BSidesLasVegas 2019 Aug. 6, 2019 to Aug. 7, 2019, Las Vegas, USA

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
Keynote Bob Lord This is the 10 year anniversary of BSides LV. A lot has changed and even ...
BEEMKA / Electron Post-Exploitation When The Land Is Dry Pavel Tsakalidis Now that you have a shell, you need to establish persistence. How about this time, ...
Unpacking pkgs: A look inside macOS Installer packages and common security flaws Andy Grant We are hackers, we won’t do as you expect or play by your rules, and ...
Using Machines to exploit Machines - harnessing AI to accelerate exploitation Ezra Caltum , Guy Barnhart-magen Imagine yourself looking through a myriad number of crash dumps trying to find that one ...
Meltdown's Aftermath: Leveraging KVA Shadow To Bypass Security Protections Omri Yavo Following the reveal of speculative execution vulnerabilities, Meltdown was mitigated in software by separating the ...
Neurosecurity: where Infosec meets Brain-machine Interface Ben Canham Direct brain-machine interface (BMI) has moved from science fiction to daily fact,and a new frontier ...
Board Communications N/a N/A
Zero Trust N/a N/A
Supply Chain Security N/a N/A
AppSec/SDLC/DevSecOps N/a N/A
Crisis Communication & Brand Monitoring N/a N/A
DLP Sucks and Why You Should Use It John Orleans Everyone hates DLP. It’s hard to implement, never lives up to its promises, users hate ...
Where in the world are Carmen's $adjective cyber attacks: The game show that wonders why things aren't worse Allan Friedman , Chris Bort Hacktivists. Disgruntled employees. Terrorists. Countries or people that just hate each other. We all know ...
The Contemplator Approach: Data Enrichment Through Elastic Stack Rodrigo Rodriguez IT and Security Teams collect data from as many sources as possible with the mindset ...
Mind the Diversity Gap - A Panel Discussion Alyssa Miller , Chloe Ihezukwu Information security has a diversity problem, study after study have shown this to be true. ...
Meet the CISO N/a N/A
SSO Wars: The Token Menace Alvaro Mirosh It is the year 2019. Humanity has almost won its long-standing war against Single-Sign On ...
My quest for (privileged) identity to own your domain Nir Yosha Many solutions offer a variety of features that help combat against credential stealing malware, but ...
Enterprise Overflow: How Breached Credentials Impact Us All Robert Paul If identity is the new perimeter, it is also the new battleground. Each new breach ...
Give the dog a bone - Exploring OSINT capabilities of pen-testing tools John Brunn We’re moving from pets to cattle when it comes to infrastructure. How has the adversary ...
Why FIDO Security Keys & WebAuthn are Awesome Jen Tong User authentication is hard. It’s a constant struggle between ease of use and effectiveness. Passwords ...
Applying Information Security Paradigms to Misinformation Campaigns: A Multidisciplinary Approach Pablo Terp A misinformation attack is the deliberate promotion of false, misleading, or mis-attributed information, often designed ...
Building an enterprise security knowledge graph to fuel better decisions, faster Jon Hawes The majority of security teams are stuck between a rock (almost static risk registers, updated ...
Grapl - A Graph Platform for Detection and Response Colin Obrien Historically, detection has been performed on point anomalies – a log comes in, the log ...
Profiling User Risk: Borrowing from Business Intelligence to Understand the Security of Your Userbase Emily Austin The fields of business intelligence, marketing, and user behavior research all make use of user ...
Reducing Inactionable Alerts via Policy Layer John Seymour A SOC requires trust in the alert process, especially for machine learning models; alerts which ...
Evaluating Code Embeddings Rob Brandon Over the past year several researchers gave talks proposing the use of embedding models for ...
Now that you hacked the plane, what are you going to do about your career? Chris Roberts We all know how to do the really cool hacking stuff but what do we ...
Addressing non-linear InfoSec career paths Sarah Young Sarah has worked in tech for about a decade now, but she had a not-so ...
Discovering Your Passion in Cyber Security Cherie Burgett I will discuss my personal journey into cybersecurity, how to identify needs, and creating your ...
Hack (Apart) Your Career - How to Fund Doing What You Love John Grigg Our field is full of extremely creative people who have a lot to offer the ...
How to Fail Well (In Order to be Successful) - From IT to Infosec & More Roy Wattanasin “You need to fail in order to succeed. – Roy” A successful career path in ...
Behind the Recruiting Curtain: What Do Recruiters Really Say and Do Kris Rides , Matt Duren , Richard Cho , Megan Calidonna , Erica Schneider A common saying is that is a full-time job finding a job, but who really ...
I Am The Cavalry Track Welcome and Overview Joshua Woods Our dependence on connected technology is STILL growing faster than our ability to safeguard ourselves ...
