BSidesSanFrancisco 2017 Feb. 12, 2017 to Feb. 13, 2017, san francisco,usa

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
Illusion vs Reality: An FBI Agent’s take on how private sector realities are masked by government sector illusions of intelligence sharing, public-private partnerships and best practices Jason Truppi I will be sharing illusions and realities that I have observed as a veteran FBI ...
Lockpick Village Christine Bachman , Robert Hermes Villagers
Spymaster Challenge Brandon Enright , Matthew Valites Like to pick locks? Think you have what it takes to escape? Come join Cisco's ...
Resume Rewriting Peerlyst Peerlyst volunteers will help you improve your resume and re-write it with you. Make sure ...
DNS attacks, a history and overview Nick Mckenna An outline of the often overlooked applications of DNS attacks both hypothetical and as they ...
Reducing “Mixtape to Master Key” Scenarios: How to block the Dark Army from mayhem using API-driven access control Aren Sandersen After tenure of a year or two at many companies, a senior engineer’s access level ...
Building an Effective Intrusion Detection Program Jason Craig Modern breaches are often undetected for hundreds of days. Effective intrusion detection doesn't need to ...
Assessing the Embedded Devices On Your Network David Tomaschik Embedded devices (including the so-called Internet of Things) pose unique problems for those responsible for ...
Make Alerts Great Again Daniel Popescu Why can’t this be easier? Writing good alerts and keeping them actionable is hard. Ask ...
Weathering the Storm: The Art of Crisis Communications Jen Ellis , Josh Feinblum How do you react during a crisis? Working in security, the unfortunate reality is that ...
Exploiting Broken Webapps Niru Ragupathy , David Tomaschik Limited Capacity full Adding this to your schedule will put you on the waitlist. Web ...
Security through Visibility: Organizational Communication Strategies for InfoSec Teams Katie Ledoux As organizations scale, collaborating with the rest of the business can become increasingly complicated for ...
BeyondCorp: Beyond “fortress” security Neal Mueller Almost every company today uses some variation of the firewall, or “fortress,” model to enforce ...
Better SSH management with ephemeral keys Vivian Ho , Chris Steipp SSH is a great, safe protocol that almost everyone uses for managing their servers and ...
Live Dissection: Anatomy of a Browser Based Botnet Ilya Nesterov Browser based botnets are used for various types of attacks; from application DDoS to credentials ...
The Cyber Insurance Emperor Has No Clothes Russell C. Thomas Conventional wisdom: cyber insurance improves incentives and if everybody had it we would get better ...
Advanced Internet dataset combinations for #ThreatHunting & Attack Prediction Arian J Evans , Steve Ginty Have you ever had to look up an IP address, domain name, or URL to ...
Linux Monitoring at Scale with eBPF Brendan Gregg , Alex Maestretti The latest Linux kernels have implemented a Berkeley Packet Filter (BPF) virtual machine which can ...
How to Build a Security Team and Program E. Coleen Coolidge I will share how I was able to build a security team and program from ...
Tired of Playing Exploit Kit Whack-A-Mole? Let's automate Anjum Ahuja Exploit Kits (EKs) have been very successful in delivering tailor made exploits and spreading malware. ...
Should I Pay or Should I Go? Game Theory and Ransomware Tony Martin-vegue Ransomware infections are nasty and potentially devastating events that can cripple large companies and home ...
Ask the EFF Kurt Opsahl , Nate Cardozo , Gennie Gebhart , Erica Portnoy , Jamie Lee Williams Ask the EFF is a Q&A panel with EFF staffers, with short presentations on EFF's ...
Swimming Upstream: Regulation vs Security Robert Wood Companies that operate in heavily regulated industries oftentimes run into conflicting directives around tactical decisions ...
Witchcraft Compiler Collection : Towards programs self awareness Jonathan Brossard With this presentation, we take a new approach to reverse engineering. Instead of attempting to ...
How Secure are your Docker Images? Manideep Konakandla This presentation extracts few points from CIS Docker 1.12 benchmark which was co-authored by me. ...
Fighting Email Phishing with a Custom Cloud IDS Dan Borges Phishing is one of the largest and most difficult challenges for any enterprise security team. ...
Five Keys to Building an Application Security Program in the Age of DevOps Tim Jarrett Security’s goal of minimizing enterprise risk sometimes seems to be at odds with development’s mandate ...
#securityselfie (size up your appsec program with new metrics) Jim O'leary Hacking around to find cool bugs is one thing; securing a codebase is another. How ...
When Bandit(s) Strike - Defend your Python Code Travis Mcpeak Bandit is an open-source tool designed to discover common security flaws in Python code. Although ...
Exploiting Websites Hands-On Sam Bowne Limited Capacity full Adding this to your schedule will put you on the waitlist. Exploiting ...
Opinionless Enforcement of Opinions on Operational Secrets Jonathan Freedman The problem with providing unopinionated tools to a wide range of developers with minimal hand ...
Securing Kubernetes Jesse Endahl The talk will begin with an overview of Kubernetes concepts and individual components. Next, I ...
AtomBombing: Injecting Code Using Windows’ Atoms Udi Yavo , Tal Liberman In this talk we present a code injection technique, dubbed AtomBombing, which exploits Windows atom ...
Hijacking .NET to Defend PowerShell Amanda Rousseau You need to have the mind of a hacker to know how to defend. With ...
Bypassing malware analysis sandboxes is easy, let’s discuss how they are doing it and why it works Michael Gough Have you ever received a piece of malware and wanted to know what it did? ...
Access Control with Concierge: One Tool to Rule Them All Karthik Rangarajan A lot of startups, like the one I work in, use a lot of third-party ...
Look Ma, No Hands! - Decentralizing security for scale Chris Dorros What does your security operations team look like? A bunch of folks sitting in a ...
Does DoD Level Security Work in the Real World? Jeff Man After spending nearly 13 years working for the Department of Defense, I ventured out into ...
The Underground Economy of Apple ID Claud Xiao Apple ID is the keystone of all services and apps running on Apple platforms. It ...