Announcing  2014 Vancouver B-Sides Security Conference - March 10 & 11, 2014 at the Chateau Granville Hotel

 

 

---

 

 

 

PAST CONFERENCES BELOW

 

 

 

 

 

 

 

 

 

B-Sides Vancouver Security Conference 2013 is over

Thanks for all of your support, it turned out amazing!

 

 

Conference talk slides are slowly being posted here: http://goo.gl/la5Cf

 

 

Sponsors

We are very excited for 2014 and slowly looking for 2014 sponsors.

If you are interested in sponsoring please email us for a Sponsor Kit Request: bsidesvancouver (at) gmail (dot) com

 

 

Twitter: https://twitter.com/BSidesVancouver

Facebook: https://www.facebook.com/BSidesVancouver

Google+: https://plus.google.com/103052530544309943729

This page: http://bit.ly/BSidesVancouver

2013 Event page: BSidesVancouver-2013

 

 

Please use the hash tag #BSidesVancouver for content related to this event

 

Support

If you are interested in volunteering to help out during the event, please send us an email at < bsidesvancouver (AT) gmail (dot) com >

 

 

Planners

•  Yvan Boily - yvanboily (at) gmail (dot) com  @ygjb
•  Darren Thurston - darren.t.thurston (at) gmail (dot) com @hard_mac

 

 

Sponsors
Additional sponsors TBA
Special Thanks to:

 

 

SCHEDULE

 

Day 1 - Monday March 5	Main Room	Room 2
9 AM - 10 AM	Coffee - Registration	Coffee - Registration
9:45 AM - 10 AM	Opening Remarks
10 AM - 11 AM	The Rising Tide of Ransomware - Chester Wisniewski @chetwisniewski
11 AM - 12 PM	Cataloging Security Incidents with VERIS - Kevin Thompson @bfist
12 PM - 12:30 PM - LUNCH	FireTalk - Safely Hacking Allen-Bradley PLC's - Andrew Fischer	Lunch Break - Fire Talks
12:30 PM - 1 PM - LUNCH	FireTalk - Additive Manufacturing (3d printing) changes everything - Matthew Peters (Loial)	Lunch Break - Fire Talks
1 PM - 2 PM	Being an Avivore - Searching Twitter for Data - Colin Keigher @afreak
2 PM - 3 PM	New Exploitation and Obfuscation Techniques - Roberto Salgado @LightOS
3 PM - 4 PM	Finding 0day/APT in memory with memory white lists & visualizations - Shane Macaulay
4 PM - 5 PM	Taming the House of Cards: Creating a Resilient Enterprise - Rafal Los @Wh1t3Rabbit
5 PM - 5:10 PM	Closing Remarks
Day 2 - Tuesday March 5	Main Room	Room 2
9 AM - 10 AM	Coffee - Registration	Coffee - Registration
9:45 AM - 10 AM	Opening Remarks
10 AM - 11 AM	Exploiting Routers for Fun and Profit - Pedro Joaquin @_hkm & Paulino Calderon @calderpwn
11 AM - 12 PM	SCADA IPS Signature Evasion - Frank Marcus
12 PM - 12:30 PM - LUNCH	Fire Talk - Analysis of malware assisted financial crimes - Ruan Muller @ruan_muller	Lunch Break - Fire Talks
12:30 PM - 1 PM - LUNCH	Fire Talk - Netsploitation Economics And You - @wepIV	Lunch Break - Fire Talks
1 PM - 2 PM	Memory Analysis with Volatility 3 - Vincent Ohprecio @bigsnarfdude
2 PM - 3 PM	Dr. Strangelog: or How I Stopped Worrying And Learned To Love The Log - Alex Dow @SkynetOperative
3 PM - 4 PM	The Evolving Web Security Model - Ian Melven @imelven
4 PM - 5 PM	Keynote - Security Lessons from Star Wars - Adam Shostack @adamshostack
5 PM - 5:10 PM	Closing Remarks
6:00 PM - 7:30 PM	Speakers Dinner
7:30 PM - 9 PM	---

 

 

 

 

 

 

 

 

 

 

 

Accepted Talks Abstracts & Speaker Bio's

 

DAY 1

 

Title: The Rising Tide of Ransomware - Chester Wisniewski

Abstract: Ransomware is quickly taking the place of fake anti-virus as the scam du jour for Eastern European criminals. This talk will look at the long sordid history of holding people's PCs for ransom and the techniques being used to ensnare victims today.  I will discuss the encryption techniques being utilized, how they launder the cash and the methods being used to infect victims. Social engineering is a major component of these scams, but they do not solely rely on trickery.

