BSides 2024 - Friday, July 12, 2024 at Virginia Western Community College

BSides Roanoke Logo

BSides Roanoke 2024 will be held at Virginia Western Community College on Friday, July 12, 2024 in the Whitman Theater located in the Hall Family Business/Science Building.

Tickets are available for purchase now!

Introduction

Join us for an exciting lineup of security talks & demos featuring regional IT/security experts and thought leaders — all deep diving into various cybersecurity topics that are currently shaping our ever-changing cybersecurity landscape. From Randy Marchany’s keynote on the enduring nature of IT-evolution to Logan Diomedi’s talk on how Microsoft’s SCCM can be turned and used against you, to talks on the Flipper-zero/RF signal hacking, and social engineering deception tactics. Learn how blackhat attackers are currently attempting to gain access to your networks and systems, and how to fortify your defenses against them. Other talks include Jupyter anomaly detection, the dangers of Linux/eBPF, next-level password cracking, infrastructure encryption strategies, and much more. We even have a live Capture the Flag with RF badge challenges and Zeek network vulnerability analysis with awards and prizes! We even have all day coffee and lunch provided. Don’t miss out on this opportunity to expand your knowledge and network with other IT-Security peers and vendors!

Agenda

The agenda is not yet set, but it does include:

Speakers and Talks

Randy Marchany

Randy is the Chief Information Security Officer of Virginia Tech and the Director of Virginia Tech’s IT Security Laboratory and has 25 years experience as a systems administrator, IT auditor, and security specialist. He is a co-author of the original SANS Top 10 Internet Threats, the SANS Top 20 Internet Threats, the SANS Consensus Roadmap for Defeating DDoS Attacks, and the SANS Incident Response: Step-by-Step guides. Randy is currently a senior instructor for the SANS Institute and has taught a wide variety of courses over the years. Currently, he can be found teaching SEC566: Implementing and Auditing the Critical Security Controls on a regular basis.

Talk: The More It Changes, the More It Stays the Same

Abstract:

The infosec industry hasn’t done very much to eliminate the root causes of cyber attacks. This talk reviews the types of cyber attacks seen over the past 30 years and how the same vectors that worked back then are still effective in 2024. Cybersecurity is multi-billion dollar industry. Why haven’t we been able to mitigate the root causes of cyber attacks? We’ll end with a few suggestions for addressing some of these root causes.

Kai Iyer

Kai is a Senior Security Engineer at EY’s Cyber Threat Management team and manages Security Engineering and Applied Machine Learning Research. He holds multiple certifications and has extensive knowledge in various domains, including Web-App Development, Data Science, Incident Response, DevSecOps and Purple Teaming. He is also an advocate for open source software and data privacy. He dreams of a world where no one clicks on phishing e-mails.

Talk: Trailblazing through Data: A Jupyter Anomaly Quest

Abstract:

The talk will introduce ready-to-use Jupyter Notebooks for large-scale threat hunting in production environment. Rather than looking at terabytes of data in a traditional tabular format, we will explore the effectiveness of visualizations, emphasizing graphs, to identify and investigate outliers. The primary area of focus would be Anomaly Detection applied to substantial volume of data to generate Alerts for SOC based on Windows Sysmon Endpoint Logs and Zeek/Suricata Netflow Logs.

Justin Varner

Justin Varner is a seasoned and passionate security professional with over 18 years of experience in the industry across a variety of security domains and disciplines.

His career started as a cryptographer at NASA where he spent time redesigning the cryptographic messaging system used to communicate from the mission control center to the International Space Station. During a focused and driven career, he has had the opportunity to work across a multitude of different industries in various roles that have ranged from security architecture to offensive security to DevSecOps and everything in between.

His most recent endeavors have been focused on helping others improve their ability to rapidly detect breaches and generally bolster their overall security posture with simple and pragmatic means and methods.

Justin embraces any opportunity to teach fundamental security concepts to those who need help but have no idea where to look, and he prides himself on being able to break down and articulate complex topics in a fun, interesting, and engaging manner that appeals to people from all backgrounds.

Talk: Deception inception is met with hilarious reception

Abstract:

Breaches continue happening at unprecedented levels with huge financial impact to the global economy year after year.

Our traditional approach to breach detection that is focused on triaging alerts generated by massive amounts of data from disparate sources is not working. Adversaries know this fact and regularly benefit from it.

The average breach goes unnoticed for 212 days. That’s an ample amount of time for anyone to surreptitiously run off with the crown jewels and inflict significant damage with ramifications that include consumer privacy violations, loss of trust, steep financial penalties, and irreversible reputational damage.

We need a new approach if we’re ever going to stop the madness. Hackers also deserve a better opponent.

