November 11, 2017

BSides CHARLESTON

THANK YOU to our 2017 speakers, sponsors, volunteers, helpers, contributors, and attendees!

BSides Charleston
When: Saturday, Nov 11, 2017; 9:00am – 6:00pm
(Registration/Check-In Starts @ 8:30am)
Where: Wells Fargo Auditorium - College of Charleston
Cost: FREE (as always!)

A combination of students, professionals, geeks, and tinkerers gathering to discuss Information Security, hear awesome talks, and bring security into our everyday lives. Our mission is to provide an inclusive, inspiring, and motivational environment to discuss and collaborate on information security and how it inspires, interests, and motivates you. This will be the fifth BSides in Charleston. With the eclectic businesses and people from the Lowcountry, we expect to have an outstanding event that will be fun, educational, and inspirational for all. Follow us on twitter @BSidesCHS to keep up with the latest information.

What is BSides?

BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening.

BSides CHS History

BSides Charleston is a 501(c)3 organization that was started in 2012 and has been held in Charleston, SC. Since its existence BSides Charleston has been attracting security professionals from all over the Lowcountry area for this one day event.

Get Involved! - Sponsor BSides CHS

Learn about BSides Charleston Sponsorship opportunities!

Download a Sponsorship Kit

BSides CHS 2017
College of Charleston, School of Business
Wells Fargo Auditorium

Training: Friday, November 10
Main Event: Saturday, November 11 

  • Venue

    College of Charleston, School of Business
    Wells Fargo Auditorium - Beatty Center
    5 Liberty Street
    Charleston, SC 29401

    Parking garages at 26 St Philip or 81 Wentworth are the best options.
    $1/30min, $16 daily max.

    Meters ARE checked on Saturdays,
    so be prepared to feed them if you choose street parking.

BSides Charleston 2017SCHEDULE

Nov 10, 3 pm

Nov 10 - TRAINING: "Not So Difficult == Python + WiFi" ‏

w/ @sgnyrts

Nov 10, 3:00pm - 9:00pm

Overview:
-Take a complete novice or advanced Pentester and immerse them into the inner realm of 802.11
-Work to address some of the more advanced issues associated with interacting in a shared medium such as 802.11
-Discuss and demonstrate tools of the trade
-Walk away knowing how to start building your own tools using nothing more than Python and your imagination


Topics Include:
-Environment checks
-Monitor and inject into the spectrum
-Intro to terminals and Python
-Object-Oriented Programming
-How to effectively implement it with Python for 802.11


Nov 10 - 4 pm

NOV 10 - TRAINING: "Intro to Capture the Flag (CTF)"‏

w/ Arash Parsa, Mika Devonshire, Alberto Tolentino

Nov 10, 4:00pm - 8:00pm

Overview:
A beginner CTF event where basic penetration testing skills will be taught in order to enumerate machines, search for vulnerabilities, find and customize exploits, and finally gain the highest level of access on each machine. The only thing required is a Kali linux machine or virtual image. Pre-requisites can be found here: www.thehackerground.com/bsidescharleston


Nov 11, 1 pm

NOV 11 - TRAINING: "Better OSINT for Better Social Engineering" ‏

w/ Joe Gray

Nov 11, 1:00pm - 5:00pm

Overview:

Have you ever spent too much time in the reconnaissance phase of a pen test because you needed better intelligence? Do you make the most efficient use of OSINT? This course aims to help you find more efficient ways to collect the information about your targets so that you can get to the fun stuff: exploitation and maximum pwnage. Here, you’ll see the correlation between OSINT and Social engineering and how to better apply it to your engagements. You'll see techniques for phishing, vishing, pretexting, impersonation, and more. Tool demonstrations will include how to make the best use of OSINT Websites and standalone tools such as Google, recon-ng, Social Engineer Toolkit (SET), and lessons learned from the winner of the DerbyCon SECTF.


Participants must bring a laptop and will receive necessary materials upon the start of the class.


