BSidesDFW 2019

Villages / Speaker Bios

BSidesDFW 2019 Villages


Web App Village / Action C
"Pwning Web Apps – An Intro to Web App Pentesting Part 1" - 09:30
"Pwning Web Apps – An Intro to Web App Pentesting Part 2" - 15:30
-- Phillip Wylie

In this introductory web application penetration testing workshop, participants will learn the basics of web application penetration testing, including; methodology, tools, techniques, and resources. Not only will the skills taught in this workshop be useful for pentesting, but they are also valuable to aspiring bug hunters for use in bug bounties. In this hands-on workshop, participants will be provided with a virtualized lab environment.

Hardware requirements for the virtual lab: Laptop with 20GB for free disk space. VirtualBox or VMWare required to run the virtual lab.

@PhillipWylie

Phillip Wylie Phillip is a professional security engineer and prenetration tester. He is also a Bugcrowd Ambassador and the founder of The Pwn School Project. Phillip has 22 years of experience in InfoSec and IT and has performed pentests on networks, wireless networks, applications including thick client, web application and mobile. Phillip has a passion for sharing, mentoring and educating.

@SchoolPwn | The Pwn School Project

The Pwn School Project is a free monthly educational meetup with a focus on hacking.


Mentor Village / Action C
"Mentoring 101" - 13:30
-- Ell Marquez

Ever been a Daniel in need of a Mr. Myagi? Are you ready to achieve greatness but with no real clue where to start? Finding a mentor is the first step, but knowing how to make the most of the time spent with your mentor makes the real difference. Join in on a conversation about identifying your person of influence and building a plan together from wax on, wax off to being carried away by the cheering crowd.

@Ell_o_Punk | ellopunk.com

Ell Marquez has been part of the open-source family for a few years now. In this time, she has found the support needed from her mentorship relationships to grow from a Linux Administrator to a Community Architect helping to build Open Source Communities. Her current passions are podcasting with her co-host on Choose Linux and spreading the message that in tech, "It's Okay to Be New."


OSINT Village / Win
"OSINT Workshop" - 10:30 (repeats at 13:30 & 15:30)
-- Digital Shadows

A hands-on walk through of an OSINT investigation. Hardware requirements: laptop with VirtualBox or VMWare.

@digitalshadows | digitalshadows.com


IPv6 Village / Connect
"IPv6: Basics, in Wireshark, Troubleshooting, Hacking" - 09:30
-- Jeff Carrell

In networking, IP as we call it is actually Internet Protocol version 4 (IPv4). Internet Protocol version 6 (IPv6) is the replacement for IP running in today's networks. 20 years after the initial release of IPv6 we observe that most networks are not formally implementing IPv6, however, most modern desktop/server OS's have had IPv6 enabled for 8+ years. That means many IT departments and technologists don't understand that IPv6 is in fact all over their networks nor what the potential implications are.

@JeffCarrell_v6

Jeff Carrell is a Networking & Big Data Instructor and course developer at Hewlett Packard Enterprise.

Jeff is a frequent industry speaker, technical writer, IPv6 Forum Certified Trainer, and prior to HPE was a network instructor and course developer to major networking manufacturers. He is a technical lead and co-author for the book, Guide to TCP/IP: IPv6 and IPv4, 5th Edition.


Hardware Hacking Village / Speed
"Hardware Hacking and Competition" - All day
-- Alt_bier

Hardware based firetalks, soldering tutorials, badge design, soldering compettion and more.

@Alt_Bier | altbier.us


Mental Health Village / Trinity Point
"Mental Health Village" - All day
-- Mental Health Hackers

Disconnect, relax, achieve zen.

@HackersHealth | mentalhealthhackers.org

A nonprofit organization striving to reach out to other #hackers in the community to improve our mental health and learn to help our family and friends


BSidesDFW 2019 Speaker Bios


Track 1 / Energy Auditorium - 09:30
"Do you even OSINT, bro? How to get started and stay afloat while conducting OSINT"
-- Rick Holland & Charles Ragland

Getting started with OSINT reconnaissance can be overwhelming; there are so many tools, so many sources of information, and so many diverse data types. In this talk, we will highlight some of our favorite OSINT tools and how to get started with them. For the more experienced and discerning OSINTer, we will highlight how comprehensive asset discovery coupled with a narrower scope is vital for effective OSINT. To that end, we’ve developed a free tool we call the “Orca” https://github.com/digitalshadows/orca that we will walkthrough.

