Loading…
BSidesSLC has ended

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Thursday, February 21
 

9:30am PST

Registration Opens @ 9:30am
Thursday February 21, 2019 9:30am - 10:00am PST
Registration Desk

10:00am PST

Ham Radio Technician Study Session
Come study and have your questions answered as you prepare to take the FCC amateur radio Technician exam.  Open session with instructors to help you prepare for the exam.

Speakers

Thursday February 21, 2019 10:00am - 2:00pm PST
Lone Peak

10:00am PST

Basic Memory Corruption: Introduction to Stack-based Exploitation
This is a course on basic stack-based exploitation. We’ll begin with a review of how memory management works within an IA32 architecture, before diving headfirst into classic attacks such as buffer overflows, format string exploits, and DTOR/GOT overwrites. We’ll also learn how to write shellcode and bypass non-executable stacks using return-to-libc attacks. Finally, we’ll go over some basic mitigations to the techniques we’ve learned. This is meant to be a foundational course that can serve as jumping off point for students wishing to learn more advanced topics such as ROP chains, heap sprays, use after free, and defeating ASLR. Students should each bring a laptop equipped with VMWare or VirtualBox and provisioned with at least 25GB of disk space and 8GB of memory. Prior exposure to C programming, assembly, and basic memory management concepts are highly recommended in order to benefit from this course.

Speakers
avatar for Gabriel Ryan

Gabriel Ryan

Gabriel Ryan is a researcher and security consultant with a passion for wireless and infrastructure testing. He currently serves as a Principal Consultant for Mandiant, a FireEye company, supporting their Red Team practice in Denver.Some of Gabriel’s most recent work includes the... Read More →


Thursday February 21, 2019 10:00am - 6:00pm PST
Sego Lilly D

10:00am PST

BSidesSLC Crypto Puzzler
Come join us and play the BSides 2019 Crypto Puzzler, a quest-driven web-based game that both trains you for and challenges you with cryptography puzzles. Select from multiple character classes, earn gold to buy health and mana potions, and participate in a series of quests as you level up your code breaking skills. There are optional training quests that teach you the cryptographic concepts you'll need, and you can even use mana to get hints along the way.

Speakers
avatar for Jeremy Pruitt

Jeremy Pruitt

Jeremy has been passionate about infosec since long before he attended his first security conference at Defcon 8. He spent the past 10+ years leading teams focused on emerging technologies and infrastructure automation and currently leads the team at Tesla responsible for container... Read More →


Thursday February 21, 2019 10:00am - 6:00pm PST
Sego Lily B

10:00am PST

HackQuest: CTF Crash Course
Quickly becoming an industry staple, CTF events can now be found at any major event and reward those with a multi-faceted skill set. Their popularity is no accident: the same skills and approaches to problem-solving that predict a participant's success, are often critical for a successful career in information security. In this course attendees will: (1) Audit Source Code, Binaries, & Web Applications for Vulnerabilities, (2) Dive into the building blocks for developing working exploits for these vulnerabilities (3) Understand how to quickly triage files for forensics artifacts & break weak crypto, and (4) Test your skills under pressure, competing against other students in live challenges! Take your fundamentals from zero-to-hero in this hands-on bootcamp, and prepare yourself to dominate the BSides CTF!

Speakers
avatar for Kevin Lustic

Kevin Lustic

Kevin is an Information Security researcher in Utah, leading the Adobe Red Team in performing offensive security testing against Adobe's Digital Experience SaaS offerings. Prior to joining Adobe, Kevin spent five years in the Intelligence Community as a global network vulnerability... Read More →


Thursday February 21, 2019 10:00am - 6:00pm PST
Sego Lily C

10:00am PST

Malware Traffic Analysis
This workshop provides a foundation for investigating packet captures (pcaps) of malicious network traffic. The workshop begins with basic investigation concepts, setting up Wireshark, and identifying hosts and users in network traffic. Participants then learn characteristics of malware infections and other suspicious network traffic. The workshop covers techniques to assess the root cause of an infection and determine false positive alerts. This training concludes with an evaluation designed to give participants experience in writing an incident report.

