BSidesSF: Full Schedule

8:00am PDT

Venue Open/Registration

Sunday April 19, 2015 8:00am - 6:00pm PDT
OpenDNS

9:00am PDT

Breakfast

Sunday April 19, 2015 9:00am - 10:00am PDT
OpenDNS

Meal

10:00am PDT

Stick a Pin in Certificate Pinning: How to Inspect Mobile Traffic and Stop Data Exfiltration

With the rise of encrypted traffic, more and more companies are deploying SSL inspection platforms to decrypt SSL. Unfortunately, these companies quickly discover that they cannot decrypt all traffic, particularly communications to mobile apps that use certificate pinning.

What is certificate pinning? It’s a method of preventing Man in the Middle (MitM) attacks by validating server certificates against known, approved certificates or hashes that are bundled with the application. Many mobile applications today, including Twitter, Facebook, and Square, use certificate pinning to detect forged SSL certificates and prevent unauthorized snooping. While this improves user privacy, it also exposes a gaping hole in corporate defenses.
Why? Because malicious insiders can use mobile apps like Facebook to share confidential data. Malware can communicate and distribute stolen data and credentials through mobile applications. Researchers have even discovered bots that receive command and control center directives from illicit Twitter accounts. As a result, organizations should inspect traffic from mobile applications.

During this presentation, we will propose a way to allow employees to access their favorite mobile applications, while still ensuring that all traffic is inspected for data loss and attacks. With mobile app virtualization, organizations can host mobile apps on centralized servers and monitor file uploads and user activity. The end user experience is nearly identical to native application access.

Attend this session to learn how attackers and insiders can use certificate pinning to bypass security controls. Understand trends in cryptography and the implications for IT security.

Speakers

Gopal Jayaraman

Gopal Jayaraman is the CEO and co-founder of Sierraware. He established Sierraware with the goal to supply rock-solid and full-featured virtualization and security software to equipment manufacturers all over the world. Prior to Sierraware, Gopal was a Senior Software Architect at... Read More →

Sunday April 19, 2015 10:00am - 11:00am PDT
OpenDNS

Track One

10:00am PDT

Critical Infrastructure: The Cloud loves me, The Cloud loves me not.

Interdependency between public cloud services and critical infrastructure are both hard and soft. Will this cross domain technology flirtation lead to long term relationships or fatal attractions? We examine case studies supporting both scenarios and their complex conundrums – if everything is critical, perhaps nothing is critical? How much security is enough security?

Speakers

bryan owen

security office, OSIsoft now part of Aveva

Bryan Owen is the cyber security manager for OSIsoft LLC (www.osisoft.com) – a software company located in San Leandro, CA that builds systems for monitoring real time information principally of heavy industrial facilities and critical infrastructure providers.OSIsoft has since... Read More →

Sunday April 19, 2015 10:00am - 11:00am PDT
OpenDNS

Track Two, Track Two

10:00am PDT

Ally Skills Workshop

Frustrated with sexism in our community but not sure what to do about it? The Ally Skills workshop is aimed at teaching folks who want to learn how to be supportive of women in their community tactics and strategies to make things better. Through scenarios ranging from subtle interpersonal sexism to dealing with outright harassment, this workshop will give you the ability to intervene and build positive change around you.

Register for this workshop: https://docs.google.com/forms/d/1gD9uQyyDA_HF-gPiyfP39J3e91P0VG_ReyBeYga3eOk/viewform

Speakers

Leigh Honeywell

CEO, Tall Poppy

Leigh is the founder and CEO of Tall Poppy. She was previously a Technology Fellow at the ACLU’s Project on Speech, Privacy, and Technology, and also worked at Slack, Salesforce.com, Microsoft, and Symantec. She co-founded hackerspaces in Toronto and Seattle, and is an a... Read More →

Sunday April 19, 2015 10:00am - 12:00pm PDT
OpenDNS

Workshop

10:00am PDT

TOOOL

Sunday April 19, 2015 10:00am - 5:00pm PDT
TBA

Lockpick Village

10:00am PDT

Wired CTF

Sunday April 19, 2015 10:00am - 6:00pm PDT
OpenDNS

11:00am PDT

OSXCollector: Forensic Collection and Automated Analysis for OS X

OSXCollector is an open source forensic evidence collection and analysis toolkit for OS X. It automates the painful parts of forensic evidence collection & analysis incident responders traditionally manually. #dfir #mac4n6

Speakers

Ivan Leichtling

Engineering Manager, Yelp

Ivan Leichtling leads an amazing team of engineers focused on securing Yelp's visitors, mobile apps, websites, employees, and infrastructure. Ivan holds a BS in Computer Science from the Columbia University School of Engineering and Applied Sciences. Prior to Yelp, Ivan spent a dozen... Read More →

Sunday April 19, 2015 11:00am - 12:00pm PDT
OpenDNS

Track One, Track One

11:00am PDT

F*ck These Guys: Practical Counter Surveillance

We've all seen the steady stream of revelations about the NSA's unconstitutional, illegal mass surveillance. Seems like there's a new transgression revealed every week! I'm getting outrage fatigue. So I decided to fight back... by looking for practical, realistic, everyday actions I can take to protect my privacy and civil liberties on the Internet, and sharing them with my friends.

