Security B-Sides MSP 2015
at Target Plaza Commons

Come out and play!

Security B-Sides MSP 2015 is Minnesota's only FREE, 100% community organized, educational, two day, security and technology conference. This year it is being held at Target Commons in Minneapolis running from 9am to 4pm on Saturday June 13th and Sunday June 14th, 2015. The goal of BSidesMSP is to grow a critical mass of security and technology literacy and awareness here in the North.

Check out the "What Security!?" Crowd Funded Documentary at Indigogo!

Google Map of Target Plaza Commons at 1101 Nicollet Ave S, Minneapolis, MN 55403 (Marker is correct, address is 1101)


The general BSidesMSP email address is: info@bsidesmsp.org
Security B-Sides MSP 2015 Wiki
@BSidesMSP on Twitter Security B-Sides MSP on LinkedIn, BSidesMSP LinkedIn Group


DAY 1 - June 10th                               

Main Hall        0900 - 1030        Nate Cardozo        "Opening Keynote Cryptography Law and general Q&A with the EFF" 

Nate Cardozo is a Senior Staff Attorney on the Electronic Frontier Foundation’s digital civil liberties team. In addition to his focus on free speech and privacy litigation, Nate works on EFF’s cryptography policy and the Coders’ Rights Project. Nate has projects involving export controls on software, state-sponsored malware, automotive privacy, government transparency, hardware hacking rights, anonymous speech, electronic privacy law reform, Freedom of Information Act litigation, and resisting the expansion of the surveillance state.

Nicollet Room        1030 - 1630        Leonard Jacobs        Training - Security 101 boot camp 

Security 101 Bootcamp covers some of the cyber security analysis fundamentals that a beginning cyber security analyst should possess

Target Tower        1030 - 1630        Kizz MyAnthia        Training - Spy Game: Red Teaming in the real world 

During "Spy Game" we will look at the entire methodology of what it takes to execute a successful Red Team engagement. As part of "Spy Game" the attendee will be thrown into the weeds of a real life Red Team scenario.

4th Floor        1030 - 1630        Quick Fire Talks        Open Mic 

Got something say and need a space? Whether you are a first time speaker or would like a smaller audience to riff with, then Quick Fire Talks are for you.  Reserve 15 or 30 minute slots on the whiteboard by the Elevators

Main Hall        1045 - 1130        Tim Crothers        "Inside real APT" 

We'll delve into comm's resulting from infiltrating C2 (command and control) so attendees can see what "APT" actually looks like and (more importantly) how to detect and deal with them. No smoke and mirrors here. Just the real deal on scumbags p0wning our networks.

Main Hall        11:30 - 12:00        Ty Sbano        "Fast Furious and Secure: DevOps Edition" 

DevOps and the agile mindset have arrived at large organizations, but security often gets bolted on at the end. This leaves product teams angry and frustrated with security. It is a constant struggle, like Vin Diesel shifting an automatic muscle car. So, how do we ensure that the delivery cycle gets fine-tuned to embed security continuously?

Main Hall        1200 - 1300        Lunch and Networking               

Main Hall        1300 - 1345        John Michealson        "Dev Ops for your home security lab" 

This presentation focuses on the evolution of my network security automation lab. From my home entertainment systems meager beginnings using the Xbox based XBMC project to its current state of Azure hosted docker VMs providing all the necessary tools to satiate my families digital content needs, I'll walk through the the workflow and the security automation I've built into the tiers allowing complete deletion, reinstatement or upgrade of content services at a whim - and the most important piece - automatic insertion and removal of security services with it.

Main Hall        1400 - 1445        Russ Steiger        "Maintaining Focus inside the security Maturity Curve" 

Lots of companies are building security rapidly, but how will you know what to do next?

Main Hall        1500 - 1545        Paul Melson        "Automating Malware Analysis for Proactive Detection" 

Analyzing malware can lead to valuable information about adversaries, their capabilities, and intentions. This talk will take a look at practical ways to automate the bulk collection and analysis of malware for the purposes of extracting indicators, developing intelligence, and building detection for new threats.

