BSidesLasVegas 2016 Aug. 2, 2016 to Aug. 3, 2016, las vegas,usa
Tell us about missing data
Tell us about missing data
Title | Speakers | Summary | Topic Types |
---|---|---|---|
Doxing yourself through FOIA: understanding agency data structures to reverse engineer FOIA requests. | Caitlin Kelly Henry | This workshop will teach you to Dox yourself or a subject using the Freedom of ... | |
Mobile App Attack | Sneha Rajguru | This full-fledged hands-on training will get the attendees familiar with the various Android as well ... | |
Opening Keynote Pt. I & II | Lorrie Faith Cranor , Michael Kaiser | Join us for our opening Keynote's one-two punch, when Lorrie Cranor, Chief Technologist at the ... | |
PvJ CTF | Dichotomy | The Pros V Joes CTF is an event where the average Joe can have a ... | |
Hire Ground - Opening Remarks | Jack Daniel | Jack Daniel kicks off the Hire Ground track by sharing his own career story and ... | |
IATC Introduction and Overview | Joshua Corman | I Am The Cavalry track kicks off with an introduction to the topics and overview ... | |
Network Access Control: The Company-Wide Team Building Exercise That Only You Know About | Dean Webb , Wendy Nather | Although the first word in NAC is "Network", NAC involves many other technologies - and ... | |
Managing Security with the OWASP Assimilation Project. | Alan Robertson | IT shops have trouble reliably doing the basics well: 30% of all break-ins come through ... | |
Toward Better Password Requirements | Jim Fenton | While we often discuss examples of poor password requirements, it’s also useful to consider a ... | |
Data Science or Data Pseudo-Science? Applying Data Science Concepts to Infosec without a PhD | Ken Westin | Looking to learn how to apply fuzzy linear Bayesian regression entropy clustering to your security ... | |
What Snowden and I Have in Common - Reflections of an ex-NSA Hacker | Jeff Man | NSA takes very seriously its mandate to do “what NSA does” against foreign entities and ... | |
Shall We Play A Game? 30 Years of the CFAA | Tod Beardsley , Nate Cardozo , Jen Ellis , Cristin Goodwin , Leonard Bailey | 2016 marks the 30th anniversary of the Computer Fraud and Abuse Act (CFAA), the main ... | |
Lock Pick Village | Steve Pordon | Join us from 1000 to 1845 on Tuesday and Wednesday to learn all about lock ... | |
Calling All Hacker Heroes: Go Above And Beyond | Keren Elazari | So you've taken the red pill, realized the cavalry isn't coming, and you know it's ... | |
Intro to Storage Security, Looking Past the Server | Cheryl Biswas , Jarett Kulm | Data is all around us. We tend to overlook where & how it is stored ... | |
Are You A PenTexter? Open-Sourcing Pentest Reporting and Automation. | Melanie Rieback , Peter Mosmans | This talk will announce a new OWASP project: PenText, a fully open-sourced XML-based pentest document ... | |
Deep Adversarial Architectures for Detecting (and Generating) Maliciousness | Hyrum Anderson | Deep Learning has begun to receive a lot of attention in information security for detecting ... | |
Navigating Different Career Paths in Security | Lorrie Faith Cranor | Lorrie is now the Chief Technologist for the FTC and has a great career in ... | |
Panel: Progress On Cyber Safety | Chris Nickerson , Michael Mcneil , Beau Woods , Frank Barickman , Saša Zdjelar | Cyber Safety industries (Medical, Automotive, Home, and Public Infrastructure) have come a long way in ... | |
What's Up Argon2? The Password Hashing Winner A Year Later | Jp Aumasson | Argon2 is the winner of the Password Hashing Competition (PHC), as announced in July 2015. ... | |
Automation of Penetration Testing and the future | Kevin Riggins , Haydn Johnson | The push for automation and commoditization is changing penetration testing as we know it. And ... | |
Cruise Line Security Assessment OR Hacking the High Seas | Adam Brand , Chad M. Dewey | The purpose of taking a cruise is to relax and enjoy some much needed time ... | |
Rock Salt: A Method for Securely Storing and Utilizing Password Validation Data | Arnold Reinhold | Rock Salt™ is a method for storing and accessing password verification data on multi-user computer ... | |
Welcome to The World of Yesterday, Tomorrow! | Joel Cardella | 30 years ago, the United States suffered a pivotal moment within our space program when ... | |
Flaying out the Blockchain Ledger for Fun, Profit, and Hip Hop | Andrew Morris | If somebody tweets about having $15 million dollars worth of Bitcoin stolen, how hard would ... | |
Active Incident Response | Brian Candlish , Christian Teutenberg | Description withheld at presenter's request. | |
Breaking the Payment Points of Interaction (POI) | Nir Valtman , Patrick Watson | The payment industry is becoming more driven by security standards. However, the corner stones are ... | |