Speakers
avatar for Brad Duncan

Brad Duncan

Based in Texas, Brad Duncan specializes in traffic analysis of malware and suspicious network activity. After more than 21 years of classified intelligence work for the US Air Force, Brad transitioned to cyber security in 2010. He is currently a Threat Intelligence Analyst for Palo... Read More →


Thursday February 21, 2019 10:00am - 6:00pm PST
Sego Lilly E

12:00pm PST

Lunch
Thursday February 21, 2019 12:00pm - 1:00pm PST

3:00pm PST

Ham Radio Licensing Exam Session
Interested in experimenting with wifi and other wireless protocols?  Using the airwaves to communicate locally and internationally without cellphones or the internet? Come get licensed as an Technician class amateur radio operator or upgrade your existing license. Exam fee is $15, bring your photo id. Study at https://hamstudy.org/ See what to bring here: http://www.arrl.org/what-to-bring-to-an-exam-session

Speakers

Thursday February 21, 2019 3:00pm - 6:00pm PST
Lone Peak
 
Friday, February 22
 

10:00am PST

Keynote
I'm not a traditional keynote speaker; I love to tell stories. If you like Hobbits, playing cards, World War II, Irish immigrants, and of course, cryptography, you may just want to attend my keynote.

Speakers
avatar for Aaron Toponce

Aaron Toponce

Aaron Toponce is a Linux system and security administrator for XMission. He graduated with an undergraduate degree in Mathematics minoring in Computer Science. He is active in the cryptography community, and focuses primarily in researching using modern cryptographic primitives in... Read More →


Friday February 22, 2019 10:00am - 11:00am PST
Sego Lily A, B, C, D, E

11:00am PST

The Magic of RSA Cryptosystems
You know that feeling right before you fall asleep and your mind wanders to wondering how is it that you use one key to encrypt and a completely different key to decrypt and yet it works out? What is this asymmetric voodoo?! I’m no mathematician but come do math with me anyway.

Speakers
avatar for Shelby Peterson

Shelby Peterson

Shelby Peterson (aka Chubbs) is a BYU alumna who has spent the last couple years fighting crime as a Security Operations Center Analyst at Adobe.  She enjoys SOC work because she gets to sneak through mounds of data. She struggles to stay warm, and is often spotted wearing blankets... Read More →


Friday February 22, 2019 11:00am - 11:30am PST
Sego Lily A, B, C, D, E

11:00am PST

Bluetooth: From Basics to Vulnerabilities
In this presentation, we will go over the basics of Bluetooth, with a focus on vulnerabilities. Then we will move on to the basics of setting up an environment to monitor bluetooth packets, send bluetooth packets, and reverse engineer bluetooth devices. If you'd like to try the demos out for yourself, make sure to bring a linux-friendly USB Bluetooth dongle, a Linux-Powered Laptop with Docker installed (or a laptop w/ VirtualBox or VMWARE).

Speakers
CV

Corban Villa

Corban is the Director of Operations for the OpenWest Conference, along with being a student. He works primarily with Python, Docker, and Salt, though enjoys learning new technologies. He has presented at both DEF CON r00tz and Saintcon on bluetooth hacking, along with annual OpenWest... Read More →


Friday February 22, 2019 11:00am - 12:00pm PST
Clipper Peak

11:00am PST

Hackers, Hooligans, Heists, and History
This presentation is based on 20+ years in cybersecurity working across 50+ countries. It will explore the real-life history and use cases of hackers, hooligans, and heists. From mechanical computers to the Internet, acts of sabotage, fraud, theft, and other nefarious undertakings have been conducted with low risk, minimal hurdles, and high reward. In some cases, attackers even receive safe harbor from prosecution. Bad actors ranging from insiders and hacktivists to cybercriminals and nation-states are motivated by money, politics, revenge, and ideology.

Speakers
avatar for Brian Contos

Brian Contos

Brian Contos is the CISO & VP, Technology Innovation at Verodin. He is a seasoned executive with over two decades of experience in the cybersecurity industry as well as a board advisor, entrepreneur, and author. After getting his start in cybersecurity with the Defense Information... Read More →


Friday February 22, 2019 11:00am - 12:00pm PST
Twin Peaks

11:00am PST

Capture the Flag
Friday February 22, 2019 11:00am - 4:00pm PST
Lone Peak

11:30am PST

How Systems Engineering can help Cybersecurity
Will discuss how engineering process can help a company achieve better security. Businesses need to adapt to cybersecurity as a unit outside IT and build internal processes to fit against attacks. Small and large organizations will need to change how they deal with cybersecurity as technology gets more connected to the business.

