• If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

  • You already know Dokkio is an AI-powered assistant to organize & manage your digital files & messages. Very soon, Dokkio will support Outlook as well as One Drive. Check it out today!

View
 

BSidesAugusta 2013

THIS PAGE IS FROM 2013 and is NOT the current page !

 

The most current site is located at www.BSidesAugusta.org

 

 

 

 

What is BSides ?


Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening.


When: September 14, 2013


Where: Georgia Regents University (formerly Augusta State University)
               Science Hall (rooms 1002 & 1008)
               2500 Walton Way
               Augusta, GA 30904


Campus Map: http://www.aug.edu/public_relations/asumap/index.html

 


View Larger Map

 

Cost: Free (as always!)

 

RSVP: http://bsides.eventbrite.com/#

 

Dates:

  • April 27 - CFP open

  • May 31 - CFP closed

  • June 30 - Speakers selected and notified

  • Sept 14 - BSidesAugusta

 

 

 

Questions? Want to volunteer? Want to sponsor? Email us at BSidesAugusta [at] gmail.com

 

Follow us on Twitter: @BSidesAugusta Hashtag: #BSidesAugusta

 

Schedule: 

September 14, 2013

Track 1 (Red Team) (room 1002)

Track 2 (Blue Team) (room 1008)

Lock Pick Village

9:00AM – 9:15AM

 Intro / Welcome to BSidesAugusta

 

 

 

 

 

 

 

* ALL DAY *

9:15AM – 9:45AM

Keynote: Richard Bejtlich

10:00AM – 10:45AM

Paul Coggin

Digital Energy BPT (Basic Persistent Threat)

Doug Burks

Peeling Back the Layers of Your Network in Minutes

11:00AM – 11:45PM

 Christopher Campbell & Matthew Graeber

A Minimalist's Guide to Windows Post-Exploitation

Brad Shoop & Chris Rimondi

Eyeing the Onion

12:00PM – 1:00PM

Lunch

1:00PM – 1:45PM

Mark Baggett

Windows - 0wn3d by Default

Martin Holste

Collecting Useful Security data for Incident response

2:00PM – 2:45PM

Tim Tomes

Look Ma, No Exploits! - The Recon-ng Framework

David Bianco

Enterprise Security Monitoring

3:00PM – 3:45PM

Ron Martin

Human Shields for your Network; or the Inadequacy of Current Security Awareness Training

TJ O’Connor

Why Every Defender Should Know How To Write Exploits

4:00PM – 4:45PM

Mike Jones

Unconventional Methodologies to consider in Information Security

David Coursey

Employing EMET for Application Security

5:00PM – 5:45PM

 

 

 

Keynote:

 

Richard Bejtlich is Mandiant's Chief Security Officer. He has more than 13 years of experience in enterprise-level intrusion detection and incident response working with the federal government, defense industrial base, and Fortune 100 companies.

 

Prior to joining Mandiant, Mr. Bejtlich was the Director of Incident Response for General Electric, where he built and led the 40-member GE Computer Incident Response Team (GE-CIRT). Before his work at GE, he operated TaoSecurity as an independent consultant, protected national security interests for ManTech Corporation's Computer Forensics and Intrusion Analysis division, investigated intrusions as part of Foundstone's incident response team, and monitored client networks for Ball Corporation. He began his digital security career as a military intelligence officer at the Air Force Computer Emergency Response Team (AFCERT), Air Force Information Warfare Center (AFIWC), and Air Intelligence Agency (AIA).

 

Mr. Bejtlich is a graduate of Harvard University and the United States Air Force Academy. He wrote The Practice of Network Security Monitoring, The Tao of Network Security Monitoring, Extrusion Detection, and co-authored Real Digital Forensics. He currently writes for his blog TaoSecurity (taosecurity.blogspot.com) and teaches for Black Hat.

 

Abstracts:

 

Paul Coggin (@paulcoggin)

Digital Energy – BPT (Basic Persistent Threat)

 

There is a great deal of conversation today regarding APT and critical infrastructure networks for ICS/SCADA, smart grid networks and service providers. The basic persistent threat (BPT) issues are being ignored in many cases. How can the APT be mitigated when the BPT issues have not been resolved? Typically, the technical capability to mitigate BPT many of the APT risks already exist in the installed HW/SW but proper attention to trust relationships, integration and interdependencies are overlooked. Close attention should be given to the often overlooked network vulnerabilities in the network architecture and protocols that enable BPT. In this presentation common network BPT issues that are often discovered during security consulting engagements will be discussed. BPT network architecture mitigations including separation of services for control, management and data traffic as well as securing and monitoring trust relationships and interdependencies will be covered.

