Events Schedule for BSidesSATX 2021
EVENT DETAILS
CTFS
BSides SATX + Secure Coding Tournament
Presented By: Secure Code Warrior (returning for a second year in a row!)
Location: Online, Discord Channel #secure-coding-ctf
Description: Secure Code Warrior brings you a defensive security-based tournament from a developer's perspective. The tournament allows you to test your skill against the other participants in a series of vulnerable code challenges that ask you to identify a problem, locate insecure code, and fix a vulnerability. You don’t need extensive programming knowledge as this will be a great way to learn the foundations and intermediates of leveraging code that is not only functional but is also secure. You can find the tournament step-by-step guide here: https://youtu.be/o8XhKK_eOOs The tournament is run virtually so you can join through your laptop from the most convenient location and time. It should take only a few hours, drop-in as you see fit during the duration of the event to complete all the challenges and win prizes!
When: June 12th, 9:00AM - 4:30PM CST
Registration Required:
Yes! To gain admittance to the CTF Channel use Eventbrite to reserve your spot for the CTF for the conference. Then register with the SCW Team via their website (see requirements)
Requirements:
Register for the Secure Code Warrior platform here: https://discover.securecodewarrior.com/BSidesSATX-tournament21.html
Crypto Puzzle
Puzzle Master: Carl Mehner
Location: Online, Discord Channel #crypto-puzzle
Description: Try your hand at deciphering this year's challenge! There are ten puzzles in all, how many can you complete during the day?
When: Start of the conference to 1 hour before the end of the con.
Registration Required: Yes! Registration Link will be provided the day of, here and in Discord.
Requirements: Internet access and a sharp mind to find creative ways to decrypt secret messages.
PwnTheLabs CTF
Presented By: Pentester Academy
Location: Online, Discord #pwnthelabs
Description:
"PwnTheLabs" is a capture-the-flag challenge that runs in parallel with BSides SATX. It consists of 15 challenges which are designed from introductory levels to a few hair-pulling challenges. All the challenges are based on real-life scenarios which cover Web Applications, Privilege Escalation, Wifi Security, Containers Security & more. Players will be playing online using Google log-in. Top 2 winners will be walking away with Pentester Academy subscriptions — including full access to all labs and on-demand video courses. Now get ready to "PWN" the labs.
When: June 12th, 9:00AM US/Central - June 13th 9:00AM US/Central.
Registration Required: Nope, just check in to our Discord channel at event start time.
Presented By: Secure Code Warrior (returning for a second year in a row!)
Location: Online, Discord Channel #secure-coding-ctf
Description: Secure Code Warrior brings you a defensive security-based tournament from a developer's perspective. The tournament allows you to test your skill against the other participants in a series of vulnerable code challenges that ask you to identify a problem, locate insecure code, and fix a vulnerability. You don’t need extensive programming knowledge as this will be a great way to learn the foundations and intermediates of leveraging code that is not only functional but is also secure. You can find the tournament step-by-step guide here: https://youtu.be/o8XhKK_eOOs The tournament is run virtually so you can join through your laptop from the most convenient location and time. It should take only a few hours, drop-in as you see fit during the duration of the event to complete all the challenges and win prizes!
When: June 12th, 9:00AM - 4:30PM CST
Registration Required:
Yes! To gain admittance to the CTF Channel use Eventbrite to reserve your spot for the CTF for the conference. Then register with the SCW Team via their website (see requirements)
Requirements:
Register for the Secure Code Warrior platform here: https://discover.securecodewarrior.com/BSidesSATX-tournament21.html
- Check your email for confirmation and access the unique link to create your profile.
- Once logged in: click “Tournaments”
- Join the BSides SATX Secure Coding Tournament
- The Secure Code Warrior platform will be open before and after the tournament, so feel free to practice in the “Training” tab
Crypto Puzzle
Puzzle Master: Carl Mehner
Location: Online, Discord Channel #crypto-puzzle
Description: Try your hand at deciphering this year's challenge! There are ten puzzles in all, how many can you complete during the day?
When: Start of the conference to 1 hour before the end of the con.
Registration Required: Yes! Registration Link will be provided the day of, here and in Discord.
Requirements: Internet access and a sharp mind to find creative ways to decrypt secret messages.
