• If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

  • You already know Dokkio is an AI-powered assistant to organize & manage your digital files & messages. Very soon, Dokkio will support Outlook as well as One Drive. Check it out today!

View
 

BSidesAugusta 2014

THIS PAGE IS FROM 2014 and is NOT the current page !

 

The most current site is located at www.BSidesAugusta.org

 

 

 

 

What is BSides ?


Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening.

Questions? Want to volunteer? Want to sponsor? Email us at BSidesAugusta [at] gmail.com

 

Follow us on Twitter: @BSidesAugusta Hashtag: #bsidesaugusta

 

Campus Map: http://www.gru.edu/maps/images/summervillecampus.pdf

 

Schedule:

 

September 13, 2014

  Track-1 (Blue Team)

University Hall (UH-170)

Track-2 (Red Team)

  Jaguar Student Activities Center (Ballroom)           

 

FALE Lock Pick Village

 
8:30AM - 8:45AM                             Intro / Welcome to BSidesAugusta   (Jaguar Student Activities Center Ballroom)

 

 

 

 

 

 

 

 

  * ALL DAY * 

9:00AM – 9:45AM      

Chris Sanders

Defeating Cognitive Bias and Developing Analytic Technique

Chris Truncer

Pentester++ 

10:00AM -10:45AM

Chris Sistrunk

ICS/SCADA Defense

Tim Tomes

Stored Password Security: The Adobe Guide to Keyless Decryption

11:00AM -11:45AM

Mike Reeves

Scaling Security Onion to the Enterprise

David Dewey

App Wrapping: What does that even mean 

12:00PM - 1:00PM Lunch

1:00PM - 1:45PM

Tim Crothers

Techniques for Fast Windows Investigations 

Will Schroeder

Adventures in Asymmetric Warfare 

2:00PM - 2:45PM

Chris Campbell

Using Microsoft’s Incident Response Language

Tim Fowler

When Zombies take to the Airwaves 

3:00PM - 3:45PM

Jeff Murri

Is that hardware in your toolkit, or are you just 

Jacob Williams

Spying on your employees using memory

4:00PM - 4:45PM

 Jaguar Student Activities Center Ballroom

Mark Baggett: Crazy Sexy Hacking

Wrap-Up / Closing

   

Abstracts:

Chris Sanders (@chrissanders88)

Defeating Cognitive Bias and Developing Analytic Technique

 

At the center of many defensive processes is human analysis. While we spend a lot of time performing analysis, we don’t spend nearly enough time thinking about how we perform analysis. The human mind is poorly wired to deal with most complex analysis scenarios effectively. This can be attributed to the inherent complexity of solving technical issues where so many uncertainties exist, and also to the cognitive and unmotivated biases that humans unknowingly apply to their analysis. All of these things can diminish our ability to get from alert to diagnoses quickly and effectively. 

 

In this presentation, I plan to discuss the mental challenges associated with technical defensive analysis by leveraging research associated with traditional intelligence analysis. I will discuss how complexity can overwhelm analysis, how cognitive bias can negatively influence analysis, and techniques for recognizing and overcoming these limiting factors. This will include a few fun mental exercises, as well as an overview of several strategic questioning techniques including analysis of competing hypothesis, red cell analysis, and “what if” analysis. Finally, I will discuss several structured analysis techniques, including two different techniques that can be used specifically for NSM analysis: relational investigation and differential diagnosis. 

 

Chris Sistrunk (@chrissistrunk)

ICS/SCADA Defense - Protecting Your DNP3 Networks

 

Your SCADA system has a DNP3 vulnerability, now what? I shortly summarize the DNP3 vulnerabilities (and other ICS protocols too). Then I focus on the different mitigations that an ICS owner can do to mitigate these types of protocol implementation vulnerabilities even if there is no patch or patches can't be installed.

 

Mike Reeves (@toosmooth)

Scaling NSM to the Enterprise

 

This is a presentation about how to scale NSM, specifically Security Onion to the Enterprise using OnionSalt. I will discuss the basics of NSM as well as go into detail on ways to make it work in large environments.

