A | B | D | E | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | Want to see your talk here? CFP Info/voting: http://bit.ly/BSidesDelCFP CFP Submission Form: http://bit.ly/BDECFP19 Got an opinion on a talk, awesome! Speakers love feedback but it's best for everyone when it's constructive as these comments are public. Shortlink to this page: http://bit.ly/2019CFPVotingBSidesDE | Want more info on the conference? Twitter @BSidesDE Main Wiki page https://bitly.com/BSidesDE Website http://www.bsidesdelaware.com/ Mark your calendar for November 8th and 9th 2019 | Want to see your name and logo in lots of places and make business connections? Are you looking to hire infosec talent? Download Our Sponsor Kit: http://bit.ly/BDE2019SponsorKit | ||||||||||||||||||||
2 | Copy and paste to twitter for easy voting | Title | Abstract | Intended audience or level skill level | Can you make people want to see your talk in 130 characters? Go: | ||||||||||||||||||
4 | @BSidesDE "Your Security Career- getting in and climbing the ladder" #BSidesDE #Vote http://bit.ly/BSidesDelCFP | Your Security Career- getting in and climbing the ladder | Cybersecurity is a booming market. What does it take to get that first job and what do you need to move up? What pitfalls and mistakes should you avoid? An experienced cybersecurity recruiter and a cybersecurity practitioner will discuss the job market, hot skills and ways to move forward in your career | If you're interested in starting your cybersecurity career, moving up or recovering from a mistake, you'll learn a thing. | |||||||||||||||||||
6 | @BSidesDE "Upside Down: Surviving in a Breached World" #BSidesDE #Vote http://bit.ly/BSidesDelCFP | Upside Down: Surviving in a Breached World | As the world moves from a paradigm of potential personal identity compromise to definite compromise, individuals need to understand their personal risk and how to mitigate it. This presentation provides the practical steps and knowledge necessary to maintain manageable risk levels and reduce individual attack surface in a world of breaches, leaks, and attacks. | Beginners can benefit from practical steps they can take to improve their opsec. Everyone can benefit from changing their perspective from preventing identity compromise to damage control. | You've been doxed; now what? How to protect yourself and those around you. | ||||||||||||||||||
7 | @BSidesDE "Cloud Sec aaS Expansions" #BSidesDE #Vote http://bit.ly/BSidesDelCFP | Cloud Sec aaS Expansions | Overview of 3rd party and aaS products for improving security posture. Covering APIs, analysis, compliance, and optimization insight for improving nearly every aspect of your existing infrastructure. This talk will cover tools designed to give you recommendations and services to use for improving and hardening your AWS posture. | Information security professionals with entry/mid level experience. | Solid exposure to 3rd party and internal AWS tools for analyzing your existing cloud posture. | ||||||||||||||||||
8 | @BSidesDE "Got a Con Tee....what to do with it?" #BSidesDE #Vote http://bit.ly/BSidesDelCFP | Got a Con Tee....what to do with it? | A hands on demo of what can be done with conference shirts. Little to no crafting experience needed. Many different way to use a shirt other then wearing them. Options for wall art, pet toys,shopping bags other options. Showing how to from start to finish a project. Demo how to use a sewing machine. Also demo no sew options. Would recomend attendee bring a shirt they would like to use. | None technical or no experience in crafting | "Too many con shirts....no problem." #concouture reimagined. | ||||||||||||||||||
9 | @BSidesDE "Amateur (Ham) Radio Examination" #BSidesDE #Vote http://bit.ly/BSidesDelCFP | Amateur (Ham) Radio Examination | Want to get an Amateur Radio license or upgrade? Want to help others get licensed or teach using ham radio? Looking for public service training or serving as part of ARRL’s ARES field training team? You can even arrange an Amateur Radio contact for your students with the International Space Station! Before you go on air, you need to be licensed and know the rules. You can do all this and more by getting your license. Exam testing material is available for on various websites (e.g. http://www.arrl.org and https://www.w5yi.org), various apps for your phone (e.g. Ham Radio Exam - all levels), and great review books/PDFs (e.g. https://www.kb6nu.com/study-guides). | Anyone interested in getting/upgrading an Amateur Radio license | ISS, CERT, & major civic events all use amateur radio for communication - accept the challenge and earn your license to operate! | ||||||||||||||||||
