BSidesLV 2023
took place Aug. 8, 2023 through Aug. 9, 2023 (2 years, 2 months ago) at an unknown location.
Presentations
Tuesday, Aug. 8, 2023
-
09:00 - Opening Remarks - Day One
-
09:30 - And Together We Crossed the River…
-
10:30 - Jumping from cloud to on-premises and the other way around
-
10:30 - Towards Effective & Scalable Vulnerability Management
-
10:30 - Failing Upwards: How to Rise in Cybersecurity by finding (and exploiting) your weaknesses
-
10:30 - F*** Your ML Model
-
10:30 - Build hybrid mobile applications like a security pro!
-
10:30 - Introduction to the Track, Reflections on a Decade of IATC
-
10:30 - Cyber Threat Hunting (CTH) - Day 1
-
10:30 - Authentication Proxy Attacks: Detection, Response and Hunting
-
10:30 - Threat Modeling 101 - Burn risks, not hope
-
10:30 - How to build a security awareness strategy that works!
-
10:30 - Linux Privilege Escalation
-
11:00 - Enemy at the Gate, and Beyond: Detecting and Stopping Account Takeover
-
11:00 - How to communicate with non-security specialists to drive action
-
11:30 - OH-SINT: Merging OSINT Into RE Workflows to Simplify Analysis
-
11:30 - Machine Learning for Insider Threats: At the Intersection of Security and Privacy
-
11:30 - The Dark Playground of CI/CD: Attack Delivery by GitHub Actions
-
11:30 - So Who's Line Is It Anyway? Recruiter Panel
-
11:30 - Energy Poverty and Potential Impacts to Other Critical Infrastructures & Powerful Paths to Progress
-
11:30 - The History of Malware- From Floppies to Droppers
-
11:30 - Lies, Telephony, and Hacking History
-
11:30 - Could Passwordless be Worse than Passwords?
-
12:00 - Breaking In: Unleashing the Power of Physical Offensive Security
-
12:00 - EMBA - From firmware to exploit
-
13:00 - Penetration Testing Experience and How to Get It
-
14:00 - You CAN get there from here!
-
14:00 - Hungry, Hungry Hackers: A Hacker's Eye-view of the Food Supply
-
14:00 - Strategies for secure development with GraphQL
-
14:00 - ZuoRat: Home (not) Alone
-
14:00 - The Telenovela of Latin America Banking Trojans: A Dramatic story about Cybercrime
-
14:00 - Are your secrets safe - How mobile applications are leaking millions of credentials
-
14:00 - Google Workspace Forensics - Insights from Real-World Hunts & IR
-
14:00 - How to prioritize Red Team Findings? Presenting CRTFSS: Common Red Team Findings Score System Ver. 1.0
-
14:30 - Social Engineering: Training The Human Firewall
-
14:30 - Unveiling the Hidden: Discovering RDP Vulnerabilities using PDF Files
-
15:00 - Emulation, PowerPC, and Transition
-
15:00 - Rockstar Role: Security TPM
-
15:00 - Farm to Fork(ed): The Forces Fueling Food Chain Risk
-
15:00 - Building Your Own AI Platform and Tools Using ChatGPT
-
15:00 - High Stakes HIDe-N-SEEK
-
15:00 - Comprehensive Guide to Runtime Security
-
15:00 - Hyper-scale Detection and Response
-
15:00 - Adding SAST to CI/CD, Without Losing Any Friends
-
15:00 - Got Hashes. Need Plains | Hands-on Password Cracking
-
15:00 - Do you know where your secrets are? Exploring the problem of secret sprawl and secret management maturity
-
15:30 - The Importance of Engineering Privacy From the Get Go
-
16:00 - The GitHub Actions Worm: Compromising GitHub repositories through the Actions dependency tree
-
17:00 - Negotiating Compromise: How to avoid being labeled a "Chicken Little" while promoting better security decision making
-
17:00 - Security Data Science Teams: A Guide to Prestige Classes
-
17:00 - The Evolution of Magecart Attacks
-
17:00 - Water, Water Everywhere: The Krakens, Kelpies, and Mermaids in today's Water Sector
-
17:00 - All You Need is Guest: Beyond Enumeration
-
17:00 - Breaking Windows with your ARM
-
17:00 - Password911: Authentication Adventures in Healthcare
-
17:30 - Wrangling Cats: How We Coordinate Red Team Testing
-
18:00 - Hiding in Plain Sight - The Untold Story of Hidden Vulnerabilities
-
18:00 - How to have perfect vulnerability reports and still get hacked
-
18:00 - Follow the white rabbit down the rabbit hole
-
18:00 - Becoming a Dark Knight: Adversary Emulation Demonstration for ATT&CK Evaluations
-
18:00 - Public Service Journeys (To and From Hacking Culture)
-
19:00 - BSides Organizers Meet-Up
Wednesday, Aug. 9, 2023
-
09:00 - Opening Remarks - Day Two
-
09:30 - From LLM Obstacles to Open Doors: A Tale of Three CISOs
-
10:30 - Cyber Crash Investigations: Seizing the Opportunity to Learn from Past Crises
-
10:30 - Defense-in-Depth engineering
-
10:30 - Linux Digital Forensics: a theoretical and practical approach
-
10:30 - Pentesting ICS 101
-
10:30 - The Birds, the Bees, and the CVEs: Understanding the Novel Vulnerabilities in Critical Infrastructure
-
10:30 - Cyber Threat Hunting (CTH) - Day 2
-
10:30 - Email Detection Engineering and Threat Hunting
-
10:30 - Passwords: Policies, Securing, Cracking, and More
-
10:30 - Management Hacking 102: Personalities, Empathy, and Difficult Conversations
-
10:30 - Wolves in Windows Clothing: Weaponizing Trusted Services for Stealthy Malware
-
10:30 - Introduction to IATC Day Two
-
10:30 - Enemy Within: Leveraging Purple Teams for Advanced Threat Detection & Prevention
-
10:30 - Cyber risk: How does cyber events become so costly?
