BSidesCharm 2023 Schedule

There are two speaking tracks for each day, and one training classroom per day.

Opens at 8:30, Closes at 5:00
Registration

Please arrive with your ticket QR codes readily available.

09:50 - 10:00
BSidesCharm Opening Remarks

Matthew D. Green, an associate professor of computer science and member of the Johns Hopkins University Information Security Institute, is a nationally recognized expert on applied cryptography and cryptographic engineering. His research includes techniques for privacy-enhanced information storage, anonymous payment systems, and bilinear map-based cryptography. He is one of the creators of the Zerocash protocol, which is used by the Zcash cryptocurrency, and a founder of an encryption startup Zeutro. He is the author of a popular blog, “A Few Thoughts on Cryptographic Engineering.”

While the main talk rooms are setup, please take the time to visit our sponsors and explore the villages and workshops.

Entering the cybersecurity field can often be frustrating and challenging. Sit it on this talk to hear about the experiences of a 17-year-old whos currently entering the cybersecurity field. What his suggestions are for others entering the field, possible changes for the field, and what companies can support future cybersecurity professionals.

 

Sully Vickers

As a defender, what does “I use ATT&CK” really mean? In this talk, we will share how defenders like you can translate the adversary perspective provided by ATT&CK into knowledge on how to detect and protect against cyber threats. We will also explore using ATT&CK to identify defensive gaps, develop analytics, and measure/improve your SOC maturity.

Lex Crumpton

Check out the available options within the hotel or take a quick walk next door to the mall food court.

Preventative security controls are more effective in reducing risk than reactive controls. This talk will explore ways to create more visibility and context into your cyber risks so you can preventatively make better decisions about how, when and where to mitigate risks before they’re exploited.

Nathan Wenzler

In this talk I will provide a brief overview of secure coding practices for developing web applications with ReactJS by presenting common software vulnerabilities and detailing ways to remediate and prevent insecure code being pushed to production.

Tae’lur Myers Lambert

YARA rules are an industry standard for identifying malware, but what about when the malware is encrypted with a custom encryption algorithm using mixed boolean-arithmetic? Understanding custom encryption algorithms enables analysts to craft YARA rules to target them. This talk walks through understanding Mustang Panda’s custom encryption scheme for hiding PlugX and how to target it using YARA.

 

Sean Sabo

More tools! More frameworks! More security controls! Let’s add all the things and stack them on top of each other! Nope, nope, and nope. This has been ineffective against major attacks like Solarwinds and Log4j. We need to keep security simple, not just for our security teams who are managing a menagerie of security tools, vulnerabilities, and threats, but also for our users.

Dr. Nikki Robinson

This talk will explore the importance of proactive cybersecurity measures for small and medium sized businesses and provide practical strategies and resources. Topics covered will include playbook development, tabletop exercises, threat intelligence, and open-source or low-cost resources.

 

Ryan St. Germain, Clarissa Bury

Join us after talks have concluded for light snacks and beverages in the Warfields room. Meet new friends and reconnect with old ones!

Check out the available options within the hotel or take a quick walk next door to the mall food court.

Join us for an after-hours chill-out in the Warfields room for a night of games and friends. A cash bar will be open.

Opens at 8:30, Closes at 5:00
Registration

Matthew D. Green, an associate professor of computer science and member of the Johns Hopkins University Information Security Institute, is a nationally recognized expert on applied cryptography and cryptographic engineering. His research includes techniques for privacy-enhanced information storage, anonymous payment systems, and bilinear map-based cryptography. He is one of the creators of the Zerocash protocol, which is used by the Zcash cryptocurrency, and a founder of an encryption startup Zeutro. He is the author of a popular blog, “A Few Thoughts on Cryptographic Engineering.”

While the main talk rooms are setup, please take the time to visit our sponsors and explore the villages and workshops.

Ever feel like you just don’t know what to do when the bad stuff happens? You can’t get the support needed in the middle of an incident? Come chat about an action group model for incident response, a framework which provides coordination, ownership, and flexibility to account for the variable nature of incidents, all while encouraging development of employees at all experience levels.

Shawn Thomas, Taylor Johnson

Active Directory combines DNS functionality (with an LDAP database, Kerberos authentication, and some other stuff) to create a unified directory service platform. As such, the fates of AD and DNS will be forever linked. In fact, you might say they are now married. In this talk you will learn how to keep that marriage happy and healthy!

 

Jim Sykora, Jake Hildreth
Check out the available options within the hotel or take a quick walk next door to the mall food court.

Threat modeling the human security risk, or as others might call it, Security Misconfigurations in the cloud and all the fun attack vectors they create. Yep, it’s clobberin time and this is what makes this job fun – helping others to find their own security problems before others do!

Kat Fitzgerald

A code-breaking Quaker poet who hunted Nazi spies?  Truth is stranger than fiction, and the life of Elizebeth Smith Friedman is no exception. She broke codes during both World Wars and is credited as a founder of modern cryptology.

In this talk, we’ll follow Elizebeth’s journey, learn the history of cryptography, and apply those lessons to how we should view technology and technologists today.

Brendan O’Leary

Some misconfigurations and security oversights are so egregious they can allow attackers to compromise a network in hours or minutes, while some controls or architecture decisions just make attackers’ lives miserable. I’ll provide an attacker’s view of what makes a network easy or hard for us to attack, including showing some tools you can use to ID these issues yourself before getting a pentest.

 

Justin Palk

File and data leakage have been responsible for some of the largest press-worthy cyber security incidents to date, and in recently, appear to be increasing in volume. This talk will propose a more authentic approach to adversarial thinking (informed by MITRE PRE-ATT&CK) designed to inform defensive priorities using the same exact techniques that adversaries are actually employing in the wild.

