BSidesNoVA 2023

"Hackers of the Seven Seas''

Sept 8 & 9 | Arlington, VA

What is BSides?

BSidesNoVA conference in Northern Virginia is part of world-wide series called Security BSides.

BSides is a “community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-things are happening.”

BSidesNoVA inaugural event was hosted at Center for Innovative Technology in Herndon, VA on Saturday, February 25th, 2017. Our event is attended by industry professionals and students. Speakers cover topics ranging from the state of the cybersecurity industry to bleeding edge research on vulnerabilities, exploits, protection, and response. Featured keynotes, speakers, and panels are on our website on our Archives page. In addition to the talks, multiple activities are organized from Capture-the-Flag to Wireless Hacking, and Lock-Picking villages. The conference usually concludes with a Happy Hour Event that is hosted by one of our Platinum sponsors, Altus Consulting.

We’re a 100% volunteer organized event, put on by and for the community, and we strive to keep information free.

We thank every individual who has and is contributing to this project! The Northern Virginia area has one of the strongest cybersecurity communities in the technology area.

This year’s theme is Hackers of the Seven Seas!

Venue:  Mason Square (formerly the Arlington Campus) is located in the Virginia Square neighborhood of Arlington County. The campus hosts the Antonin Scalia Law School, the Schar School of Policy and Government, the Jimmy and Rosalynn Carter School for Peace and Conflict Resolution, programs in Arts Management and the School of Business, and Continuing and Professional Education. 

Getting to Mason Square:

Mason Square is within walking distance of the Virginia Square-GMU Metro station on the Orange Line and the Silver Line.

GPS Address (for mobile devices and Google maps): 3351 North Fairfax Drive, Arlington, VA 22201

Parking at Mason Square:

Paid visitor parking is available in the Van Metre Hall Garage, accessible via Founders Way North.

REGISTRATION REQUIRED

GENERAL ADMISSION AND WORKSHOP TICKETS ARE AVAILABLE!

• Con General Admission (SAT, 9AM)

$45.00+$4.87 Fee

Select quantity: Con General Admission (SAT, 9AM) price: $45.00

Sales end on Sep 10, 2023

Conference Admission Only. To attend any workshops, you must buy a ticket for the specific workshop.

• Cyber Threat Intelligence 101 (FRI, 8AM) 8-hr

$65.00+$6.21 Fee

Select quantity: Cyber Threat Intelligence 101 (FRI, 8AM) 8-hr price: $65.00

Sales end on Sep 8, 2023

Instructors: Andy Piazza & John Stoner Description: This workshop will present an introduction to the basic concepts of threat analysis, leveraging open-source tools, and processing threat intelligence reports in support of computer network defense and incident response. This is a workshop for blue teamers (current and future!) that are interested in threat analysis. It will include discussing publicly available tools along with covering processes that are actionable today without additional training or paid accounts. We will start the workshop in an academic segment to build a baseline of key terms and the distinction between Cyber Intelligence and Cyber Threat Analysis. Once we have a common foundation, we will move into a hands-on portion exploring open-source reports to enrich and pivot within our dataset. I will demonstrate the process that I use to read through the content of a threat report, process the IOCs and TTPs, and correlate the activity to previous reporting. This section of the workshop will work through Symantec’s Waterbug reporting along with ESET’s Turla reporting, as examples of the same activity being reported under different names and from different perspectives. Attendees will conduct passive lookups (e.g. VirusTotal, ThreatMiner, and PassiveTotal) on the IOCs included in the report. In the final portion of the class, we will discuss bringing our analysis back together into an intelligence product. We will discuss the best methods for clustering threat activity, categorizing capabilities, and visualizing threat activity. Requirements- the class will require access to the internet. Students will require a laptop where they can download PDF and Excel files. We will not require downloading and installing software. Students should have a burner email account for free-tool registration (somewhere for sales emails to go to that won’t annoy them) as we will register for a few free accounts. @klrgrz linkedin.com/in/andypiazza/ klrgrz.com (blog) @1MrStoner linkedin.com/in/johnstoner123/