Join me in using encryption and privacy technology to resist eavesdropping and tracking, and to start to opt out of the bulk data collection that the NSA has unilaterally decided to secretly impose upon the world. Let's take back the Internet, one encrypted bit at a time.

Speakers

Lisa Lorenzin

Lisa Lorenzin is a network security geek; in her day job, she's worked in a variety of Internet-related roles since 1994, with the past 15 years focused on network and information security. she's currently interested in free speech, privacy, digital rights, and global Internet fr... Read More →

Sunday April 19, 2015 11:00am - 12:00pm PDT
OpenDNS

Track Two, Track Two

12:00pm PDT

DNS Spikes, Strikes, and The Like

Analyzing traffic patterns for trends can be a rich source of information for investigating potential malicious domains. This talk will be an examination of spikes in DNS queries and how they can be used to find potentially new threats. Malicious domains that appear as spiked domains usually belong to Domain Generation Algorithm (DGA) or exploit kit families. However, not all domains that spike are necessarily malicious. One challenge is sifting through the large data set and extracting the potentially harmful spikes. To accomplish this goal we rely on unsupervised learning methods such as clustering to help us explore and eventually classify the data.

Speakers

Thomas Mathew

Security Research - Data, Cisco Umbrella

Thomas Mathew is a Senior Security Researcher at Cisco Umbrella (OpenDNS) where he works on implementing pattern recognition algorithms to classify malware and botnets. His main interest lies in using various time series techniques on network sensor data to identify malicious threats... Read More →

Sunday April 19, 2015 12:00pm - 1:00pm PDT
OpenDNS

Track One

12:00pm PDT

No More Fudge Factors and Made-up Shit: Performance Numbers That Mean Something

This talk isn’t about security. It’s about how any security team can measure and improve its overall performance, and also better satisfy your non-technical bosses and clients. Besides “are we secure?”, bosses want to know “is the team performing well?” At some point, you’ll probably be asked for a scorecard or dashboard – “and make it simple”. Maybe you've already tried to create a scoring spreadsheet only to find that it's full of fudge factors, incomprehensible formulas, or made-up shit. There is a better way. This session presents a credible and powerful method – the Thomas Scoring System (TSS) -- to estimate an aggregate performance index from a grab bag of ground-truth metrics and evidence. TSS can help you present solid, defensible metrics to the bosses, and it can also help your team learn what really drives performance and how to improve. Several case studies will be demonstrated: Vendor Risk Assessment, Vulnerability Management, and Security Operations. TSS is Creative Commons and open source. Excel and R+Shiny tools will be released.

Speakers

Russell Thomas

Senior Data Scientist

Senior Data Scientist at a Regional Bank. PhD Candidate in Computational Social Science at George Mason University. BS in Electrical Engineering and Management from WPI. A few decades experience in the computer industry in design, manufacturing, marketing, and consulting.

Sunday April 19, 2015 12:00pm - 1:00pm PDT
OpenDNS

Track Two, Track Two

12:00pm PDT

How to sell security without selling your soul

Many people who want to advance the state of information security have the nerve to want to make a decent living while doing so. In this presentation we will discuss the challenges and opportunities presented by working for a security vendor and how to sell security without selling your soul.
We need good people in the industry; in this talk we hope to help more good folks get in to and stay in the security business- with their souls remaining intact.

Speakers

Jack Daniel

Co-Founder, Security BSides

Security BSides, the history of infosec, the meaning of life.

Steve McGrath

Steven McGrath is not only the lesser-known half of the "Steve & Jack Show" on twitter, but is also Sales Engineer at Tenable Network Security. For the last 4 years he has been helping organizations leverage Tenable products to better audit and secure their infrastructure. Steve is... Read More →

Sunday April 19, 2015 12:00pm - 1:00pm PDT
OpenDNS

Workshop

1:00pm PDT

Lunch

Sunday April 19, 2015 1:00pm - 2:00pm PDT
OpenDNS

Meal, Track One

2:00pm PDT

Ask the EFF

Get the latest information about how the law is racing to catch up with technological change from staffers at the Electronic Frontier Foundation, the nation’s premiere digital civil liberties group fighting for freedom and privacy in the computer age. This session will include updates on current EFF issues such as surveillance online and fighting efforts to use intellectual property claims to shut down free speech and halt innovation, discussion of our technology project to protect privacy and speech online, updates on cases and legislation affecting security research, and much more. Half the session will be given over to question-and-answer, so it's your chance to ask EFF questions about the law and technology issues that are important to you.