10 | @BSidesDE "Let's work together Zeekers!" #BSidesDE #Vote http://bit.ly/BSidesDelCFP | Let's work together Zeekers! | Zeek and You shall find! BRO is now Zeek! it is an open source free tool that is used by many big and small organizations. It's a great Network Security Monitoring tool and provide human digestible ASCII log files for the network activity, and seen as a portable full pcap solution by many. This talk/session is going to get attendees feet wet in Zeek-land, with what and how's of Zeek, some hands on exercises to get familiar with the Zeek scripting language and signature creation, as well as some advance use-cases of Zeek which would help people get an idea of it's powerful logging and scripting framework. And if time permits, could share some real world use-cases of Zeek to get the value right from the bat. | Everyone because it's always cool to learn new tool and technology! | Curious about how to get the network visibility in just a few steps and what's transpiring your network? Zeek and you will find! | ||||||||||||||||||
13 | @BSidesDE "Augmented Reality: A New Potential For Security Risks" #BSidesDE #Vote http://bit.ly/BSidesDelCFP | Augmented Reality: A New Potential For Security Risks | Augmented reality is here, and the future is here with it. With a new presentation platform and medium we face challenges we didn't have before, and attacks no longer just target data, but the humans behind the devices. This talk will cover new attack classes that have been demonstrated that target the human, and not just the data, as well as the new potential for security risks. Your data is no longer the target, you are. Welcome to our brave new world. | everyone | My hacking is augmented: come see Augmented Reality: A New Potential For Security Risks | ||||||||||||||||||
15 | @BSidesDE "JHDigital Capture the Flag (JHDCTF)" #BSidesDE #Vote http://bit.ly/BSidesDelCFP | JHDigital Capture the Flag (JHDCTF) | Yet another Jeopardy-style Capture the Flag! Challenges for web exploitation, reverse engineering, binary exploitation, steganography, forensics, cryptography and more! This competition is BYOD, "bring your own device." Play to learn, and play to win! The game is geared towards both beginners and intermediate/advanced players. We will showcase and offer plenty of resources and learning material to get every player up to speed. | CTF players, hackers and friends! The game is geared towards both beginners and intermediate/advanced players. Everyone is welcome and encouraged to play! | Another Capture the Flag competition to test your skills! Play and learn cybersecurity concepts, and compete for glory! | ||||||||||||||||||
17 | @BSidesDE "Our Adventure with an Awareness Training Escape Room" #BSidesDE #Vote http://bit.ly/BSidesDelCFP | Our Adventure with an Awareness Training Escape Room | Are you as tired of Annual Awareness Training as your users are? It might be time to change up your approach to Security Awareness Training with some gamification. Escape Rooms can be fun and a great opportunity for team building while demonstrating your Information Security Awareness objectives. Participants are faced with a series scenarios that require actions that reflect your organization's policies, procedures and best practices. We will walk through our Escape Room as well as the planning and logistics to provide participants ideas and discuss what went well as well as what went wrong and how we will address them in the future. | Anyone of any technical level that may be looking for fun ways to train users. | Make Awareness Training Fun Again with an Escape Room! | ||||||||||||||||||
