BSidesDFW 2016

Speaker Bios

BSidesDFW 2016

"Hack Mode Enabled – Hardware Hacking on a Budget"
-- Price McDonald

Over the last few years Hardware Hacking has become a much more prevalent testing and attack avenue.  This talk is meant to give a basic to mid-level understanding of Hardware Hacking techniques, tips and tricks for a normal person (read no Enterprise Security budget).

@PriceMcDonald |

Price McDonald is a Director with Coalfire Labs and is responsible for managing a team of Penetration Testers in addition to conducting penetration tests against his clients networks, software and hardware.  Price’s areas of expertise include Hardware Hacking, Penetration Testing, Digital Forensics, Reverse Engineering and Security Architecture and Design.

"SMS OTP is Not Secure Two-Factor Authentication! Now what?"
-- Aaron Poffenberger

It's no secret that that sending one-time-pad codes via SMS are not a secure mean two-factor authentication. But they're oh-so-easy to implement. What's the blue team to do?

@akpoff |

Aaron Poffenberger, CISSP, has more than 17 years experience developing secure software and APIs. Aaron has developed security and auditing software for PentaSafe, NetIQ and Giant Gray.

Aaron has also developed web services and streaming media applications, most recently for The Anime Network where he designed and implemented public-facing APIs for web and mobile-app access.

"Minecraft Network Defense: Security Education with Competitive Minecraft Scenarios"
-- Will Woodson

Getting kids interested in blue team security can be difficult. You know what else is difficult? Winning at real world blue team security.

In this talk we will discuss the application of defensive concepts via the game Minecraft, work on tying results in the game back to real world network defense, and provide tools and ideas for setting up your very own security education program: Defend your network against cyber threats in a multiplayer Minecraft scenario. Build a firewall to keep attackers out of a defensive perimeter. Use cyber defense tools to stop the bad guys, and go hunting for cyber threat intelligence. But watch out, sophisticated attackers might already be inside your network!

Developing and executing a competitive scenario for network defense just might help you win over future InfoSec thought thinkers to the profession of defense.

@wjwoodson |

Will is an Information Security Analyst at a financial services institution in San Antonio, TX. He has several years of professional experience in security operations and is currently pursuing a graduate degree in cyber security from UTSA. He publishes everything of marginal interest he does at

"Lean Threat Intelligence: Detecting Intrusions and Combating Infiltrators with Open Source Software"
-- Lennart Koopmann

With a vast increase in the amount of data and information coming in every second, it is important to have measures set in place to detect suspicious activity. By combining IDS events with network connection logs and enriching with threat intelligence data, you can detect attackers early, follow lateral movement, and investigate what actions an adversary performed while inside your systems. In this talk, we will demonstrate how to combine and collect these logs from different sources using an Open Source log management tool, such as Graylog. We will further elaborate on different techniques that can be used to analyze your acquired log data.


Lennart Koopmann is the founder and CTO of Graylog and also started the project in 2010. He spent over a decade in software development and transitioned into developing Open Source network security tools and applications.

"Murder Mystery – Who is Killing your Information Security Program"
-- Gordon MacKay

Integrating vulnerability scanning results into one’s security ecosystem involves a serious hidden challenge which results in heinous consequences, thereby killing your InfoSec program. This session shares clues on this challenge, step by step, in the form of a murder mystery game, and ultimately reveals the culprit as well as strategies to overcome it. Come participate, play, and interact! Try to guess “who-dunnit,” and learn how to avoid future similar InfoSec crimes.

@gord_mackay |

Gordon MacKay, Software/Systems Guru with a dash of security hacking, serves as CTO for Digital Defense, Inc. He has presented at ISC2 Security Summit, Cyber Texas, many BSides and more, and has been featured by top media outlets such as Fox News, CIO Review, Softpedia and others.

He holds a Bachelor's in Computer Engineering from McGill University and is a Distinguished Ponemon Institute Fellow.

"Top 10 Mistakes Made In Active Directory That Can Lead To Being Pwned"
-- Adam Steed

Hitting the "Finish" button is only the beginning to creating a secure Active Directory. From the settings you must configure to protect against MimiKatz to the 7 registry keys you manually set to ensure time is configured on the Primary Domain Controller. We will look these and other common mistakes made in organizations to secure Active Directory.


Adam Steed has 18 years' experience in Identity Access Management (IAM) working for Financial, Websites and Healthcare organizations. Currently Adam is a Senior Manager at Protiviti providing SME in the areas of IAM as part of the Security and Privacy practice.