Main Hall        1600 - 1645        Matt Nelson & Will Schroeder        Bridgeing the Gap: Lessons in Adversarial Tradecraft 

As companies scramble for a way to keep from being the next Sony, they’ve started to search for ways to simulate the sophisticated attackers they now face. Organizations that have started to adopt an “assume breach” mentality understand that it’s not a matter if they’re compromised by these advanced adversaries, but when. Red team engagements allow an organization to better exercise their technical, process, and personnel defenses, but much of this advanced tradecraft has been historically restricted to teams with large budgets and timeframes.

Our approach is to help push down some of this advanced tradecraft, so testers can utilize these powerful tactics in assessments of all types. This presentation will cover our view of the “assume breach” mentality, and the approach for our red team operations. We will then trace through several areas where we’ve made efforts in bringing advanced tradecraft to even constrained engagements. Adversarial tradecraft isn’t just for red teams any more.

Main Hall        1700 -1745        Alex Holden        "Botnet C&C: up close and personal" 

Malware and viruses get more complicated and evasive. Defensive postures concentrate around malware isolation and analysis. But what do hackers see? Taking a page from their playbook we will examine real-life botnet Command and Control systems to see how they function from the inside. Botnet types such as traditional C&C, mobile, RATs, grabbers, injects, and other popular types of hacker tools will be shown to get a better understanding of the hacker back-end platforms and intents for further abuse.

    

DAY 2 - June 11th                               

Main Hall        0900 - 0945        Kellman Meghu        "The Enforcement Awakens" 

There is a new hope for transformation in IT services. Let's explore a cautionary tale about the impact of security in an IoT agile world. What does a secure cloud architecture look like, when you don't have to consider what the product is? Enough with the abstraction layers, you can say it's just computers connected to a network, the impact of the converging technologies are still driving us to change.

Nicollet Room        0900 - 1600        Leonard Jacobs        Training - Security 101 boot camp 

Security 101 Bootcamp covers some of the cyber security analysis fundamentals that a beginning cyber security analyst should possess

Target Tower        0900 - 1130        Kizz MyAnthia        Training - Spy Game: Red Teaming in the real world 

During "Spy Game" we will look at the entire methodology of what it takes to execute a successful Red Team engagement. As part of "Spy Game" the attendee will be thrown into the weeds of a real life Red Team scenario.

4th floor        0900 - 1345        Anthony J. Stieber        Workshop: How to get a job in Information Security 

Looking to break into a career in Information Security?  Join Anthony J. Stieber, Co-Author of "Breaking into Information Security: Crafting a Custom Career Path to Get the Job You Really Want", as he shows you how to navigate the many pitfalls of joining this profession.  Whether you are a student, in IT, security enthusiast, or maybe in Security but looking to climb that next step, Anthony's brings a lot of experience to the table for everyone.  Bring your laptops if you have them however they are not required.                      

Main Hall        1000 - 1045        Jame Renken        "Universal Attack Surfaces" 

The network is segmented. There’s aggressive IDS/IPS all over the place. You’ve fired everyone who failed your phishing tests, even the CFO. What’s left? You’re still at risk from the infrastructure you can’t control: domain name registrars, SSL/TLS certificate authorities, and even Tier 1 Internet backbones. Seasoned ISP sysadmin James Renken will talk about detecting and defending against social engineering, forgery, and BGP hijacking attacks that we’ve seen from script kiddies, cybercrime gangs, and nation states.

Main Hall        1100 - 1145        Megan Carney        "Micro versus Macro" 

Companies that specialize in endpoint security look for patterns across their customer base, then apply those signatures or heuristics to your environment. This is a good thing, even though it often results in false positives. Analysts dedicated to your environment know what’s normal and what’s not. This is also a good thing. In today’s world, you need both perspectives. Modern attackers use camouflage tactics to hide their activity because they’re focused on stealing information, for profit or for country. To combat this, you need to combine the macro perspective endpoint security companies give you with the micro perspective your analysts have. This is why you write your own alerts. This presentation will focus on a case study in how Yelp uses intelligence from our DNS resolver to find infected machines, based on deviations from normal patterns in our environment.

Main Hall        1200 -1300        Lunch and Networking               

Target Tower        1200 - 1600        Kizz MyAnthia        CTF/Red Team Challenge 

Not your typical "own the box" CTF, this Red Team Challenge will be team based and challenge your ability as a team to navigate a Red Team engagement.  Open to Students of Spy Game Class and all Participants.  Lunch will be provided for contestants.  Signups will be at registration

Main Hall        1300 - 1345        Nicholas Chapel        "Setting up a test lab with VMWARE" 

If you aren't fortunate enough to have access to a production environment or on-the-job training, the home test lab is crucial for learning infosec tools and techniques. Creating the testing environment is the first hurdle to overcome in getting hands-on experience, and it can be difficult to know where to start. For those who have not installed VMware before, the prospect may be intimidating, but it is in fact both relatively straightforward and easily taught.

