Time | Conf Rm B | Conf Rm C | Alumni Conf Rm | End of Hallway |
08:00 | ||||
09:00 | Malware Traffic Analysis Brad Duncan |
Pen-Testing Cloud REST APIs (Session 1) Rodney Beede |
Pwning Web Apps Phillip Wylie |
Value of Table Top Exercises Rob Dodson |
10:00 | ||||
11:00 | ||||
12:00 | Lunch Break | |||
13:00 | continued | Pen-Testing Cloud REST APIs (Session 2) Rodney Beede |
Intro to Hacking Workshop Vincent |
|
14:00 | ||||
15:00 | ||||
16:00 |
Time | Lower Stairwell | Upper Stairwell | Online | Online |
08:00 | ||||
09:00 | Lock Picking Village Douglas Copeland |
Hardware Hacking Village Andrew Neumann |
Crypto Challenge Carl Mehner |
SnekWars Python Challenge David Waters & Justin Gray |
10:00 | ||||
11:00 | ||||
12:00 | Lunch Break | |||
13:00 | continued | continued | continued | continued |
14:00 | ||||
15:00 | ||||
16:00 |
Please note that Secure Code Warrior was previously listed as an event. However, due to unforeseen circumstances is no longer going to be happening.
All Day events
Malware Traffic Analysis Workshop
Presenter: Brad Duncan
This training provides a foundation for investigating packet captures (pcaps) of malicious network activity. It begins with basic investigation concepts, setting up Wireshark, and identifying victims in network traffic. Participants learn characteristics of various windows-based malware infections. The training concludes with exercises designed to give participants experience in writing incident reports.
Description: Full-day in-depth technical training. I have a guided slideshow that takes participants through the day of training.
Prerequisites: None
Max Participants: 20
Presenter: Brad Duncan
This training provides a foundation for investigating packet captures (pcaps) of malicious network activity. It begins with basic investigation concepts, setting up Wireshark, and identifying victims in network traffic. Participants learn characteristics of various windows-based malware infections. The training concludes with exercises designed to give participants experience in writing incident reports.
Description: Full-day in-depth technical training. I have a guided slideshow that takes participants through the day of training.
Prerequisites: None
Max Participants: 20
Pen-Testing Cloud Rest APIs
Note: this event is offered in the morning and afternoon as two separate sessions, please only attend one or the other.
Presenter: Rodney Beede
The use of REST APIs for services running in the cloud has proliferated in the last decade. The most impactful vulnerability would be Broken Access Control (A01, OWASP Top 10:2021). While there are multiple tools (Burp, Fiddler, OWASP ZAP) to assist in web application or service testing, the initial curve of successfully integrating the tool with the REST API is daunting.
This workshop will show you how to tame the learning curve of successfully integrating a tool so you can get to the fun part of testing for an API authorization vulnerability. Additionally, I provide a simulator of a cloud-based REST API that allows you to discover and understand what a vulnerable response looks like.
You’ll leave with knowledge of not only what to look for but how to know when you’ve found it.
Description: Participants will learn how to perform OWASP Top 10 authorization and fuzzing testing against real cloud REST APIs. This will be a guided lab with hands-on participation.
Prerequisites: Laptop, mouse, and Burp Suite (community or professional)
Max Participants: 20
Note: this event is offered in the morning and afternoon as two separate sessions, please only attend one or the other.
Presenter: Rodney Beede
The use of REST APIs for services running in the cloud has proliferated in the last decade. The most impactful vulnerability would be Broken Access Control (A01, OWASP Top 10:2021). While there are multiple tools (Burp, Fiddler, OWASP ZAP) to assist in web application or service testing, the initial curve of successfully integrating the tool with the REST API is daunting.
This workshop will show you how to tame the learning curve of successfully integrating a tool so you can get to the fun part of testing for an API authorization vulnerability. Additionally, I provide a simulator of a cloud-based REST API that allows you to discover and understand what a vulnerable response looks like.
You’ll leave with knowledge of not only what to look for but how to know when you’ve found it.
Description: Participants will learn how to perform OWASP Top 10 authorization and fuzzing testing against real cloud REST APIs. This will be a guided lab with hands-on participation.
Prerequisites: Laptop, mouse, and Burp Suite (community or professional)
Max Participants: 20
Crypto Challenge
Presenter: Carl Mehner
Event website: Live now! Check out the website here.
Description: Try your hand at deciphering this year's challenge! There are ten puzzles in all, how many can you complete during the day?
Prerequisites: The registration link will be provided the day of here and in Discord.
Max Participants: No limit
Presenter: Carl Mehner
Event website: Live now! Check out the website here.