PwnTheLabs CTF
Presented By: Pentester Academy
Location: Online, Discord #pwnthelabs
Description:
"PwnTheLabs" is a capture-the-flag challenge that runs in parallel with BSides SATX. It consists of 15 challenges which are designed from introductory levels to a few hair-pulling challenges. All the challenges are based on real-life scenarios which cover Web Applications, Privilege Escalation, Wifi Security, Containers Security & more. Players will be playing online using Google log-in. Top 2 winners will be walking away with Pentester Academy subscriptions — including full access to all labs and on-demand video courses. Now get ready to "PWN" the labs.
When: June 12th, 9:00AM US/Central - June 13th 9:00AM US/Central.
Registration Required: Nope, just check in to our Discord channel at event start time.
VILLAGES - Sponsored by Amazon Information security
Amateur Radio Village
Presented by: RadioTeacher
Location: Online, Discord Channel #amateur-radio-village
Description:
Looking to earn an Amateur Radio License? Come here and get current information on the technician test and other radio topics.
When: June 12th, 9:00AM CST - 12:00PM CST
Registration Required: None!
Requirements: None
Wireless Breakerspace
Presented By: Will Price
Location: Online, Discord Channel #wireless-breakerspace
Description:
Want to learn how to listen in on the wonderful world of wireless signals?
Come learn how to use the RTL-SDR! In these hands-on sessions, we’ll help you get set up and configured for exploring the radio frequency spectrum. We’ll use the lowest-cost software-defined radio (SDR) hardware available and a handful of open-source (free) software tools to walk through the process of capturing and decoding wireless signals. Come take the red pill and learn to pull the 1’s and 0’s out of the air!
When: June 12th, 1:00PM CST - 5:00PM CST
Registration Required: Yes! Registration through the BSides SATX Eventbright page.
Required Hardware:
Recommended hardware
https://drive.google.com/drive/folders/1MYGm0sGCw2Bn6zMAnbCqqjqMsbYcFkgz
Presented by: RadioTeacher
Location: Online, Discord Channel #amateur-radio-village
Description:
Looking to earn an Amateur Radio License? Come here and get current information on the technician test and other radio topics.
When: June 12th, 9:00AM CST - 12:00PM CST
Registration Required: None!
Requirements: None
Wireless Breakerspace
Presented By: Will Price
Location: Online, Discord Channel #wireless-breakerspace
Description:
Want to learn how to listen in on the wonderful world of wireless signals?
Come learn how to use the RTL-SDR! In these hands-on sessions, we’ll help you get set up and configured for exploring the radio frequency spectrum. We’ll use the lowest-cost software-defined radio (SDR) hardware available and a handful of open-source (free) software tools to walk through the process of capturing and decoding wireless signals. Come take the red pill and learn to pull the 1’s and 0’s out of the air!
When: June 12th, 1:00PM CST - 5:00PM CST
Registration Required: Yes! Registration through the BSides SATX Eventbright page.
Required Hardware:
- Laptop with Windows or Linux (Ubuntu recommended)
Recommended hardware
- Headphones/earbuds
- RTL-SDR such as NESDR Smart Bundle ($40 on Amazon) or NESDR ($20 on Amazon).
https://drive.google.com/drive/folders/1MYGm0sGCw2Bn6zMAnbCqqjqMsbYcFkgz
WORKSHOPS
Hacking is NOT a Crime
Presented By: Chloé Messdaghi
Location: Online, Discord Channel #hacking-is-not-a-crime
Description: 'Hacking is NOT a Crime' is a grass-rooted movement that is trying to change how the hacker community is viewed by the public and partnering with organizations to assist with hacker rights. By challenging socially constructed beliefs of what and who is a hacker, we have the ability to change the current landscape and update legislation. ****This workshop shows what we can do together to change the situation, what actions are needed immediately, and the mission of Hacking is NOT a Crime.
When: June 12th, 10:30AM - 12:00PM CST
Registration Required: Nope
Requirements: None
Web Shells - What are They and How to Hunt Them
Presented By: Joe Schottman
Location: Online, Discord Channel #web-shells
Description: Web Shells have prominently featured in many of the major breaches in recent history. They serve as critical tools for the post-exploitation phases of many attacks, from pivoting and persistence to C&C and exfiltration. This training starts with the basics of web threat hunting, teaches what Web Shells are, and then provides hands-on instruction on some techniques to detect them. This is primarily aimed at defensive staff, though offensive security practitioners will learn what to try to evade.
