Registration for workships is open at https://bsides-pdx.square.site/product/BsidesPDX2019/11.
Since capacity is limited, we do attach a nominal $10 fee to advance registration to prevent speculative registrations and limit no-shows. We will not keep a waitlist, but empty seats will be made available first-come-first-served at the start of the workshop.
If for any reason, this fee is a barrier to your attending, use the coupon code ‘IPROMISETOATTEND’ to register for free.
OWASP Top Ten Lab Featuring OWASP Juice Shop
David Quisenberry (@quizsec)
The OWASP (Open Web Application Security Project) Top 10 is a powerful awareness document for web application security. It represents a broad consensus about the most critical security risks to web applications. Injection, Broken Authorization, Sensitive Data Exposure are just some of the categories it covers. This training will provide those unfamiliar with the OWASP Top Ten an opportunity to learn about the categories hands on through the OWASP Juice Shop - an intentionally insecure web application.
David Quisenberry (@quizsec) is a backend developer and security champion with Daylight Studio, a local Portland boutique web agency. He serves on the Portland OWASP board and does what he can to up the involvement of established and emerging software developers in security conversations.
Introduction to Binary Exploitation
Aaron Esau (@arinerron), Aaron Jobé (@dirtyc0wsay)
Ever wondered how vulnerabilities like BlueKeep and Eternal Blue work, or are you just interested in learning about the binary exploitation Capture The Flag (CTF) category? This workshop will walk students through exploiting their first buffer overflow vulnerabilities. It will teach them how to develop their own exploits and obtain RCE by redirecting the flow of code execution to shellcode or libraries with or without ASLR enabled. Students should have some experience with Python and Linux and are expected to bring a laptop with VirtualBox and an SSH client installed (a VM will be provided).
“Aaron Esau (@arinerron) is a 17 year old security researcher, CTF player, bug hunter, intern at Summit Security Group, a software developer, and a full-time high school student. Although most of his experience relating to security is with web and binary exploitation, he is interested in many aspects of security and privacy.
Aaron Jobé (@dirtyc0wsay) is a high school senior. His interest in computers led him to binary exploitation. He participates in CTFs and various other security challenges to further expand his skills. After high school, Aaron plans to pursue a career in security.”
How to Rock Your BSides Presentation!
Have a cool security topic the world should know about? Have you wanted to present at BSides but didn’t know where to start? The goal of this workshop is to arrive with an idea and leave with all you need for an amazing presentation that will keep your audience engaged. Topics covered include how a call for papers works, what to do when you’re accepted, speech delivery basics and day of presentation tips and tricks. Participants will receive handouts that walks you through the presentation process tailored to security and tech specific presentations. All basic materials will be provided. Laptop optional, but take that next step and have a completed presentation when you leave!
Olivia Stella is a senior security analyst for American Airlines. In her current role, she focuses on aviation security and vulnerability management including pen testing and coordinated disclosure. She has over ten years of experience in software development and information security. Previously, she worked at an in-flight entertainment company in product security supporting incident response, risk & compliance, and as the bug bounty lead. She holds a bachelor’s degree in computer science, masters in software engineering, CISSP & CISM. When she’s not wearing her security hat, she loves to curl and is an avid toastmaster. (That’s right, ice curling.)
Investigation Basics Crash Course
William Peteroy and Alex Sirr
This workshop will get attendees smart on the foundations they need to perform an end-to-end investigation from network to host. We will cover triage and evidence collection for endpoint and network with a focus on key data points from each that allow us to pivot from endpoint to network data (and vice versa).
We will discuss basic topics, open-source and commercial tools, build an investigation timeline and triage report with a hands-on lab.
Attendees should have a basic understanding of network (ports, protocols, etc) and endpoint (logs, files, windows registry, file system) fundamentals to get the most out of the workshop.
William Peteroy is the Chief Technology Officer for Security at Gigamon where he leads security strategy and innovation efforts. William is also the founder and CEO of ICEBRG (acquired by Gigamon in 2018) and has previously held a number of business and technology leadership positions at Microsoft and in the US Department of Defense.
Practical Threat Modelling
Threat modelling is considered to be a critical component of Secure Development Lifecycle (SDLC) as evidenced by the fact that it’s included in most SDLC methodologies (see Microsoft SDL or OWASP Secure Software Development Lifecycle Project, for example). There’s a ton of information available on threat modelling, though most of it seems to be focused on explaining the importance of it, or where it should fit within SDLC, not so much on practical aspects of how it can be done.
This workshop presents a practical collaborative approach to threat modelling with focus on applicability to Agile teams of various scales. We’ll spend a bit of time on threat modelling overview, but the majority of the workshop will be dedicated to going through an example threat modelling session and creating a sample threat model.
You might be interested in this workshop if you are a security engineer, software engineer, engineering manager, or product manager.
There are no prerequisites, but you are expected to actively participate.
Amiran has been in information security for over 15 years with roles ranging from system engineering and security operations to governance, risk and compliance. Amiran is advocating practical and business-focused approach to security. Security is not just a job, it’s a passion.
