CTFs from concept, to building, to running, to
competing, and winning Participants will be Jordan Wiens, Clayton Dorsey, Ray Doyle,
Dan Helton, and Garrett Galloway

Joe Schottman

Talk Title   
Purple Team Strategies for Application Security Testing


Typical Dynamic Application Security Testing (DAST) does not lend
itself well to Purple Team practices. The sheer volume of traffic that
tools such as Burp or ZAP create during automated testing flood
security operations with so many alerts that the successful portions
of the test often are not scrutinized by the Blue Team. This
represents a missed opportunity to train the SOC staff to recognize
threats in logs and alerting systems, reducing their ability to help
spot, stop, and mitigate real-world attacks.

At the same time, the Blue Team often has access to information about
the application that can speed up testing and make it more accurate
such as the layout of the file system, verbose logs, and insight into
which layers of security controls are mitigating attacks and perhaps
more importantly what parts of the application are already under

This talk covers my experiences with and thoughts on bringing
offensive and defensive staff together to increase the security of the
organization and provide better quality application testing.

Speaker Bio

Joe Schottman has worn many hats in IT, including web application
development, system administration, DevOps, security operations,
vulnerability management, and web application penetration testing. He
is focused on testing and working smarter and helping people
understand the underlying concepts rather than relying on ineffable
processes and procedures.

Talk Title
Disrupting the Mirai botnet

Chuck Mcauley

The Mirai botnet has brought public awareness to the danger of poorly secured embedded devices. Its ability to propagate is fast and reliable. Its impact can be devastating and variants of it will be around for a long time. You need to identify it, stop it, and prevent its spread. I had the opportunity to become familiar with the structure, design, and weaknesses of Mirai and its variants. At this talk you'll learn how to detect members of the botnet, mess with them through various means and setup a safe live fire lab environment for your own amusement. I will demonstrate how to join a C2 server, how to collect new samples for study, and some changes that have occurred since release of the source code. By the end you'll be armed and ready to take the fight to these jerks. Unless you're a botnet operator. Then you'll learn about some of the mistakes you made.

Speaker Bio
Chuck has been working in network security professionally for 15+ years. He currently is a Security Researcher at Ixia Communications, focused on Threat Intelligence and Exploit Research. Most of the time he lives in his cave in New Hampchusetts staring at PCAPs deciphering tea leaves. Sometimes he stumbles on something no one else has looked at and then talks about it. He's talked at numerous other engagements, including 3 bsides events,, and some other conferences.

Talk Title
Removing haystacks to find needles - playing to our strengths

Monica Jain

We all have been fighting the cyber war with SIEMs to detect all the known attacks. In reality, the attack landscape is changing everyday and we cannot predict all possible attacks ahead of time. As security experts we know our environment better than any attacker out there. We cannot ever possibly know all the bad things that have crawled into our environment, however, we certainly know about all known good things in our environment.
Come learn about how we can put that knowledge into play and change the game from finding the ‘Needle in A HayStack’ to ‘Removing Haystacks to Find Needles’ with some real world customer case studies.

Speaker Bio
Monica is a veteran of the Security industry with over 15 years of experience in SIEM and Cloud Security. She worked at ArcSight for over 10 years, culminating in managing the flagship SIEM product portfolio. She saw the company grow from zero revenue to IPO, and ultimately acquired by HP for $1.5B. Monica is driven by a zeal for advancing cyber security from its current state of information overload. After hundreds of conversations with organizations struggling to stay ahead of new emerging threats, Monica co-founded LogicHub to help CISOs sleep better.

In addition to ArcSight, Monica was previously the Director of Product Management at CipherCloud where she created and managed the Cloud Security Analytics product division. She has experience in creating new products at startups as well as managing mature product lines at large public companies. Monica earned her Masters in Computer Science degree as well as worked as a researcher at Stanford University and Carnegie Institute of Washington.

Talk Title
Attacker vs. Defender: Observations on the Human Side of Security

Todd O'Boyle

Cyberattackers spend about a hundredth of the time and money that defenders do giving them a huge advantage when it comes to carrying out their nefarious deeds. Cyberattacks favor the attacker, so what’s a defender to do?

