What is BSides?
BSides Las Vegas is an Information / Security conference that’s different. We’re a 100% volunteer organized event, put on by and for the community, and we truly strive to keep information free.
There is no charge to the public to attend BSidesLV. Our costs are covered by our generous donors and sponsors, who share our vision of free dissemination of information. The conversations are getting more potent and the “TALK AT YOU” conferences are starting to realize they have to change. BSidesLV is making this happen by shaking-up the format.
The next big thing
Presenters at our conference are engaging our participants and getting the discussions started on the “Next Big Thing”, not preaching at you from the podium about last month’s news.
With tracks as diverse as “Common Ground”, focusing on non-tech issues of importance to the community, “Underground”, our Off-The-Record series that lets you delve deeper into the subjects that are better-off discussed Away-From-Keys, behind closed doors, and “Proving Ground”, our mentorship program for first-time presenters, YOU are the reason for this new era of Information Sharing and Teamwork.
Raising the bar for security
The BSides community has continuously raised the bar and put the INFO back in INFOSEC. We thank each and every member/attendee/organizer of this community for their hard work, sweat, and relentless pursuit of High Quality information
We also have to give a HUGE amount of thanks to our generous sponsors and donors that have the foresight to give without strings attached, year after year, and PROVE to the community that we are all in this together. In concert, the members, sponsors and donors have allowed for us all to get together and make moves to change InfoSec…. one chat, speech, laugh, and/or drink at a time.
With some of the most passionate and influential infosec practitioners from around the country, and the world, coming to Vegas, BSidesLV is the place to be. The mix ranges from “down in the trenches” engineers, to business leaders, thought leaders, and executive decision makers of all stripes.
BSIDES LAS VEGAS 2015 – UNDERGROUND WI-FI HACKING FOR WEB PENTESTERS
There is an ever-increasing trend with Internet Service Providers of all sizes providing open wireless hotspots nationwide, many of which are bridged off of existing customers personal access points and others are made available through restaurants, hotels, and other businesses. Many of these guest networks have recently spurred discussion within the security community over the insecurity of open access points in general and the ethics of their deployment methods. The talk will cover the many gaping insecurities of wireless hotspots and dive in to how these can be leveraged to attack clients, gain free Internet access, hijack accounts, steal sensitive information, and more. This will progress into how web penetration testers can leverage their existing skill-sets to design, build, and deploy malicious targeted access points. All of the attacks that will be demonstrated live during the talk can be deployed on various platforms, making it easy for the audience to reproduce regardless of hardware available.
BSIDES LAS VEGAS 2015 – #RADBIOS: WIRELESS NETWORKING WITH AUDIO
Wireless comms nearly always focus on the EM spectrum- RF, microwave, even laser. But what about sound? Motivated by Dragos’s badBIOS work, richo sat down to reimplement a subset of the original capabilities at a high level in userland. Having already produced the Groundstation framework for distributed communications, the next logical step was to produce an audio bridge, the result of which is that nodes with working sound hardware can communicate structured data when physically proxmiate, without any other shared state.
BSIDES LAS VEGAS 2015 – I AMATEUR RADIO (AND SO CAN YOU!)
Ham radio: it’s the 100 year-old technology that refuses to die. Whether you’re a wireless enthusiast, electronics tinkerer, or just someone who wants to be able to communicate during the zombie apocalypse, having a ham radio license can open a new world of possibilities for any hacker. Come learn how and where to get your license, what you can expect to study, how you can work radio into your everyday hacking, and anything else you ever wanted to know about ham radio but were afraid to ask.
BSIDES LAS VEGAS 2015 – HOW TO WCTF
Russell Handorf, Russell_Handorf III, Russell Handorf II
Ever wanted to compete in the Wireless Capture the Flag but didn’t know if you were up to it? Compete every con and want to up your game? Come learn the tips and tricks from the designers of the true to life simulated pen-test Wireless Capture the Flag.
BSIDES LAS VEGAS 2015 – BETTER SPECTRUM MONITORING WITH SOFTWARE DEFINED RADIO
Many of the current crop of SDR platforms support a very wide range of operating frequencies covering more than a GHz of bandwidth, but most users of those platforms find themselves looking at waterfall displays showing a few MHz at most. Let’s look at how we can use SDR to monitor activity over several GHz of spectrum and visualize the results over both short and long periods of time.
