{"$schema": "https://c3voc.de/schedule/schema.json", "generator": {"name": "pretalx", "version": "2026.1.1"}, "schedule": {"url": "https://pretalx.com/bsides-birmingham-2023/schedule/", "version": "0.7", "base_url": "https://pretalx.com", "conference": {"acronym": "bsides-birmingham-2023", "title": "BSides Birmingham 2023", "start": "2023-10-28", "end": "2023-10-28", "daysCount": 1, "timeslot_duration": "00:05", "time_zone_name": "US/Central", "colors": {"primary": "#7987AA"}, "rooms": [{"name": "Lobby", "slug": "2454-lobby", "guid": "e3fcf3b8-8a48-5ef8-9599-0d3c2e23ed06", "description": "Across from Ballrooms and outside of Alumni Theater", "capacity": null}, {"name": "Alumni Theater", "slug": "2422-alumni-theater", "guid": "3fd2561c-6ea7-519d-a94b-0cdf1bad080e", "description": null, "capacity": 276}, {"name": "Ballroom D", "slug": "2506-ballroom-d", "guid": "ee8268b1-b59f-56a2-8caa-aa4907516232", "description": "Second Track", "capacity": 48}, {"name": "Ballroom C", "slug": "2423-ballroom-c", "guid": "2471ce04-98c5-5c82-8fde-2cf4f665fcfc", "description": "CTF Event Space", "capacity": 30}, {"name": "Room 314", "slug": "2592-room-314", "guid": "0f45bd5d-8e75-50e3-a25d-7e70ec1661d5", "description": "Mock Interview/Resume Review Village", "capacity": 10}, {"name": "Room 316", "slug": "2588-room-316", "guid": "0d34eaad-1588-5adc-88e0-278debdfea18", "description": "Tabletop Village", "capacity": 25}], "tracks": [{"name": "Villages", "slug": "4214-villages", "color": "#1225D1"}], "days": [{"index": 1, "date": "2023-10-28", "day_start": "2023-10-28T04:00:00-05:00", "day_end": "2023-10-29T03:59:00-05:00", "rooms": {"Alumni Theater": [{"guid": "49380664-5144-553b-81ea-2ca267301a3f", "code": "9CZ3UQ", "id": 38460, "logo": null, "date": "2023-10-28T09:15:00-05:00", "start": "09:15", "duration": "00:45", "room": "Alumni Theater", "slug": "bsides-birmingham-2023-38460-keynote-the-digital-architects-of-tomorrow-the-crucial-role-of-high-school-graduates-in-information-technology", "url": "https://pretalx.com/bsides-birmingham-2023/talk/9CZ3UQ/", "title": "KEYNOTE: The Digital Architects of Tomorrow: The Crucial Role of High School Graduates in Information Technology", "subtitle": "", "track": null, "type": "Regular Talk", "language": "en", "abstract": "The Digital Architects of Tomorrow: The Crucial Role of High School Graduates in Information Technology - High school and college kids are a demographic that has amazing raw talent that we will lose if we don't engage them.", "description": "This will be a talk on the importance of giving this younger generation a chance out of high school. I have such talent and no one seems to get past the \"all eighteen year olds are lazy\" mentality. I'm teaching college classes as well now and there's yet another talent pool that no one pulls from. These kids are the next generation and if we don't engage them they will be lost and who will fill our shoes. \r\n\r\nI will hopefully open the minds of the audience to thinking outside societies' norm about these kids. They have amazing raw talent and can be molded into whatever role is needed.  Most of them come from below the poverty line in a very rural area and they are hungry to have a better life.", "recording_license": "", "do_not_record": false, "persons": [{"code": "EUC7AB", "name": "Gabe Lee", "avatar": "https://pretalx.com/media/avatars/EUC7AB_x6ZdBwp.webp", "biography": "Information Technology instructor at Eden Career Technical Center, St. Clair County Schools", "public_name": "Gabe Lee", "guid": "031bfdd1-2945-5ba9-a010-913faff5a4fc", "url": "https://pretalx.com/bsides-birmingham-2023/speaker/EUC7AB/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-birmingham-2023/talk/9CZ3UQ/feedback/", "origin_url": "https://pretalx.com/bsides-birmingham-2023/talk/9CZ3UQ/", "attachments": []}, {"guid": "1d4904c2-dfec-5b52-b2c9-6975a8950bfa", "code": "8FFHUU", "id": 36889, "logo": null, "date": "2023-10-28T10:00:00-05:00", "start": "10:00", "duration": "00:50", "room": "Alumni Theater", "slug": "bsides-birmingham-2023-36889-next-generation-malware-rootkits-and-bootkits", "url": "https://pretalx.com/bsides-birmingham-2023/talk/8FFHUU/", "title": "Next Generation Malware: Rootkits and Bootkits", "subtitle": "", "track": null, "type": "Regular Talk", "language": "en", "abstract": "Rootkits, malware embedded in the kernel, and bootkits, malware embedded in pre boot environment, are an interesting, but extremely dangerous set of malware classes that are on the rise.  