• If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

  • Stop wasting time looking for files and revisions. Connect your Gmail, DriveDropbox, and Slack accounts and in less than 2 minutes, Dokkio will automatically organize all your file attachments. Learn more and claim your free account.

View
 

BSidesKCTalks

(Related Pages ::BSidesKC)

 

Call For Presenters (CFP) IS Closed!!

 

BSides KC will have two tracks (with "availability" for additional, ad-hoc talks that come up during the event). The first track will be talks confirmed before the event; the second track will be done lightning talk style, wherein talks short and could be on a wide range of subjects.

 

Please send your idea and abstracts for talks to [email protected]

 

 

Talks

 

 

 

  • Name: Nick Coblentz
  • Title:  Using Watir & Ruby for Web Application Vulnerability Unit Testing
  •  
    Abstract: 
     
    The goal of this talk is to demonstrate how Watir and Ruby can be used to write and execute web application vulnerability unit tests. Watir, or more specifically Watir-WebDriver, consists of a browser plugin and Ruby library that enables one to write Ruby scripts to drive a browser.  These scripts can "click" on fields, enter data, submit forms, execute JavaScript, and much 
    Using the techniques discussed in this talk, developers or security consultants can write reliable exploits that reproduce issues identified by automated tools or security assessments.  These exploits can be used by developers to construct unit tests to continuously validate that a vulnerability is remediated throughout an application's lifecycle, or they can be used by security consultants as a proof-of-concept or to retest an issue in a future assessment.

 

  • Name: Noah - Ax0n
  • Title: Linux security on a usb drive
  • Abstract: I will discuss installing Linux on a USB drive, adding our favorite tools (metasploit, nmap, etc), and setting it up for remotepenetration testing with a phone-home tunnel and OpenVAS (likely in slave mode).This doesn't focus on an all-encompassing pentest distro like Backtrack. I'll use Ubuntu server since the focus will be on command-line and remote client/server/webapp tools. It's more so that security professionals who wish to remotely check out a client network from inside don't need to be physically present, they can mail a USB stick to the client, and have them boot up a computer inside to give remote access. If I have time, I'll live-demo the use of the latest build of OpenVAS through this device. 

 

  • Name: Bill "@hevnsnt" Swearingen
  • Title:  If I could recommend ONE THING to do in order to protect your company it would be ___________"
  • Abstract: A moderated discussion of tools, techniques, and technologies that should be employed to protect your company from information security threats. Audience participation is *REQUIRED*.  Do you feel strongly about a certain technology? Bring   Interested in what others are deploying?  This is the talk for you.

 

  • Name: Trent Lo
  • Title:  Abandon hope all Ye who write c0d3
  • Abstract: When does pointing out vulnerabilities become more frustrating for the security researcher than the developers?   Ever wondered what goes on in a developers mind when  they are made aware of vulnerabilities in the project they are working on?  This talk will take you down the path of some of the top sites that are  "just not getting it ".     Not to name names but it's BSides so Im going to anyway -  Facebook, Google, Evite, Time Warner and others might take a front row seat to whats really going on as I try to level the playing field with exploiting some of these application for some real lulz. After this talk you will be hesitant to open your email or click the wall post and Yes, there will be new attack vectors released. No, your social network activity is not safe.

 

  • Name: Andy Barrett
  • Title: Taking The A** Out Of Risk Assessments
  • Abstract: Risk assessments are nothing new, and either are the multiple frameworks that exist for completing them.  Unfortunately, it can be a frustrating experience for seasoned professionals, as well as people that are new to the field, commonly because the end result does not provide you with good, solid, use-able information, especially when compared to the time and resource commitment that likely went into the task. The goal of this talk is to wade through the mass of paperwork and approaches, discuss some common-sense risk assessment strategies which can quickly and easily work for both large and small organizations, make you realize that the problem is with the frameworks and not with you, and put you on the path to finding out what will work best for you, whether you have a compliance-related requirement for doing risk assessments or you simply want to try and figure out what you should be worrying about within your company from a risk management perspective.

 

  • Name: Richard "RSAXVC" Allen
  • Title: Abusing Femtocell Network Infrastructure
  • Abstract: Femtocells have become widespread in recent years, but as with any network device, there are concerns about safety. In this talk, I'll go into some exploits using the device and possible exploits using the network, and explain why these devices really should be put on their own VLAN.

 

Do you have to be a JERK to be in InfoSec?  

Comments (0)

You don't have permission to comment on this page.