- Видео 78
- Просмотров 8 304
BSides Philly
США
Добавлен 9 апр 2016
BSidesPhilly seeks to create awareness and improve upon the conversation and research of security topics within the Philadelphia region for researchers, professionals, and practitioners alike. The conference aims to give these various groups a chance to meet, engage in conversation through scheduled talks and events, as well as offer a networking opportunity that will result in new collaborative efforts for research and other security projects. Above all, our goal is to create a self-sustaining event that will continue on an annual basis through the attendance and support of the security community.
Become Unphishable
Brendan provides an enlightening overview of Phishing techniques and security measures to help organizations to become "unphishable"!
Bsides Philly
Bsides Philly
Просмотров: 68
Видео
Get in the Box Containerizing Red Team - Dan Astor & John Callahan
Просмотров 717 месяцев назад
Dan Astor Jonn Callahan GET IN THE BOX: Containerizing Red Team Infrastructure Red Team engagements often require complex and secure infrastructure which facilitate the routing and traffic for command and control servers, phishing frameworks, and other external services. Much of this gets deployed to many single-use systems for various steps or phases of the engagement, often relying on Ansible...
Striking the Right Notes - Protecting Music Royalty Shares - Madhav Gopal
Просмотров 107 месяцев назад
Madhav Gopal Striking the right notes - Protecting Music Royalty Shares Jukebox Co. (JKBX; pronounced “Jukebox”) operates a technology platform located at www.JKBX.com that aims to unlock shared value from the things people love by offering consumers access to royalties as an asset class. By merging music appreciation with traditional investing, JKBX redefines how retail investors and music lov...
Hunting for Credential Dumping Attacks in Modern Windows Environments - Andrew Case
Просмотров 1,6 тыс.7 месяцев назад
Andrew Case Hunting for Credential Dumping Attacks in Modern Windows Environments This presentation will begin by highlighting the severity of credential dumping attacks through discussion of previous high-profile incidents where it occurred as well as the effects on organizations where our team was part of the incident response process. The defenses that Microsoft implemented for Windows 10 an...
RPC Filter? I Hardly Know Her! - Evan Perotti
Просмотров 397 месяцев назад
Evan Perotti RPC Filter? I Hardly Know Her! Lateral movement to Windows hosts is one of the most common and desirable classes of attacks seen in the wild. Despite this, many endpoint security vendors still do not block the attack primitives that enable this lateral movement. Worse yet, some of these attacks date back decades! So what can be done? This talk will explore one promising protection:...
Who's pipeline is it anyway? Attacks and Defense in the World of CI/CD - Matt Bosack & Zach Satterly
Просмотров 1057 месяцев назад
Matt Bosack Zach Satterly Whose Pipeline Is It Anyway?: Attacks and Defenses in the World of CI/CD The large growth of devOps utilization of CI/CD automation frameworks and pipelines has arrived with an increased number of attacks and the traditional lag of defenses, introducing a number of new wormable, escaping, and dependency level attacks, in addition to the OWASP CI/CD Top 10. Our talk wil...
The Power and Perils of Binary Emulation for Malware Analysis - Anuj Soni
Просмотров 1127 месяцев назад
Anuj Soni The Power and Perils of Binary Emulation for Malware Analysis Binary emulators, which simulate the execution of instructions or an entire program, provide a compelling solution for automating the deobfuscation of code and data during malware analysis. When faced with malware that implements custom encryption or obfuscation algorithms, publicly available libraries rarely help. One solu...
Terraform Security: Attacking and Defending Infrastructure as Remote Code Execution - Michael McCabe
Просмотров 587 месяцев назад
Michael McCabe Infrastructure as Remote Code Execution The talk will focus on research done on Terraform implementations and ways to harden deployments. The talk will cover how Terraform works, how common Terraform security controls are applied, and multiple ways to bypass them and gain further access to environments. Outline: * How Terraform works * How plan and apply impact security controls ...
The Payphone you have Dialed has been Disconnected - Mike Dank
Просмотров 1037 месяцев назад
Mike Dank The Payphone You Have Dialed Has Been Disconnected The State (and Revival) of Payphones in 2023 Payphones were once ubiquitous in the US, but now you'd be hard-pressed to find one especially in working order! While most people have largely forgotten about payphones, we are trying to figure out what is still out there and how to bring them back! In this talk we will explore the current...
Stacked and Hacked: Crafting the Ultimate COTS Incident Response Arsenal - Art Ocain
Просмотров 477 месяцев назад
Art Ocain Stacked & Hacked: Crafting the Ultimate COTS Response Arsenal A swift, well-coordinated incident response can spell the difference between a minor hiccup and a full-blown crisis. Harnessing the power of Commercial Off-The-Shelf (COTS) tools, we'll take you on a journey of assembling a potent incident response stack. Through real-world experiments and research, we will dive deep into t...