When: June 12th, 1:00PM - 5:00PM CST
Registration Required: Yes! Registration through the BSides SATX Eventbright page.
Requirements:
The course is modular by hour, so attend as much or as little as you need based on your existing knowledge. The content is also included in written form in the lab VM (and/or YouTube), so attendees can feel free to download it and work through it after the conference.
Job Search from A to Z: How to Get a Job and Succeed!
Presented By: Courtney Schwarten, ClearedJobs.Net
Location: Online, Discord Channel #job-search
Description: It’s not uncommon to jump from position to position with little to no strategy. It might be time to go back to that basic question: What do you want to be when you grow up? Join this interactive workshop to get strategic. You’ll walk through a process to help you focus your efforts, find opportunities, improve your resume and networking plan, increase your chances of finding a good fit and nailing the interview, in addition to preparing for negotiations and your first few months on the job.
When: June 12th, 10:00AM - 12:00PM CST
Registration Required: Nope
Requirements: None
Pwning Web Apps – An Intro to Web App Pentesting
Presented By: Phillip Wylie
Location: Online, Discord Channel #pwing-web-apps
Description: In this web app pentesting workshop learn the basics including; methodology, tools, and techniques.
When: June 12th, 9:00AM CST - 12:00PM CST
Registration Required: Yes! Registration through the BSides SATX Eventbright page.
Laptop requirements:
What we’ve learned after interrogating a million THINGS (IoT)
Presented By: Chris Rouland
Location: Online, Discord #lessons-learned-iot
Description:
Organizations understandably tend to put a tremendous amount of effort into ensuring that traditional IT platforms (desktops, laptops, servers, & mobile devices) have secure credentials and the latest security updates.
These best practices are often overlooked in the IoT arena as we find that 50% of all IoT devices we've encountered either have default passwords and / or outdated firmware.
We will discuss all the types of devices we see in organizations that fall into the IoT category, the risks associated with them, and the best way to secure devices you can’t see.
When: June 12th, 9:30AM CST - 11:00AM CST
Registration Required: Nope
Requirements: Intermediate - good IT and security foundation required, Advanced - "deep in the weeds" technical talk
Practical Active Directory Security
Presented By: Reid Gilman
Location: Online, Discord Channel #practical-ad-security
Description:
Active Directory is at the heart of many businesses - and intrusions. Attackers are experts at finding and exploiting weak permissions, but defenders often struggle to find and fix these weaknesses. A well-managed AD permissions structure can make the difference between catching an attacker early or going through a full-blown incident response. In this workshop, we show defenders how to identify, monitor, and minimize the risks posed by their AD structure.
Participants work through a mock assessment and cleanup and leave prepared to implement these changes with documentation packages and tools.
When: June 12th, 9:00AM CST - 5:00PM CST
Registration Required: Yes! Registration through the BSides SATX Eventbright page.
Laptop requirements:
Security and CISSP Lessons from CoVID-19
Presented By: Robert Slade
Location: Online, Discord #security-and-cissp
Description:
Using the pandemic, and it's lessons, as a giant case study, this workshop will cover all the domains of security, and review The areas needed for preparation for the CISSP exam.
When: June 12th, 9:00AM CST - 5:00PM CST
Registration Required: Yes! Registration through the BSides SATX Eventbright page.
Requirements:
Presented By: Chloé Messdaghi
Location: Online, Discord Channel #hacking-is-not-a-crime
Description: 'Hacking is NOT a Crime' is a grass-rooted movement that is trying to change how the hacker community is viewed by the public and partnering with organizations to assist with hacker rights. By challenging socially constructed beliefs of what and who is a hacker, we have the ability to change the current landscape and update legislation. ****This workshop shows what we can do together to change the situation, what actions are needed immediately, and the mission of Hacking is NOT a Crime.