Can the CAN bus fly ­Risks of CAN bus networks within avionics systems Patrick Kiley There has been a lot of discussion around the security risks associated with CAN bus ...
Coordinated Disclosure of ICS Products: Who's got time for that? Jay Angus This discussion would be a reflection of past public, good and bad, disclosures based on ...
AIs Wide Open - Making Bots Safer Than Completely $#%cking Unsafe Davi Ottenheimer Bladerunner was supposed to be science fiction. And yet here we are today with bots ...
The Case for Software Bill of Materials Allan Friedman A “software bill of materials” (SBOM) that lists third party components can help the open ...
I Just Want to Help Make Flying More Secure...not Work with the Government or How I Learned to Love a Govvie Steve Luczynski Loss of the flying public’s trust in reliable, safe, & trustworthy air travel could impact ...
Bestsellers in the Underground Economy - Measuring Malware Popularity by Forum Winnona Desombre While you can patch against malware has been infecting your tech stack or targeting your ...
Examining DES-based Cipher Suite Support within the TLS Ecosystem Vanessa Frost In July 2018, over a decade after the DES encryption algorithm was retired, 3DES was ...
Satellite Vulnerabilities 101 Elizabeth Wilson As one of Humanity’s global commons, the frontier of space is the responsibility of the ...
Analyzing user decision making on phishing sites - using mouse data and keyboard dynamics Sanne Maasakkers The number of phishing websites on the world wide web is steadily increasing as a ...
Broken Arrow: applying InfoSec and Forensic practices to escape domestic abuse Will Baggett I will discuss applying InfoSec principles and also forensic principles to assisting domestic abuse victims ...
The Human API: Evolving End Users From Authorized Adversaries Into Our Best Defense. Ty Atkin Hacking and Security is becoming a lot less about Computer Science and more about Human ...
Burpsuite Team Server - Collaborative Web Pwnage Tanner Barnes During large scale engagements against multiple applications teams often split the workload across many testers. ...
The Resilient Hacker: Growth Mindset, Health Hacks & Powerful Help to Navigate Personal Challenges Serenity Smile Mental health issues such depression, substance abuse, and burnout are huge issues in the world ...
So you think you can CHMOD Jared Chandler Have you ever wondered if the file permissions on a directory were correct? Have you ...
Building the badge- How you can make small, cheap and custom hardware for function or fashion James Dietle Drawn to increase in neck bling that people wear around looking like futuristic disco balls? ...
Salesforce Data Governance What dark secrets lurk in your instance?? Pete Thurston Over the years, Salesforce has grown and evolved exponentially. Companies are leveraging Salesforce in many ...
Professionalization - Possibilities and Potholes Andrea m. Matwyshyn The question of some form of professionalization has long been a topic of conversation (third ...
Reverse Engineering the Cyber Policy API Maurice Pratt “Breakup up big tech” or “Secure the elections” are national news headlines. Privacy, cybersecurity, and ...
What's Next in Coordinating Vulnerability Disclosures Katie Trimble This is an interactive listening session. The idea here is that each person that would ...
AIs Wide Open - Making Bots Safer Than Completely #$%cking Unsafe Davi Ottenheimer Bladerunner was supposed to be science fiction. And yet here we are today with bots ...
Duck and (Re)Cover - The missing link in the security evolution Peter Lidell I talk about the disturbing notpetya outbreak that hit and crippled (almost) all of the ...
Reverse Engineering Mobile Apps: Never Pay for Transit Again Priyank Nigam What if I told you that there was an alarming number of security flaws in ...
Giving Credit Where It's Not Due: Visualizing Joker's Stash Ian Aliapoulios Deep and Dark Web “card shops” are the primary means through which criminals obtain card ...
China as a New Russia? Analyzing Similarities and Differences of Chinese Threat Actors from their Russian Counterparts Anne An Chinese underground cybercrime profits exceeded US$15.1 billion in 2017, while causing more than $13.3 billion ...
Ask the EFF Kurt Opsahl , Eva Galperin , Nathan Mckinney “Ask the EFF” will be a panel presentation and question-and-answer session with the Electronic Frontier ...
Loki: Add a little chaos to your USB drive Michael Rich If you’ve never thought USB devices could become even less trustworthy, then this is the ...
From EK to DEK: An Analysis of Modern Document Exploit Kits Joshua Reynolds Exploit Kits haven’t disappeared, they’ve simply moved to Microsoft Office. Traditional Exploit Kits (EKs) have ...
From email address to phone number Martin Vigo Email addresses are one of our most public piece of PII. We are comfortable sharing ...
Virtual Breakpoints for x86_64 Gregory Price Efficient, reliable trapping of execution in a program at the desired location is a linchpin ...