Description: Try your hand at deciphering this year's challenge! There are ten puzzles in all, how many can you complete during the day?
Prerequisites: The registration link will be provided the day of here and in Discord.
Max Participants: No limit
SnekWars Python Challenge
Presenters: David Waters & Justin Gray
Event website: https://antihackerhackerclub.com/snekwars/
SnekWars is a series of increasingly difficult Python challenges meant to test your Python programming skills.
Description: SnekWars will take place throughout the day of BSides SATX - it will consist of a couple dozen challenges that will test your Python skills.
Prerequisites: A laptop with internet access and Python.
Max Participants: No limit
Presenters: David Waters & Justin Gray
Event website: https://antihackerhackerclub.com/snekwars/
SnekWars is a series of increasingly difficult Python challenges meant to test your Python programming skills.
Description: SnekWars will take place throughout the day of BSides SATX - it will consist of a couple dozen challenges that will test your Python skills.
Prerequisites: A laptop with internet access and Python.
Max Participants: No limit
Hardware Hacking Village
Presenter: Andrew Neumann
Description: Hardware Hacking Village will take place throughout the day of BSides SATX - it will consist of a couple of soldering stations and mentors to help with soldering little projects. Children (high school and under) will be provided two free soldering kits, while supplies last. Soldering kits can also be purchased by adult patrons.
Prerequisites: None
Max Participants: No limit
Presenter: Andrew Neumann
Description: Hardware Hacking Village will take place throughout the day of BSides SATX - it will consist of a couple of soldering stations and mentors to help with soldering little projects. Children (high school and under) will be provided two free soldering kits, while supplies last. Soldering kits can also be purchased by adult patrons.
Prerequisites: None
Max Participants: No limit
Lock Picking Village
Presenter: Douglas Copeland
Description: Whether you're a novice or an experienced lock picker, this challenge offers an opportunity to hone your abilities and have fun in the process. The event is set up in a casual drop-in/drop-out format, allowing participants to come and go as they please throughout the duration of the conference.
Prerequisites: None
Max Participants: No limit, drop-in/out
Presenter: Douglas Copeland
Description: Whether you're a novice or an experienced lock picker, this challenge offers an opportunity to hone your abilities and have fun in the process. The event is set up in a casual drop-in/drop-out format, allowing participants to come and go as they please throughout the duration of the conference.
Prerequisites: None
Max Participants: No limit, drop-in/out
Morning Events
Pwning Web Apps
Presenter: Phillip Wylie
In this intro to web application penetration testing workshop, participants will learn the basics of web application penetration testing including; methodology, tools, techniques, and resources. The skills taught in this workshop are valuable to aspiring bug hunters for use in bug bounties.
Description: Web applications have become the most popular and widely used application type due to portability and compatibility, and these attributes have made them widely used for businesses of all sizes. Web application security and the assessment of security is often misunderstood, overlooked, or just ignored. Web applications and websites accessible through the Internet can be a risk and, when not secure, can expose sensitive information and access to underlying IT infrastructure. The skills taught in this workshop are valuable to aspiring to become pentesters or security researchers and participate in bug bounties. Attendees will be provided with a virtual machine-based lab learning environment for use in the workshop and after to continue learning web app pentesting. Participants will receive a list of resources to further their study of web app pentesting.
In this workshop, participants will learn about web application vulnerability assessments and web application pentests. Attendees will learn how to discover, validate, and exploit vulnerabilities from the OWASP Top 10 using industry-standard commercial tools and Free and open-source software (FOSS) following the OWASP Testing Guide. During the workshop, attendees will learn how to conduct a web application pentests and write a report on the findings and security posture of the web application.
The following web app pentesting methodology steps will be covered during the workshop:
Hardware requirements for the virtual lab: Laptop with 20GB for free disk space VirtualBox or VMWare required to run the virtual lab.
Prerequisites: Virtualization software (VMware, VirtualBox, etc.) and Kali Linux VM
(downloadable here; https://www.kali.org/get-kali/#kali-virtual-machines)
Max Participants: 20
Presenter: Phillip Wylie
In this intro to web application penetration testing workshop, participants will learn the basics of web application penetration testing including; methodology, tools, techniques, and resources. The skills taught in this workshop are valuable to aspiring bug hunters for use in bug bounties.
Description: Web applications have become the most popular and widely used application type due to portability and compatibility, and these attributes have made them widely used for businesses of all sizes. Web application security and the assessment of security is often misunderstood, overlooked, or just ignored. Web applications and websites accessible through the Internet can be a risk and, when not secure, can expose sensitive information and access to underlying IT infrastructure. The skills taught in this workshop are valuable to aspiring to become pentesters or security researchers and participate in bug bounties. Attendees will be provided with a virtual machine-based lab learning environment for use in the workshop and after to continue learning web app pentesting. Participants will receive a list of resources to further their study of web app pentesting.
