Start Time End Time Event
8:00 AM 8:45 AM Registration
8:45 AM 9:00 AM Opening Remarks and Announcements
9:00 AM 10:00 AM Keynote - Cliff Stoll
10:00 AM 10:15 AM Break
10:15 AM 11:15 AM CTF Panel- Jordan Wiens and EverSec
11:15 AM 11:45 AM Financial Crime: The Past, The Present and the Future - Marcelo Mansur
11:45 AM 12:30 PM Disrupting the Mirai Botnet - Chuck McAuley
12:30 PM 1:15 PM Lunch
1:15 PM 2:00 PM Removing haystacks to find needles - playing to our strengths - Monica Jain
2:00 PM 2:45 PM Attacker vs. Defender: Observations on the Human Side of Security -Todd O'Boyle
2:45 PM 3:00 PM Break
3:00 PM 3:45 PM Analysis of iOS Access Control Policies - William Enck
3:45 PM 4:30 PM Closing Keynote - What Happens When You Scam a Hackers Grandma? - Weston Hecker
4:30 PM 9:00 PM Conference continues in Venture Hall
4:30 PM 5:30 PM Social Hour
5:30 PM 6:30 PM Hacker Jeopardy
6:30 PM 7:30 PM Auction
7:30 PM 8:30 PM
8:30 PM 9:30 PM

CTFs from concept, to building, to running, to
competing, and winning (for now, CTF folks are still hashing this
out). Participants would be Jordan Wiens, Clayton Dorsey, Ray Doyle,
Dan Helton, and Garrett Galloway.

Talk Title
Financial Crime: The Past, The Present and the Future

Marcelo Mansur

This talk starts with the beginnings of my own career in a dicey investment brokerage and discusses some old school boiler room practices before moving on to insider trading, cryptocurrencies, darknet forums and markets and the growing prevalence of hackers in the murky world of investment fraud. I’ll be covering:

-    The scammers I worked for, what they sold and how they fooled us all
-    Insider trading and false rumour spreading
-    Amaranth, Galleon Group and Jonathan LeBed
-    Cryptocurrency and online trading
-    Fin4, The Macau 3 and The Wall Street/Kiev coalition
-    The darknet exchanges for inside information
-    Employee Bribery and shopping lists of secrets
-    What the hell are we supposed to do now?

Speaker Bio
After a few months as a headhunter I chose to focus on infosec purely due to my love for the community and all things hacker related. I now run a security recruitment, consulting and contracting company but before all of this began I was a stockbroker. My initial involvement in the financial sector is where my interest in the topic of this talk began and I’ve kept my finger on the pulse of this subject throughout my career. I enjoy dark comedy, bad puns and conversations about hacking. I enjoy them more if absorbed with a few beers and a steak.

Talk Title

Chuck Mcauley

The Mirai botnet has brought public awareness to the danger of poorly secured embedded devices. Its ability to propagate is fast and reliable. Its impact can be devastating and variants of it will be around for a long time. You need to identify it, stop it, and prevent its spread. I had the opportunity to become familiar with the structure, design, and weaknesses of Mirai and its variants. At this talk you'll learn how to detect members of the botnet, mess with them through various means and setup a safe live fire lab environment for your own amusement. I will demonstrate how to join a C2 server, how to collect new samples for study, and some changes that have occurred since release of the source code. By the end you'll be armed and ready to take the fight to these jerks. Unless you're a botnet operator. Then you'll learn about some of the mistakes you made.

Speaker Bio
Chuck has been working in network security professionally for 15+ years. He currently is a Security Researcher at Ixia Communications, focused on Threat Intelligence and Exploit Research. Most of the time he lives in his cave in New Hampchusetts staring at PCAPs deciphering tea leaves. Sometimes he stumbles on something no one else has looked at and then talks about it. He's talked at numerous other engagements, including 3 bsides events,, and some other conferences.

Talk Title
Removing haystacks to find needles - playing to our strengths

Monica Jain

We all have been fighting the cyber war with SIEMs to detect all the known attacks. In reality, the attack landscape is changing everyday and we cannot predict all possible attacks ahead of time. As security experts we know our environment better than any attacker out there. We cannot ever possibly know all the bad things that have crawled into our environment, however, we certainly know about all known good things in our environment.
Come learn about how we can put that knowledge into play and change the game from finding the ‘Needle in A HayStack’ to ‘Removing Haystacks to Find Needles’ with some real world customer case studies.