@rickhholland | Rick Holland

Rick is the Chief Information Security Officer at Digital Shadows. Before Digital Shadows, he was a Forrester Research analyst, providing strategic guidance on security operations, and data privacy. He is currently the co-chair of the SANS Cyber Threat Intelligence Summit and holds a B.S. from the University of Texas, Dallas. Rick also served as an intelligence analyst in the U.S. Army.

@maxdose_ | Charles Ragland

Charles is currently a Security Engineer at Digital Shadows, where he handles incident response and assists with research. Before transitioning to the internal security team, he worked as an Intelligence Analyst. Before performing incident response at Digital Shadows, he performed another kind of incident response in his decade long career in emergency medical services.


Track 2 / Action A - 09:30
"Linksys, I've a feeling we're not in Texas anymore. Homebrew of RaspberryPi bash ssh connect scripts with google spreadsheet."
-- Rex Tran

A short story about customizing and integrating a Raspberry pi using bash linux scripts for ssh service into a remote network using google spreadsheets.

@r3x3r | rubyslippers


OSINT Village / Win - 09:30
"Why is no one using these bindings?"
-- count3rmeasure

gdb has in recent years acquired a pair of extension languages, allowing one to script debugging with the gdb API. One of those is a widely used scripting language, in which dozens of scripts and whole frameworks for exploit dev, reversing and just plain debugging are written. The other is a lisp dialect almost no one has heard of. Natural experiments in language choice rarely so perfectly present themselves. This talk is the result of my attempt to answer that age old programming question "what does one really gain with one language over another?" using a Python vs Lisp frame with the gdb api as the medium and exploit development as the target.

@count3rmeasure | allthesealwaysonlys.info

free software enthusiast turned hacker, vulnerability research, binary analysis


Track 1 / Energy Auditorium - 10:30
"Anti-Dox: Tried and tested methods to keep your address secret in a public world"
-- Michael West

"I'm not paranoid, everyone is just out to get me!" Keeping your personal address private is extremely difficult in modern society. It's just as sensitive as a password or a credit card, yet it can't be easily changed (unless you love moving). Swatting, doxing, and stalking all happen to people working in infosec and keeping your address secret is the best prevention. In this talk, we'll discuss my experience in hiding my address as well as threat models, strategies, and pitfalls for both beginners and experts. This talk will also include the first public disclosure of a data breach that affects over 10 million Texans.

@t3hub3rk1tten | mwe.st

Michael West, also known as the Uber Kitten, is a three times BSidesDFW speaker known for barcode scanner hacking, personal privacy, and high altitude balloons. While native to Dallas, his presentations have been featured around the world, including "barcOwned" at BSidesDFW 2017 and DEF CON 26. Michael works at CyberArk and teaches companies how to make pen-testers miserable. As a frequent traveler, Michael enjoys sitting on the couch with his cat, Java, and doing absolutely nothing.


Track 2 - 10:30
"Back to the Basics: The Home Lab"
-- Malcolm

Have you ever needed to test something sketchy, so you failed at OPSEC and used your daily driver? Do you need more geek cred and want to be the guy talking about his "lab" at parties? We'll cover everything you need to have a fully prod-ready home lab such as purchasing, cabling, networking, hypervisors, OS choices, monitoring, logging, et al. Good for beginners and people who just need some tips and tricks for tricking out their home lab.

@leetnet

Malcolm, a Security Architecture and Risk Manager for a Fortune 1000 company, has been hacking since before he can remember. After getting a degree in Electrical Engineering and finding the job market less than exciting he returned to his childhood love - information security. His passion is understanding how things work and utilizing that knowledge to extend things beyond their intended means. This has lead him to develop some rather unusual hobbies and a home lab collection that is the envy of his friends (and many small businesses). In his spare time he teaches and volunteers at a local non-profit, The Dallas Makerspace, and hangs out in either the welding lab, the machine shop, or the electronics area.


Track 1 / Energy Auditorium - 11:30
"Hackers and PTSD: Hunting terrorists isn't always roses and sunshine"
-- David Evenden

Over the past few years I've been privately working with my family, friends, and the infosec community to discuss how my time in the intelligence community hunting ISIS terrorists has affected my way of life. I'll discuss how hackers can be affected by PTSD, how to void it if possible, how to recognize it, and what to do if you see it.

@JediMammoth | jedimammoth.io

David Evenden is an experienced offensive security operator & analyst with over 12 years of experience in the Intelligence Community where he learned Persian Farsi, worked at NSA Red Team and was a member of an elite international team operating in conjunction with coalition forces to aid in the ongoing efforts in the Middle East.