 

Chris Campbell (@obscuresec)

PowerShell and You: Using Microsoft’s Incident Response Language

 

Anyone can write useful security tools in PowerShell. With just a little bit of knowledge you can automate almost anything. From advanced post-exploitation tasks to incident response tools, you can do it with PowerShell! This talk will explain why you should learn a new language and cover the basics to get you started.

 

Tim Crothers (@Soinull)

Techniques for Fast Windows Investigations

 

A typical organization sees anywhere from scores to thousands of alerts daily.  Many of those alerts are indicating a variety of problems with hosts.  An all too common approach is to reimage affected systems.  Unsurprisingly this is the equivalent of playing whack-a-mole.  At the other end of the spectrum the host undergoes a forensics examination taking days of effort.  Fortunately there is a middle ground.  In this talk we'll focus on techniques to conduct quick yet effective examinations of windows hosts.  In many cases we can use these methods to confirm or disprove a breach situation and determine root cause in minutes, not days.

 

Chris Truncer (@christruncer)

Pentester++

 

This presentation outlines my journey from a systems admin turned novice hacker, to a professional penetration tester and co-developer of the Veil-Framework.  As I began to gain experience breaking a wide variety of systems, I wanted to expand beyond tool-centric based testing. I believe that the ability to not only identify the right tool for the job, but to create a solution where one doesn’t exist is an invaluable asset any penetration tester can utilize in their career. This talk will be case-study driven, and will trace the motivation and development process for the projects I’ve worked on. Being able to create your own tools is a skill that is absolutely essential if you want to progress your career to the next level, and I hope my example can spark ideas and motivate others to start their own projects.

 

Tim Tomes (@LaNMaSteR53)

Stored Password Security: The Adobe Guide to Keyless Decryption

 

It goes without saying that Adobe has made some mistakes as a software company. Quite possibly their largest was the breach that resulted in 153 million user credentials being disclosed to the Internet. The good news is that Adobe's passwords were encrypted. The bad news is that they were encrypted poorly. The worse news is that Adobe isn't alone. Each day greets us with news of a new breach, threatening to compromise our identities. We must address this growing problem of poor stored password security.

In this talk, I am going to speak briefly about password storage techniques, popular implementations, their problems, and how to fix them, leveraging Recon-ng to demonstrate the risk associated with using each technique. I'll specifically address the fundamental flaws in Adobe's approach to password encryption and dive into the techniques I've used over the past year to crack a large percent of the Adobe passwords without access to the encryption key. Finally, I'll release a Python module I wrote to assist with cracking the encrypted Adobe passwords and use it to conduct a live password cracking demonstration.

 

David Dewey

App Wrapping: What does that even mean

 

Many security companies today are claiming to "wrap apps" on mobile devices. In digging into the details, it seems that this means a lot of different things to a lot of different people. Depending on how it is implemented, app wrapping can be very powerful; allowing vendors to add much needed security controls to apps users already use. In other cases, the phrase "app wrapping" is being used to mean something entirely different.In this presentation, we explore the different techniques employed by various app wrapping vendors, and evaluate the pro's and con's of each. After attending this presentation, attendees will have a strong understanding of app wrapping and be armed with a battery of questions they can pose to vendors to ensure they can achieve their actual security goals.

 

Jeff Murri (@InfoSec208)

Is that hardware in your toolkit, or are you just glad you’re keeping up?

 

Friends… The landscape is a changin’, and if you are not integrating hardware devices into your audits (or are not familiar with various hardware solutions available) then soon you will be behind the curve. For the independent or hobbyist security researcher, however, hardware auditing tools are normally out of our reach – some notable exceptions being the Hak5 pineapple and hacked boxes running OpenWRT.  Being an information security researcher of very modest means (and a big cheapskate), when a tool drops below $100 I’m a pretty happy guy. When a hardware tool drops below $50.00 then I can’t wait to add it to my toolkit!  