This talk discusses a different way of thinking about breach detection that is intended to reduce the number of false positives, improve alert fidelity, reduce time-to-detection, and prevent the massive level of burnout affecting our industry.

We will cover the history of breach detection, the current state of affairs, the paradigm shift to new ways of thinking about the problem, practical examples of how to deploy effective breach detection technology, and the results of a red team campaign against a heavily layered network of deception inception.

Charlene Deaver-Vazquez

Charlene has over 35 years of experience in network design and security. She is a Security Specialist at the Nuclear Regulatory Commission where she performs agency-wide cybersecurity risk analyses and risk quantification. She is also an Adjunct Professor teaching Cybersecurity Risk Quantification at Boise State University’s Cyber Resilience and Operations Program (CORe). The BSU CORe program was recently named one of the top 10 cyber programs in the US by FORBES Magazine.

Talk: Cyber Risk Quantification – Pitfalls and Fixes

Abstract:

Want to know which attack your organization is most likely to experience? This crash course in risk quantification will open your eyes to the fast path of forecasting. Fully functional models and training materials available FREE.

Logan Diomedi

Logan Diomedi is a lifelong information security professional who works as a Senior Offensive Security Consultant at Depth Security. At Depth, he performs enterprise penetration tests from everything including small businesses, all the way up to fortune 200 sized networks. He’s a Roanoke native who graduated from Hidden Valley High School and has a background in many IT facets beyond just information security. He’s been attending RISE and sometimes RBTC events for the last 5 years and loves to compete in CTFs.

Talk: Taking over Enterprise Networks via Microsoft SCCM

Abstract:

This presentation should be a gold mine for both attackers and defenders. Defenders will learn how to mitigate trivial privilege escalation paths in their enterprise networks and attackers will add new tricks up their sleeves for penetration tests.

Brandon Lester

Brandon has a wide range of experience, including ham radio, hardware hacking, and penetration testing.

Talk: Beyond the Flipper - A guide to basic wireless communication protocols

Abstract:

This talk will explore the basic concepts relating to wireless protocols used by consumer devices, how to decode, fuzz, and repeat commands, and a comparison between the Flipper Zero and other open-source hardware/software solutions.

David Mitchell (digish0)

David Mitchell, aka digish0, started his hacking career as a script kiddie running 7th Sphere in mIRC in high school. Later falling in with some Linux/RedHat nerds at a local 2600 group at college while studying CS, etc. He got into Linux, started an IT career, later rediscovering his hacking script kiddie roots when a local hacker space opened up and shared members with a lockpicking group that worked in infosec as penetration testers, etc where he discovered he could get paid to do the things he liked doing in high school/college. He now works professionally as a red team member and cyber security researcher at a large financial institution. You can catch him attending and speaking at many conferences like CackalackyCon and BSides, DefCon.The rest of the time he spends being a dad/husband, trying not to get injured in Muay Thai/BJJ or mountain biking, and listening to either very expensive or very cheap vinyl.

Talk: eBPF: The Double-Edged Sword of Linux Security and Malware

Abstract:

“Extended Berkeley Packet Filter (eBPF) has emerged as a powerful tool in the Linux kernel, enabling developers to write custom programs that can be loaded into the kernel at runtime. While eBPF offers tremendous potential for enhancing system performance, monitoring, and security, it also presents a significant risk when misused for malicious purposes.

In this talk, we will explore the dual nature of eBPF and its implications for Linux security and malware development. We’ll begin by discussing the legitimate uses of eBPF, such as creating efficient network filters, tracing and profiling applications, and implementing security policies at the kernel level. We’ll examine real-world examples of how eBPF is being leveraged to enhance system visibility, detect threats, and enforce access controls.

However, we’ll also delve into the darker side of eBPF and its potential for abuse. We’ll demonstrate how attackers can exploit eBPF to develop sophisticated rootkits that operate at the kernel level, making them extremely difficult to detect and remove. We’ll analyze the techniques used to inject malicious eBPF programs into the kernel, hijack system calls, and establish persistence on compromised systems.

Furthermore, we’ll discuss the challenges and limitations of traditional security solutions when faced with eBPF-based malware. We’ll highlight the need for advanced detection mechanisms and the importance of monitoring eBPF programs loaded into the kernel.

Throughout the talk, we’ll provide practical examples, live demonstrations, and code snippets to illustrate the concepts discussed. We’ll also explore potential mitigations and best practices for securing systems against eBPF-based threats.

Attendees will gain a deep understanding of eBPF’s role in Linux security and malware development. They’ll learn how to leverage eBPF for legitimate purposes while also being aware of its potential for abuse. We’ll empower attendees with the knowledge and tools necessary to detect, analyze, and defend against eBPF-based malware.

