BSides Cleveland 2016

A real story of the cyber attack on the Israeli Police Department during 2012 and the effort in identifying the tools and infrastructure used by the adversary. A look, behind the scene, of the threat intelligence analyst work and investigation process and lesson learned.

Learn how to use non-traditional design elements to enhance physical security. Capitalizing on environmental aspects of design can help you reinforce traditional measures, often with little investment, and by using existing budgeted items.

Free Taco Truck for attendees

Most buses have dedicated hardware that a system uses to communicate with attached devices. This hardware generates the appropriate waveforms to implement the bus' protocol. Bit-Banging is the set of techniques that allows one to generate these waveforms directly from software using little to no extra hardware.

Controlling these waveforms from software has many advantages:
-Protocol Violations - transmitting sequences on the bus that the hardware would not normally permit opens up a whole new vector for attacking a system.
-Monitoring - passively observe traffic going across a bus, good for reverse engineering, and debugging.
-Packet Injection/Suppression - waiting until a device sends a packet, stopping the packet in its tracks, writing your own in its place.
-Access Non-Standard Protocols - some devices use proprietary protocols for which there is no standard hardware to interface to it.

This paper presents the primitive operations used for bit-banging, introduces some of the common strategies involved, looks at some of the common pitfalls encountered, and gives an overview of some advanced techniques that can be used when software is not fast enough to meet the required protocol.

Most people have seen TV Shows such as CSI Cyber or Scorpion, just to name a few, where security appears to be something magical and for the gifted. Thanks to places like Hollywood, there has become this facade surrounding cyber security careers, which leads to false expectations towards the field. As current students at the very beginning of building our careers in computer security, we will share what it has been like to start learning the difference between our preconceived expectations and the actual reality of the career options available to us as we prepare to graduate. We will also share what types of things we are being exposed to as students by participating in various events such as Capture the Flag (CTF) competitions, the Collegiate Cyber Defense Competition (CCDC), and through Internships/Work-Studies.

Data Analysis: it sucks. Make it not suck with Splunk, a 21st century approach for analyzing mountains of data as it relates to digital forensics and incident response. Learn how Splunk can enable you to quickly search, examine, and visualize any data from anywhere. The presenters will also give you useful insight on how to best use this tool to streamline forensic processes, incident scoping, and initial triage. Further, see how much time, effort, and money can be saved by using splunk for analysis instead of typical forensic tools.

Lesson learned in applying knowledge from the "SafeCracking on a Budget" presentation. http://2014.ruxcon.org.au/assets/2014/slides/rux-safe-cracking.pdf.

We had a problem: no combination to a safe. The solution was to build a automatic our own safe dialer. We will review the steps we followed, Information gathered, Vulnerability Analysis, Exploitation, Post-Exploitation, and Reporting. (PTES Technical Guidelines style). Along the way we will share knowledge learned and stories of success and failure.

"Throughout human history, we have been dependent on machines to survive. Fate, it seems, is not without a sense of irony."

Hide yo' kids, Hide yo' SCADAHZ. lulz - j/k. Despite the somewhat ominous title, this is not a FUD (Fear/Uncertainty/Doubt) talk, but rather an in depth discussion of what an industrial/ICS/DCS/SCADA/IoT environment is, it's evolutionary progression, and most importantly why it matters.

Its time to set the record straight. This discussion will break down the differences and nuance in these common infrastructures and discuss why most people are flat out wrong in their understanding and assumptions of the environments. If time permits, we can discuss/Q&A the stuxnet package - as much as I hate talking about it (STILL), most people get this wrong too.

An overview of physical security - How locks work and how we pick them.