Registration Registration for workshops is open at https://bsides-pdx.square.site/product/bsidespdx-2022-conference/18.
Since capacity is limited, we do attach a nominal $10 fee to advance registration to prevent speculative registrations and limit no-shows. We will not keep a waitlist, but empty seats will be made available first-come-first-served at the start of the workshop.
If for any reason, this fee is a barrier to your attending, use the coupon code ‘IPROMISETOATTEND’ to register for free.
Beginner Capture The Flag (CTF) Challenge Carousel
The void* Vikings
Jumping into your first CTF can be scary! Let us show you the ropes by introducing five major CTF categories. Look forward to hands-on learning with our mentors as you rotate through stations. Each station will have an introduction, demonstration, and challenges to try for yourself! Topics covered include: OSINT, Reverse Engineering, Cryptography, Steganography, Web and Network Security.
The void* Vikings are the Portland State University security club and CTF team!
Our mission is: Promoting security culture, ethics, research, ongoing education, and development of safer code through playing and competing in Capture The Flag competitions
The 2022-23 officers are: Allison Marie Naaktgeboren, Tristan Gomez, and Travis Noyes
Pivoting, Tunneling, and Redirection Master Class
Barrett Darnell (@pwneip), Wesley Thurner (@nopresearcher)
Pivoting, tunneling, and redirection are essential skills that separate the junior and senior operators in the offensive security landscape. This workshop describes various techniques used to creatively route traffic through multiple network segments. Various tools and techniques will be discussed and demonstrated. Attendees will be able to practice these skills in a provided cyber range during and after the workshop. These are essential skills for every pentester, bug bounty hunter, and red team operator. But that’s not all! Defenders will learn techniques for detecting these sorts of suspicious traffic in their network.
Barrett Darnell is a Principal Security Engineer on the Intuit Red Team, a vital part of the organization that protects Intuit and customers from all forms of cybercrime. Barret is also a certified instructor and author for SANS. He teaches SEC660 Advanced Penetration Testing and Exploit Development and authored/teaches SEC565 Red Team Operations. Wesley Thurner is a Principal Security Engineer on the Intuit Red Team, a vital part of the organization that protects Intuit and customers from all forms of cybercrime. Intuit is the global technology platform that helps consumers and small businesses overcome their most important financial challenges. Serving more than 100 million customers worldwide with TurboTax, QuickBooks, Mint, Credit Karma and Mailchimp, we believe that everyone should have the opportunity to prosper. We never stop working to find new, innovative ways to make that possible.
Creating cybersecurity training exercises with EDURange
Jens Mache, Levi Overcast, Seth Leichsenring, Richard Weiss
EDURange allows for users to host the application on their own hardware, or to be run on a central cloud server. You can spin up any of our exercises or create your own to play on-demand. Our exercises take the form of one or more docker containers with built-in challenges which range in difficulty from command line basics to more advanced network reconnaissance and Metasploit. Using Terraform, one can customize our exercises to add tools or artifacts to the existing exercises, or make more extensive changes, EDURange could be the perfect solution for you.
In this workshop, we will show how to create hands-on cybersecurity experiences with assessments using the EDUrange platform. We will work through creating and launching EDUrange scenarios. We provide pre-configured Docker images and a framework for creating your own. You can host EDUange instances from anywhere that works best for you — AWS, Goggle cloud, Azure or on your own hardware locally.
By the end of this workshop, you will know how to set up your own CTF using EDURange. See some of the exercises at https://edurange.org/scenarios.html
Jens Mache teaches computer science at Lewis & Clark College in Portland, Oregon Levi Overcast is a software developer at The Evergreen State College, where he is working towards his Bachelor’s degree. He has been working as a developer on the EDURange Platform for the past six months. Seth Leichsenring is a software developer at Narf Industries. He earned his Bachelor’s degree from The Evergreen State College. Richard Weiss teaches computer security and general computer Science and mathematics at The Evergreen State College. He started the EDURange project in 2011 with Jens Mache and Michael Locasto.