• If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

  • You already know Dokkio is an AI-powered assistant to organize & manage your digital files & messages. Very soon, Dokkio will support Outlook as well as One Drive. Check it out today!

View
 

BSidesAugusta 2015

THIS PAGE IS FROM 2015 and is NOT the current page !

 

The most current site is located at www.BSidesAugusta.org

 

 

 

 

What is BSides ?


Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening.

 

 

 

Questions? Want to volunteer? Want to sponsor? Email us at BSidesAugusta [at] gmail.com

 

Follow us on Twitter: @BSidesAugusta Hashtag: #bsidesaugusta

 

Location:    GRU Harrison Education Commons Building

                       1301 R.A. Dent Blvd

                       Augusta, GA 30901

 

 

Campus Map: http://www.gru.edu/maps/images/healthsciencescampus.pdf

 

 

Cost: Free !

 

Hotel Info:   Holiday Inn Express (Augusta North)

                         1073 Stevens Creek Road

                         Augusta, Georgia 30907

                     706-396-3000

 

To make reservations just call and say,  I need to make reservations for the "B-Sides and Security Onion Conference” and give your check in date. You can also register by clicking the link below. Remember all reservations must be made by the cut-off date of 08/28/2015Any reservations request made after this date is subject to availability.  

 

Hotel Link: https://goo.gl/xmGdb1

 

 

Parking:  Parking for BSidesAugusta is annotated on the map (link) below.

 

BSidesAugusta on GRU Health Campus.pdf  

 

 

Dates: 

  • April 30 - Call For Papers (CFP) open

  • May 31 - CFP close 

  • June 15 - Registration Opens 

  • June 22 - Speakers selected and notified 

  • Sept 12 - BSidesAugusta 

 

Schedule:

 

9/12/2015

  Track-1 (Blue Team #1)

Track-2 (Red Team)

  Track-3 (Blue Team #2)

9/12/2015
8:00 AM

Check-In

8:00 AM
8:30 AM

Welcome - Major General Fogarty (Fort Gordon Cyber Center of Excellence)

8:30 AM
9:00 AM

Keynote - Ed Skoudis

9:00 AM
9:30 AM 9:30 AM
10:00 AM

Juli Joyner and Jeffrey Medsger - Fundamental Understanding of Baseline Analysis and Remediation for Industrial Control Systems

 

Patrick Perry - Using a HackRF One to Infiltrate the Digital Thetford Wall

Jason Frank - Go Hack Yourself

10:00 AM
10:30 AM 10:30 AM
11:00 AM

Mike Reeves - Taking a Distributed Computing Approach to Network Detection with Bro and “The Cloud”

Alex Rymdeko-Harvey - Malvertizing Like a Pro

Joel Esler - 2015 - It's not over yet...

11:00 AM
11:30 AM 11:30 AM
12:00 PM

Lunch

12:00 PM
12:30 PM 12:30 PM
1:00 PM

Justin Edgar - A Scout's Perspective on Network Defense

Josh Rykowski - Weaponizing our youth: The Case for Integrated Cyber Ethics

Chris Sistrunk - How to Get Into ICS Security

1:00 PM
1:30 PM

Tanner Payne - Doomsday Preppers: APT Edition

1:30 PM
2:00 PM

Chris Sanders - Building a Better Security Analyst Using Cognitive Psychology

Andrew Cole and Rich Moulton - Making Everything Old New Again

Jon Medina - Destruction as a Service: Security Through Reanimation

2:00 PM
2:30 PM

Paul Melson - Viper Framework for Malware Analysis

2:30 PM
3:00 PM

Tim Crothers - Infiltrating C2 Infrastructure

Jake Williams - DIY Vulnerability Discovery with DLL Side Loading

Roland Cloutier - The Programmatic Evolution of Technology Defense.

