When: Friday, 24 May, 2013, 9AM to Midnight
Where: 238 Santa Fe Dr, Denver, CO (Arts District)
Cost: Free
Registration closes when all tickets are gone or day of the event Friday, May 24th, 2013
Want to sponsor? Questions? Want to volunteer? Email us at bsidesdenver@gmail.com
Twitter hashtag = #BSidesDen
Schedule of Events
Time |
Presenter |
Discussion |
Abstract |
9 - 9:30
|
ALL
|
Coffee, breakfast, meet, and greet |
WAKE UP YOU HEATHENS!!
Get your #BSidesDen game going with some of the organizing committee's favorite local vendors including coffee by Ozo Coffee Roasters, Santiagos Burrito's and Moe's Bagels.
|
9:30 - 10:20 |
Fred Thiele @fgthiele |
Product is f*%&ing hard! |
Building a product is hard. It's even harder when you transition from a bootstrapped services company to a self-funded product company. The old saying of "no one cares about your product" is more than appropriate. In this talk I'll be sharing our experience as a company transitioning from a cash cow security consulting business to a money burning product company. Learn about how we came up with the idea, refined, funded, built and marketed it to the masses. There are a ton of great lessons learned out of this process. |
10:30 - 11:20 |
Justin Harvey
John Jackson
Stephen Roberts
Joe Bonnell
|
Panel Discussion: We See Dead Bits |
Wake up and smell the coffee..followed by the scotch! The informative, weird, and just plain scary observations of a forensics investigators. |
11:30 - 12:20 |
David Willson, @titaninfosec |
Active Defense: Can you do it legally; should you? |
Active Defense is growing in popularity and there appears to be no middle ground, either you are for it or against it. Also, there is no clear definition. My definition includes hack back at one end of the spectrum. When asked if it is legal most emphatically say "No." Despite people's emotions over this issue there are some legal avenues that can be approached. Active Defense, additionally, is a holistic approach. This talk gets into many of the issues and usually ends up in a firestorm of questions, accusations, and commentary. |
12:20 - 1:00 |
Argue amongst yourselves...
|
BBQ from Breck Brewery, with a side of controversy. |
Audience discussion to continue previous talk. Trust us, it will happen..
|
1:00 - 1:50 |
Steve Winterfeld |
Your cyber metrics suck so why should you get more money? |
If you can’t measure it then it is doesn’t matter. But measuring is not enough – if you measure the wrong thing you will do more damage than not measuring at all. This talk will help you understand how to build a program that will provide relevant information to technicians and managers to make smart decisions. It will address security, compliance, governance, Return On security Investments (ROsI) and most importantly (if you want to keep your budget) Enterprise Risk Posture metrics. It will address both small and large organizations should develop metrics based on the decision the targeted audience needs to make. Doing a great job is not enough – making ‘them’ understand the risks they have accepted and providing ‘them’ information to make smart choices requires developing a program they can understand. |
2:00 - 2:50 |
David Schwartzberg @DSchwartzberg |
Zeus C&C for Tech Support |
Inspired by Adam Johnson's presentation at GrrCON 2011 titled "ZeuS - Inside Command and Control" on how to build a ZeuS bot Exploit Kit Command & Control. I thought it would be fun to use this newly gained knowledge to build a C&C in an effort to provide tech support for my family members. Have you been in that situation where everyone you know comes to you with their computer problems? Just because you have a knack for technology, people you know seem to think that you enjoy fixing all their problems, most self-inflicted. Welp, here's your chance to help them and have some real fun. This mostly hand's on demonstration will walk through setting up your very own C&C and configuring the basic settings to get you started. When ready to rock, you will learn how to fun while fixing their problems. Live malware will be used during this presentation so make sure you turn off your WiFi. |
3:00 - 3:50 |
Francisco Anonymous
John Jackson
Pyr0
Brian Martin
|
Panel Discussion: Stump the Panel |
|
4:00 - 4:50 |
Danny Chrastil @DisK0nn3cT |
Show me your Cookies! -- Session Hijacking Made Easy |
Session Hijacking; we know about it, we can talk about it, but its one PITA to demonstrate to clients. This presentation will discuss in depth the different attacks against user session cookies including: breaking the httponly attribute, employing javascript libraries, creating stealthy attacks, etc. It will also introduce CookieCatcher, an opensource web based application to assist in session hijacking and managing stolen user cookies. |
5:00 - 5:50 |
Joshua Corman
Andrew Johnson
???
