Events Schedule for BSidesSATX 2022
EVENT DETAILS
CTFs
Crypto Puzzle
Puzzle Master: Carl Mehner
Location: Online, Discord Channel #crypto-puzzle
Description: Try your hand at deciphering this year's challenge! There are ten puzzles in all, how many can you complete during the day?
When: Start of the conference to 1 hour before the end of the con.
Registration Required: Yes! Registration Link will be provided the day of - in person and in Discord.
Requirements: Internet access and a sharp mind to find creative ways to decrypt secret messages.
BSides SATX + Secure Coding Tournament
Presented By: Secure Code Warrior (returning for a third year in a row!)
Location: Online, Discord Channel #secure-coding-ctf
Description: Secure Code Warrior brings you a defensive security-based tournament from a developer's perspective. The tournament allows you to test your skill against the other participants in a series of vulnerable code challenges that ask you to identify a problem, locate insecure code, and fix a vulnerability. You don’t need extensive programming knowledge as this will be a great way to learn the foundations and intermediates of leveraging code that is not only functional but is also secure. You can find the tournament step-by-step guide here: https://youtu.be/o8XhKK_eOOs The tournament is run virtually so you can join through your laptop from the most convenient location and time. It should take only a few hours, drop-in as you see fit during the duration of the event to complete all the challenges and win prizes!
When: June 18th, 9:00AM - 4:00PM CST
Registration Required: Yes, through Eventbrite.
Requirements:
Register for the Secure Code Warrior platform here: https://discover.securecodewarrior.com/BSidesSATX.html
Puzzle Master: Carl Mehner
Location: Online, Discord Channel #crypto-puzzle
Description: Try your hand at deciphering this year's challenge! There are ten puzzles in all, how many can you complete during the day?
When: Start of the conference to 1 hour before the end of the con.
Registration Required: Yes! Registration Link will be provided the day of - in person and in Discord.
Requirements: Internet access and a sharp mind to find creative ways to decrypt secret messages.
BSides SATX + Secure Coding Tournament
Presented By: Secure Code Warrior (returning for a third year in a row!)
Location: Online, Discord Channel #secure-coding-ctf
Description: Secure Code Warrior brings you a defensive security-based tournament from a developer's perspective. The tournament allows you to test your skill against the other participants in a series of vulnerable code challenges that ask you to identify a problem, locate insecure code, and fix a vulnerability. You don’t need extensive programming knowledge as this will be a great way to learn the foundations and intermediates of leveraging code that is not only functional but is also secure. You can find the tournament step-by-step guide here: https://youtu.be/o8XhKK_eOOs The tournament is run virtually so you can join through your laptop from the most convenient location and time. It should take only a few hours, drop-in as you see fit during the duration of the event to complete all the challenges and win prizes!
When: June 18th, 9:00AM - 4:00PM CST
Registration Required: Yes, through Eventbrite.
Requirements:
Register for the Secure Code Warrior platform here: https://discover.securecodewarrior.com/BSidesSATX.html
- Check your email for confirmation and access the unique link to create your profile.
- Once logged in: click “Tournaments”
- Join the BSides SATX Secure Coding Tournament
- The Secure Code Warrior platform will be open before and after the tournament, so feel free to practice in the “Training” tab
VILLAGES
Lock Picking Village
Presented By: Josh James, Nathan, Jason Merideth
Location: Stairwell
Description: We will set up multiple stations to teach introduction to lockpicking as well as physical security bypasses. We will also bring equipment for participants to gain a familiarity or basic understanding of to utilize in physical security operations.
When: June 18th, 9:30AM - 5:00PM CST
Registration Required: No
Requirements: None
Presented By: Josh James, Nathan, Jason Merideth
Location: Stairwell
Description: We will set up multiple stations to teach introduction to lockpicking as well as physical security bypasses. We will also bring equipment for participants to gain a familiarity or basic understanding of to utilize in physical security operations.
When: June 18th, 9:30AM - 5:00PM CST
Registration Required: No
Requirements: None
WORKSHOPS
ClearedJobs.Net - Resume Reviews
Presented By: Resume Reviews
Location: Sponsor Hall
Description: Are you looking for a new job? Not quite sure if your resume will get you that next job? Or maybe just can't get past the resume selection process? If any of this applies, then make sure you stop by ClearedJobs.Net's sponsor table between 11am-3pm and bring your resume! They will be providing complimentary resume reviews to help you find your next job!
When: June 18th, 11:00AM CST - 3:00PM CST
Registration Required: None required.
Pwning Web Apps – An Intro to Web App Pentesting
Presented By: Phillip Wylie
Location: Alumni Conference Room
Description: In this intro to web application penetration testing workshop, participants will learn the basics of web application penetration testing including; methodology, tools, techniques, and resources. The skills taught in this workshop are valuable to aspiring bug hunters for use in bug bounties.
When: June 18th, 9:00AM CST - 11:00AM CST
Registration Required: None required.
Laptop requirements:
● VirtualBox or VMware.
● 20GB of free disk space for virtual machines (VMs)
● Kali Linux (downloadable here: https://www.kali.org/get-kali/#kali-virtual-machines)
● Participants should install VirtuaBox or VMware prior to the workshop.
