bsideslasvegas 2017 July 25, 2017 to July 26, 2017, las vegas,usa

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
Industrial Control System Network Analysis Dennis Murphy Industrial Control Systems (ICS) are the silent machines that control the world all around us. ...
Intro to Practical Network Signature Development for Open Source IDS Francis Trudeau , Jack Mott In “Practical Network Signature Development for Open Source IDS” we will teach expert methods and ...
Cyber Anarchy Watchdog, Emerging Threats / Proofpoint Jason Williams It's time that we became uber-efficient with our interactive policy mobility. This is no time ...
Hands-on OSINT Crash Course for Hackers Chris Kubecka Open source intelligence gathering (OSINT) is an important part of the reconnaissance phase of a ...
Pros vs Joes CTF - Play begins! Dichotomy Staff
Something Wicked: Defensible Social Architecture in the context of Big Data, Behavioral Econ, Bot Hives, and Bad Actors Allison Miller Infosec is a game of 3D speed chess, and we’re on the board moving faster ...
How To Lose Friends and Influence People (An Apology) Josh Corman Through our over-dependence on undependable things, we have created the conditions such that any outlier ...
How To Accidentally Get A Job In InfoSec. Johnny Xmas Johnny Xmas will share with us the story of his extremely tangential path to Infosec, ...
A Day in the Life of a Product Security Incident Response Manager Tyler Townes Public security incidents continue to plague software companies, and each public event brings with it ...
Lockpick Village - Beginner lesson Kat Sweet , Wendy Knox Everette Staff
Hidden Hot Battle Lessons of Cold War: All Learning Models Have Flaws, Some Have Casualties Davi Ottenheimer In a pursuit of realistic expectations for learning models can we better prepare for adversarial ...
GO Forth And Reverse Tim Strazzere GO may not longer be the "newest" language, however it is fairly new in terms ...
Destructive Malware and Interstate Rivalries: The Evolution of Digital Weapons and Geopolitical Conflict Andrea Little Limbago , Mark Dufresne Global stability is more precarious than at any time since the end of the cold ...
Optimizations for Bitcoin key cracking Ryan Castellucci There is a saying in security - "attacks only get better". At DEF CON 23, ...
IATC Kickoff Josh Corman , Keren Elazari , Beau Woods “Our dependence on connected technology is growing faster than our ability to secure it, affecting ...
Banking on Insecurity: The ongoing fairytale of securing financial institutions 3ncr1pt3d So many banks in so little time. We should expect cyber attacks on financial institutions ...
What A Career In Public Service Is Really About Bobbie Stempfley When Bobbie Stempfley graduated with an Engineering degree, she couldn't find a job. Her first ...
From SOC to CSIRT Ben Butz The transition from a Security Operation Center to a Cyber Security Incident Response Team (CSIRT) ...
Deep Learning Neural Networks – Our Fun Attempt At Building One Ladi Adefala There’s a lot of talk about the benefits of deep learning (neural networks) and how ...
Google Apps Scripts Kill Chain Maor Bin Google Apps Scripts is a JavaScript cloud scripting language that provides easy ways to automate ...
Your model isn't that special: zero to malware model in Not Much Code and where the real work lies Hyrum Anderson Deep learning has become pervasive in a plethora of consumer applications. And there are good ...
How to escalate privileges to administrator in latest Windows. Soya Aoyama Attackers hope getting administrator privileges always. If they had get it, they can do anything. ...
Koadic C3 - Windows COM Command & Control Framework Aleph _naught , Zerosum0x0 Koadic, or COM Command & Control, is a Windows post-exploitation rootkit similar to other penetration ...
Measuring the Use and Abuse of Brain Wallets Marie Vasek , Ryan Castellucci Bitcoin brain wallets, were way of turning nothing but a password into a keypair, at ...
Public Policy of Things Jessica Wilkerson Cybersecurity policy is becoming more and more of a hot topic on Capitol Hill, with ...
Navigating the Alternative Facts of Malware Prevention Josh Sokol , Rodrigo Brenes This talk, given by two individuals not linked to any anti-malware vendor, is the result ...
Elastic-ing All the Things - Saving anything at elastic stack and having fun with detections Felipe Esposito , Rodrigo Montoro Millions of events could easily be generated in your network daily. Your devices will generate ...
