BSides Greenville on June 13th is all virtual and free for everyone to attend!

 

Questions? Email us at BSidesGreenville [at] gmail.com

 

Follow us on Twitter: @BsidesGVL    Hashtag: #BSidesGVL

 

Location:     Online - Register to receive the links prior to the start of the event - https://tinyurl.com/vwe9tu5

 

We now have four talks filled with great talks - something for everyone!  Check out all four tracks below!!!

 

                  2020 SCHEDULE & PROGRAM

 

 

 

 

 

 

Talk descriptions are listed by speaker’s last name alphabetically below.

 

 

Pentester Firing Squad

Heath Adams, Michael Bryant, Eric Escobar, Luke Kapustka, Michael Holcomb

They’re back!!!  The Pentester Firing Squad returns again for 2020 with a look at changes in the penetration testing industry over the last year, a look at how organizations have changed (and should have changed) their security posture since last year’s discussion and provide the opportunity for attendees to ask the panel anything.

 

 

How to Start a Business w/ a Cyber Security Background

Adam Anderson CEO

There is a critical shortage of Cyber Security talent in the world.  This high demand with low supply leads to some interesting possibilities. 

In this talk, we will answer three questions specifically for cyber security professionals:
- What is a business?
- Should I start one?
- How do I pick the right business for me?

Adam has over 20 years in the cyber security industry working on projects ranging from Y2K in 1999 to building out the identity and access management platforms for the US Air Force, Lockheed Martin, and IBM.  You can find our more about Adam at www.adamandersonceo.com.

 

 

Password Sprays: Still a Concern?

Michael Berardi

Password spray attacks have been blogged about the past few years within the security community. Breaches have been reported, but many people have begun to defend against password sprays. The overall question is why should organizations still be worried about a password spray attack?

Michael is a Security Engineer focused on penetration testing.

 

 

turstno1: Protecting Your Data in a Zero Trust World

David Branscome

 

 

 

API Security in Depth

Jeff Clare

As a result of a broadening threat landscape, and the ever-increasing usage of APIs, the OWASP API Security Top 10 Project was launched.  Join us as we cover a high-level overview of the interaction of API endpoints, in addition to how they are different from their traditional browser-based counterparts.  As well, we will discuss and highlight some of the attack scenarios to help end-users and organizations understand the dangers associated with deficient API implementations.

Hailing from the frozen north, Jeff Clare is a Sales Engineer with Checkmarx, a leading application security company.  Prior to his current role, Jeff has spent over 15 years in various development roles, from developer, team lead, and Systems Architect.  Jeff has a passion for application security, functional and performance testing, and development.  When not working, he enjoys spending time with his wife and two small children, hockey, and most types of gaming you can think of.

 

 

From OSINT to Pwn

Bryce Crum

With the abundant use of social media platforms and professional networking services, it is becoming more difficult to prevent employees from oversharing and compromising company security. This talk will discuss the use of Open Source Intelligence (OSINT) in offensive security and how to best secure your company from the dangers of its own users.

Bryce is currently working with Avertium’s security assessments team as a penetration tester. He has been in various roles such as back-end developer, systems analyst, SOC analyst, and Red Team Lead/Member. He holds to the life learner mentality. His hobbies are random and depend on the day.

 

 

6 Things People Do Wrong in Security Awareness Training

Zach Eikenberry

 

Zachary Eikenberry is a CoFounder of Hook Security Inc and serves as a Director and Chief Executive Officer. Previous to these roles, he was the Founder & CEO of The NEXT Schools. These schools provided entrepreneurial experiences for over 900 students between 2 high schools and a middle school. Starting with $0 at the age of 27, he built a system that raised over $5M annually as he managed 60+ fulltime employees.

Zach has over 12+ years of startup experience since graduating from Purdue University with degrees in Philosophy and Economics. Throughout this time, he has successfully launched a SaaS company that resolved a complex purchasing workflow for federal agencies in addition to his ongoing consulting practice. He has been recognized as a Top Ten most Innovative Educator by the Woodrow Wilson Foundation, a TEDx Speaker, and a conference speaker on the nature of innovation and education.

