Loading…
This event has ended. Create your own event → Check it out
This event has ended. Create your own
View analytic

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Sunday, April 19
 

8:00am

Venue Open/Registration
Sunday April 19, 2015 8:00am - 6:00pm
OpenDNS

9:00am

Breakfast
Sunday April 19, 2015 9:00am - 10:00am
OpenDNS

10:00am

Stick a Pin in Certificate Pinning: How to Inspect Mobile Traffic and Stop Data Exfiltration
With the rise of encrypted traffic, more and more companies are deploying SSL inspection platforms to decrypt SSL. Unfortunately, these companies quickly discover that they cannot decrypt all traffic, particularly communications to mobile apps that use certificate pinning.

What is certificate pinning? It’s a method of preventing Man in the Middle (MitM) attacks by validating server certificates against known, approved certificates or hashes that are bundled with the application. Many mobile applications today, including Twitter, Facebook, and Square, use certificate pinning to detect forged SSL certificates and prevent unauthorized snooping. While this improves user privacy, it also exposes a gaping hole in corporate defenses.
Why? Because malicious insiders can use mobile apps like Facebook to share confidential data. Malware can communicate and distribute stolen data and credentials through mobile applications. Researchers have even discovered bots that receive command and control center directives from illicit Twitter accounts. As a result, organizations should inspect traffic from mobile applications.

During this presentation, we will propose a way to allow employees to access their favorite mobile applications, while still ensuring that all traffic is inspected for data loss and attacks. With mobile app virtualization, organizations can host mobile apps on centralized servers and monitor file uploads and user activity. The end user experience is nearly identical to native application access.

Attend this session to learn how attackers and insiders can use certificate pinning to bypass security controls. Understand trends in cryptography and the implications for IT security.

Speakers
GJ

Gopal Jayaraman

Gopal Jayaraman is the CEO and co-founder of Sierraware. He established Sierraware with the goal to supply rock-solid and full-featured virtualization and security software to equipment manufacturers all over the world. | | Prior to Sierraware, Gopal was a Senior Software Architect at Cavium Networks. Gopal previously served as the CTO of Menlo Logic, an SSL VPN company that was acquired by Cavium in 2005. He has held leading engineering roles... Read More →


Sunday April 19, 2015 10:00am - 11:00am
OpenDNS

10:00am

Critical Infrastructure: The Cloud loves me, The Cloud loves me not.
Interdependency between public cloud services and critical infrastructure are both hard and soft. Will this cross domain technology flirtation lead to long term relationships or fatal attractions? We examine case studies supporting both scenarios and their complex conundrums – if everything is critical, perhaps nothing is critical? How much security is enough security?

Speakers
BO

Bryan Owen

Bryan Owen is the cyber security manager for OSIsoft LLC (www.osisoft.com) – a software company located in San Leandro, CA that builds systems for monitoring real time information principally of heavy industrial facilities and critical infrastructure providers.OSIsoft has since grown from a small software startup to a highly profitable global corporation that operates in 110 countries. It has, over 1100 employees worldwide with about 400 in San... Read More →


Sunday April 19, 2015 10:00am - 11:00am
OpenDNS

10:00am

Ally Skills Workshop
Frustrated with sexism in our community but not sure what to do about it? The Ally Skills workshop is aimed at teaching folks who want to learn how to be supportive of women in their community tactics and strategies to make things better. Through scenarios ranging from subtle interpersonal sexism to dealing with outright harassment, this workshop will give you the ability to intervene and build positive change around you.

Register for this workshop: https://docs.google.com/forms/d/1gD9uQyyDA_HF-gPiyfP39J3e91P0VG_ReyBeYga3eOk/viewform

Speakers
LH

Leigh Honeywell

Leigh is an experienced incident responder, rebooter of computers, and founder of hackerspaces. She is a Security Engineer at Heroku, a Salesforce.com company. Prior to Heroku, she worked at Microsoft, MessageLabs/Symantec, and Bell Canada. She is currently Chief Security Officer of Double Union, a women’s hackerspace in San Francisco and an advisor to several nonprofits focused on diversity issues in tech.


Sunday April 19, 2015 10:00am - 12:00pm
OpenDNS

10:00am

TOOOL
Sunday April 19, 2015 10:00am - 5:00pm
TBA

10:00am

Wired CTF
Sunday April 19, 2015 10:00am - 6:00pm
OpenDNS

11:00am

OSXCollector: Forensic Collection and Automated Analysis for OS X
OSXCollector is an open source forensic evidence collection and analysis toolkit for OS X. It automates the painful parts of forensic evidence collection & analysis incident responders traditionally manually. #dfir #mac4n6

Speakers
avatar for Ivan Leichtling

Ivan Leichtling

Engineering Manager, Yelp
Ivan Leichtling leads an amazing team of engineers focused on securing Yelp's visitors, mobile apps, websites, employees, and infrastructure. Ivan holds a BS in Computer Science from the Columbia University School of Engineering and Applied Sciences. Prior to Yelp, Ivan spent a dozen years writing software, building hardware, and leading teams at Microsoft. Ivan is an anagram of vain and as such appreciates Twitter followers at @c0wl and... Read More →


Sunday April 19, 2015 11:00am - 12:00pm
OpenDNS

11:00am

F*ck These Guys: Practical Counter Surveillance
We've all seen the steady stream of revelations about the NSA's unconstitutional, illegal mass surveillance. Seems like there's a new transgression revealed every week! I'm getting outrage fatigue. So I decided to fight back... by looking for practical, realistic, everyday actions I can take to protect my privacy and civil liberties on the Internet, and sharing them with my friends.