Speakers

Nate Cardozo

Senior Staff Attorney, Electronic Frontier Foundation

Nate Cardozo is a Senior Staff Attorney on EFF’s civil liberties team where he focuses on cybersecurity policy and defending coders’ rights.Nate has litigated cases involving electronic surveillance, freedom of information, digital anonymity, online free expression, and government... Read More →

Andrew Crocker

Staff Attorney, Electronic Frontier Foundation

Andrew Crocker is a staff attorney on the Electronic Frontier Foundation’s civil liberties team. He focuses on EFF’s national security and privacy docket, as well as the Coders' Rights Project. While in law school, Andrew worked at the Berkman Center for Internet and Society... Read More →

Kurt Opsahl

Deputy Executive Director and General Counsel, Electronic Frontier Foundation

Kurt Opsahl is the Deputy Executive Director and General Counsel of the Electronic Frontier Foundation. In addition to representing clients on civil liberties, free speech and privacy law, Opsahl counsels on EFF projects and initiatives. Opsahl is the lead attorney on the Coders... Read More →

Sunday April 19, 2015 2:00pm - 3:00pm PDT
OpenDNS

Track One

2:00pm PDT

Intrusion Detection in the Clouds

Shared hosting is awesome! ...sort of.
On one hand, you pay almost nothing to get your site or server out there, but on the other hand, your network neighborhood probably sucks and there's no way to tell if anyone is trying to access your stuff in a way you didn't intend. There's got to be a way to watch for attacks against that server you installed via your hosting providers GUI web interface.

Speakers

Josh Pyorre

Josh is a security analyst with OpenDNS. Previously, he worked as a threat analyst with NASA, where he was part of the team to initially help build out the Security Operations Center. He has also done some time at Mandiant. His professional interests involve network, computer and... Read More →

Sunday April 19, 2015 2:00pm - 3:00pm PDT
OpenDNS

Track Two

2:00pm PDT

Violent Python

Even if you have never programmed before, you can quickly and easily learn how to make custom hacking tools in Python. In hands-on projects, participants will create tools and hack into test systems, including port scanning, login brute-forcing, port knocking, cracking password hashes, and sneaking malware past antivirus engines.

With just a few lines of Python, it's easy to create a keylogger that defeats every commercial antivirus product, from Kaspersky to FireEye.

Register for this workshop: http://goo.gl/forms/M4W4RvFlvh

Prerequisites:
Participants need a computer (Windows, Mac, or Linux) with VMware Player or VMware Fusion. USB thumbdrives will be available with Kali Linux virtual machines to use.

All the class materials are freely available at samsclass.info for anyone to use.

Speakers

Sam Bowne

Instructor, CCSF

Sam Bowne has been teaching computer networking and security classes at CCSF since 2000. He has given talks and hands-on trainings at DEF CON, DEF CON China, HOPE, BSidesSF, BSidesLV, RSA, and many conferences and colleges. Formal education: B.S. and Ph.D. in Physics Industry credentials... Read More →

Sunday April 19, 2015 2:00pm - 6:00pm PDT
OpenDNS

Workshop

3:00pm PDT

Your Users Passwords Are Already Stolen

Attackers have long exploited human weakness such as the lack of password complexity and vulnerability to phishing. As organizations improved defenses, attackers shifted to breaching websites to steal user databases. Their goal is to access your organization undetected. Common weaknesses in user database implementations will be explained and real world examples presented. To accent the problem, a well known database dump from 2014 containing passwords securely salted and hashed with multiple rounds will be used as a case study showing that password reuse and weak passwords are human behaviors that cannot be fixed.

