Workshops
List of Workshops
Guerrilla Blue Team: Logging and Alerting on a Shoestring Budget
Located in Richter 209
Introduction to Exploiting Embedded Systems
Located in Richter 215
Pwning Web Apps – An Intro to Web App Pen Testing
Located in Richter 102
This is How IR Rolls
Located in Richter 111
Wireless Breakerspace
Located in Richter 208
Located in Richter 209
- Presented by Dusty Evanoff and Garrett White
- About Dusty and Garrett: Dusty Evanoff is a Security Engineer at Cboe Global Markets. He has been studying and working in information security for over 10 years with experience in both offensive and defensive security. He has worked with multiple SIEM products, but most recently has been working on building, scaling and automating custom logging and alerting solutions. He has an MSIA from Dakota State University, and is a GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) and CISSP. Garrett White is a Security Engineer at Cboe Global Markets. He has over 10 years experience in InfoSec and Information Technology. Recently, he has specialized in building out SIEMs for several organizations in the energy and financial sector. He is a certified Splunk Admin and GIAC certified malware reverse engineer (GREM) and penetration tester (GPEN).
- Description: In this workshop, we'll show you how to use free and open source tools, along with commodity hardware to build out an intelligent logging and alerting infrastructure. We'll get your feet wet with an introduction to Elasticstack (ELK), and then show you how to leverage it to do things you may not be able to do, or to afford licensing for, with your current solution. We'll show you how to log everything from Windows Event Log to custom command output, create baselines to detect anomalous behavior, create effective alerts, and implement risk-based scoring to tune out noise without ignoring it.
- Cost: Free!
- Requirements: Laptop with virtualization capabilities (bring VMware or Virtualbox)
- Registration: Register on eventbrite with promo code "WORKSHOP". You MUST have a BSidesSATX Ticket. If you missed out on presales, you will be required to buy one the day of or lose your space in the workshop
- Number of sessions: 1
- Timing: 13:00-17:00
- Number of participants per session: 20
- Outline: Using only free and open source tools (and mostly commodity hardware) we'll show you how to build a reliable, scalable, intelligent logging and alerting infrastructure that will rival any of the paid SIEM solutions on the market. If you don't have a SIEM, aren't happy with your current solution or want to less expensive way to log more data, this workshop is for you. By the end of this four hour hands-on session you will have the tools to log anything you can imagine.
- The workshop is divided into the following sections
- Building a logging and alerting infrastructure:
- Introduction to Docker
- Introduction to the Elasticstack
- Standing-up and using Kibana as a search front-end,
- Security Considerations - Collecting and normalizing logs:
- Introduction to Beats (log collectors)
- Collecting and logging from a variety of sources:
- Windows hosts (Windows Event Logs, PowerShell, Sysmon, custom command output, and more),
- Linux hosts (system logs and Journald),
- Network data,
- Data stored within databases,
- REST APIs,
- osquery,
- File and Registry Integrity Monitoring,
- Normalizing log data to a common schema, - Enriching logs and building baselines and inventories:
- Enriching logs:
- Top 1M Sites,
- GeoIP data,
- Threat intelligence feeds,
- Vulnerability scanner output,
- Active Directory data,
- Creating baselines to identify anomalous behavior
- Baselining user behavior,
- Baselining host activity,
- Baselining processes - Creating effective alerts
- Take a systematic approach to alert writing,
- Create basic alerts with ElastAlert,
- Implement event-based scoring,
- Correlate events and implement prioritized alerting to reduce noise and alert fatigue
- Building a logging and alerting infrastructure:
- You'll take home all of the following from this workshop:
- PDF copy of slides,
- Build files to rebuild the Elasticsearch containers used in class,
Introduction to Exploiting Embedded Systems
Located in Richter 215
- Presented by Martin Hodo (@RemoteCodeEx)
- About Martin: Martin Hodo leads a team of vulnerability researchers at Raytheon CSI with decades of combined experience sowing seeds of mayhem and causing chaos in embedded systems of all shapes and sizes. They believe the best things in life are seeing an instruction pointer read 0x41414141, trafficking in illicit packets, and exploiting innocent IoT devices. They’ve never seen an IRC channel they didn’t troll or a buffer they didn’t try to overflow.
- Description: Introduction to Exploiting Embedded Systems will walk attendees through the process of hacking a SOHO WiFi router. This will include: disassembling the target; identifying component hardware; discovering hardware interfaces; establishing debugging communication; attack surface enumeration; fuzzing; reverse engineering; binary vulnerability analysis; Proof of Concept development. This won’t be the be-all-end-all master class, but it will familiarize students with enough basics that they will be able to branch out on their own with confidence. Attendees will need to have a working knowledge of the C programming language, familiarity with assembly (any architecture will do, x86, ARM, MIPS, PowerPC, etc.), general knowledge of networking, familiarity with Python and/or Bash and/or Perl, and the hunger to crush their robot servants and bend them to their will.
- Cost: FREE!
- Requirements: Students will need to bring a laptop with the ability to run a custom Kali Linux machine image that we will provide to them, either through virtualization with VMWare or similar, or through booting from removable media. We will provide targets and adapters necessary for interfacing with them.