In this talk, we will look into why these kinds of malware are becoming more popular, what damage can be done in the privilege context they execute in, and what kinds of mitigations exist to prevent system damage.", "description": "In the recent past, it was relatively easy for malware authors to develop user mode malware to achieve their goals.  There were few exploit mitigations to protect applications, applications were riddled with bugs to be exploited, and once initial access was gained, there was hardly any monitoring capabilities to detect its presence. Nowadays, modern operating system have loads of user mode protections such as DEP, ASLR, CFG, and more. If we assume that a malware sample is able to bypass all active mitigations, operating systems lock down an application's access, and anti-viruses analyze every applications' move. Thus, leading to decreased impact and almost immediate detection. This has motivated malware writers create rootkits: malicious code that runs in the kernel. By running in kernel mode, malware enjoys more implicit trust, and anti-viruses are not as well suited to enforcing security policy.  In some cases malware may require increased stealth which has led people to create bootkits: malware that runs in an early boot environment where no operating system is active.\r\n\r\nIn this talk, we will explore why malware authors are developing rootkits and bootkits despite the incredible difficulty, what kinds of powers malware running at these elevated levels possess, and where things can go wrong in these precarious positions.", "recording_license": "", "do_not_record": false, "persons": [{"code": "ZHUXVQ", "name": "Justin Lewis", "avatar": "https://pretalx.com/media/avatars/ZHUXVQ_dP2DjaD.webp", "biography": "Justin Lewis is a Software Engineer at CrowdStrike working on the endpoint sensor both in the kernel and in user mode.  Before that Justin worked at Horne Cyber writing ransomware simulations.", "public_name": "Justin Lewis", "guid": "2f423459-606e-5f21-8945-bf754b3aba23", "url": "https://pretalx.com/bsides-birmingham-2023/speaker/ZHUXVQ/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-birmingham-2023/talk/8FFHUU/feedback/", "origin_url": "https://pretalx.com/bsides-birmingham-2023/talk/8FFHUU/", "attachments": []}, {"guid": "709facbf-61e9-5794-85dc-3fa6637c3554", "code": "VGETJQ", "id": 36877, "logo": null, "date": "2023-10-28T11:00:00-05:00", "start": "11:00", "duration": "00:50", "room": "Alumni Theater", "slug": "bsides-birmingham-2023-36877-insecure-oauth-configurations-found-in-the-wild", "url": "https://pretalx.com/bsides-birmingham-2023/talk/VGETJQ/", "title": "Insecure OAuth configurations found in the wild", "subtitle": "", "track": null, "type": "Regular Talk", "language": "en", "abstract": "The majority of smart home solutions begin with downloading a mobile app to manage the smart home products. The mobile apps controlling the smart homes may provide convenience to quickly manage the security camera, garage door, house alarm, etc. However, do they hold up against modern malicious actors?", "description": "The majority of smart home solutions begin with downloading a mobile app to manage the smart home products. The mobile apps controlling the smart homes may provide convenience to quickly manage the security camera, garage door, house alarm, etc. However, do they hold up against modern malicious actors?\r\n\r\nWe can confirm the security of these mobile apps with open source tools to guide our security testing. Just as metasploit brought us convenience in security testing, we now have mobile security testing tools like MobSF, Genymotion, Burp Suite, Postman, JADX, APKLeaks, etc.\r\n\r\nIn this presentation, I will outline a process to utilize the various tools to evaluate smart home products. I will review the process and details discovered during my testing of the smart home products in my house.