BSidesSanFrancisco 2018 April 15, 2018 to April 15, 2018, San Francisco, USA

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
Resume Rewriting N/a Peerlyst volunteers will help you improve your resume and re-write it with you. Make sure ...
IoT Village N/a N/A
Lockpick Village N/a , Bob & Christine Lockpick Extreme and TOOOL SF will be hosting a lockpick village and pop-up shop this ...
Spymaster Challenge N/a Like to pick locks? Think you have what it takes to escape? Come join Cisco's ...
Capture The Flag N/a Our CTF (capture the flag) competition will be running from 9am Sunday till 4pm Monday. ...
Opening Remarks Reed Loden N/A
From Bounties to Bureaucracy - The Hidden Market Factors of Exploit Economics Brian Gorenc Bug bounty programs are nearly ubiquitous today, but that wasn’t always the case. When the ...
Starting a security program: Thrills and Spills Poornaprajna Udupi Building a security program sounds exciting and exhilarating. Security practitioners tend to focus on technology ...
Deconstructing APT28's XAgent for OSX Tiberius Axinte Until now APT28 was only available for Windows, Linux and iOS operating systems. Now we've ...
Keep it Like a Secret: When Android Apps Contain Private Keys Will Dormann We all have secrets. And the way we keep them secrets is by not telling ...
Living Security Escape Room (Session 1.1) N/a N/A
Violent Python Sam Bowne Even if you have never programmed before, you can quickly and easily learn how to ...
Caught my WebApp cheating on me! Pedro Fortuna We trust that the web application code executed inside the browser is exactly the code ...
Overcoming obstacles in operationalizing security: A tale from the trenches Rafae Bhatti So you got an offer letter to manage or lead a security team at a ...
The Memory of a Meltdown, and no we don't mean Britney Shane Magistrado Software bugs can be patched as soon as the vendor pushes an update and the ...
Living Security Escape Room (Session 1.2) N/a The Living Security Escape Room is a unique and fun way to network with security ...
Living Security Escape Room (Session 1.3) N/a The Living Security Escape Room is a unique and fun way to network with security ...
So you think you can patch: The game show that questions your security assumptions Allan Friedman , John Banghart , Kent Lather Few people know that the game show was actually a Victorian invention, although they were ...
Netrepser – A JavaScript targeted attack Cristina Vatamanu The discovery of Stuxnet in a uranium enrichment facility in Natanz opened a new era ...
Crimeware Chaos: Empirical Analysis of HTTP-based Botnet C&C Panels Aditya K Sood Cybercriminals deploy crimeware for conducting nefarious operations on the Internet. Crimeware is managed on a ...
Living Security Escape Room (Session 1.4) N/a The Living Security Escape Room is a unique and fun way to network with security ...
No more XSS: Deploying CSP with nonces and strict-dynamic Devin Lundberg XSS, one of the most common web vulnerabilities, can be completely prevented with a strict ...
Building Intelligent Automatons with Semantic Reasoning and Horse Glue Anton Goncharov Proper data modeling is probably the most underrated aspect of security data analysis. Our addiction ...
Blue Team Fundamentals Benjamin Hering Noob friendly! While new technical vulnerabilities are found continuously, malicious actors often rely on tried ...
Fundamentals of Corporate Physical Access: Attack Surface and Approach Terry Michaud There’s many sessions and spaces that teach skills to attack locks, but few focus on ...
Hacking the Law: Are Bug Bounties a True Safe Harbor? Amit Elazari In the wake of recent media headlines, bug bounties emerge as a murky legal landscape ...
Machine Learning: Too smart for its own good. Thomas Phillips Wouldn't it be awesome to build a machine learning device that ran on tubes, valves, ...
Using ancient math to speed up security assessments of Windows executables Cole Thompson This is about greatly speeding up risk reduction when evaluating Windows programs. Reverse engineering binary ...
Living Security Escape Room (Session 1.5) N/a The Living Security Escape Room is a unique and fun way to network with security ...
Data Driven Bug Bounty Arkadiy Tetelman In a single sentence: if you're not collecting metrics from your bug bounty program then ...
Rise of coinminers Omri Segev Moyal Coinminers have been on the rise in 2017, causing slow down on home computers, massive ...
Six degrees of infiltration: Using graph to understand your infrastructure and optimize security decision making Sacha Faust Current infrastructures depends on multiple technologies and third party infrastructures that increase security complexity and ...
Living Security Escape Room (Session 1.6) N/a The Living Security Escape Room is a unique and fun way to network with security ...
Tales of Red Teaming, aka "Continuous Intrusion Continuous Deception" Aladdin Nair This talk explores various avenues of techniques used to attack a large scale corporate networks. ...
KubeScope for the Extraordinary World of Containers Tongbo Xu Google’s Kubernetes has become the de facto standard for software container orchestration. As development teams ...
The Bucket List: Experiences Operating S3 Honeypots Cameron Ero 2017 was a blockbuster year for breaches, with everything from Russian espionage to Equifax. However, ...
Ask the EFF Nate Cardozo , Andrew Crocker , Gennie Gebhart , Stephanie Lacambra , Sydney Opsahl "Ask the EFF" will be a panel presentation and unrecorded question-and-answer session with several staff ...
Your Secrets are Showing! -- How to find if your developers are leaking secrets? Ian Lee This talk will zoom in to the cache of goodies which developers leave lying around ...
