• If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

  • Whenever you search in PBworks, Dokkio Sidebar (from the makers of PBworks) will run the same search in your Drive, Dropbox, OneDrive, Gmail, and Slack. Now you can find what you're looking for wherever it lives. Try Dokkio Sidebar for free.



You're probably looking for Security B-Sides MSP 2016 in MN

Check out what BSidesMSP 2015 did.


Good news everyone! Saturday August 23, 2014 is Security B-Sides MSP at the Nerdery!


@BSidesMSP Mailing List <-- SUBSCRIBE   |                 BOOKMARK --> www.bsidesmsp.org 


Online schedule for BSidesMSP 2014 via KhanFu








250+ in attendance including uStream





SPONSORS ARE: Being recruited for our next event!

Contact sponsor@bsidesmsp.org with interest. 


Press release via The Nerdery

We're on WCCO TV and KSTP and repeated across the globe!

We're featured in Twin Cities Business Magazine

We're featured in CSO Online along side Lt. Col. (Ret) William Hagestad II

Pics from BSidesMSP 2014 at our Google+ Community


Crypto Party Materials via @pauldokas & @threatbucket:

Session 1, Session 2, Session 3, Session 4


BSidesMSP 2014 Documentary



We host at DigitalOcean and love it, help support our hosting costs

by trying Digital Ocean you get a $10 immediate credit, and we get $25. 



Speaker Videos from the 2014 uStream






IN MEMORIAL: Craig K. Harmon


What is BSidesMSP?


BSidesMSP is:


  • A free security conference for hackers by hackers, in the Upper Midwest by Midwesterners. 
  • Why? Why not. Because, Minnesota Nice. 
  • Engaged, Happy Hackers, Protecting Planet Earth


Why support BSidesMSP?


More information


When? Saturday August 23, 2014 at the Nerdery



Leads: Matthew J. Harmon (Lead Coordinator/Organizer) Jeremie Kass (Treasurer), Nick Ries (Volunteer Coordinator), Amanda Hull (Chief Food Officer & Vendor Wrangler) David LaBelle (Safety Team), Paul Dokas & Brandon Ford (Crypto Party), Chad Rikansrud (CTF), Charles Neely (Exhibitor Village), Rachel Adams & Michael Haffley (Marking & Communications), Jason Herbst (Audio / Visual), Ron Fresquez (Speaker Wrangler), Brad Ammerman (Re-founder and Parking) 

Volunteers? Spenser Reinhardt, Phil Reno, David Anderson, Brian Fackler, Daniel Rhurson, Bryan Platz, Chris Frederic, Loren Anderson, Jessica Hebenstreit, Art Christofferson, Lamine Youla, Rosalia O'Neil, Tim Jensen, Megan Carney, Maddie, Mike Dunn, William Martinez,  Clara James, Jerome Crea, Roger Hagedorn, Saul Alanis, Gabe Franz, Kevin Thompson

Advisors? Darlene Tester, Mark Kikta, Natascha Shawver

Presenters? LtCol William Hagestad II (@RedDragon1949), Rafel Los (@Wh1t3Rabbit), Mike Saunders (@hardwaterhacker), Leonard Jacobs, Dr. Jared DeMott, Paul Dokas (@PaulDokas), Bryan Platz


(Contact information)


Schedule (also via KhanFu



(Track Schedule PDF and Online + Offline at KhanFu


Tri-Fold Flier 





BSidesMSP2014_TriFold.pdf  for Printing)


CPR/AED Training by Bryan Platz


Three sessions through out the day! Learn hands-on life saving human body hacking. This is like no CPR and AED training you've experienced before! 


Theater Track


Theater track presenters were voted on by the community after submissions to our (extended) open Call for Papers and were vetted by an independent party. There were two separate rounds of community voting: first, through subscribers to the mailing list (https://bsidesmsp.org/mailing-list) and then a second round of voting to the early event registrants. The beginning and ending keynotes were by special invitation to kick off and close the event. 


Opening keynote by Lt. Col. William Hagestad II (@RedDragon1949)


Hagestad Presentation Summary:


Chinese Use of the Computers & Networks as a Strategic Weapon System Facts & Field Experience regarding the Mainland Chinese history of cyber risk to the World and associated economic reward for the Middle Kingdom.


Hagestad Bio:


LtCol Hagestad is an internationally recognized & respected authority on the People's Republic of China's use of computer and information network systems as a weapon. He speaks internationally on the subject of China's hegemony in the information age. In 2012, LtCol Hagestad's first book "21st Century Chinese Cyber Warfare" debuted. In 2013 he published another seminal work about the People's Republic of China's Cyber Activities "Operation Middle Kingdom: China's Use of Computers & Networks as a Weapon System." In 2014 LtCol Hagestad published a third work "Chinese Information Warfare Doctrine Development 1994" LtCol Hagestad provides current cyber threat assessments to international defense, intelligence and law enforcement entities. He speaks both domestically and internationally on strategic information security threats Chinese Cyber Threat. LtCol Hagestad's education includes a Bachelor of Arts in Mandarin Chinese, with minor emphasis in Classical Chinese and Modern Japanese, University of Minnesota. He earned a Master of Science in Military Strategy from the US Marine Corps Command & Staff College in 2002. He holds a Master of Science in Security Technologies from the College of Science & Engineering, University of Minnesota and a Master of Science in the Management of Technology from the Technological Leadership Institute, University of Minnesota.



Title: Problems with Parameters by Mike Saunders (@hardwaterhacker)


Talk description; 

The Internet has a soft underbelly that renders it vulnerable to attack - Web Applications. As the rest of the information security industry gets better at hardening servers and locking down networks, these web applications provide attackers with a target that can be easily exploited.



