ABDEGHIJKLMNOPQRSTUVWXY
1
Want to see your talk here?
CFP Info/voting: http://bit.ly/BSidesDelCFP
CFP Submission Form: http://bit.ly/BDECFP19


Got an opinion on a talk, awesome! Speakers love feedback but it's best for everyone when it's constructive as these comments are public.
Shortlink to this page: http://bit.ly/2019CFPVotingBSidesDE
Want more info on the conference?

Twitter @BSidesDE
Main Wiki page https://bitly.com/BSidesDE
Website http://www.bsidesdelaware.com/

Mark your calendar for November 8th and 9th 2019
Want to see your name and logo in lots of places and make business connections? Are you looking to hire infosec talent?

Download Our Sponsor Kit: http://bit.ly/BDE2019SponsorKit
2
Copy and paste to twitter for easy votingTitleAbstract Intended audience or level skill levelCan you make people want to see your talk in 130 characters? Go:
4
@BSidesDE "Your Security Career- getting in and climbing the ladder" #BSidesDE #Vote http://bit.ly/BSidesDelCFPYour Security Career- getting in and climbing the ladderCybersecurity is a booming market. What does it take to get that first job and what do you need to move up? What pitfalls and mistakes should you avoid? An experienced cybersecurity recruiter and a cybersecurity practitioner will discuss the job market, hot skills and ways to move forward in your careerIf you're interested in starting your cybersecurity career, moving up or recovering from a mistake, you'll learn a thing.
6
@BSidesDE "Upside Down: Surviving in a Breached World" #BSidesDE #Vote http://bit.ly/BSidesDelCFPUpside Down: Surviving in a Breached WorldAs the world moves from a paradigm of potential personal identity compromise to definite compromise, individuals need to understand their personal risk and how to mitigate it. This presentation provides the practical steps and knowledge necessary to maintain manageable risk levels and reduce individual attack surface in a world of breaches, leaks, and attacks. Beginners can benefit from practical steps they can take to improve their opsec. Everyone can benefit from changing their perspective from preventing identity compromise to damage control.You've been doxed; now what? How to protect yourself and those around you.
7
@BSidesDE "Cloud Sec aaS Expansions" #BSidesDE #Vote http://bit.ly/BSidesDelCFPCloud Sec aaS ExpansionsOverview of 3rd party and aaS products for improving security posture. Covering APIs, analysis, compliance, and optimization insight for improving nearly every aspect of your existing infrastructure. This talk will cover tools designed to give you recommendations and services to use for improving and hardening your AWS posture.Information security professionals with entry/mid level experience.Solid exposure to 3rd party and internal AWS tools for analyzing your existing cloud posture.
8
@BSidesDE "Got a Con Tee....what to do with it?" #BSidesDE #Vote http://bit.ly/BSidesDelCFPGot a Con Tee....what to do with it?A hands on demo of what can be done with conference shirts. Little to no crafting experience needed. Many different way to use a shirt other then wearing them. Options for wall art, pet toys,shopping bags other options. Showing how to from start to finish a project. Demo how to use a sewing machine. Also demo no sew options. Would recomend attendee bring a shirt they would like to use. None technical or no experience in crafting"Too many con shirts....no problem." #concouture reimagined.
9
@BSidesDE "Amateur (Ham) Radio Examination" #BSidesDE #Vote http://bit.ly/BSidesDelCFPAmateur (Ham) Radio ExaminationWant to get an Amateur Radio license or upgrade? Want to help others get licensed or teach using ham radio? Looking for public service training or serving as part of ARRL’s ARES field training team? You can even arrange an Amateur Radio contact for your students with the International Space Station! Before you go on air, you need to be licensed and know the rules. You can do all this and more by getting your license. Exam testing material is available for on various websites (e.g. http://www.arrl.org and https://www.w5yi.org), various apps for your phone (e.g. Ham Radio Exam - all levels), and great review books/PDFs (e.g. https://www.kb6nu.com/study-guides).Anyone interested in getting/upgrading an Amateur Radio licenseISS, CERT, & major civic events all use amateur radio for communication - accept the challenge and earn your license to operate!
10
@BSidesDE "Let's work together Zeekers!" #BSidesDE #Vote http://bit.ly/BSidesDelCFPLet's work together Zeekers!Zeek and You shall find! BRO is now Zeek! it is an open source free tool that is used by many big and small organizations. It's a great Network Security Monitoring tool and provide human digestible ASCII log files for the network activity, and seen as a portable full pcap solution by many. This talk/session is going to get attendees feet wet in Zeek-land, with what and how's of Zeek, some hands on exercises to get familiar with the Zeek scripting language and signature creation, as well as some advance use-cases of Zeek which would help people get an idea of it's powerful logging and scripting framework. And if time permits, could share some real world use-cases of Zeek to get the value right from the bat.Everyone because it's always cool to learn new tool and technology!Curious about how to get the network visibility in just a few steps and what's transpiring your network? Zeek and you will find!
13
@BSidesDE "Augmented Reality: A New Potential For Security Risks" #BSidesDE #Vote http://bit.ly/BSidesDelCFPAugmented Reality: A New Potential For Security RisksAugmented reality is here, and the future is here with it. With a new presentation platform and medium we face challenges we didn't have before, and attacks no longer just target data, but the humans behind the devices. This talk will cover new attack classes that have been demonstrated that target the human, and not just the data, as well as the new potential for security risks. Your data is no longer the target, you are. Welcome to our brave new world.everyoneMy hacking is augmented: come see Augmented Reality: A New Potential For Security Risks
15
@BSidesDE "JHDigital Capture the Flag (JHDCTF)" #BSidesDE #Vote http://bit.ly/BSidesDelCFPJHDigital Capture the Flag (JHDCTF)Yet another Jeopardy-style Capture the Flag! Challenges for web exploitation,
reverse engineering, binary exploitation, steganography, forensics, cryptography and more! This competition is BYOD, "bring your own device." Play to learn, and play to win! The game is geared towards both beginners and intermediate/advanced players. We will showcase and offer plenty of resources and learning material to get every player up to speed.
CTF players, hackers and friends! The game is geared towards both beginners and intermediate/advanced players. Everyone is welcome and encouraged to play!Another Capture the Flag competition to test your skills! Play and learn cybersecurity concepts, and compete for glory!
17
@BSidesDE "Our Adventure with an Awareness Training Escape Room" #BSidesDE #Vote http://bit.ly/BSidesDelCFPOur Adventure with an Awareness Training Escape RoomAre you as tired of Annual Awareness Training as your users are? It might be time to change up your approach to Security Awareness Training with some gamification. Escape Rooms can be fun and a great opportunity for team building while demonstrating your Information Security Awareness objectives. Participants are faced with a series scenarios that require actions that reflect your organization's policies, procedures and best practices.