Speakers
avatar for Andrew Hall (RuShan)

Andrew Hall (RuShan)

Andrew (RuShan) is an Executive MBA student graduating May 2019 that has worked DoD Cybersecurity for over 8 years. Undergrad in Electrical Engineering and has a CISSP. Twitter: rushan_ee


Friday February 22, 2019 11:30am - 12:00pm PST
Sego Lily A, B, C, D, E

12:00pm PST

Lunch
Friday February 22, 2019 12:00pm - 1:00pm PST

12:00pm PST

Women in Technology Lunch (Sponsored by DigiCert)
Speakers
avatar for Angela Trego

Angela Trego

Dr. Trego is a consultant and trainer in project management, leadership, inclusion and diversity.  She has worked at multiple Fortune 500 companies and taught at several universities.  She thinks of herself more as a world traveler than as a rocket scientist.  Above all she is... Read More →
avatar for Jane Ullah

Jane Ullah

Jane is currently a software engineer at Plaid with over 4 years of experience in building software professionally. Prior to her current career in software development, she worked in the natural sciences field as a laboratory and research technician. An avid learner, Jane is excited... Read More →
avatar for Kelsey Eiman

Kelsey Eiman

Kelsey is a software engineer and scrum master at DigiCert. She has a bachelor's degree in information systems and is currently pursuing an MBA. When she isn't defending the internet or building certificate issuance platforms, she can be found shredding the slopes. Kelsey loves video... Read More →
avatar for Leslie Bonsteel

Leslie Bonsteel

Leslie is senior director of strategic marketing at Ivanti, a company that builds software for IT. She leads a global team that includes marketing operations, analyst and public relations, internal communications, and customer advocacy. Previously, she worked as a UX designer, technical... Read More →
avatar for Hannah Brock

Hannah Brock

Hannah is a software engineer at Plaid. Prior to jumping into fintech, she specialized in natural language processing at Attensity and inContact. When focusing on the life side of work/life balance, Hannah enjoys snowboarding and debating what is and is not a salad.


Friday February 22, 2019 12:00pm - 1:00pm PST
Nelson Peak

1:00pm PST

White Collars & Black Hats: Bitcoin, Dark Nets and Insider Trading
We know criminal hacking is big business, over the past decade, we have seen criminal syndicates get creative with ways of generating revenue, through markets selling stolen credit cards, selling of tools and services and more recently ransomware. With the rise of popularity in Bitcoin, there has been an increasing interest from those in the financial sector in the pseudo-anonymous currency as well as underground markets and sites sharing information via hidden services in the Tor network and other platforms. Financially savvy white collar criminals now have increased access to criminal hackers who can target, steal and share nonpublic data about companies, this paired with the anonymous nature of hidden services and Bitcoin reduces the risk of getting caught, but with large financial gains. In this talk we will review several cases where criminals have gained millions of dollars through compromising PR and legal firms and steps these organizations can take to protect this data.

Speakers
avatar for Ken Westin

Ken Westin

Ken Westin is currently Senior Security Specialist at Splunk, helping organizations aggregate, analyze and operationalize disparate security data sources to identify and mitigate threats in various forms. In his past he has helped solve crimes with data, tracking stolen devices, breaking... Read More →


Friday February 22, 2019 1:00pm - 2:00pm PST
Sego Lily A, B, C, D, E

1:00pm PST

Dr. StrangeTalk, or How I Learned to Stop Worrying and Present at the Con
At a recent conference, a few of us were discussing how there are a ton of great info security peeps in the area that have really cool ideas and project, yet many don't feel comfortable presenting them or submitting papers about their ideas. We've also felt that many of the same people present due to lack of submissions. The overall goal of this presentation will be about stepping out of our comfort zone, overcoming your imposter syndrome and offering some tips of giving your 1st or your 20th conference talk.

Speakers
avatar for Colin Jackson

Colin Jackson

@d1dymu5. Security Engineer for large education and training technology company. I'm a locksport enthusiast, inventor, and security fanboy. He's been doing infosec for 10 years. More blue than red. Husband and father of 4, enjoys spending time with family and friends. Has also presented... Read More →
NS

Nathan Smith

You can find me on Twitter @n8zwn. Currently working as a Sr. Security Analyst for the past few years. My current position has me doing both red and blue team activities. Love everything information security related as well as being outdoors with my family. Has presented as BSidesSLC... Read More →


Friday February 22, 2019 1:00pm - 2:00pm PST
Clipper Peak

1:00pm PST

Meet the STIG: How to use DoD security baselines
In government IT work, "STIG" is usually accompanied by swearing; but it doesn't have to be. Come to this session and learn about what the Security Technical Implementation Guides are, how to work with them, and how to adapt them for your own security policies.

