• If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

  • You already know Dokkio is an AI-powered assistant to organize & manage your digital files & messages. Very soon, Dokkio will support Outlook as well as One Drive. Check it out today!

View
 

BSidesPittsburgh

 

Please go to:

 

BSidesPGH

 

for information on current events!


 

 

About

BsidesPittsburgh is a free, volunteer-run computer security conference to be held in Pittsburgh on Friday, June 1, 2012.  Security Bsides is part of a global series of community-driven conferences presenting a wide range of information security topics from technical topics, such as dissecting network protocols, to policy issues such as managing information leakage via social networks.  In keeping with the community-driven theme and to help minimize event costs, the conference format, talks, and activities are agreed upon by all attendees.  We’re currently looking for presenters, ideas and topics.  Please post your ideas at the BsidesPittsburgh website. 

 

Pittsburgh has a flourishing information security community; this is a great chance to meet each other, share ideas and work together.  Many of those professionals in Pittsburgh as well as nationally recognized experts are doing awesome things in the field; let's get together to learn,  collaborate, and protect.  Please see our web page for more information, to RSVP, or to submit a talk or suggestion.  The event is free – even the food and drinks – and held in full view of the City of Pittsburgh and PNC Park at the Left Field Meeting Space on the north shore. 

 

 

Invite your friends by posting this on Twitter: "#BSidesPGH June 1,2012: Bits in the 'Burgh!"

 

 

Sponsors

 

Sponsorship has changed for 2012.  Rather than arrange direct payments to vendors, we're asking sponsors to choose a sponsorship level:

 

Platinum Sponsors

 

 

 

Gold Sponsors

 

       

 

 

Silver Sponsors

 

       

 

 

 

 

Friends Of BSides

 

 

    


Premier - $5,000.00 - 1 available
Platinum - $1,500.00 - 2 taken
Gold - $750.00 - 2 taken, 2 available
Silver - $500.00 - 2 taken, 2 available
Friend of BSidesPGH - any contribution, no limit

 

Due to the changes in progress at BSides national, the production of BSides Pittsburgh is being handled by Bizling, LLC.  Bizling is owned by organizer Dan Klinedinst, has a federal tax ID, DUNS number, etc.  Contributions should be made to Bizling.  We can generate invoices for sponsorship offers.  Thank you.

 


 

Call For Presenters (CFP)

 

Voting is now closed.  Only the talks which have been accepted are listed here.

 

Important Dates:

Cutoff: May 1

Speakers Announced: May 10

 

List your proposed talk here.  After May 1, we will vote on which ones will be presented.  Don't limit yourselves to a one hour talk with Power Point (although that's fine) - we'll gladly entertain creative new ways to present information!

 

Please list your: name, contact information (email, twitter, website), presentation title, and short description.  E.g.,  We will also accept CFP submissions via an e-mail to [email protected].

 

Kevin Gennuso (@kevvyg)   

The use of network flows for better network visibility and incident response.

Knowing which hosts are involved in a security incident is vital information in the midst of a breach. The faster the attackers and their targets can be identified, the quicker the incident can be contained. Collecting this information from disparate logging systems can be difficult and time consuming, and capturing and storing every packet sent across the network for long periods of time isn’t technically feasible in most cases. Fortunately, most modern networking hardware has the ability to track and export network flows. A well-­‐tuned network flow collection gives the incident response team a clear view into all past and present conversations between hosts, allowing for fast identification of attacking or infected machines. Network flows can also demonstrate what "normal" and "abnormal" network conditions look like and can help identify outliers or potential data leaks. This capability can be a valuable tool used throughout the incident handling process to help bring clarity and visibility during the "fog of war".

 

Bharat Jogi

Reversing Patches for Exploit Creation, Pen-Testing or Just Fun!

How many times have you wondered what really gets fixed in the security patches released by vendors? Are you curious to find new vulnerabilities that could be introduced due to faulty patches? This talk will go over some basic reversing techniques that anyone can use to read what exactly gets fixed in patches. These techniques can be used to write your own exploit which can be helpful for pen-testing.  Malware authors use similar techniques to create malware that targets unpatched systems. This is a fast and very cost effective approach and has been used extensively by malware authors. The talk will demonstrate how easy it is to reverse patches and will highlight the urgent need to apply patches to protect against such attacks.

 

Eric Mikulas (@erockpgh) 

QR code experiment.
QRCodes will be printed on stickers, and placed in random area, such as bathroom stalls, telephone poles, signs etc. The QR code will point to a good sounding domain name, upon connection to the website, cellphone location will be requested, and random metrics will be collected. The site will only have a PSA about he dangers of scanning random QR codes, and an option to fill out a survey to try to gain more insight into QR scanning, and possibly gauge the success of a QR based attack on smart phones.

 

Michael Egenlauf (@securityconnect)

Social Engineering 2012

Can you really patch human stupidity?  Sure you can.  This talk will discuss what social engineering is, what has changed in recent years, policy and training components to help mitigate some of the common tactics used by social engineers.    We’ll also discuss some information gathering techniques and 2011 – 2012 attacks and how they happened. 

