BSidesLasVegas 2018 Aug. 7, 2018 to Aug. 8, 2018, Las Vegas, USA

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
Cold Case Cyber Investigations: Catfishing Cooper and Other Ops Jim Christy Jim Christy will discuss the history and future of using Digital Forensics to solve almost ...
The Best of Security BSides Now and Then: Ten Years of Mixes Jack Daniel How to (accidentally?) Change The @%!$ World in just ten years and a couple of ...
ATT&CKing the Status Quo: Improving Threat Intel and Cyber Defense with MITRE ATT&CK John Wunder , Katie Nickels Whenever we discover another breach, adversaries give us a friendly reminder that the status quo ...
SiliVaccine: North Korea's Weapon of Mass Detection Mark Lechtik , Michael Kajiloti Meet SiliVaccine – North Korea’s national Anti-Virus solution. SiliVaccine is deployed widely and exclusively in ...
JARVIS never saw it coming: Hacking machine learning (ML) in speech, text and face recognition - and frankly, everywhere else Ezra Caltum , Guy Barnhart-magen Exploits, Backdoors, and Hacks: words we do not commonly hear when speaking of Machine Learning ...
Attacking Ethereum dApps Brandon Arvanaghi Ethereum dApps (decentralized apps) are a core pillar of why development on the platform has ...
Serverless Infections: Malware Just Found a New Home Maty Siman We are seeing more and more organizations leverage the advantages introduced by serverless computing. But ...
Who Wants to Be A Regulator: The IoT Security Game Show Allan Friedman , Jen Ellis , Whitney Merrill , Wendy Knox Everette Everyone talks about IoT security failures, but who should actual do all the things? We ...
How to Start a Cyber War: Lessons from Brussels -EU Cyber Warfare Exercises Chris Kubecka Nation-state offensive digital attacks are on the rise. Especially considering the news headlines. But, what ...
Red Teaming a Manufacturing Network (Without Crashing It) Johnny Medina , Kyle Cucci Cybersecurity in manufacturing environments is becoming more and more critical. However, many organizations do not ...
An Encyclopedia of Wiretaps Wendy Knox Everette Warrants. Wiretaps. PRTTs. Subpoenas. Section 702. 2703(d) order. National Security Letters. All Writs Act. Many ...
You're just complaining because you're guilty: A Guide for Citizens and Hackers to Adversarial Testing of Software Used In the Criminal Justice System Jeanna N Matthews , Nathan Adams , Jerome Greco Proprietary software is used throughout the criminal justice system, and the trade secrets of software ...
The Chrome Crusader Lily Chalupowski Crusade into the wild world of malicious browser extensions. You will learn how to do ...
Active Directory Password Blacklisting Leeren Chang Active Directory remains the most popular corporate solution for organizing devices and users on a ...
Anatomy of NTLMv1/NTLMv1-SSP Evil Mog There has been some confusion about NTLMv1 and NTLMv1-SSP reversing to NTLM hashes using hashcats ...
Fighting Fraud in the Trenches Amir Shaked There are many eCommerce and SaaS businesses that offer loyalty programs. Some involve gift cards ...
The Effect of Constraints on the Number of Viable Permutations of Passwords Randy Abrams , Briana Butler Typically the impact of constraints on the maximum number of permutations for a password is ...
A scanner darkly: Blue team techniques to break discovery Matthew Everson N/A
Get on the Eye Level: Tailoring the Security Talk Fahmida Y Rashid “Talking outside the community about security basics and teaching security awareness without resorting to FUD-tactics ...
Who Watches the Watchers?: Understanding the Internet's Background Noise Curt Barnard The instant a device is connected to the internet, it gets scanned and interrogated for ...
Lessons Learned by the WordPress Security Team Aaron D Campbell Managing security for the WordPress project is a challenge to say the least. The sheer ...
101 ways to fail at getting value out of your investments in security analytics, and how not to do that Jon Hawes The value promised and expected by investing in data analytics simply can’t be delivered unless ...
An Introduction to Machine Learning and Deep Learning Hillary Sanders Machine learning is the science of developing programs that can automatically learn from data. First, ...
Stop and Step Away from the Data: Rapid Anomaly Detection via Ransom Note File Classification Mark Mager The proliferation of ransomware has become a widespread problem culminating in numerous incidents that have ...
