BSidesOK 2019

BSidesOK 2019

Training: Wed-Thur, April 10-11th

Conference: Friday, April 12th

Glenpool, OK (Tulsa area)

About BSidesOK

BSides Oklahoma is a free information security conference focused on practical knowledge that is widely available to the community. Our goal is to improve information security skills and awareness through sharing, with inexpensive training classes and a FREE conference for attendees. The conference includes hands-on challenges, talks, food and drinks(grownup and otherwise). All would not be possible without our Sponsorsand our amazing Volunteers!


Keynote Speaker!

Our featured keynote speaker for 2019, our 5th year, will be Michael Haney! He is a Co-Founder of BSidesOK and a long distributer of well researched and tested knowledge for the InfoSec community. In 2015 he finally earned as many degrees as he could get, granting him the opportunity to implant himself in a position filled with cutting edge research and equipment. As a Professor and a cybersecurity researcher at Idaho National Labs his research focus is on Computer/Network Security, Forensics, Applied Crypto, Critical Infrastructure Protection, resilient design, and situational awareness through intrusion detection and honeypot systems.

Registration

Register Now

What are you waiting for? It's free to register, but don't wait. We sold out last year. :)

Conference Schedule (Friday, April 12)

Click on any schedule item to see details about the talk.

Registration

Welcome & Announcements

Keynote

Michael Haney

Co-Founder of BSidesOK

He is a Co-Founder of BSidesOK and a long distributer of well researched and tested knowledge for the InfoSec community. In 2015 he finally earned as many degrees as he could get, granting him the opportunity to implant himself in a position filled with cutting edge research and equipment. As a Professor and a cybersecurity researcher at Idaho National Labs his research focus is on Computer/Network Security, Forensics, Applied Crypto, Critical Infrastructure Protection, resilient design, and situational awareness through intrusion detection and honeypot systems.

Quick Wins To Enhance Your Active Directory Security

Eric Kuehn

Secure Ideas

Exhibit Hall A


Active Directory environments are typically the lifeblood of every company; acting as the core authentication and authorization source. Attackers can use the data held within AD to learn a great deal about an organization. On top of that, with the threats of Golden Tickets, malicious destruction, or simple unauthorized access into confidential data, protecting Active Directory is something that must be taken seriously. This session will cover a handful of security enhancements that are easily implemented yet appear to be rarely used, even by some security conscious entities. This will include not only the changes to these common misconfigurations but also some readily available methods that exploit them.

Imperial Stout: Building Bolder BurpSuite Functionality through Extensions

Jason Gillam

Secure Ideas

Exhibit Hall B


I have been building tools and extensions to support penetration testing tasks for many years, and am most known for my work on Burp CO2 and Paramalyzer. This talk is meant to pass on knowledge of how to make use of extensions and also set the foundation for building them. Through a series of demonstrations I intend to show some of my current work as well as that of other extension developers. All of the extensions demonstrated during this talk are open source projects, and I hope to inspire more open source contributions to information security tool projects. For this talk my demonstrations will be specific to Burp Suite, the proxy tool familiar to web application penetration testers, but they will be applicable in other contexts.

This is a technical talk and is most appropriate for anyone who is at least dabbling in software development or who is familiar with web application penetration testing.

Zero to logging in 50 minutes!

Stephen Nelson

Room 3


It is 2019 and your company doesn’t even have centralized log management. Management won’t let you spend six figures on a shiny new SIEM. What is a poor security engineer to do?

This talk will take you from zero to logging in 50 minutes utilizing free software and cheap hardware.

The Future of Security Assessments with UAVs and Drones

The Insider Security Agency

Room 4


The ability to fly and own your own UAV or drone has become increasingly easier and simple. Explore the structured and ethical use of drones can bring to your next security assessment. Discover the offensive and defensive uses of drones as the UAV Penetration Testing Framework is unveiled.

Introducing ArTHIR –ATT&CK Remote Threat Hunting Incident Response Windows tool

Michael Gough

Malware Archaeologist

Exhibit Hall A


ArTHIR is a modular framework that can be used remotely against one, or many target systems to perform Threat Hunting, Incident Response, compromise assessments, configuration, containment, and any other activities you can conjure up utilizing built-in PowerShell (any version), or binary & (WinRM).

What to do during an IR Event

Donovan Farrow

Alias Forensics

Exhibit Hall B


Get prepared for an attack! 5 Scenarios that will help you accurately stop the Hack!

Harden Your Web App - How I Learned to Stop Worrying

Kristopher Wall

True Digital Security

Room 3


Ever wonder how the bad guys break into web servers? Curious what they're looking for? Join me as I dive deep into web application exploits with these simple rules to help defend your web applications from attacks and learn to stop worrying so much.

What are the most common attacks against web applications? What can we do to defend against them? Won’t our web application firewall protect us?

