2020 Events
Resume Review
Provided by the our sponsors ClearedJobs.Net and CyberSecJobs.com
Registration required
Register by joining the #career-general channel and indicating you're interested. Registration only open during the time period (no pre-registration)
Time: Saturday 11 July 2020 from 13:00-15:00 CDT
If you would like to have your resume reviewed, recruiters will be available from 1300-1500 CDT on the
BSidesSATX Discord server. Reviewers will be available on a first come, first served based. Each review
time will be 12 minutes to allow as many people as possible to have their resume reviewed.
Requirements:
Please have your resume ready, along with being prepared for a voice chat.
Provided by the our sponsors ClearedJobs.Net and CyberSecJobs.com
Registration required
Register by joining the #career-general channel and indicating you're interested. Registration only open during the time period (no pre-registration)
Time: Saturday 11 July 2020 from 13:00-15:00 CDT
If you would like to have your resume reviewed, recruiters will be available from 1300-1500 CDT on the
BSidesSATX Discord server. Reviewers will be available on a first come, first served based. Each review
time will be 12 minutes to allow as many people as possible to have their resume reviewed.
Requirements:
Please have your resume ready, along with being prepared for a voice chat.
Point3 Security's ESCALATE CTF
Point3 Team:
Chloé Messdaghi - Vice President of Strategy
Jennifer Carson - Event Coordinator
Paul Taylor - Technical Mentor
Registration required
Registration through the BSides SATX Eventbrite page. Click here to register.
Time: Saturday 11 July 2020 from 09:00-23:59 CDT
The ESCALATE Training Platform is an immersive and tailorable ecosystem that delivers gamified cyber-skills challenges with an online community of mentors. This BSides SATX, Point3 has selected a "boutique" of their best cyber challenges. There is challenge for all skillset levels, novice to professional. Visit ittakesahuman.com for more information on the ESCALATE Training Platform.
The CTF will consist of programming challenges, reverse engineering, network operations, network forensics, web and binary exploitation, and more.
Requirements:
Internet connectivity, and the ability to connect to the infrastructure with either provided VPN credentials or through our web Kali VM.
Point3 Team:
Chloé Messdaghi - Vice President of Strategy
Jennifer Carson - Event Coordinator
Paul Taylor - Technical Mentor
Registration required
Registration through the BSides SATX Eventbrite page. Click here to register.
Time: Saturday 11 July 2020 from 09:00-23:59 CDT
The ESCALATE Training Platform is an immersive and tailorable ecosystem that delivers gamified cyber-skills challenges with an online community of mentors. This BSides SATX, Point3 has selected a "boutique" of their best cyber challenges. There is challenge for all skillset levels, novice to professional. Visit ittakesahuman.com for more information on the ESCALATE Training Platform.
The CTF will consist of programming challenges, reverse engineering, network operations, network forensics, web and binary exploitation, and more.
Requirements:
Internet connectivity, and the ability to connect to the infrastructure with either provided VPN credentials or through our web Kali VM.
Secure Coding Tournament
Secure Code Warrior Team:
Registration required
Registration through the BSides SATX Eventbrite page. Click here to register.
When: Saturday 11 July 2020 from 09:00-17:00 CDT
Improve your secure coding skills by joining the BSides SATX Secure Coding tournament on July 11th from 9:00AM CDT - 5:00PM CDT. The tournament allows you to compete against the other participants in a series of vulnerable code challenges that ask you to identify a problem, locate insecure code, and fix a vulnerability.
All challenges are based on the OWASP Top 10, and players can choose to compete in a range of software languages including Java EE, Java Spring, C# MVC, C# WebForms, Go, Ruby on Rails, Python Django & Flask, Scala Play, Node.JS, React, and both iOS and Android development languages.
Throughout the tournament, players earn points and watch as they climb to the top of the leaderboard. Prizes will be awarded to the top finishers! First place will receive a hoodie, and lots of bragging rights!
Requirements:
The tournament is run virtually so you can join through your laptop from the most convenient location and time.
Secure Code Warrior Team:
- Alicia Gordon - Senior Marketing Specialist
- Derek Orgeron - Enterprise Account Executive
Registration required
Registration through the BSides SATX Eventbrite page. Click here to register.