Join me in using encryption and privacy technology to resist eavesdropping and tracking, and to start to opt out of the bulk data collection that the NSA has unilaterally decided to secretly impose upon the world. Let's take back the Internet, one encrypted bit at a time.

Speakers
LL

Lisa Lorenzin

Lisa Lorenzin is a network security geek; in her day job, she's worked in a variety of Internet-related roles since 1994, with the past 15 years focused on network and information security. she's currently interested in free speech, privacy, digital rights, and global Internet freedom.


Sunday April 19, 2015 11:00am - 12:00pm
OpenDNS

12:00pm

DNS Spikes, Strikes, and The Like
Analyzing traffic patterns for trends can be a rich source of information for investigating potential malicious domains. This talk will be an examination of spikes in DNS queries and how they can be used to find potentially new threats. Malicious domains that appear as spiked domains usually belong to Domain Generation Algorithm (DGA) or exploit kit families. However, not all domains that spike are necessarily malicious. One challenge is sifting through the large data set and extracting the potentially harmful spikes. To accomplish this goal we rely on unsupervised learning methods such as clustering to help us explore and eventually classify the data.

Speakers
TM

Thomas Mathew

Security Research - Data, Cisco - OpenDNS
Thomas Mathew is a security researcher at OpenDNS Security Labs where he focusses on the implementation of malware, botnet, and threat actor classification techniques using a variety of machine learning methods. Prior to joining OpenDNS, Thomas served as a researcher at the University of California (Santa Cruz), the US Naval Postgraduate School, and as a Product and Test Engineer at handsfree streaming video camera company Looxcie, Inc.


Sunday April 19, 2015 12:00pm - 1:00pm
OpenDNS

12:00pm

No More Fudge Factors and Made-up Shit: Performance Numbers That Mean Something
This talk isn’t about security. It’s about how any security team can measure and improve its overall performance, and also better satisfy your non-technical bosses and clients. Besides “are we secure?”, bosses want to know “is the team performing well?” At some point, you’ll probably be asked for a scorecard or dashboard – “and make it simple”. Maybe you've already tried to create a scoring spreadsheet only to find that it's full of fudge factors, incomprehensible formulas, or made-up shit. There is a better way. This session presents a credible and powerful method – the Thomas Scoring System (TSS) -- to estimate an aggregate performance index from a grab bag of ground-truth metrics and evidence. TSS can help you present solid, defensible metrics to the bosses, and it can also help your team learn what really drives performance and how to improve. Several case studies will be demonstrated: Vendor Risk Assessment, Vulnerability Management, and Security Operations. TSS is Creative Commons and open source. Excel and R+Shiny tools will be released.

Speakers
avatar for Russell Cameron Thomas

Russell Cameron Thomas

Data Scientist, PhD candidate, A financial firm
Russell is Security Data Scientist at a Large Financial Firm and a PhD student in Computational Social Science at George Mason University. He's been involved with security metrics and risk analysis since 2007. He has a few decades of experience in the Information Technology sector, including engineer, manager, and consultant, working in design, manufacturing, marketing, IT, and strategy functions. He has a BS in electrical engineering and... Read More →


Sunday April 19, 2015 12:00pm - 1:00pm
OpenDNS

12:00pm

How to sell security without selling your soul
Many people who want to advance the state of information security have the nerve to want to make a decent living while doing so. In this presentation we will discuss the challenges and opportunities presented by working for a security vendor and how to sell security without selling your soul.
We need good people in the industry; in this talk we hope to help more good folks get in to and stay in the security business- with their souls remaining intact.

Speakers
SM

Steve McGrath

Steven McGrath is not only the lesser-known half of the "Steve & Jack Show" on twitter, but is also Sales Engineer at Tenable Network Security. For the last 4 years he has been helping organizations leverage Tenable products to better audit and secure their infrastructure. Steve is an active member of the security and hacker community, and is the author of DoFler, the Dashboard of Fail.
avatar for Tenable Network Security

Tenable Network Security

Recruiting, Tenable Network Security
At Tenable, we are all about innovation, creativity and purpose, with a passion for designing solutions that change people’s lives and make a difference in the world. Network security is one of the world’s fastest growing fields, and our fresh ideas and proven products are revolutionizing the industry. We have big plans for continued global growth in 2016 and beyond, and we are looking for people who are creative, adaptable and... Read More →


Sunday April 19, 2015 12:00pm - 1:00pm
OpenDNS

1:00pm

Lunch
Sunday April 19, 2015 1:00pm - 2:00pm
OpenDNS

2:00pm

Ask the EFF
Get the latest information about how the law is racing to catch up with technological change from staffers at the Electronic Frontier Foundation, the nation’s premiere digital civil liberties group fighting for freedom and privacy in the computer age. This session will include updates on current EFF issues such as surveillance online and fighting efforts to use intellectual property claims to shut down free speech and halt innovation, discussion of our technology project to protect privacy and speech online, updates on cases and legislation affecting security research, and much more. Half the session will be given over to question-and-answer, so it's your chance to ask EFF questions about the law and technology issues that are important to you.

