The Commons Mixer Building15255 NE 40th Street
Redmond, WA
98052.
Presentations
CFP IS
OPEN:
https://goo.gl/forms/hGyBqtz2LAgmTLZn1
CLOSED!
CFP OPEN DATE: October 19, 2016CFP CLOSE DATE: December 5th, 2016Conference Date: Saturday, February 4, 2017
TICKETS:
SOON!
Invite your friends by posting this on Twitter: #BSidesSeattle
@BsidesSeattle
or
bsidesseattle@gmail.com
Schedule:
TBA
2017 Abstracts
Anonymous Speech on the InternetSpeaker: Sarah Squire @SarahKSquireAbstract:Find out how open standards are being developed to allow for anonymous speech on the internet. I'm working with organizations like NIST and Yubico to make sure that authentication protocols can securely authenticate users while maintaining their anonymity. This is especially important in cases of journalists, whistleblowers, and political dissidents. New protocols like Universal 2nd Factor (U2F) and Proof Key for Code Exchange (PKCE) are currently being deployed to support these use cases.
Cloud basics for pen testers/red teamersSpeaker: Gerald Steere @darkpawhAbstract:You know the ins and outs of pivoting through your client’s or your employer’s domains. You know where to find those unprotected creds that unlock the mysteries of the LAN. You know which hashes grant DA and root to the infrastructure. All the bases belong to you, but do you know how to follow once the path leads into the clouds? As more and more companies move part or all of their operations into the cloud, penetration testers need to think beyond the traditional network boundaries and follow the data and services they are after. The intent of this talk is to provide penetration testers as well as defenders a foundation on cloud services from an attacker’s point of view. This talk is cloud-agnostic and focuses on the general topics and attack patterns necessary to assess cloud-based services rather than specific implementations or vulnerabilities.Do you know the differences between IaaS, PaaS, and SaaS and which vulnerabilities are applicable to each? Am I even allowed to assess my company’s cloud resources?Do you know what credentials you need to move from the corporate network into cloud based services? Do you know where to find them?What dependencies can you compromise to complete your objectives?What kinds of recommendations can I make to improve the security of my client’s cloud deployments?Companies trust key portions of their operations, services, and data to public and private clouds and unless their internal and third-party testers must assess these deployments.
Combat Mindset in the SOCSpeaker: Matthew "Shan" RomanekAbstract:Effective cyber defense will always depend on a human's situational awareness and intuition. A combat mindset is necessary see the attacker behind the SIEM alert and respond effectively. In the physical realm, the adoption of a combat mindset has been facilitated by the model known as "Cooper's Colors." Let's build on this in the SOC context, to discuss a framework for how we decide when an event becomes and incident, and be prepared to act when it does.
Extrabacon's Sploit Framework: Or how to break the Ruby bonds of MetasploitSpeaker: Daniel ReillyAbstract:Sploit is the modular core that runs the EXTRABACON exploit in the ShadowBroker's tool dump. While everyone is focused on the news of the 0-days, the recent porting of this older exploit to newer ASA versions (http://www.securityweek.com/leaked-cisco-asa-exploit-adapted-newer-versions) I chose to look at the underlying structure. First because there are already a number of talented researchers covering every angle of each exploit in greater detail than I could. Second because the hidden jewel that is the Sploit framework deserves some attention as well. In my talk I will go over the python structure of the Sploit Framework as well as examine the general structure of the exploits contained in the dump. Finally I will discuss how to port exploits from other systems (like Metasploit) into the Sploit framework. I will conclude with a demo (hopefully live but possibly recorded) of exploiting the ever popular Metasploitable VM in a closed environment.
Lock ImpressioningSpeaker: @josweyersAbstract: We've all seen lockpicking explained on several security venues. You might even have tried it yourself. But what if you need to open a lock a number of times? Wouldn't it be great to have an opening technique that would supply you with a working key in the process? A method to do this has existed for quite some time, but until recently it has remained quite unknown. Some time ago impressioning locks got "re-invented" by the lockpick community and the skill evolved to the level now shown at several international championships. Unlike lockpicking, impressioning creates a fully working key for the lock which can be used to lock and unlock the cylinder at will. With practice, this technique can consistently open a lock in 10-15 minutes (and potentially faster)!What is it? How does it work? What skill is involved? Why is it the most interesting way to open a lock? These questions, and more will be answered in this talk.
