BSidesSan 2019 March 3, 2019 to March 4, 2019, San Francisco, US

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
Keynote: The Path to Infosec Is Not Always Linear Rachel Tobac For some, the path to infosec starts in a lecture hall-- for Rachel it started ...
How to Orchestrate a Cyber Security Incident Tabletop Exercise Melanie Masterton "Assume breach" helps incident responders prepare for the next major cyber security incident. Ask yourself—What ...
A Deep Dive into Go Malware: Using Metadata to Empower the Analyst Joakim Kennedy Go is a programming language created at Google by Robert Griesemer, Rob Pike, and Ken ...
Ethical Hacking: DIY Mobile Security Workstation (For Cheap) Dale Meredith Every red and blue teamer needs a dedicated workstation when engaging a network via a ...
Strangeways, Here We Come: A Journey from On-Prem to Cloud First with AWS Victor Clark The underlying desire with any technology is to push beyond its limits. In the 80s, ...
Abusing WCF Endpoint for RCE and Privilege Escalation Christopher Anastasio In 2018 there were quite a few local privilege escalation and remote code execution CVEs ...
How to Fix the Diversity Gap in Cybersecurity Chloé Messdaghi Women make up just 11 percent and minorities are slightly less than 12 percent of ...
Anti-Privacy Anti-Patterns Sarah Harvey In this talk, we will examine key research findings and technological innovations in the past ...
Making Sense of Unstructured Threat Data Zainab Kseib Over the last decade the cybersecurity community has made significant progress on collecting and aggregating ...
BADPDF: Stealing Windows Credentials via PDF Files Adi Solomon Microsoft NTLM is an authentication protocol used on networks that includes systems running the Windows ...
Don't Boil the Ocean: Using MITRE ATT&CK to Guide Hunting Activity John Stoner As threat hunting becomes a focus for more and more organizations, the abilities of the ...
Surfing the Motivation Wave to Create Security Behavior Change Masha Sedova For decades security awareness programs have been based on the assumption that employees don't know ...
Guarding Against Protocol Subversion at Coinbase Mark Nesbitt As the number of blockchain assets and projects continues to increase, so too do the ...
Implementing a Kick-Butt Training Program: BLUE TEAM GO! Ryan J. Chapman Hands-on incident response roles such as those found within a SOC or CIRT are difficult ...
Career Mutation: A Panel on the Evolution to Management in Security Xiaoran Wang , Chris Dorros , Rachel Black , Daed Latrope , Kyle Tobener Have you been considering management for your next career move in security? Our group of ...
Goldilocks and the Three ATM Attacks David M.n. Bryan Automated Teller Machine (ATM) attacks are more sophisticated than ever before. Criminals have upped their ...
Fuzzing Malware for Fun & Profit: Applying Coverage-Guided Fuzzing to Find and Exploit Bugs in Modern Malware Maksim Shudrak N/APractice shows that even the most secure software written by the best engineers contains bugs. ...
HTTP Security Headers: A Technology History Through Scar Tissue Benjamin Hering Security headers are a history of digital scar tissue. Each one there because we discovered ...
Deploying Two-Factor Authentication to Millions of Users Emanuele Cesena Two-factor authentication (2FA) represents a second line of defense against account takeover, and all online ...
Do You Even Tech Anymore: Management & Leadership in Security? Mark Hillick When many people join the professional workforce and are asked, "What do you want to ...
Profiling "VIP Accounts" Access Patterns in User-Centric Data Streams Rod Soto , Joseph Zadeh , Xiodan Li Detecting compromise of privileged "VIP accounts" using real time analysis using Kafka streaming solution that ...
Concrete Steps to Create a Security Culture Arkadiy Tetelman Who's got time for any of this "culture" business? The security team has more trash ...
Containers: Your Ally in Improving Security Connor Gilbert , Connor Gorman Developers are now building, configuring, and deploying their own services on Kubernetes and Docker. Yikes! ...
Vendor Security: Where Our Data Goes We Follow Vivienne Pustell , Niru Ragupathy , Kyle Tobener , Justin Calmus , Wendy Zenone Every company big and small partners with external vendors for services. Examples can range from ...
Two-Faces of WASM Security Kaizhe Jumde JavaScript is the most popular language of the web. It is one of the fastest ...
DevSecOps State of the Union Clint Gibler Many companies have shared their lessons learned in scaling their security efforts, leading to hundreds ...
You Might Still Need Patches for Your Denim, but You No Longer Need Them for Prod Maya Lorenc In this talk, Maya and Dan will cover what changes in your patch management story ...
Collect All the Data; Protect All the Things Aaron Rosenmund Blue teaming has not, up until this point, received the same applause and attention that ...
Shall We Play A Game? J wolfgang Goerlich Muscle memory, incident responders will tell you, is crucial to acting quickly in a crisis. ...
Treat the Problems, Not the Symptoms: Baby Steps to a More Secure Active Directory Environment Igal Shani Since it was introduced twenty years ago, Active Directory has become a major security concern ...
All Your Containers Are Belong to Us James Condon The rising adoption of container orchestration tools, such as Kubernetes, has enabled developers to scale ...
Beyond AV: Detection-Oriented File Analysis Josh Liburdi This talk advocates adding detection-oriented file analysis systems to the modern threat detection technology stack ...
Do Androids Dream of Electric Fences?: Defending Android in the Enterprise Brandon Weeks In this talk, Brandon will cover Android enterprise security and how to use the features ...
Back to the SOCless Future: Implementing Monitoring & Response Through Automation Ubani Balogun How do you implement effective, scalable, 24/7 monitoring and response without 24/7 staff? The challenge ...
RadRAT: An all-in-one toolkit for complex espionage ops Ivona-alexandra Chili This talk presents a piece of malware that had previously gone unnoticed and that seems ...