 

Doug Burks (@dougburks)

Security Onion: Peeling Back the Layers of Your Network in Minutes

 

Traditional Intrusion Detection Systems (IDS) can be costly, difficult to install, and may not provide all the capabilities that you need to defend your network. Network Security Monitoring (NSM) combines traditional IDS alerts with additional data to give you a more complete picture of what's happening on your network. This presentation will demonstrate how to deploy NSM in just a few minutes using a free Linux distro called Security Onion.

 

Christopher Campbell (@obscuresec) & Matthew Graeber (@mattifestation)

Living Off the Land: A Minimalist's Guide to Windows Post-Exploitation

 

Two of the biggest challenges of long-term penetration tests are advanced security products and active administrators. Host intrusion prevention, application white-listing and antivirus software are all looking for your tools. Administrators and network defenders are doing everything they can to find you. Surprisingly, the easiest way to hide from them and homestead in a Windows enterprise is to live off the land. Microsoft provides you with all the tools you need to get into a network and live there forever. Tools such as Wmic, Netsh and PowerShell are well-known to administrators, but they also provide an attacker a whole range of virtually untapped features. By simply leveraging PowerSploit and a few tricks you can reliably bypass antivirus, get around whitelisting, escalate privileges, redirect network traffic, take full packet captures, log keystrokes, take screenshots, dump hashes, persist and pivot to other hosts all without introducing a single binary!

 

David Bianco (@davidjbianco)

Enterprise Security Monitoring: Comprehensive Intel-Driven Detection

 

This is a great time to be in the detection field!  More and more organizations are waking up to the fact that an effective detection program is a “must-have” to protect themselves against sophisticated threats.  This creates a market for high-quality threat intelligence, and many groups are stepping up to meet this demand.  With very little effort, your organization can connect to any number of quality data feeds, both commercial and free.  However, this can lead to it’s own problems:  almost no one is using threat intel effectively!  Now that you’re drowning in a sea of intel, how do you make sense of it all and ensure that you are making maximum use of this information to provide the best possible detection strategies for your organization?

 

When you fully leverage your knowledge of an adversary to rapidly detect and respond to their attacks, you deny them access to their trade craft.  You become a harder target and they feel the burn!  David developed the ESM method while creating and running the worldwide detection program at a Fortune 5 company.  Learn how to apply ESM in your org to bring the fight to the attackers!

 

Mark Baggett (@markbaggett)

Windows - 0wn3d by Default

 

In this talk we will discuss API Hooking, Process Execution Redirection, Hiding Registry keys and hiding directories on the hard drive. We must be talking about rootkits, right? Well yes, but not in the way you think. The Windows family of operating systems has all of these capabilities built right in! Using nothing but tools and techniques distributed and documented by Microsoft we can implement all of these rootkit functions. During this exciting talk I will be dropping 0-days like a mad man and present new attacks against Windows operating system that provide rootkit like functionality with built-in OS tools. The Windows family of operating systems provides native rootkit like capability. You just need to know how to tap into it!  Do DEP, ASLR, UAC, and Windows Resource Protection, File system ACLS and other modern OS security measures get it your way? No problem. Turn them off! Do you want to hide files and registry keys and from the user? Wouldn't it be nice if that old MS08-067 exploit worked on target system again? I'll show you how to fix that. Everything you need to subvert windows applications is built right into the windows kernel. Come learn how Windows is 0wn3d by default.

 

TJ OConnor (@violentpython)

Why Every Defender Should Know How to Write Exploits

 

All too often in our field of information security, we separate the roles of defense and offense. Often this is because of the very specialized training required in both domains. After spending fourteen years in the military that seems insane to me. The military has neither a defense team or an offense team of warriors but simply warriors that serve both purposes. For information security, we need to examine this in context of the exploit mitigation strategies employed on networks. Are defender-only versed defenders really doing the best job? Or is it worth it to get your hands dirty and really learn more about exploit development and the various creative methods the offense uses? This talk will step through some recent successful attacks and look at the various creative ways that attackers develop exploits to succeed and bypass mitigation strategies. In context, we will examine how a defender can do a better job knowing how the adversary thinks and acts.

 

Mike Jones (@saxdr)

What’s in your toolkit: unconventional methodologies to consider in information security

 

Intrusion detection is a challenging problem that has no easy solutions. In this talk, we look at some models that heretofore have not been commonly used in network security that may provide new insight into network awareness. State space, agent-based, and linear regressive models are discussed. Rudimentary knowledge of linear algebra, differential equations, and statistics are helpful, but not absolutely necessary, in understanding the topics being discussed.