4th Floor        1400 - 1600        Quick Fire Talks        Open Mic 

Got something say and need a space? Whether you are a first time speaker or would like a smaller audience to riff with, then Quick Fire Talks are for you.  Reserve 15 or 30 minute slots on the whiteboard by the Elevators

Main Hall        1400 - 1445        Derek Arnold        "Accessible Threat Intelligence with the Splunk app- Optiv Threat Intel" 

Optiv Threat Intel is a Splunk App that automatically correlates your data with several popular open threat lists. After a few mouse clicks we can start hunting for log sources that are reaching out to, or being attacked from, known attackers. The app can provide increased visibility to potentially malicious activity going on in the organization.

Main Hall        1500 - 1545        Joe Petroske        "Automating Malware Analysis for Proactive Detection" 

Image files make great carrier channels for hidden messages. By simply replacing the least-significant bit of each pixel byte with some data, you wind up with an image file with an embedded hidden file. And the new image is indistinguishable from the original.  So how could anyone ever detect this? With a little math and a little Powershell, you can get a good idea whether something else is lurking inside your favorite cat meme.

Main Hall        1610 - 1730        John Strand        "If I wake evil (How I would attack you if I turned into a criminal mastermind)" 

John Strand is the Owner of Black Hills Information Security (BHIS), and has both consulted and taught hundreds of organizations in the areas of security, regulatory compliance, and penetration testing.  John is also an instructor and course author of BlackHat’s “Active Defense, Offensive Countermeasures, and Hacking Back” and the SANS Institute’s “Hacker Tools, Techniques, Exploits and Incident Handling” classes.

John is co-author of the"" Offensive Countermeasures: The Art of Active Defense” book and is a contributor to the industry shaping Penetration Testing Execution Standard and 20 Critical Controls frameworks."

Featured Presentations










Ian Whiting

CEO of Titania Security
Ian has been working with leading global organizations and government agencies to help improve computer security for more than a decade. He has been accredited by CESG for his security and team leading expertise for over 5 years. Ian Whiting founded Titania with the aim of using his cyber security expertise to produce security auditing software products that can be used by non-security specialists and provide the detailed analysis that traditionally only an experienced penetration tester could achieve.

Lance James

Lance James is an internationally renowned information security specialist. He has more than fifteen years of experience in programming, network security, digital forensics, malware research, cryptography design, cryptanalysis, counterintelligence, and protocol exploitation. He provides advisory services to a wide range of government agencies and Fortune 500 organizations including America’s top financial services institutions. Credited with the identification of Zeus and other malware, James is an active contributor to the evolution of security practices and counterintelligence tactics and strategies.


Leonard Jacobs

CEO of NetSecuris, Inc. presents Cybersecurity Analyst Training Crash Course covers the following topics:

  • Threat-Centric Security
  • Network Security Monitoring
  • TCP/IP Protocols
  • Common Application Layer Protocols
  • Packet Analysis with Lab
  • Windows Architecture
  • Linux Architecture
  • Basic Data Parsing with Lab

  • Derek Arnold


    "Your Managed Security Service Provider is bad, but should you feel bad?"
    This presentation goes through common misconceptions, practical tips on improving an existing arrangement and pointed questions to ask a prospective MSSP.

    Shawn Hernan

    "Factor-and-a-Half Authentication"
    Users like passwords, and hate hardware tokens. Factor-and-a-half authentication, consisting of "something you know," and "something you create" is an attempt to strike a balance between single-factor and two-factor authentication

    Mike Saunders


    "You will be breached"
    If you are connected to the Internet, it is not a matter of if, but when you will experience a breach.
    "Is your data literally walking out the door?"
    This light-hearted presentation will get you to look at your physical infrastructure in a new light and will help you assess it. It doesn’t matter how good your firewall is if somebody walks a server out the door.


    Anton Schieffer


    "Data Mining 101"
    Anton will give an overview on data mining and how to leverage different data sets to create new information.