When: Saturday 11 July 2020 from 09:00-17:00 CDT
Improve your secure coding skills by joining the BSides SATX Secure Coding tournament on July 11th from 9:00AM CDT - 5:00PM CDT. The tournament allows you to compete against the other participants in a series of vulnerable code challenges that ask you to identify a problem, locate insecure code, and fix a vulnerability.
All challenges are based on the OWASP Top 10, and players can choose to compete in a range of software languages including Java EE, Java Spring, C# MVC, C# WebForms, Go, Ruby on Rails, Python Django & Flask, Scala Play, Node.JS, React, and both iOS and Android development languages.
Throughout the tournament, players earn points and watch as they climb to the top of the leaderboard. Prizes will be awarded to the top finishers! First place will receive a hoodie, and lots of bragging rights!
Requirements:
The tournament is run virtually so you can join through your laptop from the most convenient location and time.
Pwning Networks: An Introduction to Network Pentesting Workshop
Phillip Wylie
Location: GoToMeeting
Registration required: Click here to register ("Virtual Registration - All Tracks" required along with "Pwning Networks: An Intro to Network Pentesting")
When: Saturday 11 July 2020 10:00 - 12:00 CDT
In this hands-on workshop, you will learn how to detect and exploit vulnerabilities using automated and manual techniques against Windows and Linux operating systems.
Tools covered are but not limited to:
- Network and web application vulnerability scanners
- Nmap port and service scanner
- Metasploit Framework exploitation tool
- Plus many other tools in the Kali Linux pentesting distribution
Laptop requirements:
- VirtualBox or VMware
- 20GB of free disk space for virtual machines (VMs)
Prerequisites:
Attendees will need a basic understanding of TCP/IP networking and Windows and Linux operating systems.
Phillip Wylie
Location: GoToMeeting
Registration required: Click here to register ("Virtual Registration - All Tracks" required along with "Pwning Networks: An Intro to Network Pentesting")
When: Saturday 11 July 2020 10:00 - 12:00 CDT
In this hands-on workshop, you will learn how to detect and exploit vulnerabilities using automated and manual techniques against Windows and Linux operating systems.
Tools covered are but not limited to:
- Network and web application vulnerability scanners
- Nmap port and service scanner
- Metasploit Framework exploitation tool
- Plus many other tools in the Kali Linux pentesting distribution
Laptop requirements:
- VirtualBox or VMware
- 20GB of free disk space for virtual machines (VMs)
Prerequisites:
Attendees will need a basic understanding of TCP/IP networking and Windows and Linux operating systems.
Cyber Pub Trivia
Women in Cybersecurity (WiCyS)
Location: GoToMeeting
When: Saturday 11 July 2020 13:00 - 15:00 CDT
Trivia about cyber covering topics like malware families, MITRE TTPs, women in computing/general computer history, and even CISSP prep questions. We look forward to you joining us on this adventure through trivia time!
Women in Cybersecurity (WiCyS)
Location: GoToMeeting
When: Saturday 11 July 2020 13:00 - 15:00 CDT
Trivia about cyber covering topics like malware families, MITRE TTPs, women in computing/general computer history, and even CISSP prep questions. We look forward to you joining us on this adventure through trivia time!
Crypto Puzzle
Carl Mehner
Location: Online. Office hours will be provided for any help with the puzzle from:
Registration: Registration Link will be provided the day of here and in Discord.
Try your hand at deciphering this year's challenge! There are ten puzzles in all, how many can you complete during the day?
Requirements: Internet access and a sharp mind to find creative ways to decrypt secret messages.
Carl Mehner
Location: Online. Office hours will be provided for any help with the puzzle from:
- 09:00-10:00 Central
- 13:00-14:00 Central
- 16:00-17:00 Central
Registration: Registration Link will be provided the day of here and in Discord.
Try your hand at deciphering this year's challenge! There are ten puzzles in all, how many can you complete during the day?
Requirements: Internet access and a sharp mind to find creative ways to decrypt secret messages.
Ethical Hacking Attack Phases Workshop
EC Council
Location: External
Registration through the BSides SATX Eventbrite page. Click here to register.