 

 

Your Corporate Networks Are Showing

Eric Escobar & Matt Orme

Sysadmins, CISO’s and compliance officers run pentests on their internal and external infrastructure, and commonly ignore their wireless footprint. However, access to a corporate wireless network is seldom monitored and provides covert access to an attacker. Think a long random passphrase or individual user authentication will protect your perimeter? Think again. Current wireless attacks take advantage configuration oversights, deceiving end users, and circumventing what had been thought to be reasonable network segmentation. Such compromise can have disastrous implications resulting in the “attacker from the parking lot” scenario. Curious to see how a compromise from a “secure” wireless network happens? Eric & Matt will discuss their evolving wireless pentest methodology and answer audience questions.

Eric & Matt are seasoned pentesters and Principal Security Consultants at Secureworks. On a daily basis they attempt to compromise large enterprise networks to test their physical, human, network and wireless security. They have successfully compromised companies from all sectors of business including: Healthcare, Pharmaceutical, Banking, Finance, Technology, Insurance, Retail, Food Distribution, Government, Education, Transportation, Energy and Industrial Manufacturing. Eric and Matt’s team consecutively won first place at DEF CON 23, 24, and 25’s Wireless CTF, snagging a black badge along the way.

 

 

Imperial Stout

Jason Gillam

This is not a talk! It is a series of demos showing just how far Burp Suite Extensions have come, the many ways they can be used to assist with Web App Pen tests, and how to get started building your own

I have been building tools and extensions to support penetration testing tasks for many years, and am most known for my work on Burp CO2 and Paramalyzer. This talk is meant to pass on knowledge of how to make use of extensions and also set the foundation for building them. Through a series of demonstrations I intend to show some of my current work as well as that of other extension developers. All of the extensions demonstrated during this talk are open source projects, and I hope to inspire more open source contributions to information security tool projects. For this talk my demonstrations will be specific to Burp Suite, the proxy tool familiar to web application penetration testers, but they will be applicable in other contexts.

This is a technical talk and is most appropriate for anyone who is at least dabbling in software development or who is familiar with web application penetration testing.

Jason Gillam is Chief Information Officer (CIO) at Secure Ideas and an IANS faculty member. He has over 20 years of industry experience in enterprise software development, system architecture, and application security. Jason has spent most of his career in technical leadership roles ranging from startups to fortune 100 companies and has learned the business acumen necessary to advise everyone from developers to senior executives on security and architecture.

 

 

Making Sense of Splunk Enterprise

Jonathan Singer

Splunk can feel overwhelming at times, and with many moving parts, it can prove difficult to understand how this power tool can fit within the enterprise. We will cover what Splunk Enterprise is, who uses Splunk in their organizations and what value it can provide, and finally how to provide some understanding of how you can benefit from it too. Tune in and join the conversation around the Data-to-Everything platform.

Jonathan Singer has over 14 years of experience as an information technology professional including 12 years of working experience in the information security field. Prior to joining GuidePoint, Jonathan worked at a Central Florida ISP specializing in web application security, policy and compliance, and RedHat Linux system administration and hardening. Currently, Jonathan leads the Splunk Professional Services team for the southeast region and is a certified Splunk Architect. Jonathan participates in many speaking engagements throughout the East Coast, currently holds a CEH and several SANS certifications, and a Master's Degree of Cybersecurity from the University of South Florida.

 

 

Defense-in-Depth for Industrial Controls

Brad Hamlett

The presentation discusses the following 4 items as they apply to under-resourced local utilities, typically water and wastewater treatment utilities responsible for distributing water to the population and controlling highly toxic chemicals used for water and wastewater treatment.

1. Review of the top vulnerabilities of utilities’ ICSs. 

2. Review of the threat landscape of utilities’ industrial control systems (ICSs). 

3. Lessons learned from major attacks on utilities in 2018. 

4. Proposal for building a defense-in-depth system for utilities’ ICSs. 

Brad Hamlett is a former Army senior intelligence analyst, current college professor and cybersecurity subject matter expert.