Whether you’re a security researcher, system administrator, or malware analyst, this talk will provide valuable insights into the complex landscape of eBPF and its implications for Linux security. Join us as we explore the double-edged sword of eBPF and arm ourselves with the knowledge to wield it responsibly.”

James “Jimmy” Ririe

James “Jimmy” Ririe is a recent graduate from Radford University with degrees in cybersecurity and computer science. He was president of Radford’s cybersecurity club and leader of its CTF team.

Talk: Leveling Up Password Cracking

Abstract:

In this session I’ll show you how I turned Radford University’s Esports Center into a password-cracking supercomputer. I’ll also tell you what I learned about password security, better ways to handle authentication, and tips for choosing and storing passwords if you must use them.

Matt Moen

Matt has been involved with all things Security, Open Source and Linux since before they were cool. He’s worked with everything from Fortune 100’s and Wall Street Fintech firms to a tropical fish wholesaler. When not working tech, hiking or bicycling, he enjoys geeking out with symphonies, prog rock, jazz, bluegrass and whatever else tickles his melodic, harmonic and rhythmic fancy, because it don’t mean a thing if it ain’t got that certain je ne sais quoi. Matt holds CISSP & CISA certifications and is currently serving as the Vice-President of the Austin chapter of the Information Systems Security Association.

Talk: Encrypting Your Infrastructure Without Getting Fired

Abstract:

As we push things like Kubernetes clusters to edge installations for reduced latency and increased availability, how protected are they against crowbar theft? Encrypting their disks reduces these risks, but then you discover corner cases in production where your servers aren’t automatically decrypting, and you’ve effectively DoSed yourself. Oops. We’ll explore an alternative with network-based decryption without escrow or proprietary hardware using the Open Source Linux tools Tang and Clevis.

Ryan O’Donnell

Ryan O’Donnell is a Red Team Operator at Altus Consulting. Over the last 12+ years, Ryan has been performing Penetration Tests, Red Team assessments, and Incident Response investigations. Ryan has conducted workshops at Hack Space Con and Bsides Nova. Ryan has a Masters in Computer Forensics from GMU and the following Certifications: OSCP, OSEP, CRTO, GREM, GCFE, GCIH, CRTO.

Talk: Modifying Impacket for Better OpSec

Abstract:

“Operational security (OpSec) is a cornerstone in red teaming, necessitating continuous refinement of tools and techniques to avoid detection. This workshop is designed for penetration testers, aspiring red teamers, and individuals seeking to enhance their offensive capabilities. It focuses on customizing the Impacket toolset to improve OpSec during engagements.

Impacket tools such as wmiexec, smbexec, and secretsdump are staples in the toolkit of any red teamer due to their versatility and flexibility in Windows environments. However, their detectability has increased as defensive measures have become more sophisticated. This session proposes modifications to these tools to avoid default IOCs and detections.

Participants will explore various customization strategies, including changing default settings, altering network signatures, and integrating stealthier execution methods. Practical exercises will guide attendees through the process of modifying the Impacket scripts, demonstrating how these changes can significantly enhance operational security in simulated environments.

Attendees will gain hands-on experience modifying the Impacket tool set to remove common IOCs. The workshop aims to foster a deeper understanding of both the tools and the underlying network protocols, enabling participants to tailor their approaches to specific operational contexts and defensive landscapes. “

Hristo Asenov

Hristo Asenov has about ten years of professional experience, working in both military, academic and private sectors. He completed graduate studies at University of Delaware.

Talk: Analyzing android APKs using static and dynamic analysis

Abstract:

This talk will look at modern tools that are currently being used to analyze android APKs. We will dive into smali, explain what it is, and look at tools to help with static application analysis. We will also look at dynamic analysis tools such as frida, and talk about how to make an app debuggable via JDB.

Countdown Timer

Sponsors and Partners

BSides Roanoke would like to thank the following institutions for their support in making this event a reality.

VWCC Logo


MAKE Roanoke Logo


Roanoke Infosec Logo


CDW


Cribl


Monoc Securities


Proofpoint


Posts

  • BSides Roanoke 2024 CFP Announcement

    Calling all Roanoke Valley cybersecurity wizards, infosec enthusiasts, and hacking heroes! Are you bursting with insights you’re eager to share? Do you have a burning desire to educate, inspire, and ignite the local security scene? Then gear up, because BSides Roanoke 2024 wants YOU!

  • BSides Roanoke 2023 CFP Closure!

    BSides Roanoke 2023 CFP is now closed

  • BSides Roanoke 2023 CFP Announcement

    Do you have an interesting security project that you’d like to share with the community? Maybe it’s that new insight you gathered during a recent exercise? If so, then please consider speaking at BSides Roanoke 2023!

subscribe via RSS