We will walk through our Escape Room as well as the planning and logistics to provide participants ideas and discuss what went well as well as what went wrong and how we will address them in the future.
Anyone of any technical level that may be looking for fun ways to train users.Make Awareness Training Fun Again with an Escape Room!
18
@BSidesDE "Matching Your SOCs: A Discussion of Joint IT/OT Operating Models for Monitoring and Response " #BSidesDE #Vote http://bit.ly/BSidesDelCFPMatching Your SOCs: A Discussion of Joint IT/OT Operating Models for Monitoring and Response Traditional security monitoring and response operations are not sufficient to combat the evolving cybersecurity threat landscape for Operational Technology (OT). While the advancement in tools and technology is helpful, the tools alone will not enable effective monitoring and response.

There are key elements common across many SOC programs: tools and technology, threat intelligence sources, and talented staff. For many organizations, however, the ultimate success factor is a well-structured joint SOC operating model. This model matches IT and OT SOCs together, which feature a holistic view of IT and OT environments from a single dashboard. These environments are then monitored and managed by teams trained to recognize anomalies and identify exposure, with the appropriate context of the operating environments, across all systems and devices. The aggregation of OT and IT data sources help streamline security incident resolution, reduce duplicated efforts, and assist in future collaboration efforts. By centralizing your security monitoring program, seemingly disparate security events are correlated and focus is increased on monitoring and response capabilities across the enterprise.