"Hacking BBQ: Making Better Meat"
-- Branden Williams & James Adamson

When it comes to food, Texans know their Tex-Mex and barbecue. Everyone has their favorite places and styles, and even regional preferences within our great state. In this session, James & Branden will bring several cuts of meat with detailed instructions on how they were prepared, cooked, and presented, so that enthusiasts of any experience level can prepare delicious meals for themselves and their guests. Attendance of this session should be during lunch, and will be limited to 50 people. Each attendee will get several cuts of meat from both James & Branden who will bring different styles and methods to the table. Vegetarians need not apply.

@BrandenWilliams |

Branden Williams has been perfecting his BBQ techniques for fifteen years. He has owned and used a vast array of grilling and BBQ gear and firmly believes that sauce is a side—meat should be able to stand on its own. Prior to submitting this abstract, he has cooked for three BSidesDFW events.

@JamesKAdamson |

James Adamson has been eating BBQ for decades, long before it became hip. Moving around the country since 2000 and traveling for a living, James has sampled BBQ from just about everywhere in the US and a few more places abroad. You can find James on the weekend in front of his BGE with tongs in his hand and during the week at the grocery store perusing the meat department or staring vacantly at bottles on the spice aisle.

"DCIM: Breaking All of Your Eggs in one Basket"
-- Caleb Watt & Michael Mason

Many data centers (both hosting companies as well as private data centers) use a Data Center Infrastructure Management System to not only track assets, but also manage them and securely store information on them. This is all well and good, however if it is not properly implemented, it can lead to a huge amount of problems.

We focused on Device 42 for this research, a DCIM system that not only tracked assets, but also their passwords. During our research, we managed to compromise this system, which can lead to a full compromise of any assets tracked through it.

@calebwatt15 |

Caleb Watt is a Security Analyst at KLC Consulting, Inc. He does red teaming and research. He's tested web, thick client, network, embedded, meatspace, SAP, and everything in between.

Michael Mason is a Software Developer with a primary focus on automation and monitoring. His goal has always been to make everything efficient. Everything from barcode systems to DataCenter automation excites him.

"Detecting Fraud Online"
-- Roxy D

It’s likely that you could save millions of dollars by implementing just a few simple rules or measures to detect common mistakes that fraudsters make in the process of scamming your company out of money or products. At the minimum, by beginning to detect the activity, at least you can predict how much money you will lose and create a budget around preventing fraud. The convenience of being able to apply to services or order products online opens the door to criminals. You may not even realize how often your company is being stolen from. This talk will prepare you to start finding online fraudulent activity and show you common tricks the fraudsters use. You may also find it interesting if you want to learn more about how to analyze http traffic.

@theroxyd |

Roxy D is a threat intelligence engineer at a bank and co-founder of a non-profit makerspace in Plano called The

Her goal is to provide and encourage means to spread information and promote STEM education not only for children but for adults as well.

"Active Directory Management Tool"
-- Brad Hannah & Michael Raibick

Microsoft's Active Directory services provide methods of unifying an entire network of devices and applications. However, standard tools used to manage Active Directory do not offer the capabilities to perform bulk object management, group similar objects, filter objects using any attribute or provide user access based on business roles. The Active Directory Management Tool combines these mechanisms into a single application, providing system administrators with a simpler method to audit users, systems and network resources.

Brad is a staff Cyber Security Consultant at Crowe Horwath. With a passion for programming and security, Brad has been involved in developing security tools for automation and assessment needs at Crowe. Brad's experience includes Windows administration, network administration, programming, penetration testing, and security consulting and is part of over 30 security engagements annually.

Michael is a penetration tester and security consultant at Crowe Horwath where he performs (you guessed it) internal and external penetration tests, social engineering exercises, and strategic infosec consulting. He holds a Bachelor’s degree in Software Engineering from UT Dallas.

"Websites! Where are you now? : Identifying Internal Websites"
-- Mitchell Hennigan & John Alves

Internally facing websites can be overlooked during vulnerability scanning or system hardening in the shadow of externally client facing websites. These websites can; however, provide access to sensitive information or further access on the network, providing authentication, pivot points or privilege escalation on a network.

Mitchell Hennigan

Adventurous young lad with a passion for motorcycles when not dumpster diving for gold. Currently, a penetration tester at Crowe Horwath working with penetration assessments, infrastructure security reviews as well as social engineering. Have been involved in the penetration testing field for 3 years including obtaining bachelors in Computer science – Cyber Defense and Infrastructure.