3:00 PM
3:30 PM 3:30 PM
4:00 PM

Alissa Torres - Building “Muscle Memory” with Rekall Memory Forensic Framework

Tim Tomes - Recon-ng and Beyond

Wes Widner - Lessons Learned from Analyzing Terabytes of Malware

4:00 PM
4:30 PM 4:30 PM
5:00 PM

Timothy De Block - The Blue Team Starter Kit

David Coursey - Attacking OWASP - Exploiting the Top 10

 

5:00 PM
5:30 PM 5:30 PM

 

 

9/12/2015

FALE Lock Pick Village

Chiron Capture The Flag (CTF) Challenge

8:00 AM

 

 

 

 

 

 

 

 

 

 

* ALL DAY * 

 

 

 

 

 

 

 

 

 

 

* ALL DAY * 

8:30 AM
9:00 AM
9:30 AM
10:00 AM
10:30 AM
11:00 AM
11:30 AM
12:00 PM
12:30 PM
1:00 PM
1:30 PM
2:00 PM
2:30 PM
3:00 PM
3:30 PM
4:00 PM
4:30 PM
5:00 PM
5:30 PM

 

 

Welcome:

 

 

Major General Stephen G. Fogarty, a native of Savannah, Georgia, was commissioned as a Second Lieutenant in the Military Intelligence branch in May 1983, after earning his Bachelor of Arts in History at North Georgia College. He also holds a Master of Science in Administration from Central Michigan University, and a Master in Strategic Studies from the U.S. Army War College.  His military education includes Airborne School, the Military Intelligence Officer Basic and Advanced Courses, Ranger School, Jumpmaster Course, Combined Arms & Services Staff School, Long Range Surveillance Leaders Course, U.S. Army Command and General Staff College, U.S. Army War College, and the CAPSTONE General and Flag Officer Course.  

 

After completing the Military Intelligence Officer Basic Course at Fort Huachuca, AZ, Major General Fogarty was assigned to the 101st Airborne Division (Air Assault), Fort Campbell, KY, where he served as a platoon leader in the 311th MI Battalion and as an S-2 in 2nd Battalion, 3-27 Infantry, before moving to the Division G-2, where he served as the Tactical Surveillance Officer and Assistant Division Intelligence Collection Manager.   He completed the Military Intelligence Officer Advanced Course at Fort Huachuca, AZ, in 1987.  From 1988 to 1991, he was stationed at Fort Lewis, WA, assigned as the S-2 for the 2nd Battalion, 75th Ranger Regiment, to include a deployment for Operation Just Cause.

 

His next assignment was Schofield Barracks, HI, where he served in the 25th Infantry Division (Light) as a Brigade Liaison Officer and the Long Range Surveillance Detachment Commander in the 125th MI Battalion, as well as the Tactical Surveillance Officer and Operations Officer in the Division G-2.   After graduating in 1995 from the Command and General Staff College at Fort Leavenworth, KS, he returned to the 101st Airborne Division (Air Assault) G-2 as Chief, Plans and Exercises, and Chief, Analysis and Control Element, before rejoining the 311th MI Battalion as the Battalion S-3.  

 

From 1998-1999, Major General Fogarty was assigned to Fort Benning, GA, as S-2 of the 75th Ranger Regiment, before returning a third time to Fort Campbell as G-2, 101st Airborne Division (Air Assault).   He served as commander of the 732nd MI Battalion in Schofield Barracks, HI, from 2000-2002, before moving to Carlisle Barracks, PA, to attend the Army War College.   After graduation in 2003, he served as Chief, Integrated Survey Program, for the United States Special Operations Command out of MacDill Air Force Base, FL, to include deploying to Afghanistan as a JSOTF J2 in support of Operation Enduring Freedom.  Assigned to Fort Gordon in 2005, he served for two years as commander of the 116th MI Group and National Security Agency-Georgia. 