 

 

HyberScale Security Technology

Nick Cattoni & Andy Thomas

Organizations are being pulled in two directions, between the traditional on premise datacenter and the cloud.  For those that elect to maintain a large on premise datacenter, hyperscale networking enables the organization’s architecture to scale appropriately while the demand on the system is increasing. Can we expect to grow the traditional datacenter while staying easy to deploy, manage, and maintain?

 

Andy Thomas is a named accounts SE in NC.  He has over 30 years of IT/Security experience and has used Check Point for 25 years. He has worked for several Fortune 500 companies such as VF, Hanes, and Lincoln Financial.

 

Andy joined Check Point 4 years ago as a Threat Prevention specialist and has since moved into a local SE role. He primarily focuses on Threat Prevention, Data Center security, and  Endpoint.  Andy joined Check Point with the goal of assisting customers with the consolidation of their multitude of security solutions to Check Point to reduce cost and complexity while improving visibility.  Andy lives in Boone, NC and enjoys the many outdoor activities available there.

 

Nick Cattoni is a Security Engineer for Check Point in South Carolina. Nick graduated from Appalachian State University and started with Check Point in 2018. He focuses on commercial business in the state, and specializes in Endpoint and Mobile threat prevention. Nick seeks to help customers handle the growing threat landscape and enjoys being a part of the tech community. He lives in Charleston, SC and misses the mountains, but enjoys the beach even more.

 

 

Removing the Cobwebs: Upgrading Our Web Application Testing

Kevin Johnson

In this presentation Kevin Johnson from Secure Ideas will discuss how we can improve our testing.  Things like CORS and cloud-based systems are changing how we should test.  This talk will focus on how security teams and developers can evaluate their applications based on modern development and techniques.  Attendees will be able to implement these techniques and knowledge into their organization as soon as they return to the office.

Kevin Johnson is the Chief Executive Officer of Secure Ideas. Kevin has a long history in the IT field including system administration, network architecture and application development. He has been involved in building incident response and forensic teams, architecting security solutions for large enterprises and penetration testing everything from government agencies to Fortune 100 companies. In addition, Kevin is a faculty member at IANS and was an instructor and author for the SANS Institute.

 

 

How to Review a Mobile (Android) App

James Kinninger

If you’ve ever wanted to learn how to review an Android app personally or professionally this presentation will give you a crash course on how to do it. The topics covered will be for both the non-technical and technical.

 

20 years of IT experience, primarily in software development, James has spent the last 4 years in IT Security reviewing countless numbers of Android apps.

 

 

Bypassing BitLocker

Miguel Martinez

Even with today’s hardware security measures, having physical access still means we can exploit and take control of systems by taking advantage of hardware subsystems.  In this talk, we will go through a real-life scenario where we gained access to a windows laptop with TPM-Only Bitlocker enabled. We will show how easy it is to execute DMA attacks leveraging Ulf Frisk’s PCILeech software and an inexpensive USB to PCIe board.

 

Miguel Martinez is a penetration tester and CTO at Tec-Refresh, Inc.  He started his career in IT as a network administrator, then transitioning into Security Operations and finally finding his place in offensive security as a penetration tester.  Miguel interests include hardware hacking (voiding warranties), RF-Analysis (W6BIT), and spending time with his family. 

 

 

The DevOps Crusade

Ochaun Marshall

Lately, organizations have been embracing DevOps, a set of cultural philosophies, practices, and tools that increases an organization's ability to deliver applications and services at high velocity. This has allowed organizations to grow and deliver products faster than more traditional approaches. This has also led to misconfigurations that cause massive data leaks.

This talk is focused on developers, DevOps engineers and the security professionals who work with them. It lays down some strategies on how to continue using DevOps practices while incorporating security. Without integrating security standards with DevOps, misconfigurations will continue to occur and data links will continue.