Speakers

Lucas Zaichkowsky

Lucas Zaichkowsky is the Enterprise Defense Architect at Resolution1 Security, responsible for providing expert guidance on the topic of cybersecurity. Prior to joining Resolution1 Security, Lucas was a Technical Engineer at Mandiant where he worked with Fortune 500 organizations... Read More →

Sunday April 19, 2015 3:00pm - 4:00pm PDT
OpenDNS

Track One

3:00pm PDT

Hacker or criminal? Repairing the reputation of the infosec community

Recent legislation and media stories reflect an inaccurate, often criminal, if not confused picture of the infosec community. There is an inherit level of FUD regarding who we are and what we do, compounded by natural complexity of security issues. Without accurate and honest communication, we’ve left those outside our community to create their own definitions and understanding of infosec. The resulting perpetuation of inaccurate perceptions distorts the numerous positive contributions to and impacts on society. Perhaps unwittingly, we’ve created a reputation of being a spiteful, disorderly group incapable of providing effective security without intervention from a higher power, whether government or vendor. The current misperception that hackers are malicious by nature is largely a result of our failed relationships with media, legislators, and consumers. However, we have the power to decide what we want our reputation to be and act accordingly to shift public perception toward a more accurate reflection of who we are. This talk will provide an introduction to media engagement as a tool for reputation management as well as a suggested path forward for repairing the current reputation of the infosec community.

Speakers

Melanie Ensign

Melanie is a security communications adviser, providing strategic counsel across a range of disciplines including media relations, employee awareness, incident response, hacker relations, disclosure incentives, social engagement, and public policy. She also serves as a public relations... Read More →

Sunday April 19, 2015 3:00pm - 4:00pm PDT
OpenDNS

Track Two, Track Two

4:00pm PDT

Analyze This!

Many presentations about “Big Data” security analysis focus on where to store the data and basic data searches, but where are the analytics? This presentation discusses a handful of “big data” security analytics that are easy to implement and have proven to be useful for detecting intruder activity from readily available data sources. These security analytics surface anomalous and malicious activity using “signatureless” detection techniques.

Speakers

Aaron Shelmire

Sr. Intrusion Analyst, E8 Security

While having “played around” with computers as far back as high school, Aaron held out hope to become a famous dj or video game creator in the 90s. It wasn’t until 2004 when he began his long twisted journey into information security, when the super computers he was working... Read More →

Sunday April 19, 2015 4:00pm - 5:00pm PDT
OpenDNS

Track One

4:00pm PDT

Student Surveillance: How Hackers Can Help Protect Student Privacy

Since 2011, billions of dollars of venture capital investment have poured into public education through private, for-profit technologies that promise to revolutionize education. Designed for the “21st century” classroom, these tools promise to remedy the many, many societal ills facing public education with artificial intelligence, machine learning, data mining, and other technological advancements. But these tools are also being used to track and record every move students make in the classroom, grooming students for a lifetime of surveillance and turning education into one of the most data-intensive industries on the face of the earth. This talk will investigate some of the technologies being adopted in schools and the nefarious ways they are used in classrooms that endanger student privacy from kindergarten through college. .

Speakers

Jessy Irwin

Security + Privacy Communications

Jessy is a marketing communications professional working in security in San Francisco. She is an outspoken advocate for stronger privacy and security protections in education technology, and spends as much time as possible teaching educators about online privacy + security. She regularly... Read More →

Sunday April 19, 2015 4:00pm - 5:00pm PDT
OpenDNS

Track Two, Track Two

5:00pm PDT

Medical Device Security - From Detection To Compromise

There is no question that medical devices save countless lives, but is insecure design or deployment of these devices putting patients at risk? Join us for an in-depth presentation on a three year research project that shows numerous medical devices and healthcare organizations are vulnerable to direct attack vectors that can impact patient safety and human life.

Speakers

Adam Brand

Director, Security and Privacy, Protiviti

Adam Brand: Adam Brand has more than 17 years’ experience in information technology and security. He is a Director with Protiviti, where he helps companies secure their environments and also leads Protiviti's medical device security practice. Related to his talk at BSidesLV, Adam... Read More →

Scott Erven

Associate Director, Protiviti

Scott Erven: Scott Erven is a healthcare security visionary and thought leader with more than 15 years’ experience in information technology and security. He is currently an Associate Director with Protiviti, where he focuses on medical device and healthcare security. His research... Read More →

Sunday April 19, 2015 5:00pm - 6:00pm PDT
OpenDNS

Track One, Track One

5:00pm PDT

When Doing the Right Thing Goes Wrong - Impact of Certificates on Service Based Infrastructure

With the advent of micro service architecture securing inter-service communication has become more important than ever. Protecting these connections over HTTPS is usually the default approach, but poorly implemented solutions can lead to under protected services or cause outages within the system. This talk looks to highlight how bad practices, misunderstandings and design choices in certificate trust chains can leave a system vulnerable or even offline.

Speakers

Robert Lucero

Robert Lucero is a physics major turned software developer. He has nine years of software development experience working on various projects at Microsoft and more recently at Okta. There’s more stuff on his LinkedIn profile, but he’ll probably tell you more over a beer.