Track 2 - 11:30
"Purple Packets: Effective Network Defense Against Real-World Attacks"
-- Matt Bromiley & Aaron Soto

There are two sides to every story. Yin and yang. Day and night. Host and network. Unfortunately, when it comes to enterprise security, many organizations tend to focus heavily on host-based defenses, and apply “just-enough” monitoring to their network. However, the network can be one of the best places to not only defend against the attacker, but also observe and understand their capabilities.

In this talk, we’ll examine techniques with which advanced adversaries utilize your networks. Whether it’s via intricate protocol abuse, malleable traffic, or combinations of protocols to avoid standard detection, there is much to glean from an observation of network traffic. We’ll explore vulnerabilities and attack techniques that can perhaps be best detected at the network level, such as BlueKeep, an exploitation of Microsoft’s Remote Desktop Protocol and web application vulnerabilities.

To help our audience discover just how impactful proper network defenses can be, we’re going to emulate common techniques, followed by a detailed explanation of each attack. Furthermore, we’ll outline specific steps that would have detected and stopped the malicious traffic. Our goal, by the end of the session, is for our attendees to have a solid understanding of how the attacks work and what they need to do to protect themselves.

@mbromileyDFIR | bromiley

Matt Bromiley is a principal incident response consultant and lover of all things network forensics. When not taking down attackers, he’s somewhere eating delicious TX BBQ or tacos.

@_surefire_

Aaron Soto is at Corelight, training users on the Zeek (formerly Bro) network monitoring platform. He was recently on Rapid7's Metasploit team. In his off-time, he enjoys endurance automotive racing.


Web App / Mentor Village / Action C- 11:30
"The ultimate pentest: Can you take over a city infrastructure in 30 hours or less?" An interactive session
-- 38P

What would it take to take over a city street light system? Or an oil refinery facility?

A team of Russian hackers took over a simulated city infrastructure in less than 30 hours at a hackathon this year. Come to see what tools and techniques they used. Moreover, we will release the network diagrams of the target objects within the city and their SW/HW environments 2 weeks in advance. Research the known vulnerabilities within the environments and the available exploits, and propose your own penetration suggestions. Targets will include a typical office set up, a telecom provider, and some infrastructure/transportation objects.

This is an interactive session. Come to participate or just to watch.

@38Parokeets

38P is a regular at Dallas Hacker Association.


Track 1 / Energy Auditorium - 13:30
"Power of Community Hacking"
-- WhiskeyNeon & INIT_6

The local hacking community in Dallas is the best there is in the world.

As the Dallas community has continued to expand, we’ve seen the introduction of talent and ideas without the resources to support them. The goal of our project is to facilitate the infrastructure and resources needed for individuals to collaborate in their local hacker community.

In this talk, we will discuss the background of hackerspaces, what our local community currently supports, and what our project aims to provide local and global hacker communities.

@WhiskeyNeon

WhiskeyNeon has won the Teen Choice Awards in the social media influencer category, and is the cybersecurity editor for Teen Vogue. Whiskey assists with local security groups & co-organizes the Dallas Hackers Association. Author of ‘18 bestseller Chasing the Dragon in C#.

@INIT_3

INIT_6 is an InfoSec THOT Leader, Encrypts w/ 7D encryption, is a hardware, web app, and mobile application exploit researcher.

@blackmarblesh | blackmarble.sh


Track 2 / Action A - 13:30
"RFCs are Useful"
-- Roxy Dee

RFCs (Request For Comments) are technical documents that explain how the internet (and other technologies) work. They make great reading and build a foundation of knowledge for any technologist but it can be difficult to get started and enthusiastic about reading them. As someone who reads RFCs for fun, Roxy will tell the history of RFCs, what kind of information you can get from them, and which ones you may want to read first. By the end of this talk you will have a new perspective and more appreciation for RFCs.

@theroxyd | roxyd.github.io

Roxy works as a Vulnerability Management Service Architect for the Cleveland-based, Splunk-focused MSSP Hurricane Labs. Her position at Hurricane Labs allows her to further explore, expand, and share perspectives about one of her favorite topics -- vulnerability management.

Her background also includes experience as a network security analyst, a security infrastructure engineer, and detecting online banking fraud. Along her career path, Roxy has become very involved in the infosec community, especially as she has immersed herself in the local Dallas area. She very much enjoys encouraging those new to infosec to become more involved in the industry.

Some of her favorite things are Linux, penguins, RFCs, and discussing anything infosec.


Track 3 / Connect - 13:30
"The Ethics of Insider Threat Monitoring"
-- pesto

Interactive presentation of original survey results discussing the dissonance between people's understanding of login banners vs. what is actually taking place place. This is the digital equivalent of a sign saying "These premises are monitored" and then videotaping you in the bathroom. Discussion/Q&A Throughout. Normative ethics welcome.

