Security BSides Las Vegas 2024 Call For Papers
BSides LV is accepting submissions for the following tracks at this time:
Proving Ground (for new speakers looking to be mentored)
Proving Ground Mentors (for mentors volunteering to help new speakers)
The deadline to submit proposals for PG speakers and mentors is March 3rd.
Responses and mentor pairings for PG speakers will go out by April 21rst.
Our General CFP for all other tracks will open on March 4th, and closes on April 21rst.
The BSidesLV Proving Ground program exists in order to give first-time speakers the opportunity to work with a seasoned industry professional to improve their public speaking skills, with the end goal of presenting their research on a global stage at BSidesLV. All accepted speakers spend 4 months working with an experienced mentor who will assist them with everything from talking points to slide layout, design, and delivery prior to giving their talk in Las Vegas.
Proving Ground will consider any speaker who has original research and has never presented a 25-minute or longer presentation at an international information security conference*.
Proving Ground mentors should have at least 3 years of experience in the information security industry, and should have successfully delivered at least one full-length presentation at an international information security conference. Extensive professional experience with public speaking, such as teaching, in-person training, or public lectures/speeches will also qualify.
The Proving Ground program considers “international information security conferences” to be any multi-day conference that
- makes conference recordings available online, and
- has 1,000 or more attendees.
Examples include Black Hat USA, DEF CON, Shmoocon, etc.
Each accepted speaker and mentor will be provided with:
- All speaker amenities at BsidesLV (including breakfast and lunch on both days of the conference)
- A BSidesLV Proving Ground program t-shirt
- A conference badge that will identify them as a part of the Proving Ground program
- An extra conference badge for a friend
Proving Ground Participant Roles & Responsibility
Participants in the Proving Ground program agree to undertake the following responsibilities as a condition of their participation in the program:
1.Work with and without your mentor to develop content and delivery of your talk, including:
a. Meeting on a weekly basis between April and August
b. Developing relevant, understandable, and engaging slides
c. Practicing your talk both with your mentor and on your own
2. Provide feedback to the Proving Ground Directors as necessary
3. Escalate issues as outlined in the ‘Conflict Resolution Policy’ below
4. Be present at BSidesLV in order to deliver your 25 min (including Q&A) talk
- Work with your speaker to improve the content and delivery of their talk, including:
a. Meeting on a weekly basis between April and August
b. Providing relevant and timely feedback
c. Suggesting resources (books, articles, recorded talks) that might help with content development and delivery
- Provide feedback to the Proving Ground Directors as necessary
- Escalate issues as outlined in the ‘Conflict Resolution Policy’ below
- Be present at BSidesLV in order to attend your speaker’s 25 minute talk
These are the minimum responsibilities expected of of all participants, and failure to fulfill these responsibilities could lead to removal from the Proving Ground program and/or denial of future participation in the program.
Conflict Resolution Policy
Conflict is defined as any situation where one or both parties have a difference due to inability to come to agreement or work collaboratively on the delivery of a talk (this could be due to personality differences, schedule conflicts, etc.).
While we ask the first step to be to raise the concern with your mentor/speaker, we realize that is not always possible, and that resolution may not be possible. If the issue can not be discussed or a satisfactory resolution is not possible, it must be brought to the attention of the Proving Ground directors. Once it is brought to the directors’ attention, they will follow our BSides LV PG mediation process in order to obtain the most positive outcome possible for the speaker, the conference, and our participants.
Example Speaker Submission:
Hacking Holograms: How to secure our security blankets
First Name: Jean-Luc
Last Name: Picardo
Organization: Concerned Citizen
Twitter Handle: @EMH2-FAKESUBMISSION
Phone Number: 212-555-4240
(Optional) Preferred Pronouns: Captain/My Captain/Sir
Jean-Luc (aka Nacho Man Tandy SVG) is jack of many trades and master of none, well maybe just one: Hologram hacking. Jean has been doing security related things for nearly 10 years focusing on all things enterprise, from writing custom Nmap scripts, metasploit modules, BURP plugins, you name it he's done it. In the past 2 years he's taken a keen interest in the hologram security space and is aghast at what he's found. As is typical this over looked consumer (and military) space is rife with vulnerabilities and poorly understood threat models. Ever since Jean has taken it upon himself to raise awareness of the lack of security when it comes to holograms. In his spare time he enjoys 90's dubstep and home made beer.
Link to other talks:
The Galactic Federation estimates that 7.4 million emergency medical holograms will be installed on all space faring vessels by 2345. However, holograms are not only on Federation ships, they also exist in homes and around us as toys, companions, assistants and serve various roles in our daily lives. In this talk we will talk about our journey to secure intelligent holograms on a galactic level. This talk is designed to appeal to a spectrum of different audiences including hackers, developers, testers, consumers, manufacturers to understand the threats to their products and guide enterprises towards building security from the start.
