BSidesCharm 2015

Reg Opens at 8:30am! No Walk-ins, everyone must have a ticket

Saturday Talks

TimeSlot Track 1 Track 2
09:45 AM - 09:55 AM Opening Streamed from Track 1
10:00 AM - 10:55 AM Keynote
Dr. Kryptia
Keynote
Streamed from Track 1
11:00 AM - 11:25 AM Red vs Blue:
Modern Active Directory Attacks & Defense
Sean Metcalf
Point, Click, Score
Rick Forno
11:30 AM - 11:55 AM When CTFs Attack!
Building a better training environment
Skyler Onken & Rock Stevens
12:00 PM - 12:55 PM Lunch Break
01:00 PM - 01:55 PM Project KidHack
Teaching Kids (and even some adults)
Security through Gaming
Grecs
You might be organizing your data wrong,
and you know it.
Nathan Shanks
02:00 PM - 02:55 PM Quantum Computing
Tess Schrodinger
Bug Bounty Hunters: Lessons From Darth Vader
Jake Kouns, CISO. Risk Based Security
03:00 PM - 03:55 PM Running Away From Security
Micah Hoffman
Incident Response Decisions
Make the Right Decisions Beforehand
Matt Harvey
04:00 PM - 04:55 PM Confessions of a Malware Hunter
Tony Robinson (@da_667)
Hashtag hacking: How to pwn social media
Zack Allen, Chris Cullison
05:00 PM - 05:55 PM Keynote
Dave Marcus
Keynote
Streamed from Track 1
06:00 PM - 06:55 PM Dinner Break
08:00 PM - 02:00 AM or later Party Time

Sunday Talks

TimeSlot Track 1 Track 2
10:00 AM - 10:55 AM Keynote
Ron Gula
Keynote
Streamed from Track 1
11:00 AM - 11:55 AM Mass hunting/exploitation operations with Powershell
Jordan Abernathy
HardenedBSD
Shawn Webb
12:00 PM - 12:55 PM Lunch Break
01:00 PM - 01:55 PM Quick Win Industry Agnostic Dashboards
Craig Bowser
Automating Incident Response Data Gathering
@brianjmoran
02:00 PM - 02:55 PM On The Radare
An Introduction To The Radare2
Reverse Engineering Framework
Peter Clemenko III, @aoighost
Evolution of Attacks
Case Study of Targeted Attacks
Jared Myers
03:00 PM - 03:55 PM MACE - Malware Analysis in a Controlled Environment
Mr. Mike Kobett
InfoSec Hunters and Gatherers
Primal Security @PrimalSec
04:00 PM - 04:55 PM Closing Streamed from Track 1

Training Schedule

Day Training 1 Training 2
Saturday
10:00 AM - 06:00 PM
Exploiting Buffer Overflows 101
Kyle Hanslovan & John Ferrell
Advanced Web Exploitation Kung Fu
Abhishek Sahni
Sunday
11:00 AM - 04:30 PM
Social Engineering like a Boss
@securemaryland
Small Office/Home Office (SOHO) Router Hacking Workshop
Independent Security Evaluators (ISE)

Other Stuff

Lab A Lab C Room 1 Room 2
Sponsor Room Hackers for Charity
and
Lock Pick Village
Wifi CTF BlackFin CTF

Red vs Blue: Modern Active Directory Attacks & Defense

Sean MetCalf
Saturday 11:00 AM - 11:55 AM

Summary: While Kerberos "Golden Tickets" and "Silver Tickets" received a lot of press in the second half of 2014, there hasn't been much detail provided on how exactly they work, why they are successful, and how to mitigate them (other than: "don't get pwned"). Kerberos expertise is not required. I walk through how Active Directory (AD) leverages Kerberos for authentication identifying the areas useful for attack. Information presented is useful for both Red Team & Blue Team members.

This talk covers the latest attack vectors surrounding Kerberos Golden & Silver Tickets and MS14-068 exploitation. I describe how and why modern Kerberos attacks work, how to mitigate them, and how to detect their use. Since all of these involve forging Kerberos tickets, there are some interesting artifacts that can be identified. Yes, despite what you may have read, there are ways to detect Golden & Silver Ticket usage!
I provide key indicators which can be used to identify Kerberos attacks on your network.