@pesteaux

Member of Ninja Networks (ninjas.org) and native Dallasite. Old school Defcon folks may know me. I’ve been an infosec pro for since 2000 and an amateur before that. I’ve spent the last 10 years focused on insider threat at a Really Big Company. I study AI and philosophy in my spare time. I’m a little unsure about skepticism.


Track 1 / Energy Auditorium - 14:30
"Threat Hunting on a Budget"
-- Joshua Murchie & Dalton Ireland & Joseph Pisano

As security teams and their employers mature their processes many are looking for the next "thing" to improve their security posture. One of the many options available, threat hunting has emerged as a practice that has proven its worth within the industry. Unfortunately, as with most new endeavors, managers may be skeptical in providing significant funding for a fledgling threat hunting program. Thankfully threat hunting can be done with minimal financial commitment using free or open source projects to provide all of the critical functionality and data to be successful. This talk will focus on providing the foundational knowledge a team interested in getting started in threat hunting would need such as what threat hunting is, how to hunt, and how to get the data to accomplish it all while minimizing costs.

@josh_murchie | blog.murchie.me

@iHighjynx

Josh, Dalton and Joe are active duty Air Force members on the Air Force Computer Emergency Response Team (AFCERT). Dalton and Joe are threat hunters for the AFCERT and Josh works on the Forensics and Malware Analysis team. All three are coincidentally aircraft maintenance technicians turned information security professionals who share a passion for homelabbing, coffee and Whiteclaw.


Track 2 / Action A - 14:30
"How Neurodiversity can be Leveraged for an Excellent ROI"
-- Megan Roddie

While the cybersecurity industry talks about a skills shortage and the struggle to fill the ever-growing number of job openings, there is an untapped talent pool being overlooked. Neurodiverse individuals are often passed over for jobs due to difficulty interviewing, social stigmas surrounding mental health disorders, or other situations that make them seem less qualified than other applicants. Those neurodiverse individuals that do end up finding jobs in cybersecurity often struggle to hold those jobs. However, if companies choose to work with neurodiverse individuals to ensure that their unique needs are met, the return on investment will be huge. In this talk, the experiences of autistic, bipolar, and ADHD cybersecurity employees will be presented. Each of these mental health disorders come with struggles, but given the right environment to thrive in, individuals facing these disorders can also be an employer’s most valuable asset.

@megan_roddie | megansroddie

Megan Roddie is currently working as a Cyber Threat Analyst. She recently graduated with her Master's in Digital Forensics and also holds her GCIH and GCFA. As a 22-year old with Asperger's Syndrome (High Functioning Autism), Megan offers a unique perspective in any topic she discusses. Megan can articulate her struggles and how small modifications in daily life have made her successful.


Track 3 / Connect - 14:30
"Non-Political Security Learnings from the Mueller Report"
-- Arkadiy Tetelman

The Mueller Report was split into 2 volumes, focused on 1) Russian interference in the 2016 election and 2) Administration obstruction of justice. By reading the report through a critical security lens we can gather a trove of security learnings, broadly split into Blue Team learnings and Personal Security learnings.

@arkadiyt | arkadiyt.com

Arkadiy Tetelman is Head of Security at Lob, and previously worked on appsec at Airbnb and Twitter. He is passionate about all things security, ranging from technical, to policy & legal, to security management & leadership. He contributes to open source projects & speaks on topics of security across the country. He graduated from UC Berkeley with degrees in Computer Science & Applied Mathematics.


Track 1 / Energy Auditorium - 15:30
"CloudCopy: Stealing secrets from cloud instance volumes"
-- Tanner Barnes

AWS, Azure, and GCP allow Snapshots to be made of the Volumes backing running Instances. These Snapshots can be converted into new Volumes and attached to new Instances then mounted without authentication to plunder for databases, password hashes, or intelectual property, all without ever accessing the orginal instance. This is the ShadowCopy attack for the world of Cloud. Old attacks made new. This is CloudCopy, your one stop shop for stealing cloud compute volumes using only credentials and low level permissions. In this talk I show how using only access tokens and minimal permissions you can extract the volume, mount it to a new isntance and extract its juicy contents. I will also be releasing a tool to automate the whole process and discussing what mitigations you can put in place to stop this from happening.

@_StaticFlow_

Tanner is a full scope penetration tester for AON Cyber Solutions providing red team, social engineering, physical security, and source code review consulting for a myriad of clients in diverse industries. As a software engineer, he discovered the cyber security world through his first job and has been hooked ever since! Now he applies his knowledge of writing software towards breaking it along with developing tools to enhance his and other hackers abilities.