BSIDES LAS VEGAS 2015 – SOFTWARE-DEFINED RADIO SIGNAL PROCESSING WITH A $5 MICROCONTROLLER.
Can you do useful software-defined radio work without hauling around your monster Core i7 laptop? Yes! I’ll discuss the signal processing tricks I employed in my PortaPack for the HackRF One.
BSIDES LAS VEGAS 2015 – ALL YOUR RFZ ARE BELONG TO ME – SOFTWARE DEFINED RADIO EXPLOITS
SDR can be used to accomplish a many varied thing in the wireless world, from plotting air traffic in realtime, to contacting old NASA space probes, and reverse engineering restaurant pager protocols. In this talk I’ll review some interesting and unusual radio systems, and show how you can interact with them using open source software and cheap hardware. Of particular interest is security: wireless systems (consumer, corporate, government, amateur) are widely deployed and often vulnerable. Some of the areas to be covered include: decoding existing, and creating your own, First Person View video from drones, radio spectrum monitoring and signal detection, visualising multipath propagation using digital TV transmissions, and vehicular proximity smart keys.
Balint Seeber – A software engineer by training, Balint is a perpetual hacker, the Director of Vulnerability Research at Bastille Networks, and guy behind spench.net . His passion is Software Defined Radio and discovering all that can be decoded from the ether, as well as extracting interesting information from lesser-known data sources and visualising them in novel ways. When not receiving electromagnetic radiation, he likes to develop interactive web apps for presenting spatial data. Originally from Australia, he moved to the United States in 2012 to pursue his love of SDR as the Applications Specialist and SDR Evangelist at Ettus Research.
BSIDES LAS VEGAS 2015 – INJECTION ON STEROIDS: CODE-LESS CODE INJECTIONS AND 0-DAY TECHNIQUES
We expose additional new user- and kernel-mode injection techniques. One of these techniques we’ve coined as “code-less code injection” since, as opposed to other known injection techniques, does not require adding code to the injected process. We also reveal an additional kernel-mode code injection which is a variation to the technique used by the AVs. However, as we demonstrate, malwares can actually simplify this process.
BSIDES LAS VEGAS 2015 – GETTING THE DATA OUT USING SOCIAL MEDIA
You’ve made it into the network – but can you get data out? Today’s Internet provides a dazzling array of legitimate upload sites to hide your traffic in – Twitter, Flickr, SoundCloud, YouTube, Dropbox, and more – but each channel requires a different tool or custom code, and endless troubleshooting. Sneaky-creeper is a new open source framework for exfiltrating (or infiltrating) data using any of the backchannels the Internet provides, with a minimum of effort. Modules are easy to create and share, enabling covert communications over more channels than ever before.
BSIDES LAS VEGAS 2015 – AN INTRODUCTION OF THE KOBRA, A CLIENT FOR …
Kobra is a kernel level client that provides mitigation against malware by blocking access to USB devices, preventing process forking, and blocking access to disk.
BSIDES LAS VEGAS 2015 – NSA PLAYSET: BRIDGING THE AIRGAP WITHOUT RADIOS
This talk introduces a new entrant into the NSA Playset: BLINKERCOUGH. BLINKERCOUGH is a C&C and data-exfiltration implant embedded in a seemingly innocuous cable. It uses optical means to jump the air-gap, having zero radio footprint. BLINKERCOUGH can be used in radio monitored or radio-denied settings.
BSIDES LAS VEGAS 2015 – YOUR ELECTRONIC DEVICE, PLEASE: UNDERSTANDING THE BORDER SEARCH EXCEPTION & ELECTRONIC DEVICES
Border searches are an exception to the Fourth Amendment’s warrant requirement. The border search exception allows government officials to search, review, copy, and detain cell phones, computers, and other electronic devices at the border without a warrant, probable cause, or any suspicion. In early 2013, the Ninth Circuit reviewed the issue of whether or not any type of suspicion was required at the border, and unlike previous courts, held reasonable suspicion is needed to conduct a forensic examination of electronic storage devices when entering the United States. This standard is currently the most protective in the U.S. This talk will discuss searches of electronic devices at the U.S. Border as well as the recent developments since the Ninth Circuit case. Specifically, it will examine the United States Supreme Court’s denial of the petition for Certiorari and the Supreme Court’s ruling in Riley v. California, narrowing another exception to the warrant requirement with regards to the search of electronic devices. Riley held that the police cannot search a cell phone seized incidental to the arrest of an individual without a warrant. This talk will help answer the question, ‘What is the potential impact of this decision on the future of searches of electronic devices at the border?’