 

Major General Fogarty then returned to Afghanistan as Director, Joint Intelligence Operations Center—Afghanistan, from 2007 to 2008, before assuming duties as Director of Intelligence, J-2, United States Central Command, MacDill Air Force Base, FL, 2008-2010.  He returned to Afghanistan for a third time 2010-2012 to serve as Deputy Chief of Staff, Intelligence, CJ-2, for NATO’s International Security Assistance Force, before moving to Fort Belvoir, VA, to assume duties as Commanding General, U.S. Army Intelligence and Security Command, from 2012-2014.   He most recently served as Special Assistant to the Director of the Army Staff, Office of the Chief of Staff, in Washington, DC.

 

Major General Fogarty's awards and decorations include: the Defense Superior Service Medal (3 awards), Legion of Merit, Bronze Star Medal (2 awards), Defense Meritorious Service Medal, Meritorious Service Medal (5 awards), Joint Service Commendation Medal, Army Commendation Medal (2 awards), Army Achievement Medal (4 awards), Joint Meritorious Unit Award (2 awards), National Defense Service Medal (2 awards), Armed Forces Expeditionary Medal w Arrowhead, Afghanistan Campaign Medal w/Campaign Star (3 awards), Global War on Terrorism Expeditionary Medal, Global War on Terrorism Service Medal, Humanitarian Service Medal, the NATO Non-Article 5 Medal for Afghanistan, Master Parachutist Badge (w/bronze star), Air Assault Badge, and the Ranger Tab.

 

 

Keynote:

 

 

@edskoudis

 

Ed Skoudis is the founder of Counter Hack, an innovative organization that designs, builds, and operates popular infosec challenges and simulations including CyberCity, NetWars, Cyber Quests, and Cyber Foundations. As director of the CyberCity project, Ed oversees the development of missions which help train cyber warriors in how to defend the kinetic assets of a physical, miniaturized city. Ed's expertise includes hacker attacks and defenses, incident response, and malware analysis, with over fifteen years of experience in information security. Ed authored and regularly teaches the SANS courses on network penetration testing (Security 560) and incident response (Security 504), helping over three thousand information security professionals each year improve their skills and abilities to defend their networks. He has performed numerous security assessments; conducted exhaustive anti-virus, anti-spyware, Virtual Machine, and IPS research; and responded to computer attacks for clients in government, military, financial, high technology, healthcare, and other industries. Previously, Ed served as a security consultant with InGuardians, International Network Services (INS), Global Integrity, Predictive Systems, SAIC, and Bell Communications Research (Bellcore). Ed also blogs about command line tips and penetration testing.

   

Abstracts:

 

Juli Joyner and Jeffrey Medsger

Fundamental Understanding of Baseline Analysis and Remediation for ICS

 

This talk is about developing and implementing a successful continuous monitoring program for the Industrial controlnsystems (ICS) that support the liquid waste remediation mission at the Savannah River Site. Specifically, the presentation will focus on creation of security configuration baselines for the ICS, and the ongoing use of vulnerability scanning, configuration compliance scanning, and remediation efforts in support of the implementation of Critical Security Controls.

 

 

 

Mike Reeves (@toosmooth)

Taking a distributed computing approach to network detection with Bro and “The Cloud”

 

This talk focusses on a new way to do network detection by leveraging Bro to send data to a backend or cloud to process the data where resources are not as limited. It also focusses on treating sensors as expendable resources that can easily be swapped out to show the entire solution from the sensor to the backend.

 

Justin Edgar (@JustinREdgar)

A Scout's Perspective on Network Defense

 

This talk will discus the Military Decision Making Process and apply it to network defensive planning. Also I'll focus on the early steps of MDMP; intelligence analysis of the battlefield.  I will apply this planning methodology to network defense in a way that would make Sun Tzu proud; by visualizing the terrain, enemy, and friendly forces.  This analysis will help to identify critical points of observation and drive the placement of sensors, prevention devices, and analysis priorities.

 

Tanner Payne (@payneman)
 

Doomsday Preppers: APT Edition

 

Too many organizations take an "it'll never happen to me" approach when it comes to log collection.  This approach meets compliance needs and facilitates everyday business while ignoring the actual threat landscape.  When doomsday arrives and it's time to respond to an advanced targeted attack, these organizations learn the hard way that they are logging the wrong data.  One method for avoiding this scenario involves applying a common attack model and "decorating" each stage of the model with data sources useful during incident response.