Sunday April 19, 2015 5:00pm - 6:00pm PDT
OpenDNS

Track Two

8:00am PDT

Venue Open/Registration

Monday April 20, 2015 8:00am - 6:00pm PDT
TBA

9:00am PDT

Breakfast

Monday April 20, 2015 9:00am - 10:00am PDT
OpenDNS

Meal

10:00am PDT

How SecOps Can Convince DevOps To Believe In The Bogeyman

Leif Dreizler, BugCrowd, explores the inherent differences between the hacker and developer mentality. In this discussion, the audience will hear from a former breaker and fixer of security flaws on how developers who acknowledge the existence of ‘The Bogeyman’ come that much closer to being active participants in ensuring their company’s security, rather than passive victims.

Speakers

Leif Dreizler

Senior Engineering Manager - Security Features, Twilio Segment

Leif Dreizler is an information security professional with over a decade of experience. Leif joined Segment (now part of Twilio) in 2017 and currently manages a team of Software Engineers focused on building security features. Leif joined as an early member of the security team and... Read More →

Monday April 20, 2015 10:00am - 11:00am PDT
OpenDNS

Track One

10:00am PDT

How to Lie with Statistics, Information Security Edition

Stiff statistics, prismatic pie charts, and stodgy survey results drown the Information Security space in a sea of never-ending numbers that can be difficult to sift through and find the relevant information contained within. Have you ever finished reading a vendor whitepaper or a research institution’s annual security report and felt your Spidey sense begin to tingle with doubt or disbelief? What you are probably sensing is a manipulation of statistics, an age-old hoodwink that has been occurring as long as numbers have been used to convey information.

This critical subject was first examined over 60 years ago, when Darrell Huff first published the groundbreaking book “How to Lie with Statistics,” over 60 years ago, and since then has become required reading in many college Statistics classes. This presentation takes the foundation Huff created and updates the core concepts for the contemporary Information Security field.

Most people would be shocked to find that data can be easily manipulated to leave the reader with a certain impression or to lead them to a particular conclusion. Nothing is sacred in this presentation! Several areas are examined, from bias in vendor-sponsored security reports to common ways pie charts are used to misrepresent data. Extra time is given to the scourge of risk analysts everywhere: the post hoc fallacy (correlation does not imply causation), perhaps the most prevalent and most damaging of all logical fallacies seen in Information Security.

There is a silver lining – once you are aware of the subtle ways data is manipulated, it’s easy to spot. Attendees will walk away with a new understanding of ways to identify and avoid unintentionally using some of the methods described.

Speakers

Tony Martin-Vegue

Tony Martin-Vegue works for Bay Area financial institution leading their security risk management program. His enterprise risk and security analyses are informed by his 20 years of technical expertise in areas such as network operations, cryptography and system administration. Tony... Read More →

Monday April 20, 2015 10:00am - 11:00am PDT
OpenDNS

Track Two

10:00am PDT

Network Forensics Fun: Packet Pillaging Done Right!

In this talk, I will walk attendees through how Bechtel’s “Team DOFIR” took 1st place in LMG Security’s Network Forensics Puzzle Contest (NFPC) at DefCon 22. Each year, LMG holds an awesome contest, and we are proud to show the tech that we used to complete last year’s challenge.

To solve the sucker, we used tools such as Wireshark, tshark, tcpflow, bash, perl (regex one-liners baby!), Python (w/various modules), and others. I’ll show how we put together some scripts and commands in order to streamline our methodology. My goal: Show off some cool network forensics tech and garner interest for this year’s NFPC. We want some top-notch competition, so check out what we have to offer and be sure to get your game on this year!

Register for this workshop: https://www.eventbrite.com/e/bsidessf-network-forensics-fun-packet-pillaging-done-right-son-tickets-16391442245
Prerequisites: Coming Soon

Speakers

Ryan J Chapman

Senior IR Analyst, Bechtel Corporation

Ryan Chapman works as a Senior Incident Response analyst. Prior to security, Ryan worked as a technical trainer. Ryan enjoys malware analysis, host/network-based forensics, and… just about everything else that has to do with blue team efforts. Outside of work, Ryan spends time with... Read More →

Monday April 20, 2015 10:00am - 12:00pm PDT
OpenDNS

Workshop

11:00am PDT

Human Hunting

Much of what appears to be happening in information security seems to be focused on replacing humans with magic boxes and automation rather than providing tools to augment human capabilities. However, when we look at good physical security we see technology is being used to augment human capabilities rather than simply replace them. The adversary is human so we are ultimately looking for human directed behaviors. If analysts don’t know how to go looking for evil without automated detection tools then they are not going to be able to effectively evaluate if the detection tools are working properly or if the deployment was properly engineered. An over reliance on automated detection also puts organizations in a position of paying protection money if they want to remain secure. We should be spending more resources on honing analyst hunting skills to find human adversaries rather than purchasing more automated defenses for human adversaries to bypass.