See more

• Intro to Active Directory Attacks (FRI, 1PM) 4-hr

$45.00+$4.87 Fee

Select quantity: Intro to Active Directory Attacks (FRI, 1PM) 4-hr price: $45.00

Sales end on Sep 8, 2023

Instructor: Ryan O'Donnell, Director Cyber Engineering at Altus Consulting Description: Broad introduction into how to get started with Active Directory attacks for Penetration Testers. Will go over Kerberos and then dive into hands-on AD attacks like: kerberoasting, as reproasting, unconstrained delegation, and constrained delegation. Notes and comments More than 95% of Fortune 500 companies use Active Directory (AD) and it often forms the backbone of an enterprise network. So, it makes sense that securing AD is a major priority for cybersecurity professionals. But if you're just getting started, it can be an intimidating and confusing topic. Our goal is to help newcomers get an introduction and understanding of AD attacks. Attendees will receive hands-on experience with a small AD domain that simulates a real environment. The 4-hour hands-on workshop will cover the following topics: Overview of Kerberos Authentication Active Directory Enumeration with SharpHound/Bloodhound Kerberos attacks including: Kerberoasting and Asreproasting Constrained and Unconstrained Delegation Attacks Audience Skill Level: This is a beginner level introduction course to common AD attack paths. linkedin.com/in/ryan-o-donnell-b4823b1a5/

See more

• MetaCTF 101 Workshop (FRI, 9AM) 6-hr

$65.00+$6.21 Fee

Select quantity: MetaCTF 101 Workshop (FRI, 9AM) 6-hr price: $65.00

Sales end on Sep 8, 2023

Instructor: Roman Bohuk, CEO at MetaCTF Description: Capture the Flag (CTF) competitions offer a great way to acquire new technical skills. If you have never participated in a CTF event before, it can feel intimidating to try. This workshop will walk you through the different types of cybersecurity competitions and go in-depth on jeopardy-style CTFs. You will learn what skills are needed to participate, how to approach the challenges, and what are some of the common tools you may want to be familiar with. We will go over an example CTF as a group, and you will have a chance to work through several example CTF challenges at your own pace with unlimited hints and guidance from our volunteers. We hope that you walk away not only with some new security skills but also the confidence to participate in a CTF on your own. @RomanBohuk linkedin.com/in/romanbohuk/

See more

• How to Track Unknown Threat Actors (FRI, 1PM) 4-hr

$45.00+$4.87 Fee

Select quantity: How to Track Unknown Threat Actors (FRI, 1PM) 4-hr price: $45.00

Sales end on Sep 8, 2023

Instructor: Simeon Kakpovi, Founder @ KC7 Foundation Description: This threat actor does not exist, but you can learn to track them anyway. Many defensive cybersecurity roles, such as Incident Response, Security Operations, and Threat Intelligence, require analysts to detect, track, and mitigate the activities of cyber threat actors using data from sensors within the company. However, beginners often face significant challenges in accessing this data for learning purposes due to legal and privacy barriers. Even seasoned analysts are limited in the range of threat actors they can learn from, as it depends on the specific organization being targeted and the organization's ability to effectively log such activities. To address this issue, KC7 offers rich (albeit fictitious) datasets that are accessible to all analysts, enabling them to learn how to effectively hunt adversaries. By utilizing the provided data sets, analysts can learn how to track adversary activity across all seven phases of the cyber kill chain. In this hands-on workshop, attendees will: - Utilize Azure Data Explorer and Kusto Query Language to investigate a realistic intrusion dataset. - Investigate cyber activity within various logs, including email, web traffic, and endpoint logs. - Employ multiple techniques to pivot and track the activity of multiple Advanced Persistent Threat (APT) actors. - Provide recommendations on actions a company can take to enhance their protection against cyber threats. This workshop is ideal for newbie analysts with no experience tracking threat actors, but will also challenge cybersecurity analysts who currently work in the field. Notes and comments Attended will need a laptop to participate. ++ A decent internet connection and a Microsoft account (hotmail, O365, etc..) @simandsec linkedin.com/in/kakpovi/ kc7cyber.com (blog)