NOTE: This is a paid workshop. EC Council has provided a discount of this workshop, lowering the cost to $99.
When: Saturday 11 July 2020 TBA
In this workshop you will learn system hacking, following this you will learn how to hack and assess web applications. Once you have practic- es these hacks, you will learn attacks that target wireless devices as well as mobile devices. You will be introduced to techniques to identify the attack surface and then the vectors for attack depending on the device(s) encountered.
WHO SHOULD ATTEND? IT Admins who are interested in cybersecurity, Ethical Hackers, Pen Testers.
For more information, check out the flyer here.
EC Council
Location: External
Registration through the BSides SATX Eventbrite page. Click here to register.
NOTE: This is a paid workshop. EC Council has provided a discount of this workshop, lowering the cost to $99.
When: Saturday 11 July 2020 TBA
In this workshop you will learn system hacking, following this you will learn how to hack and assess web applications. Once you have practic- es these hacks, you will learn attacks that target wireless devices as well as mobile devices. You will be introduced to techniques to identify the attack surface and then the vectors for attack depending on the device(s) encountered.
WHO SHOULD ATTEND? IT Admins who are interested in cybersecurity, Ethical Hackers, Pen Testers.
For more information, check out the flyer here.
Threat Hunting CTF with Elastic
Instructors
Devon Kerr, Intelligence & Analytics Team Lead, @_devonkerr_
Daniel Stepanic, Senior Security Research Engineer, @DanielStepanic
David French, Senior Security Research Engineer, @threatpunter
Justin Ibarra, Senior Security Research Engineer, @br0k3ns0und
Registration required
Registration through the BSides SATX Eventbrite page. Click here to register.
When: Saturday 11 July 2020 13:00 CDT
Duration: 3 hours
Maximum no of attendees: 25
The wisdom of “assume breach” has never been more relevant than when we consider the role of threat hunters in proactively identifying threats. Once an attacker has obtained initial access to their target environment, they attempt to evade detection as they work towards their objectives.
Threat hunting combines the knowledge and experience of your team with technologies in your environment to create an active capability - one that assumes passive and reactive approaches alone are flawed, and that perpetually seeks evidence of malicious activity. By practicing the skills and critical thinking of threat hunters, attendees will be better equipped to detect intrusions earlier and more comprehensively - preventing damage to critical systems or loss of data.
During this capture the flag (CTF) session, you will learn how to use open source and free software such as the Elastic Stack, Beats, and Sysmon to hunt for adversary tradecraft.
You will be presented with a realistic scenario for the CTF: Your organization is breached. You will receive a threat intelligence report that provides details of how a partner company was recently compromised. Your goal is to hunt for and identify evidence of the threat group’s malicious behavior.
The CTF range will be open for 24 hours and we will open a Slack channel for attendees to communicate with members of Elastic Security during the event. Students will be provided with additional reading to learn more about threat hunting methodology.
Attendee Prerequisites
Who should attend? This event is meant for Security and IT professionals who want to develop or renew threat hunting skills and experiences that are applicable to both open source and commercial technology solutions.
Prerequisites: An understanding of endpoint and network fundamentals. Experience working in an IT or security operations role such as a SOC or incident response analyst is a bonus. Experience using a SIEM, knowledge of adversary tradecraft, and Kibana Query Language (KQL) is a nice-to-have, but not required.
To participate in the CTF exercise, use a laptop running an up-to-date version of Windows 10 or MacOS and at least one of the following Internet browsers: IE11+, Firefox, or Chrome. Prepare any peripherals necessary for Internet connectivity and accessibility.
Instructors
Devon Kerr, Intelligence & Analytics Team Lead, @_devonkerr_
Daniel Stepanic, Senior Security Research Engineer, @DanielStepanic
David French, Senior Security Research Engineer, @threatpunter
Justin Ibarra, Senior Security Research Engineer, @br0k3ns0und
Registration required
Registration through the BSides SATX Eventbrite page. Click here to register.
When: Saturday 11 July 2020 13:00 CDT
Duration: 3 hours
Maximum no of attendees: 25
The wisdom of “assume breach” has never been more relevant than when we consider the role of threat hunters in proactively identifying threats. Once an attacker has obtained initial access to their target environment, they attempt to evade detection as they work towards their objectives.