Speakers
avatar for Jared Capson (th3ph3d)

Jared Capson (th3ph3d)

th3ph3d is not a fed. He's a system administrator originally from Utah, but is now doing contract work wherever he can find it. He has 7 years of sysadmin experience, including with Windows, Linux, and networking. He can be found on twitter @th3ph3d.


Friday February 22, 2019 1:00pm - 2:00pm PST
Twin Peaks

2:00pm PST

Tech Panel
Speakers
avatar for Stephanie (@_sn0ww) Carruthers

Stephanie (@_sn0ww) Carruthers

Stephanie "Snow" Carruthers is a People Hacker for X-Force Red, an autonomous team of veteran hackers within IBM Security. At DEF CON 22 she won a black badge for the Social Engineering Capture the Flag (SECTF) and was on the winning team for SAINTCON'S Vault Physical Security challenge... Read More →
avatar for Mike Spicer (d4rkm4tter)

Mike Spicer (d4rkm4tter)

Mike is a mad scientist and hacker who likes to meddle with hardware and software. He is particularly obsessed with wireless. He has a degree in computer science which he has put to use building and breaking a wide array of systems. These include web application, wireless system monitoring... Read More →


Friday February 22, 2019 2:00pm - 3:00pm PST
Sego Lily A, B, C, D, E

3:00pm PST

Anatomy of a Megabreach: Analyzing the Equifax Report
In December 2018 a House Committee released a report on the Equifax breach. After a 14 month investigation, it presents detailed information about the who, what, where, why, and how. Utilizing a blue team perspective, I provide a comprehensive overview of the report, and some takeaways that security professionals and advocates can use when discussing security programs for their own organizations or others. Come prepared to guffaw, sigh, facepalm, and maybe shed a few tears.

Speakers
avatar for Bronson Peto (Dumby)

Bronson Peto (Dumby)

In December 2018 a House Committee released a report on the Equifax breach. After a 14 month investigation, it presents detailed information about the who, what, where, why, and how. Utilizing a blue team perspective, I provide a comprehensive overview of the report, and some takeaways... Read More →


Friday February 22, 2019 3:00pm - 3:45pm PST
Twin Peaks

3:00pm PST

I Find Your Lack of Serverless Disturbing! Leveraging the Cloud to Automate the Mundane
Serverless technologies are an offensive security professional's dream. With some basic scripting skills, and a little bit of AWS know-how, a security professional can automate and scale mundane tasks at a moment's notice. This talk is about leveraging the power of serverless technology to perform open source reconnaissance and target enumeration on a scale far larger than your laptop can handle (e.g. screenshotting web services, port scanning, running various vulnerability checks, etc...). Serverless technology is exploding and it's time you took advantage of it!

Speakers
MB

Michael Butler

Michael Butler is a vice president and security researcher at Stage 2 Security where he leads, hacks, and does some development in his spare time. Michael has worked in the offensive security field for nearly 10 years which includes time working for the US Army, NSA, Cyber Command... Read More →


Friday February 22, 2019 3:00pm - 4:00pm PST
Sego Lily A, B, C, D, E

3:00pm PST

An Idiots Guide to Site Scraping.
The internet is crawling with bots. A bot is a software program that runs automated tasks over the internet, typically performing simple, repetitive tasks at great speeds unattainable, or undesirable by humans. They are responsible for many small jobs that we take for granted such as search engine crawling, website health monitoring, fetching web content, measuring site speed and powering APIs. They can also be used to automate security auditing by scanning your network and websites to find vulnerabilities and help remediate them. One of the ways that bots can harm businesses is by engaging in web scraping. We work with customers often on this issue and wanted to share what we’ve learned. This presentation discusses what web scraping is, how it works, and why it’s a problem for website owners. Lastly, we will introduce a number of techniques website owners can use to protect themselvers and their business.

Speakers
AF

Adam Fisher

Mr. Fisher has spent the last 12 years in information security starting in Identity Management and now protecting companies sensitive Applications and Data.  Currently, through his technical expertise, Mr. Fisher works with large enterprises to bridge the gap between the business... Read More →


Friday February 22, 2019 3:00pm - 4:00pm PST
Clipper Peak

4:00pm PST

It's all in the Cloud: Red Teaming GCP (Google Cloud Platform)
Cloud services are frequently misconfigured due to their rapid adoption and engineers not fully understanding the security ramifications of different configurations, which can frequently enable red teams to gain, expand, and persist access within Google Cloud Platform (GCP) environments. In this talk we will dive into how GCP services are commonly breached (e.g. SSRF vulnerabilities, discovering insecure cloud storage), and then show how attackers are expanding access within Docker & Kubernetes (K8s) environments (e.g. CVEs, insecure daemons). Finally we will demonstrate some unique techniques for persisting access within GCP environments for prolonged periods of time!