 

David Coursey (@dacoursey)

Sheep and Sheepdogs: Employing EMET for Application Security

 

The Microsoft Enhanced Mitigation Experience Toolkit (EMET) is a free tool for reducing the risk of unknown software vulnerabilities. Easy to use and very powerful, EMET is the perfect addition to any organization struggling with endpoint security. This Tech Talk will showcase some of the capabilities of EMET and demonstrate its effectiveness.

 

Tim Tomes (@LaNMaSteR53)

Look Ma, No Exploits! - The Recon-ng Framework

 

I've been on the conference circuit for the last year preaching the importance of thorough reconnaissance as a part of the penetration testing methodology. I've talked about the principles of reconnaissance, how to accomplish it quickly and effectively, and even released a few tools to help along the way. In my latest tool, the Recon-ng framework, the power of reconnaissance has been taken to a new level. In this talk, I am going to discuss and demonstrate the power of the Recon-ng framework by walking attendees through a live reconnaissance scenario which starts with the tester having nothing but the framework, and ends in the tester gaining credentials to the target environment. All without sending a single packet to the target network. Come a skeptic. Leave a believer. Reconnaissance is king.

 

Brad Shoop (@bradshoop) & Chris Rimondi (@crimondi)

Eyeing the Onion

 

How do you make sense of the vast amounts of data Security Onion harvests from the packets that it sees? For users with little experience with Bro IDS, there is a learning curve one must ascend in order to maximize the value of Security Onion and ELSA to bring efficiency to detection and response. Security Onion for Splunk provides a powerful introduction to getting a better understanding of exactly what that information is so users can apply that understanding to maximize the value of ELSA. We will demonstrate the Security Onion for Splunk app, then show you how you can take your understanding of what you “see” there and apply it to ELSA for production deployments with techniques for parsing events and building dashboards. Lastly, we’ll demonstrate several dashboards we’ll be releasing.

 

Martin Holste (@mcholste)

Not BigData, AnyData: Collecting Useful Security Data for Incident Response

 

Security data comes from everywhere; all data is security data.  This talk will describe how to go about getting the raw data that you need and just as importantly, how to make it actionable.  Specifically, methods for collecting traditional as well as how to leverage data that isn't traditionally security data.  The talk will cover not only tricks for getting these sources of data collected, but also how to take the enormous amount of raw information and apply sound hunting and alerting methodologies using readily available tools.  Strategies and procedures at the organizational layer will be discussed, including how the org can best benefit from the security incident response process.

 

Ron Martin

Human Shields for your Network; or the Inadequacy of Current Security Awareness Training

 

End users are the primary targets of most cyber attacks. Primarily through Social Engineering (both technical and non-technical) attacks. The only defense against these attacks is effective user training. Many Information Security Awareness training programs tend to follow a pedagogic paradigm of reciting the types, tactics, tools, and motivations of hackers and cyber attackers. This methodology tends to miss the single most important focus for an adult learner: how does this apply to me? As Security professionals, the standard presentation of this type of information is more than adequate however; for the standard user, this information is nothing more than alchemy performed by modern
day Merlin's. Explaining the various types of attacks is important and necessary, especially Social Engineering, however; if we do not explain to the user why they would be the target of these methods, the training and time is wasted. Once the end user is adequately trained, we must endeavor to recruit them as part of our overall defense plan.

 

Sponsors:

 

Diamond Sponsors 

 

 

Gold Sponsors 

 

Silver Sponsors 

 

 

       

 

 

Events:

 

 

FALE came together around a common idea of general curiosity and persuasion of the public’s “right to know”. Formally founded in early 2010, the individuals involved in the initial organization already had a history in and love for the practice of locksport and of having a better understanding of the mechanisms we rely on so heavily to keep us secure. Beginning with four members meeting monthly, we have quickly progressed to bi-monthly meetings. We talk locks, picks, general security and a smattering of other topics when meeting, all towards the end of a better knowledge of and ability to communicate the effectiveness (or lack thereof) of so many security measures in place in current society. We hope that through these conversations and our efforts publicly we will help to educate the larger community on the proper use and understanding of locks and security measures encountered daily.

FALE will be hosting a Lockpick Village where folks can come by to talk about physical security, learn to pick locks or talk about advanced picking techniques and tips. Plenty of locks and spare picks to play with, so be sure to stop by!

 

Organizers:

 

  • Doug Burks | @dougburks
  • Mark Baggett | @markbaggett
  • Lawrence Abrams | @vpnpoker 
  • Mike McDargh | @mmcdargh
  • Phil Plantamura @philplantamura
  • Joanne Sexton 
  • Ron Martin

 

Volunteers:

 

  • Georgia Regents University
  • Fort Gordon 255S 

 

 

Task List:

     Tech 

  • Projector, White Boards
  • Photo
  • Video
  • Audio

 

 

Comments (0)

You don't have permission to comment on this page.