Sight beyond sight: Detecting phishing with computer vision. Daniel Grant Deep learning architectures have been used with great success to mimic or exceed human visual ...
Catch me, Yes we can! -Pwning Social Engineers using Natural Language Processing Techniques in real-time Marcel Carlsson , Ian G. Harris Social engineering is a big problem but very little progress has been made in stopping ...
Lesley Carhart Kicks Off Hire Ground Lesley Carhart To kick off Hire Ground, Lesley Carhart will share how best to leverage your time ...
From Hacker to Serial Entreprenuer Matt Devost Matt DeVost has been hacking for over 25 years and has become one of the ...
You're Good and You Should Feel Good Victor Wieczorek Everyone knows that security talent is scarce. When interviewing for a position, it is important ...
The Long Way Around – from Software Engineering to Cyber Security (How Choosing Wrong Turned out to be Right) Margaret White A career in Cyber Security does not always follow a linear path. In some cases, ...
Redefining the Hacker Manju Mude Many women and underrepresented groups have faced adversity and lack of inclusion in their careers ...
Engaging the Media: Know Your Target Jen Ellis , Sean Gallagher , Steve Ragan , Paul Wagenseil , Joe Cox Cybersecurity needs more and better ambassadors, particularly on topics that relate to cybersafety, where creating ...
Engaging the Media: Telling Your Story Sean Gallagher , Steve Ragan , Paul Wagenseil , Iain Thomson Cybersecurity needs more and better ambassadors, particularly on topics that relate to cybersafety, where creating ...
A Good Day to Die? IoT End of Life Allan Friedman , Jessica Wilkerson , Karl Grindal IoT security is a known hard problem. A number of efforts are devoted to addressing ...
Cyber Safety Disclosure Joshua Corman , Jay Radcliffe , Suzanne Schwartz , Nina Alli Vulnerability disclosures for safety-critical systems are f’n hard. Even when the finder/reporter and receiver/manufacturer are ...
Social engineering at scale, for fun Sara Jayne Terp I’ve spoken elsewhere about the tech and social ecosystems surrounding massive social engineering using misinformation ...
Implementing the Three Cs of Courtesy, Clarity, and Comprehension to Optimize End User Engagement Courtney K User interaction is fundamental to successful IT operations within an organization. A disconnect between the ...
Building A Teaching / Improvement Focused SOC Andrew Gish-johnson Effective security monitoring is an ongoing process. How do you get everyone participating? How do ...
Modern Political Warfare: A Look at Strategy and TTPs Sina Kashefipour Political warfare is back. Political warfare or political war is the “use of political means ...
Legendary Defender - The Voltron Analogy Brian Carey As a practicing Information Security consultant, I’ve seen many organizations fail at implementing effective security ...
Not your Grandpa's Password Policy Kevin T Neely This talk will describe the password policy at Pure Storage, which involves the security team ...
Vulnerability Management 101: Practical Experience and Recommendations Eric Bryan Vulnerability management, in the context of information security, is a critical, but often overlooked aspect ...
Snake Oil & The Security Industry Dave Cole Every true disaster is a tangled mess of factors. The security industry is rife with ...
A peek into the cyber security of the aviation Industry. Nitha Racgel Suresh The aviation sector is not immune to the cyber security risks that have been critical ...
That Buzzword Bingo Rapid Debates Panel Thing Robert Graham , Josh Corman , Chris Nickerson , Jen Ellis This session is designed to titillate, delight, and possibly even educate BSidesLV attendees. Come challenge ...
Your taxes are being leaked Michael Wylie 80% of U.S. small business accounting data is entered and stored on one company’s software. ...
iOS Runtime Hacking Crash Course Michael Gianarakis Over the past few years there have been a number of significant changes and trends ...
Tuning The Warp Drive with Laforge: New Tool for Building Security Competitions Alex Levinson , Dan Borges Security competitions such as the Collegiate Penetration Testing Competition have fundamentally changed the landscape for ...
Securing Robots at Scale Talha Tariq International Federation of Robotics estimate that 2.6 million industrial robots will be installed in factories ...
Pacu: Attack and Post-Exploitation in AWS Spencer Gietzen Cloud infrastructure security and configuration has been shown to be a difficult task to master. ...
