A combination of students, professionals, geeks, and tinkerers gathering to discuss Information Security, hear awesome talks, and bring security into our everyday lives. Our mission is to provide an inclusive, inspiring, and motivational environment to discuss and collaborate on information security and how it inspires, interests, and motivates you. This will be the sixth BSides in Charleston. With the eclectic businesses and people from the Lowcountry, we expect to have an outstanding event that will be fun, educational, and inspirational for all. Follow us on twitter @BSidesCHS to keep up with the latest information.
BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening.
BSides Charleston is a 501(c)3 organization that was started in 2012 and has been held in Charleston, SC. Since its existence BSides Charleston has been attracting security professionals from all over the Lowcountry area for this one day event.
College of Charleston, School of Business
Wells Fargo Auditorium - Beatty Center
5 Liberty Street
Charleston, SC 29401
Parking garages at 26 St Philip or 81 Wentworth are the best options.
$1/30min, $16 daily max.
Meters ARE checked on Saturdays,
so be prepared to feed them if you choose street parking.
Nov 9, 5:00pm - 9:00pm
Hacking containers. Fingerprinting, information disclosure, escape techniques, and maybe some pitfalls to avoid when setting them up. Oh, and it's got lots of hands on stuff!
w/ Andrew Beard
Nov 9, 6:00pm - 9:00pm
Bro is gaining a significant amount of buzz in the community, but for those interested it can be difficult to figure out where to start.
The workshop will contain multiple labs where students will analyze and process packet captures using Bro in a virtualized environment. Bringing a laptop with VMware Workstation or Fusion (free trial is fine) is highly recommended, as an OVA of the environment will be available for students to use. A Docker image will also be made available for those optimistic enough to depend on the conference wifi.
w/ Fernando Tomlinson
Nov 10, 10:00am - 12:00pm
As a cybersecurity professional, learning a new programming/scripting language can be a daunting task and finding suitable training could be just as difficult. Available training either focuses too much on the programming/scripting aspect, not enough on using it from a cybersecurity vantage point or not enough hands-on immersion of Microsoft PowerShell in a Windows environment. Why PowerShell? Well, it's one of the most versatile languages today whether it's from system administration or attacker reconnaissance, escalation, exfiltration, or lateral movement. This training looks to scratch the surface on the usage of the language. In addition, we will explore avenues to improve or hone your skills with realistic blue and red team scenarios in a game format with hands-on immersion.
Gerald Auger’s been working within the Information Technology (IT) and Security industry for ten years supporting multiple industries. He is an active CISSP, CISM, and CISA. Gerald has had the distinguished pleasure to work for Booz Allen Hamilton in the public sector, providing cyber security solutions to the DoD, the Dept. of Veterans Affairs and the National Science Foundation United States Antarctic Program. He has earned a master’s in Computer Science and a master’s in Information Assurance, which affords him the ability to analyze a problem set on a technical and engineering level, and cross-cut this analysis with security concepts and thought processes. Gerald is currently working toward a Doctorate of Science in Cyber Security from Dakota State University with a research focus in developing biomedical device risk management frameworks for small and medium-sized healthcare organizations.
Jeff is a respected Information Security expert, adviser,and evangelist. He has over 33 years of experience working in all aspects ofcomputer, network, and information security, including risk management,vulnerability analysis, compliance assessment, forensic analysis andpenetration testing. He has held security research, management and productdevelopment roles with NSA, the DoD and private-sector enterprises and was partof the first penetration testing "red team" at NSA. For the pasttwenty years, he has been a pen tester, security architect, consultant, QSA,and PCI SME, providing consulting and advisory services to many of the nation'sbest known brands.
April is a Newbie Chica in the InfoSec world. She fell into it purely on accident (she was *almost* pulled kicking and screaming), but had already developed second-hand paranoia due to her connections, so it was a natural next step. Managing to get a newbie-type of position at a Large Unnamed Company, she has begun happily delving into the lighter and darker sides of InfoSec. Sure, she might not have quite the background that most speakers have, but she definitely can provide a new twist on things and a new way of thinking about them. When she's not attending conferences and trying to solve the world's InfoSec issues, she enjoys spinning creative tales and reading.
Jason Gillam is a Principal Security Consultant with Secure Ideas. He has over 15 years of industry experience in enterprise software solutions, system architecture, and application security. Jason has spent most of his career in technical leadership roles ranging from startups to fortune 100 companies and has learned the business acumen necessary to advise everyone from developers to senior executives on security and architecture. Jason co-built and managed an award-winning ethical hacking program at one of the world's largest financial institutions. He also provided numerous application security training and awareness briefings to a large internal technical audience and led the development of best practices code and documentation for the the same. Jason is especially passionate about integration of security best practices with the SDLC. Jason holds his GIAC Web-Application Tester certification. He has spoken at several events including the Charlotte-Metro ISSA Summit, multiple BSides events, Hackfest (Canada), and the UNC Charlotte Cyber Symposium. He is also the author of several Burp extensions including CO2 and Paramalizer, and an active contributor to other open-source projects including MobiSec, SamuraiWTF, and Laudanum.
Joe Stewart and James Bettke are researchers with Dell SecureWorks, authors of multiple security papers and tools including DCEPT and PDFXpose. In addition to their day jobs performing threat research, Joe and James are also founding members of the SubProto hackerspace in Myrtle Beach.
Josh Stone and Patrick Fussell are penetration testers with PSC, working primarily in the PCI compliance space. Between the two of them, there’s over 15 years of penetration testing experience, and they get to work with some of the world’s largest service providers and merchants.
Jared Haight is a Security Engineer with Gotham Digital Science in Charlotte, NC. Before making the transition to Information Security he was a Systems Administrator for a decade where he spent most of his time writing scripts to automate everything he did so he could spend more time looking at pictures of Corgis on the Internet.
Josh Huff is a Digital Forensics Analyst for private investigation firm in Columbia, SC. He uses his knowledge of security and open source intelligence to break into a security role at Stillinger Investigations early this year. Josh currently uses his OSINT knowledge to assist the investigators with casework while handling the assorted tech landscape of personal devices and computers that come through the forensics lab. he also co-organizes for ColaSec (Columbia's local infosec meetup)
Max Harley is a freshman in college who loves security. Max worked for Soteria, a Charleston-local security firm during his senior year in high school. Security is Max's passion, so he strives to become better at it.
Every day websites with simple vulnerabilities in Content Management Systems such as Wordpress are compromised and used to host phishing and malware attacks.