-
10:45 - The British are Coming! (To Talk IOT Secure By Design)
-
11:00 - The Brazillian DeepWeb. How Brazilian fraud groups work on Telegram and WhatsApp
-
11:30 - Separating Fact from Fiction: The Realities of Working in Government
-
11:30 - How to Handle Getting Dumped: Compromised Passwords
-
11:30 - Open Source GitOps for Detection Engineering
-
11:30 - Conti Leaks and CARVER Analysis for Threat Intel Analysts
-
11:30 - Shining a light into the security blackhole of IoT and OT
-
11:30 - Double Entry Accounting for Security
-
11:30 - Mainframe Hacking for CICS and Giggles
-
12:00 - Vulnerability Intelligence for All: Say Goodbye to Data Gatekeeping
-
12:00 - Building a Culture of Cybersecurity: A Case Study Approach to Enhancing Risk Management
-
12:00 - Overcoming Barriers in Security DSLs with BabbelPhish: Empowering Detection Engineers using Large Language Models
-
12:30 - It's all about Talent
-
13:30 - An Everything Is On Fireside Chat with Jen Easterly, Director of US C.I.S.A.
-
13:30 - Home Labs for fun and !profit (Put your home lab on your resume!)
-
14:00 - Breaking Business as Usual: Attacking Android Enterprise Solutions
-
14:00 - Cognitive Security and Social Engineering: A Systems-Based Approach
-
14:00 - Gang Gang: Assembling and Disassembling a Ransomware Gang
-
14:00 - You've Gained +2 Perception! Leveling Up Your Red Team with a New Maturity Model
-
14:00 - Your Ad Here: Helping your organization build their security brand
-
14:00 - Saving Lives in Healthcare: Trust, Teamwork, Tangible Outcomes (Decade of Change) with special government teammates
-
14:00 - How I Met Your Printer
-
14:30 - Actions have consequences: The overlooked Security Risks in 3rd party GitHub Actions
-
15:00 - Navigating Security pitfalls during M&A : Playbooks & Strategies for doing acquisitions right
-
15:00 - System Dynamics in Risk Management: A Primer
-
15:00 - Build Your Own Cat-Shaped USB Hacking Tool!
-
15:00 - Beyond the Perimeter: Uncovering the Hidden Threat of Data Exfiltration in Google Cloud Platform
-
15:00 - Big SIEM Energy at micro-SIEM cost
-
15:00 - Hunting Cryptoscam Twitter Bots: Methods, Data & Insights
-
17:00 - Playing Games with Cybercriminals
-
17:00 - The attackers guide to exploiting secrets in the universe
-
17:00 - The Ever-shifting Habits of Cloud-focused Malware Campaigns
-
17:00 - The Art of Letting Go: Secure delegation of permissions in AWS environments
-
17:00 - A Hacker's Guide for Changing The World (and Where do we go from Here?)
-
17:00 - Sure, Let Business Users Build Their Own. What Could Go Wrong?
-
17:00 - It's not the end of the world but you can see it from here.
-
17:30 - Are We too Early for the Party? (the perils of Baking Cyber in from the Beginning)
-
17:55 - Regular expressions are good, actually: A technical deep-dive into an ideal infosec regex implementation
-
18:00 - Next Generation Enterprise Security
-
18:00 - Trusted Devices: Unlocking a Password Manager without a password
-
18:00 - For Intel and Profit: Exploring the Russian Hacktivist Community
-
18:00 - Good Doesn't Always Win: Understanding technical and enterprise tradeoffs in Cybersecurity
-
18:00 - Oops, I Leaked It Again - How we found PII in exposed RDS Snapshots
-
18:30 - What the Yandex Leak Tells Us About How Big Tech Uses Your Data
-
19:00 - Closing Ceremony