Open Season: Building a Threat Hunting Program with Open Source Tools
Travis Smith & Ken Westin
The purpose of this session is to go over the resources which are freely available to anyone to make testing their security posture simple. The main toolsets for this portion of the lab are going to be Atomic Red Team, MITRE ATT&CK Adversary Emulation Plans, APT Simulator and LOLbins. Using these tools, we can select multiple techniques to abuse a victim machine in various ways. This is intended to be interactive and exciting for security professionals who are not exposed to the red-teaming side of security.
After the abuse of each technique, we can look at the telemetry gathered by the endpoint. To make this resonate with all attendees, we will be using telemetry from Microsoft and their SysInternals tools, which will then be collected and visualized using the Elastic stack. Using the Elastic stack, we can dig into the telemetry and pivot around to understand the scope of an incident.
Attendees will have the opportunity to see real-world use cases of “malware” in action, as these are being pulled and linked back to the MITRE ATT&CK framework. This will also demonstrate the power of collecting telemetry for the use of security analytics. We are going to be using free tools in the lab, but the data collected and visualized can reproduced by a number of vendors on hand at RSA each year. Attendees will be able to take this knowledge back to their organization and increase their security posture immediately.
Travis Smith is a Principal Security researcher with Tripwire, focused on creating defensive solutions for enterprise businesses. His focus is on digital forensics and incident response, and has been heavily involved with the MITRE ATT&CK framework over the past few years. Travis’ research in the past has been presented at Black Hat, RSA, ATT&CKcon, SecTor, and various other conferences all over the world.
Ken Westin is Director of Security Solutions at Elastic, helping organizations aggregate, analyze and operationalize disparate security data sources to identify and mitigate threats in various forms. In his past he has helped solve crimes with data, tracking stolen devices, breaking up organized crime groups, recovered stolen vehicles, even solved a violent carjacking, leading to the prosecution of dozens of criminals. He has presented at DEF CON, Black Hat, RSA, multiple BSides and security conferences around the world.
Writing CHIPSEC Modules & Tools
Brent Holtsclaw; Erik Bjorge; Nick Armour; Stephano Cetola
CHIPSEC is a security research and validation tool implemented in Python that allows for low-level access to hardware. The powerful scripting capabilities can be used for tasks including verification of security mitigations and security research. This hands-on workshop will provide an overview of the existing tool architecture and how to write modules and tools. CHIPSEC modules focus on verification of firmware mitigations. CHIPSEC tools are designed to stress the system and perform tasks such as fuzzing interfaces.
Systems will not be provided for the workshop. Bring an Intel based system with the latest release of CHIPSEC installed (https://github.com/chipsec/chipsec/releases) and verify that CHIPSEC is working. For ease of use Linux is preferred. Additional modules and slides will be distributed at the workshop.
Brent Holtsclaw is a Security Researcher at Intel. Brent has performed security analysis for a wide variety of targets from embedded systems to enterprise networks, developing repeatable methods for improving assurance. Brent a contributor and one of the maintainers of the CHIPSEC open source project.
Nick Armour is a Security Researcher at Intel. Nick is a recent college graduate from Sonoma State University.
Stephano Cetola is an Open Source Program Manager at Intel contributing to TianoCore and CHIPSEC. His main focus is on community engagement and improving the developer experience. In his free time he enjoys exploring the thermal tolerances of various electronic circuits.
Erik Bjorge is a Firmware Engineer working at Intel Corporation since 2000. As part of his time at Intel he has had the opportunity to work on a number of firmware code bases including legacy BIOS, coreboot and UEFI. Erik is also a contributor to the CHIPSEC open source project
Hacking USB on the Cheap with USB-Tools
Kate Temkin & Mikaela Szekely
Until recently, fully exploring the world of USB has been challenging – as tools for working with USB have historically been expensive and difficult to obtain, and knowledge regarding USB has been cloistered away in lengthy and somewhat-obtuse specifications – but recent developments in USB tooling have made working with USB significantly more accessible.
This workshop provides an overview of USB security and USB-hacking techniques using inexpensive open-source software and hardware tools – including several tools developed by the presenters in order to make USB hacking more accessible. The workshop includes a variety of demonstrations, and is accompanied by a set of short exercises that allow attendees to get some USB-hacking experience.
This workshop is best experienced when attendees bring a laptop with a working Python3 installation to follow along with.
Kate Temkin leads the software development team at Great Scott Gadgets. Kate is a seasoned USB researcher, and maintains a variety of open-source hardware and software tools, including FaceDancer and GreatFET, and has discovered a number of well-known USB vulnerabilities– including CVE-2018-6242, which famously allowed full exploitation of the Nintendo Switch. When not researching hardware security herself, her passions include making hardware and reverse engineering more accessible to everyone who wants to learn.
Mikaela Szekely is an open-source software and hardware enthusiast with a long-standing interest in USB, embedded systems, and the (ab)use of arbitrary code execution vulnerabilities on video game consoles. At the confluence of these interests, she maintains “fusée-launcher”, an open-source USB exploit tool and firmware loader for the Nintendo Switch. When not maintaining her own tools, Mikaela does some code at Great Scott Gadgets, makes truly terrible puns, and hones her computer science skills in scenic Colorado.