Speakers

Sean Gillespie

Sean is just this guy you know. Sean’s career in the InfoSec field began as a network defender in the USAF where he later transitioned to an attacker role with an aggressor squadron. After leaving the Air Force he has spent most of his career developing tools and techniques for... Read More →

Monday April 20, 2015 11:00am - 12:00pm PDT
OpenDNS

Track One

11:00am PDT

Ground Zero Financial Services: The Latest Targeted Attacks from the Darknet

Within the Darknet, an area of the Internet that’s hidden from pedestrian use and commonly associated with malicious and illegal activity, individuals and organizations, create, test and refine their attacks. Because many of these attackers are financially motivated, there is a large and growing number of targeted attacks focusing on financial services. This presentation analyzes those attacks.

Speakers

Brian Contos

Over the last two decades Brian Contos helped build some of the most successful and disruptive security companies in the world. After getting his start in security with the Defense Information Systems Agency (DISA) and later Bell Labs, Brian began the process of building security... Read More →

Jonathan Curtis

Director, Security Architecture, Norse Corporation

Jonathan Curtis, a member of the Norse Field Engineering Team, was the Director of Solutions and Intelligence within the Compliance and Enforcement Sector at the Canadian Radio-television and Telecommunications Commission (CRTC). Mr. Curtis has years of experience addressing the toxic... Read More →

Monday April 20, 2015 11:00am - 12:00pm PDT
OpenDNS

Track Two

12:00pm PDT

Phighting Phishers Phake Phronts

This talk will take a look at modern phishing campaigns and how they have evolved from simple generic HTML based sites attempting to grab login credentials to full dynamic sites that almost flawlessly mirror the real ones attempting to gather login credentials, credit card information, and social security numbers. Topics covered will include discovered IoC's, various kits for sale, detection methods, top companies spoofed, and potential victim loss.

Speakers

Kevin Bottomley

Security Analyst, OpenDNS

Kevin Bottomley is a Security Analyst on the OpenDNS Research team. Throughout the course of the day, Kevin undertakes roles from creating Security Threat Reports for existing and potential clients, working closely with the Customer Support Team, finding new threats and attacks, and... Read More →

Monday April 20, 2015 12:00pm - 1:00pm PDT
OpenDNS

Track One

12:00pm PDT

Securing the Hastily Formed Network: Infosec for Disaster Relief and Emergency Response

Effectively responding to modern disasters and humanitarian emergencies requires a substantial amount of connectivity. Whether for cloud, social media, GIS, or other critical access, emergency managers increasingly rely upon Internet access as a key service alongside traditional emergency and humanitarian support, such as search and rescue and medical support.

"Hastily Formed Networks" are the networks that are created in the immediate aftermath of a disaster. While they perform vital services, most HFN deployments are significantly lacking in security management and oversight. This talk will discuss HFNs, and the evolution of security on these networks using examples from Hurricane Katrina to the ongoing Ebola Virus crisis in West Africa.

Speakers

Rakesh Bharania

Network Consulting Engineer, Cisco Tactical Operations

Rakesh Bharania is the West Coast lead for Cisco Tactical Operations (TACOPS), Cisco’s primary technology response team for disaster relief and humanitarian assistance. Additionally, he serves as the chairman for the Global VSAT Forum (GVF) Cybersecurity Task Force, and is a recognized... Read More →

Monday April 20, 2015 12:00pm - 1:00pm PDT
OpenDNS

Track Two

12:00pm PDT

TOOOL

Monday April 20, 2015 12:00pm - 5:00pm PDT
OpenDNS

Lockpick Village

1:00pm PDT

Lunch

Monday April 20, 2015 1:00pm - 2:00pm PDT
OpenDNS

Meal, Track One

2:00pm PDT

Corporate Governance For Fun and (Non)Profit

There has been a lot of push lately about organizing events and incorporating them. While this is fantastic, once the organization is formed, the organizers don't quite know what is required to run them.

Frankly, I am tired of telling each of you individually what you need to know about the roles and responsibilities you sign up for when you incorporate. I am continually surprised at all the misunderstandings people have. You won't know what you don't know until you come to my talk!

(NOTE: this is also handy info for for-profit corporations, but less so, and LLCs are right out, since they are in an entirely different world.)