 

Chris Sanders(@chrissanders88)

Building a Better Security Analyst Using Cognitive Psychology

 

The information security industry and the vendors that support it have placed emphasis on the tools we use to investigate security breaches. However, we rarely win or lose battles in the trenches because of the tools we buy. Instead, our result is typically determined by the tools we are born with and nurture over time. While machines are ideal for collecting data and finding anomalies, there is no tool better for connecting the dots than the human mind. Of course, the human mind is not without its own limitations and challenges we must overcome. 

 

Paul Melson (@pmelson)

Viper Framework for Malware Analysis

 

Viper is a Python-based binary analysis framework.  It offers a great deal of flexibility, functionality, and extensibility.  Its current feature set, along with its module framework and API, make it ideal for malware analysis and technical threat intelligence.  This presentation will demonstrate practical use cases for Viper's malware analysis functionality, modules, and API, including how and why to build a malware "zoo" in Viper.

 

Tim Crothers (@Soinull)

Infiltrating C2 Infrastructure

 

Take a walk on the wild side as we explore how to go about monitoring command and control infrastructure for botnets.  In this talk we’ll work through reverse engineering a bot and build a version in Python that can be used to monitor the activities of the bonnet in question.

 

Alissa Torres(@sibertor)

Building "muscle memory" with Rekall Memory Forensic Framework

 

Are you the Incident Response "Super Hero" in your organization? Add another IR superpowers star to your cape by attending a “How to” on effectively wielding the Rekall Memory Forensic Framework to slice through live or captured system memory. Alissa, co-author of the SANS FOR526 "Memory Forensics In-Depth" course will demo the newest capabilities of this bleeding-edge analysis tool.  You have heard about how simple Rekall is to use!  And there are new capabilities that the Rekall development team has recently added. Grab the page file while acquiring physical memory using Rekall’s winpmem and parse the memory of virtualized machines from a host memory image.  Grab a memory image (or use ours) and play along!

 

Timothy De Block(@TimothyDeBlock)

Blue Team Starter Kit

 

This talk is about low cost tools an information security professional on the defensive side can use to make an immediate impact on an organization. The talk would focus on the benefits and how to implement tools such as OWASP's Zed Attack Proxy and Burp Suite for web application security, Mandiant's Redline for incident response and forensics, and Microsoft's Enhanced Mitigation Experience Toolkit (EMET) for workstation hardening, and PDQ's Deploy and Inventory tool for patch management.

 

Patrick Perry (@pjbperry)

Using a HackRF One to Infiltrate the Digital Thetford Wall

 

While this sounds like an offensive talk it is actually defensive in nature. What would you do if wifi you relied on for your livelihood was potentially getting jammed by an unknown attacker you suspected had a malicious intent? This is the true story of what I did when I found myself in this very unique and frustrating situation. This talk will cover the basics of software defined radio (SDR), the HackRF and how to go about conducting a signals investigation.

 

Alex Rymdeko-Harvey (@Killswitch_GUI)

Malvertizing Like a Pro

 

This presentation is the culmination of research and execution into the emerging attack path of ad-based malware​ delivery. I'll cover the basics of social and web based marketing strategies and their relationship with advanced malware campaigns currently in the wild. I'll then dive into the mechanics of running a campaign, big-data analytics, OSINT, targeting, research, and my crack at *legally* performing malvertizing. This look at this up-and-coming attack vector will show how ad-based malware is circumventing thousands spent on security appliances geared towards standard email attacks, all while abusing the implied trust of social media to go after the real end point, “the user”.

 

Josh Rykowski (@ryko212)

Weaponizing our youth: The case for integrated cyber ethics.