\r\n\r\nThis presentation will focus on mobile apps as well as the APIs involved. API security testing requires more custom testing. We have some automated testing features but there is plenty of hunting needed for API testing.", "recording_license": "", "do_not_record": false, "persons": [{"code": "LUTAE7", "name": "Joey White", "avatar": "https://pretalx.com/media/avatars/LUTAE7_VvC0oCJ.webp", "biography": "Started IT career in 1990s teaching grandparents to use email and Word. Graduated from FHSU with a networking degree in 2003. Went through Sprint\u2019s internship program. Because of my networking background, I was provided the opportunity to deploy firewalls while working at Payless Shoe Source, which provided the path to InfoSec. For the last 16 years, I have worked at Blue Cross and Blue Shield of Kansas. Today, I balance multiple roles: Security Architect, Enterprise Architect, and AppSec team member, and I volunteer with IETF and ARIN.", "public_name": "Joey White", "guid": "0f073c60-2002-5875-b173-e2f016bb69fe", "url": "https://pretalx.com/bsides-birmingham-2023/speaker/LUTAE7/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-birmingham-2023/talk/VGETJQ/feedback/", "origin_url": "https://pretalx.com/bsides-birmingham-2023/talk/VGETJQ/", "attachments": []}, {"guid": "50d637d0-2cf1-5095-a8f4-b1654ed523a0", "code": "TQLTGX", "id": 37124, "logo": null, "date": "2023-10-28T13:00:00-05:00", "start": "13:00", "duration": "00:50", "room": "Alumni Theater", "slug": "bsides-birmingham-2023-37124-sliver-me-timbers-a-c2-alternative-to-cobalt-strike", "url": "https://pretalx.com/bsides-birmingham-2023/talk/TQLTGX/", "title": "Sliver Me Timbers: A C2 Alternative to Cobalt Strike", "subtitle": "", "track": null, "type": "Regular Talk", "language": "en", "abstract": "Cobalt Strike is the go-to C2 framework for security professionals and cyber criminal. Cobalt Strike's popularity has come at a cost to red teamers. It has become heavily signatured and requires a lot of customization to bypass a competent blue team.", "description": "Cobalt Strike is an excellent C2 framework, but it is not always accessible for everyone to use. Plus, the required customization to bypass modern security tools can be a high barrier to entry for most folks. Sliver is an excellent alternative to Cobalt Strike and is free. This will be mainly a technical presentation on the ins and outs of Sliver. It will briefly touch on EDR evasion but we won't get into great detail. It will  cover some advanced features of Sliver to help make it an ideal tool for both red and blue teams to use in their environments. \r\n\r\nThe goal is to have the audience walk away with a better understanding of Sliver and how to do some basic testing of Sliver.", "recording_license": "", "do_not_record": false, "persons": [{"code": "DYMC3U", "name": "Steven Peterson", "avatar": "https://pretalx.com/media/avatars/DYMC3U_rKkGCcM.webp", "biography": "Founder and Chief Hacking Officer of White Box Security. Steven is a seasoned veteran of the network security space with over 17 years of experience in both offensive and defensive roles. Steven has been focused on penetration testing and red teaming for over a decade.", "public_name": "Steven Peterson", "guid": "9b4c955b-afa0-5df9-bd3a-1b4a8373cccb", "url": "https://pretalx.com/bsides-birmingham-2023/speaker/DYMC3U/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-birmingham-2023/talk/TQLTGX/feedback/", "origin_url": "https://pretalx.com/bsides-birmingham-2023/talk/TQLTGX/", "attachments": []}, {"guid": "db116c8a-7561-5a8c-9c56-3d50b4f3b043", "code": "YJ7DLM", "id": 37111, "logo": null, "date": "2023-10-28T14:00:00-05:00", "start": "14:00", "duration": "00:50", "room": "Alumni Theater", "slug": "bsides-birmingham-2023-37111-rethinking-penetration-testing", "url": "https://pretalx.com/bsides-birmingham-2023/talk/YJ7DLM/", "title": "Rethinking Penetration Testing", "subtitle": "", "track": null, "type": "Regular Talk", "language": "en", "abstract": "The current model for traditional penetration testing is broken.  Find out the difference between red and purple teams, assumed breach testing, and how to choose the right test to maximize impact.", "description": "I believe current model for traditional penetration testing is broken. The typical scan and exploit model doesn\u2019t reflect how real attackers operate after establishing a foothold. Many organizations aren\u2019t mature enough to need or benefit from a proper red team assessment. Organizations are often unsure how to approach a Purple Team.