BSidesSF 2019

BSidesSF 2019 took place March 3, 2019 through March 4, 2019 (6 years, 1 month ago) at an unknown location.

http://www.securitybsides.com/w/page/132743652/BSidesSF2019

Presentations

Saturday, March 2, 2019

09:00 - Using the Secrets of Behavioral Science to Influence Security Workshop
09:00 - Practical Threat Modeling Workshop
09:00 - Monitoring Minimum Viable Security via osquery on Mac, Windows, Linux, and Containers Workshop
09:00 - Reverse Engineering Mobile Apps Workshop
12:30 - Using Open Source Log Aggregation Tools to Improve Enterprise Security Workshop
12:30 - Building Secure APIs and Web Applications Workshop
12:30 - Spy Hunter: Reversing Your First Android Surveillanceware Workshop
12:30 - RFID Hacking Workshop

Sunday, March 3, 2019

10:15 - The Path to Infosec Is Not Always Linear
11:00 - How to Build an Application Security Program
11:00 - Self Care for Security Professionals
11:00 - Lyft Cartography: Automating Security Visibility and Democratization
11:00 - Conquer the Enterprise from Inside with Penetration Testing Dropboxes
11:45 - Operation PZCHAO
11:45 - How to Orchestrate a Cyber Security Incident Tabletop Exercise
11:45 - Cats? In My Certificate Transparency Logs? It's More Likely Than You Think
11:45 - Contact Center Authenticaion
13:30 - Twist & Shout: Ferris Bueller's Guide to Abuse Domain Permutations
13:30 - A Deep Dive into Go Malware: Using Metadata to Empower the Analyst
13:30 - How to Lose a Container in 10 Minutes
13:30 - Arcades and Audits: What Gaming Can Do for Your Security Posture
14:10 - Attacking Deep Learning-Based NLP Systems with Malicious Word Embeddings
14:10 - The Secure Metamorphosis: Streaming Logs with Kafka and TLS
14:10 - Slack App Security: Securing Your Workspaces from a Bot Uprising
14:10 - Hacking with a Heads Up Display
14:50 - Owning the Smart Home with Logitech Harmony Hub
14:50 - Offensive Javascript Techniques for Red Teamers (Or Anyone Really)
14:50 - Security Automation Simplified
14:50 - Friend or Replicant: How Attackers Automate and Disguise Themselves in a Shroud of Authenticity to Gain Followers, Control Influence, and Malign Credit
15:30 - Bye-Bye False Positives: Using AI to Improve Detection
15:30 - Ethical Hacking: DIY Mobile Security Workstation (For Cheap)
15:30 - Building Identity for an Open Perimeter
15:30 - High Performance VM Introspection Using Virtualization Exceptions
16:10 - Automating Web Application Bug Hunting
16:10 - Journey to Command Injection: Hacking the Lenovo ix4-300d
16:10 - WHOIS Calling the 80s to Get Their Finger Back: LOL with Old TCP Services
16:50 - Navigating Passwordless Authentication with FIDO2 & WebAuthn
16:50 - Ask the EFF
16:50 - Strangeways, Here We Come: A Journey from On-Prem to Cloud First with AWS

Monday, March 4, 2019

10:00 - Opening Remarks
10:15 - Securing Online Identities with Simple, Secure, Open Standards
11:00 - Anti-Privacy Anti-Patterns
11:00 - Making Sense of Unstructured Threat Data
11:00 - Abusing WCF Endpoint for RCE and Privilege Escalation
11:00 - How to Fix the Diversity Gap in Cybersecurity
11:45 - Surfing the Motivation Wave to Create Security Behavior Change
11:45 - Guarding Against Protocol Subversion at Coinbase
11:45 - BADPDF: Stealing Windows Credentials via PDF Files
11:45 - Don't Boil the Ocean: Using MITRE ATT&CK to Guide Hunting Activity
13:30 - Goldilocks and the Three ATM Attacks
13:30 - Implementing a Kick-Butt Training Program: BLUE TEAM GO!
13:30 - Fuzzing Malware for Fun & Profit: Applying Coverage-Guided Fuzzing to Find and Exploit Bugs in Modern Malware
13:30 - Career Mutation: A Panel on the Evolution to Management in Security
14:10 - Profiling "VIP Accounts" Access Patterns in User-Centric Data Streams
14:10 - HTTP Security Headers: A Technology History Through Scar Tissue
14:10 - Deploying Two-Factor Authentication to Millions of Users
14:10 - Do You Even Tech Anymore: Management & Leadership in Security?
14:50 - Concrete Steps to Create a Security Culture
14:50 - Containers: Your Ally in Improving Security
14:50 - Two-Faces of WASM Security
14:50 - Vendor Security: Where Our Data Goes We Follow
15:30 - Collect All the Data; Protect All the Things
15:30 - Shall We Play a Game?
15:30 - DevSecOps State of the Union
15:30 - You Might Still Need Patches for Your Denim, but You No Longer Need Them for Prod
16:10 - All Your Containers Are Belong to Us
16:10 - Beyond AV: Detection-Oriented File Analysis
16:10 - Treat the Problems, Not the Symptoms: Baby Steps to a More Secure Active Directory Environment
16:50 - RadRAT: An all-in-one toolkit for complex espionage ops
16:50 - Back to the SOCless Future: Implementing Monitoring & Response Through Automation
16:50 - Do Androids Dream of Electric Fences?: Defending Android in the Enterprise
17:30 - Closing Ceremony

Presenters