Skills to build for Your Cloud Security Career - Cassandra Young
Просмотров 567 месяцев назад
Cassandra Young (muteki) Skills to Build for Your Cloud Security Career Cloud Security continues to be a hot niche within the cybersecurity career market, with job postings often requesting a specialized skillset. This talk will introduce you to a variety of Cloud Security career options, from red teaming and engineering to technical assessments, and the related skills you’ll need as a foundati...
I use my Anxiety to PWN Companies, and you can too! - Shanni R Prutchi
Просмотров 237 месяцев назад
Shanni R Prutchi I use my anxiety to pwn companies, and you can too! This presentation will introduce threat modeling as a formal practice before showing how to leverage it is an informal technique to prioritize test cases, identify overlooked vulnerabilities, and improve penetration testing outcomes. I will be using a series of case studies to show the process and impact of threat modeling. Bs...
Veilid, So easy a Teenager Can Do It! - Bianca Lewis
Просмотров 5747 месяцев назад
Bianca Lewis Veilid, so easy a teenager can do it! At DEF CON 31 Cult Of The Dead Cow announced they would break the internet with Veilid, an open-source, peer to peer, mobile-first, network application framework. Come and learn how you can help cDc take back the internet, building distributed private applications. Don’t want to build an app? Spin up a node and help out the network! Veilid goes...
Advanced Threat Modeling with GenAI - Vladimir Fedotov
Просмотров 1387 месяцев назад
Vladimir Fedotov Advanced Threat Modeling with GenAI The presentation aims to showcase how generative AI can help application security experts overcome challenges in threat modeling. These challenges include limited time for comprehensive threat modeling due to agile development and the overwhelming outputs from threat modeling tools that lack context. The presentation will cover the essence of...
Ethical Considerations of AI Usage in Marginalized Communities - Jessica Hoffman & Yoel Alvarez
Просмотров 127 месяцев назад
In the City of Philadelphia more than 100 neighborhoods struggle with Internet deserts. The integration of Generative Artificial Intelligence (AI) exacerbates this digital gap. Let's talk about the ethical challenges arising from AI usage in marginalized communities, encompassing concerns related to bias, fairness, and data privacy. Let’s talk about responsible AI development and deployment str...
Bsides 2023 - Keynote Presentation - Cris Thomas - The Cybersecurity State of the Union
Просмотров 1647 месяцев назад
Bsides 2023 - Keynote Presentation - Cris Thomas - The Cybersecurity State of the Union
Nick Delewski - Wireless WiFi Think More About What Wireless Really Means
Просмотров 673 года назад
Nick Delewski - Wireless WiFi Think More About What Wireless Really Means
Hardik Parekh - Navigating DevOps Security Journey at Scale
Просмотров 833 года назад
Hardik Parekh - Navigating DevOps Security Journey at Scale
Paul Renda & Nick Benigno - Time to Revist Debate between X86 Wintel and IBM zOS Mainframe Platform
Просмотров 323 года назад
Paul Renda & Nick Benigno - Time to Revist Debate between X86 Wintel and IBM zOS Mainframe Platform
Raymond Cazanese - The Cloud is for Launching Cyber Attacks
Просмотров 613 года назад
Raymond Cazanese - The Cloud is for Launching Cyber Attacks
Cassandra Young - The Complete Noobs Guide to Cloud Security
Просмотров 2233 года назад
Cassandra Young - The Complete Noobs Guide to Cloud Security
Apurv Singh Gautam - Automating Threat Hunting on the Dark Web
Просмотров 7263 года назад
Apurv Singh Gautam - Automating Threat Hunting on the Dark Web
Kyle Sheely - Lessons from the SOC Defending HealthCare & Pharma During Covid
Просмотров 793 года назад
Kyle Sheely - Lessons from the SOC Defending HealthCare & Pharma During Covid
Peter Scheffler - Mary Quantum of Scots
Просмотров 393 года назад
Peter Scheffler - Mary Quantum of Scots
Madeline Bright - Disabled Security The Role of Universal Design in Cybersecurity
Просмотров 573 года назад
Madeline Bright - Disabled Security The Role of Universal Design in Cybersecurity
Jonathan Magen - SPNDL: Security Policy Notation and Description Language
Просмотров 2003 года назад
Jonathan Magen - SPNDL: Security Policy Notation and Description Language
Christopher Lopez - Asking Questions and Writing Effectively
Просмотров 443 года назад
Christopher Lopez - Asking Questions and Writing Effectively
Kelley Robinson - What if we had TLS for Phone Numbers
Просмотров 353 года назад
Kelley Robinson - What if we had TLS for Phone Numbers
Chris Myers - Home Labs Without Hardware Building in the Cloud
Просмотров 2203 года назад
Chris Myers - Home Labs Without Hardware Building in the Cloud
DMR brandmeister and APRS are linked together.
Interesting. Thank you!
New to the Philly B-Sides as a local Philadelphian. Looking forward to catching up on all of these talks. So ready to jump from my current govt. gig. On my stidy grind