Track 2 / Action A - 15:30
"Drag: Creating a new identity while obscuring your own"
-- Victoria Lloyd

Motivation: to probe into the world of glamours Drag Queens and King’s to understand why they can’t use their damn smart phones (and further investigate practical applications).

As facial recognition continues to advance and proliferate throughout countries, potential advertisers and society as a whole, we can look to drag for potential stop gaps in maintaining anonymity as facial identification algorithms advance.

@vvanitydevil


Track 3 / Connect - 15:30
"ATT&CKing Koadic with EQL"
-- Daniel Stepanic

Open-source attack frameworks and tools continue to be leveraged not only by penetration testers and red teams, but also used by criminal groups and nation state actors. With these off-the-shelf tools, attackers are able to complete their objectives with little resourcing costs, and present attribution challenges for incident responders. In order to keep up with new techniques, defenders should assume these types of tools are being used in their environment currently and work to better understand their own detection capabilities and blindspots. In this talk, I will break-down the different capabilities within a post-exploitation framework called Koadic while walking the audience through building behavioral detections using a common language such as Event Query Language (EQL). This presentation will highlight current attacker techniques mapped to MITRE's ATT&CK matrix and provide strategies for behavioral detections while staying platform and data source agnostic.

@DanielStepanic

Daniel Stepanic is a Threat Researcher at endpoint security company, Endgame where he spends time tracking the latest advanced adversary techniques in order to build detection and prevention capabilities. He has worked previous SOC analyst roles within a large financial services company performing technical analysis and helping develop a threat hunting program.


Track 1 / Energy Auditorium - 16:30
"Getting Started With Ghidra"
-- Wesley McGrew

The open source release of the Ghidra disassembler presents a unique opportunity to those that want to get started in the field of reverse engineering. Ghidra provides users with a robust and configurable GUI that drives a very capable disassembler and decompiler. Beginners now have a capable and free toolset in which they can learn.

While Ghidra has a robust set of features to aid in reverse engineering, it is large and complex enough to be intimidating to new users. In this talk, Wesley McGrew will help attendees out with the steep initial learning curve of Ghidra by using it to present the basic concepts of reverse engineering. Rather than using powerpoint slides, the Ghidra interface itself will be used in a live demonstration of reverse engineering undocumented code.

Wesley will present the core technical requirements for reversing, including the basics of reading assembly, referencing processor and API documentation, and the linking and loading process. The focus, however, will be on methodology: navigating code and iteratively improving your understanding of a program. Resources for continuing your early self-study of reverse engineering will be recommended.

@McGrewSecurity | hornecyber.com

As Director of Cyber Operations at HORNE Cyber, Wesley McGrew oversees and participates in offense-oriented services for clients in many areas, including finance and critical infrastructure. He has presented on topics of penetration testing and malware analysis at DEF CON and Black Hat USA. Wesley teaches a self-designed course on reverse engineering to students at Mississippi State University.


Track 2 / Action A - 16:30
"Detecting and Preventing MageCart-esque Attacks"
-- Peter Hefley

MageCart, and others, take advantage of CDNs as watering holes, using JavaScript to directly attack consumers while bypassing traditional application security controls. These types of attacks are challenging to detect, but it’s possible to use new browser security controls (sub resource integrity) and threat intelligence to combat these attacks. We’ll briefly talk about the history of the attacks, the controls available to assist, how to configure them, and then walk through use of a new BurpSuite extension which integrates with intelligence data and helps organizations shore up their applications.

@peterhefley

Penetration tester. Loves puzzles, crypto, games, and his corgi mutt, Grimlock.


Track 3 / Connect - 16:30
"Radio hacking 101: a case study in how to DoS the global APRS network"
-- Michael West

Many radio protocols have very little security, as they were designed when equipment to transmit was expensive and difficult to obtain. With the advent of SDRs, cheap radios, and of course the internet, these protocols are wide open to attack. In this talk, we'll discuss the fundamentals of radio hacking and apply these to the Amateur Packet Radio Service. We'll discuss possible attack avenues and ways to disrupt the entire global network. Conditions permitting, we'll also demonstrate a live, localized attack on the Dallas APRS repeaters. We'll tie this in to an overall discussion of how to get started hacking your favorite RF protocols.

@t3hub3rk1tten | mwe.st

Michael West, aka T3h Ub3r K1tten, is a National Technical Advisor at CyberArk who enjoys combining his software dev background with infosec to build tools for others. Michael presented "barcOwned" at DEF CON 26, has spoken at many BSides events around the country, and talks regularly at Dallas Hackers Association. His interests include OSINT, amateur radio, and scanning long barcodes on the beach.