- Registration: Register on eventbrite with promo code "WORKSHOP". You MUST have a BSidesSATX Ticket. If you missed out on presales, you will be required to buy one the day of or lose your space in the workshop
- Number of sessions: 1
- Timing: 9am-noon
- Number of participants per session: 12
Pwning Web Apps – An Intro to Web App Pen Testing
Located in Richter 102
- Presented by Phillip Wylie
- About Phillip: Phillip Wylie is a penetration tester, adjunct instructor and Bugcrowd Ambassador with over 21 years in IT and InfoSec including over 7 years of penetration testing experience. Phillip teaches ethical hacking and web app pen testing at Richland College in Dallas, Texas. Phillip founded and runs The Pwn School Project an educational organization that meets once a month in Dallas and Denton specializing in topics related to penetration testing.
- Description: In this introductory web application penetration testing workshop, participants will learn the basics of web application penetration testing including; methodology, tools, techniques and resources. Not only will the skills taught in this workshop be useful for pen testing, they are also valuable to aspiring bug hunters for use in bug bounties. In this hands-on workshop participants will be provided with a virtualized lab environment.
- Cost: FREE!
- Requirements: Bring your laptops!
- Registration: Register on eventbrite with promo code "WORKSHOP". You MUST have a BSidesSATX Ticket. If you missed out on presales, you will be required to buy one the day of or lose your space in the workshop
- Number of sessions: 2
- Timing: First session 9am-11am, second session 2pm-40pm
- Number of participants per session: 20
This is How IR Rolls
Located in Richter 111
- Presented by Anders Horrocks, Alexis Merritt, and Holly Parrish
- About Anders, Alexis, and Holly: Alexis Merritt is a cybersecurity consultant at EY and a recent graduate from Georgia Tech. She provides support to strategize and develop cybersecurity operations for Forbes Global 2000 companies. Outside of the workday, her hobbies include reading and traveling any distance for tasty food. Anders Horrocks is a cyber threat management (CTM) consultant at Ernst&Young (EY). She has experience with helping fortune 500 companies develop Security Operations Centers and Incident Response Plans. She has also assisted with multiple Table Top Exercises for both IT teams and c-suite level executives. She graduated from UTSA in 2017 with a BBA in both Cyber Security and Information Systems. Outside of work her hobbies include reading and being outdoors. Holly Parrish is a cyber threat intel (CTI) senior consultant at Ernst&Young (EY). She has five years of cyber experience, with three of them focusing on CTI. She graduated from Georgia Tech in 2016 with a BS in Computer Engineering and is back working on her Masters in Computer Science. In her free time, she plays with her two dogs and bakes
- Description: IR Table Top exercises are a company’s equivalent to school fire drills. Like most company drills, they’re usually monotonous and employees are itching to leave the exercise. However, what happens when you roll a D20? Join us for an interactive DnD-style incident response exercise workshop to find out more!
- Cost: FREE!
- Requirements: Your creativity!
- Registration: Register on eventbrite with promo code "WORKSHOP". You MUST have a BSidesSATX Ticket. If you missed out on presales, you will be required to buy one the day of or lose your space in the workshop
- Number of sessions: 1
- Timing:8am-noon
- Number of participants per session: 30
Wireless Breakerspace
Located in Richter 208
- Presented by Will Price
- About Will: Will Price has 15 years of experience in designing and building custom hardware and software in digital, analog, and RF domains. Mr. Price leveraged that experience as part of the team that was the winner of the wireless capture the flag contests at Shmoocon 2018, DEFCON 2018 (black badge), and Shmoocon 2019.
- Description: Want to learn how to listen in on the wonderful world of wireless signals? Come learn how using the RTL-SDR! In these hands-on sessions we’ll help you get set up and configured for exploring the radio frequency spectrum. We’ll use the lowest-cost software-defined radio (SDR) hardware available and a handful of open-source (free) software tools to walk through the process of capturing and decoding wireless signals. Come take the red pill and learn to pull the 1’s and 0’s out of the air!
- Cost: The cost of a RTL-SDR (i.e. NESDR Smart Bundle - $30 on amazon). Link to be provided shortly - and some will be provided at the event.
- Requirements: Laptop with Windows or Linux (Ubuntu recommended), Headphones/earbuds, and RTL-SDR
- Registration: Register on eventbrite with promo code "WORKSHOP". You MUST have a BSidesSATX Ticket. If you missed out on presales, you will be required to buy one the day of or lose your space in the workshop
- Number of sessions: 1
- Timing: 09:00-17:00
- Number of participants per session: 20
- Outline:
- 0900 Introduction to SDR
- 0900, 15 minutes, meet & greet, intro to SDR
- 0910, 15 minutes, walk through hardware setup
- 0920, 30 minutes, help set up
- 1000 Introduction to SDR#, GQRX
- 1000, 10 minutes, installation
- 1010, 30 minutes, options walk through
- 1040, 20 minutes, hands-on signal hunting
- 1100 Introduction to Universal Radio Hacker, Inspectrum
- 1100, 10 minutes, installation
- 1110, 30 minutes, options walk through
- 1140, 20 minutes, hands-on signal decoding
- 1200 Lunch
- 1300 Intro to SDR
- 1400 Intro to SDR#, GQRX
- 1500 Intro to URH, Inspectrum
- 1600 Intro to GNU Radio Companion (the open world of SDRs)
- 1600, 10 minutes, installation
- 1610, 10 minutes, sources and sinks
- 1620, 10 minutes, build a GUI
- 1640, 30 minutes, hands-on with GRC
- 0900 Introduction to SDR