John Alves

Currently a penetration tester and IT Security consultant at Crowe-Horwath. Works with clients to assess their overall security posture through penetration assessments, policy and procedure reviews, and social engineering exercises. Received a bachelor’s degree in Cyber Defense and Infrastructure from Texas A&M University – Corpus Christi and has been involved in IT for the last five years.

"Are automated malware analysis sandboxes as useful as your manual analysis?"
-- Michael Gough

Analyzing malware can take a lot of time, because of this many of us malware researchers, InfoSec pros and IT staff use free or commercial malware analysis sandboxes like Reverse.IT,,, ReversingLabs, Cuckoo sandbox, Cisco AMP and many more to analyze malware quickly. What exactly do these solutions provide you information wise? Do they help you decide if a file is malware? Do they tell you what the malware does? Do they provide enough information to tweak your defenses or know what to look for across your network? Do they tell you what to block on your DNS/Web Proxy/Firewall or gateway devices? What do they actually provide you from the automated analysis? We will also discuss what do we need or want automated sandboxes to tell us information wise and what do I look for in malware analysis and how I apply the data to improve my defenses. What can we learn if we do it manually in a lab and how quickly can we learn what we need? This talk will examine these questions and take two samples; one a commodity malware sent in an email SPAM barrage made up of a Microsoft Word document with embedded malware and an advanced, never before seen by the sandboxes or you, advanced custom malware payloads used in an attack against a global industry. A summary of what each sandbox provided in their output will be discussed along with a comparison against doing it manually in a non-sandbox lab system.

@HackeerHurricane |

Michael is co-creator of LOG-MD, a free Windows logging and malicious behavior discovery tool to help defenders improve their Windows logging, discover malicious behavior and malware. Michael also created the "Malware Management Framework", and also developed several "Windows Logging Cheat Sheets" to provide a starting point on detailed logging for Windows hosts.

"imnurnet: Control of Your IPv4 Network with IPv6"
-- Jeff Carrell

In networking, IP as we call it, is actually Internet Protocol version 4 (IPv4). Internet Protocol version 6 (IPv6) is the replacement for IP running in today's networks. 17 years after the initial release of IPv6, we observe that most networks are not formally implementing IPv6, however, most modern desktop/server OS's have had it enabled for 6-10 years. That means most IT departments don't understand that IPv6 is in fact all over in their networks nor what the potential implications are.

This session will cover a few IPv6 basics and then dive into a real-world demonstration accessing a live network and the recon/exploit of an "IPv4 only" network, using IPv6.


Jeff Carrell is Network Consultant at Network Conversions. He is a frequent industry speaker, freelance writer, IPv6 Forum Certified Trainer, network instructor, and course developer to major networking manufacturers. He is also a technical lead and co-author for the book, Guide to TCP/IP: IPv6 and IPv4, 5th Edition. Jeff focuses on IPv6 and SDN interoperability.

"Phishing: Then and Now"
-- Amberlee Reynolds

Phishing has come a long way since the early beginnings of Nigerian princes and MoneyPak cards; come join the discussion of how phishing has evolved from simple requests for prize 'front-money' into slick email presentations leading to well-crafted websites spoofing the real companies being victimized by the practice.

@Sec_She_Lady |

Amberlee Reynolds is a cybersecurity analyst and shift lead at Experian; her focus is malware and phishing analysis. In her free time, she goes through her Junk Mail to chase down new and exciting links sent to her by unwitting miscreants.

"DevSecOps: Automate Everything"
-- Josh Danielson

Applying security standards consistently across environments has typically been a struggle for security practitioners. Maintaining accurate system baselines in dynamic, complex ecosystems is a challenge that makes asset management a seemingly impossible process to control in traditional environments. With the elastic capabilities of Cloud solutions it may appear at first glance that this struggle will only continue. However, there is a light at the end of the tunnel. In this talk we will describe a practical implementation of automated tools such as Jenkins and Chef to ensure a consistent set of security standards across an entire environment, enabling practitioners to secure cloud and on-prem environments in near real-time, even allowing for the segregation of non-compliant systems just as quickly.


With a decade of experience in both public and private sectors, Josh Danielson has served a variety of industries throughout his security career; from academia and government contracting, to the financial sector. Josh is an active member of the infosec community where he has participated in multiple volunteer events. Josh has received a Master of Science degree in Information Management from Syracuse University, and currently holds multiple certifications including CISSP-ISSAP and CISM.