Registration: 8:30 AM
Keynote and BSides Talks: 9 AM - 6 PM
CTF & LockPick Village: 10 AM - 6 PM
Wrap-up, Awards, Raffles: 6 PM
After Party: 7 PM

 

Sponsors SPECIAL THANKS

 

 PALMETTO GUARD

 

CHUCKTOWN CALVARY 

                                          

 

 

  FOLLY FRIENDS

                

 

BATTERY BOOSTERS 

                 

 

BECOME A SPONSOR

BSIDES CharlestonARCHIVES

Gerald Auger - Black Box FISMA-based SCA of Public Cloud (IaaS) Providers

@Gerald_Auger

Gerald Auger’s been working within the Information Technology (IT) and Security industry for ten years supporting multiple industries. He is an active CISSP, CISM, and CISA. Gerald has had the distinguished pleasure to work for Booz Allen Hamilton in the public sector, providing cyber security solutions to the DoD, the Dept. of Veterans Affairs and the National Science Foundation United States Antarctic Program. He has earned a master’s in Computer Science and a master’s in Information Assurance, which affords him the ability to analyze a problem set on a technical and engineering level, and cross-cut this analysis with security concepts and thought processes. Gerald is currently working toward a Doctorate of Science in Cyber Security from Dakota State University with a research focus in developing biomedical device risk management frameworks for small and medium-sized healthcare organizations.

Jeff Man - Do We Still Need Pen Testing?

@MrJeffMan

Jeff is a respected Information Security expert, adviser,and evangelist. He has over 33 years of experience working in all aspects ofcomputer, network, and information security, including risk management,vulnerability analysis, compliance assessment, forensic analysis andpenetration testing. He has held security research, management and productdevelopment roles with NSA, the DoD and private-sector enterprises and was partof the first penetration testing "red team" at NSA. For the pasttwenty years, he has been a pen tester, security architect, consultant, QSA,and PCI SME, providing consulting and advisory services to many of the nation'sbest known brands.

April M Jones - OMNOMNOM: A Newbie Chick’s Take on InfoSec

April is a Newbie Chica in the InfoSec world. She fell into it purely on accident (she was *almost* pulled kicking and screaming), but had already developed second-hand paranoia due to her connections, so it was a natural next step. Managing to get a newbie-type of position at a Large Unnamed Company, she has begun happily delving into the lighter and darker sides of InfoSec. Sure, she might not have quite the background that most speakers have, but she definitely can provide a new twist on things and a new way of thinking about them. When she's not attending conferences and trying to solve the world's InfoSec issues, she enjoys spinning creative tales and reading.

Jason Gillam - The Hacker Evolution: What have we become?

Jason Gillam is a Principal Security Consultant with Secure Ideas. He has over 15 years of industry experience in enterprise software solutions, system architecture, and application security. Jason has spent most of his career in technical leadership roles ranging from startups to fortune 100 companies and has learned the business acumen necessary to advise everyone from developers to senior executives on security and architecture. Jason co-built and managed an award-winning ethical hacking program at one of the world's largest financial institutions. He also provided numerous application security training and awareness briefings to a large internal technical audience and led the development of best practices code and documentation for the the same. Jason is especially passionate about integration of security best practices with the SDLC. Jason holds his GIAC Web-Application Tester certification. He has spoken at several events including the Charlotte-Metro ISSA Summit, multiple BSides events, Hackfest (Canada), and the UNC Charlotte Cyber Symposium. He is also the author of several Burp extensions including CO2 and Paramalizer, and an active contributor to other open-source projects including MobiSec, SamuraiWTF, and Laudanum.

Joe Stewart and James Bettke - Wire Wire - The African Persistent Threat

Joe Stewart and James Bettke are researchers with Dell SecureWorks, authors of multiple security papers and tools including DCEPT and PDFXpose. In addition to their day jobs performing threat research, Joe and James are also founding members of the SubProto hackerspace in Myrtle Beach.

Patrick Fussell and Josh Stone - Hunting High-Value Targets in Corporate Networks

Josh Stone and Patrick Fussell are penetration testers with PSC, working primarily in the PCI compliance space. Between the two of them, there’s over 15 years of penetration testing experience, and they get to work with some of the world’s largest service providers and merchants.

Jared Haight - Adding PowerShell to your Arsenal with PS>Attack

Jared Haight is a Security Engineer with Gotham Digital Science in Charlotte, NC. Before making the transition to Information Security he was a Systems Administrator for a decade where he spent most of his time writing scripts to automate everything he did so he could spend more time looking at pictures of Corgis on the Internet.