 

As we continue to move cyber learning further and further to the left on the education continuum we are failing to address a distinct need for integrated ethics education.  This was not a problem when all of those individuals learning to operate within the cyber domain were older or at least a little more mature. Now with a younger crowd learning how to use the tools and techniques I believe that we must have a much more integrated approach to ethics education.

 

Andrew Cole and Rich Moulton (@rhmoult)

PowerShell: Making everything old new again 

 

In post-exploitation operations, using native OS capabilities is always preferred over custom tools to minimize attention from security products. As native OS capabilities go, none surpass Microsoft's PowerShell in providing complete access to the Win32 API.Better still, PowerShell allows us to compile code on-the-fly that will get us the functionality we want regardless of system architecture. In this presentation, we will show you several ways to leverage these capabilities to achieve classic hiding behaviors dynamically, and without regard to 32-bit or 64-bit environments, including hiding processes, files and registry entries.

 

Jake Williams (@MalwareJake)

DIY vulnerability discovery with DLL Side Loading

 

In this talk, Jake will teach you how to discover vulnerabilities like a rock star using DLL side loading. This technique (ab)uses the way Windows searches for DLLs to load into a program.  The behavior is nearly laughable and introduces serious risks, especially when developers don't understand filesystem permissions.  Attackers know this and use it for privilege escalation and stealthy persistence.  It is being seen in a number of APT compromises and antivirus software has abysmal detection rates.

 

Tim Tomes (@LaNMaSteR53)

Recon-ng and Beyond

 

It's not hard to see the value of OSINT in Red Teaming or Network Penetration Testing, but where does OSINT stand when it comes to Application Security Assessments? Many believe that OSINT is a waste of time for pure Application Security Assessments. After all, Application Security Assessments are all about the "application" itself, and we have the source code. What else do we need? You need OSINT, and in this talk I'll tell you why. With tools like Recon-ng and resources galore for harvesting useful information about applications and their infrastructures, I'll demonstrate for you why your Application Testing methodology must include OSINT, and why you'll be short changing yourself and your clients if it doesn't.

 

David Coursey (@dacoursey)

Attacking OWASP - Exploiting the Top 10

 

The OWASP Top 10 never changes for a reason; these attacks can be used against nearly every web app on the Internet, private intranet, or mobile networks. In this talk we will go over most of the Top 10 with in-depth explanation and lots of demo time.  This will include several helpful tools that speed up the testing process.  Getting to know these attacks and tools will prepare you for an exciting life of filling out bug reports.

 

Jason Frank (@jasonjfrank)

Go Hack Yourself

 

Penetration testing is an art and a science. It takes the knowledge of networks/applications/all things computing as well as critical thinking and an understanding of human behavior to become a truly great tester. The tools and processes to carry out the trade have evolved significantly in the past few years with the explosion of offensive PowerShell, lowering the barrier to entry for the execution of advanced offensive tactics. If attackers are using these tools to break into networks, why shouldn’t defenders use the same to make their environments more secure? A popular question from system administrators to CISOs is: What can I do to learn this “stuff”? While penetration testing takes years of experience to master, defenders can use recent tool advancements to plug many of the common holes offensive teams take advantage of. This talk will highlight 10 key areas blue teams can regularly audit using offensive toolsets without needing a red team background. From quickly triaging open files shares, to examining domain trusts, to easily testing border egress, these red teams tools and tactics can help blue teams better secure the networks they defend.

 

Joel Esler (@joelesler)

2015 - It's Not over yet...

 

2015 has been quite an active year in threats, a clear leader in exploit kits as well as their payloads have emerged, more flash zero days have had an effect, more breaches, interesting tactics around those breaches, and the year isn’t even over yet.

 

Chris Sistrunk (@chrissistrunk)

How to get into ICS security

 

This talk is about how to get into ICS security because we don’t have enough people! It can basically cover knowing the basics, knowing the ICS security standards like NIST SP800-82, and knowing threats and how to defend.

