Want to see your talk here?
CFP Info/voting:
CFP Submission Form:

Got an opinion on a talk, awesome! Speakers love feedback but it's best for everyone when it's constructive as these comments are public.
Shortlink to this page:
Want more info on the conference?

Twitter @BSidesDE
Main Wiki page

Mark your calendar for November 13th and 14th 2020
Want to see your name and logo in lots of places and make business connections? Are you looking to hire infosec talent?

Download Our Sponsor Kit:
Copy and paste to twitter for easy votingTitleHow would you like to be
credited as the speaker
and author of the talk?

(This will be posted online AS IS for the
schedule and/or talk voting)
Abstract Intended audience or level skill levelSpeaker Bio (This will be posted online AS IS after your talk is accepted so spell check it please)Can you make people want to see your talk in 130 characters? Go:
@BSidesDE "A Crash Course In Assembly For Malware Reverse Engineers" #BSidesDE #Vote Crash Course In Assembly For Malware Reverse EngineersAdam Gilbert @AGDCservicesDo you analyze malware in a sandbox but get lost when there are limited results and you need to read the assembly to know why? If you want to dig into the malicious assembly code but don't know how to start, this class is for you.

This lab based workshop will introduce everything you need to get started statically analyzing malware down at the code level. We will review all the fundamentals; tools, assembly instructions, memory layout, calling conventions, essential API’s, common programming patterns, and more. On top of the fundamentals, you will learn strategies to put everything together and actually analyze malicious assembly code to discover Indicators of Compromise (IOC’s) not visible in a sandbox. Our goal is for you to start viewing assembly code as source
code, no different than reading C or Java.

Class Logistics
- Cost: $200
- This is an all day, 8 hour class taught remotely.
- You will receive a welcome letter with details to download the class VM a few days prior to the conference. If you do not receive the email three days prior to the class, contact us at or @AGDCservices

Student Requirements:
- Students should have an entry level understanding of programming in any language. A general idea of malware analysis goals will be helpful, but is not necessary.
- Students must bring a 64 bit laptop with:
* VirtualBox or VMWare Workstation installed (VMWare Workstation Player is acceptable)
* 25GB of free disk space to install a provided analysis VM
* 8GB of RAM
* 1 USB slot
* Internet Connectivity
This class if for beginners, no previous experience in assembly is required
Adam Gilbert is an avid security researcher and founder of AGDC Services, a boutique computer security firm which provides malware analysis training and consulting services. He has 10+ years of infosec experience and a M.S. in Electrical and Computer Engineering, but his knowledge isn’t academic. It comes from digging down deep into malware to reverse engineer every aspect. Translating complex malware techniques into understandable concepts for fellow security practitioners is a truly rewarding experience that Adam is passionate about.
Increase your #dfir #malware analysis skills in the #remote, lab based "Assembly For Malware Analysts" class for only $200
@BSidesDE "So you wanna start a podcast (Updated for 2020!)" #BSidesDE #Vote you wanna start a podcast (Updated for 2020!)Nate @gangrifSome say that Podcasting is still, in 2020, one of the best ways to reach an audience. Even in today's world of visual media, audio is still in high demand. I run the Iron Sysadmin Podcast, an IT Ops focused podcast. In 2016 when I set out to create this show, it wasn't as easy as I thought it would be. A lot of technology had to be learned, and since then the show has evolved. The podcast space has also evolved! In this talk, I'll recap how we started the Iron Sysadmin Podcast, how it's evolved over the years, and how I might do it differently today. If you're interested in starting a podcast, you won't want to miss this talk! Anyone interested in starting a podcast.
Nate is a Technical Account Manager at Red Hat, an accomplished Sysadmin, and a life-long nerd.
So, You wanna start a #podcast? Come learn from @gangrif's mistakes starting @ironsysadmin, and see how it's different today!
@BSidesDE "Breaking MFA" #BSidesDE #Vote MFAMishaal KhanMultifactor authentication (MFA) has been hailed by cybersecurity experts as a silver bullet in the security landscape which should leave IT leaders skeptical. Join Mishaal Khan to break down the myths encircling MFA and uncover its weaknesses. Mishaal will provide live demonstrations of MFA bypass methodologies, discuss adoption hurdles, vendors, technologies, pros & cons and offer a framework for implementing MFA so your organization's data is protected.Anyone who uses multifactor authentication
Mishaal like to entertain people with hacks and shortcuts while conveying a much bigger message. His hands-on nature likes to test the limits of technology by breaking things in order to learn how to secure them.

