You're probably looking for Security B-Sides MSP 2016 in MN
Check out what BSidesMSP 2015 did.
Good news everyone! Saturday August 23, 2014 is Security B-Sides MSP at the Nerdery!
#BSidesMSP <-- LITE UP THE HASH TAG | FOLLOW US OVER HERE --> @BSidesMSP & G+
@BSidesMSP Mailing List <-- SUBSCRIBE | BOOKMARK --> www.bsidesmsp.org
Online schedule for BSidesMSP 2014 via KhanFu
http://khanfu.com/m/iphone/42
USTREAM Link:
http://www.ustream.tv/channel/nerdery-tech-talks
CALL FOR PRESENTERS IS: CLOSED
TICKET SALES ARE: CLOSED
250+ in attendance including uStream
REGISTRATION: STARTED AT 8AM
EVENT: WAS AN AMAZING SUCCESS
SPONSORS ARE: Being recruited for our next event!
Contact sponsor@bsidesmsp.org with interest.
Press release via The Nerdery
We're on WCCO TV and KSTP and repeated across the globe!
We're featured in Twin Cities Business Magazine
We're featured in CSO Online along side Lt. Col. (Ret) William Hagestad II
Pics from BSidesMSP 2014 at our Google+ Community
Crypto Party Materials via @pauldokas & @threatbucket:
Session 1, Session 2, Session 3, Session 4
BSidesMSP 2014 Documentary
We host at DigitalOcean and love it, help support our hosting costs
by trying Digital Ocean you get a $10 immediate credit, and we get $25.
Speaker Videos from the 2014 uStream
HACK THE PLANET
info@bsidesmsp.org
IN MEMORIAL: Craig K. Harmon
What is BSidesMSP?
BSidesMSP is:
- A free security conference for hackers by hackers, in the Upper Midwest by Midwesterners.
- Why? Why not. Because, Minnesota Nice.
- Engaged, Happy Hackers, Protecting Planet Earth
Why support BSidesMSP?
More information
When? Saturday August 23, 2014 at the Nerdery
Leads: Matthew J. Harmon (Lead Coordinator/Organizer) Jeremie Kass (Treasurer), Nick Ries (Volunteer Coordinator), Amanda Hull (Chief Food Officer & Vendor Wrangler) David LaBelle (Safety Team), Paul Dokas & Brandon Ford (Crypto Party), Chad Rikansrud (CTF), Charles Neely (Exhibitor Village), Rachel Adams & Michael Haffley (Marking & Communications), Jason Herbst (Audio / Visual), Ron Fresquez (Speaker Wrangler), Brad Ammerman (Re-founder and Parking)
Volunteers? Spenser Reinhardt, Phil Reno, David Anderson, Brian Fackler, Daniel Rhurson, Bryan Platz, Chris Frederic, Loren Anderson, Jessica Hebenstreit, Art Christofferson, Lamine Youla, Rosalia O'Neil, Tim Jensen, Megan Carney, Maddie, Mike Dunn, William Martinez, Clara James, Jerome Crea, Roger Hagedorn, Saul Alanis, Gabe Franz, Kevin Thompson
Advisors? Darlene Tester, Mark Kikta, Natascha Shawver
Presenters? LtCol William Hagestad II (@RedDragon1949), Rafel Los (@Wh1t3Rabbit), Mike Saunders (@hardwaterhacker), Leonard Jacobs, Dr. Jared DeMott, Paul Dokas (@PaulDokas), Bryan Platz
(Contact information)
Schedule (also via KhanFu)
(Track Schedule PDF and Online + Offline at KhanFu)
Tri-Fold Flier
Front
Back:
( BSidesMSP2014_TriFold.pdf for Printing)
CPR/AED Training by Bryan Platz
Three sessions through out the day! Learn hands-on life saving human body hacking. This is like no CPR and AED training you've experienced before!
Theater Track
Theater track presenters were voted on by the community after submissions to our (extended) open Call for Papers and were vetted by an independent party. There were two separate rounds of community voting: first, through subscribers to the mailing list (https://bsidesmsp.org/mailing-list) and then a second round of voting to the early event registrants. The beginning and ending keynotes were by special invitation to kick off and close the event.
Opening keynote by Lt. Col. William Hagestad II (@RedDragon1949)
Hagestad Presentation Summary:
Chinese Use of the Computers & Networks as a Strategic Weapon System Facts & Field Experience regarding the Mainland Chinese history of cyber risk to the World and associated economic reward for the Middle Kingdom.
Hagestad Bio:
LtCol Hagestad is an internationally recognized & respected authority on the People's Republic of China's use of computer and information network systems as a weapon. He speaks internationally on the subject of China's hegemony in the information age. In 2012, LtCol Hagestad's first book "21st Century Chinese Cyber Warfare" debuted. In 2013 he published another seminal work about the People's Republic of China's Cyber Activities "Operation Middle Kingdom: China's Use of Computers & Networks as a Weapon System." In 2014 LtCol Hagestad published a third work "Chinese Information Warfare Doctrine Development 1994" LtCol Hagestad provides current cyber threat assessments to international defense, intelligence and law enforcement entities. He speaks both domestically and internationally on strategic information security threats Chinese Cyber Threat. LtCol Hagestad's education includes a Bachelor of Arts in Mandarin Chinese, with minor emphasis in Classical Chinese and Modern Japanese, University of Minnesota. He earned a Master of Science in Military Strategy from the US Marine Corps Command & Staff College in 2002. He holds a Master of Science in Security Technologies from the College of Science & Engineering, University of Minnesota and a Master of Science in the Management of Technology from the Technological Leadership Institute, University of Minnesota.