18 | @BSidesDE "Matching Your SOCs: A Discussion of Joint IT/OT Operating Models for Monitoring and Response " #BSidesDE #Vote http://bit.ly/BSidesDelCFP | Matching Your SOCs: A Discussion of Joint IT/OT Operating Models for Monitoring and Response | Traditional security monitoring and response operations are not sufficient to combat the evolving cybersecurity threat landscape for Operational Technology (OT). While the advancement in tools and technology is helpful, the tools alone will not enable effective monitoring and response. There are key elements common across many SOC programs: tools and technology, threat intelligence sources, and talented staff. For many organizations, however, the ultimate success factor is a well-structured joint SOC operating model. This model matches IT and OT SOCs together, which feature a holistic view of IT and OT environments from a single dashboard. These environments are then monitored and managed by teams trained to recognize anomalies and identify exposure, with the appropriate context of the operating environments, across all systems and devices. The aggregation of OT and IT data sources help streamline security incident resolution, reduce duplicated efforts, and assist in future collaboration efforts. By centralizing your security monitoring program, seemingly disparate security events are correlated and focus is increased on monitoring and response capabilities across the enterprise. This session will explore the benefits of joint operations for cybersecurity monitoring across both IT and OT networks and includes real-world case studies of integration efforts. We also will discuss joint operations playbooks and handoff procedures, and lessons learned and procedural requirements for joint SOC operating models. We will discuss the benefits and drawbacks of each approach, common misconceptions when addressing IT/OT convergence, the need for strong relationships, and how the rewards that stem from holistic cybersecurity monitoring can outweigh the risks. | This session is geared towards CISO’s, cybersecurity directors, and site managers. | We believe that the best way to integrate IT/OT SOC ops feature a holistic view of IT/OT environments from a single dashboard. | ||||||||||||||||||
19 | @BSidesDE "What should a mobile security program look like? YMMV..." #BSidesDE #Vote http://bit.ly/BSidesDelCFP | What should a mobile security program look like? YMMV... | So, you want the perfect mobile security program for your company/organization? Great! Just know that your set of threats, priorities and limitations will ensure that it probably won't look like the one created by the person next to you. In this talk, we'll cover mobile threats that may or may not apply to you and an overview of the tools, controls and methods you could use to counter them. | Anyone interested in defensive mobile security | YMMV in creating the perfect #mobile #security program. Learn about your potential #threats, #priorities, #tools and #controls. | ||||||||||||||||||
20 | @BSidesDE "What I Wish I Knew About Password Auditing: Cracking User's Password Before the Bad Guys" #BSidesDE #Vote http://bit.ly/BSidesDelCFP | What I Wish I Knew About Password Auditing: Cracking User's Password Before the Bad Guys | The goal of the talk is to give blue teamers and IT staff the knowledge they need to do internal audits of their Active Directory credentials and to dramatically increase the difficulty of attacks that abuse passwords such as password spraying and credential access. Password auditing (Aka cracking your own passwords) is presented as one part in a larger strategy to reach the desired goal. This talk puts all the knowledge required in one place with both high level strategy and low level specifics of the cracking techniques used. | The intended audience is blue team and IT staff, and anyone interested in password cracking. No prior password cracking knowledge is assumed. | Crack your users passwords before the bad guys! Your one-stop-shop for making attackers favorite techniques much harder. | ||||||||||||||||||
21 | @BSidesDE "Exploiting IoT - An Introduction to BLE" #BSidesDE #Vote http://bit.ly/BSidesDelCFP | Exploiting IoT - An Introduction to BLE | BLE is one of the most common wireless protocols used in IoT devices today. This talk will follow the BLE protocol and apply a 4 phases approach to assessing the security of these devices: Reconnaissance, Sniffing and Capturing, Extracting Sensitive Data, and Exploitation. This talk will demo exploits of IoT devices and walk attendees through the tools and processes to testing similar devices and creating their own CTF to practice on. | Anyone with a passion for wifi and learning | #Iothacking #wireless #ubertooth #blehacking | ||||||||||||||||||