 

Will Schroeder (@harmj0y)

Adventures in Asymmetric Warfare: Fighting the AV Vendors

 

As a co-founder and principal developer of the Veil-Framework, the speaker has spent a considerable amount of time over the past year and a half researching AV-evasion techniques. This talk will briefly cover the problem space of antivirus detection, as well as the reaction to the initial release of Veil-Evasion, a tool for generating AV-evading executables that implements much of the speaker’s research. We will trace through the evolution of the obfuscation techniques utilized by Veil-Evasion’s generation methods, culminating in the release of an entirely new payload language class, as well as the release of a new ..NET encryptor. The talk will conclude with some basic static analysis of several Veil-Evasion payload families, showing once and for all that antivirus static signature detection is dead. 

 

Tim Fowler (@roobixx)

When Zombies take to the Airwaves

 

In a post-apocalyptic world, communication is going to be crucial for the survival and zombies alike. Long range, rapid, and mobile communication is going to be a must in order to properly organize, defend and ultimately survive. So naturally wireless communication is going to be a critical infrastructure but how will it hold up? Can it be leveraged to give us the upper hand?

 

Jacob Williams (@MalwareJake)

Spying on your employees using memory

 

Many companies can't afford costly employee endpoint monitoring software, yet still have the need to figure out how a (potentially) rogue employee is spending his time on the job. Consider a cheaper solution for employee spying- one that makes use of native Windows services and an investigator's ninja memory analysis skills. Whether it be creating a scheduled task to send a machine to hibernate or instantiating an unsuspected memory dump, targeted employee spying can be done on the cheap. Through process enumeration, browsing history reconstruction and memory-mapped file extraction, watch as we piece together what our trusted insider was doing on their company computer, unbeknownst to his boss. Even if you don't have the need to covertly investigate a rogue employee (yet), this talk will arm you the knowledge to know what is within the realm of the possible. Even if your hat tends to be more black than white, the same techniques can be used for post-exploitation operations against your most valuable targets.

 

Mark Baggett (@MarkBaggett)

Crazy Sexy Hacking


Just when you thought BSidesAugusta was done delivering great presentations we wrap it up with one more.  The Blue Team and Red Team come together for a light-hearted humorous look at some interesting research that affects the way we attack and defend our networks.  A look at application white listing, protecting private keys and back doors on mobile devices will be discussed.   Join us as we wrap up the conference with this fun look at the events of 2014, conspiracy theories and things to look for in 2015.

 

Sponsors:

 

Diamond Sponsors 

 

 

Gold Sponsors 

     

 

                          

 

Silver Sponsors 

 

 

 

 

 

Bronze Sponsors

 

 

Basic Support

 

 

Our In-Kind Sponsors, providing us with contest prizes, and raffle give-away's.

 

   

 

 

            

Event Recording:

 

 

 

Events:

 

 

FALE came together around a common idea of general curiosity and persuasion of the public’s “right to know”. Formally founded in early 2010, the individuals involved in the initial organization already had a history in and love for the practice of locksport and of having a better understanding of the mechanisms we rely on so heavily to keep us secure. Beginning with four members meeting monthly, we have quickly progressed to bi-monthly meetings. We talk locks, picks, general security and a smattering of other topics when meeting, all towards the end of a better knowledge of and ability to communicate the effectiveness (or lack thereof) of so many security measures in place in current society. We hope that through these conversations and our efforts publicly we will help to educate the larger community on the proper use and understanding of locks and security measures encountered daily.

FALE will be hosting a Lockpick Village where folks can come by to talk about physical security, learn to pick locks or talk about advanced picking techniques and tips. Plenty of locks and spare picks to play with, so be sure to stop by!

 

Organizers:

 

  • Doug Burks | @dougburks
  • Mark Baggett | @markbaggett
  • Lawrence Abrams | @vpnpoker 
  • Mike McDargh | @mmcdargh
  • Phil Plantamura | @philplantamura
  • Joanne Sexton 
  • Ron Martin

 

Volunteers:

 

 

Comments (0)

You don't have permission to comment on this page.