Ochaun Marshall is a security consultant at Secure Ideas.

 

 

Differences in AI/ML/DL

Bien Nguyen

Machine learning is a big step forward in combatting cyberattacks but is still no silver bullet. Many traditional cybersecurity solutions available today are causing huge operational challenges as they are not adequately fighting against today’s complex and sophisticated threats. Detection and response-based solutions are no longer sufficient as damage can already be done while waiting for the execution of an attack. Executives and security leaders need to start adopting a preventative approach to cybersecurity, which is made possible through Deep Learning.

 

Fortunately, AI technologies are advancing, and deep learning is proven to be the most effective cybersecurity solution, resulting in unmatched prevention rates with proven lowest false positive rates. As you evaluate new technologies for your organization, understand the differences and benefits of AI/ML/DL.

 

Bien is a Solutions Engineer at Deep Instinct where he consults clients on applying cyber security solutions that harness the power of deep learning analytics with real time prevention of cyber threats.

 

Offense From Defense - My Rocky Path to the Dark Side
Leo Pate III

 

Many security professionals live in one of two worlds; offense or defense. While there is a rise of offense and defense collaboration, more often than not, these two worlds are often silo'd. This talk will focus on how I made the jump from IT to defensive security, to offensive security and the lessons learned along the way. By citing real case studies over the past 11 years, I will show how IT, coding, defense and offense security are all woven together and how skills in one, sharpens the others.

Leo Pate is a former Cyber Warfare Officer within the South Carolina Army National Guard and an Application Security Consultant with nVisium. Leo’s expertise in information security comes from 12 years experience in a variety of information technology and business roles to include Director, Security Systems Administrator, Security Consultant and other information security specific functions. Leo is also a Technical Mentor for NodeCarolinas, a non-profit organization focused on teaching information technology, cybersecurity and business entrepreneurship to the South Carolina and North Carolina communities.

Active Threat Hunting

Jason Rivera

This brief will cover CrowdStrike’s latest observations on how criminal and nation-state adversaries are engaging in intrusions against their targets. Topics covered will include:

•             An intrusion threat landscape sharing the high level trends on how intrusions are occurring throughout the globe.

•             A tactical observations section that discusses specific threat actors and how we have seen them leverage advanced techniques against their targets.

•             A hunting best practices section that discusses how organizations can build threat hunting programs that are capable of detecting anomalies within their environment.

 

Jason Rivera is an internationally experienced intelligence, cybersecurity, and national defense professional who possesses 13+ years of experience innovating at the intersection of security operations and technology. While in the private sector, Jason has advised and led the development of cyber intelligence programs for large Fortune 500 companies and US Government agencies. Prior to his entry into the private sector, Jason served as an Intelligence Officer in the U.S. Army where he attained the rank of Captain and participated in a variety of roles, including assignments at the National Security Agency (NSA), U.S. Cyber Command (USCYBERCOM), as well as having served in combat tours overseas. Jason possesses Master’s Degrees in Security Studies from Georgetown University, and Economics from the University of Oklahoma.

 

 

Digital Resilience Needs to Supersede ‘Detect and Protect’

Chris Stoneking

Digital resilience is a cyber security philosophy in which we accept that harmful cyber events are going to occur to your organization and become proactive in building and equipping an organization so that the outcome of such a cyber event is to absorb, adapt, and rebound with minimal negative business impact.   In this talk we examine key elements in how organizations build and operate cyber security teams, the false assumptions that creep in, how to recognize and examine those assumptions, and how to build and equip organizations to be digitally resilient.

Chris Stoneking is a Senior Consulting Engineer at RedSeal.  In his current position, he helps companies architect resilient network strategies, assess & manage cyber risk, and mitigate vulnerability threats.  Chris has broad experience in network security and has previously held positions at Fortinet and Juniper Networks.  Chris holds a Bachelor's degree in Physics from the University of Georgia and a Master's degree from Georgia Tech.

