• If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

  • You already know Dokkio is an AI-powered assistant to organize & manage your digital files & messages. Very soon, Dokkio will support Outlook as well as One Drive. Check it out today!


BSides Denver 2014


BSides Denver


When: Friday, 16 May, 2014, 9AM to Midnight

Where: The Society 1434 Blake St., Denver CO 80202

Cost: $20 Pre-reg fee will be refunded upon check-in, or forfeited


Register HERE!

We have two levels. General Reg ($20 refunded at door, if requested) and Donor (I want BSides to keep my $$ to help pay for the event because I <3 BSides!). Pick which one is right for you!


Registration closes when all tickets are gone or day of the event Friday, May 16th, 2014


Call for Presenters and Panelists is closed!


Want to volunteer? You can do that RIGHT HERE!


Want to sponsor? Check out the Sponsor Kit HERE:


Questions? Email us at bsidesdenver@gmail.com


Follow us on Twitter: @BSidesDenver


Twitter hashtag = #BSidesDenver



Schedule of Events


Track 1- Upstairs

Time  Presenter Discussion Abstract

9 - 9:30 

Coffee, breakfast, meet, and greet



Get your #BSidesDenver game going with some piping hot coffee and breakfast, and meet new compadres.

9:30 - 10:25 @JacobTorrey MoRE: Measurement of Running Executables This presentation provides a cohesive overview of the work performed on the DARPA Cyber Fast Track MoRE effort. MoRE was a 4-month effort which examined the feasibility of utilizing TLB splitting as a mechanism for periodic measurement of dynamically changing binaries. The effort created a proof-of-concept system to split the TLB for target applications, allowing dynamic applications to be measured and can detect code corruption with low performance overhead. The thesis of this talk is to show that the x86 architecture has become so complex that its behavior can be modified through software.
10:30 - 11:25  

John Hoopes


Make it rain

We've seen ATM's for years.  Everyone always assumes that the vendors have put the work in to make sure they're secure.  Obviously they will since they hold raw cash and sit in some of the least secured places of the planet.  What better target could there be for thieves?


This talk will be a vendor neutral presentation of some sanitized discoveries that have been encountered in the wild.  Attacks at the physical, network, operating system, and application layers will be presented.

11:30 - 12:20   

Dave Campbell @alchemyDC


Chris Nelson @cryptzero


Beau Christiansen @beauchristensen


Moderator: Robb Reck @robbreck


Panel Discussion:

DevOps Security

DevOps is the best way to increase productivity, decrease error rate, and maximize value to the organization. But almost all security controls are made to support a traditional waterfall environment. During this panel we will hear from security leaders who have been through the challenge of securing DevOps. They will share their struggles, failures and successes, and answer questions from attendees.
12:20 - 1:25    Argue amongst yourselves...
Local BBQ, served with your favorite sides of BYOD (discussion).  
1:30 - 2:25 

Chris Roberts


The Age of Everything As humans we move between the various electronic domains within our lives. We are familiar with those on our desks and in our pockets…we have been made aware of the ones in the transportation we use and the interactions with the world around us…but now we’re moving into the “Age Of Everything”. We live in houses controlled by remote interfaces, we move around in vehicles that carry our breathing lives as well as our electronic ones. We take it for granted that we can remain connected whenever and wherever we want…yet we don’t really think “how” does this happen…we know and understand elements of the jigsaw but for the most part these considerations are segmented and fragmented. This talk aims to put ALL the pieces together, to show correlation between each of the domains we interface with…and ultimately to play a game of Security Hopscotch between each of them…while maintaining end-to-end connectivity. Quite simply we are going to “demonstrate” how to take control of the Western USA Power Grid by initiating a hack of the Oven you have at home…and tie everything between those not-so-disparate systems. Enjoy the ride. 
2:30 - 3:25  Frank Recon- The art of finding your target We will be using focused Google searches, common tools like nslookup and some interesting tools like Recon-NG to better understand our target and what type of vulnerabilities it may posses . 
3:30 - 4:25


Alternate CnC Methods

Botnets and tailored access tools are only as good as the means in which they communicate with their operators. But in modern environments with firewalls creating a hostile operating area for botnets and other malicious softwares what is a bot herder to do? By using non traditional methods of command and control firewalls become irrelevant. 

