If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

Stop wasting time looking for files and revisions. Connect your Gmail, Drive, Dropbox, and Slack accounts and in less than 2 minutes, Dokkio will automatically organize all your file attachments. Learn more and claim your free account. View Edit

To edit this page, request access to the workspace. Already have an account? Log in! BSidesAugusta 2014 THIS PAGE IS FROM 2014 and is NOT the current page ! The most current site is located at www.BSidesAugusta.org What is BSides ?

Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening. Sell Tickets through Eventbrite Questions? Want to volunteer? Want to sponsor? Email us at BSidesAugusta [at] gmail.com Follow us on Twitter: @BSidesAugusta Hashtag: #bsidesaugusta Campus Map: http://www.gru.edu/maps/images/summervillecampus.pdf Schedule: September 13, 2014 Track-1 (Blue Team) University Hall (UH-170) Track-2 (Red Team) Jaguar Student Activities Center (Ballroom) FALE Lock Pick Village 8:30AM - 8:45AM Intro / Welcome to BSidesAugusta (Jaguar Student Activities Center Ballroom) * ALL DAY * 9:00AM – 9:45AM Chris Sanders Defeating Cognitive Bias and Developing Analytic Technique Chris Truncer Pentester++ 10:00AM -10:45AM Chris Sistrunk ICS/SCADA Defense Tim Tomes Stored Password Security: The Adobe Guide to Keyless Decryption 11:00AM -11:45AM Mike Reeves Scaling Security Onion to the Enterprise David Dewey App Wrapping: What does that even mean

12:00PM - 1:00PM Lunch 1:00PM - 1:45PM Tim Crothers Techniques for Fast Windows Investigations Will Schroeder Adventures in Asymmetric Warfare 2:00PM - 2:45PM Chris Campbell Using Microsoft’s Incident Response Language Tim Fowler When Zombies take to the Airwaves 3:00PM - 3:45PM Jeff Murri Is that hardware in your toolkit, or are you just Jacob Williams Spying on your employees using memory 4:00PM - 4:45PM Jaguar Student Activities Center Ballroom Mark Baggett: Crazy Sexy Hacking Wrap-Up / Closing Abstracts: Chris Sanders (@chrissanders88) Defeating Cognitive Bias and Developing Analytic Technique At the center of many defensive processes is human analysis. While we spend a lot of time performing analysis, we don’t spend nearly enough time thinking about how we perform analysis. The human mind is poorly wired to deal with most complex analysis scenarios effectively. This can be attributed to the inherent complexity of solving technical issues where so many uncertainties exist, and also to the cognitive and unmotivated biases that humans unknowingly apply to their analysis. All of these things can diminish our ability to get from alert to diagnoses quickly and effectively. In this presentation, I plan to discuss the mental challenges associated with technical defensive analysis by leveraging research associated with traditional intelligence analysis. I will discuss how complexity can overwhelm analysis, how cognitive bias can negatively influence analysis, and techniques for recognizing and overcoming these limiting factors. This will include a few fun mental exercises, as well as an overview of several strategic questioning techniques including analysis of competing hypothesis, red cell analysis, and “what if” analysis. Finally, I will discuss several structured analysis techniques, including two different techniques that can be used specifically for NSM analysis: relational investigation and differential diagnosis. Chris Sistrunk (@chrissistrunk) ICS/SCADA Defense - Protecting Your DNP3 Networks Your SCADA system has a DNP3 vulnerability, now what? I shortly summarize the DNP3 vulnerabilities (and other ICS protocols too). Then I focus on the different mitigations that an ICS owner can do to mitigate these types of protocol implementation vulnerabilities even if there is no patch or patches can't be installed. Mike Reeves (@toosmooth) Scaling NSM to the Enterprise This is a presentation about how to scale NSM, specifically Security Onion to the Enterprise using OnionSalt. I will discuss the basics of NSM as well as go into detail on ways to make it work in large environments. Chris Campbell (@obscuresec) PowerShell and You: Using Microsoft’s Incident Response Language Anyone can write useful security tools in PowerShell. With just a little bit of knowledge you can automate almost anything. From advanced post-exploitation tasks to incident response tools, you can do it with PowerShell! This talk will explain why you should learn a new language and cover the basics to get you started. Tim Crothers (@Soinull) Techniques for Fast Windows Investigations A typical organization sees anywhere from scores to thousands of alerts daily. Many of those alerts are indicating a variety of problems with hosts. An all too common approach is to reimage affected systems. Unsurprisingly this is the equivalent of playing whack-a-mole. At the other end of the spectrum the host undergoes a forensics examination taking days of effort. Fortunately there is a middle ground. In this talk we'll focus on techniques to conduct quick yet effective examinations of windows hosts. In many cases we can use these methods to confirm or disprove a breach situation and determine root cause in minutes, not days. Chris Truncer (@christruncer) Pentester++ This presentation outlines my journey from a systems admin turned novice hacker, to a professional penetration tester and co-developer of the Veil-Framework. As I began to gain experience breaking a wide variety of systems, I wanted to expand beyond tool-centric based testing. I believe that the ability to not only identify the right tool for the job, but to create a solution where one doesn’t exist is an invaluable asset any penetration tester can utilize in their career. This talk will be case-study driven, and will trace the motivation and development process for the projects I’ve worked on. Being able to create your own tools is a skill that is absolutely essential if you want to progress your career to the next level, and I hope my example can spark ideas and motivate others to start their own projects. Tim Tomes (@LaNMaSteR53) Stored Password Security: The Adobe Guide to Keyless Decryption It goes without saying that Adobe has made some mistakes as a software company. Quite possibly their largest was the breach that resulted in 153 million user credentials being disclosed to the Internet. The good news is that Adobe's passwords were encrypted. The bad news is that they were encrypted poorly. The worse news is that Adobe isn't alone. Each day greets us with news of a new breach, threatening to compromise our identities. We must address this growing problem of poor stored password security.