I walk through the "AD Attacker's Playbook" which describes how an attacker goes from compromising an Active Directory user account to becoming a full Domain Admin (DA). Once the attacker has DA rights, what's next?

Some of the topics covered:
- Easy recon with PowerShell to identify potential targets (SQL, CMS, Exchange, FIM, webservers, etc.)
- Exploiting weak service account passwords as a regular user in AD
- Using Silver Tickets for stealthy persistence that won't be detected (until now).

Bio: Sean Metcalf is the Chief Technology Officer at DAn Solutions, a company that provides Microsoft platform engineering and security expertise. Mr. Metcalf is one of about 100 people in the world who holds the elite Microsoft Certified Master Directory Services (MCM) certification. Furthermore, he assisted Microsoft develop the Microsoft Certified Master Directory Services certification program for Windows Server 2012. Mr. Metcalf has provided Active Directory and security expertise to government, corporate, and educational entities since Active Directory was released. He currently provides security consulting services to customers with large Active Directory environments and regularly posts useful Active Directory security information on his blog, ADSecurity.org.
Follow him on twitter @PyroTek3

Point, Click, Score

Rick Forno
Saturday 11:00 AM - 11:25 AM

Summary: Cyber Challenges such as CyberPatriot, CCDC, or the local Maryland Cyber Challenge are popular interscholastic events for high school and college students to develop and test their IT and security capabilities. Participating in these events often involves months of preparation, training, and planning -- with the goal of winning cash, prizes, and resume-building bragging rights for college applications.
Aimed particularly at high school teachers and students (but others are welcome to attend & learn) this session will discuss what is necessary to build and maintain a scholastic cyber competition team in an era of endless possibilities but limited resources. Topics covered include training and education requirements for students, organizational issues for coaches/teachers/principals, and then how to put it all into practice successfully. In particular, this session will touch on lessons learned/observed from four years of overseeing the Maryland Cyber Challenge with the hopes of informing current and future teams how to be successful in this (and other) events, wherever they may be held.

Bio: Dr. Rick Forno directs UMBC's Graduate Cybersecurity Program, serves as the Assistant Director of UMBC's Center for Cybersecurity, and is a Junior Affiliate Scholar at the Stanford Law School's Center for Internet and Society (CIS). His twenty-year career spans the government, military, and private sector, including helping build a formal cybersecurity program for the US House of Representatives, serving as the first Chief Security Officer for the InterNIC, and co-founding the Maryland Cyber Challenge. Rick was also one of the early researchers on the subject of "information warfare" and he remains a longtime commentator on the influence of Internet technology upon society.

When CTFs Attack! Building a better training environment

Skyler Onken & Rock Stevens
Saturday 11:30 AM - 11:55 AM

Summary: The IT industry utilizes capture-the-flag (CTF) competitions to assess, evaluate and train employees or potential hires. This construct has proven valuable by providing outreach to previously untouched populations, a quantitative measure of an individual's capabilities, and a catalyst for training. But tactics taught by "pen test puppy mills" such as aggressive scans of entire subnets followed by automated attacks are no longer acceptable.
We have developed a new construct to CTFs and provide tools to assist implementers. We propose that CTFs should reward finesse and an in-depth understanding of underlying technologies while brutally punishing haphazard practices. Our construct outlines how the competition should react to the participant by introducing categories of mitigation, detection, attribution, and retribution. Participants will find themselves being assessed on their check-collect-clean procedures as well as their ability to gain access. With theses dimensions, competitors will find exponential benefits for good practices and encourage the development of innovative techniques. As a result, the penetration testing industry will raise the quality of work to better reflect the more advanced threats. As an additional benefit, blue team components will assess their skills against the most dangerous threats out there.

Bio: Skyler Onken has worked in the IT industry for 10 years. His background is in development and web application security. Currently he is an officer in the US Army. He is also a project lead for OWASP.

Rock Stevens began working in IT as an under-paid network administrator at the age of 15. He was traumatized by the movie "Office Space" and decided to join the Army to jump out of planes and serve his country. He is currently a Company Commander within US Cyber Command"s National Mission Force and helps build training environments in his spare time.