This talk will explore research completed for the U.S. Department of Defense that delves into why simply blocking a cyberattack with technology almost never favors the defender.  We’ll begin with detailed stories of the asymmetry in time and money spent by the attacker and the defender, and offer practical approaches to engaging attackers once you find them. We’ll also study the “Cyber Kill Chain” to identify weaknesses in attacker tactics and then explore some practical ways to use those dependencies against them. We will wrap up with a shared brainstorming session to improve how everyone in the audience can respond when under attack.

Attendees will learn:
- Why spending more time and money on simply blocking attackers won’t help you catch up with them
- Real-world exploits and defense countermeasures
- Six steps to better understand how an attacker works
- How to identify weaknesses in an attacker’s tactics
- Ideas that help even the defensive playing field and make cybersecurity more symmetric

Speaker Bio
Todd O’Boyle is CTO and a co-founder at Strongarm, a cloud-based security company. Prior to Strongarm, Todd spent 15 years at The MITRE Corporation, providing technical support to the U.S. Department of Defense and the Intelligence Community. He also served as principal investigator for a project developing methods to improve how operators respond to cyber adversaries. Todd has a Bachelor of Science degree in computer science from Purdue University.

Talk Title
Analysis of iOS Access Control Policies

William Enck

Smartphones and mobile devices have become a primary computing device
for many consumers. There are currently two dominant smartphone
platforms: Android and iOS. Android has received significant attention
by the academic and industrial research communities, resulting in over a
hundred papers and open discourse about its security and threats. In
contrast, iOS has received significantly limited discussion. This talk
will shed light on the different mechanisms that provide access control
within the iOS platform. A primary focus of the talk will be the sandbox
policy that limits the actions that can be performed by third-party
applications. Flaws in this access control policy are open to attack by
any application installed by the user. We reverse engineered the sandbox
policy into its human readable form and further formally modeled the
policy using Prolog. Using the formal model, we test several logical
invariants to discover vulnerabilities in the policy. Our findings were
reported in our paper published at the 2016 ACM Conference on Computer
and Communications Security (CCS), as well as several CVEs assigned by
Apple. This talk is based on this recent work, but is extended to more
fully contextualize iOS access control and offer insights into areas
that require deeper investigation.

Speaker Bio
William Enck is an Associate Professor in the Department of Computer Science at the North Carolina State University where he is director of the Wolfpack Security and Privacy Research (WSPR) laboratory. Prof. Enck's research interests span the broad area of systems security, with efforts addressing security challenges in mobile applications, operating systems, cloud services, and networking. In particular, his work in mobile application security has led to significant consumer awareness and changes to platforms. Prof. Enck was awarded the National Science Foundation CAREER Award and regularly serves on program committees for top conferences in security such as USENIX Security, IEEE Security and Privacy, ACM CCS, and NDSS. He is serving as department editor for IEEE Security and Privacy Magazine and associate editor of ACM TOIT. He was program co-chair of ACM WiSec 2016 and currently serves on the steering committee. Prior to joining NC State, Prof. Enck earned his Ph.D., M.S., and B.S in Computer Science and Engineering from the Pennsylvania State University in 2011, 2006, and 2004, respectively. Prof. Enck is a member of the ACM, IEEE, ISSA, and USENIX.

Talk Title
What Happens When You Scam a Hackers Grandma?

Weston Hecker

Take a tour of the underground world of online scamming, Weston will explain to you the research performed this year Which cost scammer over 33,000 Dollars in overnight shipping in 6 months and burned 100s of stolen bank account numbers by submitting compromised accounts to banks. Saving people from losses of $400,000 and costing the scammers close to a estimated 1 million dollars in revenue. Weston will explain the series of bot like tools he build to automate the 1000s of honeypot classified listings. and automation of email and text response to scammers. Eariler this year Weston's grandmother died and it was brought to his attention that she was scammed several 1000s of dollars before she was admitted to a nursing home. Take a look at what happens when you scam a hackers Grandma.

Speaker Bio
Weston is currently working for NCR as a Principal Applications Security Engineer

Weston has been pen-testing for 13 years and has 14 years of experience doing security research and programming. He has recently spoken at Blackhat 2016,, ICS security2016, Defcon 22, 23, 24 and 25, Enterprise Connect 2016, ISC2-Security Congress, SC-Congress Toronto, BSIDESBoston, HOPE 11 and at over 50 other speaking engagements from industry specific events to universities on security subject matter. Weston works on several security research subjects at a time cellular hacking, car hacking, ATM/POS hardware hacking, malware reverse engineering.

BSIDES RDU October 26th 2017 EVENT Schedule