Speaker Bio: Chester Wisniewski is a Senior Security Advisor with computer security firm Sophos. Chester has more than 15 years experience hacking and using the hacker mindset to try and better protect peoples asse(t)s. Chester speaks on security topics at conferences around the world including RSA, SecTor, Source, BSides and Virus Bulletin. 

 

Title: Cataloging Security Incidents with VERIS - Kevin Thompson

Abstract: Many Information Security professionals are familiar with the Verizon Data Breach Investigations Report (DBIR).  But do you know anything about the VERIS framework that supports it?  I will explain the Vocabulary for Event Recording and Incident Sharing (VERIS) and show you how you can use this open framework to record the same information about your security incidents that Verizon uses to produce the DBIR. 

Speaker Bio: Kevin Thompson is a researcher with the Verizon RISK team where he performs research on the ever-changing risk environment, investigates all manner of security incidents, and helps to develop solutions and knowledge based on credible data and analysis.  Kevin is one of the researchers working on the wildly popular Data Breach Investigations Report and the underlying VERIS framework.  Prior to working for Verizon, Kevin has worked in information security and risk management in higher education, health care, and the U.S. Navy.  Kevin is CISSP certified, and is a FAIR certified risk analyst.  Kevin also serves on the board of directors for the Society of Information Risk Analysts and is an adjunct faculty teaching information security and risk management at Minnesota State University, Mankato.

 

Title: Being an Avivore - Searching Twitter for Data - Colin Keigher

Abstract: Twitter has been with us for almost seven years and in this time it has become ubiquitous in society. As it has become popular, it has managed to creep into our lives and businesses and it is beyond unusual if you've never heard of it. With it becoming mainstream comes privacy problems. However, these problems are not the fault of Twitter itself, but of its users not understanding what they're putting out there.  This talk will discuss finding data on Twitter that really shouldn't be on there. These things include personal details about an individual, sensitive company information, and other oddball data that I've stumbled across. In addition, I will discuss efforts by other individuals and what marketers may or may not be doing themselves. Lastly, I will also be introducing and releasing a tool that allows one to search for the data themselves effortlessly.

Speaker Bio: Colin Keigher is a long-time security enthusiast who cannot help but poke at something he sees. He is a long-time member of the Vancouver Hack Space (hackspace.ca) and presently works for a major security vendor. His website is afreak.ca and he can be found rambling on Twitter as @afreak.

 

Title: New Exploitation and Obfuscation Techniques - Roberto Salgado

Abstract: I will present some of the newest and most advanced optimization and obfuscation techniques available in the field of SQL Injections. These techniques can be used to bypass web application firewalls and intrusion detection systems at an alarming speed. I will also demonstrate these techniques on real firewalls and present the alpha version of a framework I am developing; this framework is designed to assist security professionals, IT administrators, firewall vendors and companies test their firewall rules and implementation to determine if they are an adequate enough defense measure to stop a real cyber-attack.  Many of the techniques that will be presented are currently some of the fastest methods of extracting information from a database through SQL Injections. I will demonstrate how to reduce the amount of time it takes to exploit a SQL Injection by over a third of the time it would normally take. I will also demonstrate why firewalls and intrusion detection systems are not the ultimate solution to security and why other measurements should also be implemented.

Speaker Bio: As an Information Security specialist, I have always been passionate about my line of work and have had several years of experience researching and experimenting in my field. In saying this, my expertise is brought forth by my continuing commitment to exploring the cutting edge of today's security challenges, and finding solutions to these security problems. This driving passion has given me the opportunity to participate and contribute to great projects such as Modsecurity, PHPIDS, SQLMap and the Web Application Obfuscation book. I also created and maintain the SQL Injection Knowledge Base, an invaluable resource for penetration testers when dealing with SQL Injections. Additionally, I enjoy creating SQL Injection challenges for both the security community and myself to learn from.