These are regular questions I receive from my clients. Join me as I dive deep on a cross-section of common server-side attacks, and how they’re carried out. Once you understand what we’re looking for, you’ll understand how to stop most attacks. Allow my years and experience as a web developer, turned pentester, to benefit and harden your web applications from these attacks.

Is your InfoSec program "Livin' on a Prayer"?

Chad Kliewer

Pioneer

Room 4


Even though there are no rock stars in InfoSec, we can use classic rock as a road map for information security. Join me as we count down top classic rock songs, break down the barriers we all face, and explore the lessons we never knew they taught us. I promise, I won’t be singing!

Whether you’re dealing with “Proud Mary” in Payroll (who would never admit they fell for a phishing email) or “Me & Bobby McGee” in the warehouse, Information Security has plenty of challenges. It’s not always best to be the “Iron Man” and lock everything down so nobody can work. “Welcome to the Jungle” and I’ll share some tips to keep you “Rockin’ in the Free World”. So, who else thinks of their disaster recovery plan every time they hear “Smoke on the Water”?

Lunch Break

The Next Generation of APIs - GraphQL and its Security Landscape

Matthew Moses

Exhibit Hall A



The popularity of GraphQL APIs is on the rise. Open sourced by Facebook in 2015, GraphQL is a declarative API that provides a great deal of flexibility and optimization gains. This allows for new features to be rolled out very quickly without necessarily a lot of back end changes. Its agile aspect lends itself well to teams following the principles of continuous integration and deployment. For these reasons GraphQL is likely to see increased adoption through the industry in the coming years, likely to rival REST APIs. What does the threat landscape look like for GraphQL APIs? What potential pitfalls might a developer encounter? How does an organization effectively secure a GraphQL?

http://bit.ly/2Oxp5Bp

https://slides.com/mmoses/deck/live

Totally awesome QR code

Panel Round 1

Moss vs Lawlz

Exhibit Hall B


It's gonna get weird.

Can we protect privacy without breaking the web?

Luke Crouch

Room 3


Privacy, Cross-Origin Resource Sharing, Cookies, oh my!

Securing Industrial Control Systems

Pedro Serrano

Room 4


A quick look at the most important steps in trying to secure Industrial Control Systems that can be obtainable and can make a difference in your environment.

Pedro Serrano has over 35 years of experience managing and installing cyber security controls in networks around the world, 20 of those in military systems while serving in the United States Air Force. He is the Security Architect for Cimarex Energy. Pedro has two postgraduates degrees one in Telecommunications Management from Oklahoma State University and the other in Computer Science rom Tulsa University. Pedro serves as the President of the Information System Security Association (ISSA) chapter in Tulsa, Oklahoma and holds the CISSP certification from ISC2.

Defending and Responding to Business E-Mail Compromises within Office 365

Michael Oglesby & Jenna Waters

True Digital Security

Exhibit Hall A


A discussion of Office 365 incident response and forensics capabilities, security features, and how security teams can effectively utilize these resources.

Business E-mail Compromises (BEC) are increasingly becoming a significant cause of data breaches and financial loss. Many companies are falling victim to mass phishing and credential harvesting attacks giving attackers access to internal email communications and sensitive private data. Compounding the issues are more and more organizations are moving their email into the cloud, using services such as Office 365. An organization’s ability to defend and respond to a breach within a cloud email environment requires planning and forethought. This talk will provide guidance, tools, and tips when performing cloud-based incident response within a typical Office 365 environment. A discussion of Office 365 incident response and forensics capabilities, security features, and how security teams can effectively utilize these resources will be presented.

Panel Round 2

Moss vs Lawlz

Exhibit Hall B


Lawlz briefly takes the upper hand!

HACKERS, HOOLIGANS, HEISTS, & HISTORY

Arron Harrell

Verodin

Room 3


From 19th century mechanical computers to telephones, radios, digital computers & the Internet, sabotage, fraud, theft & other nefarious undertakings have been conducted with low risk, minimal hurdles & high reward. This talk will explore an abridged history of hackers, hooligans, and heists.

Securing Industrial Control Systems (continued)

Pedro Serrano

Room 4


A quick look at the most important steps in trying to secure Industrial Control Systems that can be obtainable and can make a difference in your environment.

Pedro Serrano has over 35 years of experience managing and installing cyber security controls in networks around the world, 20 of those in military systems while serving in the United States Air Force. He is the Security Architect for Cimarex Energy. Pedro has two postgraduates degrees one in Telecommunications Management from Oklahoma State University and the other in Computer Science rom Tulsa University. Pedro serves as the President of the Information System Security Association (ISSA) chapter in Tulsa, Oklahoma and holds the CISSP certification from ISC2.

