BSidesDFW 2020

A chinese dragon

Villages / Speaker Bios

Network Pentration Testing Workshop

In this hands-on workshop, you will learn how to detect and exploit vulnerabilities using automated and manual techniques against Windows and Linux operating systems.
Tools covered are but not limited to:
- Network and web application vulnerability scanners
- Nmap port and service scanner
- Metasploit Framework exploitation tool
- Plus many other tools in the Kali Linux pentesting distribution
The online lab environment is provided by Pentester Academy.

To participate in the hands-on lab portion of the workshop, you will need a computer and an Internet browser.
Pentester Academy uses Google to authenticate to the labs. Prior to the workshop connect to the Attack and Defense Lab at the following URL; https://attackdefense.com

@PhillipWylie
Phillip Wylie Phillip is a professional security engineer and prenetration tester. He is also a Bugcrowd Ambassador and the founder of The Pwn School Project. Phillip has 22 years of experience in InfoSec and IT and has performed pentests on networks, wireless networks, applications including thick client, web application and mobile. Phillip has a passion for sharing, mentoring and educating.
@SchoolPwn | The Pwn School Project
@SecurityTube | Pentester Academy

Hardware Hacking Village

Live question and answer session in discord at 10:00 CST and 13:00 CST 07 Nov 20202.
Topics Covered:
Electronics 101
Learn How to Solder
Arduino Development for Beginners
Learn CircuitPython using the Adafruit Trinket M0
Working with NeoPixels
Introduction to the CH552G Microcontroller
Working with Surface-Mount Technology
Programming Firmware using Small Device C Compiler (SDCC)
PCB Design with the KiCad EDA
Hardware Hacking Village 2020 syllabus
Hardware Hacking Village 2020 YouTube Videos

@alt_bier
Alt_bier is a Brew Master and Network Aficionado.

Track 01 / 02 Presentations



"Your Phone Hates You"
There is a snitch nearby, tracking your movements and telling others what you are up to. It's your phone! If you are a human rights worker, a modern-day protester, or a whistle-blower trying to right the world's wrongs, this can be a problem. But there are some steps you can take to secure your phone. While some are obvious, there are many that aren't, and some will require some rather unconventional techniques to mitigate.

@simplenomad
Mark Loveless - aka Simple Nomad - is a security researcher and hacker. He's spoken at numerous security and hacker conferences worldwide, including Blackhat, DEF CON, ShmooCon, and RSA. He's been quoted in the press including CNN, Washington Post, and the New York Times. He's paranoid, ghost hunted, mugged four times, storm chased, and seen UFOs. He currently works at GitLab.

"Managing Misfits: Lessons Learned from a decade leading a penetration testing team."
Becoming a successful penetration tester can be extremely difficult. Building a successful penetration testing team, whether an internal corporate red team or a professional services penetration testing team, can seem impossible. Krissy and Nick both worked as junior penetration testers early in their careers and have since played integral roles in helping organizations build robust red team capabilities, but not without collecting some scar tissue along the way. In this presentation, Krissy and Nick will cover the aspect of penetration testing that gets significantly less attention than the latest attack techniques and tool drops – the business of red teaming. These red teamers turned business leaders will cover how they made the transition into leading their own teams; how they find, hire, build, develop, and retain top talent; how they work with their clients and internal corporate partners to manage penetration testing expectations; and most importantly of all… how they manage a team of misfits (because let’s be honest, we are all misfits here).

Krissy Safi is the Attack & Penetration Testing Practice Lead at Protiviti (a global consulting firm). Prior to joining Protiviti, Krissy was the North American practice lead at IBM’s X-Force Red. Krissy has nearly two decades of Information Security experience across all domains of security in support of Fortune 500 companies and government agencies, working throughout numerous international locations. Has developed multi-million-dollar security practices for both the private and public sector. Krissy holds her CISSP, ISSAP, and CISM.

@nerbies
Nick Britton is the Attack & Penetration Testing lead in Dallas at Protiviti and specializes in managing and executing projects in red/purple teaming, application security, and vulnerability management. Nick has over nine years of experience in red teaming and consulting and has built a mature penetration testing practice in Dallas over the last six years. Nick holds his CISSP, OSCP, OSWP, AWS Certified Solutions Architect – Associate, and other certifications.

"Dissecting and Comparing different Binaries to Malware Analysis"
Demonstrate different kind of structures in the binaries as a PE (header and your sessions), ELF (header and your sessions), PDF(header/ body/cross-reference table/trailer), explaining how each session works within a binary and where it would be possible to “include” a malicious code.

@FilipiPires
I've been working Research and Cyber ​​Security Manager at Zup Innovation and Global Research Manager at Hacker Security, I have talked in Security events in Germany, Poland, Hungary and Brazil, served as University Professor in Undergraduate / MBA courses at colleges as FIAP / Mackenzie / UNIBTA and UNICIV, in addition, I'm Founder and Instructor of the Course - Malware Analysis - Fundamentals (HackerSec Company - Online Course - Portuguese Language).