Nick Ascoli

Join us after talks have concluded for light snacks and beverages in the Warfields room. Meet new friends and reconnect with old ones!

Check out the available options within the hotel or take a quick walk next door to the mall food court.

Join us for an after-hours chill-out in the Warfields room for a night of games and friends. A cash bar will be open.

Opens at 9:00, Closes at 2:30
Registration

Elissa Shevinsky is a CTO known for her work in privacy, security and cryptocurrency. She is currently working with Paragon Tech as a fractional CTO. She was previously CTO and Interim CSO at Cointelegraph, a leading crypto news organization. Shevinsky has led several security and privacy startups, including roles as Head of Product at Brave and CEO at Soho Token Labs. In her free time, she explores wildlife sanctuaries and watches sci-fi reruns.

While the main talk rooms are setup, please take the time to visit our sponsors and explore the villages.

How do we, as an intelligence community, understand and distribute the severity of widespread vulnerabilities? On that note, how do we even categorize them? After years of developing a need for a widespread and company ambiguous importance monitoring system, CVE and CVSS was born. Knowing how exactly how to understand and use these systems is fundamental for defending and exploiting.

Beth

Since Windows 10, Microsoft has added many new security features aimed at disrupting kernel level malware. To stay viable, rootkit developers have evolved how they load into the kernel, gain system control, and monitor activity. This talk walks through such techniques observed in the wild and how they are detectable through a combination of memory forensics and event log analysis.

 

Andrew Case

Check out the available options within the hotel or take a quick walk next door to the mall food court.

Preventing attacks that use Bring Your Own Vulnerable Drivers pose a unique threat to Windows security, but what makes a driver vulnerable, and how prevalent are vulnerable device drivers?  In addition to answering these questions, this talk provides categories of vulnerabilities that are unique to Windows drivers and provides real world case studies to illustrate the theoretical concepts.

 

Dana Behling

This presentation will illustrate the entire cyber-kill chain, hands-on-keyboard activity and corresponding MITRE ATT&CK mappings for a series of successful intrusions carried out by the North Korean APT group “Lazarus” against energy companies across the world. We also provide an analysis of MagicRAT and associated, bespoke malware families used by the APT group.

 

Asheer Malhotra

Stick around to hear the latest on how the conference went as well as win free prizes!

Opens at 9:00, Closes at 2:30
Registration

Elissa Shevinsky is a CTO known for her work in privacy, security and cryptocurrency. She is currently working with Paragon Tech as a fractional CTO. She was previously CTO and Interim CSO at Cointelegraph, a leading crypto news organization. Shevinsky has led several security and privacy startups, including roles as Head of Product at Brave and CEO at Soho Token Labs. In her free time, she explores wildlife sanctuaries and watches sci-fi reruns.

While the main talk rooms are setup, please take the time to visit our sponsors and explore the villages.

Want to know how to use your incident response skills to help emotionally?

Incident response uses PICERL: (Prepare, Isolate, Contain, Eradicate, Recover, and Lessons learned)- the brain uses stages (Denial, Anger, Bargaining, Depression, and Acceptance).

I’m not a therapist but I have Master’s degrees in Social Work and CyberSecurity.

Marc Muher

Containers are essential in modern software development, but they come with security considerations. This talk will cover container foundations, operational impact, and security considerations throughout their lifecycle. Best practices for securing containerized apps will also be discussed.

 

Kenny Parsons

Check out the available options within the hotel or take a quick walk next door to the mall food court.

How can you trust all of the hardware and software you use on a daily basis? Hardware, firmware, and software have a unique (often complex) supply chain. I believe we extend far too much trust to the supply chain and do not verify the integrity of our hardware and software components. Using open-source and free tools learn how to enumerate and validate the integrity of your devices in this talk!

Paul Asadoorian

Zero Trust is all the rage in security these days. Where do you begin when trying to move towards a more mature zero trust architecture for your organization? Using the CISA Zero Trust Maturity Model, the Zero Trust team at Centers for Medicare and Medicaid Services customized a framework for our environments to better track progress across various axes. We want to share how we did this with you.

 

Invited speaker: Elizabeth Schweinsberg
Stick around to hear the latest on how the conference went as well as win free prizes!
10:00 - 5:30
Defensive PowerShell (Training Room 1)

This Defensive PowerShell workshop is an immersive, hands-on learning experience. You will use PowerShell Remoting (PowerShell v7) to parse text base and Windows Event logs. You will also query both local and remote registries. You will learn about an additional Windows firewall log and enable and create a custom object.

James Honeycutt

This workshop will focus on teaching participants how to handle malware and analyze samples using both Windows and Linux containers. The workshop will focus leveraging open-source tools, and techniques to build out a simple analysis queue pipeline to allow students to analyze multiple samples at scale within a controlled environment.

Jose Fernandez
11:30 - 3:00
Building (and Validating) Detections with Adversary Intelligence (Training Room 1)

We will demonstrate workflows & use publicly available tools to gather & process intelligence on key current threats (top infostealers), identify potential TTP detection gaps, and close those gaps with new detections & validation tests. We’ll also show how teams can be more proactive by considering defenses for technique implementations beyond just those reported in public intelligence.

 

Scott Small

Fuzzing is still one of the leading methods for finding vulnerabilities in applications. And it doesn’t have to be hard. This course gives both a high-level overview on the theory of fuzz testing as well as concrete practical exercises. Students will learn how to fuzz real-world applications to uncover actual software vulnerabilities in applications still shipped in 2023.

 

Sean Deaton, Ryan O’Neal