ROP with a 2nd Stack, or This Exploit is a Recursive Fibonacci Sequence Generator Nicholas Mosier While a Turing-complete set of ROP gadgets can easily be found in libc, many existing ...
At Your Service - Abusing the Service Workers Web API Daniel Shavit The Service Workers API is a modern web API that grants web developers advanced capabilities, ...
Singularity of Origin Gerald Meyer Do you want to know how you can exploit DNS rebinding 10x faster, bypass prevention ...
The Road to Hell is Paved with Bad Passwords Chris Kubecka Ever wonder what incident management is like when an embassy gets hacked by ISIS? Come ...
Prisoner Number Six Nimrod Lazarovitz In the 1968 television series, the Prisoner, a former British intelligence agent is imprisoned on ...
Excuse Me, Your Sword Is In My Eye: Responding to Red Teams and 'IRL' Threats in 2019 and Beyond Jeremy Galloway It’s almost 2020 and it’s time to reset how we think about the traditional “”phases ...
Escape the Questionnaire Quagmire: A thoughtful approach to addressing security inquiries from customers and prospects Katie Ledoux Effective third-party security risk management requires collecting a significant amount of information from vendors. That ...
Getting CVSS, NVD, and CVEs to Work for You: Standardizing and Scaling Your Vulnerability Risk Analysis Matthew Szczutowski Organizations are routinely required to present their risk and security posture to customers, management, and ...
Have You Distributed Randomness? Yolan Romailler In June 2019, the open-source drand project will be jointly announced by its developer, Nicolas, ...
CloudSec Rules Everything Around Me (C.R.E.A.M.) Kyle Dickinson When a company moves to the Cloud, the Security team will need to figure out ...
Meet the Nation This Week on Sunday: A Special Vulnerability Edition Tod Beardsley , Jen Ellis , Leonard Bailey , Colin Morgan Join us in the studio for rousing commentary, insightful observations, and witty banter as we ...
Breaking Smart [Bank] Statement Manuel Nader In Mexico it’s possible to send bank statements via standard email, anyhow the law requires ...
An investigation of the security of passwords derived from African languages Sibusiso Sishi There have been several studies on country based passwords by authors but there has been ...
Im)proper Database Authentication Mitch Wasson Most databases worth mentioning include authentication and authorization capabilities.However, devils emerge in the details when ...
Who dis? The Right Way To Authenticate Lakshmi Chandramouleeswaran In today’s ecosystem, verification of identity is no longer applicable just to the user; extending ...
Exploiting Windows Group Policy for Reconnaissance and Attack Darren Mar-elia In this talk, Group Policy expert Darren Mar-Elia (a.k.a. the GPOGUY) looks at Active Directory ...
Why can't we be friends? (Ask a Fed & the EFF.) Russell Opsahl Do you dance madly on the lip of the volcano regarding your own research, or ...
Security data science -- Getting the fundamentals right Richard Harang A data science team is now table stakes for most security operations, however data science ...
Is This Magikarp a Gyarados?: Using Machine Learning for Phishing Detection Veronica Weiss Sometimes, the link you clink on is harmless like a Magikarp using splash. However, sometimes ...
Old things are new again: efficient automatic signature generation for malware classification Hyrum Anderson Machine Learning models ostensibly offer excellent detection rates at low false positive rates for detecting ...
Reduce, Reuse and Recycle ML models - and the security powers is yours Ram Kumar This talk comprises two parts: How to reduce Alert fatigue in security analysts so as ...
Scheming with Machines: Using ML to Support Offensive Teams Will Landers Machine learning has already proven itself an extremely useful tool for blue teams and defensive ...
Birthday Hunting Jack Burgess Just looking at your logs is extremely unappealing for many security analysts. This leaves specialized ...
All that glitters isn't Chrome: Hunting for suspicious browser extensions Mike Sconzo Browser (Chrome) extensions can often be overlooked in an enterprise environment. They offer would-be attackers’ ...
Scratching the Surface of Risk Benjamin Baker With myriad threats facing organizations, eliminating all avenues for attack is impossible. Accepting this reality ...
CTFs for Fun and Profit: Playing Games to Build your Skills David Tomaschik Capture the Flag competitions (CTFs) have become quite popular among hackers and those in the ...
Hidden Networks Pivoting: Redefining DNS Rebinding Attack Nimrod Mosier Infiltrating into internal networks by targeting people into visiting malicious websites is still being used ...
Low & Slow - Techniques for DNS Data Exfiltration Dimitri Fousekis DNS Tunnels are fun for bypassing Wi-Fi restrictions and breaking out of networks. Today there ...
Windows 10 DFIR Challenges Andrew Case Microsoft has added a significant number of features to Windows 10 that affect the types ...