\r\n\r\nIn this talk, I\u2019ll discuss some of the differences between red teaming, assumed breach testing, and purple teams, highlight the strengths and shortcomings of each, provide guidance to help organizations understand which test is right for them, and provide questions they should be asking themselves and their consultants during the initial contact and scoping phases.", "recording_license": "", "do_not_record": false, "persons": [{"code": "AZTUVE", "name": "Mike Saunders", "avatar": "https://pretalx.com/media/avatars/AZTUVE_x8LTAg0.webp", "biography": "Mike Saunders (@hardwaterhacker) is Red Siege Information Security's Principal Consultant. Mike has over 25 years of IT and security expertise, having worked in the ISP, banking, insurance, and agriculture businesses. Mike gained knowledge in a range of roles throughout his career, including system and network administration, development, and security architecture. Mike is a Black Hat Trainer and is a highly regarded and experienced international speaker with notable cybersecurity talks at conferences such as DerbyCon, Circle City Con, NorthSec, SANS Enterprise Summit, the NDSU Cyber Security Conference, in addition to having more than a decade of experience as a penetration tester. You can find Mike's in-depth technical blogs and tool releases online and learn from his several offensive and defensive-focused SiegeCasts. He has been a member of the NCCCDC Red Team on several occasions and is the Premier Red Team Operator for Red Siege Information Security.", "public_name": "Mike Saunders", "guid": "c6689194-d1f2-5abf-b9cb-a220a4fa4cd1", "url": "https://pretalx.com/bsides-birmingham-2023/speaker/AZTUVE/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-birmingham-2023/talk/YJ7DLM/feedback/", "origin_url": "https://pretalx.com/bsides-birmingham-2023/talk/YJ7DLM/", "attachments": []}], "Ballroom D": [{"guid": "d0a6f0a5-7785-537a-b479-88e78d367935", "code": "W3RJQL", "id": 37356, "logo": null, "date": "2023-10-28T10:00:00-05:00", "start": "10:00", "duration": "00:50", "room": "Ballroom D", "slug": "bsides-birmingham-2023-37356-match-your-cloud-security-and-architecture-to-your-business-environment", "url": "https://pretalx.com/bsides-birmingham-2023/talk/W3RJQL/", "title": "Match your cloud security and architecture to your business environment", "subtitle": "", "track": null, "type": "Regular Talk", "language": "en", "abstract": "If security is such an absolute requirement, and if AWS makes it so easy to build secure systems, why don't all companies build secure systems? What is it about companies, the stage lifecycle that they are in, that makes one company choose one architecture over other? What are the trade-offs associated with architectures on the cloud? When you build a secure system, what would you have to give up in return? This talk will discuss the various architectural tools and patterns that you could follow on AWS while building a secure, scalable system.", "description": "In this talk, you\u2019ll learn to leverage architectural patterns to gain the most from AWS and build scalable, secure, and performant data systems. Assess the effectiveness and cost-efficiency of your system by interpreting vital signs. I'll discuss various architectures focusing on security, scalability, and availability. This informative presentation is suitable for individuals of all expertise levels. Real-world examples will bring the concepts to life, and I'll touch on the various trade-offs you will make. Rather than fixating solely on technological perfection, I will underscore the significance of evaluating a range of business outcomes.