Overlooked tactics for attacking hardened Active Directory environment Hao Wang , Pipe (yothin) Rodanant , Joshua Theimer Cyber-attackers have been very successful at rapidly gaining administrative access to Enterprise Active Directory environments. ...
Turning (Page) Tables - Bypassing advanced kernel mitigations using page tables manipulations Udi Yavo , Omri Misgav Over the past several years Microsoft introduced many new kernel exploit mitigations techniques to Windows ...
All Your Cloud Are Belong To Us - Hunting Compromise in Azure Nate Warfield MongoDB, Redis, Elastic, Hadoop, SMBv1, IIS6.0, Samba. What do they all have in common? Thousands ...
Security Awareness Training Refresh Lauren Clausen What’s the first thing that comes to mind when you think of security awareness training? ...
Where are the reinforcements? Brady Nielsen The demand for inforamtion security skills have far outpaced the supply. The stories and surveys ...
Who Maed Dis; A beginners guide to malware provenance based on compiler type. Lucien Brule Malware Researchers must take into account a wide range of factors in order to effectively ...
LibreSSL - Moving the Ecosystem Forward Brent Cook In response to the Heartbleed vulnerability disclosure of April 2014, the OpenBSD team created LibreSSL, ...
Solving for Somebody Else's Problem: Hacking Devs for Better Security Sarah Gibson Getting developers to take security findings seriously can feel like an uphill battle. Security can ...
Watch Out For That Bus! (Personal Disaster Recovery Planning) David Minch You bank online. PDFs have replaced paper. Bills come via email and are paid automatically. ...
Using Lockpicking to Teach Authentication Concepts Kat Sweet When we teach security, we often face challenges in conveying our knowledge to a non-security ...
How I Met Your Password Dimitri Fousekis “How I Met Your Password” is an interactive talk and session around password cracking techniques. ...
Abusing Password Reuse at Scale: Bcrypt and Beyond Sam Croley In this talk we will cover a new attack methodology based on the concept of ...
Deploying WebAuthn at Dropbox Scale: Second Factor and Beyond Brad Girardeau WebAuthn is a new standard for strong authentication on the web, giving users an easy ...
Guardians of GitHub Joshua Danielson , Dileep Gurazada Over 10,000 AWS access keys are currently exposed on GitHub. Are one of them yours? ...
Ransombile, yet another reason to ditch SMS Martin Vigo The general belief is that a mobile device that is locked, encrypted and protected with ...
(De)Serial Killers Erez Yalon Set during the Great Marshalling of Pickles Apocalypse; in the year 2015, the internet at ...
Not your Mother's Honeypot - Another name for Threat Intel Kat Fitzgerald “Gathering Threat Intelligence is an art. Using it to your advantage is magic. Do you ...
Applied Quantitative Risk Analysis Michael Rich My experiences with qualitative risk analysis have never been satisfying. The categories used to bin ...
Hillbilly Storytime - Pentest Fails Adam Len Compton Whether or not you are just starting in InfoSec, it is always important to remember ...
Invoke-NoShell Gal Bitensky For defenders Powershell is a major challenge when for attackers it is an opportunity (if ...
Security and DevOps are really Best Friends Emily Gladstone Cole DevOps teams still think of Security as “the people who say no.” However, DevOps are ...
Don't Bring Me Down: Are You Ready for Weaponized Botnets? Cheryl Biswas We’re seeing an evolution in botnets. The impact of Mirai bringing down a huge swath ...
Another one bites the dust: Failed experiments in infrastructure security analytics and lessons learned from fixing them Ram Kumar In most academic and industry conferences, we get to learn about the success stories of ...
PowerShell Classification: Life, Learning, and Self-Discovery Derek Thomas By now, many security practitioners know that PowerShell is a powerful scripting language used by ...
Can data science deal with PAM? Leila Powell PAM is climbing the security charts, coming in at no. 4 in the latest CIS ...
Tracking Malicious Logon: Visualize and Analyze Active Directory Event Logs Tomoaki Tani , Shusei Tomonaga In the lateral movement phase of APT incidents, analysis of Windows Active Directory event logs ...
Decision Analysis Applications in Threat Analysis Frameworks Emily Shawgo In the modern age, all organizations face threats from various types of cyber attacks. Although ...
Looking for the perfect signature: an automatic YARA rules generation algorithm in the AI-era Andrea Marcelli Given the high pace at which new malware variants are generated, antivirus software struggle to ...