Project KidHack - Teaching Kids (and even some adults) Security through Gaming

Grecs
Saturday 01:00 PM - 01:55 PM

Summary: Wanna teach your kid to be a hacker but don't know where to start? Security is a fairly complex topic but games offer the best way for kids to learn the basics. This presentation not only reviews a sample of existing games that teach security fundamentals to a younger audience but also discusses a new crowdsourced project to catalog similar fun and entertaining ways to teach kids security. This project could help spur interest in later university and other programs and potentially a career ... or at least make our children a more security-conscience adult in whatever field they choose.

Bio: Grecs has almost two decades of experience, undergraduate and graduate engineering degrees, and a really well known security certification. Despite his formal training, grecs has always been more of a CS person at heart going back to his VIC-20, Commodore 64, and high school computer club days. After doing the IT grind for five years, he discovered his love of infosec and has been pursuing this career ever since. Currently, he spends his days improving and architecting SOC solutions. At night he runs a local infosec website and tries to get some hands-on skillz.

You might be organizing your data wrong, and you know it.

Nathan Shanks
Saturday 01:00 PM - 01:55 PM

Summary: This talk covers how to better organize your traditional log collection platform. Its focused on categorizing and classifying ingest-able data. Using free and open source software you scan scale from hundreds of events per second to hundreds of thousand using a simple straight forward approach.

Bio: President and founder of netAura an engineering analytic firm. netAura supports accounts such as Symantec, Apple, Freddie Mac and other blue chip firms doing security consulting for the mid to large cap firms. 40% of our business is government designing and building IT monitoring platforms. netAura is also the creator and supporter of ParseMarket.com - a market for parsers -
Personally
10 year IT Architect in the integrator arena
6 year Security analyst and architect for Symantec
2 year Director of Federal for Qualys

General data nerd with a passion for discovery and analytics.

Quantum Computing

Tess Schrodinger
Saturday 02:00 PM - 02:55 PM

Summary: We have all probably heard at one point or another that quantum computing would render current encryption standards as we know them obsolete. Intrigued by this assertion, I set about to understand why. This presentation will cover the very basics of classical versus quantum physics to include key concepts in the field, a "not too technical" introduction to quantum computing, and an explanation of quantum key cryptography as well as those trying to hack and secure it.

Bio: Tess is an INFOSEC noob who almost got her undergrad degree in physics. She began her college experience as a physics major but veered off into forensic science, lollygagged in law enforcement for a spell, and then made the transition into "national security". A chance client requirement waterboarded her with Chapter 8 of the NISPOM and she survived to come full circle, marrying her years of security experience with her original passion for science and technology.

Bug Bounty Hunters: Lessons From Darth Vader

Jake Kouns, CISO. Risk Based Security
Saturday 02:00 PM - 02:55 PM

Summary: Darth Vader was a ruthless leader and considered by many to be one of the all-time greatest villains. But in fairness to Lord Vader, he set clear expectations for his staff, expected results, and was an early adopter when it came to the usage of bounty hunters to accomplish goals when his internal team wasn"t effective. The security industry, IT professionals, and developers have been failing for several decades by writing insecure code, not providing practical solutions, and generally failing the public. Yet, for some reason we have yet to be force-choked out of the industry. Lord Vader would find the lack of results disturbing.

This talk will discuss Lord Vader"s management tactics and how they can be applied to security teams today when implementing a bug bounty program. Further, the talk will provide analysis of aggregated vulnerability bounty information over the past several years as well as some profound insights on security researchers, quality of research, vendor disposition, disclosure trends, and the value of security vulnerabilities. Finally, it will cover what constitutes a solid bounty program as well as provide some thought-provoking insight that will lead to serious discussion about the state of bug bounties and the associated bounty hunters. Are they in fact living up to the hype of being an amazing resource for software security? Or will we realize that Admiral Piett was correct in what he said to Darth Vader; "Bounty Hunters. We don't need that scum."