\r\n\r\nExplore the utilization of the right architectural patterns to optimize the capabilities of AWS and construct data systems that are reliable, and efficient. Acquire the skills to decipher key indicators that measure system performance and cost-efficiency. I will delve into diverse architectures specifically emphasizing availability, scalability, and security. This informative presentation is suitable for individuals of all expertise levels. Practical illustrations from real-world scenarios will animate the concepts and highlight the inevitable trade-offs you will encounter. Rather than fixating solely on technological perfection, I will underscore the significance of evaluating various business outcomes.", "recording_license": "", "do_not_record": false, "persons": [{"code": "H3GSPV", "name": "Gaurav Ravindra Raje", "avatar": null, "biography": "With over 15 years in software architecture, Gaurav specializes in creating secure, high-availability applications. He authored the book \"Security and Microservice Architecture on AWS\" (O'Reilly, 2021) and has contributed to the AWS Certified Database Specialty Exam. Gaurav also authored the SHA-224 package for Jython. He is passionate about combining business value with technical excellence. He holds an MBA from NYU Stern School of Business and a Master's in Computer Science from RIT, blending business acumen with technical prowess. He's nearing completion of his Doctorate in International Business from Rutgers, reinforcing his commitment to lifelong learning.", "public_name": "Gaurav Ravindra Raje", "guid": "7a0ca804-f52e-51b9-b4cf-487bb876de12", "url": "https://pretalx.com/bsides-birmingham-2023/speaker/H3GSPV/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-birmingham-2023/talk/W3RJQL/feedback/", "origin_url": "https://pretalx.com/bsides-birmingham-2023/talk/W3RJQL/", "attachments": []}, {"guid": "91f7dfff-037e-5a6c-95ba-08af8552dbab", "code": "AD7NE7", "id": 37428, "logo": null, "date": "2023-10-28T11:00:00-05:00", "start": "11:00", "duration": "00:50", "room": "Ballroom D", "slug": "bsides-birmingham-2023-37428-secure-for-sea-designing-and-deploying-security-operations-and-network-operations-in-a-mobile-limited-bandwidth-maritime-environment", "url": "https://pretalx.com/bsides-birmingham-2023/talk/AD7NE7/", "title": "Secure for Sea: Designing and Deploying Security Operations and Network Operations in a Mobile, Limited Bandwidth Maritime Environment", "subtitle": "", "track": null, "type": "Regular Talk", "language": "en", "abstract": "The speakers will discuss the challenges and solutions of deploying monitoring, detection, response, containment, and notification for commercial and government ships, including recent deployments that achieved governmental Authority to Operate (ATO).  We will cover the handling of OT systems, including policies and procedures for governmental ATO.", "description": "Achieving an Authority to Operate and deploying a SOC/NOC and security solutions in government, commercial, and hybrid-environment ships has numerous intricacies and potential pitfalls. The MAD Maritime Team will provide a holistic overview of how to approach the policies, procedures, technical architecture, implementation, and monitoring of maritime systems in a global maritime environment that presents problems such as bandwidth limitations, switching between multiple WAN/transport paths, and optimizing alerts and logs to minimize and prioritize traffic over satellite communications. They will provide recent examples and an overview of their lab environment that simulates difficult conditions and resulted in the assurance that deployed systems would meet all security and availability requirements. We will also discuss multi-factor authentication considerations and solutions for the shipboard environment, which normally lacks cellular capability and requires novel solutions.", "recording_license": "", "do_not_record": false, "persons": [{"code": "Q7AVCZ", "name": "Brad Proctor", "avatar": "https://pretalx.com/media/avatars/Q7AVCZ_V488gMR.webp", "biography": "Brad has 20 years of experience in the IT and Cybersecurity industries with extensive IT operations experience. Recently, Brad served as the project manager for an effort to set up a SOC and NOC for maritime vessels as part of the MAD Maritime team. Before MAD, Brad worked as an IT Manager for a defense contractor responsible for implementing compliance requirements, including CMMC. Brad spent 10 years in the MSP industry, where his vast IT operations experience was used to perform the technical implementation of cybersecurity requirements for a multitude of different operating environments. Brad brings all this experience to help defense contractors navigate the complex regulations and ever-changing cybersecurity landscape. He is a CISSP and Registered Practitioner with the Cyber AB, and holds numerous CompTIA, Microsoft, and Apple