"Chasing a red team from the dressing room into the cloud"
Like clothing, cloud security assessments come in all shapes and sizes but they don’t often start in a men’s dressing room. In this talk we’re going to take the perspective of a blue teamer as they track a real red team assessment from the physical compromise of a retail store, through the traditional enterprise and eventually into an enterprise AWS cloud. Along the way I am going to share the lessons we learned from a detection and response perspective and share some of the core competencies that we have found to be the groundwork for a great purple team engagement. This talk is for anyone who:
1. Wants to learn more about incident response in the cloud vs. the enterprise
2. Wants to learn what an advanced adversary does in the cloud
3. Is looking for ideas/considerations for when they schedule their next red/purple team engagement
4. Is broadly curious about AWS from a security perspective

@tfornez
Tyler Fornes is a Principal Detection and Response Analyst at Expel. In this role, he's responsible for leading Expel's Global Response Team in performing incident response for both Expel's enterprise and cloud offerings. Prior to Expel, Tyler worked at FireEye after receiving a M.S. in Computing Security at the Rochester Institute of Technology.

"Threat Hunting: Where Evil Hides"
"The function of wisdom is to discriminate between good and evil." --Marcus Tullius Cicero
How can you hunt evil if you don't know what evil looks like? Join Amberlee Reynolds in a discussion detailing where threat hunters can find evil in processes, registry, files, domains/URLs, and more.

@threatymology
Amberlee Reynolds (ITILv3, GCIA, GCIH, GCFE, CISSP) spends most of her time studying and reversing malware when she isn't threat hunting and writing new security detection content. Her six years' security experience has taught her quite a bit about attack and defense, but curiosity and drive constantly inspire her to push further. She is currently studying for the GREM exam. In her free time, Amberlee enjoys teaching others how to make cool new things with their hands.

"A Drop of Jupyter: A Modular Approach to Penetration Testing"
Security researchers and developers constantly release new tools, frameworks, and methodologies. While these new releases are vital to the success of the offensive information security community, there are often challenges in implementing them within existing frameworks. In addition, these new releases are often difficult for security professionals to incorporate into their frameworks and automation methodologies. As a result, there is a barrier to creating best practices, automation frameworks, and penetration testing methodologies that are able to evolve as quickly as the innovative contributions that security researchers and developers alike are providing the offensive security community.

In order to improve upon this issue, we have developed a modular framework approach to penetration testing utilizing Jupyter Notebooks at the core of our infrastructure. The usage of Jupyter will allow for a standardized approach for automated tool usage that can evolve just as quickly as contributions are being made to the offensive security community. Furthermore, the reduced need to memorize commands, scripts, and other tools that are now documented and able to be executed within a Jupyter Notebook reduces assessment times and allows for less experienced individuals to perform key assessment tasks. Finally, the consolidation of tools and methodologies utilized allows for greater standardization across testing teams and greater consistency across assessments performed.

@obheda12
Omar Bheda is a Protiviti Technology Consultant in the Security & Privacy practice based out of the Dallas office. He has worked as a consultant after graduating from The University of Texas at Austin in 2019. He is passionate about tool development and research with a focus on OSINT and asset enumeration practices.

@naterang
Nate Kirk is a Senior Consultant at Protiviti and works out of the Dallas Attack&Pen Lab. Nate specializes in managing and executing red and purple team engagements and leads Protiviti's global Attack&Pen infrastructure initiative. A previous life of network and systems administration fuels hunting misconfigurations and admins. Nate spends his free time avoiding the general public.

Cody Ruscigno is a Protiviti Technology Consultant in the Security & Privacy practice based out of the Los Angeles office. He has performed penetration tests of all shapes and sizes but is specialized in mobile testing. He also enjoys automating and organizing the less fun parts like documentation and reporting.

"Automating Threat Hunting on the Dark Web and other nitty-gritty things"
What's the hype with the dark web? Why are security researchers focusing more on the dark web? How to perform threat hunting on the dark web? Can it be automated? If you are curious about the answers to these questions, then this talk is for you. Dark web hosts several sites where criminals buy, sell, and trade goods and services like drugs, weapons, exploits, etc. Hunting on the dark web can help identify, profile, and mitigate any organization risks if done timely and appropriately. This is why threat intelligence obtained from the dark web can be crucial for any organization. In this presentation, you will learn why threat hunting on the dark web is necessary, different methodologies to perform hunting, the process after hunting, and how hunted data is analyzed. The main focus of this talk will be automating the threat hunting on the dark web. You will also get to know what operational security (OpSec) is and why it is essential while performing hunting on the dark web and how you can employ it in your daily life.

@ASG_Sc0rpi0n
Apurv Singh Gautam is pursuing his Master's in Cybersecurity from Georgia Tech. He commenced work in Threat Intel/Hunting 2 years ago and worked on hunting threats from clear/dark web. He is very passionate about giving back to the community and has already conducted several talks and seminars in local security meetups. He loves volunteering with Cybrary and Station X to help students make their way in Cybersecurity. He loves gaming and play and stream Rainbow Six Siege.