More Security != More SecureSpeaker: Matthew "Shan" RomanekAbstract:As security professionals, we tend to apply more and more controls until something is considered "secure enough." However, this can backfire. When we lose sight of usability, necessity becomes the mother of inventing new ways to bypass security controls put in place for our own protection. We'll work through some case studies of how (and why) end users have innovated their way around security, and propose a different approach to the security/user relationship. Also, kittens.
PixelDust - Breaking the Google PixelSpeaker: Jon Sawyer - @jcaseAbstract:The Google Pixel, the successor to the Nexus line of Android phones, was released October 20th 2016. The Pixel was a new era mobile device, and was billed as a security rival to the iPhone. Unlike the Nexus line, not all were bootloader unlockable. Three carriers chose to limit the ability to unlock the bootloader, Verizon in the USA, EE in the UK, and Telus in Canada.This talk will cover the three low level bootloader vulnerabilities we found and exploited during the first week of Pixel release. These vulnerabilities were given high severity ratings by Qualcomm and Google.We ultimately publicly unlocked the bootloader of the locked Pixel variants, by releasing the "dePixel8" tool.
Security Monitoring for StartupsSpeaker: Eugene Kogan @eugkAbstract:For startups, security is not their top priority - staying in business is. However, wise founders know that ignoring security can also kill a fledgling company. Throwing money at this problem isn’t likely to work, as most enterprise security solutions are a poor fit for the typical startup that relies on dozens of cloud-based services. This talk will focus on how a young company can leverage the tools they already have (e.g., AWS, Google Apps, Slack) to achieve a solid foundation for security monitoring. I will include pointers to some tools that we've written to help enable this effort.
TCPReplay, Rinse, Repeat: Building a Network Baseline, One Segment at a timeSpeaker: Matt Domko @HashtagCyberAbstract:You can't detect abnormal traffic if you don't know what normal traffic looks like. This talk will walk attendees through the process of creating a network baseline(Bro) and configuring IDS alerts (Snort) to notify them when "non-standard" traffic occurs. Having a standardized, repeatable method to perform this task simplifies things.
The Evolution of Red Teaming and Assume Breach @ MicrosoftSpeaker: Jerry CochranAbstract:Red teaming at Microsoft has become an institution and Assume Breach our manta. In this panel discussion, you will meet senior members and leaders of red teams from across Microsoft, in Cloud+Enterprise, Office Product Group, Windows & Devices Group and MSIT. The panel members will share our approach to red teaming, how we have evolved it over the last 10 years, and discuss examples of how it has made our products and services more secure.
TPM: Trojan Horse or Boat AnchorSpeaker: Vim IamAbstract:The Trusted Platform (TPM) hardware chip has been portrayed as "treacherous" by Richard Stallman, a critical piece of computer infrastructure by the NSA, and praised by it's inventors the Trusted Computing Group (TCG). But what is it really? Is it evil? Is it useful? Or is it neither--just a boat anchor that consumes electricity and hardware and software development resources to provide an "illusion" of security?Vim is a software engineer working on cryptographic and security technologies. He has 15 years security experience on UNIX-class systems.
2017 Classes
Opening doors with the ESPKeySpeaker: Kenny McElroy @octosavviAbstract:Facility access control systems are still using archaic, unencrypted protocols for authorizing access badge holders to open doors. This 2 hour workshop will guide you through understanding how common access control systems are put together and where they are weakest. Next, you will learn how to use the surprisingly convenient ESPKey, an electronics implant compatible with the most common access control systems on the market. Finally, you will get to install an ESPKey on provided card readers and work your way through the tutorial lab.One ESPKey will be yours to take home!
Introduction to ArduinoSpeaker: Matt DuHarte @Crypto_MonkeyAbstract:Have you heard about Arduino and wondered if it is right for you maker and hacking needs? This course is a gentle introduction to using the Arduino in your own projects, it assumes no programming or electronics knowledge, just a curious mind and a love of blinking LEDs. We will introduce you to the Arduino IDA on Windows, Mac or Linux, take your choice. Each participant gets a kit of parts that contains all you need to get started on a variety of projects and the class has helpful TAs who can walk you through each project.A Windows, Mac or linux laptop with a USB port is required for this class.
Sponsors
Want to show your support for an awesome event?
Details found here:
2017BSidesSeattleSponsorshipKit.pdf