Speakers
avatar for Nate Cardozo

Nate Cardozo

Senior Staff Attorney, Electronic Frontier Foundation
NATE CARDOZO is a Senior Staff Attorney on the Electronic Frontier Foundation’s digital civil liberties team. In addition to his focus on free speech and privacy litigation, Nate works on EFF's Who Has Your Back? report and Coders' Rights Project. Nate has projects involving cryptography and the law, automotive privacy, government transparency, hardware hacking rights, anonymous speech, electronic privacy law reform, Freedom of Information... Read More →
avatar for Andrew Crocker

Andrew Crocker

Staff Attorney, Electronic Frontier Foundation
ANDREW CROCKER is a Staff Attorney on the Electronic Frontier Foundation’s civil liberties team. He works primarily on EFF's privacy and national security litigation as well as the Coders' Rights Project. While in law school, Andrew worked at the Berkman Center for Internet and Society, the American Civil Liberties Union’s Speech, Privacy, and Technology Project, and the Center for Democracy and Technology. Andrew has a J.D. and an A.B. in... Read More →
avatar for Kurt Opsahl

Kurt Opsahl

Deputy ED and General Counsel, Electronic Frontier Foundation
Kurt Opsahl is the Deputy Executive Director and General Counsel of the Electronic Frontier Foundation. In addition to representing clients on civil liberties, free speech and privacy law, Opsahl counsels on EFF projects and initiatives. Opsahl is the lead attorney on the Coders' Rights Project. Before joining EFF, Opsahl worked at Perkins Coie, where he represented technology clients with respect to intellectual property, privacy, defamation... Read More →


Sunday April 19, 2015 2:00pm - 3:00pm
OpenDNS

2:00pm

Intrusion Detection in the Clouds
Shared hosting is awesome! ...sort of.
On one hand, you pay almost nothing to get your site or server out there, but on the other hand, your network neighborhood probably sucks and there's no way to tell if anyone is trying to access your stuff in a way you didn't intend. There's got to be a way to watch for attacks against that server you installed via your hosting providers GUI web interface.

Speakers
JP

Josh Pyorre

Josh is a security analyst with OpenDNS. Previously, he worked as a threat analyst with NASA, where he was part of the team to initially help build out the Security Operations Center. He has also done some time at Mandiant. His professional interests involve network, computer and data security with a goal of maintaining and improving the security of as many systems and networks as possible. When not playing with computer security, Josh rides... Read More →


Sunday April 19, 2015 2:00pm - 3:00pm
OpenDNS

2:00pm

Violent Python
Even if you have never programmed before, you can quickly and easily learn how to make custom hacking tools in Python. In hands-on projects, participants will create tools and hack into test systems, including port scanning, login brute-forcing, port knocking, cracking password hashes, and sneaking malware past antivirus engines.

With just a few lines of Python, it's easy to create a keylogger that defeats every commercial antivirus product, from Kaspersky to FireEye.

Register for this workshop:  http://goo.gl/forms/M4W4RvFlvh


Prerequisites:
Participants need a computer (Windows, Mac, or Linux) with VMware Player or VMware Fusion. USB thumbdrives will be available with Kali Linux virtual machines to use.

All the class materials are freely available at samsclass.info for anyone to use.

Speakers
avatar for Sam Bowne

Sam Bowne

City College San Francisco, City College San Francisco
Sam Bowne has been teaching computer networking and security classes at CCSF since 2000. He has given talks at DEFCON, HOPE, BayThreat, LayerOne, and Toorcon, and taught classes and many other schools and teaching conferences. He has a B.S. in Physics from Edinboro University of Pennsylvania and a Ph.D. in Physics from University of Illinois, Urbana-Champaign. Industry certs: CISSP, CEH, CCENT, WCNA, and more.


Sunday April 19, 2015 2:00pm - 6:00pm
OpenDNS

3:00pm

Your Users Passwords Are Already Stolen
Attackers have long exploited human weakness such as the lack of password complexity and vulnerability to phishing. As organizations improved defenses, attackers shifted to breaching websites to steal user databases. Their goal is to access your organization undetected. Common weaknesses in user database implementations will be explained and real world examples presented. To accent the problem, a well known database dump from 2014 containing passwords securely salted and hashed with multiple rounds will be used as a case study showing that password reuse and weak passwords are human behaviors that cannot be fixed.

Speakers
LZ

Lucas Zaichkowsky

Lucas Zaichkowsky is the Enterprise Defense Architect at Resolution1 Security, responsible for providing expert guidance on the topic of cybersecurity. Prior to joining Resolution1 Security, Lucas was a Technical Engineer at Mandiant where he worked with Fortune 500 organizations, the Defense Industrial Base, and government institutions to deploy measures designed to defend against the worlds most sophisticated attack groups.


