BSides Boston 2016
Talks
Breaking Out of the Silo
Information Security teams are trying to manage increasingly complex IT and cloud environments at their organizations while also keeping pace with an ever-changing threat landscape. At the same time, there's a well-documented issue of unfilled sec...
Justin Pagano, Julian DeFronzo
Keynote - Boston BSides 2016
Anonymous -- the masked activists who have contributed to hundreds of political operations around the world since 2008 -- were perfectly positioned to earn the title of cyberterrorists. In this talk Dr. Coleman considers the various factors, from ...
Gabriella Coleman
Protect Against CryptoLocker Ransomware
Recently, attackers employing a CryptoLocker variant have been removing volume shadow copies on systems, disallowing the users from restoring those files and then encrypting the files for ransom. If a user cannot recover from backups, he/she is at...
Ryan Nolette
Panel: Roads to a Career in CyberSecurity
There is no single path to a successful career in cyber security. The security industry requires individuals with diverse sets of expertise and experiences - from analysts to engineers, from CISOs to marketers; just like the Women on this panel an...
Sandy Carielli, Nazira Carlage, Deidre Diamond, Sonia Arista, Lital Asher-Dotan
Info Driven Product Design
Two of the currently most valued technology skills are that of data scientists and cyber security professionals. It is estimated that there are 1 million job openings for cyber security experts in the US. Information-driven product design uses inf...
Nikon Rasumov
Becoming a Multiheaded Hydra
It is a universal truth acknowledged that security teams have too much to do, and never enough resources to do it. Traditionally, there are tactical tasks that security organizations own that we all hate doing: event triage, managing vulnerabi...
Jen Andre
Simple Data Exfiltration in a Secure Industry Environment
Since Edward Snowden’s extensive data exfiltration from a high-security NSA environment, there has been heightened focus on data exfiltration - not only from government and defense environments but also from security-conscious industries such as f...
Phil Cronin
Up is Down Black is White SCCM
Offense and defense overlap more often than you may think. The same tools that allow attackers to disappear into the shadows can be used to tease indicators out of the noise. Lateral movement that blends in with normal traffic can be a challenge i...
Matt Nelson, Will Schroeder
We Bought Some Tools -- Now What?
Everyone knows that information security isn’t something that can be ignored. Most people are doing something about it. But how do you know if you’re focusing on the right things, and where your gaps are? Is your focus based on a checklist your CI...
Jim Bowker
Discover 1352 Wordpress Plugin XSS
In a single night, I was able to find about 1400 vulnerabilities in wordpress plugins. Not only that, but they were all a single kind of vulnerability, cross site scripting (XSS). Using techniques that I have developed, I was able to mass download...
Larry Cashdollar
WordPress
How to Be Sick With Success
117 million people in the United States have at least one chronic illness, and In 2010 7 of the top 10 causes of death were chronic diseases. So it makes sense that a portion of our community suffers from at least one chronic illness: diabetes, a ...
Emily Pience
Diversity, Don't Read the Comments
We tend to know diversity is important. There’s evidence that diverse teams are smarter and more creative. Furthermore, there’s also a lot of evidence that diversity matters for the bottom line. Based on the evidence, it seems like diversity would...
Pedro Marcano
Facilitating Fluffy Forensics
Cloud computing enables the rapid deployment of servers and applications, dynamic scalability of system resources, and helps businesses get products to market faster than ever before. Most organizations are aware of the benefits of adopting cloud ...
Andrew Hay
CSO Panel - Boston BSides 2016
We had Chief Security Officers from varying industries to talk about their experiences in the field. We had CSOs from technology, medical, education, banking, startup and higher education. Please enjoy our panel with our CSOs. Jon Creekmore, T...
Andy Ellis, Mark Nardone, Jon Creekmore, Adam Glick, Patrick Laverty, Sonia Arista, Josh Feinblum
Getting Past Blame - A Human Strategy for Hacking Security
By regarding humans as the weakest link, contemporary information security perspectives disrespect users and business owners. We’ve failed in our attempts to tame the human. Code bases are getting larger and more complex while malware stays small ...
Michael Figueroa
Machine Learning for Incident Detection
Organizations today are collecting more information about what's going on in their environments than ever before, but manually sifting through all this data to find evil on your network is next to impossible. Increasingly, companies are turning to...
Chris McCubbin, David Bianco
Machine Learning
Advanced XSS Attacks
Many developers are becoming increasingly familiar with the OWASP Top 10 Web Application Security Risks and the other OWASP Projects such as the OWASP Proactive Controls. However, in today’s world of advanced client side JavaScript frameworks, Sin...
David Bressler, Casey Dunham
Pentesting for Fun and Profit
Should you become a pentester? How do you get there? What skills are required? What's the difference between a good tester and a "bad" tester and how to avoid the former. This talk aims to answer these questions and give a basic overview of wh...
William Reyor
Building Advanced XSS Vectors
In the modern web, with heavy use of client side processing and security guards like WAFs and XSS-aware browsers, XSS exploitation became much more clever and dangerous as it was never before. In this talk we will see how to build modern and a...
BruteLogic