This talk will cover the software stack, operating system, and supply chain security challenges, cyber attacks, as well as our strategy to mitigate threats from ground up. We will walk attendees through (via live demos) Hologram OS attacks, AI JVM decompilation, vulnerability hunting, and an example attack scenario, all using opensource tools developed by us or others in this space.
This talk has been developed over the past 2 years as a passion project of mine. Holograms aren’t going to go away, once the gates unlocked it was game over. The problem is, most of the companies making holograms aren’t keeping up with security best practices. through years of research we’ve identified multiple vulnerabilities in commercially available products used by millions of people. This talk will specifically cover reviewing the EMCORP Hologram version 2.781.9 released last year. Using opensource tools (listed below) that either I’ve written, or enhanced, or created by others. We’ll step through and explain how the holograms works from the bottom up including reviewing the Operating System (a Linux derivation), mapping the hologram on the network, how to decompile a hologram and what to look for from an attacker standpoint (SQLi, malformed input, etc) then we’ll cover how to write a module to turn a hologram in to an always on listening device that forwards any and all audio to an AWS bucket we browse live during the session to show the sounds our hologram, in our hotel room with the TV on, picked up and sent to our bucket.
Also, the demos will be live, but i’ll pre-record them before coming in incase anything goes wrong.
– AI OS Exploit finder: https://github.com/faketool/AIOSEF
– AI JVM Decompiler: https://gaggle.com/decompilation
– Python scripts (small and varied): https://gist.github.com/AISUCKS/
– Custom code (attached) – malicious always on listener
– White paper: https://whitepaper.com/AIOSVULNS.PDF
– Hologram CIS Benchmarks: https://fakesite.com/HOLOCIS
– AppScan Hologram Plugin: https://blog.cybercompany.com/holo_appscan
I intend to cover the following in the talk:
Intro – 5 Minutes
– Who we are
– How we got here
Holograms – 5 Minutes
– History of hologorams in starfleet
– Cyber issues in the news
– Evolution to todays market
Attacking Holograms – 25 Minutes
– The operating system
– LIVE DEMO – OS level attacks
– The software stack
– DEMO – Decompiling AI JVM using opensource
– DEMO – Finding obvious vulnerabilities
– LIVE DEMO – Example attack – Hologram always listens even when off
– Supply Chain attacks, how they work and examples
– Examples of JS repo’s being taken over
Protecting Holograms – 5 Minutes
– Mitigating OS level attacks (SE Linux discussion)
– Secure Code development using OWASP-AI
– Supply Chain Hardening/Trust
Review/Close/Thank You – 5 Minutes
– Where people can find more information
– Thanks/Kudos to previous researchers
– Extra power available for hologram in the room
– Internet for live demos
– Ability to project slides
Example Mentor Submission:
As a seasoned public speaker and public speaking coach, I'm qualified to assist the next round of speakers in preparing for B-Sides Las Vegas' Proving Ground. I have extensive experience in helping speakers develop their presentations, and a proven track record of ensuring that potentially controversial talks are delivered in a content-filled manner without unnecessary offense. I previously served as a mentor for the SANS Women's Cyber Talent Immersion Academy, helping students to learn about security and improve their presentation skills.
I'm passionate about helping others to effectively communicate and share their knowledge. I have a strong interest in teaching and have received positive feedback for the engaging and enjoyable nature of my presentations. I'm eager to serve as a mentor again for Proving Ground, and hope to share my passion for speaking and my knowledge of presentation techniques with someone breaking into the information security industry. I'm happy to work with anyone and I'm looking forward to learning something new in the process.
- "Phishing 101: Understanding the Threat Landscape" - BSidesLV 2011
- "Phishing Attack Simulation: Assessing Your Organization's Defenses" - BSides San Francisco 2012
- "Human Hacking: The Weakest Link in Information Security" - DEFCON 21
- "Phishing in the Cloud: Understanding and Defending Against New Threats" - RSA Conference 2016
- "Social Engineering in Cyber Espionage: State-Sponsored Attacks" - Black Hat Asia 2016
- "Phishing in the Digital Age: How to Protect Your Organization" - Infosecurity Europe 2017
- "Social Engineering for IT Security Professionals: Best Practices and Case Studies" - RSA Conference 2018
- "Phishing in the Financial Services Industry: A Growing Threat" - Infosecurity Europe 2018
- "Social Engineering for Cybersecurity Researchers: Advanced Techniques and Tools" - Black Hat Europe 2019
- "Social Engineering in the Remote Work Era: Addressing the Risks" - BSidesLV 2021
- "Phishing in the Post-Pandemic World: New Threats and Vulnerabilities" - ShmooCon 2023