 

Title: Finding 0day/APT in memory with memory white lists & visualizations - Shane Macaulay

Abstract: Using forensic techniques to isolate code from memory dumps we are then able to validate (using cryptographically secure hash functions) extracted pages of memory. We will show that using white-lists to validate memory eliminates guess work and very quickly reduces voluminous amounts of unknown data dumps into; verifiable, organized and high assurance information. A demonstration and visualization will be created that shows mapped binaries into virtual address space and how it is organized into physical memory.

Speaker Bio: Shane Macaulay is a long time computer security professional. He has spoken at a number of industry conferences on topics ranging from polymorphic shellcode, incident response/forensics, reverse-engineering and exploit development. He is also an alumni member of the honeynet project.

 

Title: Taming the House of Cards: Creating a Resilient Enterprise - Rafal Los @Wh1t3Rabbit

Abstract:  Resilience should be every enterprise's goal, large or small, but even after you've understood what this means, the steps to resilience aren't simple. This talk will discuss how to baseline enterprise resilience, how to appropriately define a resilient state from risk tolerances, how to implement practical steps to increase resilience, and then how to measure real gains made. Whether the goal is to maintain operational capacity in the face of a DDoS, or to identify an active information exfiltration - your enterprise needs to detect, respond and restore within risk tolerance and given available resources. Understanding what steps to take to ensure this happens, isn't black magic or guess-work, but it does take the right mix of knowledge, resources, and capabilities.

Speaker Bio: Rafal Los, Senior Security Strategist at Hewlett-Packard Software, brings a pragmatic approach to enterprise security.  Combining over a decade of technical, consulting and management skills in Information Security, he uses experience to build bridges between technology and people, effectively "hacking the boardroom".  As a sought-after writer and speaker he currently focuses on the various strategic aspects of enterprise security and emerging technologies to empower business to be agile. He is an advocate for focus on sound security fundamentals and is a contributor to open standards and organizations - volunteering his time to groups such as OWASP and the Cloud Security Alliance.  His blog, Following the White Rabbit, is his unique perspective on the various aspects of enterprise security, emerging technologies, and current events and can be found at http://hp.com/go/white-rabbit. Prior to joining HP, Los defined what became the software security program and served as a regional security lead at a Global Fortune 100 contributing to the global organization's security and risk-management strategy internally and externally. Rafal prides himself on being able to add a 'tint of corporate realism' to information security. Rafal received his B. S. in Computer Information Systems from Concordia University, River Forest, Ill.

 

DAY 2 

 

Title: Exploiting Routers for Fun and Profit - Pedro Joaquin @_hkm and Paulino Calderon @calderpwn 

Abstract: The importance of security in home routers is wrongly diminished. Vulnerable routers pose a dangerous threat as all of our information passes through these devices. What happens when someone has complete control of your router? How many vulnerable devices are there? How common are these attacks? How difficult is it to exploit them? We recently gathered a massive amount of Web server banners to identify common networking devices / home routers. In this presentation we will show the results and review their current state of security and the impact of the vulnerabilities that affect them. Demos of the exploitation of the most important vulnerabilities will be shown. This includes a couple of 0days, backdoors, botnets and advanced blended threats.

Speaker Bio: Pedro Joaquin has more than 12 years of experience working in the security field, Pedro has worked with the top financial institutions in Mexico doing penetration testing, forensics, malware analysis and training. Eleven years ago he founded the largest Mexican hacking and security forum called Comunidad Underground de Mexico. The members of this community organize security meetings all over the country. His research mainly focuses on web security and discovering embedded devices vulnerabilities. His research blog is: http://www.hakim.ws where he publishes vulnerabilities in home routers, such as 2Wire, Huawei, Thomson, SpeedStream, Motorola. He has been a speaker at many national and international conferences, including Black Hat, ShmooCon, DEFCON, ToorCon, H2HC and BugCon. 