Speakers

Christie Dudley

Christie Dudley started with a BSEE, emphasis in digital communications. She then took off into networking and network engineering, mostly in finance and manufacturing. Later, she jumped ship and studied anthropology for a while. Since opportunities are limited there, she drifted... Read More →

Monday April 20, 2015 2:00pm - 3:00pm PDT
OpenDNS

Track One

2:00pm PDT

GitReview - All Git Commits are Reviewed

We needed to audit our github repository while maintaining developer flexibility to push whenever and whatever changes to get the job done. We wanted to check against three things – security critical code changes, peer review, and approval. We created gitreview as a lightweight overlay on to of github and discovered a new paradigm for managing all changes in our environment.

Speakers

Jon Debonis

VP Information Security, Blend Labs

I’m Jon Debonis. I’ve been taking apart computers and electronics then putting back together for 21 years. I’m a Google alumni, helped to bring Kaiser Permanente to PCI compliance, and worked with many others to meet security goals. I currently work with startups to establish... Read More →

Monday April 20, 2015 2:00pm - 3:00pm PDT
OpenDNS

Track Two

2:00pm PDT

Introduction to Reverse Engineering Android Applications Training

This training will be an introduction into reverse engineering Android applications. If you have troubles configuring your environment please reach out to use at training@versprite.com. We will be posting access to the applications that are included in the labs the day of the training soon.

Register for this workshop: http://www.eventbrite.com/e/bsides-sfo-intro-to-reverse-engineering-android-applications-training-tickets-16277753198

Prerequisites:

Laptop capable of connecting to wireless networks and running *NIX

Configured Android Virtual Device (AVD), Genymotion, or a rooted Android Device

Devices should support installing ARM applications

Installed and Configured: AndroGuard, JD-GUI, Dex2Jar, Apktool, Drozer, Java

Knowledge of installing Android applications

Speakers

Tony UcedaVelez

Benjamin Watson

Lead Security Researcher, VerSprite

Monday April 20, 2015 2:00pm - 6:00pm PDT
OpenDNS

Workshop

3:00pm PDT

HIPAA 2015: Wrath of the Audits

Since 2009, 122 million people have had their protected health information compromised. Enforcement efforts and investigations by the federal government are increasing tremendously; 1,516 in 2003 to 14,300 in 2013. In 2014, there were 105,522 formal HIPAA complaints filed. Now is the time to get compliant as the government announced that 10% of all covered entities will be randomly audited for HIPAA compliance in 2015. To be ready, unite the two most important forces in your organization behind the HIPAA effort, IT and Legal. This talk will focus on a nuts and bolts approach to HIPAA compliance beginning with documentation and moving on to the fundamental security risk assessment.

Speakers

W. Hudson Harris

Associate General Counsel, Privacy Officer, Adapt of America

Hudson Harris is a JD, MBA, MA, & Esq. who began his IT career in 1997 in network administration; moved on to tech support for Microsoft and finally University IT. After leaving the east coast, Hudson obtained his masters degrees and law degree, ultimately opening his own law practice... Read More →

Monday April 20, 2015 3:00pm - 4:00pm PDT
OpenDNS

Track One

3:00pm PDT

Probing Patches: Beyond Microsoft’s ANS

Patch analysis is the process of examining the difference in vendor supplied binaries incrementally across security updates. Unfortunately, this technique remains less used (at least publically) as a means for understanding vulnerabilities and measuring risk. We aim to provide some exposure to patch analysis by way of examining the process of performing a binary diff against a recent Microsoft CVE. We further aim to demonstrate the utility of fuzzing during the patch diffing process.

Speakers

bill finlayson

Bio – Bill Finlayson is a Senior Security Researcher with BeyondTrust. Bill focuses on vulnerability research and discovery, reverse engineering, and is part of the development team of Retina – a well-known vulnerability assessment solution.

Monday April 20, 2015 3:00pm - 4:00pm PDT
OpenDNS

Track Two

4:00pm PDT

Lessons Learned from Building and Running MHN, the World's Largest Crowd-sourced Honeynet

