| 08:00 |
Durve
|
Windows Breakout and Privilege Escalation |
Pearson
|
Knowing the Unknown: Using PCAP to Break Down Application-Layer Protocols |
|
Biddlecome,
Bowne
|
Reverse Engineering Android Apps |
|
Duncan
|
Malware Traffic Analysis Workshop |
|
| 09:00 |
Matwyshyn
|
Professionalization - Possibilities and Potholes |
| 09:30 | Opening Remarks |
|
Board Communications |
||
| 10:00 |
Lord
|
Keynote with Bob Lord |
Pratt,
Turner
|
Reverse Engineering the Cyber Policy API |
|
| 11:00 | Zero Trust |
|
| 11:30 | Beginners Session: Lock Picking |
|
Tsakalidis
|
BEEMKA / Electron Post-Exploitation When The Land Is Dry |
|
Orleans
|
DLP Sucks and Why You Should Use It |
|
Mirosh,
Munoz
|
SSO Wars: The Token Menace |
|
Breuer,
Terp
|
Applying Information Security Paradigms to Misinformation Campaigns: A Multidisciplinary Approach |
|
Roberts
|
Now that you hacked the plane, what are you going to do about your career? |
|
Corman,
Woods
|
I Am The Cavalry Track Welcome and Overview |
|
DeSombre
|
Bestsellers in the Underground Economy - Measuring Malware Popularity by Forum |
|
Lidell
|
Duck and (Re)Cover - The missing link in the security evolution |
|
| 12:00 |
Young
|
Addressing non-linear InfoSec career paths |
Kiley
|
Can the CAN bus fly Risks of CAN bus networks within avionics systems |
|
Frost
|
Examining DES-based Cipher Suite Support within the TLS Ecosystem |
|
| 13:00 | Supply Chain Security |
|
| 14:00 |
Grant
|
Unpacking pkgs: A look inside macOS Installer packages and common security flaws |
Bort,
Friedman,
Kubecka
|
Where in the world are Carmen's $adjective cyber attacks: The game show that wonders why things aren't worse |
|
Yosha
|
My quest for (privileged) identity to own your domain |
|
Hawes
|
Building an enterprise security knowledge graph to fuel better decisions, faster |
|
Burgett
|
Discovering Your Passion in Cyber Security |
|
Angus
|
Coordinated Disclosure of ICS Products: Who's got time for that? |
|
Wilson
|
Satellite Vulnerabilities 101 |
|
Trimble
|
What's Next in Coordinating Vulnerability Disclosures |
|
Daubresse,
Escourrou
|
Active Directory security: 8 (very) low hanging fruits and how to smash those attack paths |
|
Hunt,
Manners
|
Hands-on: How to Use CALDERA's Chain Mode |
|
Nigam
|
Reverse Engineering Mobile Apps: Never Pay for Transit Again |
|
| 14:30 | AppSec/SDLC/DevSecOps |
|
Grigg
|
Hack (Apart) Your Career - How to Fund Doing What You Love |
|
Ottenheimer
|
AIs Wide Open - Making Bots Safer Than Completely $#%cking Unsafe |
|
Maasakkers
|
Analyzing user decision making on phishing sites - using mouse data and keyboard dynamics |
|
| 15:00 |
Barnhart-Magen,
Caltum
|
Using Machines to exploit Machines - harnessing AI to accelerate exploitation |
Brenes,
Rodriguez
|
The Contemplator Approach: Data Enrichment Through Elastic Stack |
|
Paul
|
Enterprise Overflow: How Breached Credentials Impact Us All |
|
OBrien
|
Grapl - A Graph Platform for Detection and Response |
|
Friedman
|
The Case for Software Bill of Materials |
|
Baggett
|
Broken Arrow: applying InfoSec and Forensic practices to escape domestic abuse |
|
Aliapoulios,
Gray
|
Giving Credit Where It's Not Due: Visualizing Joker's Stash |
|
| 15:30 | Crisis Communication & Brand Monitoring |
|
Atkin
|
The Human API: Evolving End Users From Authorized Adversaries Into Our Best Defense. |
|
| 16:00 | HSC^2 Hacker Summer Camp Hacker Standup Comedy |
|
Lock Picking Contest |
||
Ottenheimer
|
AIs Wide Open - Making Bots Safer Than Completely #$%cking Unsafe |
|
| 16:30 | CISO Unconference |
|
| 17:00 |
Misgav,
Yavo
|
Meltdown's Aftermath: Leveraging KVA Shadow To Bypass Security Protections |
Ihezukwu,
Messdaghi,
Miller
|
Mind the Diversity Gap - A Panel Discussion |
|
Brunn
|
Give the dog a bone - Exploring OSINT capabilities of pen-testing tools |
