Loading…
BSides Austin 2018 has ended

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Technical [clear filter]
Thursday, March 8
 

9:00am

Containers: It’s Not Your Mamas Tupperware
The technical community is all a buzz about containers but does anyone really know what they are? We will take the journey together , learning about the evolution of containerization technology. Understanding virtualization, Linux containers, and then moving on to cover the basics of Docker and Kubernetes.

Speakers
avatar for Ell Marquez

Ell Marquez

Ell s been part of the Rackspace family for three years as a Linux Administrator and OpenStack Technical Trainer. In this time she has developed a strong passion for education, mentorship and helping breakdown the barriers keeping new blood from our industry.Brandon has been involved... Read More →


Thursday March 8, 2018 9:00am - 10:00am
Stadium

1:30pm

The Human Pentest
The mantra of any good red teamer is, “hope for the best, but plan for the worst.” In this talk, we will cover tactics and approaches that can be leveraged to achieve client goals and provide value, even when having to operate within tight logistical constraints. Various stories will be used to provide examples of merging social engineering with physical and logical access during physical red team assessments to ultimately achieve success.

The talk will follow a network pentest theme to help bridge the gap between logical and physical pentesters and also provide examples of how these two types of skills can complement each other, especially in more physically locked down environments.

We will start off with covering the planning process for three different scenarios: brute force, insider attack, and planned attack. Next, we will review “needed” vs. “would be nice to have” tools (for achieving both physical and logical access as well as persistence) and the prep work once a methodology has been agreed upon with the client.

We will then go into tips on what a red teamer should know and do while conducting the assessment such as identifying cameras, sweeping the office before sitting at a computer and preparing hiding areas for nighttime patrols. The talk will also cover more in-depth tactics such as tips for achieving logical access as well as what to focus on once you obtain domain administrator or other high-level privileges within the network. Finally, we will cover worst-case-scenarios and tips for moving forward with an assessment when nearly all hope of reaching the final objective is lost.

Speakers
SL

Summer Lee

Summer Lee (crazian) is part of the Threat & Attack Simulation (TAS) team for GuidePoint Security. She started using social engineer tactics at a very young age which led her to have a special interest in physical Red Team engagements. Crazian is an Army veteran who has been active... Read More →


Thursday March 8, 2018 1:30pm - 2:30pm
Lil Tex Auditorium

3:30pm

Choose Your Own Adventure: A Career Guide to InfoSec
Information security (infosec) is a very broad field that may seem to have a high barrier of entry from the outside. If all you know of infosec is from exaggerated news or security conference press coverage, it may seem that many of the engineers and researchers in the fields are as much magicians as they are scientists. That’s rarely the case. STEM fields have many different specialities that each have their own skill sets and focus. Practitioners form a base set of foundational skills and then dive deeper into specialized skills depending on the focus; infosec is no different. This talk intends to break down the field of infosec into some high-level fields of expertise and break down the skills needed to pursue one of the many types of professional jobs available in the industry. This will reveal foundational skills that are helpful no matter which field of infosec you might focus on, as well as some recommendations for next-steps to enhance your field-specific knowledge.

Speakers
avatar for Aaron Portnoy

Aaron Portnoy

Vulnerability Research Group Lead, Raytheon CSI
Aaron has worked professionally in the vulnerability research space for over a decade. He specializes in reverse engineering and exploit development and has given numerous training classes on the topics to beginners. He currently works at Raytheon where he manages a team and works... Read More →
avatar for Andre Protas

Andre Protas

Vulnerability Researcher, Raytheon CSI
Andre has worked professionally in infosec since 2005. Over his career he has been involved in most aspects of offense, fromvulnerability research to operations. He holds a few diplomas but avoids work that require them.Currently he supports Raytheon customers and happily spends all... Read More →


Thursday March 8, 2018 3:30pm - 4:30pm
Stadium
 
Friday, March 9
 

11:00am

A day in the life of a pentester
Have you ever wondered what its like to be a pentester. Are there questions you would love to be able to ask but you don't know any professional pentesters? Well here is your chance join us for a fun, lighthearted, and informative panel with some of the penetration testers from optiv's attack and pen team. We will tell stories answer questions and most of all have a good time.

Speakers
TE

Tim Elrod

Tim Elrod is a professional penetration tester with over 15 years of pentesting and security research experience.  On top of being a black hat and defcon presenter Tim has discovered multiple vulnerabilities in everything from network applications to medical hardware. 


Friday March 9, 2018 11:00am - 12:00pm
Lil Tex Auditorium

1:30pm

ELK - Not Just for Application Logging
The ELK stack (Elasticsearch, Logstash, Kibana) is an open source centralized logging stack. However, it can do so much more. Any file or event can be sent to ELK and then searched using Kibana. ELK can easily be stood up on one system in a few minutes. If you can write something to STDOUT you can send to ELK for searching and storage. If you've ever needed to show or demonstrate findings from scripts or logs ELK can easily do it. I will go through the installation and configuration of ELK and Filebeats and then show some demos on how easy it is to get events into Elasticsearch as well as searching in Kibana. ELK can be set up in a very simple and easy manner but can also be extended to enrich data in a multitude of ways. You should be able to leave with all the knowledge you need to get started with your own ELK stack and some ideas on how to use it.

Speakers
MM

Mark McLauchlin

I am a security enthusiast ever since taking an Ethical Hacking Class. I have an MS in IT from Southern Polytechnic State University in Marietta. Georgia.  I was an Atlanta OWASP Chapter Co-Lead from 2013 to 2015 before moving to Austin. I also enjoy playing with Pi's and Arduin... Read More →


Friday March 9, 2018 1:30pm - 2:30pm
Stadium