Threat hunting combines the knowledge and experience of your team with technologies in your environment to create an active capability - one that assumes passive and reactive approaches alone are flawed, and that perpetually seeks evidence of malicious activity. By practicing the skills and critical thinking of threat hunters, attendees will be better equipped to detect intrusions earlier and more comprehensively - preventing damage to critical systems or loss of data.
During this capture the flag (CTF) session, you will learn how to use open source and free software such as the Elastic Stack, Beats, and Sysmon to hunt for adversary tradecraft.
You will be presented with a realistic scenario for the CTF: Your organization is breached. You will receive a threat intelligence report that provides details of how a partner company was recently compromised. Your goal is to hunt for and identify evidence of the threat group’s malicious behavior.
The CTF range will be open for 24 hours and we will open a Slack channel for attendees to communicate with members of Elastic Security during the event. Students will be provided with additional reading to learn more about threat hunting methodology.
Attendee Prerequisites
Who should attend? This event is meant for Security and IT professionals who want to develop or renew threat hunting skills and experiences that are applicable to both open source and commercial technology solutions.
Prerequisites: An understanding of endpoint and network fundamentals. Experience working in an IT or security operations role such as a SOC or incident response analyst is a bonus. Experience using a SIEM, knowledge of adversary tradecraft, and Kibana Query Language (KQL) is a nice-to-have, but not required.
To participate in the CTF exercise, use a laptop running an up-to-date version of Windows 10 or MacOS and at least one of the following Internet browsers: IE11+, Firefox, or Chrome. Prepare any peripherals necessary for Internet connectivity and accessibility.
Wireless Breakerspace
Presented by: Will Price
Location: Discord (#wireless-breakerspace)
Registration recommended!
Registration through the BSides SATX Eventbrite page. Click here to register.
Want to learn how to listen in on the wonderful world of wireless signals? Come learn how using the RTL-SDR! In these hands-on sessions we’ll help you get set up and configured for exploring the radio frequency spectrum. We’ll use the lowest-cost software-defined radio (SDR) hardware available and a handful of open-source (free) software tools to walk through the process of capturing and decoding wireless signals. Come take the red pill and learn to pull the 1’s and 0’s out of the air!
Required Hardware:
About Will: Will Price has 15 years of experience in designing and building custom hardware and software in digital, analog, and RF domains. Mr. Price leveraged that experience as part of the team that was the winner of the wireless capture the flag contests at Shmoocon 2018, DEFCON 2018 (black badge), Shmoocon 2019, DEFCON 2019, and Shmoocon 2020.
Discord Schedule:
0900 Introduction to SDR
1100 Introduction to SDR#, GQRX
1300 Introduction to Universal Radio Hacker, Inspectrum
1500 Intro to GNU Radio Companion (the open world of SDRs)
Presented by: Will Price
Location: Discord (#wireless-breakerspace)
Registration recommended!
Registration through the BSides SATX Eventbrite page. Click here to register.
Want to learn how to listen in on the wonderful world of wireless signals? Come learn how using the RTL-SDR! In these hands-on sessions we’ll help you get set up and configured for exploring the radio frequency spectrum. We’ll use the lowest-cost software-defined radio (SDR) hardware available and a handful of open-source (free) software tools to walk through the process of capturing and decoding wireless signals. Come take the red pill and learn to pull the 1’s and 0’s out of the air!
Required Hardware:
- Laptop with Windows or Linux (Ubuntu recommended)
- Headphones/earbuds
- RTL-SDR such as NESDR Smart Bundle ($40 on Amazon) or NESDR ($20 on Amazon).
About Will: Will Price has 15 years of experience in designing and building custom hardware and software in digital, analog, and RF domains. Mr. Price leveraged that experience as part of the team that was the winner of the wireless capture the flag contests at Shmoocon 2018, DEFCON 2018 (black badge), Shmoocon 2019, DEFCON 2019, and Shmoocon 2020.
Discord Schedule:
0900 Introduction to SDR
1100 Introduction to SDR#, GQRX
1300 Introduction to Universal Radio Hacker, Inspectrum
1500 Intro to GNU Radio Companion (the open world of SDRs)