BSides Las Vegas 2022 Aug. 9, 2022 to Aug. 10, 2022, Las Vegas, LV

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
#SBOM is here: making progress (not excuses) Allan Friedman , Adam Kojak , Katie Gates None I Am The Cavalry
A Tale of Two Malware Families - Overcoming Anti-Forensics and Foiling Botnets in the Cloud Matt Muir With a sustained migration to the cloud and widening attack surface, organisations are more susceptible ... Breaking Ground
Adding DAST to CI/CD, Without Losing Any Friends WORKSHOP Tanya Br Everyone wants to put tests into the release pipeline, but no one wants to wait ... Training Ground
All Things FIDO (Panel + Q&A) Tim Cappalli , Andrew Shikiar , Christiaan Thorsheim None PasswordsCon
Ask a Fed Andrew Buel Q&A with an FBI Agent. This track was previously hosted by Russ Handorf. The purpose ... Underground
Ask the EFF Kurt Opsahl , Andrés Arrieta , Hannah Zhao , Bill Rathi “Ask the EFF” will be a panel presentation and question-and-answer session with the Electronic Frontier ... Underground
Attack Flow: From Data Points to Data Paths Gabriel Bassett The answer to your security problems is locked in data stored in red team reports, ... Ground Truth
Back to Basics: Using Descriptive Statistics to Study the Shape of the Internet Emily Austin AI and machine learning have been widely applied to various problems in the security domain, ... Ground Truth
Beyond logs and time series: observability for security & privacy Am Walker In recent years, the concept of “observability” has rapidly gained in popularity in the SRE ... Breaking Ground
Building Security Automation Using Jupyter Notebooks Joe Schottman Security Orchestration, Automation, and Response (SOAR) is sweeping SOCs and helping reduce workload and increase ... Training Ground
Busting Biases in Infosec Jack Hatwick Biases are vulnerabilities in our brains. Our minds serve as pattern seeking biomachines telling us ... Common Ground
CICD security: A new eldorado (talk) Remi Escourrou , Xavier Sebaux CI/CD pipelines are increasingly becoming part of the standard infrastructure within dev teams and with ... Ground Floor
CICD security: A new eldorado (training) Remi Escourrou , Xavier Sebaux CI/CD pipelines are increasingly becoming part of the standard infrastructure within dev teams and with ... Training Ground
Can a password management service safely learn about users’ passwords? Jeffrey P Goldberg Abstract will be written later, but the is talk an early exploration of whether differential ... PasswordsCon
Clean Forensics: Analyzing network traffic of vacuum bots Karan Dwivedi Have you ever wondered how vacuum bots work under the hood? How safe is your ... Ground Floor
Climbing the Production Mountain: Practical CI/CD Attacks Using CI/CD Goat Omer Greenholts To date, well-known attack scenarios like moving laterally in the domain or network to obtain ... Ground Floor
Code Dependency: Chinese APTs in Software Supply Chain Attacks Cheryl Biswas In their current drive for innovation and cloud migration, organizations increasingly rely on software development ... Ground Floor
Comparing Centrally and Locally Verified Memorized Secrets Jim Fenton Secrets memorized by the user (passwords, passphrases, PINs, etc.) can be verified centrally or used ... PasswordsCon
Cookie Monster: Exfiltrating Data and More, Byte by Tasty Byte Eric Whitehorn-gillam A seasoned infrastructure professional and a web developer walk into a red team engagement. The ... Breaking Ground
Cracking passwords for good, bad & commercial purposes: second thoughts on password cracking Per Thorsheim Who am I to speak? I’ve been cracking passwords for more than two decades, privately ... PasswordsCon
Detecting Log4J on a global scale using collaborative security Klaus Agnoletti Utilizing collaborative security to collect data on attacks we were able to detect Log4J in ... Breaking Ground
Everything I know about prototype pollutions: how to react when confronted to a brand new vulnerability Vladimir De Turckheim In 2018, I received a report about an attack vector I never heard of. It ... Breaking Ground
Failing Upwards: How to Rise in Cybersecurity by finding (and exploiting) your weaknesses Wes G Sheppard One day as an sysadmin I was asked to just Hire Ground
Find your north star Steve Winterfeld This talk will cover what kinds of job categories match your skills and temperament. Then ... Hire Ground
Follow the Rabbit It’s Malware What happens when you’re a malware author and have bad OPSEC? You get exposed, that’s ... Underground
Fragilience - The quantum state of survivable resilience in a world of fragile indifference Chris Hoff We’ve arrived at the latest iteration of a buzzword’s return as a term of art ... Breaking Ground
From Vulnerability to CTF Ron Bowes What happens when you find vulnerabilities by day, and write capture the flag challenges by ... Ground Floor
GPT-3 and me: How supercomputer-scale neural network models apply to defensive cybersecurity problems Joshua Lee A key lesson of recent deep learning successes is that as we scale neural networks, ... Ground Truth
Hacking Remote Interviewing: Lessons Learned Will Baggett Iii Finding a remote Infosec position can be daunting but there are some factors completely within ... Hire Ground