Fighting Secrets In Source Code With TruffleHog Dylan Ayrey Secrets in source code have lead to breaches in the past. They make it really ...
Women in Security Mixer N/a Apple invites (all women/you) to join us at our BSidesSF 2018 Women in Security Mixer. ...
Fix All The Things: Rapid-fire Stories of Creative Solutions to InfoSec Problems Katie Ledoux Rapid-fire stories of creative solutions to infosec problems.
Building a Predictive Pipeline to Rapidly Detect Phishing Domains Wes Connell Registering a new domain, obtaining a legitimate SSL certificate, and deploying it on a web ...
Supply Chain Attack Through CCleaner - Evidence Aurora Operation Still Active Itai Tevet Last September, hackers broke into as many as 2.27 million accounts of a computer cleaning ...
Simple. Open. Mobile: A Look at the Future of Strong Authentication Jerrod Chong In recent years, a growing demand to replace passwords and better protect online users has ...
Living Security Escape Room (Session 2.1) N/a The Living Security Escape Room is a unique and fun way to network with security ...
Crypto Hero Sam Bowne Learn cryptography with a series of hands-on projects in a fun, CTF-style environment. Covers the ...
Modern Red Team Immersion Bootcamp, Condensed Josh ‘fuzzynop’ Schwartz The Modern Red Team Immersion Bootcamp is designed to expose students to the types of ...
The SecDevOpronomicon - Arcane Secrets for Scaling your Company’s Security Clint Gibler In Victorian San Francisco, we provision fleets of servers with Chef or Puppet and push ...
Honeypots 2.0: A New ‘Twist’ on Defending Enterprise Networks with Dynamic Deception at Scale Lane Thames The concept of honeypots and deception has been leveraged by cyber-defenders for many years. Today, ...
Managing secrets in your cloud environment: AWS, GCP, and containers (and beyond) Evan Kaczorowski Applications often require access to sensitive data at build or run time, known as secrets. ...
Living Security Escape Room (Session 2.2) N/a The Living Security Escape Room is a unique and fun way to network with security ...
Living Security Escape Room (Session 2.3) N/a The Living Security Escape Room is a unique and fun way to network with security ...
Fuzzing Ruby and C Extensions Claudio Contin Intro to fuzzing, and specifics in Ruby lang:, security implications of vulnerabilities that might be ...
Securing DNSSEC with Ritual and Ceremony (or for steampunks, How Neo-Victorians Keep Out Cads and Bounders) Smiljana Antonijevic Which social factors are crucial for key signing ceremonies to build and maintain a chain ...
Demystifying DNS Security – Practical Steps for Reducing Exposure and Detecting Compromise Jim Nitterauer The Internet as we know it would come to a screeching halt if DNS failed ...
Living Security Escape Room (Session 2.4) N/a The Living Security Escape Room is a unique and fun way to network with security ...
A Case Study of MacOS Supply Chain Compromise Jason George Supply chain compromises remain an effective technique for attackers to get their malware on a ...
Bring in the $$ : Moving Security from Cost Center to Revenue Generator Arianna Willett Security is expensive. A security team requires a number of highly paid people and a ...
The IoT Hacker's Toolkit David Tomaschik IoT and embedded devices provide new challenges to security engineers hoping to understand and evaluate ...
How to Hack Radios: A Practical Approach to RF Physical Layers Matt Knight This workshop offers a tutorial on how to apply Software DefinedRadio, with an emphasis on ...
You want to step outside? What we can learn from Google’s fight with phishing Neal Mueller Phishing is the great public plague of the web, and attacks are on the rise. ...
An Open Source Malware Classifier and Dataset Phil Roth Research in machine learning for static malware detection has been stymied because of stale, biased, ...
Logging, Monitoring, and Alerting in AWS (The TL;DR) Jonathon Poling With AWS’ ever-increasing number services and ever-growing complexity, individuals and organizations are desperately seeking the ...
Living Security Escape Room (Session 2.5) N/a The Living Security Escape Room is a unique and fun way to network with security ...
Unraveling the Threat of Chrome Based Malware Spencer Warner Most leading web browsers, including Google Chrome, offer users the ability to install extensions, web ...
Introduction to Windows Kernel Mode Debugging Yamin Tian Debugging is a very practical science, and an underappreciated component of creating secure software. Specifically, ...
PostgreSQL Threats and Attacks in the Wild Aj Fleming We developed two PostgreSQL honeypots, pghoney (low-interaction) and Sticky Elephant (medium-interaction). This talk presents our ...
privacy for safety - opsec when the threat is in the home Stella We live in a hyper connected world, security awareness for most people means protecting against ...
Prospecting Ransomware Tech Vlad Craciun 2017 was a year with a large increase of ransomware families and malware technologies. Some ...
Lessons learned implementing meaningful access controls to customer data Patrick O'doherty There exists an unfortunate open secret in our industry: that companies are often quite old ...
Pensieve: Finding malicious artifacts in container environments Yathi Naik Traditional forensic investigation tools such as LiME, fmem (memory imaging), dd, dcfldd (disk imaging), volatility ...
Listen to your Engine: Unearthing Security Signals from the Modern Linux Kernel Robby Cochran Observing all kernel events can be like descending into the steam-engine of an airship – ...
Navigating the Vast Ocean of Browser Fingerprints Russell Cameron Thomas This talk is about how to combine browser fingerprinting and machine learning to create *general ...