Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

B-Sides Liquor Lounge (Downstairs) [clear filter]
Saturday, June 25

10:00am EDT

Ask a CISO
There are a lot of different talks that are on specific topics, but it's not possible to cover everything in depth. This will be an actual discussion on security, focusing on YOUR questions.

avatar for Jamie Murdock

Jamie Murdock

Jamie has specialized defending, securing, and protecting corporate networks. During this time, he built security operation centers for Fortune 500 companies, providing expert guidance in all areas of security operations. He built incident response and threat intelligence programs... Read More →

Saturday June 25, 2016 10:00am - 10:30am EDT
B-Sides Liquor Lounge (Downstairs)

10:30am EDT

Fun with One Line of Powershell
This talk shows how to use one line of PowerShell in different ways to get meterpreter on a system. Beginning with the creation of a malicious ps1 file using msfvenom, starting a handler, and hosting the malicious ps1 for targets to download. Once the target runs the one liner, it'll download and execute the malicious ps1 file giving you a meterpreter session. I then go over different ways to get targets to run the one liner using a Teensy, a shortcut on a network share, a macro enabled spreadsheet, a misconfigured mssql server (blank SA), and using ysoserial to exploit vulnerable java deserialization functionality.


Matthew Turner

I live in North Carolina and I work for a fortune 500 financial institution on their Red Team. I have GPEN, GWAPT, GCIH, GSEC certifications. I was born and raised in the greater Cleveland area and moved to the Durham/Raleigh area a little over 2 years ago.

Saturday June 25, 2016 10:30am - 11:00am EDT
B-Sides Liquor Lounge (Downstairs)

11:00am EDT

Better life through Models
Models play a major role in our lives - we start using them as an infant to understand everything from motor skills to social constructs, and continue using them throughout our lives as we develop. We will look at the impact models can have on skills development, security program development, and even dealing with/planning for/analyzing specific threat scenarios. To do this we'll dive into the good and bad of various models at work in the industry today, have a few laughs, and discuss the characteristics that make said models valuable from different angles.


Steven Legg

Steven D. Legg (@ZenM0de) is a Principal Security Strategist for eSentire. Bringing more than 16 years of experience with everything from designing secure nationwide multimedia distribution networks to directing teams and building businesses, Steven now spends his time assessing... Read More →

Saturday June 25, 2016 11:00am - 12:00pm EDT
B-Sides Liquor Lounge (Downstairs)

2:00pm EDT

Security Automation in your Continuous Integration Pipeline
Developers use unit tests and acceptances tests in continuous integration (CI) to find bugs early and often in a repeatable way. Security is an important part of any software development life cycle. So why not add security analysis tools to this pipeline? This talk will cover adding and using OWASP/pipeline, a framework made for running security analysis tools in CI.


Jimmy Byrd

Jimmy Byrd is currently a Security Developer at Binary Defense Systems. He has worked as a developer for 8 years in a collection of fields such as manufacturing, education, medical, and SCADA. After being the victim of a SQL Injection attack in 2011, Jimmy started learning more about... Read More →

Saturday June 25, 2016 2:00pm - 2:30pm EDT
B-Sides Liquor Lounge (Downstairs)

2:30pm EDT

The WiX Toolset, How to Make Your Own MSIs
A 20 minute crash course on the basics of: Using the WiX Toolset to create your own MSIs. Debugging your MSIs. Creating a UI for your MSIs. Making MSI creation flexible enough for automation.

avatar for Charles Yost

Charles Yost

Charles Yost is currently a Senior Developer at TrustedSec. He has worked in the IT industry for over 15 years in a wide variety of roles including: Printer Technician, VoIP Systems Administrator, .Net Developer, and Web Developer. Throughout life his number one passion has been learning... Read More →

Saturday June 25, 2016 2:30pm - 3:00pm EDT
B-Sides Liquor Lounge (Downstairs)

3:00pm EDT

Responder for Purple Teams
This talk will focus on the tool Responder and how it can be used by both attackers as well as defenders. We'll review the current feature set, other tools that work in conjunction with it, and demonstrate a few real-world testing scenarios that can be used by penetration testers and blue teamers alike.

avatar for Kevin Gennuso

Kevin Gennuso

Kevin has worked in information security for nearly 20 years and has yet to witness the death of SQL injection, undocumented backdoors, or the willingness to click the thing.