22 | @BSidesDE "Putting the Love into your DLP" #BSidesDE #Vote http://bit.ly/BSidesDelCFP | Putting the Love into your DLP | Over the last 13 years of being involved with Data Loss Prevention DLP I have seen many brilliantly deployed DLP solutions fail because of the human element. This is totally understandable because I as many in the industry naturally gravitate to the bits, bytes, technical capabilities and data but tend to hate the messy human part. However, success with DLP is all about the humans: what they need, who they are, what their intent is and detecting when they go off the rails crossing the line from good corporate citizen to bad actor. To be successful with DLP you must embrace the human equation in a passionate way vis-a-vis “Love” it. In this talk I will walk through five simple steps to rollout a DLP Program that is impactful and relevant to your organization. | Anyone charged with protecting regulated data or intellectual property | If you are done with #DataBreach come become part of the #DataLossPrevention #DataSecurity solution, bring the love to your DLP! | ||||||||||||||||||
23 | @BSidesDE "Neighborhood Watch with Kismet" #BSidesDE #Vote http://bit.ly/BSidesDelCFP | Neighborhood Watch with Kismet | In this presentation I'll show how I setup devices running Kismet to monitor neighborhood metadata for intelligence collection. Want to ensure your WiFi traffic is connecting to the correct WiFi? Want to ensure others aren't attempting to brute force into your WiFi? Want to have evidence of a criminals presence in your neighborhood at the time of a burglary or other crime? Come to this presentation to hear the basic steps to setup your neighborhood watch system. | Audience must have some experience installing operating systems and software on linux. Also must have a passion for learning and tinkering. | WiFi for neighborhood watch on the cheap. Build your own WiFi sensing system. | ||||||||||||||||||
24 | @BSidesDE "CPE Sources. How to make your life easier" #BSidesDE #Vote http://bit.ly/BSidesDelCFP | CPE Sources. How to make your life easier | Obtaining your Certification is the first step. ISC2, ISACA, PMI all want you to continue learning. How many times have you gotten to October and realized you are struggling for CPEs? This is designed to help make your life easier by giving you options to check the box. I'm out of talking points now | Any level with Certs or looking to obtain them | |||||||||||||||||||
25 | @BSidesDE "Retro Video Game Reverse Engineering" #BSidesDE #Vote http://bit.ly/BSidesDelCFP | Retro Video Game Reverse Engineering | This talk will go over some results of reverse engineering certain retro video game software and hardware and what we can learn from the oversights of the past, as made on such constrained systems. On the software side we will look at how the speedrunning community was able to reverse engineer early generation Pokémon games and leverage vulnerabilities in them to create routes to quickly beat the game in otherwise impossible times, as well as practical usage of exploits on slightly newer systems simply as the way certain things are done. On the hardware side we will demonstrate an Arduino program that reads and writes savefiles to Game Boy cartridges by bit-banging the Nintendo 64 controller protocol and a way to use virtually any USB input device to control an Atari 2600 by using a Raspberry Pi running open source scripts to emulate a joystick using the GPIO pins. | Anyone who wants to see what we can learn from exploits in retro video games, with cool demos! | Want to see live demos of retro game exploits, bit-banging controller protocols, and making Atari Frogger work with DDR pads? | ||||||||||||||||||
26 | @BSidesDE "Words with Janitor" #BSidesDE #Vote http://bit.ly/BSidesDelCFP | Words with Janitor | What if I told you some of the words we use in infosec/computer security are all wrong? Would you believe me? How about the fact that we haven't been able to make a significant change in the narrative of our industry even though we are the engine that drives it. Simply because what we say is not what the decision makers hear and we keep saying the same words no matter the technology. Also in many cases we are our own worst enemies when interacting with our fellow security professionals. I can tell you that all of those statements are fairly accurate and I can prove it. Come have words with me and I will tell in a way you can understand. | This is intended for a general audience and can be applicable to any industry I just happen to see it from the point of view of ours. | |||||||||||||||||||
