , Will Schroeder , Andy Robbins Active Directory domain privilege escalation is a critical component of most penetration tests and red ...
Hands-on Cryptography with Python Sam Bowne Learn essential concepts of cryptography as it is used on the modern Internet, including hashing, ...
Latest evasion techniques in fileless malware Andrew Hay , Virginia Robbins This talk will dive into latest file-less malware, how such types of malware can hide ...
Hacking Tech Interviews Adam Brand Tech interviews can be tricky, but can also be hacked. What you do before, during, ...
PLC for Home Automation and How It Is as Hackable as a Honeypot Scott Erven , Philippe Lin The talk is about how to make PLCs work of your home automation and work ...
Passphrases for Humans: A Cultural Approach to Passphrase Wordlist Generation Florencia Herra-vega , Skylar Nagao The idea of using passphrases for storing stronger secrets has been around since at least ...
Hacking Megatouch Bartop Games Mark Baseggio In this talk Mark will discuss the latest in his fixation with hacking antiquated and ...
CyPSA Cyber Physical Situational Awareness Edmond Rogers , Katherine Davis CyPSA is primarily being developed to serve critical infrastructure in the electric industry, but, CyPSA ...
That Which Must Not Be Spoken Of: A Personal Look at Mental Health in Infosec Jay Radcliffe , Joel Cardella Sullen, Moody, Anti-Social, Awkward, Outcast, Misfits. Our people right? The heart and soul of the ...
Is that a penguin in my Windows? Spencer Mcintyre One of the latest features coming out in Windows is the new Windows Subsystem for ...
Exploiting the Recruitment Process Jason Frank , Doug Munro When hunting for your dream job in information security, companies are going to evaluate your ...
Automation Plumbing Kyle Maxwell , Ashley Holtz There are many tools available to automate various security and forensics tasks. This talk will ...
PeerLyst Meet and Greet Peerlyst Come and meet the Peerlyst community and find out why you maybe should be a ...
IATC Closing Joshua Corman So long and thanks for all the fish. We will recap the two day session, ...
Common Mistakes Seen in Interviews Kris Rides , Matt Duren , Michael Dierick , Daniel Harbison , Deena Hetfield Interviews can be intimidating, frustrating and sometimes pretty boring. From our panel of recruiters, you ...
Digging into SIEM Alerts with Visual Graph Analytics Jeff Bryner , Paden Tomasello Our responsibilities are expanding to include larger infrastructures, more applications, and a multitude of security ...
PAL is your pal: Bootstrapping secrets in Docker Nick Sullivan Many services that run in Docker containers need to have highly sensitive secrets installed on ...
An Evolving Era of Botnet Empires Andrea Scarfo Botnets are part of the dynamic infrastructure seen in modern large scale cyber attacks, spy ...
Dominating the DBIR Data Gabriel Bassett , Anastasia Atanasoff Data-driven security is all the rage. But what is the data? Is it a concrete ...
Stealing Food From the Cat's Mouth Vitaly Kamluk Description withheld at presenter's request.
Building an EmPyre with Python. Will Schroeder , Steve Borosh , Alexander Rymdeko-harvey Many companies are deploying an increasing number of OS X hosts in their corporate networks, ...
Scalability: Not as Easy as it SIEMs Grecs , Keith Kraus Cyber security is a big data problem, the volume and velocity of data from devices ...
Ethical implications of In-Home Robots Guy Mcdudefella , Brittany Postnikoff What can in-home robots do, and what does it take to gain control of one? ...
The Deal with Password Alternatives Terry Gold Many discussions on how to break passwords, but what to do about it? There are ...
Cross-platform Compatibility: Bringing InfoSec Skills into the World of Computational Biology Rock Stevens , Candice Schumann Want to put your hacking skills to good use? We’re talking about the ultimate good ...
QUESTIONING 42: Where is the “Engineering” in the Social Engineering of Namespace Compromises? Vineetha Paruchuri The most expensive domain name thus far in history was stolen in 1995 by sending ...
Why Snowden’s Leaks Were Inevitable Jacob Williams Edward Snowden has been vilified by the US Government while being held out as a ...