BSides CHARLESTON: November 9–10, 2018

BSides CHARLESTON

THANK YOU to our 2018 speakers, sponsors, volunteers, helpers, contributors, and attendees!

BSides Workshops
When: Friday, November 9, 2018
  • "Container Hacking - An Escape Story"
  • "Bro: The IDS that should have had a new name by now"
  • "Powering up on PowerShell!"
Where: Beatty Center - College of Charleston School of Business

Register for Workshops

BSides Charleston Main Event
When: Saturday, November 10, 2018
9:00am–6:00pm (Check-In Starts @ 8:30am)
Where: Wells Fargo Auditorium - College of Charleston
Cost: FREE (as always!)

BSides Tickets Schedule

A combination of students, professionals, geeks, and tinkerers gathering to discuss Information Security, hear awesome talks, and bring security into our everyday lives. Our mission is to provide an inclusive, inspiring, and motivational environment to discuss and collaborate on information security and how it inspires, interests, and motivates you. This will be the sixth BSides in Charleston. With the eclectic businesses and people from the Lowcountry, we expect to have an outstanding event that will be fun, educational, and inspirational for all. Follow us on twitter @BSidesCHS to keep up with the latest information.

What is BSides?

BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening.

BSides CHS History

BSides Charleston is a 501(c)3 organization that was started in 2012 and has been held in Charleston, SC. Since its existence BSides Charleston has been attracting security professionals from all over the Lowcountry area for this one day event.

Get Involved! - Sponsor BSides CHS

Learn about BSides Charleston Sponsorship opportunities!

Download a Sponsorship Kit

  • Venue

    College of Charleston, School of Business
    Wells Fargo Auditorium - Beatty Center
    5 Liberty Street
    Charleston, SC 29401

    Parking garages at 26 St Philip or 81 Wentworth are the best options.
    $1/30min, $16 daily max.

    Meters ARE checked on Saturdays,
    so be prepared to feed them if you choose street parking.

BSides Charleston 2018SCHEDULE

Nov 10, 3 pm

Nov 9 - WORKSHOP: "Container Hacking - An Escape Story" ‏

w/ Cory

Nov 9, 5:00pm - 9:00pm

Overview:
Hacking containers. Fingerprinting, information disclosure, escape techniques, and maybe some pitfalls to avoid when setting them up. Oh, and it's got lots of hands on stuff!


Nov 9 - 6 pm

NOV 9 - WORKSHOP: "Bro: The IDS that should have had a new name by now"‏

w/ Andrew Beard

Nov 9, 6:00pm - 9:00pm

Overview:
Bro is gaining a significant amount of buzz in the community, but for those interested it can be difficult to figure out where to start.
The workshop will contain multiple labs where students will analyze and process packet captures using Bro in a virtualized environment. Bringing a laptop with VMware Workstation or Fusion (free trial is fine) is highly recommended, as an OVA of the environment will be available for students to use. A Docker image will also be made available for those optimistic enough to depend on the conference wifi.


Nov 10, 10 am

NOV 10 - WORKSHOP: "Powering up on PowerShell!" ‏

w/ Fernando Tomlinson

Nov 10, 10:00am - 12:00pm

Overview:
As a cybersecurity professional, learning a new programming/scripting language can be a daunting task and finding suitable training could be just as difficult. Available training either focuses too much on the programming/scripting aspect, not enough on using it from a cybersecurity vantage point or not enough hands-on immersion of Microsoft PowerShell in a Windows environment. Why PowerShell? Well, it's one of the most versatile languages today whether it's from system administration or attacker reconnaissance, escalation, exfiltration, or lateral movement. This training looks to scratch the surface on the usage of the language. In addition, we will explore avenues to improve or hone your skills with realistic blue and red team scenarios in a game format with hands-on immersion.