UEFI, BMC, and the Gremlins Therein

Nathan Keltner

Atredis

Exhibit Hall A


Your modern computer is a matryoshka doll of computers, computers inside computers, and it’s also turtles all the way down. This impacts all kinds of weird things, like how you handle laptops or how scared or comfortable you should be with cloud computing.

UEFI is a spec defining interactions between low-level computer firmware (the stuff you think of as your BIOS) and all the other computers in their little computer village. Technically, UEFI runs on your normal processor, but at runtime it shares the processor with your OS, and for most purposes you can think of it as a co-processor running in parallel.

The BMC is an actual co-processor (often ARM-based, or SH4 on older servers) that allows you to manage the server remotely. It has multiple devices exposed to the host, web servers, and lots of complex, network services running as root.

In this talk, we’ll cover the attack surface of these two components on modern systems, how to assess them if you are so inclined, and how they should inform your decisions when planning data center deployments and cloud server usage. We’ll release initial versions of Binary Ninja plugins we’ve been working on at Atredis, bringing UEFI coverage to the new platform and its hot MLIL, and who knows, we might drop 0day or a post exploitation framework if we get around to it.

Cyber Patriot Panel

Julio Tirado

Cyber Patriot Tulsa

Exhibit Hall B


Recruiting the next generation into information security roles is a priority. Join us to learn how you can help out!

Improving Incident Response with Real-World Attacks

Nathan Sweaney

Secure Ideas

Room 3


This talk is designed to help small/medium businesses think through how they respond to security incidents using lessons learned as an attacker. It’s not a “how to do incident response” as much as a list of tips & tricks to better tune the process. Plus lots of robots.

CMMI and Incident Response

Joe Sullivan

RCB Bank

Room 4


Incident response is a technical process by nature, but do you know how to develop and incident response program that’s appropriate for your organization’s level of maturity and get buy in from your business leaders? In this talk I will cover how to determine your organizations maturity by using the capability maturity model and how to implement the PICERL model (prepare, identify contain, eradicate, recover, and lessons learned) to handle an incident. I’ll wrap up the talk by covering how to sell this program to your business leaders and how to prepare a business case to justify it.

Anomaly Factor: Analyzing Packets to Determine Fact from Fiction

Ramece Cave

Exhibit Hall A


Explore the intriguing world of protocol anomalies. Learn how to analyze PCAP and log data to understand and identify anomalous patterns. Immerse in the caveats of IPv4 stack protocols that can be indicative of anomalies. Use this knowledge to create actionable intel and conquer the Anomaly Factor.

What's zDeal with zBang?! Discover Hidden Risks in AD with zBang

Andy Thompson

Exhibit Hall B


Did you know, just because a user isn’t in the Domain Admins group doesn’t mean they don’t have the permissions of a Domain Admin. Lots of hidden risks exist in IT environments and most blue-teams don’t even begin to scratch the surface of where attackers are hiding… often in plain sight! This talk discusses several of these persistence tactics, how to counter these threats, and how to discover them in your environment free with zBang.

The New Normal: Assessing Modern Applications in Today's Environments

Jason Gillam

Secure Ideas

Room 3


Application development and deployment practices have changed significantly in recent years. In a world of cloud computing, single page apps, agile, and devops, it is time InfoSec got caught up with the times! Here is how.

“We don’t have a requirements document”… “The code gets deployed to production as soon as it is committed”… “The app is serverless”. Software development practices have changed significantly in recent years and many information security groups struggle to keep up. In this talk we will explore some of these changes and methods to adapt security assessments to accommodate the new landscape of software development.

Penetration Testing - Lessons Learned 2018

Aaron Moss & Josh Bozarth

True Digital Security

Room 4


Josh Bozarth and Aaron Moss will discuss several trends that we saw as attackers over the last year in many different organizations in different industries. Some of the trends may surprise you, however, many will not. We will also be discussing how organizations can overcome these trends, and how to make our jobs as attackers much harder, and hopefully make your company a harder target for criminals.

Just enough Bitcoin to execute cryptojacking attacks with JavaScript

Luke Crouch

Mozilla

Exhibit Hall A


Whatever their price, Bitcoin and cryptocurrencies continue to provide interesting technical and security opportunities. This talk gives a comprehensive introduction of bitcoin & cryptocurrency technology, and then analyzes how cryptojacking attacks are executed with JavaScript.

Introduction to Social Engineering Forensics

The Insider Security Agency

Exhibit Hall B


After a security incident we can easily address the technical details of an attack, however little is done when it is a social engineering attack. Discover how to conduct a uniform forensics methodology to social engineering attacks. Use a new framework to help defend against social engineering.

PowerShell to the People!