Sunday April 19, 2015 3:00pm - 4:00pm
OpenDNS

3:00pm

Hacker or criminal? Repairing the reputation of the infosec community
Recent legislation and media stories reflect an inaccurate, often criminal, if not confused picture of the infosec community. There is an inherit level of FUD regarding who we are and what we do, compounded by natural complexity of security issues. Without accurate and honest communication, we’ve left those outside our community to create their own definitions and understanding of infosec. The resulting perpetuation of inaccurate perceptions distorts the numerous positive contributions to and impacts on society. Perhaps unwittingly, we’ve created a reputation of being a spiteful, disorderly group incapable of providing effective security without intervention from a higher power, whether government or vendor. The current misperception that hackers are malicious by nature is largely a result of our failed relationships with media, legislators, and consumers. However, we have the power to decide what we want our reputation to be and act accordingly to shift public perception toward a more accurate reflection of who we are. This talk will provide an introduction to media engagement as a tool for reputation management as well as a suggested path forward for repairing the current reputation of the infosec community.

Speakers
ME

Melanie Ensign

Melanie is a security communications adviser, providing strategic counsel across a range of disciplines including media relations, employee awareness, incident response, hacker relations, disclosure incentives, social engagement, and public policy. She also serves as a public relations Goon for DEF CON and r00tz Asylum. She holds a Master of Science degree in corporate public relations from Boston University where she also taught courses on... Read More →


Sunday April 19, 2015 3:00pm - 4:00pm
OpenDNS

4:00pm

Analyze This!
Many presentations about “Big Data” security analysis focus on where to store the data and basic data searches, but where are the analytics? This presentation discusses a handful of “big data” security analytics that are easy to implement and have proven to be useful for detecting intruder activity from readily available data sources. These security analytics surface anomalous and malicious activity using “signatureless” detection techniques.

Speakers
avatar for Aaron Shelmire

Aaron Shelmire

Sr. Intrusion Analyst, E8 Security
While having “played around” with computers as far back as high school, Aaron held out hope to become a famous dj or video game creator in the 90s. It wasn’t until 2004 when he began his long twisted journey into information security, when the super computers he was working on at PSC were hacked by a dire and sophisticated threat that penetrated over a thousand organizations over a multi-year period…that turned out to be a 16 year old kid... Read More →


Sunday April 19, 2015 4:00pm - 5:00pm
OpenDNS

4:00pm

Student Surveillance: How Hackers Can Help Protect Student Privacy
Since 2011, billions of dollars of venture capital investment have poured into public education through private, for-profit technologies that promise to revolutionize education. Designed for the “21st century” classroom, these tools promise to remedy the many, many societal ills facing public education with artificial intelligence, machine learning, data mining, and other technological advancements. But these tools are also being used to track and record every move students make in the classroom, grooming students for a lifetime of surveillance and turning education into one of the most data-intensive industries on the face of the earth. This talk will investigate some of the technologies being adopted in schools and the nefarious ways they are used in classrooms that endanger student privacy from kindergarten through college. .

Speakers
avatar for Jessy Irwin

Jessy Irwin

Security + Privacy Communications
Jessy is a marketing communications professional working in security in San Francisco. She is an outspoken advocate for stronger privacy and security protections in education technology, and spends as much time as possible teaching educators about online privacy + security. She regularly rants about student data privacy, security, and surveillance on Twitter, and her current passions include dinosaurs, big necklaces + tacos.


Sunday April 19, 2015 4:00pm - 5:00pm
OpenDNS

5:00pm

Medical Device Security - From Detection To Compromise
There is no question that medical devices save countless lives, but is insecure design or deployment of these devices putting patients at risk? Join us for an in-depth presentation on a three year research project that shows numerous medical devices and healthcare organizations are vulnerable to direct attack vectors that can impact patient safety and human life.

Speakers
avatar for Adam Brand

Adam Brand

Director, Protiviti
Adam Brand: Adam Brand has more than 16 years’ experience in information technology and security. He is a Director with Protiviti, where he has assisted companies in resolving major security incidents and maturing their information security programs. Adam has been heavily involved with the “I am The Cavalry” movement, a group of researchers focused on information security issues that can affect human life and safety. He has recently focused... Read More →
SE

Scott Erven

Associate Director, Protiviti
Scott Erven: Scott Erven is a healthcare security visionary and thought leader with more than 15 years’ experience in information technology and security. He is currently an Associate Director with Protiviti, where he focuses on medical device and healthcare security. His research on medical device security has been featured in Wired and numerous media outlets worldwide. Mr. Erven has presented his research and expertise in the field... Read More →


Sunday April 19, 2015 5:00pm - 6:00pm
OpenDNS

5:00pm

When Doing the Right Thing Goes Wrong - Impact of Certificates on Service Based Infrastructure
With the advent of micro service architecture securing inter-service communication has become more important than ever. Protecting these connections over HTTPS is usually the default approach, but poorly implemented solutions can lead to under protected services or cause outages within the system. This talk looks to highlight how bad practices, misunderstandings and design choices in certificate trust chains can leave a system vulnerable or even offline.

