BSides Birmingham 2024

Keynote

Bryan L Singer

Join Bryan Singer, a leading expert in industrial cybersecurity, as he unveils shifting trends in threats to critical infrastructure and real world stories and strategies from the front lines in incident response!

10:00

330min

Capture the Flag Contest

CTF Contest

318 - CTF

10:00

Giving the next generation a chance

Gabe Lee

Technology is the backbone of our society, and our future depends on those who can continue its innovation. Students emerging from High School have developed along with technology, being highly adaptive, each emerging from widely diverse backgrounds, and having various viewpoints for problem resolutions. Their determined presence is crucial to fill the demand gap and guide them for a brighter tomorrow.

11:00

Veilid- the privacy we should have had all along

Katelyn Bowden

In 2023, cDc launched an open source, distributed p2p app framework called Veilid. Since then, we’ve released the beta of our first app built on the network, VeilidChat. What is Veilid, and how does it work? Why does this project matter? I’ll be answering those questions, and talk about how we ALL can build ways to communicate that aren’t someone’s revenue source.

12:00

30min

Lunch

Lobby

12:30

20min

ADS-B On a budget

Seth Thompson

A Talk about how to cheaply make an ADS-B rig to receive airplane locations and a free $500 a year subscription to flightradar24.com

Breaking the Entry Level Security Barrier

13:00

20min

Rhomanie Taylor

A brief overview of the personality traits and skills needed to break into cybersecurity. Things past the grit, determination, and knowledge. During this talk, we will discuss what I think are the traits and attributes necessary to cross the daunting threshold of an entry-level role.

13:30

Evilginx Unveiled: Understanding and Mitigating Modern Phishing Attacks

Kierston Grantham

In an era where phishing attacks are becoming increasingly sophisticated, tools like Evilginx pose significant threats to organizations and individuals alike. This presentation delves into the inner workings of Evilginx, a popular man-in-the-middle proxy service used by attackers to bypass multi-factor authentication and harvest credentials. Through a hands-on exploration, I will demonstrate how Evilginx operates, discuss its implications for cybersecurity, and offer actionable mitigation strategies that defenders can implement to protect their networks. Attendees will gain a deeper understanding of how attackers exploit this tool and leave with practical knowledge to enhance their defensive measures.

14:30

Booting and Boot Security 101

Justin Lewis

The boot process is the earliest point in a computer's lifecycle. As the OS has significantly increased its security posture, the boot phase has become a more attractive infection vector despite it being more platform dependent and potential for system bricking. The boot process is not as well documented in literature as compared to other technical pieces of computing systems which can make the whole process and the threats surrounding it feel like black magic. This talk intends to guide the audience through the history of booting to explain how we got here and the security posture of booting starting at (1) BIOS, (2) the advent of UEFI, and (3) UEFI extensions such as secure boot.

15:30

Security First: An operational approach to achieve and maintain compliance

Brad Proctor

With the ever-increasing regulatory requirements for cybersecurity, the phrase “it’s for compliance” has become cliche and has lost its meaning.