Cyber Safety And Public Policy | Allan Friedman , Jen Ellis , Suzanne Schwartz , Amanda Craig | Security research has had some clear wins in the past year, but if you weren’t ... | |
How to securely build your own IoT enabling embedded systems: from design to execution and assessment | Jens Devloo , Vito Rallo | The Internet of Things (IoT) is the next Internet revolution that aims at interconnecting devices ... | |
Security Vulnerabilities, the Current State of Consumer Protection Law, & how IOT Might Change It | Chris Eng , Wendy Everette | If a consumer purchases software (like, perhaps, a word processor or a note taking software) ... | |
How to Get and Maintain your Compliance without ticking everyone off | Drbearsec , Rob Carson | How often do we strive for perfect compliance only to realize it’s never going to ... | |
What we've learned with Two-Secret Key Derivation | Jeffrey Goldberg , Julie Haugh | Video 1 "Chena creates team, signs up, save Emergency Kit" (MP4, 119.1MB) Video 2 "Chena ... | |
Exposing the Neutrino EK: All the Naughty Bits | Ryan J. Chapman | The Angler Exploit Kit (EK) is now dead. In the wake of Angler's death, Neutrino ... | |
Defeating Machine Learning: Systemic Deficiencies for Detecting Malware | Ryan Peters , Wes Connell | Malware detection tools have evolved significantly over the last several decades in response to increasingly ... | |
Generation C: "Hacker" Kids and the Innovation Nation | Andrea m. Matwyshyn | Our society currently suffers from two moral panics - the fear of losing our global ... | |
Beyond the Tip of the IceBerg -- Fuzzing Binary Protocol for Deeper Code Coverage. | Mrityunjay Gautam , Alex Moneger | Some fuzzers are blackbox while others are protocol aware. Even the ones that are made ... | |
State Of Healthcare Cyber Safety | Jay Radcliffe , Christian quaddi Dameff , Beau Woods , Suzanne Schwartz , Colin Morgan | A year ago a predominant mode of thinking was that “nobody would ever hurt patients; ... | |
#recruiterfail vs #candidatefail | Matt Duren | There exists a tremendous lack of understanding between both candidates and recruiters regarding the job ... | |
State Of Automotive Cyber Safety | Joshua Corman , I Cavalry | It’s been two years since I Am The Cavalry launched the 5-Star Automotive Cyber Safety ... | |
How to Become "The" Security Pro | Javvad Malik | Three security professionals walk into a bar: A Security Pro, THAT Security Pro and THE ... | |
I Love myBFF (Brute Force Framework) | Kirk Hayes | This presentation will feature the release of a new open source tool which combines fingerprinting ... | |
Pushing Security from the Outside | Kat Sweet , Chris Deweese | In this talk I will discuss my experiences in furthering security in my company from ... | |
How to travel to high-risk destinations as safely as possible | Ryan Lackey | While the best security advice about dangerous locations is often "don't be there", travel is ... | |
Why it's all snake oil - and that may be ok | Pablo Breuer | Every few years, security vendors entice us with “next generation” security products with 0day detection ... | |
An Adversarial View of SaaS Malware Sandboxes | Jason Trost , Aaron Shelmire | Anyone attending this conference knows the usefulness of running malware in a sandbox to perform ... | |
Operation Escalation: How Commodity Programs Are Evolving Into Advanced Threats | Israel Barak | Companies shouldn’t be so quick to dismiss low-level threats like adware, click-fraud malware and other ... | |
Evaluating a password manager | Evan Johnson | Password managers are a really polarizing topic. Lets come together for a while and talk ... | |
DNS Hardening - Proactive Network Security Using F5 iRules and Open Source Analysis Tools | Dave Lewis , Jim Nitterauer | DNS is the engine that drives the Internet. Almost all Internet activity makes use of ... | |
Why does everyone want to kill my passwords? | Mark Burnett | We get it, passwords are a problem. They're a pain to remember, they're always too ... | |
DYODE: Do Your Own DiodE for Industrial Control Systems. | A Kokos , Arnaud Soullie | While data diodes have been used for a long time on classified networks, the high ... | |
How to make sure your data science isn’t vulnerable to attack | Leila Powell | Using the example of vulnerability data, this talk is about what happens when data science ... | |
Ingress Egress: The emerging threats posed by augmented reality gaming. | Andrew Brandt | Augmented reality gaming's first breakout hit has millions of players, and a "game board" that ... | |
CFPs 101 | Tottenkoph , Michael A. Ortega , Guy Mcdudefella | Have you ever wondered why CFP reviewers drink so much? Are you tired of having ... | |
How to Stand Out to Talent Acquisition | Tara Griesbach | Do you ever wonder what talent acquisition professionals look for in candidate profiles? Do you ... | |