Registration: 8:30 AM
Keynote and BSides Talks: 9 AM - 6 PM
CTF & LockPick Village: 10 AM - 6 PM
Wrap-up, Awards, Raffles: 6 PM
After Party: 7 PM

 

Sponsors SPECIAL THANKS

 

 FORT DEFENDER

Check Point 

 PALMETTO GUARD

Presido          
      


CHUCKTOWN CALVARY 

                                     Secure Works     

 

 

  FOLLY FRIENDS

               

BATTERY BOOSTERS 

                     

       Mynt

EDUCATIONAL PARTNERS 

              

BECOME A SPONSOR

BSIDES CharlestonARCHIVES

Gerald Auger - Black Box FISMA-based SCA of Public Cloud (IaaS) Providers

@Gerald_Auger

Gerald Auger’s been working within the Information Technology (IT) and Security industry for ten years supporting multiple industries. He is an active CISSP, CISM, and CISA. Gerald has had the distinguished pleasure to work for Booz Allen Hamilton in the public sector, providing cyber security solutions to the DoD, the Dept. of Veterans Affairs and the National Science Foundation United States Antarctic Program. He has earned a master’s in Computer Science and a master’s in Information Assurance, which affords him the ability to analyze a problem set on a technical and engineering level, and cross-cut this analysis with security concepts and thought processes. Gerald is currently working toward a Doctorate of Science in Cyber Security from Dakota State University with a research focus in developing biomedical device risk management frameworks for small and medium-sized healthcare organizations.

Jeff Man - Do We Still Need Pen Testing?

@MrJeffMan

Jeff is a respected Information Security expert, adviser,and evangelist. He has over 33 years of experience working in all aspects ofcomputer, network, and information security, including risk management,vulnerability analysis, compliance assessment, forensic analysis andpenetration testing. He has held security research, management and productdevelopment roles with NSA, the DoD and private-sector enterprises and was partof the first penetration testing "red team" at NSA. For the pasttwenty years, he has been a pen tester, security architect, consultant, QSA,and PCI SME, providing consulting and advisory services to many of the nation'sbest known brands.

April M Jones - OMNOMNOM: A Newbie Chick’s Take on InfoSec

April is a Newbie Chica in the InfoSec world. She fell into it purely on accident (she was *almost* pulled kicking and screaming), but had already developed second-hand paranoia due to her connections, so it was a natural next step. Managing to get a newbie-type of position at a Large Unnamed Company, she has begun happily delving into the lighter and darker sides of InfoSec. Sure, she might not have quite the background that most speakers have, but she definitely can provide a new twist on things and a new way of thinking about them. When she's not attending conferences and trying to solve the world's InfoSec issues, she enjoys spinning creative tales and reading.

Jason Gillam - The Hacker Evolution: What have we become?

Jason Gillam is a Principal Security Consultant with Secure Ideas. He has over 15 years of industry experience in enterprise software solutions, system architecture, and application security. Jason has spent most of his career in technical leadership roles ranging from startups to fortune 100 companies and has learned the business acumen necessary to advise everyone from developers to senior executives on security and architecture. Jason co-built and managed an award-winning ethical hacking program at one of the world's largest financial institutions. He also provided numerous application security training and awareness briefings to a large internal technical audience and led the development of best practices code and documentation for the the same. Jason is especially passionate about integration of security best practices with the SDLC. Jason holds his GIAC Web-Application Tester certification. He has spoken at several events including the Charlotte-Metro ISSA Summit, multiple BSides events, Hackfest (Canada), and the UNC Charlotte Cyber Symposium. He is also the author of several Burp extensions including CO2 and Paramalizer, and an active contributor to other open-source projects including MobiSec, SamuraiWTF, and Laudanum.

Joe Stewart and James Bettke - Wire Wire - The African Persistent Threat

Joe Stewart and James Bettke are researchers with Dell SecureWorks, authors of multiple security papers and tools including DCEPT and PDFXpose. In addition to their day jobs performing threat research, Joe and James are also founding members of the SubProto hackerspace in Myrtle Beach.

Patrick Fussell and Josh Stone - Hunting High-Value Targets in Corporate Networks

Josh Stone and Patrick Fussell are penetration testers with PSC, working primarily in the PCI compliance space. Between the two of them, there’s over 15 years of penetration testing experience, and they get to work with some of the world’s largest service providers and merchants.

Jared Haight - Adding PowerShell to your Arsenal with PS>Attack

Jared Haight is a Security Engineer with Gotham Digital Science in Charlotte, NC. Before making the transition to Information Security he was a Systems Administrator for a decade where he spent most of his time writing scripts to automate everything he did so he could spend more time looking at pictures of Corgis on the Internet.