Malware Traffic Analysis Workshop
Presented By: Brad Duncan
Location: Conference Room B
Description:
This training provides a foundation for investigating packet captures (pcaps) of malicious network traffic. It begins with basic investigation concepts, setting up Wireshark, and identifying victims in network traffic. Participants learn the characteristics of malware infections and other suspicious network traffic. This training concludes with an evaluation designed to give participants experience in writing an incident report.
When: June 18th, 9:00AM CST - 5:00PM CST
Registration Required: None required.
Requirements for participants:
● A laptop, preferably with a non-Windows OS: a Windows laptop using a virtual machine running Linux will work for this.
● A recent version of Wireshark, at least version 3.4.x or later.
● An Internet connection to download the pcaps used for this workshop. (Limited amount of borrowable thumb drives will be provided with the material for anyone who's having connectivity issues)
The Value of Tabletop Exercises
Presented By: Rod Dodson
Location: Conference Room C
Description: Incident Response Tabletop exercise designed to identify the value of exercising tabletops to improve responses.
When: June 18th, 9:00AM - 11:00AM CST
Registration Required: None
Requirements:
Audience participation in tabletop exercise with all parts scripted, with room for free flowing response.
This will be up to 5 members participating in the tabletop exercise.
Only a half day and the table/chairs are required, maximum participation from the 5 members, audience welcome and can ask questions after the tabletop.
Only one round will be run.
Workshop - Pen-testing Cloud REST APIs
Presented By: Rodney Beede
Location: Conference Room C
Description: Participants will practice how to perform authZ and fuzzing against real cloud REST APIs. Looking at OpenStack and Google (AWS does not allow public pen tests) environments including how to test IAM.
This will be a guided lab with participants following along.
When: June 18th, 1:00PM - 5:00PM CST
Registration Required: Yes, through Eventbrite.
Requirements:
Each participant will need to bring:
● Laptop
● Wireless mouse
● Burp Suite community (or professional) software installed
Presented By: Resume Reviews
Location: Sponsor Hall
Description: Are you looking for a new job? Not quite sure if your resume will get you that next job? Or maybe just can't get past the resume selection process? If any of this applies, then make sure you stop by ClearedJobs.Net's sponsor table between 11am-3pm and bring your resume! They will be providing complimentary resume reviews to help you find your next job!
When: June 18th, 11:00AM CST - 3:00PM CST
Registration Required: None required.
Pwning Web Apps – An Intro to Web App Pentesting
Presented By: Phillip Wylie
Location: Alumni Conference Room
Description: In this intro to web application penetration testing workshop, participants will learn the basics of web application penetration testing including; methodology, tools, techniques, and resources. The skills taught in this workshop are valuable to aspiring bug hunters for use in bug bounties.
When: June 18th, 9:00AM CST - 11:00AM CST
Registration Required: None required.
Laptop requirements:
● VirtualBox or VMware.
● 20GB of free disk space for virtual machines (VMs)
● Kali Linux (downloadable here: https://www.kali.org/get-kali/#kali-virtual-machines)
● Participants should install VirtuaBox or VMware prior to the workshop.
Malware Traffic Analysis Workshop
Presented By: Brad Duncan
Location: Conference Room B
Description:
This training provides a foundation for investigating packet captures (pcaps) of malicious network traffic. It begins with basic investigation concepts, setting up Wireshark, and identifying victims in network traffic. Participants learn the characteristics of malware infections and other suspicious network traffic. This training concludes with an evaluation designed to give participants experience in writing an incident report.
When: June 18th, 9:00AM CST - 5:00PM CST
Registration Required: None required.
Requirements for participants:
● A laptop, preferably with a non-Windows OS: a Windows laptop using a virtual machine running Linux will work for this.
● A recent version of Wireshark, at least version 3.4.x or later.
● An Internet connection to download the pcaps used for this workshop. (Limited amount of borrowable thumb drives will be provided with the material for anyone who's having connectivity issues)
The Value of Tabletop Exercises
Presented By: Rod Dodson
Location: Conference Room C
Description: Incident Response Tabletop exercise designed to identify the value of exercising tabletops to improve responses.
When: June 18th, 9:00AM - 11:00AM CST
Registration Required: None
Requirements:
Audience participation in tabletop exercise with all parts scripted, with room for free flowing response.
This will be up to 5 members participating in the tabletop exercise.
Only a half day and the table/chairs are required, maximum participation from the 5 members, audience welcome and can ask questions after the tabletop.
Only one round will be run.
Workshop - Pen-testing Cloud REST APIs
Presented By: Rodney Beede
Location: Conference Room C
Description: Participants will practice how to perform authZ and fuzzing against real cloud REST APIs. Looking at OpenStack and Google (AWS does not allow public pen tests) environments including how to test IAM.
This will be a guided lab with participants following along.
When: June 18th, 1:00PM - 5:00PM CST
Registration Required: Yes, through Eventbrite.
Requirements:
Each participant will need to bring:
● Laptop
● Wireless mouse
● Burp Suite community (or professional) software installed