Josh Huff - What I learned being an OSINT creeper

Josh Huff is a Digital Forensics Analyst for private investigation firm in Columbia, SC. He uses his knowledge of security and open source intelligence to break into a security role at Stillinger Investigations early this year. Josh currently uses his OSINT knowledge to assist the investigators with casework while handling the assorted tech landscape of personal devices and computers that come through the forensics lab. he also co-organizes for ColaSec (Columbia's local infosec meetup)

Max Harley - Shellcoding basics

Max Harley is a freshman in college who loves security. Max worked for Soteria, a Charleston-local security firm during his senior year in high school. Security is Max's passion, so he strives to become better at it.

(Keynote Speaker) Security Circus - Kevin Johnson

(Keynote Speaker) Security Circus - Kevin Johnson

Software Vulnerability Discovery and Exploitation during Red Team Assessments - Ryan Wincey

Software Vulnerability Discovery and Exploitation during Red Team Assessments - Ryan Wincey

You spent $20,000 so that my throw away email can have full recon on your internal network? - Chris O'Rourke

You spent $20,000 so that my throw away email can have full recon on your internal network? - Chris O'Rourke

Get-Help: An intro to Powershell and how to use it for evil - Jared Height

Get-Help: An intro to Powershell and how to use it for evil - Jared Height

How to pen test off the grid.. and in the middle of the Pacific - Dave Keene

How to pen test off the grid.. and in the middle of the Pacific - Dave Keene

(Keynote Speaker) InfoSec(Cyber Security) We're Doing It Wrong - Bill Gardner

(Keynote Speaker) InfoSec(Cyber Security) We're Doing It Wrong - Bill Gardner

Internet of Things Hacking - Jason Davison

Internet of Things Hacking - Jason Davison

The State of Information Security Today - Jeff Man

The State of Information Security Today - Jeff Man

Hacking Web Apps - Brent White and Tim Roberts

Hacking Web Apps - Brent White and Tim Roberts

Building BURP Extentions - Jason Gillam

Building BURP Extentions - Jason Gillam

Going Nuclear: Exploiting Mass Emergency Notification Systems - Evan Davison

Going Nuclear: Exploiting Mass Emergency Notification Systems - Evan Davison

FAIL-in-Depth - Marcus J. Carey

FAIL-in-Depth - Marcus J. Carey

diff -q 3rdpartyassessments internalteams | grep qualified assessments - Kelly O'Donnell

diff -q 3rdpartyassessments internalteams | grep qualified assessments - Kelly O'Donnell

Router Fail - John Garrett

Router Fail - John Garrett

(Keynote Speaker) Hacking Culture - Jayson E. Street

(Keynote Speaker) Hacking Culture - Jayson E. Street

Ballin on a Budget - Andrew Morris

Ballin on a Budget - Andrew Morris

Allow myself to encrypt…myself! - Evan Davison

Allow myself to encrypt…myself! - Evan Davison

WUDS You Say SmartAssPhone? - Frank Catucci

WUDS You Say SmartAssPhone? - Frank Catucci

(Keynote Speaker) Dont Be A Tool - KizzMyAnthia

(Keynote Speaker) Dont Be A Tool - KizzMyAnthia

Holistic Operational Security - David Zendzian

Holistic Operational Security - David Zendzian


Building an Open Source Threat Intelligence Program - Edward McCabe

Building an Open Source Threat Intelligence Program - Edward McCabe

Operation Arachnophobia: Don’t Get Caught in the Web - Rich Barger

Operation Arachnophobia: Don’t Get Caught in the Web - Rich Barger

Just Apply the Patch: A tale of Struts 2, broken CVSS scores and IDS evasion - Robert Wessen

Just Apply the Patch: A tale of Struts 2, broken CVSS scores and IDS evasion - Robert Wessen

Passive Recon: Let's Get Creepy! - Gabele Blanc and Philip Hartlieb

Passive Recon: Let's Get Creepy! - Gabele Blanc and Philip Hartlieb

JAVA Shellcode Execution - Ryan Wincey

JAVA Shellcode Execution - Ryan Wincey

Waging war on an entire city - Andrew Morris


Fantasy Defense In-depth - Evan D.


Social Insecurity - Frank Catucci

Social Insecurity - Frank Catucci

Free phish and malware hosting for life! - Paul Burbage & Dustin Weathers

Every day websites with simple vulnerabilities in Content Management Systems such as Wordpress are compromised and used to host phishing and malware attacks.


Using MLP to classify Encrytped Network Traffic - Micheal Reski


BYOD Party Crashers: How to Protect Against Unauthorized Mobile Access - Brent Morris


Fuzzing With Peach - Thomas Macklin