 

Jon Medina

Destruction as a Service: Security through reanimation

 

The continuously changing security landscape poses new challenges almost daily. Some of these threats must to be met with dynamic response measures. However many threats at their core have certain fundamental concepts: hard drive persistence, ram manipulation, file and directory obfuscation, and corruption of legitimate running processes among many others. The advent of server and network device virtualization provides an entirely new flexibility and control over the status and security of these devices.This talk will demonstrate a means in which production servers and software defined network infrastructure can be destroyed and redeployed cyclically around the clock in minutes or even seconds in a way that is completely transparent to the user.

 

Roland Cloutier

Going from Information Security to Business Operation Protection

 

Threats shift, technology shifts, and our businesses shift.  How about our approach to the operational implementation of programs we manage and deliver to our businesses or agencies? Roland Cloutier, Chief Security Officer for ADP, will take practitioners through the evolution of defensive operations to support how businesses need to be secured today.

 

Wes Widner (@kai5263499)

Lessons learned from analyzing terabytes of malware

 

Analyzing large sets of data provides us with insight that helps us focus our limited resources more efficiently. I want to share with you what I’ve learned by processing terabytes of malware. In this talk I want to help you figure out the most efficient way to spend your limited time resource analyzing the malware that’s most relevant to you. Whether that’s the newest and most interesting malware for pure research purposes or whether that’s defending a network against the most common types of attack.

 

Sponsors:

 

Diamond Sponsors 

 

 

Gold Sponsors 

 

   

              

 

      

 

 

Silver Sponsors 

 

 

      

      

 

 

 

Bronze Sponsors

 

 

Basic Support

 

 

  

 

Our In-Kind Sponsors, providing us with contest prizes, and raffle give-away's.

 

   

      

 

 

           

 

      

 

 

Event Recording:

 

 

 

Events:

 

 

FALE came together around a common idea of general curiosity and persuasion of the public’s “right to know”. Formally founded in early 2010, the individuals involved in the initial organization already had a history in and love for the practice of locksport and of having a better understanding of the mechanisms we rely on so heavily to keep us secure. Beginning with four members meeting monthly, we have quickly progressed to bi-monthly meetings. We talk locks, picks, general security and a smattering of other topics when meeting, all towards the end of a better knowledge of and ability to communicate the effectiveness (or lack thereof) of so many security measures in place in current society. We hope that through these conversations and our efforts publicly we will help to educate the larger community on the proper use and understanding of locks and security measures encountered daily.

FALE will be hosting a Lockpick Village where folks can come by to talk about physical security, learn to pick locks or talk about advanced picking techniques and tips. Plenty of locks and spare picks to play with, so be sure to stop by!

 

 

 

Chiron will host a cyber capture the flag (CTF) titled, “The Pyramid” at this year’s BSidesAugusta.  Registration is free and will run all day on the 12th starting after the initial opening “ceremonies” in the main lecture hall.  Chiron will provide each player with a bootable Kali USB (limited DVDs will be available for those that can’t boot off USB).  There will be a very limited amount of PCs available to participants to play the game from, so please bring your own laptop if at all possible. Participation is available all day (until 3pm), but only one sitting per participant.  So, participants can stop by anytime to participate for as long as they desire, so you can still sit in on some of the talks if you want. Prizes will be awarded to the top 10 in each of three categories: (1) most flags captured, (2) most targets captured, and (3) highest level achieved. Top prize in each category will be a Nexus 10 tablet (ready for Net Hunter), and more. Lastly, there will be a drawing from the list of all CTF participants for 12 vouchers to attend Chiron’s Cyber Attack and Defend Course to be held at their Augusta facility (dates for this course will be announced at BSidesAugusta). 

 

 

 

Organizers:

 

  • Doug Burks | @dougburks
  • Mark Baggett | @markbaggett
  • Lawrence Abrams | @vpnpoker 
  • Mike McDargh | @mmcdargh
  • Phil Plantamura | @philplantamura
  • Joanne Sexton 
  • Ron Martin

 

Volunteers:

 

 

Building "muscle memory" with Rekall

Comments (0)

You don't have permission to comment on this page.