In this talk, I am going to speak briefly about password storage techniques, popular implementations, their problems, and how to fix them, leveraging Recon-ng to demonstrate the risk associated with using each technique. I'll specifically address the fundamental flaws in Adobe's approach to password encryption and dive into the techniques I've used over the past year to crack a large percent of the Adobe passwords without access to the encryption key. Finally, I'll release a Python module I wrote to assist with cracking the encrypted Adobe passwords and use it to conduct a live password cracking demonstration. David Dewey App Wrapping: What does that even mean Many security companies today are claiming to "wrap apps" on mobile devices. In digging into the details, it seems that this means a lot of different things to a lot of different people. Depending on how it is implemented, app wrapping can be very powerful; allowing vendors to add much needed security controls to apps users already use. In other cases, the phrase "app wrapping" is being used to mean something entirely different.In this presentation, we explore the different techniques employed by various app wrapping vendors, and evaluate the pro's and con's of each. After attending this presentation, attendees will have a strong understanding of app wrapping and be armed with a battery of questions they can pose to vendors to ensure they can achieve their actual security goals. Jeff Murri (@InfoSec208) Is that hardware in your toolkit, or are you just glad you’re keeping up? Friends… The landscape is a changin’, and if you are not integrating hardware devices into your audits (or are not familiar with various hardware solutions available) then soon you will be behind the curve. For the independent or hobbyist security researcher, however, hardware auditing tools are normally out of our reach – some notable exceptions being the Hak5 pineapple and hacked boxes running OpenWRT. Being an information security researcher of very modest means (and a big cheapskate), when a tool drops below $100 I’m a pretty happy guy. When a hardware tool drops below $50.00 then I can’t wait to add it to my toolkit! Will Schroeder (@harmj0y) Adventures in Asymmetric Warfare: Fighting the AV Vendors As a co-founder and principal developer of the Veil-Framework, the speaker has spent a considerable amount of time over the past year and a half researching AV-evasion techniques. This talk will briefly cover the problem space of antivirus detection, as well as the reaction to the initial release of Veil-Evasion, a tool for generating AV-evading executables that implements much of the speaker’s research. We will trace through the evolution of the obfuscation techniques utilized by Veil-Evasion’s generation methods, culminating in the release of an entirely new payload language class, as well as the release of a new ..NET encryptor. The talk will conclude with some basic static analysis of several Veil-Evasion payload families, showing once and for all that antivirus static signature detection is dead. Tim Fowler (@roobixx) When Zombies take to the Airwaves In a post-apocalyptic world, communication is going to be crucial for the survival and zombies alike. Long range, rapid, and mobile communication is going to be a must in order to properly organize, defend and ultimately survive. So naturally wireless communication is going to be a critical infrastructure but how will it hold up? Can it be leveraged to give us the upper hand? Jacob Williams (@MalwareJake) Spying on your employees using memory

Many companies can't afford costly employee endpoint monitoring software, yet still have the need to figure out how a (potentially) rogue employee is spending his time on the job. Consider a cheaper solution for employee spying- one that makes use of native Windows services and an investigator's ninja memory analysis skills. Whether it be creating a scheduled task to send a machine to hibernate or instantiating an unsuspected memory dump, targeted employee spying can be done on the cheap. Through process enumeration, browsing history reconstruction and memory-mapped file extraction, watch as we piece together what our trusted insider was doing on their company computer, unbeknownst to his boss. Even if you don't have the need to covertly investigate a rogue employee (yet), this talk will arm you the knowledge to know what is within the realm of the possible. Even if your hat tends to be more black than white, the same techniques can be used for post-exploitation operations against your most valuable targets.

Mark Baggett (@MarkBaggett) Crazy Sexy Hacking

Just when you thought BSidesAugusta was done delivering great presentations we wrap it up with one more. The Blue Team and Red Team come together for a light-hearted humorous look at some interesting research that affects the way we attack and defend our networks. A look at application white listing, protecting private keys and back doors on mobile devices will be discussed. Join us as we wrap up the conference with this fun look at the events of 2014, conspiracy theories and things to look for in 2015. Sponsors: Diamond Sponsors Gold Sponsors Silver Sponsors Bronze Sponsors Basic Support Our In-Kind Sponsors, providing us with contest prizes, and raffle give-away's. Event Recording: Events: FALE came together around a common idea of general curiosity and persuasion of the public’s “right to know”. Formally founded in early 2010, the individuals involved in the initial organization already had a history in and love for the practice of locksport and of having a better understanding of the mechanisms we rely on so heavily to keep us secure. Beginning with four members meeting monthly, we have quickly progressed to bi-monthly meetings. We talk locks, picks, general security and a smattering of other topics when meeting, all towards the end of a better knowledge of and ability to communicate the effectiveness (or lack thereof) of so many security measures in place in current society. We hope that through these conversations and our efforts publicly we will help to educate the larger community on the proper use and understanding of locks and security measures encountered daily.



FALE will be hosting a Lockpick Village where folks can come by to talk about physical security, learn to pick locks or talk about advanced picking techniques and tips. Plenty of locks and spare picks to play with, so be sure to stop by! Organizers: Doug Burks | @dougburks

Mark Baggett | @markbaggett

Lawrence Abrams | @vpnpoker

Mike McDargh | @mmcdargh

Phil Plantamura | @philplantamura

Joanne Sexton

Ron Martin Volunteers: BSidesAugusta 2014 Tip: To turn text into a link, highlight the text, then click on a page or file from the list above. Printable version