When: Friday, 16 May, 2014, 9AM to Midnight

Where: The Society 1434 Blake St., Denver CO 80202

Cost: $20 Pre-reg fee will be refunded upon check-in, or forfeited

 

Register HERE!

We have two levels. General Reg ($20 refunded at door, if requested) and Donor (I want BSides to keep my $$ to help pay for the event because I <3 BSides!). Pick which one is right for you!

 

Registration closes when all tickets are gone or day of the event Friday, May 16th, 2014

 

Call for Presenters and Panelists is closed!

 

Want to volunteer? You can do that RIGHT HERE!

 

Want to sponsor? Check out the Sponsor Kit HERE:

 

Questions? Email us at bsidesdenver@gmail.com

 

Follow us on Twitter: @BSidesDenver

 

Twitter hashtag = #BSidesDenver

 

 

Schedule of Events

 

Track 1- Upstairs

Time	Presenter	Discussion	Abstract
9 - 9:30	ALL	Coffee, breakfast, meet, and greet	WAKE UP YOU HEATHENS!!    Get your #BSidesDenver game going with some piping hot coffee and breakfast, and meet new compadres.
9:30 - 10:25	@JacobTorrey	MoRE: Measurement of Running Executables	This presentation provides a cohesive overview of the work performed on the DARPA Cyber Fast Track MoRE effort. MoRE was a 4-month effort which examined the feasibility of utilizing TLB splitting as a mechanism for periodic measurement of dynamically changing binaries. The effort created a proof-of-concept system to split the TLB for target applications, allowing dynamic applications to be measured and can detect code corruption with low performance overhead. The thesis of this talk is to show that the x86 architecture has become so complex that its behavior can be modified through software.
10:30 - 11:25	John Hoopes @Tilverl	Make it rain	We've seen ATM's for years.  Everyone always assumes that the vendors have put the work in to make sure they're secure.  Obviously they will since they hold raw cash and sit in some of the least secured places of the planet.  What better target could there be for thieves?   This talk will be a vendor neutral presentation of some sanitized discoveries that have been encountered in the wild.  Attacks at the physical, network, operating system, and application layers will be presented.
11:30 - 12:20	Dave Campbell @alchemyDC   Chris Nelson @cryptzero   Beau Christiansen @beauchristensen   Moderator: Robb Reck @robbreck	Panel Discussion: DevOps Security	DevOps is the best way to increase productivity, decrease error rate, and maximize value to the organization. But almost all security controls are made to support a traditional waterfall environment. During this panel we will hear from security leaders who have been through the challenge of securing DevOps. They will share their struggles, failures and successes, and answer questions from attendees.
12:20 - 1:25	Argue amongst yourselves...	Local BBQ, served with your favorite sides of BYOD (discussion).
1:30 - 2:25	Chris Roberts @sidragon1	The Age of Everything	As humans we move between the various electronic domains within our lives. We are familiar with those on our desks and in our pockets…we have been made aware of the ones in the transportation we use and the interactions with the world around us…but now we’re moving into the “Age Of Everything”. We live in houses controlled by remote interfaces, we move around in vehicles that carry our breathing lives as well as our electronic ones. We take it for granted that we can remain connected whenever and wherever we want…yet we don’t really think “how” does this happen…we know and understand elements of the jigsaw but for the most part these considerations are segmented and fragmented. This talk aims to put ALL the pieces together, to show correlation between each of the domains we interface with…and ultimately to play a game of Security Hopscotch between each of them…while maintaining end-to-end connectivity. Quite simply we are going to “demonstrate” how to take control of the Western USA Power Grid by initiating a hack of the Oven you have at home…and tie everything between those not-so-disparate systems. Enjoy the ride.
2:30 - 3:25	Frank	Recon- The art of finding your target	We will be using focused Google searches, common tools like nslookup and some interesting tools like Recon-NG to better understand our target and what type of vulnerabilities it may posses .
3:30 - 4:25	Jack	Alternate CnC Methods	Botnets and tailored access tools are only as good as the means in which they communicate with their operators. But in modern environments with firewalls creating a hostile operating area for botnets and other malicious softwares what is a bot herder to do? By using non traditional methods of command and control firewalls become irrelevant.
4:30 - 5:30	Chris Roberts @sidragon1   Chris Nickerson @indi303   Brian Martin @attritionorg   Joe Bonnell @jobobreck	Panel Discussion: Absolutely everything is pwnd.	After a healthy debate last year followed by an interesting set of significant disclosures, we felt it appropriate to revisit this theme this year. o..0