Speakers
avatar for Bryce Kunz

Bryce Kunz

Bryce Kunz (@TweekFawkes) loves researching and red teaming bleeding edge IT services. Bryce is currently the Chief Hacker & President at Stage2Sec.com where he released various open source tools (e.g. soMeta, lolrusLove, yupPhrasing, etc…) and has contributed several modules to... Read More →


Friday February 22, 2019 4:00pm - 4:30pm PST
Clipper Peak

4:00pm PST

UVU Cyber Security Club
We will be talking about our Cyber Security Club here at UVU. We will discuss why you should care about us and how we have made an impact in such a short amount of time.

Speakers
avatar for Chriss Hansen

Chriss Hansen

Stansbury Park UTTwitter: @Senpa1909LinkedIn: https://www.linkedin.com/in/christopher-hansen-2998b5142


Friday February 22, 2019 4:00pm - 4:30pm PST
Twin Peaks

4:00pm PST

Three dimensional security – a graph and search approach to security and compliance
Organizations can't get complete visibility into their digital environment because of the way the data is collected, stored and presented. That means vulnerabilities are rampant and you don't even know it. Learn how to apply a graph data model to your digital environment to create a more thorough and complete mapping of relationships that exist. This, in combination with search, makes spotting gaps and vulnerabilities easy. It also enables more intelligent, context driven alerts.

Speakers
avatar for Erkang Zheng

Erkang Zheng

Erkang is currently the CISO at LifeOmic, the leading cloud precision health software company, where he also founded the JupiterOne security product.  He was previously the VP/Head of Software Security at Fidelity Personal Investing and Program Director at IBM Security Services before... Read More →


Friday February 22, 2019 4:00pm - 5:00pm PST
Sego Lily A, B, C, D, E

4:30pm PST

Badge Talk
Let's talk about all-the-things badge related: design, challenges, magic, assembly, etc…

Speakers

Friday February 22, 2019 4:30pm - 5:00pm PST
Clipper Peak

4:30pm PST

How Cyber Security competitions got me my Job
So COLLEGIATE CYBER DEFENSE COMPETITION or CCDC is competition held nation wide for the top schools in the nation. Last year 2018 was the first year I competed and when I started on the team I was a Janitor for Vivint Smart home. While competing and learning I was able to take some of the tech skills and troubleshooting lessons I learned in the Cyber Security Club and moved up to being a Tier 4 Troubleshooting tech within 8 months of working Vivint. When we went to regional I was picked as team captain where I learned to manage a team while also fixing windows systems and giving professional reports. After the season was over I tried getting on the IT team for Vivint but because I had no job experience or certs I was passed over for the job. I kept looking and eventually I found a job working for VASA Fitness as an IT team member. I've been here for six months and I am now IT Team lead of 4 people because I learned how to manage people and how manage projects form the club. Still no certs but I am working on those and still only a student in school. I feel like most people put accomplishments like this on their Resume but not everyone knows or even heard off CCDC and don't know what that means and I want to explain what this has done for me and my fellow club members and how we are prepared for real world task and jobs better than most students because we practice for The worst scenarios and build great solutions.

Speakers
avatar for Ryan Fisk

Ryan Fisk

I'm 23 years old and a sophomore at Utah Valley University. I started attending UVU  in 2017 where I was introduced to Cyber Security and UVU's cyber security club that same year. Since joining the club I've been learning about windows administration and started studying about networks... Read More →


Friday February 22, 2019 4:30pm - 5:00pm PST
Twin Peaks

5:00pm PST

Closing Ceremony
BSidesSLC Closing Ceremony

Friday February 22, 2019 5:00pm - 5:30pm PST
Sego Lily A, B, C, D, E

5:30pm PST

Utah Cybersecurity Society Members Meeting
Utah Cybersecurity Society Members Meeting

Friday February 22, 2019 5:30pm - 6:00pm PST
Sego Lily A, B, C, D, E

8:00pm PST

Official After Party
Head to the DC801 Hackerspace for the official BSidesSLC after party!

353 E 200 S Suite #B, Salt Lake City, UT 84111

Friday February 22, 2019 8:00pm - 11:30pm PST
DC801 Hackerspace 353 E 200 S Suite #B, Salt Lake City, UT 84111