Honeypots are really useful for collecting security data for research, especially around botnets, scanning hosts, password brute forcers, and other misbehaving systems. They are also the cheapest way collect this data at scale. Deploying many types of honeypots across geo-diverse locations of the Internet improves the aggregate data quality and provides a holistic view. This provides insight into both global trends of attacks and network activity as well as the behaviors of individual malicious systems. For these reasons, we started the Modern Honey Network, which is both an open source (GPLv3) project and a community of hundreds of MHN servers that manage and aggregate data from thousands of heterogeneous honeypots (Dionaea, Kippo, Amun, Conpot, Wordpot, Shockpot, and Glastopf) and network sensors (Snort, Suricata, p0f) deployed by different individuals and organizations as a distributed sensor network. The project has turned into the largest crowdsourced honeynet in the world consisting of thousands of diverse sensors deployed across 35 countries and 5 continents worldwide. Sensors are operated by all sorts of people from hobbyists, to academic researchers, to Fortune 1000 companies. In this talk we will discuss our experience in starting this project, analyzing the data, and building a crowdsourced global sensor network for tracking security threats and gathering interesting data for research. We've found that lots of people like honeypots, especially if you give them a cool realtime visualization of their data and make it easy to setup; lots of organizations will share their data with you if it is part of a community; and lots of companies will deploy honeypots as additional network sensors, especially if you make it easy to deploy/manage/integrate with their existing security tools.

Speakers

Jason Trost

VP of Threat Research, Anomali, Inc.

Jason Trost is the VP of Threat Research at Anomali, Inc. and leads Anomali Labs, the research team. He has worked in security for more than ten years, and he has several years of experience leveraging big data technologies for security data mining and analytics. He is deeply interested... Read More →

Monday April 20, 2015 4:00pm - 5:00pm PDT
OpenDNS

Track One

4:00pm PDT

*Blink*: The Network Perimeter is Gone

In the past, network device awareness (SANS Critical Security Control #1) was achieved through asset monitoring, vuln scanning, Network Access Control (NAC), device authentication, and network/wireless intrusion detection.

Unfortunately, the Internet of Everything has spawned a little-understood and ever-expanding threat vector - the massive proliferation of broad-spectrum wireless, mobile/micro, transient computing devices:

Corporate-sponsored BYOD
Mobile phones/tablets, Wireless APs, MiFis, microcells
4G/LTE, Bluetooth, & RFID/NFC-enabled consumer devices
Micro, ultra-portable, & wearable computing devices
Wireless thermostats, burglar alarms, IP cameras, UAVs/drones, heating/cooling systems, power distribution, & industrial automation
A rapidly-expanding market of low-cost, plug-and-play cyber espionage devices, the "Internet of Evil Things".

This attack surface has expanded beyond the visibility of today’s monitoring and intrusion detection systems. Yesterday’s defenses are no longer adequate. Come learn all the ways criminals are getting access while bypassing all alarms and monitored networks. New attacks and possible defenses will be shown live.

Speakers

Rick Farina (Zero_Chaos)

Rick Farina (Zero_Chaos) is a well known wireless hacker and member of the DEF CON Wireless Village team and the Wireless Capture the Flag team. He has been researching all manner of layer one and two hacking for the past fifteen years, most recently as Director of Engineering for... Read More →

Monday April 20, 2015 4:00pm - 5:00pm PDT
OpenDNS

Track Two

5:00pm PDT

Getting started...help me help you

You've been pwned. It's a Friday and you just got some sketchy email, some reporter just called you, or the Feds somehow sent you a fax and some dudes whose first names are Special Agent darken your door.

They don't tell you much, so now you're wondering - WTF should I do. Before you call high-priced consultants - like me - help me help you.

I'll be honest, if you screw things up right at the beginning, I'm going to be there a lot longer than you want me - I'll be unhappy and you'll be unhappy with the results.

During this talk, I'll tell you what to do, and what not do; where to look, and where not to look; what to say, and what not to say when badness happens to you.

Also, I'll walk through a quick scenario and together we'll cheat our way into a poor-mans batch script to help you collect and store the valuable, volatile data so you can safely shut down your system, unplug the interwebz, and go out for a drink.

Speakers

David Trollman

Monday April 20, 2015 5:00pm - 6:00pm PDT
OpenDNS

Track One

5:00pm PDT

Federating AWS CLI

Federating AWS IAM to directory services is a pain in the ass but it doesn't have to be. There are plenty of, expensive, solutions available that provide a web console to users but nothing yet that brings CLI tools to a developers linux system... until now.

Speakers

Ayman Elsawah

Sr. Security Architect

Ayman is a seasoned Enterprise Security Architect and Consultant with experience in a variety of industries including Financials, Global E-Commerce, and Media. Entrepreneurial, a natural leader, and a builder at heart, Ayman thrives on solving nuanced challenges that arise in the... Read More →

Paul Moreno

Paul Moreno is Security Team Lead at Pinterest, a place to discover ideas for all your projects and interests, hand-picked by people. At Pinterest, Paul has spent his tenure working to establish the Security Engineering foundation and assemble a core security team. As a recognized... Read More →

Monday April 20, 2015 5:00pm - 6:00pm PDT
OpenDNS

Track Two