certifications.", "public_name": "Brad Proctor", "guid": "baf041d8-2624-5a89-950a-99eeed1e8a20", "url": "https://pretalx.com/bsides-birmingham-2023/speaker/Q7AVCZ/"}, {"code": "PAGJU7", "name": "Danny Joslin", "avatar": null, "biography": null, "public_name": "Danny Joslin", "guid": "bf568eb5-90bf-526a-a2b8-b67dea125a26", "url": "https://pretalx.com/bsides-birmingham-2023/speaker/PAGJU7/"}, {"code": "NRAHZH", "name": "Peter Dreyer", "avatar": null, "biography": null, "public_name": "Peter Dreyer", "guid": "9faf9541-ce04-5e47-b1a6-512416943846", "url": "https://pretalx.com/bsides-birmingham-2023/speaker/NRAHZH/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-birmingham-2023/talk/AD7NE7/feedback/", "origin_url": "https://pretalx.com/bsides-birmingham-2023/talk/AD7NE7/", "attachments": []}, {"guid": "5de969c3-ed86-5b68-9d26-9fd046c20517", "code": "X8GWS9", "id": 37525, "logo": null, "date": "2023-10-28T13:00:00-05:00", "start": "13:00", "duration": "00:50", "room": "Ballroom D", "slug": "bsides-birmingham-2023-37525-big-game-hunting-scanning-the-internet-for-malware", "url": "https://pretalx.com/bsides-birmingham-2023/talk/X8GWS9/", "title": "Big Game Hunting: Scanning the Internet for Malware", "subtitle": "", "track": null, "type": "Regular Talk", "language": "en", "abstract": "In the ever-evolving landscape of cybersecurity, the hunt for malicious actors and their infrastructure is a relentless pursuit. In our experience, most of known-bad infrastructure is derived from endpoint or firewall alerts, and reported either during or after an attack. This presentation delves into the fascinating world of proactively scanning the internet to uncover malware Command and Control (C2) servers. We will shed light on the \"why,\" \"how,\" and the invaluable results achieved through these endeavors.", "description": "Our talk will showcase the techniques employed in actively scanning for malware, including the associated challenges and intricacies. We will demonstrate, with real-world examples, how this proactive approach grants us unique insights into attacker infrastructure, often before it becomes operational. By showcasing examples involving well-known malware strains and even Advanced Persistent Threat (APT) actors, we will illustrate the tangible benefits of this approach.\r\n\r\nThe talk begins with an overview of malware C2 architectures and technologies. We will also discuss what public research has already been done in this field, and show how we have improved upon it. This provides the basis for understanding how it is possible to scan for malware and why certain techniques work while others do not. With the foundations established, we then discuss the actual techniques which have been used to scan for web shells, commodity malware, as well as custom APT malware. After demonstrating the techniques and real-world examples, we will conclude with the technical challenges we encountered, providing insight to defenders on which signatures and policies are best used to detect and stop C2 traffic.", "recording_license": "", "do_not_record": false, "persons": [{"code": "BFSTDG", "name": "Skyler Onken", "avatar": null, "biography": "Skyler Onken has been in the tech and security industry since 2003. He began as a Data Warehousing Engineer, but quickly found an interest in security by working as a Web Application Security Tester. Skyler's passion and empty pockets led him to beg and sneak his way into Black Hat where he became hooked and a lifelong hacker. After gaining an undergraduate degree, Skyler commissioned into the US Army as a Military Intelligence, and then Cyberspace Operations, officer. Skyler spent over 10 years in the Army working with the Department of Defense and United States Cyber Command (USCC). He served in various leadership and management positions, while simultaneously fulfilling technical roles like capability developer, and offensive operator. Most impactful from this service was his experience as a Mission Director for the Cyber National Mission Force, Director of the Joint Mission Operations Center - Georgia, and Master Operator for USCC and Joint Force Headquarters - Army. \r\n\r\nSkyler is currently a Senior Principal Cyber Research Engineer at Palo Alto Networks, and an Army Reservist. He has a B.S in Computer Information Technology, and