Mike Saunders has spent the last seven years as an incident handler, web app and network pen tester, and architect. Having seen the same failures over and over again is ready to share his knowledge with the community. This talk is intended for anyone who writes or analyzes web applications or who helps developers secure them.


Title: Using Your Brain to Beat the Hackers by Leonard Jacobs


Zero-Day Attacks, Advanced Persistent Threats, and other types of unknown malware have been specifically constructed to bypass modern defense. Thus, improved threat detection is essential. We have become too dependent on threat detection software and devices. Threat monitoring, detecting behavioral changes, can overcome the limitations of signature-based intrusion detection and anti-malware heuristic analysis ... but only after analysis by the human brain.


This presentation accepts that attacks are inevitable and that detection is critical for containment. However, the machine alone cannot determine whether a threat is real. The human brain is needed.



Title: AppSec: Overview, Deep Dive, and Trends by Dr. Jared DeMott


In this presentation we will describe Application Security, dive into 3 pillars (static, dynamic, and manual analysis), and discuss current trends.


Application Security is a process improvement exercise, but depends more on the skill of the humans involved that other more mechanically oriented processes.  Developers with the right skillset and training will produce better code than those without.  And security architects and penetration testers will find more bugs if they have deep security experience and skills.  Even so, bugs will be missed in peer review and formal code audits.  Thus a solid process with a variety of techniques, are required to examine programs from all possible angles.


In terms of code auditing we’ll talk about three popular bugs: use-after-free, type confusion, and double fetch.  We’ll briefly describe each bug and show examples to help code auditors think about how to find such bugs in their source.


Fuzzing is one of the popular dynamic testing techniques to hunt within the fully compiled binary for bugs missed in other types of testing.  We’ll walk through an example of file fuzzing and network fuzzing.  For file fuzzing we’ll use the peach framework and for the network example we’ll use Sully.


This talk includes a perspective managers will appreciate, as well as the technical skills your code folks enjoy and require. 



Title: World-class network defense, or, How I learned to ignore vendors and use tools that work. by Paul Dokas (@PaulDokas)


World-class network defense, or, How I learned to ignore vendors and use tools that work.


Open source tools can be used to create a defense system for your network that actually works.  Tools like Snort/Suricata, Bro, various logs, and PCAP capture and analysis systems can be used to build a network that functions well and won't crush your budget. This talk is non-commercial and includes no FUD, no APT-worthy buzzwords ... no bullshit.


We will discuss common data sources, what they are, how to collect from them and what to do with the data. We will also cover the big picture of network defense and ways to piece together a network security monitoring (NSM) system. Finally, we will explore processes

that we can go through to use these tools without breaking your budget for either time or money.


Ending Keynote by Rafal Los

Topic Succeeding in Security by Measuring Your Failure


Every company, ever, has weaknesses they cannot account for. Open weakness have a way of being exploited. This leads us to believe that it is only a matter of time before the organization you defend will be breached and hacked - so what? Being breached is not a binary end-state. If we take that as a possible truth than we have to figure out how to measure the shades of the gradient which are the result. Here, in the failures, we can find success. I believe it is critical to measure, but figuring out what to measure, is almost as figuring out how  to do that measurement effectively. I believe this is one of the key challenges enterprise security professionals face today - and the key to any success we will be able to claim. Understanding our challenges against business goals, measuring positive/negative impact of program items, and effectively communicating these measurements are skills you must have if you want to really be effective at security in the corporate world.



Crypto Party Track




PGP Key Signing


Coordinated with BigLumber


"This key signing will be part of BSidesMSP (https://bsidesmsp.org/). The key signing event will start at approximately 1pm. If you are interested in participating in the key signing, but are not registered for BSidesMSP, then please contact me (paul@dokas.name) and let me know that you are interested."



How much? Attendance to the event is FREE, but registration is required!





Facility Sponsor


The Nerdery Pocket Protector Shield



The Nerdery


Promotional Sponsor

(ISC)2 Twin Cities Minnesota Area Chapter 


(ISC)2 Chapter Twin Cities Area


Council on Cyber Security


Council On Cyber Security


IANS Research




IANS Research


Official Security B-Sides MSP Barber


Circle H Barber Shop

Mention Security B-Sides MSP Conference and get $5 off. 


CTF Sponsor



Capture the Flag (CTF) 365 Security Training Platform


Financial Sponsors


Dakota State University


Milton Security Group






Symantec Website



Netsecuris Website






Global Velocity






Silent Circle




IT Risk Limited

(FIRST Financial Sponsor, In-Kind, Infrastructure, Staff, and Design Support)


Palo Alto Networks



Midpoint Technology




Check Point








Sponsor Information


FREE? Nothing is free, you mean you need sponsors right!? YES. Email sponsor@bsidesmsp.org if you are interested in sponsoring Security B-Sides MSP 2014 or treasurer@bsidesmsp.org to make payment arrangements. 



Will there be money for speakers transportation, lodging and stuff? I really wish I knew. Yes. I hope so. Maybe. It's classified. Why? Would you like to sponsor a speaker? Email sponsor@bsidesmsp.org


Volunteer Coordination - https://groups.google.com/forum/#!forum/bsidesmsp2014-volunteers


What needs sponsoring & volunteering? Let's talk. Everything.


Yes, we are now members of the Minnesota Council Of Nonprofits!







Security B-Sides MSP is a Minnesota 322B.975 Not for Profit Limited Liability Company, contributions to Security B-Sides MSP are not deductible for federal income tax purposes as charitable contributions

Comments (0)

You don't have permission to comment on this page.