The New Hacker Pyramid | Myrcurial , Genevieve , Security Intern , Wintr , Coolacid | That’s right, The New Hacker Pyramid is back again at BSidesLV for 2016. Be in ... | |
Pentesting Industrial Control Systems : Capture the Flag! | Arnaud Soullie | There is a lot of talking about ICS, SCADA and such nowadays, but only few ... | |
Ground Truth Keynote: Great Disasters of Machine Learning | Davi Ottenheimer | This presentation sifts through the carnage of history and offers an unvarnished look at some ... | |
Hacking Is Easy, Hiring Is Hard: Managing Security People | Mike Murray | The common view of management is that it's easier than reverse engineering. This talk will ... | |
IATC Day 2: Introduction and Overview | Joshua Corman , Beau Woods | Welcome back! We will recap yesterday’s session, as well as set the agenda and overview ... | |
Mapping the Human Attack Surface | Master Chen , Louis Divalentin | Organizations often generate attack surfaces but fail to include the most susceptible link, the Human. ... | |
Hunting high-value targets in corporate networks. | Patrick Fussell , Josh Stone | So you got into a network, but now what? You might be swimming in a ... | |
Crafting tailored wordlists with Wordsmith | Sanjiv Kawa , Tom Porter | Standard wordlists such as Uniq and Rockyou are great when used with a variety of ... | |
Don't Repeat Yourself: Automating Malware Incident Response for Fun and Profit | Kuba Sendor | Even for a larger incident response team handling all of the repetitive tasks related to ... | |
A Noobs Intro Into Biohacking, Grinding, DIY Body Augmentation | Johnny Xmas , Doug Copeland | Controlling devices through implanted chips used to be purely science fiction. Now, through the efforts ... | |
Uncomfortable Truths | Joshua Corman , Beau Woods , I Cavalry | This facilitated discussion will outline some uncomfortable truths about securing safety-critical systems. Is information security ... | |
No Silver Bullet. Multi contextual threat detection via Machine Learning. | Rod Soto , Joseph Zadeh | Current threat detection technologies lack the ability to present an accurate and complete picture of ... | |
Powershell-Fu – Hunting on the Endpoint | Chris Gerritz | Hunting is the art of searching for badness and unauthorized activity on our own systems ... | |
Stop the Insanity and Improve Humanity: UX for the Win | Rachael Lininger , Robin Burkett | What is UX? Why is it important in cybersecurity? We have a problem in our ... | |
Making Password Meters Great Again | Adam Caudill | Password meters have become ubiquitous, some are decent, but the majority are actually harmful. While ... | |
Survey says… Making progress in the Vulnerability Disclosure Debate | Allan Friedman , Jen Ellis , Amanda Craig | The vulnerability disclosure debate isn’t new. But as more vendors realize that they are software ... | |
Owning Your Career on a Daily Basis | John Darrow , John Mcclintock , Amazon | The only person who is truly responsible for your career advancement is you. From the ... | |
There is no security without privacy | Christopher Payne , Craig Cunningham | I believe I can demonstrate that privacy helps security and that the choice of "privacy ... | |
Why Can't We Be Friends? | Russ | Description withheld at presenter's request. | |
Domains of Grays. | Eric Rand | One of the most consistently reliable means for an attacker to gain access to an ... | |
Labeling the VirusShare Corpus: Lessons Learned | John Seymour | A machine learning researcher needs a nice dataset to work with, but all of the ... | |
Proactive Password Leak Processing | Bruce K. Marshall | An average person on the Internet reuses their same password across multiple sites more often ... | |
Improving Your Personal Value Proposition to Take that Next Step in Your Career | Scott Takaoka , Versprite | For many penetration testers and other security professionals, making yourself more attractive to employers or ... | |
You Don't See Me - Abusing Whitelists to Hide and Run Malware | Richo Healey , Michael Spaling | This talk will outline a method for exploiting security software with a focus on unauthorized ... | |
Automated Dorking for Fun and Pr^wSalary | Ming Chow , Filip Reesalu | A dork is a specialized search engine query which reveals unintentional data leaks and vulnerable ... | |
Modeling Password Creation Habits with Probabilistic Context Free Grammars | Matt Weir | People are not good at being unpredictable. It’s common knowledge that with passwords certain words ... | |
The Future of BSides | David Mortman , Jack Daniel , Mike Dahn , Thomas Fischeer , Michelle Klinger , Genevieve Southwick | This event represents the 271st BSides event since the first one was held at a ... | |
Determining Normal: Baselining with Security Log and Event Data | Derek Thomas | Take a look at almost every log management best practice guide and you will find ... | |