BSIDES LAS VEGAS 2015 – WHYMI SO SEXY? WMI ATTACKS, REAL-TIME DEFENSE, AND ADVANCED FORENSIC ANALYSIS
Windows Management Instrumentation (WMI) is a remote management framework that enables the collection of host information, execution of code, and provides an eventing system that can respond to operating system events in real time. FireEye has recently seen a surge in attacker use of WMI to carry out objectives such as system reconnaissance, remote code execution, persistence, lateral movement, covert data storage, and VM detection. Defenders and forensicators have largely remained unaware of the value of WMI due to its relative obscurity and completely undocumented file format. After extensive reverse engineering, our team has documented the WMI repository file format in detail, developed libraries to parse it, and formed a methodology for finding evil in the repository. In this talk, we will take a deep dive into the architecture of WMI, reveal a case study in attacker use of WMI in the wild, describe WMI attack mitigation strategies, show how to mine its repository for forensic artifacts, and demonstrate how to detect attacker activity in real-time by tapping into the WMI eventing system. By the end of this talk, we will have convinced the audience that WMI is a valuable asset not just for system administrators and attackers, but equally so for defenders and forensic analysts.
BSIDES LAS VEGAS 2015 – TAPIOCA (TAPIOCA AUTOMATED PROCESSING FOR IOC ANALYSIS)
These days, many security groups want to become ‘intel shops,” and threat intelligence is all the rage. An intel shop should ingest intel, analyze indicators, and pivot from correlated data. However, few understand how to begin the transition. How IS this accomplished? MAGIC, DAMNIT. Then again, if you’re not the slight of hand kind of guy or gal, we have an answer for you. Check behind your ear, and you’ll find a dollop of TAPIOCA! In this talk, we will present our process for analyzing Indicators of Compromise (IOCs) at scale, correlating information from multiple sources, and pivoting to obtain information from deep within the bowels of our global network. We’ll talk about the technical challenges we have addressed in applying automated analysis to terabytes of data every day. We will also discuss the next-steps for this analysis, including applying machine learning techniques to help further classify our data. We are also releasing our automated IOC vetting tool, TAPIOCA (TAPIOCA Automated Processing for IOC Analysis), to help other security groups begin processing and benefiting from threat intelligence.
BSIDES LAS VEGAS 2015 – BUILDING AN EMPIRE WITH POWERSHELL
Offensive PowerShell had a watershed year in 2014. But despite the multitude of useful projects, many pentesters still struggle to integrate PowerShell into their engagements in a secure manner. The Empire project aims to solve the weaponization problem by providing a robust PowerShell post-exploitation agent built on cryptologically-secure communications and a flexible architecture. Empire implements the ability to run PowerShell agents without needing powershell.exe, rapidly deployable post-exploitation modules ranging from key loggers to Mimikatz, and adaptable communications to evade network detection, all wrapped up in a usability-focused framework. This is the post-exploitation agent you’ve been waiting for.
BSIDES LAS VEGAS 2015 – REMOTE ACCESS, THE APT
ThruGlassXfer (TGXf) is a new and exciting technique to exfiltrate files from a computer through the screen. This presentation looks at a number of covert screen and keyboard infiltration and exfiltration techniques in an enterprise off-shoring context.
BSIDES LAS VEGAS 2015 – CRASH THE IOT TRAIN YOURSELF: INTENTIONALLY VULNERABLE WRT (IV-WRT)
This presentation will discuss the previously-unreleased firmware distribution called “Intentionally Vulnerable WRT (IV-WRT)”. IoT, or more accurately embedded device, security is a train wreck. IV-WRT is an attempt at bringing vulnerabilities to light which exist inside of firmware on embedded systems. While IoT encompasses many more technologies, the crux of the issue is the (in)security of the devices themselves. While the vulnerabilities themselves are not unknown, the repercussions of said vulnerabilities on embedded systems are often overlooked, and the risk (or “So What?”) is lost. Now you can experience these vulnerabilities for yourself, first hand.