This session will explore the benefits of joint operations for cybersecurity monitoring across both IT and OT networks and includes real-world case studies of integration efforts. We also will discuss joint operations playbooks and handoff procedures, and lessons learned and procedural requirements for joint SOC operating models. We will discuss the benefits and drawbacks of each approach, common misconceptions when addressing IT/OT convergence, the need for strong relationships, and how the rewards that stem from holistic cybersecurity monitoring can outweigh the risks.

This session is geared towards CISO’s, cybersecurity directors, and site managers. We believe that the best way to integrate IT/OT SOC ops feature a holistic view of IT/OT environments from a single dashboard.
19
@BSidesDE "What should a mobile security program look like? YMMV..." #BSidesDE #Vote http://bit.ly/BSidesDelCFPWhat should a mobile security program look like? YMMV...So, you want the perfect mobile security program for your company/organization? Great! Just know that your set of threats, priorities and limitations will ensure that it probably won't look like the one created by the person next to you. In this talk, we'll cover mobile threats that may or may not apply to you and an overview of the tools, controls and methods you could use to counter them.Anyone interested in defensive mobile securityYMMV in creating the perfect #mobile #security program. Learn about your potential #threats, #priorities, #tools and #controls.
20
@BSidesDE "What I Wish I Knew About Password Auditing: Cracking User's Password Before the Bad Guys" #BSidesDE #Vote http://bit.ly/BSidesDelCFPWhat I Wish I Knew About Password Auditing: Cracking User's Password Before the Bad GuysThe goal of the talk is to give blue teamers and IT staff the knowledge they need to do internal audits of their Active Directory credentials and to dramatically increase the difficulty of attacks that abuse passwords such as password spraying and credential access. Password auditing (Aka cracking your own passwords) is presented as one part in a larger strategy to reach the desired goal. This talk puts all the knowledge required in one place with both high level strategy and low level specifics of the cracking techniques used.The intended audience is blue team and IT staff, and anyone interested in password cracking. No prior password cracking knowledge is assumed.Crack your users passwords before the bad guys! Your one-stop-shop for making attackers favorite techniques much harder.
21
@BSidesDE "Exploiting IoT - An Introduction to BLE" #BSidesDE #Vote http://bit.ly/BSidesDelCFPExploiting IoT - An Introduction to BLEBLE is one of the most common wireless protocols used in IoT devices today. This talk will follow the BLE protocol and apply a 4 phases approach to assessing the security of these devices: Reconnaissance, Sniffing and Capturing, Extracting Sensitive Data, and Exploitation. This talk will demo exploits of IoT devices and walk attendees through the tools and processes to testing similar devices and creating their own CTF to practice on. Anyone with a passion for wifi and learning#Iothacking #wireless #ubertooth #blehacking
22
@BSidesDE "Putting the Love into your DLP" #BSidesDE #Vote http://bit.ly/BSidesDelCFPPutting the Love into your DLPOver the last 13 years of being involved with Data Loss Prevention DLP I have seen many brilliantly deployed DLP solutions fail because of the human element. This is totally understandable because I as many in the industry naturally gravitate to the bits, bytes, technical capabilities and data but tend to hate the messy human part. However, success with DLP is all about the humans: what they need, who they are, what their intent is and detecting when they go off the rails crossing the line from good corporate citizen to bad actor. To be successful with DLP you must embrace the human equation in a passionate way vis-a-vis “Love” it. In this talk I will walk through five simple steps to rollout a DLP Program that is impactful and relevant to your organization.
Anyone charged with protecting regulated data or intellectual propertyIf you are done with #DataBreach come become part of the #DataLossPrevention #DataSecurity solution, bring the love to your DLP!
23
@BSidesDE "Neighborhood Watch with Kismet" #BSidesDE #Vote http://bit.ly/BSidesDelCFPNeighborhood Watch with KismetIn this presentation I'll show how I setup devices running Kismet to monitor neighborhood metadata for intelligence collection. Want to ensure your WiFi traffic is connecting to the correct WiFi? Want to ensure others aren't attempting to brute force into your WiFi?
Want to have evidence of a criminals presence in your neighborhood at the time of a burglary or other crime? Come to this presentation to hear the basic steps to setup your neighborhood watch system.
Audience must have some experience installing operating systems and software on linux. Also must have a passion for learning and tinkering.WiFi for neighborhood watch on the cheap. Build your own WiFi sensing system.
24
@BSidesDE "CPE Sources. How to make your life easier" #BSidesDE #Vote http://bit.ly/BSidesDelCFPCPE Sources. How to make your life easierObtaining your Certification is the first step. ISC2, ISACA, PMI all want you to continue learning. How many times have you gotten to October and realized you are struggling for CPEs? This is designed to help make your life easier by giving you options to check the box.





















