BSides Austin 2018

 JJ Pickle Research Center | Austin, TX

 Speaking Engagement

 Visit Us at Our Booth

BSides is a community-driven framework for organizing and holding information security conferences, a concept that began in the US in 2009. Because the call for papers that year for Black Hat Vegas was oversubscribed, a number of quality speakers were rejected—not because of lack of quality but of lack of space and time. Those unable to present decided to hold their own conference on the “b side.”

Since then, many BSides events have been arranged in several countries throughout the world. BSides has come to be known as a conference by the community for the community. Events are generally inexpensive to attend and rely heavily on sponsorship to pay for the venue and other costs and are run as not-for-profit.

Because BSides events offer smaller, more intimate networking atmospheres and breakout discussions, they foster strong audience participation and overall group interaction. They create opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration.

Optiv will have three speaking sessions at BSides Austin.

Sniffair
Speakers: Matthew Eidelberg, Steven Darracott
When/Where: Thursday, March 8 at 9am | Lil Tex Auditorum
SniffAir is an open-source wireless security framework. Its primary purpose is to provide penetration testers, systems administrators, or others eager about wireless security a way to collect, manage, and analyze wireless traffic. SniffAir was born out of the hassle of managing large or multiple pcap files, manually reviewing the information, and subsequently formulating an attack. SniffAir allows testers to thoroughly cross-examine and analyze traffic while looking for potential security flaws or malicious traffic. Testers can also employ SniffAir to carry out attacks based on this information. We created SniffAir to collect all the traffic broadcasted and sort it by Client or Access Point. Testers can create custom rules to help define the scope, and SniffAir can be instructed to parse collected information based on those rules. SniffAir then uses the rules to move the in-scope data to a new set of tables, allowing the framework to compare filtered data against the original table for anomalies. If applicable, the tester can then load the desired information into SniffAir’s wireless attack modules, allowing them to carry out various sophisticated wireless attacks directly through the framework. By making this project open-source, our hope is to stir the community’s interest in wireless security, whether it be by contributing to the framework directly, or by discovering new methods to assess or attack wireless networks which can then be incorporated into the framework.

Hiding in the Clouds – Leveraging Cloud Infrastructure for Evasive Penetration Testing
Speaker: Mike Hodges
When/Where: Thursday, March 8 at 2:30pm | Lil Tex Auditorium
Organizational spending on cybersecurity is at an all-time high. From an attacker’s perspective, this means that target networks are becoming increasingly hostile environments to operate in. This has pushed attackers to look for new ways to diminish a defenders ability to identify their activity. The introduction of cloud providers and their associated content delivery networks have provided ample ways to attack and communicate with attack infrastructure while piggy-backing on the cloud provider’s infrastructure and reputation. Techniques and tactics such as domain fronting for multiple cloud providers, distributed scanning, and leveraging API gateways will be discussed. Also, more nuanced aspects these cloud services will be explored as they sometimes provide many benefits to an attacker’s infrastructure, including encryption. Most importantly, mitigations for these techniques will provided so that defenders can go about better protecting their network.

A Day in the Life of a Pentester
Moderator: Tim Elrod
When/Where: Friday, March 9 at 11am | Lil Tex Auditorium
Have you ever wondered what it is like to be a professional penetration tester? Ever wanted to hear some of the crazy stories of networks gone awry? Or just want to come have a good time and listen to some entertaining stories? Then do we have the panel for you. Come join some of Optiv’s professional penetration testers as they answer your questions and tell stories all while trying to be as entertaining as possible. If you ever had questions about the business or just like being entertained please join us at Bsides Austin 2018 for our day in the life of a pentester panel.

Optiv is proud to be a platinum sponsor of the event. For more information, please visit the conference website, and register here.