Speakers
avatar for Robert Lucero

Robert Lucero

Software Engineer in Test
Robert Lucero is a physics major turned software developer. He has nine years of software development experience working on various projects at Microsoft and more recently at Okta. There’s more stuff on his LinkedIn profile, but he’ll probably tell you more over a beer.


Sunday April 19, 2015 5:00pm - 6:00pm
OpenDNS
 
Monday, April 20
 

8:00am

Venue Open/Registration
Monday April 20, 2015 8:00am - 6:00pm
TBA

9:00am

Breakfast
Monday April 20, 2015 9:00am - 10:00am
OpenDNS

10:00am

How SecOps Can Convince DevOps To Believe In The Bogeyman
Leif Dreizler, BugCrowd, explores the inherent differences between the hacker and developer mentality. In this discussion, the audience will hear from a former breaker and fixer of security flaws on how developers who acknowledge the existence of ‘The Bogeyman’ come that much closer to being active participants in ensuring their company’s security, rather than passive victims.

Speakers
avatar for Leif Dreizler

Leif Dreizler

Senior Security Engineer, Bugcrowd
Leif is a Senior Security Engineer at Bugcrowd, the innovator in crowdsourced security testing for the enterprise, where he works to customize and support security testing solutions for Bugcrowd clients. Prior to Bugcrowd, Leif worked as Senior Application Security Engineer at Redspin, performing application security assessments. During his time at Redspin he served as the Application Team Lead, working with clients large and small at the... Read More →


Monday April 20, 2015 10:00am - 11:00am
OpenDNS

10:00am

How to Lie with Statistics, Information Security Edition
Stiff statistics, prismatic pie charts, and stodgy survey results drown the Information Security space in a sea of never-ending numbers that can be difficult to sift through and find the relevant information contained within. Have you ever finished reading a vendor whitepaper or a research institution’s annual security report and felt your Spidey sense begin to tingle with doubt or disbelief? What you are probably sensing is a manipulation of statistics, an age-old hoodwink that has been occurring as long as numbers have been used to convey information.

This critical subject was first examined over 60 years ago, when Darrell Huff first published the groundbreaking book “How to Lie with Statistics,” over 60 years ago, and since then has become required reading in many college Statistics classes. This presentation takes the foundation Huff created and updates the core concepts for the contemporary Information Security field.

Most people would be shocked to find that data can be easily manipulated to leave the reader with a certain impression or to lead them to a particular conclusion. Nothing is sacred in this presentation! Several areas are examined, from bias in vendor-sponsored security reports to common ways pie charts are used to misrepresent data. Extra time is given to the scourge of risk analysts everywhere: the post hoc fallacy (correlation does not imply causation), perhaps the most prevalent and most damaging of all logical fallacies seen in Information Security.

There is a silver lining – once you are aware of the subtle ways data is manipulated, it’s easy to spot. Attendees will walk away with a new understanding of ways to identify and avoid unintentionally using some of the methods described.

Speakers
avatar for Tony Martin-Vegue

Tony Martin-Vegue

Tony Martin-Vegue works for a large global retailer leading the firm’s cyber-crime program. His enterprise risk and security analyses are informed by his 20 years of technical expertise in areas such as network operations, cryptography and system administration. Tony holds a Bachelor of Science in Business Economics from the University of San Francisco and holds many certifications including CISSP, CISM and CEH.


Monday April 20, 2015 10:00am - 11:00am
OpenDNS

10:00am

Network Forensics Fun: Packet Pillaging Done Right!
In this talk, I will walk attendees through how Bechtel’s “Team DOFIR” took 1st place in LMG Security’s Network Forensics Puzzle Contest (NFPC) at DefCon 22. Each year, LMG holds an awesome contest, and we are proud to show the tech that we used to complete last year’s challenge.

To solve the sucker, we used tools such as Wireshark, tshark, tcpflow, bash, perl (regex one-liners baby!), Python (w/various modules), and others. I’ll show how we put together some scripts and commands in order to streamline our methodology. My goal: Show off some cool network forensics tech and garner interest for this year’s NFPC. We want some top-notch competition, so check out what we have to offer and be sure to get your game on this year!

Register for this workshop:  https://www.eventbrite.com/e/bsidessf-network-forensics-fun-packet-pillaging-done-right-son-tickets-16391442245
Prerequisites: Coming Soon 

Speakers
avatar for Ryan Chapman

Ryan Chapman

Computer Incident Response Analyst, Bechtel Corporation
Ryan Chapman works as an incident response analyst for Bechtel Corporation. Ryan enjoys the challenge of handling incidents, reversing malware, and automating tasks for the security operations center. He also loves public speaking and has presented at venues such as BSides, CactusCon, Splunk .Conf, and others. Ryan has a fondness for doing stand-up comedy, retro gaming, and plays plenty of Street Fighter. Hadouken!