a M.S in Applied Computer Science. He holds a number of security certifications to include the OSCP, OSCE, GXPEN, GREM, and CISSP. He volunteers as member of the Association of U.S. Cyber Forces policy team working on legislation for the establishment of a U.S cyber service.", "public_name": "Skyler Onken", "guid": "2d7aa8dc-0891-5a62-8bf4-fe10d637ef4a", "url": "https://pretalx.com/bsides-birmingham-2023/speaker/BFSTDG/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-birmingham-2023/talk/X8GWS9/feedback/", "origin_url": "https://pretalx.com/bsides-birmingham-2023/talk/X8GWS9/", "attachments": []}, {"guid": "fe793463-ebb9-5a81-bb9d-ab2c59ba18ee", "code": "ULLGDP", "id": 38509, "logo": null, "date": "2023-10-28T14:00:00-05:00", "start": "14:00", "duration": "00:50", "room": "Ballroom D", "slug": "bsides-birmingham-2023-38509-securing-and-managing-the-open-source-supply-chain", "url": "https://pretalx.com/bsides-birmingham-2023/talk/ULLGDP/", "title": "Securing and Managing the Open-Source Supply Chain", "subtitle": "", "track": null, "type": "Regular Talk", "language": "en", "abstract": "There's no denying that we'll continue to face security breaches reminiscent of those affecting Solarwinds, Log4J, and Kaseya, and vulnerabilities in open-source components like Apache Struts and OpenSSL. Software supply chain threats are now an established part of the tech landscape, encompassing both deliberate attacks and unforeseen accidents. The real puzzle here is how IT leaders can stay proactive in addressing these threats. How can CIOs empower their development teams without inadvertently introducing new security flaws? How can they mend critical code issues in systems the organization might not even know exist, all while ensuring a harmonious balance between security and productivity?", "description": "In this presentation, we will discuss:\r\nReal world supply chain attacks from a penetration tester\r\nHow to take stock of the many open-source components in your code\r\nWhat a software bill of materials can and can\u2019t do\r\nWhat tools can help identify vulnerabilities and integrate into development workflows\r\nWhere automation can help", "recording_license": "", "do_not_record": false, "persons": [{"code": "MZGHRQ", "name": "Darrius Robinson", "avatar": "https://pretalx.com/media/avatars/MZGHRQ_X3xo6OQ.webp", "biography": "Darrius Robinson, CISSP, is an accomplished Penetration Tester at SecurIT360, boasting an impressive 8-year background in the realms of Information Security and Information Technology. Hailing from Birmingham, his journey into the world of pen testing was ignited when he harnessed the power of Burpsuite to explore the Tesla API and even crafted a web application that granted others the ability to control his car. His fervor extends beyond technology to the development of both web applications and individuals.\r\n\r\nBeyond his professional role in pen testing, Darrius takes on a significant role as the Red Team Program Director at the non-profit organization, Black in Cyber Security (B.I.C). In this capacity, he has orchestrated a Red Team Training Program, designed to guide and empower aspiring professionals to obtain essential certifications and connect them with prospective employers. Darrius' dedication to enhancing cybersecurity and fostering the growth of others underscores his profound commitment to the field.", "public_name": "Darrius Robinson", "guid": "27ff6429-d040-5bda-9670-2e537c5cbb1d", "url": "https://pretalx.com/bsides-birmingham-2023/speaker/MZGHRQ/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-birmingham-2023/talk/ULLGDP/feedback/", "origin_url": "https://pretalx.com/bsides-birmingham-2023/talk/ULLGDP/", "attachments": []}, {"guid": "2326e19b-960d-59b9-8b91-95deb082570f", "code": "89FD9Y", "id": 37652, "logo": null, "date": "2023-10-28T15:00:00-05:00", "start": "15:00", "duration": "00:20", "room": "Ballroom D", "slug": "bsides-birmingham-2023-37652-cloud-misconfigurations-and-breaches", "url": "https://pretalx.com/bsides-birmingham-2023/talk/89FD9Y/", "title": "Cloud Misconfigurations and Breaches", "subtitle": "", "track": null, "type": "Quick Talk", "language": "en", "abstract": "In this talk, I give an overview of different cloud misconfigurations that have led to a variety of breaches. I also