BSIDES LAS VEGAS 2015 – BARELY LEGAL: THE HACKER’S GUIDE TO CYBERSECURITY LEGISLATION
Cybersecurity is a hot topic in DC, and everyone is building an agenda on it. That’s only going to increase as more high profile breaches and vulnerabilities hit the headlines, and technology becomes more pervasive in our lives. This legislation impacts our community, and as experts in a field that is complex and often misunderstood, we have an important role to play in educating law makers and helping them reach positive outcomes, and mitigate negative ones. This talk will provide an overview of the legislative landscape for cybersecurity, and investigatd how it really affects our industry and community. We will cover current proposals likely to pass, as well as law that is already impacting the security community, such as the CFAA and DMCA. We will also discuss how you can get involved.
BSIDES LAS VEGAS 2015 – PENTESTING WITH DOCKER
Docker allows us to run processes in ‘isolated’ containers. Logically, we can think of containers synonymously to VM’s, but they’re very different. Docker allows us to create reproducible and sharable images, which can then run anywhere. No more dependencies, no more clutter. Finally your host OS can stay clean. This talk will provide an overview of Docker, how to build and run your own images, how to share data and network services across containers and with your host, and how I use it to run all my tools (Including BurpSuite). Lots of demos, very few slides.
BSIDES LAS VEGAS 2015 – DON’T HATE THE DISCLOSURE, HATE THE VULNERABILITY: HOW THE …
Good information security policy requires addressing a myriad of complicated, inter-related issues, while still adhering to the Hippocratic principle of ‘First, Do No Harm.’ Rather than new regulation, one approach is to bring those that understand the issues and have a stake in the game together to find common ground. This talk will present the US Department of Commerce’s new initiative on vulnerability research disclosure, and explain the multistakeholder process that builds on community experience to build trust between security researchers and software and system vendors. The goals are to identify and promote common principles and best practices that all parties agree will promote We’ll translate DC buzzwords, and ask for your feedback on how we can make this process better.
BSIDES LAS VEGAS 2015 – HOW PORTAL CAN CHANGE YOUR SECURITY FOREVER
When used correctly gamification can be one of the most effective tools for changing behavior on a large scale, but it requires more than just designing a few digital merit badges for taking security training. In this talk Kati Rodzon will discuss how games like Portal and Candy Crush were able to make millions and how those same techniques can be used to change security as we know it.
BSIDES LAS VEGAS 2015 – ANGLER LURKING IN THE DOMAIN SHADOWS
A new technique has been discovered being leveraged by Angler Exploit Kit in the wild. This technique, domain shadowing, involves using hacked registrant accounts to create subdomains. This is the next evolution in evasion techniques for hackers and takes advantage of the fact that most people don’t log in to their accounts except to renew or make a change. This allows attackers to evade traditional blacklisting technologies easily increasing the attack window. The talk will discuss the scope and details of this new technique as well as cover both the potential detection challenges and solutions.
BSIDES LAS VEGAS 2015 – A HACKERS GUIDE TO USING THE YUBIKEY – HOW TO ADD INEXPENSIVE 2-FACTOR AUTHENTICATION TO YOUR NEXT PROJECT.
The YubiKey is a small, relatively inexpensive, USB hardware crypto token that can be used for 2-factor authentication and to generate One Time Passwords. The infrastructure to support it is all open source, and the OTP validation code can be made very lightweight and embeddable. My purpose in proposing this talk is to make the hacking community aware of it in an effort to lower the barrier for using One Time Passwords, and to help foster open source 2 factor authentication.
BSIDES LAS VEGAS 2015 – HAKING THE NEXT GENERATION
Kids are wired to learn. They are learning while they are playing, so why not give them an environment where they can play while they are learning. A combination of a speaking track, workshops, and an open area of stations complementing each other enables the attendees to expand and enlighten their technical interests. For innovation to perpetuate, it’s imperative that today’s young users are exposed to the bigger picture of how we got here and to help realize their potential. You can come learn more about how Hak4Kidz is making a difference and how you can potentially organize a Hak4Kidz in your local city.