See more

• Let's Get Crackin'! (FRI, 8AM) 4-hr

$45.00+$4.87 Fee

Select quantity: Let's Get Crackin'! (FRI, 8AM) 4-hr price: $45.00

Sales end on Sep 8, 2023

Instructors: Ahmed Ibrahim, Teaching Associate Professor at in the Department of Informatics and Networked Systems at the University of Pittsburgh Description: Passwords are still the main access control mechanism to accessing online accounts. How do passwords get compromised and cracked? Why should we use long passwords and never reuse passwords? In this workshop, we will learn about the different ways to crack passwords. You will have the opportunity to crack password hashes (offline cracking) using the "hashcat" tool in addition to finding the password for user accounts on a remote machine (online cracking) using the "hydra" tool. In addition, you will run a network scan to find a camera, use "hydra" to crack its password, and SEE what the camera can SEE! Participants need to bring a computer with a physical keyboard/mouse. You will be given access to a Kali Linux machine (through the browser - preferably Chrome) to use during the workshop. Are you ready for some crackin'? Prerequisite: Familiarity with using the terminal on a Linux operating system. Notes and comments Workshop Length: 4 hours (240 minutes) There is a 40-person attendee limit for this workshop. Attendees will need to have good Internet speed and access to a reliable and efficient web browser for the duration of the workshop (preferably Chrome). Required Software or Hardware Attendees should have a computer machine with a physical keyboard and a physical mouse as well as an efficient web browser for the duration of the workshop (preferably Chrome). In addition, the venue should have good Internet speed. Note: The instructor has a CTF for participants to validate their answers and move ahead if they want. @ai__cs linkedin.com/in/ahmedshedeed/

See more

• Building a Home Lab (Friday 1PM) 4-hr

$45.00+$4.87 Fee

Select quantity: Building a Home Lab (Friday 1PM) 4-hr price: $45.00

Sales end on Sep 8, 2023

Instructor: Tom Bendien, CEO at GT Cyber Labs Description: We need to build the talent pipeline for Cyber from the High School level and help people make career transitions to Cyber to close the talent gap. I would like to share my learnings in doing these things by coaching Cyber Clubs at High School level, College students and people looking to make a career transition to Cyber. In addition, building your Human Cyber Network is key. I'd like to share my learnings from organizing the Nth VA Cyber Meetup and being involved in other Cyber working groups. Notes and comments I'd like to give a talk and set up a practical hands on Build a Home Lab workshop for n00bs and early stage Cyber folks to gain confidence and inspiration. The workshops would involve physically assembling server & computer hardware, installing Proxmox hypervisor, building VM's and containers to create a pen testing lab with Hydra on Kali and install a Windows Server for configuring AD. I have run this project with a number of n00bs and it works very well to give them confidence and hands on skills. I will provide all lab hardware (laptops, USB Sticks, network and server hardware) and a software library on a NAS via a local network so that we don't overload guest wifi. I may even bring some 5G/LTE radios to provide Internet access for the lab for Linux updates etc. These skills will enable the participants to build a Home Lab themselves taking into account all aspects of hardware assembly, configuring BIOS, networking, installing and configuring software. Also they will be shown how to make their Home Lab securely accessible over the Internet via Cloudflare. This will also help them learn hands on skills for Comptia IT & Cyber exams. The workshop would be planned so that the participants can build a functional Home Lab in around 2-3 hours. linkedin.com/in/tbendien/ gtcyberlabs.com (blog)

See more

• Using Containers 2 Analyze Malware (Fri, 8AM) 8-hr

$65.00+$6.21 Fee

Select quantity: Using Containers 2 Analyze Malware (Fri, 8AM) 8-hr price: $65.00

Sales end on Sep 8, 2023

José Fernández, President @ CompSec Direct Description: This workshop will focus on teaching participants how to handle malware and analyze samples using both Windows and Linux containers. The workshop will focus leveraging open-source tools, and techniques to build out a simple analysis queue pipeline to allow students to analyze multiple samples at scale within a controlled environment. Desired prerequisites: 1. Some familiarity with Docker or containers 2. Basic experience with malware analysis tools and techniques 3. Comfortable with command line interfaces in Windows and GNU / Linux @Jfersec linkedin.com/in/jfersec/ compsecdirect.com (blog)

See more

• Incident Detection and Response (FRI, 1PM) 4-hr

$45.00+$4.87 Fee

Select quantity: Incident Detection and Response (FRI, 1PM) 4-hr price: $45.00

Sales end on Sep 8, 2023

Lifehacking with Incident Detection and Response Instructor: Donald Ortmann, German German Cyber Security Network trainer and Security Consultant at DonLuigi IT-Service linkedin.com/in/donald-ortmann-secure/ Description: This workshop is about how an attacker exploits human and technical vulnerabilities in Linux and Windows systems, moving through the network to make his profit. But it is also about how the attacker can be detected along the way and what the best countermeasures are. Along the way, the trainer presents the standard incident response procedure of the German cyber security network.

URLS:  https://www.bsidesnova.org/

NOTE: Several chapter members are planning on attending and considering carpooling to the event. If you are interested in driving or riding to the event, please contact the chapter at info@isc2rva.org. 

Notice: This is not a chapter event. Attendees of the conference are responsible for maintaining their ethics requirements of (ISC)2 certifications.