Honey, I’m Home! (Customizing honeypots for fun and !profit) Kat Fitzgerald Honeypots AND live demos all in one place? Yes, why YES I tell you! Oh ... Common Ground
How to Succeed as a Freelance Pentester Michael Lisi Have you ever thought about what it would take to work as a freelance penetration ... Proving Ground
How to Win Over Executives and Hack the Board Alyssa Miller Stop me if you’ve heard these before (or maybe you’ve said them yourself), “Management just ... Common Ground
I got an alert, now what? Kellon Benson New alert hits, is this a threat that could take down your infrastructure? You’ve got ... Ground Floor
I know…But I Have a System Cecilie Wian None PasswordsCon
I’m a Little Bit (FedRAMP) Country, I’m a Little Bit SOC2 ‘n Roll Shea Everette Since its introduction in 2011, the Federal Risk and Authorization Management Program (FedRAMP) has been ... Common Ground
ICS Security Assessments 101 or How da Fox I Test Dis? Yael Basurto We have seen many ICS attacks both in the news and in several talks at ... I Am The Cavalry
Injectyll-HIDe: Hardware Implants at Scale Jonathan Miller Enterprises today are shifting away from dedicated workstations, and moving to flexible workspaces with shared ... Breaking Ground
It was a million to one shot, Doc. Million to one’ – Lessons learned while modeling rare catastrophic cyber loss events Russell Vos For many years, the InfoSec community has been skeptical about the feasibility of estimating cyber ... Ground Truth
Lessons Learned from the CISA COVID Task Force & Healthcare Attacks Kendra Holko The session will explore Lessons Learned from the Pandemic, and the work of the CISA ... I Am The Cavalry
Long Overdue: Making InfoSec Better Through Library Science Tracy Z Maleeff Libraries and archives are thought to have existed back to the year 3000 B.C. In ... Ground Truth
Look! The scammer is coming! The peculiarities of Brazilian frauds, hackers creativity, and their resilience Cybelle Oliveira What comes to your mind when you think about Brazil? Probably Carnival, caipirinha, summer…. However, ... Ground Floor
M33t the Press: CyberSafety Got Real… Now What? Lily H Newman , Joe Smalley So much “cyber” news has been measured in dollars & data… and many of the ... I Am The Cavalry
Malware Analysis - Red Team Edition Uriel Kosayev In this talk and technical deep-dive analysis, we will present the importance of malware analysis ... Ground Floor
Management Hacking 101: Leading High Performance Teams Tom Eston Have you been recently promoted (willingly or unwillingly) into a leadership role within your organization? ... Hire Ground
Model Robustness Isn’t Security Sven Cattell There are a lot of ML security companies selling tools to make your model robust, ... Ground Truth
Oauth third party not departing Gadi Rosenblum This talk is about persistent infections with OAuth third-party apps connected to business SaaS platforms. ... Proving Ground
Parsing Differential Problem Cher Boon Sim As microservices have become a prevailing trend in the current software engineering landscape, it is ... Ground Floor
Passkeys: Where we started and where we’re going Christiaan J Br You’ve most likely heard of FIDO and WebAuthn, but have you heard of passkeys? Passkeys ... PasswordsCon
Password surveys are shit! Per Thorsheim Asking “How many passwords do you have” is not the same as asking “how many ... PasswordsCon
Penetration Testing Experience and How to Get It Phillip Wylie There are many resources to learn how to become a pentester but the lack of ... Hire Ground
Protecting Against Breached Credentials in Identity Workflows Mathew Woodyard Breached credentials are the root of many of the most common identity-based attacks. This talk ... PasswordsCon
Proving Ground Prep/Signups Mouse Darkstar None Proving Ground
Prowler Open Source Cloud Security: A Deep Dive Workshop Toni Garcia Whether you are a long time Prowler user or if you are just getting started, ... Training Ground
Putting Driver Signature Enforcement Tampering to Rest?! Omri Misgav Code Integrity is a threat protection feature first introduced by Microsoft over 15 years ago. ... Breaking Ground
Ransomware Emulation Done Right Shreyas Jones Ransomeware is one for the most prevalent cyber security threat. Information Security Teams require to ... Breaking Ground
Repurposing Vulnerability Tickets to Predict Severity Levels: An Introduction to Natural Language Processing and Classification Algorithms Brittany Bahk The process of manually determining severity levels for detected vulnerabilities is susceptible to inaccuracy and ... Ground Truth
Reverse engineering a DOS PC FMV Game from 1994 Andrew Lewton A interesting look at how things don’t always go to plan during the development of ... Proving Ground
Rivers on Fire; Shaping the next phase of the mission Joshua Woods For 9 years, we’ve been an empathetic, helping hand, and catalyst for cybersafety - wherever ... I Am The Cavalry
Russian Malware in the Ukraine War Chris Kubecka Ukraine has been hit with wave upon wave of malware by Russia. During the build ... Common Ground
SBOM challenges and how to fix them! Hossein Shiralkar Today’s modern software services are built on top of open source libraries, and this makes ... Common Ground
STUFF is on Fire - a Panel David Batz This session will discuss observations and concerns from subject matter experts across several different disciplines ... I Am The Cavalry