Monday April 20, 2015 10:00am - 12:00pm
OpenDNS

11:00am

Human Hunting
Much of what appears to be happening in information security seems to be focused on replacing humans with magic boxes and automation rather than providing tools to augment human capabilities. However, when we look at good physical security we see technology is being used to augment human capabilities rather than simply replace them. The adversary is human so we are ultimately looking for human directed behaviors. If analysts don’t know how to go looking for evil without automated detection tools then they are not going to be able to effectively evaluate if the detection tools are working properly or if the deployment was properly engineered. An over reliance on automated detection also puts organizations in a position of paying protection money if they want to remain secure. We should be spending more resources on honing analyst hunting skills to find human adversaries rather than purchasing more automated defenses for human adversaries to bypass.

Speakers
SG

Sean Gillespie

Sean is just this guy you know. Sean’s career in the InfoSec field began as a network defender in the USAF where he later transitioned to an attacker role with an aggressor squadron. After leaving the Air Force he has spent most of his career developing tools and techniques for intrusion detection for both DoD and private companies. He moved to the Bay Area as an early member of Mandiant’s Redwood City SOC focusing on advanced detection... Read More →


Monday April 20, 2015 11:00am - 12:00pm
OpenDNS

11:00am

Ground Zero Financial Services: The Latest Targeted Attacks from the Darknet
Within the Darknet, an area of the Internet that’s hidden from pedestrian use and commonly associated with malicious and illegal activity, individuals and organizations, create, test and refine their attacks. Because many of these attackers are financially motivated, there is a large and growing number of targeted attacks focusing on financial services. This presentation analyzes those attacks.

Speakers
BC

Brian Contos

Over the last two decades Brian Contos helped build some of the most successful and disruptive security companies in the world. After getting his start in security with the Defense Information Systems Agency (DISA) and later Bell Labs, Brian began the process of building security startups and taking multiple companies through successful IPOs and acquisitions including: Riptech, ArcSight, Imperva, McAfee and Solera Networks. Brian has worked in... Read More →
avatar for Jonathan Curtis

Jonathan Curtis

Director, Security Architecture, Norse Corporation
Jonathan Curtis, a member of the Norse Field Engineering Team, was the Director of Solutions and Intelligence within the Compliance and Enforcement Sector at the Canadian Radio-television and Telecommunications Commission (CRTC). Mr. Curtis has years of experience addressing the toxic abuse problems of the Internet from both public and private sector perspectives. Prior to the CRTC, Jonathan was Director of Security Products at Nominum... Read More →


Monday April 20, 2015 11:00am - 12:00pm
OpenDNS

12:00pm

Phighting Phishers Phake Phronts
This talk will take a look at modern phishing campaigns and how they have evolved from simple generic HTML based sites attempting to grab login credentials to full dynamic sites that almost flawlessly mirror the real ones attempting to gather login credentials, credit card information, and social security numbers. Topics covered will include discovered IoC's, various kits for sale, detection methods, top companies spoofed, and potential victim loss.

Speakers
avatar for Kevin Bottomley

Kevin Bottomley

Security Analyst, OpenDNS
Kevin Bottomley is a Security Analyst on the OpenDNS Research team. Throughout the course of the day, Kevin undertakes roles from creating Security Threat Reports for existing and potential clients, working closely with the Customer Support Team, finding new threats and attacks, and devising tactics to track down and identify nefarious actors and malicious domains. Kevin earned an Associate in Science degree from City College of San Francisco... Read More →


Monday April 20, 2015 12:00pm - 1:00pm
OpenDNS

12:00pm

Securing the Hastily Formed Network: Infosec for Disaster Relief and Emergency Response
Effectively responding to modern disasters and humanitarian emergencies requires a substantial amount of connectivity. Whether for cloud, social media, GIS, or other critical access, emergency managers increasingly rely upon Internet access as a key service alongside traditional emergency and humanitarian support, such as search and rescue and medical support.

"Hastily Formed Networks" are the networks that are created in the immediate aftermath of a disaster. While they perform vital services, most HFN deployments are significantly lacking in security management and oversight. This talk will discuss HFNs, and the evolution of security on these networks using examples from Hurricane Katrina to the ongoing Ebola Virus crisis in West Africa.

Speakers
avatar for Rakesh Bharania

Rakesh Bharania

Network Consulting Engineer, Cisco Tactical Operations
Rakesh Bharania is the West Coast lead for Cisco Tactical Operations (TACOPS), Cisco’s primary technology response team for disaster relief and humanitarian assistance. Additionally, he serves as the chairman for the Global VSAT Forum (GVF) Cybersecurity Task Force, and is a recognized leader in the field of satellite security. Previously, he has worked as a senior information security architect and helped to create and build the Cisco... Read More →


Monday April 20, 2015 12:00pm - 1:00pm
OpenDNS

12:00pm

TOOOL
Monday April 20, 2015 12:00pm - 5:00pm
OpenDNS

1:00pm

Lunch
Monday April 20, 2015 1:00pm - 2:00pm
OpenDNS

2:00pm

Corporate Governance For Fun and (Non)Profit
There has been a lot of push lately about organizing events and incorporating them. While this is fantastic, once the organization is formed, the organizers don't quite know what is required to run them.

Frankly, I am tired of telling each of you individually what you need to know about the roles and responsibilities you sign up for when you incorporate. I am continually surprised at all the misunderstandings people have. You won't know what you don't know until you come to my talk!