BSIDES LAS VEGAS 2015 – BACKDOORING MS OFFICE DOCUMENTS WITH SECRET MASTER KEYS
Recent MS Office documents are normally encrypted very strongly, making them difficult to brute force. However, there are techniques an attacker can use to secretly backdoor these encrypted documents to make them trivial to decrypt. Cloud environments may be more dangerous than thought as it is not possible for users to confirm the security of their encryption and it would be easy for cloud providers (or advanced attackers with access to those cloud providers) to backdoor encryption in undetectable ways. I believe that this is a serious problem that the security industry needs to consider.
BSIDES LAS VEGAS 2015 – YES, YOU TOO CAN PERFORM DARING ACTS OF LIVE ACQUISITION.
In this talk D0n Quix0te will discuss scripting of common Windows forensics utilities for Live Acquisition. D0n will also introduce an Open Source project aimed at creating a framework for scripting Live Acquisition tools.
BSIDES LAS VEGAS 2015 – RETHINK, REPURPOSE, REUSE… RAIN HELL
What Hacker doesn’t like james bond type gadgets? Like the all in one, one in all tool that can get you out of (or into) all sorts of jams, and is just plain cool to tinker with. Like Glitch from reboot! Well chances are you have several already at your fingertips, there are countless out there with more powerful ones arriving daily. The pace at which new wireless devices are released is blistering fast, leaving many perfectly good “legacy” devices around for testing. This talk will walk you through and further the discussion of modding these devices with readily available tools to quickly turn them into mobile hack platforms. Think PwnPad but without the $900 price tag. Going into whats worth your time and what’s not. The possibilities are there if you so choose! Need all the power of your desktop or maybe just a few specific tools? Whatever your aim, this talk will point it further in the right direction
BSIDES LAS VEGAS 2015 – ADVERSARY INTELLIGENCE FROM CONFLICT TO CONSENSUS
Alex Valdevia & Rich Barger
BSIDES LAS VEGAS 2015 – WHY DOES INFOSEC PLAY BASS? AND OTHER OBSERVATIONS ABOUT HACKER CULTURE.
Shortly after I was convinced to join Twitter and get engaged with the security community, I started noticing patterns with the people I was meeting. Namely, I noticed that many were also musicians and that the vast majority played the electric bass. As a bass player myself, I understand that the general rule is, if you show up to an open-mic blues jam, you’ll get to play bass all night, and the guitarists will be relieved that none of them have to ‘do bass duty’. I became fascinated with how this pattern seems to reverse in the infosec/hacker community and started to see parallels between security and this particular instrument. I plan to share my research, ideas and theories that I’ve collected on my journey to understand this strange anomaly and look forward to hearing more.
BSIDES LAS VEGAS 2015 – VERUM – HOW SKYNET STARTED AS A CONTEXT GRAPH
Now that we’ve all seen an ‘intelligence’ stream, we can safely say it’s not doing much. Rather than provide the statistical evidence of just how much it’s not doing, this talk will discuss how to combine intelligence data with other data sources to answer questions such as ‘Is this new IP not in my intelligence data malicious?’ and ‘Is this domain admin evil or just misguided?’
BSIDES LAS VEGAS 2015 – WHEN STEGANOGRAPHY STOPS BEING COOL
The art and science of concealing stuff inside other stuff is what we know as steganography. People have used it for ages to keep adversaries from looking at their secret information. In this presentation, we look specifically at malware writers and how they are using steganography to hide malicious data in strange places.
