-
If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.
-
Whenever you search in PBworks or on the Web, Dokkio Sidebar (from the makers of PBworks) will run the same search in your Drive, Dropbox, OneDrive, Gmail, Slack, and browsed web pages. Now you can find what you're looking for wherever it lives. Try Dokkio Sidebar for free.
| |
BsidesSTL2017
Event details
When: September 9th 2017
Where: Moolah Shrine St. Louis Missouri
Cost: Free
CFP is CLOSED! Thank you for all the submissions!
Humble Beginnings Round 2
The vision for this B-sides is simple: Give interested techies a place to start and gain a foothold in the security community. Our organizers have attended Big Cons, Little Cons, and ones in between. Every con brings something amazing to the people it serves: community. The local security community in STL is vibrant. We want to continue growing that community by holding a free event that can introduce the interested to the connected.
This event is a free conference with local speakers and hackers showing technologies they love and talking about how they have gotten involved in the greater Security Community.
Bring your notebooks, hand out business cards, have a few drinks with other like-minded techies!
Call for Sponsors! We love helping sponsors demonstrate their love of the community by working with us! Please direct all sponsorship inquiries to bsidesstl@gmail.com.
Standing Room Only Tickets still available! - https://www.universe.com/events/bsides-stl-2017-tickets-FMLH1R
Invite your friends by posting this on Twitter: #BSidesSTL
Sponsors
Schedule
Saturday Sept 9th
|
Bsides STL Schedule |
|
Speaker Track |
| 9 - 10 AM |
Registration |
| 10 - 10:15 |
Announcements/Welcome |
| 10:15 - 11 |
Keynote:
Infosec: We're the reason we can't have nice things.
@Scratchhax
|
| 11:00 -11:10 |
Speaker Switch |
| 11:15 - 12 |
Homemade Phishing!
Bill Gogel and Larah Rogg
|
| 12 to 1 |
LUNCH |
| 1 - 1:10 |
Announce Afternoon Speakers |
| 1:10 - 2 |
Breaking Into Security: Stories from 20 Years in the Field
Oboyle
|
| 2 - 2:10 |
Speaker Switch |
| 2:10 - 3 |
OSINT and your World - a Love Story
@Ginsberg5150
|
| 3 - 3:05 |
Speaker Switch |
| 3:05 - 3:30 |
Drone Delivered Attack Platform (DDAP)h3mlock
|
| 3:30 - 3:35 |
Speaker Switch |
| 3:35 - 4 |
Hacking The IoT With X1
@Anarchy Angel
|
| 4 - 4:10 |
Speaker Switch |
| 4:10 - 5 |
Basics of Incident Handling
MSAdministrator
|
| 5 - 5:30 |
Finale and Closing
|
Abstracts:
Keynote
@Scratchhax
Infosec has managed to squeeze itself into a very oddly shaped niche. We use boxes and blinky lights wrapped in the promise of being able to prevent packets of malicious intent from harming a human hell bent on shooting themselves in the foot. We've built careers around promising a boogie man under every bed, an entire branch of some foreign military dedicated to stealing your intellectual property and faceless online gangs itching to burn your company to the ground just to see the flames. All of that would be fine, had it worked. But here we are, instead, with 30 years of the industry behind us and a threat landscape that vastly exceeds any of our current, or promised, capabilities. It's time we changed from tactics to strategy. It's time we apologized to all of the users and companies that we serve and it's time to look at infosec as a survival skill instead of a cost center. Homemade Phishing! Bill Gogel and Larah RoggLets talk about the open-source tools and techniques to phish the internet's oceans of users. From running security awareness phishing campaigns, to spear phishing high value targets, the community has developed the methods and technologies. Learn the in-and-outs of bypassing email security controls, tricks of the trade for setting up successful phishing campaigns, and our favorite spear phishing tactics to catch big phish. Come join us as we share what we have learned from building our own in-house and open-source phishing capabilities. Breaking Into Security: Stories from 20 Years in the Field OboyleIn this talk, we’ll explore one path to a career in security. From bright eyed and bushy tailed beginnings, to humbling engagements with nation state attackers, Todd will cover his journey to the present day through a series of stories. The talk will wrap up with some open ended guidance for both those trying to break into the industry and veterans who’ve been in the game for years.OSINT and your World - a Love Story @Ginsberg5150Open source Intelligence and Social engineering are powerful by themselves but putting them together can be destructive. We review the basics of some of the tactics used and how the OSINT is gathered. We will discuss attack platforms from very basic pictures we find on varies social media platforms, dive into what some other organizations can use OSINT for and how to use OSINT in your personal life to help with job growth and personal security. Drone Delivered Attack Platform (DDAP) h3mlockThe day the chickens moved into the coop I knew there was going to be trouble. I had no idea the extent of the problem, until one day I realized that they were building a rogue network inside of the coop. This was partially my fault for providing power to the coop in the first place, but I definitely underestimated their capabilities. What kind of evil were they plotting? I could try to hack into their wireless network, but they had good physical security so getting in close proximity to their location was going to be a problem.
What I settled on was using a drone to deliver a hacking drop kit to the chicken coop. The goal is to build the complete kit with low cost, readily available parts, so that if the chickens capture the drone or it is otherwise compromised, we are not out a ton of money. It should have sufficient battery to provide flight time to and from the target location, and sufficient compute time to do a reasonable amount of wireless hacking. We would use the drone to deliver our attack kit to the roof of the chicken coop and power off the rotors to preserve battery for our return flight. We would then use a Raspberry Pi with a wireless antenna to do the wireless hacking. Our platform could be accessed remotely over the cell network using something like TAP, and things that need more compute power like cracking hashed could be shipped offsite over the cell network.
* Evil Chickens - Understanding our adversary and our attack target's network
* Other uses - Maybe evil chickens are not your primary consideration. There are other things a platform like this could be used for.
* DDAP Design - What components do we need to successfully perform the attack. How do we make it as light as possible while still having sufficient flight and compute time.
* Batteries are heavy - The heaviest part of our platform is the batteries. Finding the right balance of cost vs. weight while still providing sufficient flight and compute time is tricky.
* Cost considerations - What is the cheapest drone possible that can carry the weight of our attack platform.
* Hardware specifications - A list of all hardware components with their associated cost.
* Software specifications - What software components do we need to load on our Raspberry Pi to perform the attack
* Remote access - Using a cell card and TAP to gain remote access to our platform.
* Performing the attack - Putting it all together to perform the actual attack. Video of the actual attack on the chicken coop.
* Questions
Hacking The IoT With X1 @Anarchy Angel
This talk is an overview of IoT and other devices allowing unauthenticated X11 sessions, how to find them, the tools and techniques used to exploit them, and a look at haX11 attack tool that makes the attack more interactive and much easier to carry out. Taking an overlooked, underrated vulnerability and giving it a point and click exploit not supported in other tools.
Basics of Incident Handling MSAdministrator
This talk focuses on outlining the basics of handling a security incident. We will walk through the Incident Response lifecycle and touch on establishing a CIRT, identification of an incident, evidence handling, reporting, and retrospectives. This talk is for beginners but not newbs.
BsidesSTL2017
|
|
Tip: To turn text into a link, highlight the text, then click on a page or file from the list above.
|
|
|
|
|
Comments (0)
You don't have permission to comment on this page.