How to Rob a Bank – or The SWIFT and Easy Way to Grow Your Online Savings Account | Cheryl Biswas | Bank heists make great stories. And this year, we got some really good stories to ... | |
Six Degrees of Domain Admin - Using BloodHound to Automate Active Directory Domain Privilege Escalation Analysis | Rohan Vazarkar , Will Schroeder , Andy Robbins | Active Directory domain privilege escalation is a critical component of most penetration tests and red ... | |
Hands-on Cryptography with Python | Sam Bowne | Learn essential concepts of cryptography as it is used on the modern Internet, including hashing, ... | |
Latest evasion techniques in fileless malware | Andrew Hay , Virginia Robbins | This talk will dive into latest file-less malware, how such types of malware can hide ... | |
Hacking Tech Interviews | Adam Brand | Tech interviews can be tricky, but can also be hacked. What you do before, during, ... | |
PLC for Home Automation and How It Is as Hackable as a Honeypot | Scott Erven , Philippe Lin | The talk is about how to make PLCs work of your home automation and work ... | |
Passphrases for Humans: A Cultural Approach to Passphrase Wordlist Generation | Florencia Herra-vega , Skylar Nagao | The idea of using passphrases for storing stronger secrets has been around since at least ... | |
Hacking Megatouch Bartop Games | Mark Baseggio | In this talk Mark will discuss the latest in his fixation with hacking antiquated and ... | |
CyPSA Cyber Physical Situational Awareness | Edmond Rogers , Katherine Davis | CyPSA is primarily being developed to serve critical infrastructure in the electric industry, but, CyPSA ... | |
That Which Must Not Be Spoken Of: A Personal Look at Mental Health in Infosec | Jay Radcliffe , Joel Cardella | Sullen, Moody, Anti-Social, Awkward, Outcast, Misfits. Our people right? The heart and soul of the ... | |
Is that a penguin in my Windows? | Spencer Mcintyre | One of the latest features coming out in Windows is the new Windows Subsystem for ... | |
Exploiting the Recruitment Process | Jason Frank , Doug Munro | When hunting for your dream job in information security, companies are going to evaluate your ... | |
Automation Plumbing | Kyle Maxwell , Ashley Holtz | There are many tools available to automate various security and forensics tasks. This talk will ... | |
PeerLyst Meet and Greet | Peerlyst | Come and meet the Peerlyst community and find out why you maybe should be a ... | |
IATC Closing | Joshua Corman | So long and thanks for all the fish. We will recap the two day session, ... | |
Common Mistakes Seen in Interviews | Kris Rides , Matt Duren , Michael Dierick , Daniel Harbison , Deena Hetfield | Interviews can be intimidating, frustrating and sometimes pretty boring. From our panel of recruiters, you ... | |
Digging into SIEM Alerts with Visual Graph Analytics | Jeff Bryner , Paden Tomasello | Our responsibilities are expanding to include larger infrastructures, more applications, and a multitude of security ... | |
PAL is your pal: Bootstrapping secrets in Docker | Nick Sullivan | Many services that run in Docker containers need to have highly sensitive secrets installed on ... | |
An Evolving Era of Botnet Empires | Andrea Scarfo | Botnets are part of the dynamic infrastructure seen in modern large scale cyber attacks, spy ... | |
Dominating the DBIR Data | Gabriel Bassett , Anastasia Atanasoff | Data-driven security is all the rage. But what is the data? Is it a concrete ... | |
Stealing Food From the Cat's Mouth | Vitaly Kamluk | Description withheld at presenter's request. | |
Building an EmPyre with Python. | Will Schroeder , Steve Borosh , Alexander Rymdeko-harvey | Many companies are deploying an increasing number of OS X hosts in their corporate networks, ... | |
Scalability: Not as Easy as it SIEMs | Grecs , Keith Kraus | Cyber security is a big data problem, the volume and velocity of data from devices ... | |
Ethical implications of In-Home Robots | Guy Mcdudefella , Brittany Postnikoff | What can in-home robots do, and what does it take to gain control of one? ... | |
The Deal with Password Alternatives | Terry Gold | Many discussions on how to break passwords, but what to do about it? There are ... | |
Cross-platform Compatibility: Bringing InfoSec Skills into the World of Computational Biology | Rock Stevens , Candice Schumann | Want to put your hacking skills to good use? We’re talking about the ultimate good ... | |
QUESTIONING 42: Where is the “Engineering” in the Social Engineering of Namespace Compromises? | Vineetha Paruchuri | The most expensive domain name thus far in history was stolen in 1995 by sending ... | |
Why Snowden’s Leaks Were Inevitable | Jacob Williams | Edward Snowden has been vilified by the US Government while being held out as a ... |