Saturday June 25, 2016 3:00pm - 3:30pm EDT
B-Sides Liquor Lounge (Downstairs)

3:30pm EDT

Bridging the Gap or: How I Learned to Stop Worrying, and Love the Developers
The relationship between security professional, and developers often seems adversarial. In this presentation I will be discussing the problems, work-flows and end-goals from the developer and security professional's viewpoint.

I will discuss in depth, the pressures and business needs that often drives development cycles. We'll also be talking about the mind-set of the successful developers you can easily win over, how to do it, and how to expand this to all development teams.

We Security Professionals are also not without fault. Our approach of tracking issues, and throwing tools at the problem just isn't working. I'll be talking about my experiences within different organizations, and how minor adjustments can gain wider acceptance and appreciation for security teams within the organization.

It is hoped by spreading understanding what drives a developer's mindset, as well as the development process, we as security professionals can help them, and ourselves. In outlining the problem, as well as filling in the gaps for those who lack development experience, we can bring security and development onto one team.


eric mikulas

Eric Mikulas is a reformed developer with over 15 years of professional software development experience crossing various industries. Being raised by an Electrical Engineer, and learning to solder, and read schematics before being able to cursive write, he was raised by technology... Read More →

Saturday June 25, 2016 3:30pm - 4:30pm EDT
B-Sides Liquor Lounge (Downstairs)

4:30pm EDT

Gamify Security Awareness: Failure to Engage is Failure to Secure
We call it security awareness training, but all we ever give our employees is regurgitated knowledge. Their passwords suck, public wifi is bad, and email is deceiving. Mix in some yearly reviews of policies and procedures and you have the perfect recipe for an employee who stopped listening hours ago. You don't truly learn something until you understand "why" and that comes when employees are engaged and motivated. This is my take on how to engage through gaming and why it works

avatar for Michael Woolard

Michael Woolard

Mike is a security analyst who has worked in the IT field for 17+ years. A broad background from helpdesk to sysadmin, system engineer, networking, DB and development work. Most of Mike's work now centers around pentests and risk assessments, but an integral part will always be awareness... Read More →

Saturday June 25, 2016 4:30pm - 5:00pm EDT
B-Sides Liquor Lounge (Downstairs)

5:00pm EDT

State of Emergency: We're Under "Cyber" Attack
When there is a natural disaster or catastrophic event... who ensures responsibility for recovery or who should? The City, State or Local government, the National Guard, FEMA, non-profits, private businesses, the people, etc., or maybe all of the above. Government emergency operations and disaster relief has been a long standing practice, but what about for "Cyber" Attack or "Cyber" disaster? With Hollywood movies and TV Shows like Mr. Robot, more people are starting to wonder, what would happen... or hopefully what is in place if "something" would happen? In this talk we will go into the history of Local and State Government involvement in Emergency Operations of a catastrophic Cyber Attack. We will also touch on the deep depths of "Cyber" Martial Law.

avatar for Jeremy Mio

Jeremy Mio

Jeremy works at a local government facilities as the Information Security Officer directing the Security and Research Department and is co-founder of CodeRed LLC that focuses on Cyber Security, Application Development, and Leadership. He has been on the Northeast Ohio InfraGard executive... Read More →

Saturday June 25, 2016 5:00pm - 5:30pm EDT
B-Sides Liquor Lounge (Downstairs)

6:30pm EDT

After Party
Food and open bar for attendees. Chill and chat about the talks earlier in the day.

Saturday June 25, 2016 6:30pm - 8:00pm EDT
B-Sides Liquor Lounge (Downstairs)
Filter sessions
Apply filters to sessions.