|
Austin
|
Profiling User Risk: Borrowing from Business Intelligence to Understand the Security of Your Userbase |
|
Wattanasin
|
How to Fail Well (In Order to be Successful) - From IT to Infosec & More |
|
Brown
|
Automatic Security Analysis of IoT Firmware |
|
Barnes
|
Burpsuite Team Server - Collaborative Web Pwnage |
|
An
|
China as a New Russia? Analyzing Similarities and Differences of Chinese Threat Actors from their Russian Counterparts |
|
| 17:30 | Closing Remarks |
|
Cho,
Duren,
Rides
|
Behind the Recruiting Curtain: What Do Recruiters Really Say and Do |
|
Smile
|
The Resilient Hacker: Growth Mindset, Health Hacks & Powerful Help to Navigate Personal Challenges |
|
| 18:00 |
Canham,
Sawyer
|
Neurosecurity: where Infosec meets Brain-machine Interface |
Meet the CISO |
||
Tong
|
Why FIDO Security Keys & WebAuthn are Awesome |
|
Seymour
|
Reducing Inactionable Alerts via Policy Layer |
|
Luczynski
|
I Just Want to Help Make Flying More Secure...not Work with the Government or How I Learned to Love a Govvie |
|
Chandler
|
So you think you can CHMOD |
|
Galperin,
McKinney,
Opsahl,
Sheard
|
Ask the EFF |
|
| 18:30 |
Applebaum
|
Trying (Unsuccessfully) to Make Meterpreter into an Adversarial Example |
Dietle
|
Building the badge- How you can make small, cheap and custom hardware for function or fashion |
|
| 19:00 | Security BSides Organizers Meet-Up |
|
Brandon
|
Evaluating Code Embeddings |
|
Thurston
|
Salesforce Data Governance What dark secrets lurk in your instance?? |
|
| 20:00 | Queercon BSides Poolside Mixer |
|
Friends of Bill W |
||
| 21:30 | The New Hacker Pyramid |
| 08:00 |
King,
Whitehead
|
Hacking the STORM |
Wylie
|
Using Wireshark for Incident Response and Threat Hunting |
|
Allor,
Manico
|
Tournament: The Ultimate Secure Coding Throw Down |
|
Barnhart-Magen
|
Linux Hardening - The Easy Way |
|
Cheung
|
Introduction to Cryptographic Attacks |
|
| 09:00 |
McGregor,
Nix,
Turner
|
Free and Fair Elections in an Internet Era |
| 10:00 |
Rich
|
Loki: Add a little chaos to your USB drive |
Kubecka
|
The Road to Hell is Paved with Bad Passwords |
|
Nader
|
Breaking Smart [Bank] Statement |
|
Harang
|
Security data science -- Getting the fundamentals right |
|
Tomaschik
|
CTFs for Fun and Profit: Playing Games to Build your Skills |
|
Elkins
|
How to Treat Your Hacker (and Responsible Vulnerability Disclosure) |
|
Jansson
|
Making your website vulnerable for fun and security awareness |
|
Bailey
|
Let's hear from the Hackers: What should DOJ do next? |
|
| 10:30 |
Murray
|
The Importance of Culture in Security |
Koch
|
Human Honeypots or: How I Learned to Stop Worrying and Love the Implant |
|
| 11:00 |
Reynolds
|
From EK to DEK: An Analysis of Modern Document Exploit Kits |
Lazarovitz,
Stoler
|
Prisoner Number Six |
|
Sishi
|
An investigation of the security of passwords derived from African languages |
|
Weiss
|
Is This Magikarp a Gyarados?: Using Machine Learning for Phishing Detection |
|
Levy,
Mosier
|
Hidden Networks Pivoting: Redefining DNS Rebinding Attack |
|
Goldstein,
Lieberman-Berg
|
Hacking the Pentagon: How a Rebel Alliance Shifts Culture to Protect National Security |
|
O’Connell
|
The struggles of teaching automation |
|
| 11:30 |
Maresca
|
Hacking from Above: A Brief Guide for Transitioning to Leadership |
Saulnier
|
The SOC Counter ATT&CK |
|
| 12:00 |
Vigo
|
From email address to phone number |
Galloway
|
Excuse Me, Your Sword Is In My Eye: Responding to Red Teams and Intrusions in 2019 and Beyond |
|
Wasson
|
(Im)proper Database Authentication |
|
Anderson
|
Old things are new again: efficient automatic signature generation for malware classification |
|
Fousekis
|
Low & Slow - Techniques for DNS Data Exfiltration |
|
Manning
|
Certification and Labeling in IoT |
|