Hackademia: The 2018 Literature Review "falcon Darkstar Momot , Brittany ""straithe"" Postnikoff Ever wonder how static analysis tools figure out not only what lines contribute to a ...
Arbitrary Albatross: Neutral Names for Vulnerabilities at Volume Art Manion , Leigh Metcalf Vulnerability identification is critical defensive security infrastructure. We have CVE, which is improving scope and ...
The Key to Managing High Performance Security Teams Mike Murray For many early career managers, getting high performance from teams can seem like a magic ...
Increasing Retention Capacity Andrea Little Limbago Why do organizations work so hard to recruit a talented workforce, but fall flat when ...
Fast-track your Hacking Career – Why Take The Slow Lane? Joe Klein Confused how to get into the security field? Unsure how to grow your skills, knowledge, ...
Community Career Panel or How to Get More than a TShirt Working at a Con Kathleen Smith , Magen Wu , Kristen Renner , Cindy Jones Career development is typically seen as a progression of education, certification and job moves. However, ...
Stupid Hacker Tricks: Bridging Airgaps and Breaking Data Diodes Monta Elkins The impossible is just what we haven’t done yet.This light and fun talk (with demos) ...
Building ambassadors to reduce friction, drive change, and get sh*t done Katie Ledoux Whether your goal is to push a vulnerability through remediation, change user behavior, or secure ...
Hacking the Public Policy API Jessica Wilkerson , Travis Moore , Maurice Turner Technology experts are all over the country except on Capitol Hill, where they are needed ...
CVE CVSS NVD OMGWTFBBQ Josh Corman , Art Manion , Tom Millar , Katie Trimble , Margie Zuk , Seth Carmody The Common Vulnerabilities and Exposures (CVE) list, the Common Vulnerability Scoring System (CVSS), and the ...
Engaging Policymakers at the State Level Joe Hall , Maurice Turner , David Forscey From federal data breaches to foreign governments phishing political campaigns to malware shutting down city ...
Transforming Industries for Fun and Safety David Rogers , Beau Woods , Jeff Troy , Pete Cooper , John Sheehy I Am The Cavalry presents two case studies on shifting mindsets of security researchers and ...
Cavalry is ALL OF US Rod Soto , Travis Moore “The cavalry isn’t coming; it falls to us,” were the words five years ago at ...
Cruising the MJ Freeway: Examining a large breach in legal Cannabis Rex Recently a major Cannabis POS provider – with over 11 million in funding, 23 million ...
What is Agile and how can I use it well? Nicole Schwartz Are you a person who works with Agile developers? Are they driving you nuts? This ...
Unifying the Kill Chain Paul Pols To hunt attackers on their networks and raise resilience, enterprises can use various attack models ...
Incorporating Human Intelligence (HUMINT) into An Information Security Team Aamil Karimi At a time when new innovations and developments in IPS, detection, big data, anti-virus, and ...
Disabling Encryption to Access Confidential Data Christopher Simon Hanlon This presentation demonstrates the ways we exploited opportunistic encryption to break into popular cloud virtual ...
Bypassing Antivirus Engines using Open Sourced Malleable C2 Software, MSFVenom, Powershell and a bit of Guile Michael Aguilar Abstract There are a multitude of Open Sourced C2 software that are readily available for ...
Firmware Security 101 Arpita Biswas More often than not, firmware is seen as an intriguing no man’s land -neither software ...
The current state of adversarial machine learning Heather Lawrence Machine learning is quickly becoming a ubiquitous technology in the computer security space, but how ...
Treble or Trouble: Where Android's latest security enhancements help, and where they fail Tamir Zahavi-brunner In today’s security world it is well understood that it is impossible to eliminate all ...
How A Fortune 500 Company Suppressed Our Research Through Legal Threats Falcon Darkstar Momot , T Propher When we took on a consulting project to audit an alcohol breath testing machine for ...
Why Can't We Be Friends? (Get Spotted With A Fed) Russell Handorf Do you dance madly on the lip of the volcano regarding your security research? Or ...
Ask The EFF Kurt Opsahl , Nate Cardozo , Nash Sheard , Eva Galparin “Ask the EFF” will be a panel presentation and unrecorded question-and-answer session with several staff ...