If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

Stop wasting time looking for files and revisions. Connect your Gmail, Drive, Dropbox, and Slack accounts and in less than 2 minutes, Dokkio will automatically organize all your file attachments. Learn more and claim your free account. View Edit

To edit this page, request access to the workspace. Already have an account? Log in! BSidesCT2014 BSides Connecticut is an exciting day long information security conference hosted at Quinnipiac University's beautiful York Hill campus. The campus sits adjacent to the picturesque peaks of Sleeping Giant Mountain in Hamden, Connecticut, which is just 90 minutes from New York City, two hours from Boston, and just eight miles north of New Haven. With this ideal venue for collaborative presentations, sharing of information and ideas, BSides Connecticut will help establish a much-needed link between information security professionals and the Connecticut technology community. Date: Saturday, June 14th, 2014 Time: 9am-5pm Where: Quinnipiac University - York Hill Campus / Rocky Top Student Center 305 Sherman Ave, Hamden, CT 06518 Directions Click to Register!! Invite your friends by posting this on Twitter: "#BSidesCT June 14, 2014: Registration is open! https://www.eventbrite.com/e/security-bsides-ct-2014-tickets-11641753799" Follow us on Twitter @BSidesCT for updated information! Sponsors: Sponsorship is open, please review our various packages: Bsides sponsorship NESIT .pdf Event Sponsors: Please contact [email protected] if interested in sponsoring!





Schedule: Time Start Track 1 Other Activities 9:00 AM Registration



10:00 AM

Opening Remarks CTF Opens 10:15 AM

Keynote - Michael Davis

11:10 AM

Quinn Shamblin Lighting talks - first come first serve? 12:00 PM Working Lunch Hacker Games - Peter Vogt

12:35 PM

Mordecai

1:25 PM

TBA

2:15 PM

Grecs

3:05 PM

Alvin Fong

3:55 PM

Krypt3ia CTF Closes 4:45 PM

Honey

5:30 PM

CTF Results and Closing Remarks

Talks: The Actual schedule will be posted soon. Alvin Fong Pen-testing, honey-potting, and exploiting your way to a better defense In this talk, I will discuss TTPs (Tools, Tactics, and Procedures) we used supporting the defense and intelligence community and how well they apply in the Healthcare space, or could apply to your corporate environment. The framework we used was "Kill-Chain analysis" for detecting advanced and insider threats. I will talk about the security infrastructure, organization, and skills needed to find actual intruders in your network during the Recon - Weaponize - Deliver - Exploit - Control - Execute - and Maintain phases of the Kill-Chain. A portion of the talk will be dedicated to discussing our use of honey pots to gain intelligence on adversary TTPs to create more effective intrusion indicators. Topics covered span everything from IDS/IPS, Security Monitoring, Malware analysis, Threat Intelligence sharing, endpoint security/AV to Counter-intelligence and deception. Krypt3ia The Psych of Sec How the design and evolution of the brain wires us to respond to information security in odd ways that do not necessarily promote our agendas as security professionals. This talk will cover Psyhcology, Biology, Anthropology, and Sociology that affect and effect Information Security as well as hacking. Simply put; "We are the reason we can't have nice things" Michael Davis Using Hackers' Own Methods & Tools to Defeat Persistent Adversaries In today’s world of advanced cyber threats, security professionals need to implement new methods and strategies to gain the upper hand in protecting their business. Thinking like an attacker isn't really good enough. However, incorporating hacker methodologies & tools will give security teams the situational awareness and intelligence needed to respond quickly to new & previously unknown threats. The security industry is changing. For some, it’s a good thing, and for others, they're watching their antiquated ways of failing to prevent exploits become irrelevant for smart security teams. Why? For starters, attackers are eating traditional technologies for breakfast. Hackers are more sophisticated, and already have volumes of intel on you and your company, including the technologies deployed to defend your infrastructure. Second, it’s becoming increasingly more difficult to simply rely on ‘building a bigger wall,’ because you cannot defend against persistency. A fundamentally different security mindset is needed to address well-organized, well-funded, and sophisticated attackers who focus squarely on circumventing your defenses. This includes using attacker technology and tools against the attackers, incorporating the same stealth techniques that attackers use into your defenses, leveraging forensics at the point of attack to understand what you are dealing with, and using analytics to understand attacker behavior to draw conclusions on specific areas of your systems that require attention. Mordecai Kraushar Bad Web Apps are good! The presentation will include a demonstration of some of the realistic, vulnerable web applications within the Open Web Application Security Project (OWASP) Broken Web Application (BWA) project, including applications written in PERL, PHP and Rails. The presentation will demonstrate the many benefits of such vulnerable applications including: Testing web application scanners (people)

Testing web application scanners (products)

Testing source code analysis tools

Examining code that allows the vulnerabilitie

Testing web application firewalls Quinn Shamblin Cyber Attack Incident Response, from you to Obama This talk will show the DHS incident response process from the CISO of a given company or institution, all the way up to the President of the United States. What is the role of the ISACs and NCCIC? (What does that even stand for?) Who else is involved and how they all work together. Salvador Grec Think Different - A Jobsonian Look at Information Security In the day-to-day drudgery of attempting to engineer secure systems or defend them, we blindly apply time tested security practices to solve the issues we come up against. All too often however we become complacent … and even sometimes lazy ... in how we do things. We accept the way things are done because that's they way they have always been done. But did we ever stop to consider why we do those things we are doing? And are they even relevant anymore? This talk examines the psychology of why we tend to stagnate as a human race, provides examples from other fields where others have successfully innovated with unique approaches, and presents several information security practices we need to toss aside along with their proposed alternatives. Honey Hacking on the Block: Wall St. 2.0 This talk will discuss techniques on how to profit from hacking legally/illegally via stock market trading.Updated for 2014, covering shit that happened since 2010. Events: Capture the flag: Capture the most flags in our challenges for your chance to win a Penetration Testing with Kali Linux voucher from http://offensive-security.com ! Organizers: Will Genovese Mike Dews William Reyor Patrick Tassos Jim Peeler Andrew Peterson Brian Kelly Mike Ruotolo Roman Simanovich Alvin Fong Visitors since 5/4/2014 BSidesCT2014 Tip: To turn text into a link, highlight the text, then click on a page or file from the list above. Printable version