Redman
|
The drunk colonel and the flipped stone: Game Theory for a Defensive Strategic Advantage |
|
| 13:30 |
Seidman
|
Noobs: Training the Next Generation of Security Engineers |
| 14:00 |
Price
|
Virtual Breakpoints for x86_64 |
Ledoux
|
Escape the Questionnaire Quagmire: A thoughtful approach to addressing security inquiries from customers and prospects |
|
Chandramouleeswaran,
Sudheer
|
Who dis? The Right Way To Authenticate |
|
Kumar
|
Reduce, Reuse and Recycle ML models - and the security powers is yours |
|
Case
|
Windows 10 DFIR Challenges |
|
Sbano
|
Startup Security Leadership: Lessons to Level Up from Fortune 100 to Tech Startup |
|
Dant
|
Real World Security in a Clinical Healthcare Environment: Hacking a Hospital |
|
Johnston-Ison
|
I’m a hunter! But what does that mean? |
|
Manning
|
Certification and Labeling for IoT |
|
Soullie,
Torrents
|
Pentesting ICS 102 |
|
Brake,
Rebeschini
|
Finding Evil with Mitre ATT&CK and the Elastic Stack |
|
Hanlon
|
Hands on Hacking The OWASP TOP 10 and beyond |
|
| 14:30 |
Hahn,
Szczutowski
|
Getting CVSS, NVD, and CVEs to Work for You: Standardizing and Scaling Your Vulnerability Risk Analysis |
Morgan
|
Breaking the Bodyguards |
|
| 15:00 |
Mosier
|
ROP with a 2nd Stack, or This Exploit is a Recursive Fibonacci Sequence Generator |
Romailler
|
Have You Distributed Randomness? |
|
Mar-Elia
|
Exploiting Windows Group Policy for Reconnaissance and Attack |
|
Landers,
Pearce
|
Scheming with Machines: Using ML to Support Offensive Teams |
|
Williams,
Yoder
|
ATT&CKing Your Adversaries -- Operationalizing cyber intelligence in your own environment for better sleep and a safer tomorrow. |
|
Cox,
Lyngaas,
Newman,
Zetter
|
Why journalists and hackers need each other (a panel discussion with infosec reporters) |
|
Pahi
|
Cover Your A** |
|
| 15:30 |
SHIMANAKA
|
Cyber Deception after Detection: Safe observation environment using Software Defined Networking |
| 16:00 |
Sugarman
|
Why we need a Cyber Peace Institute |
| 17:00 |
Abeles,
Shavit
|
At Your Service - Abusing the Service Workers Web API |
Dickinson
|
CloudSec Rules Everything Around Me (C.R.E.A.M.) |
|
Handorf,
Opsahl
|
Why can't we be friends? (Ask a Fed & the EFF.) |
|
Burgess
|
Birthday Hunting |
|
Obenhaus,
Stoner
|
Cyber Threat Intel & APTs 101 |
|
Cornelius,
Dixon
|
We the People: Providing for a 'common defence' with CVD |
|
Skelton
|
Deepfakes, Deep Trouble: Addressing Potential Market Manipulation Caused by Deepfakes |
|
| 17:30 |
Sconzo
|
All that glitters isn't Chrome: Hunting for suspicious browser extensions |
Caswell
|
Baited Canaries - Monitoring attackers with active beacons |
|
| 18:00 | HAM License Exams |
|
Doussot,
Meyer
|
State of DNS Rebinding - Attack & Prevention Techniques and the Singularity of Origin |
|
Bailey,
Beardsley,
Ellis,
Morgan
|
Meet the Nation This Week on Sunday: A Special Vulnerability Edition |
|
Baker,
Edwards
|
Scratching the Surface of Risk |
|
Markham
|
Musings of an Accidental CISO |
|
Bort
|
No IOUs with IOT |
|
TEMMAR
|
Securing Fast (and Furious) DevOps pipelines |
|
| 18:30 |
Elazari
|
"Hackers of the world - unite?" |
Weinberg
|
Please inject me, a x64 code injection |
|
| 19:00 | Closing Ceremonies |
|
| 20:00 | Friends of Bill W (Sat.) |
|
| 22:00 | BSidesLV Pool Party |
This "Old School" schedule is an automatically-generated evolution of a manually-generated hack Darth Null has been using at ShmooCon since 2007. It won't work too well for a large conference, like DEFCON, but for smaller events like ShmooCon or BlackHat DC, it might be useful.
Simply print this out at whatever scale is most helpful to you. For example, for ShmooCon: print at 65%, fold Friday and Sunday back behind Saturday, and laminate, for a two-sided 3" x 4" card that you can keep in your shirt pocket.