When: June 12th, 10:30AM - 12:00PM CST
Registration Required: Nope
Requirements: None
Web Shells - What are They and How to Hunt Them
Presented By: Joe Schottman
Location: Online, Discord Channel #web-shells
Description: Web Shells have prominently featured in many of the major breaches in recent history. They serve as critical tools for the post-exploitation phases of many attacks, from pivoting and persistence to C&C and exfiltration. This training starts with the basics of web threat hunting, teaches what Web Shells are, and then provides hands-on instruction on some techniques to detect them. This is primarily aimed at defensive staff, though offensive security practitioners will learn what to try to evade.
When: June 12th, 1:00PM - 5:00PM CST
Registration Required: Yes! Registration through the BSides SATX Eventbright page.
Requirements:
The course is modular by hour, so attend as much or as little as you need based on your existing knowledge. The content is also included in written form in the lab VM (and/or YouTube), so attendees can feel free to download it and work through it after the conference.
Job Search from A to Z: How to Get a Job and Succeed!
Presented By: Courtney Schwarten, ClearedJobs.Net
Location: Online, Discord Channel #job-search
Description: It’s not uncommon to jump from position to position with little to no strategy. It might be time to go back to that basic question: What do you want to be when you grow up? Join this interactive workshop to get strategic. You’ll walk through a process to help you focus your efforts, find opportunities, improve your resume and networking plan, increase your chances of finding a good fit and nailing the interview, in addition to preparing for negotiations and your first few months on the job.
When: June 12th, 10:00AM - 12:00PM CST
Registration Required: Nope
Requirements: None
Pwning Web Apps – An Intro to Web App Pentesting
Presented By: Phillip Wylie
Location: Online, Discord Channel #pwing-web-apps
Description: In this web app pentesting workshop learn the basics including; methodology, tools, and techniques.
When: June 12th, 9:00AM CST - 12:00PM CST
Registration Required: Yes! Registration through the BSides SATX Eventbright page.
Laptop requirements:
- VirtualBox or VMware
- 20GB of free disk space for virtual machines (VMs)
- Participants should install VMWare Player prior to the workshop.
What we’ve learned after interrogating a million THINGS (IoT)
Presented By: Chris Rouland
Location: Online, Discord #lessons-learned-iot
Description:
Organizations understandably tend to put a tremendous amount of effort into ensuring that traditional IT platforms (desktops, laptops, servers, & mobile devices) have secure credentials and the latest security updates.
These best practices are often overlooked in the IoT arena as we find that 50% of all IoT devices we've encountered either have default passwords and / or outdated firmware.
We will discuss all the types of devices we see in organizations that fall into the IoT category, the risks associated with them, and the best way to secure devices you can’t see.
When: June 12th, 9:30AM CST - 11:00AM CST
Registration Required: Nope
Requirements: Intermediate - good IT and security foundation required, Advanced - "deep in the weeds" technical talk
Practical Active Directory Security
Presented By: Reid Gilman
Location: Online, Discord Channel #practical-ad-security
Description:
Active Directory is at the heart of many businesses - and intrusions. Attackers are experts at finding and exploiting weak permissions, but defenders often struggle to find and fix these weaknesses. A well-managed AD permissions structure can make the difference between catching an attacker early or going through a full-blown incident response. In this workshop, we show defenders how to identify, monitor, and minimize the risks posed by their AD structure.
Participants work through a mock assessment and cleanup and leave prepared to implement these changes with documentation packages and tools.
When: June 12th, 9:00AM CST - 5:00PM CST
Registration Required: Yes! Registration through the BSides SATX Eventbright page.
Laptop requirements:
- VirtualBox or VMware
- 20GB of free disk space for virtual machines (VMs)
- Some general security experience, preferably in a Windows/Active Directory environment
- Experience with Splunk is helpful but not required
- During this training, participants will go through several hands-on exercises using instructor-provided virtual machines. Participants should install VMWare Player prior to the workshop.
Security and CISSP Lessons from CoVID-19
Presented By: Robert Slade
Location: Online, Discord #security-and-cissp
Description:
Using the pandemic, and it's lessons, as a giant case study, this workshop will cover all the domains of security, and review The areas needed for preparation for the CISSP exam.
When: June 12th, 9:00AM CST - 5:00PM CST
Registration Required: Yes! Registration through the BSides SATX Eventbright page.
Requirements:
- Full day technical training