A combination of students, professionals, geeks, and tinkerers gathering to discuss Information Security, hear awesome talks, and bring security into our everyday lives. Our mission is to provide an inclusive, inspiring, and motivational environment to discuss and collaborate on information security and how it inspires, interests, and motivates you. This will be the sixth BSides in Charleston. With the eclectic businesses and people from the Lowcountry, we expect to have an outstanding event that will be fun, educational, and inspirational for all. Follow us on twitter @BSidesCHS to keep up with the latest information.
BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening.
BSides Charleston is a 501(c)3 organization that was started in 2012 and has been held in Charleston, SC. Since its existence BSides Charleston has been attracting security professionals from all over the Lowcountry area for this one day event.
College of Charleston, School of Business
Wells Fargo Auditorium - Beatty Center
5 Liberty Street
Charleston, SC 29401
Parking garages at 26 St Philip or 81 Wentworth are the best options.
$1/30min, $16 daily max.
Meters ARE checked on Saturdays,
so be prepared to feed them if you choose street parking.
Nov 10, 3:00pm - 9:00pm
-Take a complete novice or advanced Pentester and immerse them into the inner realm of 802.11
-Work to address some of the more advanced issues associated with interacting in a shared medium such as 802.11
-Discuss and demonstrate tools of the trade
-Walk away knowing how to start building your own tools using nothing more than Python and your imagination
-Monitor and inject into the spectrum
-Intro to terminals and Python
-How to effectively implement it with Python for 802.11
w/ Arash Parsa, Mika Devonshire, Alberto Tolentino
Nov 10, 4:00pm - 8:00pm
A beginner CTF event where basic penetration testing skills will be taught in order to enumerate machines, search for vulnerabilities, find and customize exploits, and finally gain the highest level of access on each machine. The only thing required is a Kali linux machine or virtual image. Pre-requisites can be found here: www.thehackerground.com/bsidescharleston
w/ Joe Gray
Nov 11, 1:00pm - 5:00pm
Have you ever spent too much time in the reconnaissance phase of a pen test because you needed better intelligence? Do you make the most efficient use of OSINT? This course aims to help you find more efficient ways to collect the information about your targets so that you can get to the fun stuff: exploitation and maximum pwnage. Here, you’ll see the correlation between OSINT and Social engineering and how to better apply it to your engagements. You'll see techniques for phishing, vishing, pretexting, impersonation, and more. Tool demonstrations will include how to make the best use of OSINT Websites and standalone tools such as Google, recon-ng, Social Engineer Toolkit (SET), and lessons learned from the winner of the DerbyCon SECTF.
Participants must bring a laptop and will receive necessary materials upon the start of the class.
Gerald Auger’s been working within the Information Technology (IT) and Security industry for ten years supporting multiple industries. He is an active CISSP, CISM, and CISA. Gerald has had the distinguished pleasure to work for Booz Allen Hamilton in the public sector, providing cyber security solutions to the DoD, the Dept. of Veterans Affairs and the National Science Foundation United States Antarctic Program. He has earned a master’s in Computer Science and a master’s in Information Assurance, which affords him the ability to analyze a problem set on a technical and engineering level, and cross-cut this analysis with security concepts and thought processes. Gerald is currently working toward a Doctorate of Science in Cyber Security from Dakota State University with a research focus in developing biomedical device risk management frameworks for small and medium-sized healthcare organizations.
Jeff is a respected Information Security expert, adviser,and evangelist. He has over 33 years of experience working in all aspects ofcomputer, network, and information security, including risk management,vulnerability analysis, compliance assessment, forensic analysis andpenetration testing. He has held security research, management and productdevelopment roles with NSA, the DoD and private-sector enterprises and was partof the first penetration testing "red team" at NSA. For the pasttwenty years, he has been a pen tester, security architect, consultant, QSA,and PCI SME, providing consulting and advisory services to many of the nation'sbest known brands.
April is a Newbie Chica in the InfoSec world. She fell into it purely on accident (she was *almost* pulled kicking and screaming), but had already developed second-hand paranoia due to her connections, so it was a natural next step. Managing to get a newbie-type of position at a Large Unnamed Company, she has begun happily delving into the lighter and darker sides of InfoSec. Sure, she might not have quite the background that most speakers have, but she definitely can provide a new twist on things and a new way of thinking about them. When she's not attending conferences and trying to solve the world's InfoSec issues, she enjoys spinning creative tales and reading.
Jason Gillam is a Principal Security Consultant with Secure Ideas. He has over 15 years of industry experience in enterprise software solutions, system architecture, and application security. Jason has spent most of his career in technical leadership roles ranging from startups to fortune 100 companies and has learned the business acumen necessary to advise everyone from developers to senior executives on security and architecture. Jason co-built and managed an award-winning ethical hacking program at one of the world's largest financial institutions. He also provided numerous application security training and awareness briefings to a large internal technical audience and led the development of best practices code and documentation for the the same. Jason is especially passionate about integration of security best practices with the SDLC. Jason holds his GIAC Web-Application Tester certification. He has spoken at several events including the Charlotte-Metro ISSA Summit, multiple BSides events, Hackfest (Canada), and the UNC Charlotte Cyber Symposium. He is also the author of several Burp extensions including CO2 and Paramalizer, and an active contributor to other open-source projects including MobiSec, SamuraiWTF, and Laudanum.
Joe Stewart and James Bettke are researchers with Dell SecureWorks, authors of multiple security papers and tools including DCEPT and PDFXpose. In addition to their day jobs performing threat research, Joe and James are also founding members of the SubProto hackerspace in Myrtle Beach.
Josh Stone and Patrick Fussell are penetration testers with PSC, working primarily in the PCI compliance space. Between the two of them, there’s over 15 years of penetration testing experience, and they get to work with some of the world’s largest service providers and merchants.
Jared Haight is a Security Engineer with Gotham Digital Science in Charlotte, NC. Before making the transition to Information Security he was a Systems Administrator for a decade where he spent most of his time writing scripts to automate everything he did so he could spend more time looking at pictures of Corgis on the Internet.
Josh Huff is a Digital Forensics Analyst for private investigation firm in Columbia, SC. He uses his knowledge of security and open source intelligence to break into a security role at Stillinger Investigations early this year. Josh currently uses his OSINT knowledge to assist the investigators with casework while handling the assorted tech landscape of personal devices and computers that come through the forensics lab. he also co-organizes for ColaSec (Columbia's local infosec meetup)
Max Harley is a freshman in college who loves security. Max worked for Soteria, a Charleston-local security firm during his senior year in high school. Security is Max's passion, so he strives to become better at it.
Every day websites with simple vulnerabilities in Content Management Systems such as Wordpress are compromised and used to host phishing and malware attacks.