Bio: Jake Kouns is the CISO for Risk Based Security and the CEO of the Open Security Foundation, that oversees the operations of the Open Sourced Vulnerability Database (OSVDB.org). Mr. Kouns has presented at many well-known security conferences including Black Hat, RSA, DEF CON, DerbyCon, CISO Executive Summit, FIRST, CanSecWest, SOURCE and SyScan. He has briefed the DHS and Pentagon on Cyber Liability Insurance issues and is frequently interviewed by the media. Mr. Kouns is the co-author of the book Information Technology Risk Management in Enterprise Environments, Wiley, 2010 and The Chief Information Security Officer, IT Governance, 2011. He holds both a Bachelor of Business Administration and a Master of Business Administration with a concentration in Information Security from James Madison University.

Running Away From Security

Micah Hoffman
Saturday 03:00 PM - 03:55 PM

Summary: Now more than ever people are tracking and quantifying their lives. We wear wristbands that track our sleep and our activity. We enter our workouts and eating habits into web applications. We share details about our lives with the world. At what point are we sharing too much data? Are the privacy restrictions on these exercise-tracking web apps adequate to protect our data?
This talk will show some of the weaknesses in these applications and how, using Open Source Intelligence (OSINT) techniques, anyone around the world can use this information to discover revealing data about our lives and our work.

Bio: Micah Hoffman has been working in the information technology field since 1998 supporting federal government, commercial, and internal customers in their searches to discover and quantify information security weaknesses within their organizations. He leverages years of hands-on, real-world penetration testing and incident response experience to provide unique solutions to his customers.
Micah is an active member in the NoVAHackers group, has written Recon-ng and Nmap testing tool modules and enjoys tackling issues with the Python scripting language. When not working, teaching, or learning, Micah can be found hiking or backpacking on Appalachian Trail or the many park trails in Maryland.
Catch him on Twitter @WebBreacher.

Incident Response Decisions: Make the Right Decisions Beforehand

Matt Harvey
Saturday 03:00 PM - 03:55 PM

Summary: Good incident response requires smart decisions made in a timely fashion. Yet under the pressure of an active intrusion, decision-making is often rushed, panicked, or paralyzed. The secret to making smart decisions under pressure is not to make any! All your key decisions should have already been made well ahead of time when the pressure is off and everyone is thinking clearly. This session will show how to transform your incident response plan from a vague outline of options to a detailed game plan that will guide you through your next big incident.

Bio: Matthew Harvey has fifteen years of IT industry experience across a wide variety of roles. With Anchor Technologies, he performs security assessments, incident response, and penetration tests for mid-sized firms in the mid-Atlantic region. Prior to joining Anchor he worked for Booz Allen Hamilton, providing security monitoring and incident response services for government and commercial clients in the defense, energy, and financial sectors as well as conducting cutting-edge research for government clients. Matthew also served as an Army officer in the infantry and military intelligence fields for a total of 12 years. Matthew earned his Master's degree in Computer Systems Management from the University of Maryland University College. He holds the GCIH, GPEN, GREM, and GCFA certifications as well as the CISSP and CEH designations. Matthew is an experienced consultant, trainer, and presenter; he specializes in making complex technical topics clear and compelling for all audiences.

Confessions of a Malware Hunter

Tony Robinson (@da_667)
Saturday 04:00 PM - 04:55 PM

Summary: I am a Senior Security Analyst for a fortune 1xx company who has been given a huge degree of freedom to 'hunt', 'research' and share knowledge as I see fit. Come see talk about interesting malware campaigns I have seen over the past year, and how you too can become an "amateur" malware hunter

Bio: I am a Senior Security Analyst for a large for 1xx who happens to enjoy NSM, and malware hunting. My twitter feed doubles as a threat intel platform for many. I've also been labeled a social media threat by a large AV company.

Hashtag hacking: How to pwn social media

Zack Allen, Chris Cullison
Saturday 04:00 PM - 04:55 PM

Summary: 1 in 4 people actively use social media today and the number is projected to hit 1 in 3 by 2017. Social media has made a major impact to the Internet landscape for almost a decade now. Due to its popularity and accessibility for the novice user, it has been used as a hot new launch pad for cyber criminals. This presentation identifies the necessity of social media to the business and enterprise, provides a cost analysis for attackers who leverage these platforms, and offers insight into known attacks we have found in our research trying to battle these criminals.