Extreme Mobile Application Exploitation Sneha Rajguru This full-fledged hands-on workshop will get the attendees familiar with the various Android as well ...
IMSI Catchers And The Happy Yellow Helicopter: Security Challenges At Standing Rock Lisha Sterling , Myron Dewey Geeks Without Bounds coordinated the Internet connectivity, radio support, and renewable power for the Dakota ...
Rate the Recruiter Brian Sheridan , Ashley Bush Rate the Recruiter - Monthly, weekly and sometimes daily, you are being contacted by Talent ...
Two-Factor Auth - Demand Bidirectional Joe Kirwin Two-factor authentication has become almost commonplace in defending against ubiquitous credential brute-forcing and has reduced ...
Getting insight out of and back into deep neural networks Richard Harang Deep learning has emerged as a powerful tool for classifying malicious software artifacts, however the ...
The Commoditization of Security Solutions: Will You Be Replaced by a Small Script? Nathan Sweaney Security technologies and solutions change constantly. Today's new hotness will be tomorrow's old news and ...
Pwn All The Mobile Porn Apps Ben Actis This talk will examine egregious security vulnerabilities found in adult content mobile applications. Highlights include: ...
The Black Art of Wireless Post-Exploitation: Bypassing Port-Based Access Controls Using Indirect Wireless Pivots Gabriel Ryan Most forms of WPA2-EAP have been broken for nearly a decade. EAP-TTLS and EAP-PEAP have ...
Hadoop Safari : Hunting For Vulnerabilities Mahdi Braik , Thomas Debize With the growth of data traffic and data volumetric analysis needs, “Big Data” has become ...
Sex, Secret and God: A Brief History of Bad Passwords Kyle Rankin Most of what we've been told over the years about what makes a good password ...
Feds <3 H4ckers Allan Friedman , Suzanne Schwartz , Jessica Wilkerson Feds <3 H4ckers. No really, it's true! Some Feds do anyway. We've arranged for some ...
Inside MormonLeaks: the why, the how, and the what Privacy P. Pratt MormonLeaks gained national recognition in October 2016 when private videos of conversations between the highest ...
Breaking the Fourth Wall - Hacking a 50 years old myth Ayoub Elaassal Follow me on a journey where we p0wn one of the most secure platforms on ...
Transfer Learning: Analyst-Sourcing Behavioral Classification Tim Mather , Ignacio Arnaldo Information Security (InfoSec) operations analysts are deluged with data, and that is with not even ...
Microservices And FaaS For Offensive Security Ryan Baxendale There are more cloud service providers offering serverless or Function-as-a-service platforms for quickly deploying and ...
I Club and So Can You Christopher Lamberson Founding and running information security clubs has enriched my life in concrete, positive ways. In ...
All The Sales President’s Men Patrick Mcneil As technologists and hackers many of us have skills in intelligence gathering or social engineering, ...
The Human Factor: Why Are We So Bad at Security and Risk Assessment? John Nye How does the science of human perception and decision making influence the security sector? How ...
Think Complex Passwords Will Save You? David Hulton , Ian Foster Have you ever tried to crack a password that was just too difficult to crack? ...
Healthcare in Critical Condition Josh Corman , Christian quaddi Dameff , Jeff Tulley Over the past year, healthcare has been under assault from bad actors, yet has had ...
Ask the EFF Kurt Opsahl , Eva Galperin , Nate Cardozo "Ask the EFF" will be a panel presentation and unrecorded question-and-answer session with several staff ...
How To Hack Recruiting: Turning the Tables (Panel) Kris Rides , Steve Levy , Pete Radloff Are you sick of applying for jobs and never hearing back? See that perfect position ...
Engineering My Way Into InfoSec Nitha Suresh InfoSec is no longer reserved for those with the right degrees and certifications, or willing ...
Zero Trust Networks: In Theory and in Practice Doug Barth , Evan Gilman The world is changing, but our network security models are having trouble keeping up. In ...
The Struggle Is Real: My Journey With Mental Health Issues Joel Cardella Talks on mental health are starting to emerge across the infosec sphere. This is a ...