In this workshop, participants will learn about web application vulnerability assessments and web application pentests. Attendees will learn how to discover, validate, and exploit vulnerabilities from the OWASP Top 10 using industry-standard commercial tools and Free and open-source software (FOSS) following the OWASP Testing Guide. During the workshop, attendees will learn how to conduct a web application pentests and write a report on the findings and security posture of the web application.
The following web app pentesting methodology steps will be covered during the workshop:
- Pre-engagement Interactions
- Intelligence Gathering
- Threat Modeling
- Vulnerability Analysis
- Exploitation
- Post Exploitation
- Reporting
Hardware requirements for the virtual lab: Laptop with 20GB for free disk space VirtualBox or VMWare required to run the virtual lab.
Prerequisites: Virtualization software (VMware, VirtualBox, etc.) and Kali Linux VM
(downloadable here; https://www.kali.org/get-kali/#kali-virtual-machines)
Max Participants: 20
Value of Table Top Exercises
Presenter: Rob Dodson
Incident Response Tabletop exercise designed to identify the value of exercising tabletops to improve responses.
Follow up conversation about what to do about the Security Personnel Shortage.
Description: Audience participation tabletop exercise with all parts scripted, also allow for some free flowing response.
This will be up to 5 members participating in the tabletop exercise.
Only a half day and the table/chairs are required, maximum participation from the 5 members, audience welcome and can ask questions after the tabletop.
Only one round will be run.
Note: Rob Dodson plans to host a follow-up discussion on how the industry might address the personnel shortage in the cyber security industry.
Prerequisites: None
Max Participants: 5 participating (up to 15 may spectate)
Presenter: Rob Dodson
Incident Response Tabletop exercise designed to identify the value of exercising tabletops to improve responses.
Follow up conversation about what to do about the Security Personnel Shortage.
Description: Audience participation tabletop exercise with all parts scripted, also allow for some free flowing response.
This will be up to 5 members participating in the tabletop exercise.
Only a half day and the table/chairs are required, maximum participation from the 5 members, audience welcome and can ask questions after the tabletop.
Only one round will be run.
Note: Rob Dodson plans to host a follow-up discussion on how the industry might address the personnel shortage in the cyber security industry.
Prerequisites: None
Max Participants: 5 participating (up to 15 may spectate)
Afternoon Events
Intro to Hacking Workshop
Presenter: Vincent
This session provides an introduction to hacking in a welcoming and encouraging environment. Ideal for those with little to no hacking experience, it offers the chance to learn hacking techniques in an enjoyable, accessible, and practical manner.
Description: This session provides an introduction to hacking in a welcoming and encouraging environment. Ideal for those with little to no hacking experience, it offers the chance to learn hacking techniques in an enjoyable, accessible, and practical manner.
Whether you are an aspiring penetration tester, want to refine your skills, or simply want to try something new and gain confidence, you will find this workshop to be educational, fun, and rewarding.
This is a hands-on workshop and some of the topics covered will include:
Prerequisites: Participants need a laptop equipped with WiFi, VirtualBox, Kali Linux, and enough system resources to run an additional virtual machine with 2GB of memory. Basic Linux / Kali experience is preferred. *NOTE: Mac Silicon (Apple M1/M2) has issues with hypervisors.
Max Participants: 20
Presenter: Vincent
This session provides an introduction to hacking in a welcoming and encouraging environment. Ideal for those with little to no hacking experience, it offers the chance to learn hacking techniques in an enjoyable, accessible, and practical manner.
Description: This session provides an introduction to hacking in a welcoming and encouraging environment. Ideal for those with little to no hacking experience, it offers the chance to learn hacking techniques in an enjoyable, accessible, and practical manner.
Whether you are an aspiring penetration tester, want to refine your skills, or simply want to try something new and gain confidence, you will find this workshop to be educational, fun, and rewarding.
This is a hands-on workshop and some of the topics covered will include:
- Command & Control Frameworks
- Passive and Active Reconnaissance
- Open Source Intelligence
- Enumeration
- Phishing
- Exploitation
- Evasion
- Local Privilege Escalation
- Persistance
- Data Exfiltration
- Lateral Movement
- Post Exploitation Covering Tracks
Prerequisites: Participants need a laptop equipped with WiFi, VirtualBox, Kali Linux, and enough system resources to run an additional virtual machine with 2GB of memory. Basic Linux / Kali experience is preferred. *NOTE: Mac Silicon (Apple M1/M2) has issues with hypervisors.
Max Participants: 20