Bio: Chris Cullison and Zack Allen of ZeroFOX work together to help defend the social media aspect of an organization's security posture. Chris is CTO of ZeroFOX and Zack is lead security engineer for the organization. This group has worked with enterprise, academia and government, spoken at conferences and been published in academic journals in areas of enterprise security, offensive security, cryptography and privacy.

Mass hunting/exploitation operations with Powershell

Jordan Abernathy
Sunday 11:00 AM - 11:55 AM

Summary: Jordan will explain how Powershell can be used to conduct large scale hunting operations or mass exploitation. The presentation will cover:

0. What Powershell is and why you should use it more for hunting or exploitation.
1. Configuring Powershell in a Domain environment.
2. Conducting hunting reconnaissance with Powershell.
3. Demonstrating how the same principle applies to exploitation using native commands or the Veil framework.

Bio: Jordan Abernathy – Is the Director of Defensive Operations for CompSec Direct with 8 years’ experience in the public sector, with a specialization in incident response dealing with Windows domain environments. Jordan spends his free time developing new techniques in tracking and defeating insider threats in large and complex environments.

HardenedBSD

Shawn Webb
Sunday 11:00 AM - 11:55 AM

Summary: HardenedBSD officially launched in August of 2014. The HardenedBSD developers have been working hard to bring expert security features to FreeBSD. This presentation introduces HardenedBSD to the world, giving detailed insight to what makes HardenedBSD unique.

Bio: Shawn Webb is a Security Engineer for a company in Annapolis Junction, MD. He cofounded the HardenedBSD project. He specializes in secure development practices. Along with starting his own opensource projects, he has contributed to FreeBSD, ClamAV, and others. Shawn started learning how to program at age ten. His first BSD was FreeBSD, introduced to him by fellow hackers when he was 15. He instantly fell in love with it and has contributed back to the project. He currently maintains a tool called libhijack for patching processes in runtime. He recently ported libhijack to FreeBSD/amd64.

Quick Win Industry Agnostic Dashboards

Craig Bowser
Sunday 01:00 PM - 01:55 PM

Summary: Dashboards are a critical capability of a Security Information Event Monitor (SIEM) as they are able to display the near real time status of the health, operational availability, security posture and compliance level of networks of all sizes. While there are numerous papers, blog posts and examples of dashboards that provide deep insights, specific security alerts or complicated compliance metrics for your network, I wanted to create a list of dashboards that provided a solid starting point for Security Operation Centers to use when they installed their first SIEM. The ten suggested Quick Win Industry Agnostic Dashboards on this list were chosen because of their ease of implementation and ability to use simple graphics to quickly give SOC personnel an initial view into the security posture of a network.

Bio: Craig Bowser is an Infosec professional with 15 years of experience in the field. He has worked as a Information Security Manager, Security Engineer, Security Analyst and Information System Security Officer in DoD, DOJ and Dept of Energy areas. He has some letters that mean something to HR departments. He is a Christian, Father, Husband, Geek, Scout Leader who enjoys woodworking, sci-fi fantasy, home networking, tinkering with electronics, reading, and hiking. And he has a to do list that is longer the time to do slots that are open.

Automating Incident Response Data Gathering

@BrianJMoran
Sunday 01:00 PM - 01:55 PM

Summary: The Live Response Collection is a open-source, freely available set of tools that allows seasoned incident response veterans as well as non-tech savvy employees the ability to gather data from a variety of operating systems after a cyber security incident, with the primary focus being on various flavors of the Windows operating system

Bio: Brian is a digital forensic analyst currently residing in the Baltimore, Maryland area. He has approximately 15 years of experience in the cyber security field, with 10 of those years focusing on digital forensics/incident response (DFIR), both in the United States Air Force and the private sector. His initial exposure to the DFIR field occurred during a 6 month deployment to Mosul, Iraq in 2004-2005, when he served on a team that provided mobile device analytic information in support of tactical military operations. During his tenure in the Air Force, he has worked with numerous DoD entities and been invited to speak and share information at several intelligence community events. After his military service ended he entered the private sector and has worked (globally) on a wide range of cases. His favorite aspect of this career field is that it is always changing and evolving and every case has unique problems, questions, and solutions.