Brian Martin
|
Panel Discussion: Absolutely everything is pwnd.
|
This discussion will explore the implications assuming that *everything* is pwnd. What are the implications for privacy, and intellectual property? How does this realization change your mindset as to what you do, and why you do it?
|
6:00 - 6:50 |
ALL |
Dinner: Don't Debate Where You Eat? |
Each table will have a topic. You choose where to sit, promote and defend your ideas on the topic. |
7:00 - 7:50 |
ALL |
Mandatory Keg Time |
In case you didn't start in with the rest of us earlier!! |
8:00 - onward |
ALL |
Entertainment |
Whomp Truck!!! |
Sponsors
Interested in sponsoring? Email us at bsidesdenver@gmail.com.
Sidebars
In addition to great panelists and presenter discussions, BSides Denver is happy to announce the additional activities as part of the event this year!
CTF - Jeopardy Style!
- Local and Remote
- each will be seperate... meaning remote people wont compete with local
- Local will register on the day of the event in person
- Remote can register now, competition unlocks on day of event (May 24) ctf.bsidesdenver.com
- Requirements: bring your own computer. no VM required
CTF local winners:
@Syndrowm
Mantis
@Heinzarelli
CTF remote winners:
@essobi
@digiphilo
@sno0ose
- Categories:
- Web
- Forensics
- Crypto
- Misc
- Prizes For Local Winners
1st Prize - Hak5 Pineapple + Raspberry Pi
2nd Prize - Hak5 Rubber Ducky + Raspberry Pi
3rd Prize - Hak5 Rubber Ducky
-Prizes for Remote Winners
1st - $50 Amazon Gift Card + Hak5 LAN Trap + Twitter props
2nd - $25 Amazon Gift Card + Twitter props
3rd - $25 Amazon Gift Card + Twitter props
Lockpicking Village
You know the drill...no drills!
Video Interviews
In an effort to capture the thoughts of the community in a more lasting way, organizers have opted to include video interviews of participants in both formal and informal ways.
- Free style - Participants will be able to check out video cameras to conduct free style interviews of each other.
- Formal - BSides organizers will also be seeking out folks to participate in a formal video interview, the results of which will be made into a "short" film to be posted on the interwebs.
Planners and Volunteers (We need volunteers!)
- Joe Bonnell (@jobobreck) - Organizer
- Danny Chrastil (@DisK0nn3cT) - Organizer, CTF
- Jericho (@attrition.org) - Organizer
- Lance Miller (@wireheadlance) - Organizer
- Jeff Pettorino (@jpettorino) - Organizer
- Stig Ravdal (@stigmon) - Organizer
- Robb Reck (@robbreck) - Organizer
- PJ Torney - Organizer, Video and Streaming Production
Volunteers
Parking Info
Parking is limited directly in front of the facility. For those driving there are a number of parking options available with the best options being along Santa Fe, or Kalamath (1 block west of SF). Additional parking options can be found along 1st, 2nd streets, and Inca (one block east of SF). Parking in unauthorized lots will likely result in being towed at owners expense.
Public Transit
The closest RTD light rail station is 10th & Osage, an easy 20-minute walk away. You can also take RTD bus route 1 to Galapago & 2nd, then walk three blocks West to Santa Fe.
Local Hotel Info
The TownePlace Suites is approximately 1.2 miles from the con.
Tags for flickr, twitter, blog, etc.
Please use the tag #BSidesDenver for content related to this event
Comments (0)
You don't have permission to comment on this page.