Josh Huff - What I learned being an OSINT creeper

Josh Huff is a Digital Forensics Analyst for private investigation firm in Columbia, SC. He uses his knowledge of security and open source intelligence to break into a security role at Stillinger Investigations early this year. Josh currently uses his OSINT knowledge to assist the investigators with casework while handling the assorted tech landscape of personal devices and computers that come through the forensics lab. he also co-organizes for ColaSec (Columbia's local infosec meetup)

Max Harley - Shellcoding basics

Max Harley is a freshman in college who loves security. Max worked for Soteria, a Charleston-local security firm during his senior year in high school. Security is Max's passion, so he strives to become better at it.

(Keynote Speaker) Security Circus - Kevin Johnson

(Keynote Speaker) Security Circus - Kevin Johnson

Software Vulnerability Discovery and Exploitation during Red Team Assessments - Ryan Wincey

Software Vulnerability Discovery and Exploitation during Red Team Assessments - Ryan Wincey

You spent $20,000 so that my throw away email can have full recon on your internal network? - Chris O'Rourke

You spent $20,000 so that my throw away email can have full recon on your internal network? - Chris O'Rourke

Get-Help: An intro to Powershell and how to use it for evil - Jared Height

Get-Help: An intro to Powershell and how to use it for evil - Jared Height

How to pen test off the grid.. and in the middle of the Pacific - Dave Keene

How to pen test off the grid.. and in the middle of the Pacific - Dave Keene

(Keynote Speaker) InfoSec(Cyber Security) We're Doing It Wrong - Bill Gardner

(Keynote Speaker) InfoSec(Cyber Security) We're Doing It Wrong - Bill Gardner

Internet of Things Hacking - Jason Davison

Internet of Things Hacking - Jason Davison

The State of Information Security Today - Jeff Man

The State of Information Security Today - Jeff Man

Hacking Web Apps - Brent White and Tim Roberts

Hacking Web Apps - Brent White and Tim Roberts

Building BURP Extentions - Jason Gillam

Building BURP Extentions - Jason Gillam

Going Nuclear: Exploiting Mass Emergency Notification Systems - Evan Davison

Going Nuclear: Exploiting Mass Emergency Notification Systems - Evan Davison

FAIL-in-Depth - Marcus J. Carey

FAIL-in-Depth - Marcus J. Carey

diff -q 3rdpartyassessments internalteams | grep qualified assessments - Kelly O'Donnell

diff -q 3rdpartyassessments internalteams | grep qualified assessments - Kelly O'Donnell

Router Fail - John Garrett

Router Fail - John Garrett

(Keynote Speaker) Hacking Culture - Jayson E. Street

(Keynote Speaker) Hacking Culture - Jayson E. Street

Ballin on a Budget - Andrew Morris

Ballin on a Budget - Andrew Morris

Allow myself to encrypt…myself! - Evan Davison

Allow myself to encrypt…myself! - Evan Davison

WUDS You Say SmartAssPhone? - Frank Catucci

WUDS You Say SmartAssPhone? - Frank Catucci

(Keynote Speaker) Dont Be A Tool - KizzMyAnthia

(Keynote Speaker) Dont Be A Tool - KizzMyAnthia

Holistic Operational Security - David Zendzian

Holistic Operational Security - David Zendzian


Building an Open Source Threat Intelligence Program - Edward McCabe

Building an Open Source Threat Intelligence Program - Edward McCabe

Operation Arachnophobia: Don’t Get Caught in the Web - Rich Barger

Operation Arachnophobia: Don’t Get Caught in the Web - Rich Barger

Just Apply the Patch: A tale of Struts 2, broken CVSS scores and IDS evasion - Robert Wessen

Just Apply the Patch: A tale of Struts 2, broken CVSS scores and IDS evasion - Robert Wessen

Passive Recon: Let's Get Creepy! - Gabele Blanc and Philip Hartlieb

Passive Recon: Let's Get Creepy! - Gabele Blanc and Philip Hartlieb

JAVA Shellcode Execution - Ryan Wincey

JAVA Shellcode Execution - Ryan Wincey

Waging war on an entire city - Andrew Morris


Fantasy Defense In-depth - Evan D.


Social Insecurity - Frank Catucci

Social Insecurity - Frank Catucci

Free phish and malware hosting for life! - Paul Burbage & Dustin Weathers

Every day websites with simple vulnerabilities in Content Management Systems such as Wordpress are compromised and used to host phishing and malware attacks.


Using MLP to classify Encrytped Network Traffic - Micheal Reski


BYOD Party Crashers: How to Protect Against Unauthorized Mobile Access - Brent Morris


Fuzzing With Peach - Thomas Macklin