On The Radare
An Introduction To The Radare2 Reverse Engineering Framework

Peter Clemenko III, @aoighost
Sunday 02:00 PM - 02:55 PM

Summary: This talk will give a brief introduction to the open source Radare2 reverse engineering framework. Radare 2 is an open source framework for reverse engineering that follows the Unix philosophy. This talk will include basic architecture and operation, as well as an overview of running through some basic crackmes for the audience to see how the framework works.

Bio: Peter Clemenko III is a student at Wilmington University in his final semester. He has specialties in password cracking and forensics, and is currently getting in to reverse engineering and exploit development.

Evolution of Attacks: Case Study of Targeted Attacks

Jared Myers
Sunday 02:00 PM - 02:55 PM

Summary: This talk covers a brief overview of the evolution of targeted attacks, and provides a technical look at a targeted attack from August of 2014. The talk will cover methods, from a tool agnostic perspective, how to hunt for and investigate targeted attacks

Bio: Jared Myers is aConsultant for the RSA Security Incident Response/Discovery (IR/D) Practice. In this capacity, Jared is responsible for delivering holistic incident response services using state of the art host and network based technologies. Using these technologies, combined with advanced methodologies, Jared is able to assist clients obtain situational awareness and rapidly identify threats as part of tactical response to intrusions involving sophisticated adversaries that target intellectual property and other critically sensitive data. Jared focuses on researching and investigating multifaceted network intrusions and analyzing complex malware sets.

MACE - Malware Analysis in a Controlled Environment

Mr. Mike Kobett
Sunday 03:00 PM - 03:55 PM

Summary: Malware analysis is a skill that is sought after by corporations and government agencies. This is because malware is now, and will be, a major threat to the cyber industry. So, how does someone gain real hands-on experience in malware analysis, but protect their systems from infection?
During my session I will demonstrate how to use various software packages, most of which are free, in a protected virtual environment which can be used to analyze samples of malware, but avoid the majority of risks associate with learning the skill. Anyone associated with cyber security will benefit from attending this demonstration.

Bio: Michael Kobett is senior technical instructor for the Defense Cyber Investigations Training Academy (DCITA) in Linthicum, Maryland and is currently assigned to the Network Intrusions Track. Mr. Kobett is also an adjunct faculty member for The University of Maryland University College (UMUC) - Cyber Security Division. While teaching at UMUC, Mr. Kobett has taught classes that prepare students for the: Comptia Network+ certification, Comptia Security+ Certification, and EC-Council's Certified Ethical Hacker certification.

InfoSec Hunters and Gatherers

Primal Security @PrimalSec
Sunday 03:00 PM - 03:55 PM

Summary: InfoSec Hunters and Gathers will cover how to leverage automated tools to be the "Gather", and how to go beyond the automated tool to find what is commonly missed and be the "Hunter". This talk will explore common problems faced in both defensive and offensive security roles and how and when to write your own scripts and tools. This talk will focus heavily on manual analysis techniques, Bash Scripting, and Python Scripting. You will be inspired to go beyond automated tools, stop relying on Nessus scan output, Snort alerts, etc. to either find vulnerabilities or bad guys.

Bio: Andrew McNicol (@primalsec, job1n on freenode) is a shellcode slinging, Python junkie who is currently the lead for a web application penetration testing team and mentor for the SANS institute. Previously, he worked on an incident response team focusing on malware analysis and network forensics. He is always looking for new Python tricks or new ways to gain code execution on remote systems. He is one of the founders and lead authors of Primal Security Podcast, focusing on Python scripting, exploit development, and CLI Kung Fu. Andrew holds numerous technical security qualifications, most notably Offensive Security Certified Expert (OSCE), and Offensive Security Certified Professional (OSCP).
Email: andrew@primalsecurity.net
Zack Meyers (@b3armunch) is a business guy that then became a motivated infosec geek by starting his work in IT as a continuous monitoring vulnerability analyst. Shortly afterward he found an interest in offensive security work and strived to be at his current position as a web application pentester. Today he is always looking to learn about new techniques and tools that can help him identify his next big win towards exploiting a customer's web server. He is a member of Primal Security and currently holds several security certifications including CISSP, GWAPT, GCIH, etc.

