BSidesSF 2016 Feb. 28, 2016 to Feb. 28, 2016, san francisco,usa

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
Keynote: A Declaration of the Independence of Cyberspace John Perry Barlow John Perry Barlow will read his "A Declaration of the Independence of Cyberspace" and answer ...
The Tales of a Bug Bounty Hunter Arne Swinnen Bug bounty hunting is the new black! During this technical talk, several interesting vulnerabilities identified ...
Mainframes? On My Internet? Soldier Of Fortran In early 2013 Soldier of Fortran had an idea. What if there were mainframes on ...
Reverse Engineering the Wetware: Understanding Human Behavior to Improve Information Security Matthew Hathaway , Alexandre Sieira The human mind evolved to draw quick conclusions for survival. Behavioral economists, like Daniel Kahneman ...
Securing the Distributed Workforce William Bengtson A distributed workforce is becoming the trend as new companies start and take off, as ...
Exploit Development Training & Competition Sam Bowne Participants will exploit a simple vulnerable Linux application, first to redirect execution to existing code, ...
Who’s Breaking into Your Garden? iOS and OS X Malware You May or May Not Know Claud Xiao Apple platforms were thought far away from malware problem in a long term, until at ...
Hackers Hiring Hackers - How to hack the job search and hack talent Irishmasms There are few talks that address what some consider to be the hardest part of ...
A year in the wild: fighting malware at the corporate level Kuba Sendor Yelp as any large company has a problem with viruses, malware and organized phishing campaigns ...
Scan, Pwn, Next! – exploiting service accounts in Windows networks Andrey Dulkin , Matan Hart Service accounts are prevalent in Windows networks, but are often mismanaged and ripe for exploitation. ...
Breaking Honeypots for Fun and Profit Gadi Evron , Dean Sysman , Itamar Sher This talk analyzes the concept of the Honeypot, its weaknesses, and how a better honeypot ...
Guest to root - How to Hack Your Own Career Path and Stand Out Javvad Malik Three security professionals walk into a bar:A Security proTHAT Security proand THE security pro.I used ...
Everything Is Awful (And You're Not Helping) Jan Schaumann Shamir's Three Laws of Security have been known for quite some time now:- Absolutely secure ...
IoT on Easy Mode (Reversing Embedded Devices) Elvis Collado As technology matures we are seeing a trend of products that are now “smart.” The ...
Why it’s all snake oil – and that may be ok Pablo Breuer Every few years, security vendors entice us with “next generation” security products with 0day detection ...
In the crosshairs: the trend towards targeted attacks Lance Cottrell While we will never see the end of generalized mass attacks, the real damage is ...
Ask the EFF Kurt Opsahl , Eva Galperin , Cooper Quintin , Andrew Crocker , Shahid Buttar Ask the EFF is a Q&A panel with EFF staffers, with short presentations on EFF's ...
Developing a Rugged DevOps Approach to Cloud Security Tim Prendergast Your operational tools deliver continuous monitoring and alerting—why doesn’t your security suite? No single path ...
Sedating the Watchdog: Abusing Security Products to Bypass Windows Protections Tomer Bitton , Udi Yavo A few months ago, we came across a critical vulnerability in a popular security product ...
Digital Intelligence Gathering: Using the Powers of OSINT for Both Blue and Red Teams Ethan Dodge , Brian Warehime In today's age everyone puts everything on the Internet. Not only can this present a ...
TOOOL Christine Bachman , Robert Hermes N/A
Exploiting Broken Webapps Rob Mann , Niru Ragupathy , David Tomaschik Web applications can fail in a variety of ways, from Cross-Site Scripting to SQL Injection ...
Sweet Security: Deploying a Defensive Raspberry Pi Travis Smith Securing the Internet of Things (IoT) has become increasingly difficult. Devices are often shipped with ...
Sharing is Caring: Understanding and measuring Threat Intelligence Sharing Effectiveness Alex Pinto For the last 18 months, MLSec Project and Niddel collected threat intelligence indicator data from ...
Planning Effective Red Team Exercises Sean T. Malone An effective red team exercise is substantially different from a penetration test, and it should ...
The Ransomware Threat: Tracking the Digital Footprints Kevin Bottomley The continuing evolution of ransomware is a constant threat to businesses of all types. Taking ...
Fraud Detection & Real-time Trust Decisions James Addison Fraud detection and computer security have a number of interesting parallels as adversarial & technological ...
Access Control in 2016 - deep dive Ulrich Lang Access control is undoubtedly a critical security mechanism, which is often managed as part of ...
Fuzz Smarter, Not Harder (An afl-fuzz Primer) Craig Young Fuzz testing is one of the most powerful tools in the bug hunter’s toolset. However, ...
Using Behavior to Protect Cloud Servers Anirban Banerjee Cloud server adoption has exploded in the last 5 years. Nearly every business is using ...
Elliptic Curve Cryptography for those who are afraid of mathematics Martijn Grooten To fully understand Elliptic Curve Cryptography to a point where you could use it in ...
The Art of the Jedi Mind Trick Jeff Man The hacker/security community continues to struggle with how to get our message across to others. ...
APT Reports and OPSEC Evolution, or: These are not the APT reports you are looking for Gadi Evron We will discuss how advanced threat actors learn and change with innovation in security defense ...
Mobile App Corporate Espionage Michael T. Raggo Corporate espionage is at an all-time high, and in terms of data risk threats, is ...
Sucker-punching Malware: A Case Study in Using Bad Malware Design Against Attackers John Bambenek , Hardik Modi Software developers have provided unlimited job security for the infosecindustry. Likewise, malware authors also have ...
Why Can't We Have Nice Things? Conflict Resolution in Information Security Rachael Lininger Conflict can be a good thing, really. Without it, we get groupthink and dumbass decisions. ...
Employee Hijacking: Building a hacktober awareness program Ryan Barrett Security awareness can be one of the driest and most boring topics for employee's. You ...