I'm out of talking points now
Any level with Certs or looking to obtain them
25
@BSidesDE "Retro Video Game Reverse Engineering" #BSidesDE #Vote http://bit.ly/BSidesDelCFPRetro Video Game Reverse EngineeringThis talk will go over some results of reverse engineering certain retro video game software and hardware and what we can learn from the oversights of the past, as made on such constrained systems. On the software side we will look at how the speedrunning community was able to reverse engineer early generation Pokémon games and leverage vulnerabilities in them to create routes to quickly beat the game in otherwise impossible times, as well as practical usage of exploits on slightly newer systems simply as the way certain things are done. On the hardware side we will demonstrate an Arduino program that reads and writes savefiles to Game Boy cartridges by bit-banging the Nintendo 64 controller protocol and a way to use virtually any USB input device to control an Atari 2600 by using a Raspberry Pi running open source scripts to emulate a joystick using the GPIO pins.Anyone who wants to see what we can learn from exploits in retro video games, with cool demos!Want to see live demos of retro game exploits, bit-banging controller protocols, and making Atari Frogger work with DDR pads?
26
@BSidesDE "Words with Janitor" #BSidesDE #Vote http://bit.ly/BSidesDelCFPWords with JanitorWhat if I told you some of the words we use in infosec/computer security are all wrong? Would you believe me? How about the fact that we haven't been able to make a significant change in the narrative of our industry even though we are the engine that drives it. Simply because what we say is not what the decision makers hear and we keep saying the same words no matter the technology. Also in many cases we are our own worst enemies when interacting with our fellow security professionals. I can tell you that all of those statements are fairly accurate and I can prove it. Come have words with me and I will tell in a way you can understand.This is intended for a general audience and can be applicable to any industry I just happen to see it from the point of view of ours.
27
@BSidesDE "3, 2, 1, GO! From Noob to Hacker with Golang" #BSidesDE #Vote http://bit.ly/BSidesDelCFP3, 2, 1, GO! From Noob to Hacker with GolangGolang is a great opportunity for everyone from programmers to red teamers to increase their skills. From automation to exploitation. This class introduces you to the Golang language and dives into examples of how it could be used create better workflows or upgrade your hacking arsenal. This day long class with teach you how to build and compile Golang applications, along with showing and building examples of using Go for offensive capabilities.

We will cover many of the basics of the Golang programming language and advance into more complex labs through the duration of the class. By the end of the class we will be able to use Go to inject shellcode into a running Windows process.

Knowledge of any programming language is a plus and it is recommended to read the “Effective Go” documentation (https://golang.org/doc/effective_go.html) although it is not necessary.