Recruiter Smack Down (Panel) Kris Rides , Steve Levy , Pete Radloff , Jen Havermann This is a chance to hear what was covered in the sessions today and have ...
HHS Task Force (Panel) Josh Corman “Healthcare cybersecurity is in critical condition,” announced the US Department of Health and Human Services ...
Introduction to Reversing and Pwning David Weinman Beginner oriented talk on reverse engineering and pwning, details are confined to the linux x86 ...
Behavioral Analysis from DNS and Network Traffic Josh Pyorre Using behavioral analysis, it's possible to observe and create a baseline of average behavior on ...
Cash in the aisles: How gift cards are easily exploited William Caput It is commonly thought that gift cards must be activated to have any monetary value. ...
Skip tracing for fun and profit Rhett Greenhagen This talk covers skip tracing TTPs and countermeasures in the digital and human domains. The ...
SniffAir – An Open-Source Framework for Wireless Security Assessments Steven Darracott , Matthew Eidelberg SniffAir is an open-source wireless security framework. Its primary purpose is to provide pentesters, systems ...
Regulatory Nets vs. The Fishing Hook Of Litigation Wendy Knox Everette What sort of legal and policy choices would lead to more secure and safer software ...
Internet of Cars Chris King , Abe Chen , Kevin Tierney It's been almost a year since the DMCA exemption made hacking your own car legal ...
Writing Malware Without Writing Code Gal Bitensky What are the motivations and mechanics of code re-use by malware coders? The talk begin ...
Pwning Software-Defined Networking (SDN) Tommy Chin Software-Defined Networking (SDN) has become an emerging solution to existing virtualized networking problems. Major contributors ...
The Attack Chain Of A Nation-State (Equation Group) Tal Liberman , Omri Misgav In April 2017, The Shadow Brokers release a collection of hacking tools belonging to the ...
Sympathy for the Developer Sarah Gibson In the realm of software security, developers are without question a major focus of blame, ...
Going Passwordless Evan Johnson Many people now recognize that passwords can be a problem for many of our web ...
YARA-as-a-Service (YaaS): Real-Time Serverless Malware Detection Austin Byers Defending against malware remains one of the most pressing tasks for any security team, but ...
Hacking the Law: A Call for Action – Bug Bounties Legal Terms as a Case Study Amit Elazari While the bug bounty economy is booming, a novel survey of bug bounty terms reveals ...
Practical Malware Analysis - Hands-On Sam Bowne , Devin Duffy , Dylan James Smith Learn how to analyze Windows malware samples, with a hands-on series of projects in a ...
Effective YARA Monty St John YARA is a simple and highly effective way to identify, classify, and categorize files. It ...
The New Cat and Mouse Game: Attacking and Defending Machine Learning Based Software Joshua Saxe Machine learning is increasingly woven into software that determines what objects our cars recognize as ...
Scamming the Scammers - Becoming the Robin Hood of the phones Nathan Clark In the world of information, it's easy to see how people can get tricked. Social ...
CheckPlease - Payload-Agnostic Implant Security Christopher Truncer , Brandon Arvanaghi In this talk, we present CheckPlease, our new repository of implant security modules. CheckPlease is ...
Purple Team: How This Color Can Help You And Your Organisation Learn and Get Better Patrick Mathieu You have heard of Red Team, Red vs. Blue Team and Purple Team exercises, but ...
Safer Storage and Handling of User Answers to Security Questions Arnold Reinhold Like it or not, security question password reset isn’t going away. Most organizations find it ...
Why is China all up in my SQL server? Andrew Brandt Starting early in 2017, the honeypots I run in my lab began to receive a ...
Technical Tactics: Embedded Linux Software BOM Daniel Beard Manufacturers in the medical, industrial and automotive industries can no longer just design a product ...
Mining Software Vulns in SCCM / NIST’s NVD– The Rocky Road to Data Nirvana Loren Gordon Patch management for 3rd-party software can be a significant challenge. The raw data for effective ...
Applied OSINT: Enabling Better Social Engineering for Better Pen Tests Joe Gray Social engineering attacks remain the most effective way to gain a foothold in a targeted ...
Technical Tactics: Fear & loathing in building management systems Edward Farrell Since December 2015 I've had a bit of an unhealthy obsession with building management systems. ...