Paulino Calderon is a passionate software developer and penetration tester. He is experienced in hardening, administering and pentesting IT infrastructures and web applications in PHP/Perl/Ruby/Python/Java/ASP. He loves to contribute to the open source community. In the summer of 2011, he was part of Google's Summer of Code working with the Nmap project. His work focused on writing new NSE (Nmap Scripting Engine) scripts related to the HTTP protocol. His first publication Nmap 6: Network Exploration and Security Auditing Cookbook covers over 120 useful tasks with Nmap for pentesters and system administrators. He has been a speaker at international security conferences such as Hacker Halted Miami, Security Zone Colombia and BugCON in Mexico. In his spare time he loves writing and breaking mobile software.

 

Title: SCADA IPS Signature Evasion -  Frank Marcus

Abstract: Increasing awareness of the lack of robustness and security testing that SCADA systems undergo has lead to a massive scale of vulnerability discovery in dozens of industry leading automation solutions.  A popular way to combat the increased volume of public disclosures have been the development of vulnerability signatures for a number of IDS/IPS solutions, but the current environment of information sharing (eg, MS MAPP) is severely lacking and immature for SCADA vendors and operators.  Further compounding the challenges for security vendors are unique issues of acquiring, configuring and administering automation software and hardware.  The result is signature performance issues that are reminiscent of the early days of IDS; SCADA sigs are written using incomplete information, resulting in an excessive number of false positives, or the sig tightly matches the known exploit and suffer false negatives.  Through lessons learned during our own signature development process and review of various industry implementations we have come to ask ourselves; What is the quality and fidelity of SCADA signatures and is it comparable to signatures for common enterprise software?  To help answer this question, we have developed a tool to generate variations of known PoC exploits and will discuss the results of using this tool to analyze some open-source SCADA IPS rules.

Speaker Bio: Focused on Industrial Network Security since 2005, Frank has done numerous penetration tests, network assessments, device assessments and certifications for both operating companies and equipment OEMs in the Oil & Gas and Electrical Generation, Transmission and Distribution sectors.  He has discovered and responsibly disclosed numerous vulnerabilities on SCADA software and embedded systems.  

 

Title: Memory Analysis with Volatility 3 - Vincent Ohprecio

Abstract: This discussion will cover the complete life cycle of memory acquisition and analysis for forensics and incident response, using Volatility 3.  The Volatility Framework has been referred to as the Python version of the Windows Internals.  We'll conduct real-time analysis and examine Volatility's plug-in capabilities.  Learn about Volatility 3 and see the newest preview of the interactive shell and how live memory forensics can be fun. This presentation will demo the cutting-edge research in reach of DFIR practitioners. See how the Volatility has pushed the technical advancement of the digital forensics field.  Join us and learn more about this outstanding tool.

Speaker Bio: Vincent Ohprecio is a 'security geek' turned software engineer and big data wannabe. He has held positions at the City of Vancouver for the 2010 Vancouver Winter Olympics, worked at one of the 'Big Four' consulting firms and he spent time fighting crime with the RCMP where he investigated major international crime. He has spent over 17 years in both the law enforcement and private IT sectors. 

 

Title: Dr. Strangelog: or How I Stopped Worrying And Learned To Love The Log - Alex Dow @SkynetOperative

Abstract: Implementing Firewalls, Intrusion Prevention Systems and Antivirus solutions will get you compliant but solely relying on them will get you breached. Current and future cyber threats unlike rule based security appliances are adaptive and will customize their attacks to circumvent all of your security controls including your most vulnerable: the human element. This talk will focus on the nature of sophisticated targeted attacks, why robust security controls fail to detect the attacks and how we can detect the undetectable threats by leveraging event correlation and data visualization.

Speaker Bio: Growing up at the dawn of the consumerization of the Internet, Alex developed a keen interest in cyber security at a very early age. The confluence of insecure computers interconnecting for the first time, the emergence of viruses such as 'NetBus' and the release of the movie 'Hackers', propelled Alex into the underground world of hacking and has fueled his interests and passion for Internet security and protecting the erosion of personal privacy. 

Over the past decade, Alex's personal interests, experience and technical foundation has supported his calling, which has included working within mission critical security operation centres, implementing next generation network surveillance solutions, running the Vancouver 2010 Olympic HoneyNet and assisting in the design and implementation of lawful access infrastructures. Currently Alex is focusing on next generation SIEM technologies and enterprise security architecture, providing enterprises with advanced situational awareness capabilities and holistic pragmatic approaches to securing complex systems. 