He's spent his career in the corporate world building complex networks and helping organizations secure them.

It helps to have a strong passion in cybersecurity, OSINT and Privacy while holding a long list of technical certifications including CCIE R&S, Certified Ethical Hacker, Certified Social Engineer Pentester.
dispel myths on MFA and how it can be hacked, learn the right way to implement it
@BSidesDE "Security Automation Steam Engine Time!" #BSidesDE #Vote Automation Steam Engine Time!Joshua MarpetSecurity automation is an old term. But up to now, most security is automated in a way that is done to assist a penetration tester, or maybe a blue team member. But is security being commoditized enough, that security automation, as a tool and a strategy, is enough to be done on its own merits? Not as an assist, but as a goal in and of itself? Let's examine what security has been automated in the past, and where we are now. And let's discuss whether what has been done up to now, is worthwhile. Or not. everyoneJoshua Marpet is the Co-Chief Vision Officer and co-founder of Red Lion. He is an internationally renowned digital forensics expert and a patent-pending author for a Blockchain based Digital Forensics System. Josh has been honored as one of the top 10 most influential people in BSides and currently serves as a board member for BSidesDE and BSidesDC. He is a former board member with Hackers for Charity and BSides LV. Josh is heavily involved with CMMC. He is also a proud father, husband and mentor.Did you automate any of your security? No? Should you? How? How much money can I save? Or would I not save any money? Let's talk!
@BSidesDE "How InfoSec skills can help you survive a pandemic" #BSidesDE #Vote InfoSec skills can help you survive a pandemicSpamThe pandemic has highlighted many interesting personal and professional challenges for everyone, but you might be surprised at how many Infosec skills can be applied to help you deal better with this once in a lifetime public health crisis.

This talk will present ways in which you can repurpose Infosec skills to help you thrive during the pandemic, and will also try to provide some unique ways you can use examples from the Pandemic to explain Information Security concepts to folks.
Spam has been accused of being Satoshi Nakamoto, but he spends most of his time pretending to be a meat popsicle.
@BSidesDE "Securing AND Pentesting the Great Spaghetti Monster (k8s)" #BSidesDE #Vote AND Pentesting the Great Spaghetti Monster (k8s)Kat Fitzgerald @rnbwkatWe’ve all heard of it - Kubernetes - but do you really know what it is and, more importantly, how to set it up securely? The Great Spaghetti Monster isn’t too difficult to secure if you just stop and use common sense (wait, WHAT?) security best practices. These techniques are for everyone - even those who have been playing with Kubernetes for some time.

Let’s talk about Docker, baby!

You have to start somewhere, and containers are the place. Next, let’s intro Kubernetes and the magic world of orchestration and what it really means to orchestrate containers. Then the fun begins as I demo a small Raspberry Pi stack with Kubernetes on it to show a live cluster with “visual aides” (very bright LEDs that show containers jumping from node to node).

As the brief Kubernetes demo concludes, it’s time to bring in security by demonstrating the security plug-ins and tools used. Techniques are shown for best-in-show k8s security configuration. Remember this concept - “Common Sense”? Let’s see if we can apply it with some best practices and build out the secure cluster. The focus on this is security threats to a Kubernetes cluster, containers and the apps deployed. A review of typical attack vectors in containers and Kubernetes clusters are shown with fun and exciting(?) pentesting tools specifically formulated for k8s.

Now the fun begins - we have secured our cluster and our containers but how can we be sure? Let’s put our blue-skills to the test with some red-skills and pentest our cluster. It’s time to present some live security testing tools that are best suited for testing k8s. This is where the rubber meets the road, or in this case, where, wait for it —– common sense prevails!!

Key Takeaways

1. k8s, what is it and why do I care, in real words, not fancy terms
2. Common sense techniques are still a thing and we prove it!
3. What tools we use and why
4. Pentesting in a k8s world is just a tiny bit different, and you will learn how.