BSIDES LAS VEGAS 2015 – ANALOGUE NETWORK SECURITY
In 1973, the Bell-Lapadula security model was introduced and is fundamentally still how security is implemented: with static fortress mentality, In 1987, the U.S. Department of Defense published the Red Book; the Network Interpretation of the lauded Orange Book that set forth many of the principles for information security. The results were, essentially, ‘we have no earthly idea how to secure a network’. Today, we now assume our networks are ‘P0wn3d’ – already infiltrated by hostiles. We ‘know’ that by adding more technology, our security problems will go away. We think of ‘the network’ as a single ‘thing’ and attempt to protect it as such. It isn’t and we can’t. TCP/IP. It was just an experiment. Today, it is the inter-infrastructural foundation of civilization. The internet of things is adding so-called intelligence to some 50+ billion endpoints. Where’s the security? Or privacy? Massive new projects using next generation, smarter, faster ways of doing the same old stuff all over again is the ultimate deja vu epic fail of security. Is this any way to run a business? Or a planet? I hope to offer a corrective view. Analogue Network Security. Geeky. Interdisciplinary. Exciting, emerging security model to fix our woes. Finally, three Memes for your consideration. 1. ROOT is the root of all cyber-evil. 2. Passwords will be the downfall of us all. The game is really about IdM. 3. Security requires a single, interdisciplinary metric for the cyber, physical and human domains. C’mon, 50 years of practice and we’re still…? Well, screw it. You’ll see. I have a few ideas.
BSIDES LAS VEGAS 2015 – CREMA: A LANGSEC-INSPIRED LANGUAGE
We discuss the potential for significant reduction in the size and complexity of verification tasks for input-handling software when such software is constructed according to LangSec principles, i.e., is designed as a recognizer for a particular language of valid inputs and is compiled for a suitably limited computational model no stronger than needed for the recognition task. We will demo Crema, an open-source programming language and restricted execution environment of sub-Turing power.
BSIDES LAS VEGAS 2015 – MAKING & BREAKING MACHINE LEARNING ANOMALY DETECTORS IN REAL LIFE
Machine learning techniques used in network intrusion detection are susceptible to ‘model poisoning’ by attackers. We dissect this attack and analyze some proposals for how to circumvent these attacks, then consider specific use cases of how machine learning and anomaly detection can be used in the web security context.
BSIDES LAS VEGAS 2015 – HAVE I SEEN YOU BEFORE?
Logs! Packets! NetFlow! So much data but yet we struggle to wade through the volumes of information being captured. There’s visual analysis, ‘behavioral’ analysis, and security analytics (whatever that means). This talk isn’t going to wade in on those topics. We simply set out to demonstrate an effective means to answer these simple questions (at lightning speeds): Has this happened before? Or more simply, show me what new things are happening. Is it common or rare for this to happen?
BSIDES LAS VEGAS 2015 – WHO WATCHES THE WATCHERS? METRICS FOR SECURITY STRATEGY
Security Metrics are often about the performance of information security professionals – tranditional ones are centered around vulnerability close rates, timelines, or criticality ratings. But how does one measure if those metrics are the rights ones? How does one measure risk reduction, or how sucecssful your metrics program is at operationalizing that which is necessary to prevent a breach?
BSIDES LAS VEGAS 2015 – NO MORE FUDGE FACTORS AND MADE-UP SHIT: PERFORMANCE NUMBERS THAT MEAN SOMETHING
This session presents a credible and powerful method to estimate an aggregate performance index from a grab bag of ground-truth metrics and evidence, even if the ground truth data are messy. Several case studies will be demonstrated: Vendor Risk Assessment, Vulnerability Management, and Security Operations. Excel and R+Shiny tools will be released
BSIDES LAS VEGAS 2015 – ADVANCING INTERNET SECURITY RESEARCH WITH BIG DATA AND GRAPH DATABASES
The OpenDNS IntelDB is a graph database system that captures and stores all security-related data for the entire organization. In addition to providing valuable data such as whitelisting and threat attribution, this system is the foundation for the next generation of security research at OpenDNS. The presentation will give a brief overview of the system and then focus on how it has influenced security research at OpenDNS.
BSIDES LAS VEGAS 2015 – INTRO TO DATA SCIENCE FOR SECURITY
In this workshop, students will learn basics of data science as they apply to analyzing common security-related data. Prediction & forecasting, anomaly detection, interaction graph analysis, and clustering will be demonstrated as tools for incident response, forensics, and planning.
BSIDES LAS VEGAS 2015 – IATC TRACK INTRODUCTION AND OVERVIEW
We will provide a brief overview of I Am The Cavalry, as well as outline the day’s activities. Participants who have yet to be introduced to the initiative will be; those who are very familiar will be updated on activities and progress over the last year. And we will describe the vision for the day’s activities. Even if you miss this first session, you can join for any of the others.