4:30 - 5:30

Chris Roberts @sidragon1


Chris Nickerson @indi303


Brian Martin @attritionorg


Joe Bonnell @jobobreck

Panel Discussion: Absolutely everything is pwnd.

After a healthy debate last year followed by an interesting set of significant disclosures, we felt it appropriate to revisit this theme this year. o..0




Track 2 - Downstairs


9 - 9:30 

Coffee, breakfast, meet, and greet



Get your #BSidesDenver game going with some piping hot coffee and breakfast, and meet new compadres.

9:30 - 10:25  
Locking pick tutorial and hands on training Bring your crafty hand movements and see if you can surprise yourself.
10:30 - 11:25  

Greg Foss, @heinzarelli


Attacking Drupal

This talk focuses on the penetration tester's perspective on Drupal and dives into streamlining the assessment and remediation of commonly observed application and configuration flaws by way of custom exploit code and security checklists, all of which are open-source and can be downloaded from: https://github.com/gfoss/attacking-drupal


11:30 - 12:20    The Lares Crew Badge Cloning Workshop

The workshop will focus on advanced badge attacks, and how to use those in red-teaming situations to gain covert access to a physical facility. We will demo numerous attacks using DIY Arduino based hardware, that anyone can build in a weekend using off the shelf components.  Also, we will walk through a long range card read using an Arduino powered mobile iClass reader, and then discuss how this data may be used to clone iclass RFID cards using hacked HID device drivers from a China Website.  Finally, research regarding bypassing HID biometrics and remediation will be covered to finish the 60-minute timeframe.

12:20 - 1:25    Argue amongst yourselves...
Local BBQ, served with your favorite sides of BYOD (discussion). Lunch, hang out, debate, participate in documentary interviews, pick locks, and generally try not to get into trouble.
1:30 - 2:25   Lock pick training  
2:30 - 3:25 

Steve Pordon

We've got a bigger problem now. A demonstration of 0-day vulnerabilities in high-security
3:30 - 4:25  
Lock pick training.  




In addition to great panelists and presenter discussions, BSides Denver is happy to announce the additional activities as part of the event this year!


BSides Denver 2014 State of the Union video

Something in the industry that really grinds your gears? Here is your opportunity to vent (and share some constructive ideas...).


Our topic questions for this video are:


1. Given the recent revelations contained within the Snowden document releases and the vulnerabilities in OpenSSL, what do you think is the most important privacy issue facing our digital society today?


2. If you could change one thing, and one single thing only, within the Information Security industry, what would it be?


3. What are your thoughts on the “Internet of Things” that is developing?


4. Any info sec advice to/for organizations in 2014?


You can choose to answer one of these questions or make up your own topic and we'll give you 2 minutes. All consented (i.e., you sit in front of the camera to answer a question, you have given consent) footage from BSides Denver 2014 will be compiled and posted on YouTube.


CTF - Jeopardy Style!


Bring your mad skillz and walk away with some nifty prizes.


Will be held between 10:00 - 3:30 

- Local and Remote

    - each will be seperate... meaning remote people wont compete with local

    - Local will register on the day of the event in person

    - Remote can register soon, competition unlocks on day of event (May 14) 


- Requirements: bring your own computer. no VM required  



- Categories:

    - Web

    - Forensics

    - Crypto

    - Misc



Lockpicking Village


You know the drill...no drills!



Planners and Volunteers (We need volunteers!)




Parking Info


This location is in the LoDo area, with plenty of paid parking in the area. Short term street parking is available immediately in front of and around the venue.



Public Transit


There's plenty of public transportation options to get to the Lodo district including light rail, bus, Uber and taxi.



Local Hotel Info


See various options here



With Much Love, Respect and Thanks - our Sponsors!
















Tags for flickr, twitter, blog, etc.

Please use the tag #BSidesDenver for content related to this event

Comments (0)

You don't have permission to comment on this page.