Jimmy Lawlz

Financial Services

Room 3


We'll be starting with some basic PowerShell (PS) how to’s, mainly things I wish I knew when I started tickling this new terminal and shell. Then we'll go over some use cases of where you could save time using PS. The goal of this presentation is to be able to teach something to somebody no matter what level of PS’n foo they have, walking away with tools and use cases they could use today.

It’s Not the Technology Stupid – Enterprise Tips and Tricks for Getting Things Done

Ian Anderson

Room 4


Most people assume challenges in information security are of a technical type, but the challenges Enterprise Defenders typically face are relational and/or political. So, it makes sense that some of the most critical work that Information Security professionals can undertake is creating the relational infrastructure that enables them to get things done within their organization.

Developing and maintaining effective relationships, especially with executives, finance/budget, supply chain, and field personnel is a critical component of every effective Enterprise Security Program. Without these relationships in place, disconnects between perception and intent will hinder your efforts to accomplish your goals. This talk covers some of the other teams that defenders may encounter, how these teams perceive cybersecurity, and how best to establish a productive relationship with them. Attendees should walk away with a couple of quick hitter ideas on how to establish or reconnect with various segments of a business.

We all have jobs to do and a method for how we work. Defenders that understand how business units work, and what these business units can offer back to the blue team, will be able to develop more effective and efficient strategies that align with business efforts., AKA: we can get more stuff done…

Closing & Door Prizes

 

Training

BSidesOK is all about supporting the community and encouraging information security education. This year we're adding two whole days of low-cost security training! Pick a course & sign up today!

All classes will be 8am-5pm on Wednesday and/or Thursday, April 10-11.
Class sizes are limited to 25.
Paid members of ISSA, Infragard, & Techlahoma receive 20% off!!!
Email [email protected] for more details.


Malware Discovery and Analysis - $500 - 2 Day

Instructor: Michael Gough (Malware Archaeology)

Wednesday-Thursday (April 10-11) 8am - 5pm

This course focuses on performing fast triage and how to discover if a system has malware, how to build a malware analysis lab and perform basic malware analysis quickly. The concept of Malware Management, Malware Discovery and Basic Malware Analysis will be discussed with exercises linking the three concepts together.

Course Description - Register Here


AppSec - Attacks & Defenses - $500 - 2 Day

Instructor: Jason Gillam (Secure Ideas)

Wednesday-Thursday (April 10-11) 8am - 5pm

This course is designed to introduce web application developers to the world of web application vulnerabilities through a combination of practical and thought exercises. The course leverages the Samurai WTF environment as a test lab, and primarily focuses on the execution and defensive measures for the OWASP Top 10 vulnerabilities.

Course Description - Register Here


Network Penetration Testing - $500 - 2 Day

Instructors: Eric Kuehn & Nathan Sweaney (Secure Ideas)

Wednesday-Thursday (April 10-11) 8am - 5pm

This hands-on course will teach attendees a basic methodology for network penetration testing. Students will walk through the phases of a test with demonstrations of various tools and tactics used in each phase. The course is heavily focused on hands-on labs so that attendees have the opportunity to actually use common tools and techniques. By the end of the 2-day training, students will understand the structure of a penetration test and have the experience necessary to begin practicing the demonstrated toolsets.

Course Description - Register Here


Implementing an Incident Response and Review Process - $250 - 1 Day

Instructor: Jonathan Kimmitt (University of Tulsa)

Wednesday (April 10) 8am - 5pm

Coming soon.

Course Description - Register Here


Evaluating IT Security Concerns with 3rd Party Contracts - $250 - 1 Day

Instructor: Jonathan Kimmitt (University of Tulsa)

Thursday (April 11) 8am - 5pm

Coming soon.

Course Description - Register Here

Where it’s at

Located at theGlenpool Conference Center in Glenpool, OK (Just southwest of Tulsa).

Official Conference Hotel - Holiday Inn Express Glenpool
For a 10% discount on room prices, use the Corporate ID of "786825735".
Book Rooms Today!

We ♥ Our Sponsors

 

Interested in Sponsoring BSidesOK? View ourSponsorship Kit.

 

If you have any questions, please contact us viaemailor@BSidesOKon twitter.

Volunteer

This conference wouldn't happen without our great organizers and volunteers. Many thanks to: Nathan Sweaney, Nathan Keltner, John Robertson, Carrie Randolph, Aaron Moss, James Lawlz, Devon Greene, Donovan Farrow, and Wes DeVault.

If you'd like to volunteer, please contactour team.

Code of Conduct

Everyone deserves to attend a learning event, community or professional, with a reasonable expectation of good behavior. The BSidesOK Team expects that while attending this conference you treat everyone with the love and respect you wish to recieve. This applies to all attendees, speakers, volunteers, vendors, and anyone in between. We feel that if you do that, then this conference will once again run smoothly and we will all have a good time. Don't be an ass! ;)
Contact us if you have questions.