Beyond the ether, Alex is an active member in the open source DIY Drone community which is devoted to designing and building semi-autonomous aerial vehicles at a fraction of the cost of commercially available aerial surveillance platforms. The DIY Drone and Internet security communities have leveraged these low-cost aerial platforms in several proof of concept projects proving covert aerial surveillance, wireless communication interception and even mobile network cell tower spoofing has been consumerized.

 

Title: The Evolving Web Security Model - Ian Melven @imelven

Abstract: The web security model started with the "same origin policy", a simple host/port/scheme check. Starting from these humble beginnings, security and web experts have joined forces and invented all sorts of mechanisms to help protect web sites and users. This talk will discuss existing web security mechanisms such as Content Security Policy, Strict Transport Security, HTML5's iframe sandbox, and CA pinning. It then looks to the future where WebAPI's (providing functionality similar to that of native apps) may further evolve the ever more complex (but safer, we hope) state of web security.

Speaker Bio: Ian Melven is a security engineer at Mozilla. He has previously worked in technical security roles at companies including Adobe, McAfee, Symantec, and @stake.

 

Title: Keynote - Adam Shostack

Abstract: TBA

Speaker Bio: Adam helped found the CVE, the Privacy Enhancing Technologies Symposium and the International Financial Cryptography Association. He has been a leader at a number of successful information security and privacy startups, and is co-author of the widely acclaimed book, The New School of Information Security. Shostack is currently a principal program manager on the Microsoft Trustworthy Computing Usable Security team, where among other accomplishments, he shipped the Microsoft Security Development Lifecycle (SDL) Threat Modeling Tool and the Elevation of Privilege threat modeling game as a member of the SDL team.

 

 

Fire-talks 

 

Title: Safely Hacking Allen-Bradley PLC's - Andrew Fischer

Abstract: With all the hype about ICS / SCADA (in)security, most vulnerabilities are focused on simple DOS attacks. There is much more at risk than just availability and Allen-Bradley PLC's in particular are vulnerable to compromise with virtually no unintended risk to the controlled systems. 

Speaker Bio: I do physical, information, and SCADA security for a water and sewer district in the greater Seattle area. I also do some consulting on the side.

 

Title: Additive Manufacturing (3d printing) changes everything - Matthew Peters (Loial)

Abstract:  Additive manufacturing is poised to change the world we live in. It promises Star Trek style replicators that can make anything, printing or replacement body parts, just-in-time printing of buildings, vehicles etc. but what is the truth about it. Where are we currently at with the technology. What is the future and what impact will it have on the world. This talk will center around the entry level printers available and what is coming on the horizon for those.

Speaker Bio: I'm a member of Vancouver Hackspace, a designer of additive manufacturing machines and a little insane. Before designing 3d printers I worked in IT, furniture design and fabrication, electronics design and, of all things, am a certified baker.

 

Title: Analysis of malware assisted financial crimes - Ruan Muller
Abstract: Analysis and dissection of the time frame of events surrounding the detection, analysis, response and lessons learned from malware assisted financial crime targeting large companies.  

Speaker Bio: Ruan has a passion for tinkering, and occasionally breaking things; horribly. His mission as a security consultant, as in life, is to design and build systems to keep people, information and things safe from harm. With a propensity for asking "why" much too often and an unhealthy obsession with UAVs, Ruan has been provided opportunities to work on interesting projects, taking him from the Canadian subarctic to the jungles of West Africa.

 

Title: Netsploitation Economics And You - @wepIV

Abstract: Computer Network Exploitation actors have a variety of motivations, however, the one unifying trait is that exploiting information assets costs money. Attackers don't spend big money unless they think they're getting paid at the end of the day (nobody robs a bank that doesn't have any money). This talk will examine the costs of doing business as an attacker, income streams and will focus on what all this means to defenders as they examine the threats that they face. The first part of the talk will cover the value of different information and assets to attackers as well as attacker toolsets and the costs of tools involved. Followed by Q&A.

Speakers Bio: I like making things, but most of all I like breaking things. I come from a background of full-scope red teaming, and I currently work on software security and response at Microsoft.

 

 

-30-

 

;-)

 

/hack hack hack hack