27 | @BSidesDE "3, 2, 1, GO! From Noob to Hacker with Golang" #BSidesDE #Vote http://bit.ly/BSidesDelCFP | 3, 2, 1, GO! From Noob to Hacker with Golang | Golang is a great opportunity for everyone from programmers to red teamers to increase their skills. From automation to exploitation. This class introduces you to the Golang language and dives into examples of how it could be used create better workflows or upgrade your hacking arsenal. This day long class with teach you how to build and compile Golang applications, along with showing and building examples of using Go for offensive capabilities. We will cover many of the basics of the Golang programming language and advance into more complex labs through the duration of the class. By the end of the class we will be able to use Go to inject shellcode into a running Windows process. Knowledge of any programming language is a plus and it is recommended to read the “Effective Go” documentation (https://golang.org/doc/effective_go.html) although it is not necessary. Class Requirements: - Device that can run Visual Studio Code (recommended due to the Go plugin is great). - Any OS is fine if you can run a Windows 10 VM with any virtualization software. - RAM to run the required VMs - Software to connect to RDP (only needed for Linux/MacOS) What to Expect: - Learning! - Coding! - Fun! What not to Expect: - The Spanish Inquisition | Students to InfoSec professionals with some programming and/or security background. Some programming knowledge is recommended. | Why deal /w buffers when #Go can do that for you? From the basics to advanced to toying /w the #Windows API and injecting code. | ||||||||||||||||||
28 | @BSidesDE "Security and Compliance Adventures in Startup-land" #BSidesDE #Vote http://bit.ly/BSidesDelCFP | Security and Compliance Adventures in Startup-land | We should all secure our systems, our companies, our data. The methods we use to secure these things should be compliant with the standards relevant to our products and/or services. This isn't hard to understand....Well, I thought it wasn't. Let's talk about the ways it can be screwed up, and some tips and tricks to make it simple for you, with your new startup! | People who work in or are interested in Startups | How badly can you screw up security and compliance in a startup? Let's see!!! See @quadling share some war stories, and some tips! | ||||||||||||||||||
29 | @BSidesDE "Exploring Penetration Testing" #BSidesDE #Vote http://bit.ly/BSidesDelCFP | Exploring Penetration Testing | Hacking Yourself First, Penetration Testing for Blue Teamers In this fast-paced interactive presentation Brandon will reveal everything a defender might want to know about Penetration Testing and then some. This presentation will start with an introduction to what really is a hacker? What is a penetration test? Why is it important for Blue Team members to understand these skillsets? What is a hacking methodology and why is it important? Then we will dive into various technical demo’s involving various tools including Metasploit, Burp Suite, Bloodhound, CrackMapExec, HashCat, and more! Participants will be able to follow along with many of the demos via your own virtual machines. We will conclude with additional attack vectors, and how blue teamers can use this knowledge to make their organization safer by hacking themselves first. | Beginner | Penetration Testing for Blue Team's! All the things you were scared to asked about! | ||||||||||||||||||
30 | @BSidesDE "Basic Chess tactics for Fun and Bragging Rights" #BSidesDE #Vote http://bit.ly/BSidesDelCFP | Basic Chess tactics for Fun and Bragging Rights | Learn the basics of chess including basic tactics that you can try on your friends and family. In this session we will go beyond various piece movement and explore concepts such as forks, pins, skewers, removing the defender, and central control. While there is always more to learn this will give the inquisitive a solid foundation in chess tactics to build their skill set and enjoy the game at a higher level. | Beginner | Want to learn about chess at bsides? Why not? Vote for this talk and learn all about chess tactics! | ||||||||||||||||||