    Tim Crothers

    "Modern Forensic Techniques" and "Fast Windows Investigation Techniques"
    The Senior Director of Cyber Security at Target will be giving a high level overview of modern forensic techniques and a technical hands-on demonstration of Fast Windows Investigation Techniques.

    Kevin Nassery


    "DDoS Forensics"
    A hands on look at analyzing DDoS attacks and building patterns necessary to identify attack traffic from legitimate users. The focus will be on full packet capture tools like Wireshark, pre-attack baseline profiling, and technical incident response surrounding these issues.


    What is Security B-Sides MSP?

    Our Goal.

    • Building security awareness multipliers, engaging educational presentations over a wide range of technology and security related topics with actionable take aways and hands-on exercises.
    • Attracting a community of individuals and groups with the common goal of improving the safe use of technology and the internet, that otherwise would not participate in these discussions by eliminating cost and outreach barriers.
    • Creating opportunities for recruiting & employment, fueling entrepreneurialism, driving research, connecting passionate participants with mentors, and supporting educational initiatives.

    Our 2014 Successes.

    2014 Participants.


    Why do Security B-Sides MSP?


    Why do Security B-Sides MSP?


    Our Core Team and Track Leads

    Ron Fresquez
    Education Outreach & CFP Review

    Ron wears many hats in BSidesMSP however his primary role in 2014 was speaker wrangler and this year is leading our education outreach and wrangling our presenters. When he's not doing BSidesMSP, he's building new mainframe talent.

    Nick Ries
    Volunteer Coordinator

    Nick is the Security B-Sides MSP volunteer coordinator again in 2015 and he is an electrician by trade.

    Amanda Hull
    Venue Coordinator

    Amanda was our Chief Food Officer and Venue Coordinator in 2014 and will be doing the same this year. Amanda is a professional pastry chef.


    Phil Reno
    Safety Team Lead

    Phil was a safety team 2014 volunteer and is running the safety team this year. Phil is a security viking.

    David LaBelle
    Outreach and Marketing

    David was a an active 2014 volunteer and is running outreach and marketing this year. David is a security architect.

    Brian Fackler
    Volunteer

    Fackler was an active volunteer in 2014 and showed his dedication to safety through the BSides Reg Ramp and is assisting with the 2015 event.


    "Jasmine Eric Ward" (Jew) DreamFirstBorn
    Filmography Lead


    Jew DreamFirstBorn, originally from New York City, is an award winning local film maker and photographer here in Minneapolis, MN. He graduated from The Arts Institute with a Bachlors of Sciences in Digital Video Film Production. He has had work shown at The Guthrie and has worked on many films that have appeared in local film festivals. His photographs have been published in the Star Tribune, VitaMN, City Pages, MN Monthly. He recently wrapped on the feature film production "Forgotten" directed by Joel Soisson and produced by Mike Leahy. He also publishes a monthly portrait magazine called Paper Crayons: Portraits. He has photographs celebrities including: President Barack Obama, Lenny Kravits, Janet Jackson, Dave Chappelle, Olivia Newton-John and Finoa Apple just to name a few. After being paid $2500 for his services, Jasmine Eric Ward (DreamFirstBorn) refused to provide the recorded footage for BSidesMSP 2015. It may have been lost, destroyed, or misplaced but it was never delivered.

    Lou Ann Jensen
    Cryptograms

    Lou Ann is an amazing network whisperer and is making our cryptograms this year

    Matthew J. Harmon
    Organizer

    Matthew is organizing BSidesMSP 2015 and lead BSidesMSP 2014. In his non-BSidesMSP time Matthew is a security researcher, technical risk assessor and educator.


    2014 Documentary

    BSidesMSP 2014 Mini Documentary

    Due to funds availability in 2014, we only did a short documentary of the big event. This year we're documenting the entire 2015 process from start to finish. Help support our crowdfunding of this effort! Contact David with ideas or contributions.


    Watch the 2014 Videos

    BSidesMSP 2014 at the Internet Archive

    Our Bootstrap Sponsors


    Our Cooperating Events and Organizations


    Our Partner Organizations


    Our In-Kind Sponsors



    Subscribe to the Announcements List

    * indicates required
    Email Format

    View previous campaigns.


    RSVP for Security B-Sides MSP 2015 Miss our April Fools Day Page? It's here.