(NOTE: this is also handy info for for-profit corporations, but less so, and LLCs are right out, since they are in an entirely different world.)

Speakers
avatar for Christie Dudley

Christie Dudley

Christie Dudley started with a BSEE, emphasis in digital communications. She then took off into networking and network engineering, mostly in finance and manufacturing. Later, she jumped ship and studied anthropology for a while. Since opportunities are limited there, she drifted back to tech, delving more into information and device security. With the goal of wrapping all these diverse interests up into a single career, she earned a Juris Doctor... Read More →


Monday April 20, 2015 2:00pm - 3:00pm
OpenDNS

2:00pm

GitReview - All Git Commits are Reviewed
We needed to audit our github repository while maintaining developer flexibility to push whenever and whatever changes to get the job done. We wanted to check against three things – security critical code changes, peer review, and approval. We created gitreview as a lightweight overlay on to of github and discovered a new paradigm for managing all changes in our environment.

Speakers
avatar for Jon Debonis

Jon Debonis

VP Information Security, Blend Labs
I’m Jon Debonis. I’ve been taking apart computers and electronics then putting back together for 21 years. I’m a Google alumni, helped to bring Kaiser Permanente to PCI compliance, and worked with many others to meet security goals. I currently work with startups to establish secure architecture in development, infrastructure, and to establish information security management programs and compliance. Most of my free time goes to raising my... Read More →


Monday April 20, 2015 2:00pm - 3:00pm
OpenDNS

2:00pm

Introduction to Reverse Engineering Android Applications Training
This training will be an introduction into reverse engineering Android applications.  If you have troubles configuring your environment please reach out to use at training@versprite.com.  We will be posting access to the applications that are included in the labs the day of the training soon.


Register for this workshop:  http://www.eventbrite.com/e/bsides-sfo-intro-to-reverse-engineering-android-applications-training-tickets-16277753198

Prerequisites:
  • Laptop capable of connecting to wireless networks and running *NIX
  • Configured Android Virtual Device (AVD), Genymotion, or a rooted Android Device
  • Devices should support installing ARM applications
  • Installed and Configured: AndroGuard, JD-GUI, Dex2Jar, Apktool, Drozer, Java
  • Knowledge of installing Android applications
  •  

    Speakers
    avatar for Benjamin Watson

    Benjamin Watson

    Lead Security Researcher, VerSprite


    Monday April 20, 2015 2:00pm - 6:00pm
    OpenDNS

    3:00pm

    HIPAA 2015: Wrath of the Audits
    Since 2009, 122 million people have had their protected health information compromised. Enforcement efforts and investigations by the federal government are increasing tremendously; 1,516 in 2003 to 14,300 in 2013. In 2014, there were 105,522 formal HIPAA complaints filed. Now is the time to get compliant as the government announced that 10% of all covered entities will be randomly audited for HIPAA compliance in 2015. To be ready, unite the two most important forces in your organization behind the HIPAA effort, IT and Legal. This talk will focus on a nuts and bolts approach to HIPAA compliance beginning with documentation and moving on to the fundamental security risk assessment.

    Speakers
    avatar for W. Hudson Harris

    W. Hudson Harris

    Associate General Counsel, Privacy Officer, Adapt of America
    Hudson Harris is a JD, MBA, MA, & Esq. who began his IT career in 1997 in network administration; moved on to tech support for Microsoft and finally University IT. After leaving the east coast, Hudson obtained his masters degrees and law degree, ultimately opening his own law practice in San Diego in 2010. Hudson just moved back to St. Louis in 2014 to take his current position as Privacy Officer and Associate General Counsel. He now writes on... Read More →


    Monday April 20, 2015 3:00pm - 4:00pm
    OpenDNS

    3:00pm

    Probing Patches: Beyond Microsoft’s ANS
    Patch analysis is the process of examining the difference in vendor supplied binaries incrementally across security updates. Unfortunately, this technique remains less used (at least publically) as a means for understanding vulnerabilities and measuring risk. We aim to provide some exposure to patch analysis by way of examining the process of performing a binary diff against a recent Microsoft CVE. We further aim to demonstrate the utility of fuzzing during the patch diffing process.

    Speakers
    BF

    bill finlayson

    Bio – Bill Finlayson is a Senior Security Researcher with BeyondTrust. Bill focuses on vulnerability research and discovery, reverse engineering, and is part of the development team of Retina – a well-known vulnerability assessment solution.