 

 

Painless Certificate Management: KeyChest

Colin Stable

LUCY Security, a leading Security Awareness vendor, started out in the Pen Testing business in Zurich. We still offer custom cyber-security services.

In addition to our award-winning phishing simulation product “LUCY”, we have a Dark Web Risk Analysis team which monitors hacker forums for stolen and compromised credentials and more. 80% of all phishing sites are “validated” with certificates.

LUCY started to use KeyChest because it has a real-time global database of all public certificates, enabling us to find potential phishing threats before they occur. KeyChest also discovers and manages internal certificates, regardless of vendor, and allows customers to buy certificates at large discounts.

The massive growth of free, 90 Day Let’s Encrypt certificates has created a management headache for IT professionals, and many LUCY clients have adopted KeyChest because it’s low-cost, zero-integration, all-you-can-eat model makes it highly cost effective and far superior to the alternatives on the market.

LUCY will offer special KeyChest and LUCY pricing to BSidesGVL members.

 

Colin Bastable is CEO Of LUCY Security Inc, the US arm of Swiss-based LUCY Security AG. Colin specializes in IT Security startups, looking for new and valuable technologies to deliver to global markets. He is widely quoted for his expertise in the IT security press and in the wider media. Originally from the UK, Colin has traveled and worked in most regions of the world, and is a US Citizen, living in Austin, Texas – although he still has his English speech impediment.

 

 

Keynote – Sucking at Capitalism

Tim Tomes

Ethics in the Business of InfoSec

 

Tim is an Application Security Professional with over a decade of experience in the information security industry. From software development to full-scope penetration testing, Tim has worked in multiple disciplines as both a manager and technician for the United States Military and private industry. Tim hones his development and application security skills through managing multiple Open Source software projects and conducting consultative engagements. Tim has a strong belief in contributing to the community and does so through writing technical articles, speaking at conferences, and conducting training both as an independent instructor and for some of the industry’s largest training providers. Tim's experience as both a leader and technician provide a rare set of skills that allow him to communicate effectively with personnel at all levels, from developer to C-level executive.

 

 

A Tale of Two PowerShells

Fernando Tomlinson

PowerShell has surpassed the administrative use that it was originally developed for and now additionally serves as a capability that enables threat hunters and incident responders to illuminate malicious activity and respond to such threats. It also enables pentesters and malicious actors to gain and maintain access as well as proliferate throughout a network without bringing any additional toolkits. In most cases, the two additional uses often are not detected or known by the admins or the opposite side. We will dive into and demo a number of methods in which both sides are using or could use PowerShell to achieve their overall objectives.

Fernando has been coding in PowerShell for over 4 years. He regularly teaches a 5 day PowerShell course which he has taught to organizations within the Department of Defense, Department of Homeland Security, and the National Security Agency.

 

 

Code of Conduct

We have NO TOLERANCE for physical/verbal/sexual harassment of any person at BSides Greenville! Anyone needing to report any instance of harassment should contact a volunteer team member in a purple shirt immediately!  While we want and encourage everyone to have a great time, we also want everyone to feel included and welcome in a safe environment.

Our conference is dedicated to providing a harassment-free conference experience for everyone, regardless of gender, gender identity and expression, age, sexual orientation, disability, physical appearance, body size, race, ethnicity, religion (or lack thereof), or technology choices. We do not tolerate harassment of conference participants in any form. Sexual language and imagery is not appropriate for any conference venue, including talks, workshops, parties, Twitter and other online media. Conference participants violating these rules may be sanctioned or expelled from the conference without a refund at the discretion of the conference organizers.

 

Consideration By...

A very special thanks to Clemson University International Center for Automotive Research (@CU_ICAR) for hosting BSidesGreenville 2020!!!

 

 

                                

 

 

 

Sponsors include:

 

After Party at SpareTime Entertainment

Sponsored by
 

 

 

PLATINUM SPONSORS

 

                               

 

 

                          

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

                                                                                                           

 

 

           

 

 

 

 

 

                              

 

 

GOLD SPONSORS

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

   

 

 

ADDITIONAL SPONSORS