Exploiting Buffers Overflows 101

Kyle Hanslovan & John Ferrell
Saturday 10:00 AM - 06:00 PM

Summary: So you've heard about exploitation but don't know where to start? Well this class is for you!

With hacking now a mainstream topic, it's no wonder why interest in cyber security is at an all time high. Unfortunately for the new blood, the InfoSec community is inundated with advanced exploitation training geared towards industry veterans. To buck the status quo, we've focused back on the basics and offer an introductory course in binary exploitation. We recommend this course to students with a background in Computer Science (basic familiarity with C/ASM/Python programming, memory management, and debuggers). However, InfoSec enthusiasts of all levels are welcome to attend and use our training aides to help minimize the learning curve.

Exploiting Buffer Overflows 101 starts with lab setup and a survey to gage our audience's level of proficiency. Once complete, we teach a primer on memory allocation, the stack, registers, and buffer overflow vulnerabilities. Afterwards, we walk through hands on labs which feature applications suffering from locally and remotely exploitable vulnerabilities. Each lab grows in difficulty while building student confidence and understanding of this bug genre. To maximize each student's opportunity to successfully "land" their first exploit, security mitigations like DEP and ASLR are not enabled.

Please come with a laptop capable of running two VMs in Virtual Box (40GB free disk space and 4GB RAM). Software, VMs, and training material are provided.

Bio: Kyle Hanslovan is a Security Researcher and InfoSec veteran with 15 years of offensive and defensive experience under his belt. In his 9-to-5, he is a partner and co-founder at StrategicIO and specializes in developing offensive security capabilities for the US Intelligence, Military, and Law Enforcement communities. He is also a Cyberspace Operator at the 175th Network Warfare Squadron in the Maryland Air National Guard. In his free time, Kyle enjoys participating in Capture the Flag hacking competitions (DEFCON 20 CTF winner) and mentoring students in STEM.

John Ferrell is the Co-Founder and Chief Technology Officer of StrategicIO. With his vast background in cyber operations, risk assessment, and defensive threat mitigation, he leads an elite team of analysts, engineers, and developers to support some of the US Government's most sensitive missions. John is also an avid member of the Capture the Flag community where he has competed several times at DEFCON CTF Finals (DEFCON 20 CTF winner).

To make things easier, we've created a landing page which fully lists the class outline, prerequisites, and material requirements. Check it out

Advanced Web Exploitation Kung Fu

Abhishek Sahni
Saturday 10:00 AM - 06:00 PM

Summary: There is a lot more in modern day web exploitation than the good old alert("xss") and union select. Take your exploitation skills to next level by learning serialization attacks, bypassing hard WAF's, creating stealthiest backdoors in the applications you compromise and chaining vulnerabilities. Find your 0days and write your exploits. Complete training will be hands on based on the challenges faced in real life exploitation.

Bio: Abhishek Sahni has seven years of experience in web application penetration testing. He had reported security vulnerabilities to yahoo and AOL. Abhishek had conducted successful security trainings on various topics for government agencies in India and abroad. He had performed many web application penetration tests and faced really challenging scenarios and found methods to overcome them. Marco is an expert penetration tester and programmer. As he had performed several penetration tests for clients on complex web applications he has a good knowledge of developing custom reliable tools and exploits according to the requirement during pentests. In free time Marco enjoys coding complex, realistic and interesting web hacking labs for training the ASL IT Security's pentesting team.

Social Engineering Like a Boss

@SecureMaryland
Sunday 11:00 AM - 04:30 PM

Summary: The talk will over 2 items -
1. An overview of why social engineering (SE) is successful - in other words why corporations killing all the user training a company can put forward.
2. A look at the tools of the trade to make SE so much easier - to include how to create a successful campaign/template. Come with no SE skills and leave SEing like a boss.

