Talks
Events

BSides Boston 2017

Talks

Finding Haystacks in Your Needles: Threat Hunting Problems in Real World Data

Resources such as SANS's "Know Normal, Find Evil" and MITRE's ATT&CK framework are a great starting point when looking for malicious activity on a host ... but what happens when you actually start diving into the data? Is finding malware really as...

Sara Miller

Weaponizing Splunk: Using Blue Team Tools For Evil

Splunk has secured a large portion of the log aggregation and correlation market. In turn penetration testers find a lot of misconfigured implementations during engagements. This talk will be discussing creative abuses of the Splunk product to com...

Ryan Hays

Everything I Need to Know About Security I Learned From Kung Fu Movies

Are you an aspiring or current security professional overwhelmed with how to get into and be successful in information security today? Kung Fu can help. Specifically, Kung Fu movies can help. Take it from me, a security professional and kung fu mo...

Paul Asadoorian

Ghost in the Droid

Ghost detection apps take many forms in the Google Play store, with an active social media community sharing screenshots, energy disturbance levels, and recorded audio and video for ethereal detection events. But what exactly do these apps do? How...

Josh Wright

Learn How to Speak Malware: A New Approach to Combat Attacks

In order for an attacker to steal from you, they need persistent access. This means ensuring their C2 is reliable and resilient to takedown. That’s the main reason why over 90% of malware uses DNS for command & control and exfiltration. The good n...

Todd O'Boyle

Why Does the Industry Make Insecure Software

The computer / information security business is now decades old and we're still growing negative metrics - CVEs and security flaws are are supernumerary; software security disasters are increasingly larger; "data breaches" and "cyber attacks" are ...

Craig Chamberlain

How Vulnerability Intelligence is Poisoning your Information Security Program

Integrating vulnerability scanning results into one’s security ecosystem involves a serious hidden challenge which results in heinous consequences, thereby killing your InfoSec program. This session shares clues on this challenge, step by step, in...

Gordon MacKay

Scripting Social Engineering Attacks

Script all the things! Streamline phishing, vishing, and gaining physical access to restricted areas by using modular social engineering scripts and pretexts. Gaining physical or virtual footholds is a crucial first step in a successful exploit ch...

Dave Comstock

Our Journey of Building a Security Program at a Small Startup

Building a security program from scratch is hard enough, but it’s even harder for small security startup that is made up of a distributed workforce that is mostly remote. With a company full of people with security experience, everyone has an opin...

Julian DeFronzo, Dan Erxleben

Coding in Scratch for Kids

Scratch is a coding language for kids created by MIT. Come and find out about Scratch, how to get your kids started and even create your own first program! It's super easy to do, a lot of fun and your kids will love it. What's even better, it's be...

McKenna Laverty

Does DoD Level Security Work in the Real World?

After spending nearly 13 years working for the Department of Defense, I ventured out into the private sector to consult and advise on matters of information security. On many occasions, after explaining some basic security concept to a customer an...

Jeff Man

Panel: Breaking Into Infosec

Are you interested in Information Security, but you don't know where to start?Are you a professional in another field, wanting to switch into Information Security? Or maybe you're a Security Professional looking to make a move, andwant to know wha...

Unknown

Security in S, M, L, and XL

Security is not a one size fits all solution. Currently most small businesses are incapable of detecting or responding to a breach. Learn about different approaches, product and solution stacks that small and medium businesses can implement fro...

Pedro Marcano, Vik Solem

I Mentor and Now You Can Too

The hacker community has a reputation of a lust for knowledge and for sharing that knowledge with others. It is one of the reasons there are so many conferences and local meetups where we are all volunteering our time to educate and help others. W...

Casey Dunham

Escaping Alcatraz: Breaking out of Application Sandboxed Environments

Application sandboxing has become extremely popular. This technology makes it easier to manage a network environment easily, allows an administrator to grant access to specific applications without giving an entire desktop, and gives users remote ...

Kirk Hayes

Introduction to Modern Cryptography

Today we use cryptography in almost everywhere. From surfing the web over https, to working remotely over ssh. However, many of us do not appreciate the subtleties of crypto primitives, and the lack of correct and updated resources leads to design...

Amirali Sanitinia

Threat Intelligence In Numbers

Threat intelligence data is all about helping enterprises block or protect against the newest threats.However, threat intelligence datasets are growing steadily, which turns threat intel to a numbers challenge. How big data practices and data mini...

Nir Yosha

Heisenberg Cloud: At-Scale Cross-Cloud Adversary Analytics

We may not have Imperial Stormtoopers in our cloud "cyber-cities", but attackers regularly probe these environments for weaknesses, ready to exploit any opportunity for a foothold. In this session, all will be revealed from an in-depth, ground-bre...

Bob Rudis

Web Scraping for Fun and Profit

Pastebin.com and other public ‘paste’ sites are rich sources of sensitive information. Hackers will often post their stolen ‘loot’ to websites like these for public consumption. These sources of information go largely unmonitored. Pastebin is k...

DeLena, Goodwin

From Rogue One to Rebel Alliance: Building Developers into Security Champions

There just aren’t enough security experts to go around. You have to support the multitude of Agile and DevOps teams that are making production software changes anywhere from once a month to several times a day? The lack of resources coupled with t...

Peter Chestna

How to Defend Against Penetration Testers And Win

Do you believe you have what it takes to secure a network against a penetration test? Attend this talk to find out how you can be successful against penetration tests and real-world attackers. Most penetration tests are too EASILY successful; let'...

Paul Asadoorian

Panel: Roles in Infosec That Don't Require You To Be An Engineer

With an estimated shortage of 1.5 million people in cyber security by 2020 and terrible retention numbers, we need to widen the scope of our hiring more than ever before to protect our national, digital and physical security. The field of cyber se...

Unknown