Class Requirements:
- Device that can run Visual Studio Code (recommended due to the Go plugin is great).
- Any OS is fine if you can run a Windows 10 VM with any virtualization software.
- RAM to run the required VMs
- Software to connect to RDP (only needed for Linux/MacOS)
What to Expect:
- Learning!
- Coding!
- Fun!
What not to Expect:
- The Spanish Inquisition
Students to InfoSec professionals with some programming and/or security background. Some programming knowledge is recommended.Why deal /w buffers when #Go can do that for you? From the basics to advanced to toying /w the #Windows API and injecting code.
28
@BSidesDE "Security and Compliance Adventures in Startup-land" #BSidesDE #Vote http://bit.ly/BSidesDelCFPSecurity and Compliance Adventures in Startup-landWe should all secure our systems, our companies, our data. The methods we use to secure these things should be compliant with the standards relevant to our products and/or services. This isn't hard to understand....Well, I thought it wasn't. Let's talk about the ways it can be screwed up, and some tips and tricks to make it simple for you, with your new startup!People who work in or are interested in StartupsHow badly can you screw up security and compliance in a startup? Let's see!!! See @quadling share some war stories, and some tips!
29
@BSidesDE "Exploring Penetration Testing" #BSidesDE #Vote http://bit.ly/BSidesDelCFPExploring Penetration TestingHacking Yourself First, Penetration Testing for Blue Teamers
In this fast-paced interactive presentation Brandon will reveal everything a defender might want to know about Penetration Testing and then some. This presentation will start with an introduction to what really is a hacker? What is a penetration test? Why is it important for Blue Team members to understand these skillsets? What is a hacking methodology and why is it important? Then we will dive into various technical demo’s involving various tools including Metasploit, Burp Suite, Bloodhound, CrackMapExec, HashCat, and more! Participants will be able to follow along with many of the demos via your own virtual machines. We will conclude with additional attack vectors, and how blue teamers can use this knowledge to make their organization safer by hacking themselves first.
BeginnerPenetration Testing for Blue Team's! All the things you were scared to asked about!
30
@BSidesDE "Basic Chess tactics for Fun and Bragging Rights" #BSidesDE #Vote http://bit.ly/BSidesDelCFPBasic Chess tactics for Fun and Bragging RightsLearn the basics of chess including basic tactics that you can try on your friends and family. In this session we will go beyond various piece movement and explore concepts such as forks, pins, skewers, removing the defender, and central control. While there is always more to learn this will give the inquisitive a solid foundation in chess tactics to build their skill set and enjoy the game at a higher level.BeginnerWant to learn about chess at bsides? Why not? Vote for this talk and learn all about chess tactics!
31
@BSidesDE "3, 2, 1, GO! From Noob to Pro with Golang" #BSidesDE #Vote http://bit.ly/BSidesDelCFP3, 2, 1, GO! From Noob to Pro with GolangLearning Golang is a great opportunity for everyone, from programmers to red teamers to increase their skills. From automation to potential exploitation, this class introduces you to the Golang programming language and dives into examples of how it could be used create cool utilities and potential offensive programming capabilities.

This condensed class with teach you how to build and compile Golang applications and will provide useful examples from simple to complex.

We will cover many of the basics of the Golang programming language and advance into more complex labs through the duration of the class. The class will be broken out into self-paced labs that will increase in complexity.

Knowledge of any programming language is a plus and it is recommended to read the “Effective Go” documentation (https://golang.org/doc/effective_go.html) although it is not necessary.

Class Requirements:
- Device that can run Visual Studio Code / VSCodium (recommended due to the Go plugin integration).
- Any OS is fine if you can run a Windows 10 VM with any virtualization software.
- RAM to run the required VM.
What to Expect:
- Learning!
- Coding!
- Fun!
What not to Expect:
- The Spanish Inquisition
Students to InfoSec professionals with some programming and/or security background. Some programming knowledge is recommended.Why deal with buffers when #Go can do that for you? From #noob to #pro, learn the basics to the advanced in #Golang.
32
@BSidesDE "" #BSidesDE #Vote http://bit.ly/BSidesDelCFP
33
@BSidesDE "" #BSidesDE #Vote http://bit.ly/BSidesDelCFP
34
@BSidesDE "" #BSidesDE #Vote http://bit.ly/BSidesDelCFP
35
@BSidesDE "" #BSidesDE #Vote http://bit.ly/BSidesDelCFP
36
@BSidesDE "" #BSidesDE #Vote http://bit.ly/BSidesDelCFP
37
@BSidesDE "" #BSidesDE #Vote http://bit.ly/BSidesDelCFP
38
@BSidesDE "" #BSidesDE #Vote http://bit.ly/BSidesDelCFP
39
@BSidesDE "" #BSidesDE #Vote http://bit.ly/BSidesDelCFP
40
@BSidesDE "" #BSidesDE #Vote http://bit.ly/BSidesDelCFP
41
@BSidesDE "" #BSidesDE #Vote http://bit.ly/BSidesDelCFP
42
@BSidesDE "" #BSidesDE #Vote http://bit.ly/BSidesDelCFP
43
@BSidesDE "" #BSidesDE #Vote http://bit.ly/BSidesDelCFP
44
@BSidesDE "" #BSidesDE #Vote http://bit.ly/BSidesDelCFP
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106