Bio: @securemaryland - Raymond Gabler
Computer Security Engineer with over 20 years of cyber security experience. Work multiple jobs to include: Security Architect at a large computer consulting company, owner of my own cyber security firm, teacher, mentor. Member of UAS and TEHC local Maryland organizations.
I hold a CISSP, CRISC, C|CISO, CISM and ITIL fundamental certifications. I have spoken at past conferences to include Derbycon, and BSides DE.

Small Office/Home Office (SOHO) Router Hacking Workshop

Independent Security Evaluators (ISE)
Sunday 11:00 AM - 04:00 PM

Summary: This workshop emphasizes the "how to" aspect of application security and exploit development. Attendees will be provided with sample binaries for exercises that will be conducted during the workshop, and access to a lab of networked routers where newly learned skills can be applied.
1. Attendees will learn how to discover, exploit, and mitigate vulnerabilities found in network-based equipment. This workshop will focus on exploiting vulnerabilities in routers, but the methodologies presented are applicable to other hardware platforms as well.
2. Attendees will become acquainted with with numerous types application and web application vulnerabilities

Bio: Founded in 2005 out of the PhD program at the elite Johns Hopkins' Information Security Institute, ISE is a sophisticated security consulting firm dedicated to aggressive defense strategies through advanced science. This select team of hackers, computer scientists, reverse engineers, and cryptographers utilizes a unique perspective typically perpetrated by the adversary.
ISE is most commonly recognized for being the first company to exploit the iPhone that garnered international attention. Other high profile compromises include ExxonMobil SpeedPass, Texas Instruments RFID, Diebold eVoting Machines, and numerous others. ISE's most recent research discovered systemic issues in SOHO routers and web browsers.

Wifi CTF

WCTF Team of Wifi Village

The BSidesCharm Wireless Capture the Flag (WCTF) is a trip through the useable RF spectrum. Challenges will involve all of the physics and RF theory that we have all come to love so much. You will be using tools like the RTL-SDR, HackRF, BladeRF, your cell phone, and various 802.11 radios. Although not all are necessary to compete, they will help. The WCTF can be completed with experience ranging from a little knowledge to a pen-tester's capability, and $40 to $4000 worth of equipment. Regardless of what you bring, the key is to read the clues and determine the goal of each step. We teach along the way, so if you are a N00b, we will help you learn strategies to get you to competition level. This year we maintain certain aspects of past WCTFs but are also introducing new challenges. For example, as in past WCTFs, you will need to sit for a while and hack at crypto and break into networks. But, unlike past WCTFs, you need to break out your war-walking shoes because you will be tracking and finding hidden nodes and possibly even remote sites -- and not all of them will be WiFi. We will also be holding the very popular, RF Signal Drinking Game. There will be clues everywhere, and we will provide periodic updates so make sure you pay attention to what's happening at the WCTF Control Center, on Twitter, the interwebz, etc.
If you have a question - ASK, and we will determine if we will answer.
FLAGS:
Flags will range from transmissions in the spectrum to pass-phrases used to gain access to wireless access points. Once you capture the flag, submit it right away because some flags are worth more points the sooner they are submitted (e.g., timed challenges) and others will be awarded negative points (e.g., false flags). Offense and defense are fully in play by the participants, the WCTF organizers, and the Con itself.

LINKS:
Check out our websites for tools, what you need, and what to do. Enjoy your journey.

Blackfin CTF

Blackfin Security

The Blackfin Security CTF is a scenario based CTF modeled after an Insider attack at a Pharmaceutical research company. As the insider, players must use multiple offensive security techniques to obtain sensitive documents that will hurt the company. Players will navigate the company network, traversing web applications, linux, and windows systems. The scenario starts off approachable to novice InfoSec professionals and increases in difficulty throughout the game. Hints are available to those who need them. Players should bring their own laptop running their own tools (Kali linux is recommended). Further details and rules will be made available at the time of participation.

Blackfin Security helps effectively educate and train employees through On-Demand Technical Security Training, Security Awareness Training, and a Phishing Simulation and Training Platform. Blackfin Security solutions are purpose-built around the concept of creating a more secure enterprise through training activities involving employees at all levels.