discuss different remediation steps corresponding to each misconfiguration.", "description": "This talk deep dives into some of the biggest cloud-related breaches, such as Capital One, Uber 2016, Chegg, and many more. We also dive into the initial misconfigurations that allowed these attacks to happen some of which include, S3 Bucket Access issues, Poor Secrets Management, and Monitoring/Logging issues.", "recording_license": "", "do_not_record": false, "persons": [{"code": "SKEB7U", "name": "Mark Gaddy", "avatar": null, "biography": "Mark Gaddy recently graduated from the University of West Florida with a degree in Cyber Security. At the University of West Florida, Mark was President of the Cyber Security Club, competing in red and blue team competitions. Mark is the IT Director at Calvary Academy and is working towards doing more vulnerability research and gaining certifications in the offensive security space.", "public_name": "Mark Gaddy", "guid": "acfd0820-d238-57e0-a181-ac96c4b3a2ca", "url": "https://pretalx.com/bsides-birmingham-2023/speaker/SKEB7U/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-birmingham-2023/talk/89FD9Y/feedback/", "origin_url": "https://pretalx.com/bsides-birmingham-2023/talk/89FD9Y/", "attachments": []}], "Ballroom C": [{"guid": "d974e652-2260-5456-9af2-1a175267ef5a", "code": "RJK9KV", "id": 37718, "logo": null, "date": "2023-10-28T10:00:00-05:00", "start": "10:00", "duration": "05:20", "room": "Ballroom C", "slug": "bsides-birmingham-2023-37718-capture-the-flag-ctf-village", "url": "https://pretalx.com/bsides-birmingham-2023/talk/RJK9KV/", "title": "Capture the Flag (CTF) Village", "subtitle": "", "track": "Villages", "type": "Village", "language": "en", "abstract": "CTF Village", "description": "Capture the Flag contest/village - Please bring your own laptop to participate in this event.", "recording_license": "", "do_not_record": false, "persons": [{"code": "USRZB3", "name": "Packet Ninjas", "avatar": null, "biography": null, "public_name": "Packet Ninjas", "guid": "b364f6e1-c11a-542b-a423-aa91bba5fb59", "url": "https://pretalx.com/bsides-birmingham-2023/speaker/USRZB3/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-birmingham-2023/talk/RJK9KV/feedback/", "origin_url": "https://pretalx.com/bsides-birmingham-2023/talk/RJK9KV/", "attachments": []}], "Room 314": [{"guid": "2b48a33e-8cad-5e80-a4da-e3d71d51d7b8", "code": "D8GJAP", "id": 38291, "logo": null, "date": "2023-10-28T10:00:00-05:00", "start": "10:00", "duration": "02:30", "room": "Room 314", "slug": "bsides-birmingham-2023-38291-mock-interview-resume-review-village", "url": "https://pretalx.com/bsides-birmingham-2023/talk/D8GJAP/", "title": "Mock Interview/Resume Review Village", "subtitle": "", "track": "Villages", "type": "Village", "language": "en", "abstract": "Recruiters from APT will conduct mock interviews and review resumes", "description": "Recruiters from APT will conduct mock interviews and review resumes.  First come, first served.", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/bsides-birmingham-2023/talk/D8GJAP/feedback/", "origin_url": "https://pretalx.com/bsides-birmingham-2023/talk/D8GJAP/", "attachments": []}], "Room 316": [{"guid": "377d92c1-9403-5938-8e27-58ebd8c2201f", "code": "GYPEQC", "id": 38236, "logo": null, "date": "2023-10-28T10:00:00-05:00", "start": "10:00", "duration": "05:20", "room": "Room 316", "slug": "bsides-birmingham-2023-38236-tabletop-village", "url": "https://pretalx.com/bsides-birmingham-2023/talk/GYPEQC/", "title": "Tabletop Village", "subtitle": "", "track": "Villages", "type": "Village", "language": "en", "abstract": "Join us at our Incident Tabletop Village! Dive deep into real-world security scenarios with \"Backdoors and Breaches\" by Black Hills Information Security.", "description": "Whether you're a seasoned pro or just dipping your toes in, this is a unique chance to strategize, collaborate, and learn from real incidents. Test your skills, learn from your peers, and get a feel for the critical decisions made during a breach that will help you improve your detection and response capabilities.", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/bsides-birmingham-2023/talk/GYPEQC/feedback/", "origin_url": "https://pretalx.com/bsides-birmingham-2023/talk/GYPEQC/", "attachments": []}]}}]}}}