Building a Benign Data Set John Seymour , Rob Brandon Though featurization is important, the datasets used to make conclusions are just as important, if ...
Hacking Tech Interviews Adam Brand Learn how to hack tech interviews to your advantage in this story-filled talk from an ...
One OSINT Tool to Rule Them All Emilie St-pierre The purpose of this talk is to share the results of a comparative analysis between ...
Network Forensic Analysis in an Encrypted World William Peteroy , Justin Warner The movement to encrypt network communications has created a new set of challenges and critical ...
TMTO...Y? Steve Thomas Yes it is 2017 and you have not traveled back in time. This talk is ...
Lightning Talks: Thinking Different Caroline Wong , Robert Wood , David Batz , Steven Luczynski Stopping a Cyber Hurricane: A Call for Proactive National Cybersecurity A hurricane and malicious cyber ...
Accessibility: A Creative Solution to Living Life Blind Shaf Patel Not many people with disabilities have given a talk at hacker conferences on how they ...
Baby Got Hack Back Robert Graham , Davi Ottenheimer , Jen Ellis , Leonard Bailey You’ve heard it before: the bad guys are winning; US companies are under attack every ...
A System Dynamics Approach to CNO Modelling Sara Mitchell This paper is based in the field of System Dynamics (SD) Modelling. Recent research of ...
(In)Outsider Trading - Hacking stocks using public information and influence. Richard Hocking This talk will take a look at how inadvertently leaked technical information from businesses, can ...
Abusing Webhooks for Command and Control Dimitry Snezhkov You are on the inside of the perimeter. And maybe you want to exfiltrate data, ...
Rethinking P@ssw0rd Strength Beyond Brute-force Entropy Ross Dickey Everywhere you need a password, the requirements follow a basic pattern: X length; must contain ...
Red/Blue Q&A: Pressure Test Lightning Talk Ideas Caroline Wong , Robert Wood , David Batz , Steven Luczynski Following up on their Lightning Talks, the four presenters will let the audience explore their ...
Your Facts Are Not Safe with Us: Russian Information Operations as Social Engineering Meagan Keim Over the past few years, Russia has proven itself to be an undeniable master of ...
Kick up the Jams Eric Rand With the rise of drones, there is a similar rise in anti-drone countermeasures - and, ...
The Role of Data Visualization in Improving Machine Learning Models Phil Roth Improving a machine learning model is impossible without a clear understanding of its current performance. ...
Data visualization in security: Still home of the WOPR? Matthew Park Visualization of security data has not advanced significantly since the days of the WOPR in ...
Hacking College, a Cybersecurity Career, and Certifications Marcus Carey Cybersecurity expert Marcus Carey shares his experience with building a credible career in Cybersecurity. He’ll ...
Robust Defense for the rest of Us Russell Mosley While browsing CFP's for conferences this summer, one speaking track named "The Art of Defense" ...
SECSMASH: Using Security Products to own the Enterprise Kevin Dick , Steven Flores Enterprise security tools provide a deep level of insight, and access, to the organizations they ...
Minimum Viable Risk Management Program Rachael Lininger Most information risk management programs are cumbersome and expensive, requiring expertise and time that smaller ...
Protecting Windows Credentials: An Excessive Guide for Security Professionals Mark Burnett Average users might never be safe from credential-theft on Windows, but security professionals are in ...
Poking bears: Validating the truth from IoCs in attack postmortem reports Andrew Brandt During the year leading up to the 2016 US presidential election, a number of security ...
IATC Cyber Crisis Simulation Josh Corman , Beau Woods , Jay Healey A SIMULATED crisis is unfolding on a national scale. Triggered by a yet-unknown adversary, what ...
Advanced Wireless Attacks Against Enterprise Networks Gabriel Ryan This workshop will instruct attendees on how to carry out sophisticated wireless attacks against corporate ...
Auditing Of IoT Devices Martin Rakhmanov , Vladimir Zakharevich In this workshop we will show a workflow to analyze security posture of an IoT ...
It’s Not Me, It’s You: How To Be A Better Hiring Manager or Rooting Out Excellent Candidates Despite Themselves Andrew Johnson Interviewing is difficult. From both perspectives, the process often feels more like a Buzzfeed-style personality ...