The point(s) here, you WILL walk away with practical examples of what to do and what NOT to do. This isn’t theoretical.
All levels of Infosec will learn something!
Based in Seattle and a natural creature of winter, you can typically find me sipping Grand Mayan Extra Anejo whilst simultaneously defending my systems using OSS, magic spells and Dancing Flamingos. Honeypots & Refrigerators are a few of my favorite things! Fun Fact: I rescue Feral Pop Tarts and have the only Pop Tart Sanctuary in the Seattle area.
Oh sure, Kubernetes is the Bomb! But is it secure out-of-the-box? Oh hell no! Let’s see if we can change that. :-)
@BSidesDE "Workshop on Fundamentals of RF Security" #BSidesDE #Vote on Fundamentals of RF SecurityHarshit Agrawal @harshitnicAny technology comes with both hope and challenges. Radio communication came with the hope of a better life and services. But with this hope, Wireless communication came up with various security challenges like reliable communication between devices, wireless sniffing, spoofing, DoS attacks and so on. This workshop will give one brief idea of how to analyze the devices' security, and the best practice guidelines will help to design them properly.

To ensure RF security, one needs to have a comprehensive understanding of the technology, threats, exploits, and defensive techniques along with experience in evaluating and attacking. This session takes an in-depth look at the security challenges of many different RF attacks, exposing one to wireless security threats through the eyes of an attacker.
All levels of Infosec will learn something!
Harshit Agrawal is currently working as a Radio and Telecom Security Researcher. He is enthusiastic about Signal Intelligence, Electronic Warfare, and Telecom Security. He presented his research paper at International conferences like RSAC USA, HITB Cyberweek, ICS Security Singapore, Hack In Paris, HITB Amsterdam, Securityfest Sweden, Nanosec Malaysia, CISO Platform Virtual Summit, Sacon Conference Bangalore, and DakotaCon USA. Previously he was President at CSI Chapter and Vice President for Entrepreneurship cell at MIT, where he also headed the team of security enthusiasts which gave him a good insight into cyber-security and increased his thirst to explore more in this field. He is a Programmer, Researcher, and Believer! He believes in providing something out of the box!
Understand the ease and prevalence of RF exploitation with sophisticated practical examples and case studies.
@BSidesDE "Mining technical debt for fun and profit- M&A strategies" #BSidesDE #Vote technical debt for fun and profit- M&A strategiesAlex MuentzWhen you buy or sell a company, you've got to figure out what you're getting. Sometimes the stuff you're getting is worthless. That's a nice property, but it's on top of a toxic waste dump. There's an equivalent in cybersecurity. You might have a bunch of paying users, but there might be an undiscovered breach or bad privacy practice that will affect brand value.

I'll discuss the M&A process and how cyber professionals can ferret out and remediate issues pre sale or clean up afterwards.

There'll be stories. There are always good stories to tell.
This is for all participants, but may be more interesting for mid-career people looking for ways to move into the business side of their profession.
Alex Muentz is the M&A Practice Lead at Leviathan Security Group in Seattle. He's offered cybersecurity and privacy advice to clients ranging from new startups to Fortune 50 firms.
@BSidesDE "" #BSidesDE #Vote
@BSidesDE "" #BSidesDE #Vote
@BSidesDE "" #BSidesDE #Vote
@BSidesDE "" #BSidesDE #Vote
@BSidesDE "" #BSidesDE #Vote
@BSidesDE "" #BSidesDE #Vote
@BSidesDE "" #BSidesDE #Vote
@BSidesDE "" #BSidesDE #Vote
@BSidesDE "" #BSidesDE #Vote
@BSidesDE "" #BSidesDE #Vote
@BSidesDE "" #BSidesDE #Vote
@BSidesDE "" #BSidesDE #Vote
@BSidesDE "" #BSidesDE #Vote
@BSidesDE "" #BSidesDE #Vote
@BSidesDE "" #BSidesDE #Vote
@BSidesDE "" #BSidesDE #Vote
@BSidesDE "" #BSidesDE #Vote
@BSidesDE "" #BSidesDE #Vote
@BSidesDE "" #BSidesDE #Vote
@BSidesDE "" #BSidesDE #Vote
@BSidesDE "" #BSidesDE #Vote
@BSidesDE "" #BSidesDE #Vote
@BSidesDE "" #BSidesDE #Vote
@BSidesDE "" #BSidesDE #Vote
@BSidesDE "" #BSidesDE #Vote
@BSidesDE "" #BSidesDE #Vote
@BSidesDE "" #BSidesDE #Vote
@BSidesDE "" #BSidesDE #Vote