Title: Problems with Parameters by Mike Saunders (@hardwaterhacker)
Talk description;
The Internet has a soft underbelly that renders it vulnerable to attack - Web Applications. As the rest of the information security industry gets better at hardening servers and locking down networks, these web applications provide attackers with a target that can be easily exploited.
Bio:
Mike Saunders has spent the last seven years as an incident handler, web app and network pen tester, and architect. Having seen the same failures over and over again is ready to share his knowledge with the community. This talk is intended for anyone who writes or analyzes web applications or who helps developers secure them.
Title: Using Your Brain to Beat the Hackers by Leonard Jacobs
Zero-Day Attacks, Advanced Persistent Threats, and other types of unknown malware have been specifically constructed to bypass modern defense. Thus, improved threat detection is essential. We have become too dependent on threat detection software and devices. Threat monitoring, detecting behavioral changes, can overcome the limitations of signature-based intrusion detection and anti-malware heuristic analysis ... but only after analysis by the human brain.
This presentation accepts that attacks are inevitable and that detection is critical for containment. However, the machine alone cannot determine whether a threat is real. The human brain is needed.
Title: AppSec: Overview, Deep Dive, and Trends by Dr. Jared DeMott
In this presentation we will describe Application Security, dive into 3 pillars (static, dynamic, and manual analysis), and discuss current trends.
Application Security is a process improvement exercise, but depends more on the skill of the humans involved that other more mechanically oriented processes. Developers with the right skillset and training will produce better code than those without. And security architects and penetration testers will find more bugs if they have deep security experience and skills. Even so, bugs will be missed in peer review and formal code audits. Thus a solid process with a variety of techniques, are required to examine programs from all possible angles.
In terms of code auditing we’ll talk about three popular bugs: use-after-free, type confusion, and double fetch. We’ll briefly describe each bug and show examples to help code auditors think about how to find such bugs in their source.
Fuzzing is one of the popular dynamic testing techniques to hunt within the fully compiled binary for bugs missed in other types of testing. We’ll walk through an example of file fuzzing and network fuzzing. For file fuzzing we’ll use the peach framework and for the network example we’ll use Sully.
This talk includes a perspective managers will appreciate, as well as the technical skills your code folks enjoy and require.
Title: World-class network defense, or, How I learned to ignore vendors and use tools that work. by Paul Dokas (@PaulDokas)
World-class network defense, or, How I learned to ignore vendors and use tools that work.
Open source tools can be used to create a defense system for your network that actually works. Tools like Snort/Suricata, Bro, various logs, and PCAP capture and analysis systems can be used to build a network that functions well and won't crush your budget. This talk is non-commercial and includes no FUD, no APT-worthy buzzwords ... no bullshit.
We will discuss common data sources, what they are, how to collect from them and what to do with the data. We will also cover the big picture of network defense and ways to piece together a network security monitoring (NSM) system. Finally, we will explore processes
that we can go through to use these tools without breaking your budget for either time or money.
Ending Keynote by Rafal Los
Topic Succeeding in Security by Measuring Your Failure
Every company, ever, has weaknesses they cannot account for. Open weakness have a way of being exploited. This leads us to believe that it is only a matter of time before the organization you defend will be breached and hacked - so what? Being breached is not a binary end-state. If we take that as a possible truth than we have to figure out how to measure the shades of the gradient which are the result. Here, in the failures, we can find success. I believe it is critical to measure, but figuring out what to measure, is almost as figuring out how to do that measurement effectively. I believe this is one of the key challenges enterprise security professionals face today - and the key to any success we will be able to claim. Understanding our challenges against business goals, measuring positive/negative impact of program items, and effectively communicating these measurements are skills you must have if you want to really be effective at security in the corporate world.
Crypto Party Track
Announced!
PGP Key Signing
Coordinated with BigLumber
"This key signing will be part of BSidesMSP (https://bsidesmsp.org/). The key signing event will start at approximately 1pm. If you are interested in participating in the key signing, but are not registered for BSidesMSP, then please contact me (paul@dokas.name) and let me know that you are interested."
How much? Attendance to the event is FREE, but registration is required!
Sponsors
Facility Sponsor
The Nerdery
Promotional Sponsor
(ISC)2 Twin Cities Minnesota Area Chapter
(ISC)2 Chapter Twin Cities Area
Council on Cyber Security
Council On Cyber Security
IANS Research
IANS Research
Official Security B-Sides MSP Barber
Circle H Barber Shop
Mention Security B-Sides MSP Conference and get $5 off.
CTF Sponsor
Capture the Flag (CTF) 365 Security Training Platform
Financial Sponsors
Dakota State University
Milton Security Group
titania
Bromium
Symantec Website
Netsecuris Website
Global Velocity
Silent Circle
IT Risk Limited
(FIRST Financial Sponsor, In-Kind, Infrastructure, Staff, and Design Support)
Palo Alto Networks
Midpoint Technology
Check Point
Memberships
Sponsor Information
FREE? Nothing is free, you mean you need sponsors right!? YES. Email sponsor@bsidesmsp.org if you are interested in sponsoring Security B-Sides MSP 2014 or treasurer@bsidesmsp.org to make payment arrangements.
Will there be money for speakers transportation, lodging and stuff? I really wish I knew. Yes. I hope so. Maybe. It's classified. Why? Would you like to sponsor a speaker? Email sponsor@bsidesmsp.org
Volunteer Coordination - https://groups.google.com/forum/#!forum/bsidesmsp2014-volunteers
What needs sponsoring & volunteering? Let's talk. Everything.
Yes, we are now members of the Minnesota Council Of Nonprofits!
Security B-Sides MSP is a Minnesota 322B.975 Not for Profit Limited Liability Company, contributions to Security B-Sides MSP are not deductible for federal income tax purposes as charitable contributions
Comments (0)
You don't have permission to comment on this page.