Exploration of Novel Visualizations for Information Security Data Brian Wylie , Roni Choudhury Effective visualizations for information security data are challenging. Given the streaming nature of network data ...
I got more games than Milton Bradley: Incentivize a positive change in your security culture Drew Rose Security awareness training is one of the last defenses to dastardly effective social engineering threats. ...
Magical Thinking... and how to thwart it. Mara Tam For all the progress we’ve made – as a community, as an industry, as a ...
Interrogation Techniques for Fun and Profit: Designing better tools for your SOC team Karolyn Bachelor SOC teams are consistently forced to create their own suites of in-house tools because commercial ...
Modern Internet-Scale Network Reconnaissance Underflow Network reconnaissance is not what it used to be. The surge in cloud use and ...
DefCon DarkNet Badge Hardware And Software: An Introduction To Custom Badge Building Edward Abrams , Cmdc0de , Gater_byte Every year at DefCon, vendors bring custom-designed electronic badges to sell and give away. These ...
Password Cracking 201: Beyond the Basics Royce Williams "Are you a password cracker ... or do you just crack passwords?" -epixoip My goal ...
(Even More) Mainframes? On my Internet? Soldier Of Fortran In 2015, Soldier of FORTRAN gave a talk about finding mainframes on the internet. It ...
Messing with Forensic Analysts: Modifying VSS Snapshots James Clawson Windows' VSS snapshots are great. The VSS service quielty runs in the background, periodically making ...
Is Data Visualization still necessary? Edmond Rogers , Grace Rogers , John Stillwell As researchers we all struggle and push the limits of available data visualization libraries. Availability ...
Hacking Office Politics for Cybersecurity Leaders Caroline Wong , Robert Wood Who cares about office politics? At the end of the day, isn't it all about ...
Automating Crypto Bugs Discovery Jean-Philippe Aumasson , Yolan Romailler We present a new and efficient approach to systematic testing of cryptographic software: differential fuzzing. ...
Vaccination - An Anti-Honeypot Approach Gal Bitensky Malware often searches for specific artifacts as part of its “anti-­VManalysissandboxdebugging” evasion mechanisms, we will ...
Grappling Hooks on the Ivory Tower: This Year in Practical Academic Research Falcon Darkstar Momot , Brittany Postnikoff Five years before volume 1 issue 1 of Phrack, there was IEEE Security and Privacy. ...
Why can't we be friends? (Ask a Fed.) Russell Handorf Do you dance madly on the lip of the volcano regarding your own research, or ...
IATC Mock Congressional Hearing Jessica Wilkerson , Jay Healey In the wake of a crisis, people inevitibly want answers. Who knew what, when? What ...
How To Obtain 100 Facebooks Accounts Per Day Through Internet Searches Yael Basurto , Guillermo Buendia Back in 2016, it was very new the way how the Facebook mobile application implements ...
CTF all the things: Leveraging gamification to up your security game Matt Pardo Despite the fact that on any given weekend of the year you can find at ...
/.git/ing All Your Data Jesse Kinser Organizations are using Git more than ever before, but are they securing it? Unfortunately, a ...
Lessons from the front lines: New York City Cyber Command Colin Ahern Colin Ahern, the Deputy Chief Information Security Officer of the City of New York will ...
How To Respond To Cops Who Want Your Passwords Stephanie Lacambra There has been an outpouring of digital dissent in the wake of the new administration. ...
How to make metrics and influence people Leila Powell Data science is not just a set of algorithms - it’s a discipline. There are ...
F! Passwords! David M. Zendzian Passwords? Who needs those anymore. An examination of attempting to use 2FA for all corporate ...
Everything is Not Awesome: How to Overcome Barriers to Proper Network Segmentation Jason Beatty Attacks are more and more likely to come from internal network sources, possibly being allowed ...
How I Scanned The Internet For NSA Compromised Firewalls Chuck Mcauley Last summer the Equation Group's TTPs were leaked by a group known as the ShadowBrokers. ...
Radio frequencies all around us! What data are you leaking and what is done with it? Keya Lea Horiuchi We take it for granted that our mobile devices are helpful, brightening our lives, making ...