ATT&CKing Your Adversaries -- Operationalizing cyber intelligence in your own environment for better sleep and a safer tomorrow. Jamie Yoder Many organizations struggle with keeping track with the flood of information regarding threat actor groups, ...
Cyber Threat Intel & APTs 101 John Obenhaus This briefing quickly introduces the DoD Cyber Crime Center (DC3) and then gives into a ...
Musings of an Accidental CISO Brian Markham Picture it: Sicily, 1922. I’m reporting to a great CISO who gets an opportunity to ...
The Importance of Culture in Security Mike Murray Culture is a hot topic in today’s business climate. Many books have been written on ...
Hacking from Above: A Brief Guide for Transitioning to Leadership Joey Maresca Bad management is regularly one of the reasons cited for why people change jobs. Plenty ...
Noobs: Training the Next Generation of Security Engineers David Seidman The security industry complains about a lack of talented people, but most of our jobs ...
Startup Security Leadership: Lessons to Level Up from Fortune 100 to Tech Startup Ty Sbano Are you working in a mature enterprise security team, but have been exploring the idea ...
How to Treat Your Hacker (and Responsible Vulnerability Disclosure) Monta Elkins Imagine:Someone just called your organization’s switchboard (the only phone number they could find) and declared ...
Hacking the Pentagon: How a Rebel Alliance Shifts Culture to Protect National Security Brett Lieberman-berg Three years ago, a team of nerds at the Pentagon brought in hackers and launched ...
Certification and Labeling in IoT Richard Manning Nowhere is the interconnected relationship between technology and the home more evident than the rapidly ...
Real World Security in a Clinical Healthcare Environment: Hacking a Hospital Paul Dant Ransomware attacks and confidentiality breaches tend to make the news as it relates to healthcare ...
Why journalists and hackers need each other (a panel discussion with infosec reporters) Kim Zetter , Joseph Cox , Sean Lyngaas , Lily Hay Newman The press must translate complex digital security issues for the public, bringing a sense of ...
We the People: Providing for a 'common defence' with CVD Cameron Cornelius Most US federal agencies lack a formal mechanism to receive information from third-parties about potential ...
No IOUs with IOT Bryson Bort Mass Attack Campaign with Hands-on Webcam Exercise will teach participants about the IOT threat landscape ...
Hackers of the world - unite? Keren Elazari “Hackers of the world – unite?”We are taught there is strength in coming together, but, ...
Making your website vulnerable for fun and security awareness Kenny Jansson What if you could understand the consequence of a vulnerability in your web application before ...
Human Honeypots or: How I Learned to Stop Worrying and Love the Implant Nick Koch Over the years we have been increasingly been surrounded by technology. Some of us, particularly ...
The struggles of teaching automation Joe O'connell I want to talk about the struggles of teaching teammates how to learn python. Specifically ...
The SOC Counter ATT&CK Mathieu Saulnier How to leverage the Mitre ATT&CK Framework to improve your organization security posture and bring ...
The drunk colonel and the flipped stone: Game Theory for a Defensive Strategic Advantage Vanessa Redman Game Theory is a wide ranging subject with practical applications that we are beginning to ...
I’m a hunter! But what does that mean? Yasmine Johnston-ison The term “Threat Hunter” and “Threat Researcher” seem to be buzzing around these days. But ...
Breaking the Bodyguards Chrissy Morgan What do the front line protectors of this world need to be aware of when ...
Cover Your A** Suchi Pahi There is a lot of swirl (and some crappy documents online) about how to CYA ...
Cyber Deception after Detection: Safe observation environment using Software Defined Networking Toru Shimanaka Many cybersecurity textbooks dictate that we disconnect from the network when a compromised PC is ...
Deepfakes, Deep Trouble: Addressing Potential Market Manipulation Caused by Deepfakes Anna Skelton Deepfakes, or videos that utilize AI-based technology to create or alter content to misrepresent reality, ...
Baited Canaries - Monitoring attackers with active beacons Gregory Caswell Canary tokens are not a new idea, but are woefully underused. In this talk I ...
Securing Fast (and Furious) DevOps pipelines Abdessamad Temmar You are looking for a way to continuously check the security of your Web/Mobile application ...
Please inject me, a x64 code injection Alon Weinberg Malware authors are always looking for new ways to achieve code injection. By using such ...
Free and Fair Elections in an Internet Era Maurice Turner , Andre Nix From blockchain to ballot selfies, new technologies hold the promise of making voting easier and ...
Let's hear from the Hackers: What should DOJ do next? Leonard Bailey Do you ever wonder how you can influence the Department of Justice’s cybersecurity and law ...
Certification and Labeling for IoT Richard Manning Nowhere is the interconnected relationship between technology and the home more evident than the rapidly ...
Why we need a Cyber Peace Institute Eli Sugarman The more connected our world becomes, the more vigilant weshould be. We have a shared ...