Loading…
BSidesSLC has ended

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Track 2 [clear filter]
Friday, February 22
 

11:00am PST

Bluetooth: From Basics to Vulnerabilities
In this presentation, we will go over the basics of Bluetooth, with a focus on vulnerabilities. Then we will move on to the basics of setting up an environment to monitor bluetooth packets, send bluetooth packets, and reverse engineer bluetooth devices. If you'd like to try the demos out for yourself, make sure to bring a linux-friendly USB Bluetooth dongle, a Linux-Powered Laptop with Docker installed (or a laptop w/ VirtualBox or VMWARE).

Speakers
CV

Corban Villa

Corban is the Director of Operations for the OpenWest Conference, along with being a student. He works primarily with Python, Docker, and Salt, though enjoys learning new technologies. He has presented at both DEF CON r00tz and Saintcon on bluetooth hacking, along with annual OpenWest... Read More →


Friday February 22, 2019 11:00am - 12:00pm PST
Clipper Peak

1:00pm PST

Dr. StrangeTalk, or How I Learned to Stop Worrying and Present at the Con
At a recent conference, a few of us were discussing how there are a ton of great info security peeps in the area that have really cool ideas and project, yet many don't feel comfortable presenting them or submitting papers about their ideas. We've also felt that many of the same people present due to lack of submissions. The overall goal of this presentation will be about stepping out of our comfort zone, overcoming your imposter syndrome and offering some tips of giving your 1st or your 20th conference talk.

Speakers
avatar for Colin Jackson

Colin Jackson

@d1dymu5. Security Engineer for large education and training technology company. I'm a locksport enthusiast, inventor, and security fanboy. He's been doing infosec for 10 years. More blue than red. Husband and father of 4, enjoys spending time with family and friends. Has also presented... Read More →
NS

Nathan Smith

You can find me on Twitter @n8zwn. Currently working as a Sr. Security Analyst for the past few years. My current position has me doing both red and blue team activities. Love everything information security related as well as being outdoors with my family. Has presented as BSidesSLC... Read More →


Friday February 22, 2019 1:00pm - 2:00pm PST
Clipper Peak

3:00pm PST

An Idiots Guide to Site Scraping.
The internet is crawling with bots. A bot is a software program that runs automated tasks over the internet, typically performing simple, repetitive tasks at great speeds unattainable, or undesirable by humans. They are responsible for many small jobs that we take for granted such as search engine crawling, website health monitoring, fetching web content, measuring site speed and powering APIs. They can also be used to automate security auditing by scanning your network and websites to find vulnerabilities and help remediate them. One of the ways that bots can harm businesses is by engaging in web scraping. We work with customers often on this issue and wanted to share what we’ve learned. This presentation discusses what web scraping is, how it works, and why it’s a problem for website owners. Lastly, we will introduce a number of techniques website owners can use to protect themselvers and their business.

Speakers
AF

Adam Fisher

Mr. Fisher has spent the last 12 years in information security starting in Identity Management and now protecting companies sensitive Applications and Data.  Currently, through his technical expertise, Mr. Fisher works with large enterprises to bridge the gap between the business... Read More →


Friday February 22, 2019 3:00pm - 4:00pm PST
Clipper Peak

4:00pm PST

It's all in the Cloud: Red Teaming GCP (Google Cloud Platform)
Cloud services are frequently misconfigured due to their rapid adoption and engineers not fully understanding the security ramifications of different configurations, which can frequently enable red teams to gain, expand, and persist access within Google Cloud Platform (GCP) environments. In this talk we will dive into how GCP services are commonly breached (e.g. SSRF vulnerabilities, discovering insecure cloud storage), and then show how attackers are expanding access within Docker & Kubernetes (K8s) environments (e.g. CVEs, insecure daemons). Finally we will demonstrate some unique techniques for persisting access within GCP environments for prolonged periods of time!

Speakers
avatar for Bryce Kunz

Bryce Kunz

Bryce Kunz (@TweekFawkes) loves researching and red teaming bleeding edge IT services. Bryce is currently the Chief Hacker & President at Stage2Sec.com where he released various open source tools (e.g. soMeta, lolrusLove, yupPhrasing, etc…) and has contributed several modules to... Read More →


Friday February 22, 2019 4:00pm - 4:30pm PST
Clipper Peak

4:30pm PST

Badge Talk
Let's talk about all-the-things badge related: design, challenges, magic, assembly, etc…

Speakers

Friday February 22, 2019 4:30pm - 5:00pm PST
Clipper Peak