 

David McGuire (@davidpmcguire)

Maturing The Penetration Testing Profession

How do you define a penetration test, or identify a penetration tester? Generally, highly skilled professions have well defined requirements of both the professionals and the work they provide. Penetration testing, however, has virtually no definition, requirements or standardization and can cover anything from vulnerability scans to exploit development. While not the only profession in the information security field to lack definition, it is arguably the worst. The end result is often low quality, unsatisfactory assessments that leave organizations still vulnerable to unsophisticated attacks.

 

This talk will cover the current efforts of some groups organized to assist in professionalizing the penetration testing field, including the National Board of Information Security Examiners (NBISE) Operational Security Testers (OST) panel and the Council for Registered Ethical Security Testers (CREST). While different initiatives, the end goals of these groups are to provide frameworks for penetration testers, managers and customers to operate within, hopefully ensuring more consistent and measurable tests.

 

Julian Zottl (@sabreofsd)

SCADA: Not just for water and electricity

 

One of the hottest topics in security is SCADA and what vulnerabilities are out there.  This talk will focus on some SCADA networks that some may have not considered, such as the network that controls the cars that we drive every single day.  We'll dive in to the structure of the traffic on the network, why security has been so lax, and how we might fix it.  We'll cover some legitimate reasons for modifying the traffic and end points on the network, as well as some of the nefarious reasons.  

 

Schedule

 

 

 

 

Day 1 

 

 

Friday - June 1, 2012
BSidesPGH!
8:00 - Doors open, setup

 

8:30 - 9:20 - Reversing Patches for Exploit Creation, Pen-Testing or Just Fun! Bharat Jogi
9:30 - 10:20 - SCADA: Not just for water and electricity Julian Zottl
10:30 - 11:20 - The use of network flows for better network visibility and incident response. Kevin Gennuso
11:30 - 12:10 - Local Interest Briefs ISSA, Infragard, Hack Pittsburgh, FBI Cyber Crime Squad
12:10 - 2:00 - Lunch by Bella Frutteto  
2:00 - 3:00 - Maturing The Penetration Testing Profession David McGuire
3:00 - 4:00 - Social Engineering 2012 Michael Egenlauf
4:00 - 5:00 - QR code experiment Eric Mikulas
5:00 - 6:00 - Clean up  
6:00 - ? - After party. Location TBD  

 

Other Activities

 

Lockpick Village

BSides Pittsburgh once again welcomes the Pittsburgh Lockpick Club, who will be demonstrating their skills and giving attendees a chance to try it, throughout the day.

http://www.pittlockpick.com

 

After Party

There will be an after party beginning at 6:00pm.  The exact location is TBD, but it will be near the venue (North Shore.)

 

Local Interest Talks

This year BSides Pittsburgh will feature short talks about local non-profit groups involved in information security and related topics.  So far, ISSA Pittsburgh, Infragard Pittsburgh Chapter, and Hack Pittsburgh are scheduled to be presented.  We expect more to be announced shortly.

 

 

 

Topics I would like to hear about

 

  • I'd love to hear about the local info sec scene - Pittsburgh has CERT, NCTFA, FBI Cyber Crimes, RAND, IC3 nearby, a National Lab, several universities, etc.

 

Potential Sponsors

Over the past two years, a series of information security events called BSides has been organized across the U.S. and internationally (www.securitybsides.com).  These events vary in format, but share the common philosophies that they are free, open to anyone, and entirely organized and run by volunteers.  Another common trait they share is that they focus on the community where they are held, with mostly local speakers, local sponsors, and local vendors.

We are putting together a second BSides event for Pittsburgh, scheduled for June 1.  Pittsburgh has a substantial presence in the information security world, with major universities, CERT, the NCFTA and an FBI Cyber Crime unit, and numerous software developers in a variety of industries.  Our goal is to bring many of them together to learn from each other, share information, and network.

In order to do this, and keep it free for all attendees, we are looking for both local and national organizations who are interested in sponsoring some portion of the event.  All BSides events are required to abide by a policy that there be no vendor booths or sales presentations; however, sponsors can be recognized at the event and in its materials.  Representatives from sponsor organizations are encouraged to participate in the event, as it's a great opportunity to meet other information security professionals in the area.  If you're interested in sponsoring Bsides Pittsburgh, please email [email protected].

 

Planners ([email protected])

 

  • Dan Klinedinst (@dklinedinst) 
  • Joe Wynn (@wynnjoe)
  • Scott Kriebel (@smkriebel)
  • Alex Meyers (@amattress)
  • Scott Thomas (@notscottthomas)

 

Volunteers

 

 

 

Task List

(please -cross out- when it's done)

 

Tech

 

Wifi

Projector, White Boards

Photo

Video

Audio

Streaming or Stickam or Skype or Ustream or Livestream

 

Non-tech

 

Breakfast

Lunch

Coffee/Tea

Tables and chairs

 

 

Tags for flickr, twitter, blog, etc.

Please use the tag #BsidesPGH for content related to this event

 

Comments (0)

You don't have permission to comment on this page.