"Who's Driving This Thing? Hacking AI"
An overview of AI Hacking Techniques and tools including IBM Adversarial Robustness Toolkit (ART) and Foolbox.

@Pestopublic
AI Security Professional & member of Ninja Networks.

"I broke in, now what? Linux manual privilege escalation 101."
Although privilege escalation guides appear to be a dime a dozen, and it is obvious why this information is valuable for potential/future red teamers the industry does not emphasize the benefits of blue teamers being familiar with this methodology and the value that it could bring to their environment.

Melina is a Senior Security Practitioner with 7+ years of experience in IT focusing on Security Operations, Incident Detection and Response. Offensive security/Red team enthusiast.

"Modern Web Application Vulnerabilities (on the perimeter right now)"
Attend this presentation and walk away with an increased awareness of lingering attack surface on organization perimeters. Though some customers’ only interface is in brick and mortar service centers, more and more, web and mobile applications are quickly becoming the norm for customer interactions. This experience comes with an inherent expectation that an institution will protect its data, users, and assets in cyberspace. This presentation discusses and demonstrates three classes of modern web application mis-configurations and vulnerabilities widely present on network perimeters today. First, it studies specific vulnerabilities in modern front-end frameworks such as AngularJS. Next, it examines vulnerabilities in PDF generation from untrusted HTML. Last, it argues the importance of HTTPS everywhere and implementing proper HTTP Strict-Transport-Security directives to significantly degrade man-in-the-middle attacks.

@nopantrootdance
Cary Hooper is an offensive security engineer working for a Fortune 500 institution. Cary is a combat veteran and graduate of the United States Military Academy at West Point. He led technical teams within the Army Engineer Corps and Cyber Command. Cary’s certifications include CISSP, OSCE, OSCP, GPEN, GCIA, and CLSSBB.

"What the DLL is happening? A practical approach to identifying SOH."
There are many ways adversaries can maliciously leverage Dynamic Link Libraries (DLL). One of the most common is Search Order Hijacking (SOH), a simple technique which provides the means to evade detection, establish persistence, and expand infection. As a DFIR analyst, knowing how to identify SOH during an incident is important, as this can trigger other workflows for memory forensics or reverse engineering.

Most of the available information about DLL hijacking focuses on these late-stage workflows, yet overlooks the earlier stages of investigation. This talk will share a profile for SOH and present real-world examples to aid in identifying its setup and usage.

Frank McClain is a US Army veteran of the first Gulf War, and an accomplished cyber investigator with deep experience in digital forensics and incident response. He has worked as a DFIR consultant, and managed security operations for a national financial services firm. Frank joined the Red Canary CIRT in 2016, where he performs threat analysis across thousands of endpoints and serves as the Detection Engineering training lead.

"Hey I Hacked Your Skimmer"
Credit card fraud is the primary type of identity theft according to the Federal Trade Commission (2020) and has been rapidly increasing in recent years with the emergence of new techniques and technologies. One such technology that has contributed to the rise in credit card fraud is the increase in credit card skimming schemes. We recently had the unique opportunity to dissect one of these real life skimming devices in an attempt to recover any compromised information. This exercise allowed us to practice various embedded penetration testing techniques and determine their pros and cons. This talk should also shed light into hardware security measures that should be taken to mitigate the extraction of the device information that was achieved in this example.

Caleb Davis is a Protiviti Senior Consultant in the Emerging Technologies practice based out of the Dallas office. He has a BS in Electrical Engineering from the University of Texas at Tyler and previously worked as an embedded software developer prior to joining Protiviti. He is passionate about embedded penetration testing including: hardware hacking, web/mobile application security, RF security, etc.

Zain Husain is a Protiviti Consultant in the Emerging Technologies practice based out of the Dallas office. He has a BS in Software Engineering from the University of Texas at Dallas. He is a lifelong technology nerd and is now primarily focused on hardware hacking with a goal to hack vehicles and make them safer.

Code of Conduct (CoC)

A chinese lion statue

Behave yourselves!

Security BSides Dallas - Fort Worth was founded to facilitate the exchange of information and the development of relationships. We welcome and encourage the expression and debate of ideas. We also recognize that we do not have to agree in order to listen to, and/or understand, a given point of view. However, there is a language and a behaviour that is appropriate and expected in achieving that discourse.

Harassment and/or abusive behaviour will not be tolerated.
Any participant that experiences and/or witnesses inappropriate behaviour is expected to report said behaviour to event staff.
Any participant that experiences and/or witnesses inappropriate behaviour is encouraged to ask the offending individual to stop.
Any participant asked to stop a behaviour is expected to comply immediately.

Event organizers reserve the right to respond to observed and/or reported behaviour in a manner deemed appropriate, including but not limited to expulsion without refund and referral to the relevant authorities.

It is our goal to ensure that the event is welcoming, enjoyable, and safe for all participants.
Be exemplary for each other. See something, say something.