 

Track 2 - Downstairs

 

9 - 9:30	ALL	Coffee, breakfast, meet, and greet	WAKE UP YOU HEATHENS!!    Get your #BSidesDenver game going with some piping hot coffee and breakfast, and meet new compadres.
9:30 - 10:25		Locking pick tutorial and hands on training	Bring your crafty hand movements and see if you can surprise yourself.
10:30 - 11:25	Greg Foss, @heinzarelli	Attacking Drupal	This talk focuses on the penetration tester's perspective on Drupal and dives into streamlining the assessment and remediation of commonly observed application and configuration flaws by way of custom exploit code and security checklists, all of which are open-source and can be downloaded from: https://github.com/gfoss/attacking-drupal
11:30 - 12:20	The Lares Crew	Badge Cloning Workshop	The workshop will focus on advanced badge attacks, and how to use those in red-teaming situations to gain covert access to a physical facility. We will demo numerous attacks using DIY Arduino based hardware, that anyone can build in a weekend using off the shelf components.  Also, we will walk through a long range card read using an Arduino powered mobile iClass reader, and then discuss how this data may be used to clone iclass RFID cards using hacked HID device drivers from a China Website.  Finally, research regarding bypassing HID biometrics and remediation will be covered to finish the 60-minute timeframe.
12:20 - 1:25	Argue amongst yourselves...	Local BBQ, served with your favorite sides of BYOD (discussion).	Lunch, hang out, debate, participate in documentary interviews, pick locks, and generally try not to get into trouble.
1:30 - 2:25		Lock pick training
2:30 - 3:25	Steve Pordon	We've got a bigger problem now.	A demonstration of 0-day vulnerabilities in high-security applications.
3:30 - 4:25		Lock pick training.

 

 

Sidebars

In addition to great panelists and presenter discussions, BSides Denver is happy to announce the additional activities as part of the event this year!

 

BSides Denver 2014 State of the Union video

Something in the industry that really grinds your gears? Here is your opportunity to vent (and share some constructive ideas...).

 

Our topic questions for this video are:

 

1. Given the recent revelations contained within the Snowden document releases and the vulnerabilities in OpenSSL, what do you think is the most important privacy issue facing our digital society today?

 

2. If you could change one thing, and one single thing only, within the Information Security industry, what would it be?

 

3. What are your thoughts on the “Internet of Things” that is developing?

 

4. Any info sec advice to/for organizations in 2014?

 

You can choose to answer one of these questions or make up your own topic and we'll give you 2 minutes. All consented (i.e., you sit in front of the camera to answer a question, you have given consent) footage from BSides Denver 2014 will be compiled and posted on YouTube.

 

CTF - Jeopardy Style!

 

Bring your mad skillz and walk away with some nifty prizes.

 

Will be held between 10:00 - 3:30 

- Local and Remote

    - each will be seperate... meaning remote people wont compete with local

    - Local will register on the day of the event in person

    - Remote can register soon, competition unlocks on day of event (May 14) 

 

- Requirements: bring your own computer. no VM required  

 

 

- Categories:

    - Web

    - Forensics

    - Crypto

    - Misc

 

 

Lockpicking Village

 

You know the drill...no drills!

 

 

Planners and Volunteers (We need volunteers!)

 

• Joe Bonnell (@jobobreck) - Organizer 
• Danny Chrastil (@DisK0nn3cT) - Organizer, CTF
• Jericho (@attritionorg)  - Organizer
• Lance Miller (@wireheadlance) - Organizer, Social Media
• Jeff Pettorino (@jpettorino) - Organizer, CFP Chair
• Stig Ravdal (@stigmon) - Organizer 
• Robb Reck (@robbreck) - Organizer
• PJ Torney - Organizer/Video Monkey
• GK Southwick (@gksouthwick) - Organizer, Volunteer Coordinator, Registration

 

 

Parking Info

 

This location is in the LoDo area, with plenty of paid parking in the area. Short term street parking is available immediately in front of and around the venue.

 

 

Public Transit

 

There's plenty of public transportation options to get to the Lodo district including light rail, bus, Uber and taxi.

 

 

Local Hotel Info

 

See various options here. 

 

 

With Much Love, Respect and Thanks - our Sponsors!

     

     

 

 

 

 

 

 

 

 

     

 

 

 

 

Tags for flickr, twitter, blog, etc.

Please use the tag #BSidesDenver for content related to this event