31 | @BSidesDE "3, 2, 1, GO! From Noob to Pro with Golang" #BSidesDE #Vote http://bit.ly/BSidesDelCFP | 3, 2, 1, GO! From Noob to Pro with Golang | Learning Golang is a great opportunity for everyone, from programmers to red teamers to increase their skills. From automation to potential exploitation, this class introduces you to the Golang programming language and dives into examples of how it could be used create cool utilities and potential offensive programming capabilities. This condensed class with teach you how to build and compile Golang applications and will provide useful examples from simple to complex. We will cover many of the basics of the Golang programming language and advance into more complex labs through the duration of the class. The class will be broken out into self-paced labs that will increase in complexity. Knowledge of any programming language is a plus and it is recommended to read the “Effective Go” documentation (https://golang.org/doc/effective_go.html) although it is not necessary. Class Requirements: - Device that can run Visual Studio Code / VSCodium (recommended due to the Go plugin integration). - Any OS is fine if you can run a Windows 10 VM with any virtualization software. - RAM to run the required VM. What to Expect: - Learning! - Coding! - Fun! What not to Expect: - The Spanish Inquisition | Students to InfoSec professionals with some programming and/or security background. Some programming knowledge is recommended. | Why deal with buffers when #Go can do that for you? From #noob to #pro, learn the basics to the advanced in #Golang. | ||||||||||||||||||
32 | @BSidesDE "" #BSidesDE #Vote http://bit.ly/BSidesDelCFP | ||||||||||||||||||||||
33 | @BSidesDE "" #BSidesDE #Vote http://bit.ly/BSidesDelCFP | ||||||||||||||||||||||
34 | @BSidesDE "" #BSidesDE #Vote http://bit.ly/BSidesDelCFP | ||||||||||||||||||||||
35 | @BSidesDE "" #BSidesDE #Vote http://bit.ly/BSidesDelCFP | ||||||||||||||||||||||
36 | @BSidesDE "" #BSidesDE #Vote http://bit.ly/BSidesDelCFP | ||||||||||||||||||||||
37 | @BSidesDE "" #BSidesDE #Vote http://bit.ly/BSidesDelCFP | ||||||||||||||||||||||
38 | @BSidesDE "" #BSidesDE #Vote http://bit.ly/BSidesDelCFP | ||||||||||||||||||||||
39 | @BSidesDE "" #BSidesDE #Vote http://bit.ly/BSidesDelCFP | ||||||||||||||||||||||
40 | @BSidesDE "" #BSidesDE #Vote http://bit.ly/BSidesDelCFP | ||||||||||||||||||||||
41 | @BSidesDE "" #BSidesDE #Vote http://bit.ly/BSidesDelCFP | ||||||||||||||||||||||
42 | @BSidesDE "" #BSidesDE #Vote http://bit.ly/BSidesDelCFP | ||||||||||||||||||||||
43 | @BSidesDE "" #BSidesDE #Vote http://bit.ly/BSidesDelCFP | ||||||||||||||||||||||
44 | @BSidesDE "" #BSidesDE #Vote http://bit.ly/BSidesDelCFP | ||||||||||||||||||||||
45 | |||||||||||||||||||||||
46 | |||||||||||||||||||||||
47 | |||||||||||||||||||||||
48 | |||||||||||||||||||||||
49 | |||||||||||||||||||||||
50 | |||||||||||||||||||||||
51 | |||||||||||||||||||||||
52 | |||||||||||||||||||||||
53 | |||||||||||||||||||||||
54 | |||||||||||||||||||||||
55 | |||||||||||||||||||||||
56 | |||||||||||||||||||||||
57 | |||||||||||||||||||||||
58 | |||||||||||||||||||||||
59 | |||||||||||||||||||||||
60 | |||||||||||||||||||||||
61 | |||||||||||||||||||||||
62 | |||||||||||||||||||||||
63 | |||||||||||||||||||||||
64 | |||||||||||||||||||||||
65 | |||||||||||||||||||||||
66 | |||||||||||||||||||||||
67 | |||||||||||||||||||||||
68 | |||||||||||||||||||||||
69 | |||||||||||||||||||||||
70 | |||||||||||||||||||||||
71 | |||||||||||||||||||||||
72 | |||||||||||||||||||||||
73 | |||||||||||||||||||||||
74 | |||||||||||||||||||||||
75 | |||||||||||||||||||||||
76 | |||||||||||||||||||||||
77 | |||||||||||||||||||||||
78 | |||||||||||||||||||||||
79 | |||||||||||||||||||||||
80 | |||||||||||||||||||||||
81 | |||||||||||||||||||||||
82 | |||||||||||||||||||||||
83 | |||||||||||||||||||||||
84 | |||||||||||||||||||||||
85 | |||||||||||||||||||||||
86 | |||||||||||||||||||||||
87 | |||||||||||||||||||||||
88 | |||||||||||||||||||||||
89 | |||||||||||||||||||||||
90 | |||||||||||||||||||||||
91 | |||||||||||||||||||||||
92 | |||||||||||||||||||||||
93 | |||||||||||||||||||||||
94 | |||||||||||||||||||||||
95 | |||||||||||||||||||||||
96 | |||||||||||||||||||||||
97 | |||||||||||||||||||||||
98 | |||||||||||||||||||||||
99 | |||||||||||||||||||||||
100 | |||||||||||||||||||||||
101 | |||||||||||||||||||||||
102 | |||||||||||||||||||||||
103 | |||||||||||||||||||||||
104 | |||||||||||||||||||||||
105 | |||||||||||||||||||||||
106 |