    Monday April 20, 2015 3:00pm - 4:00pm
    OpenDNS

    4:00pm

    Lessons Learned from Building and Running MHN, the World's Largest Crowd-sourced Honeynet
    Honeypots are really useful for collecting security data for research, especially around botnets, scanning hosts, password brute forcers, and other misbehaving systems. They are also the cheapest way collect this data at scale. Deploying many types of honeypots across geo-diverse locations of the Internet improves the aggregate data quality and provides a holistic view. This provides insight into both global trends of attacks and network activity as well as the behaviors of individual malicious systems. For these reasons, we started the Modern Honey Network, which is both an open source (GPLv3) project and a community of hundreds of MHN servers that manage and aggregate data from thousands of heterogeneous honeypots (Dionaea, Kippo, Amun, Conpot, Wordpot, Shockpot, and Glastopf) and network sensors (Snort, Suricata, p0f) deployed by different individuals and organizations as a distributed sensor network. The project has turned into the largest crowdsourced honeynet in the world consisting of thousands of diverse sensors deployed across 35 countries and 5 continents worldwide. Sensors are operated by all sorts of people from hobbyists, to academic researchers, to Fortune 1000 companies. In this talk we will discuss our experience in starting this project, analyzing the data, and building a crowdsourced global sensor network for tracking security threats and gathering interesting data for research. We've found that lots of people like honeypots, especially if you give them a cool realtime visualization of their data and make it easy to setup; lots of organizations will share their data with you if it is part of a community; and lots of companies will deploy honeypots as additional network sensors, especially if you make it easy to deploy/manage/integrate with their existing security tools.

    Speakers
    avatar for Jason Trost

    Jason Trost

    VP of Threat Research, Anomali, Inc.
    Jason Trost is the VP of Threat Research at Anomali, Inc. and leads Anomali Labs, the research team. He has worked in security for more than ten years, and he has several years of experience leveraging big data technologies for security data mining and analytics. He is deeply interested in network security, DFIR, honeypots, big data and machine learning. He is currently focused on building highly scalable systems for processing, analyzing, and... Read More →


    Monday April 20, 2015 4:00pm - 5:00pm
    OpenDNS

    4:00pm

    *Blink*: The Network Perimeter is Gone
    In the past, network device awareness (SANS Critical Security Control #1) was achieved through asset monitoring, vuln scanning, Network Access Control (NAC), device authentication, and network/wireless intrusion detection.

    Unfortunately, the Internet of Everything has spawned a little-understood and ever-expanding threat vector - the massive proliferation of broad-spectrum wireless, mobile/micro, transient computing devices:

    Corporate-sponsored BYOD
    Mobile phones/tablets, Wireless APs, MiFis, microcells
    4G/LTE, Bluetooth, & RFID/NFC-enabled consumer devices
    Micro, ultra-portable, & wearable computing devices
    Wireless thermostats, burglar alarms, IP cameras, UAVs/drones, heating/cooling systems, power distribution, & industrial automation
    A rapidly-expanding market of low-cost, plug-and-play cyber espionage devices, the "Internet of Evil Things".

    This attack surface has expanded beyond the visibility of today’s monitoring and intrusion detection systems. Yesterday’s defenses are no longer adequate. Come learn all the ways criminals are getting access while bypassing all alarms and monitored networks. New attacks and possible defenses will be shown live.

    Speakers
    RF

    Rick Farina (Zero_Chaos)

    Rick Farina (Zero_Chaos) is a well known wireless hacker and member of the DEF CON Wireless Village team and the Wireless Capture the Flag team. He has been researching all manner of layer one and two hacking for the past fifteen years, most recently as Director of Engineering for Pwnie Labs at Pwnie Express.


    Monday April 20, 2015 4:00pm - 5:00pm
    OpenDNS

    5:00pm

    Getting started...help me help you
    You've been pwned. It's a Friday and you just got some sketchy email, some reporter just called you, or the Feds somehow sent you a fax and some dudes whose first names are Special Agent darken your door.

    They don't tell you much, so now you're wondering - WTF should I do. Before you call high-priced consultants - like me - help me help you.

    I'll be honest, if you screw things up right at the beginning, I'm going to be there a lot longer than you want me - I'll be unhappy and you'll be unhappy with the results.

    During this talk, I'll tell you what to do, and what not do; where to look, and where not to look; what to say, and what not to say when badness happens to you.

    Also, I'll walk through a quick scenario and together we'll cheat our way into a poor-mans batch script to help you collect and store the valuable, volatile data so you can safely shut down your system, unplug the interwebz, and go out for a drink.

    Speakers

    Monday April 20, 2015 5:00pm - 6:00pm
    OpenDNS

    5:00pm

    Federating AWS CLI
    Federating AWS IAM to directory services is a pain in the ass but it doesn't have to be. There are plenty of, expensive, solutions available that provide a web console to users but nothing yet that brings CLI tools to a developers linux system... until now.

    Speakers
    avatar for Ayman Elsawah

    Ayman Elsawah

    Sr. Security Architect
    Ayman is a seasoned Enterprise Security Architect and Consultant with experience in a variety of industries including Financials, Global E-Commerce, and Media. Entrepreneurial, a natural leader, and a builder at heart, Ayman thrives on solving nuanced challenges that arise in the operational security space when businesses are pushing the limits or current technology is not meeting security needs. | | Ayman has experience in Security... Read More →
    PM

    Paul Moreno

    Paul Moreno is Security Team Lead at Pinterest, a place to discover ideas for all your projects and interests, hand-picked by people. At Pinterest, Paul has spent his tenure working to establish the Security Engineering foundation and assemble a core security team. As a recognized technology generalist, with extensive experience working for several startups and public companies, Paul delivers data driven solutions for today’s modern cloud... Read More →


    Monday April 20, 2015 5:00pm - 6:00pm
    OpenDNS