Scaling the Security Researcher to Eliminate OSS Vulnerabilities Once and For All Jonathan Way Hundreds of thousands of human hours are invested every year finding common security vulnerabilities with ... Breaking Ground
Secrets of the Second Factor: Threat Hunting with Multi Factor Authentication Susan Paskey This isn’t the typical talk convincing you to setup 2 Factor Authentication (2FA), as if ... PasswordsCon
Secure IT Operations, or, How to Shoehorn Security into a Small/Medium Business Carl Hertz What should be considered when starting up a security program at a small to medium ... Common Ground
Security AI in the real world: Lessons learned from building practical machine learning systems deployed to hundreds of thousands of networks Joshua D Saxe Machine learning has become indispensable in modern cybersecurity, but knowledge of how to build security ... Ground Truth
See you later, allocator!’: Updating Volatility’s analysis of modern Linux memory allocators Daniel A Donze Memory forensics, which is the recreation of system state through the analysis of physical memory ... Breaking Ground
So Who’s Line Is It Anyway? (A Recruiter Panel) Kirsten Rides Conversations with recruiters are always challenging. What do you say? What do they say? Who ... Hire Ground
So You Wanta Build a C2? Idigitalflame There seems to a handful of different C2 solutions to use out there, but have ... Breaking Ground
Solid Tradecraft for Cryptomarket Drug Trafficking Lawrence Fox A review of common DEA and Law Enforcement attacks against cryptomarket narcotic vendors. The talk ... Proving Ground
Speeding Up AWS IAM Least Privileges with Cloudsplaining, Elastic Stack & AWS Access Analyzer Rodrigo Montoro There are two main problems at Cloud Security World: IAM Permissions & Control Plane Misconfigurations. Training Ground
Target Rich Cyber Poor Don Millar None I Am The Cavalry
That Escalated Quickly: A System for Alert Prioritization Ben U Gelman At any moment, tens of thousands of analysts within security operations centers (SOCs) inspect security ... Ground Truth
The Exclave Experience: Relocating To ‘Almost Canada’ Robert “tprophet” Walker One day, I was working remotely from my small house in a neighborhood I didn’t ... PasswordsCon
The Hip Hacker’s Guide to Policy. Leonard Bailey , Jack Ellis Executive Orders, new laws, and sanctions, oh my! With widespread disruption caused by ransomware attacks ... I Am The Cavalry
The Northern Virginia Shuffle: Lateral Movement and other Creative Steps Attackers Take in AWS Cloud Environments and how to detect them. Felipe A Pr0teus Attackers do not always land close to their objectives (data to steal). Consequently, they often ... Breaking Ground
The One With The Foreign Wordlist Dimitri Crane Many of us crack passwords daily as part of our work, hobbies and research. We ... PasswordsCon
The Technical Trap Josh Snyder Have you had this conversation when discussing a potential candidate? “That person is great, but ... Common Ground
Tomb Raider - Automating Data Recovery and Digital Forensics Blue Hephaestus Data Recovery and Digital Forensics can be an extremely time consuming process, leading to expensive ... Ground Floor
Trust Me, I’m a Robot: Can we trust RPA with our most guarded secrets? Nimrod Coppenhagen Robotic Process Automation (RPA) is one of the hottest technologies in the industry today, rapidly ... Common Ground
Understanding, Abusing and Monitoring AWS AppStream 2.0 Rodrigo Montoro Amazon Web Services (AWS) is a complex ecosystem with hundreds of different services. In the ... Common Ground
Watching the Watchers: Exploiting Vulnerable Monitoring Solutions Rock H Security teams cannot be the weak link. You are trusted to protect networks and systems, ... Breaking Ground
We’re not from the government, but we’re here to help them help you Ray Ogee We have learned many things from the last few years, but one thing is for ... I Am The Cavalry
Weaponizing Your Fitness Tracker Against You: Health, Fitness, & Location Tracking in a Post-Roe World Wendy Knox Everette Many women wear fitness trackers, use period tracking software, and geo tag photos on their ... Common Ground
Weeding Out Living-off-the-land Attacks at Scale Adarsh Berlin LOLBins (living off the land binaries) are executable files that are already present in the ... Ground Truth
When DevSecOps Fails Tanya Janca DevSecOps has become the ultimate marketing buzzword, and is often suggested as a silver bullet ... Ground Floor
Whose encryption key is this? It’s a secret to everybody. David Lorimor Imagine the critical moment where you need logs written to an S3 bucket, but you ... Common Ground
Why kidz couldn’t care less about your password advice. Mia L , Sem , Mia Sem For kids & teens to use social media and play games, they often have to ... PasswordsCon
Your Passwords Should Be Shorter Jeremy Brown If you’re reading this, I bet you use a password manager - and your autogenerated ... PasswordsCon
Zero Days should not be a fire drill Steve Lauro On the way to work when you hear there is a new Log4j, solarwinds or ... Ground Floor
bscrypt - A Cache Hard Password Hash Steve Thomas This talk will cover the different types of key stretching algorithms (“password hashing”). The differences ... PasswordsCon