Speaker Bio
Monica is a veteran of the Security industry with over 15 years of experience in SIEM and Cloud Security. She worked at ArcSight for over 10 years, culminating in managing the flagship SIEM product portfolio. She saw the company grow from zero revenue to IPO, and ultimately acquired by HP for $1.5B. Monica is driven by a zeal for advancing cyber security from its current state of information overload. After hundreds of conversations with organizations struggling to stay ahead of new emerging threats, Monica co-founded LogicHub to help CISOs sleep better.

In addition to ArcSight, Monica was previously the Director of Product Management at CipherCloud where she created and managed the Cloud Security Analytics product division. She has experience in creating new products at startups as well as managing mature product lines at large public companies. Monica earned her Masters in Computer Science degree as well as worked as a researcher at Stanford University and Carnegie Institute of Washington.

Talk Title
Attacker vs. Defender: Observations on the Human Side of Security

Todd O'Boyle

Cyberattackers spend about a hundredth of the time and money that defenders do giving them a huge advantage when it comes to carrying out their nefarious deeds. Cyberattacks favor the attacker, so what’s a defender to do?

This talk will explore research completed for the U.S. Department of Defense that delves into why simply blocking a cyberattack with technology almost never favors the defender.  We’ll begin with detailed stories of the asymmetry in time and money spent by the attacker and the defender, and offer practical approaches to engaging attackers once you find them. We’ll also study the “Cyber Kill Chain” to identify weaknesses in attacker tactics and then explore some practical ways to use those dependencies against them. We will wrap up with a shared brainstorming session to improve how everyone in the audience can respond when under attack.

Attendees will learn:
- Why spending more time and money on simply blocking attackers won’t help you catch up with them
- Real-world exploits and defense countermeasures
- Six steps to better understand how an attacker works
- How to identify weaknesses in an attacker’s tactics
- Ideas that help even the defensive playing field and make cybersecurity more symmetric

Speaker Bio
Todd O’Boyle is CTO and a co-founder at Strongarm, a cloud-based security company. Prior to Strongarm, Todd spent 15 years at The MITRE Corporation, providing technical support to the U.S. Department of Defense and the Intelligence Community. He also served as principal investigator for a project developing methods to improve how operators respond to cyber adversaries. Todd has a Bachelor of Science degree in computer science from Purdue University.

Talk Title
Analysis of iOS Access Control Policies

William Enck

Smartphones and mobile devices have become a primary computing device
for many consumers. There are currently two dominant smartphone
platforms: Android and iOS. Android has received significant attention
by the academic and industrial research communities, resulting in over a
hundred papers and open discourse about its security and threats. In
contrast, iOS has received significantly limited discussion. This talk
will shed light on the different mechanisms that provide access control
within the iOS platform. A primary focus of the talk will be the sandbox
policy that limits the actions that can be performed by third-party
applications. Flaws in this access control policy are open to attack by
any application installed by the user. We reverse engineered the sandbox
policy into its human readable form and further formally modeled the
policy using Prolog. Using the formal model, we test several logical
invariants to discover vulnerabilities in the policy. Our findings were
reported in our paper published at the 2016 ACM Conference on Computer
and Communications Security (CCS), as well as several CVEs assigned by
Apple. This talk is based on this recent work, but is extended to more
fully contextualize iOS access control and offer insights into areas
that require deeper investigation.

Speaker Bio
William Enck is an Associate Professor in the Department of Computer Science at the North Carolina State University where he is director of the Wolfpack Security and Privacy Research (WSPR) laboratory. Prof. Enck's research interests span the broad area of systems security, with efforts addressing security challenges in mobile applications, operating systems, cloud services, and networking. In particular, his work in mobile application security has led to significant consumer awareness and changes to platforms. Prof. Enck was awarded the National Science Foundation CAREER Award and regularly serves on program committees for top conferences in security such as USENIX Security, IEEE Security and Privacy, ACM CCS, and NDSS. He is serving as department editor for IEEE Security and Privacy Magazine and associate editor of ACM TOIT. He was program co-chair of ACM WiSec 2016 and currently serves on the steering committee. Prior to joining NC State, Prof. Enck earned his Ph.D., M.S., and B.S in Computer Science and Engineering from the Pennsylvania State University in 2011, 2006, and 2004, respectively. Prof. Enck is a member of the ACM, IEEE, ISSA, and USENIX.

Talk Title
What Happens When You Scam a Hackers Grandma?

Weston Hecker

Take a tour of the underground world of online scamming, Weston will explain to you the research performed this year Which cost scammer over 33,000 Dollars in overnight shipping in 6 months and burned 100s of stolen bank account numbers by submitting compromised accounts to banks. Saving people from losses of $400,000 and costing the scammers close to a estimated 1 million dollars in revenue. Weston will explain the series of bot like tools he build to automate the 1000s of honeypot classified listings. and automation of email and text response to scammers. Eariler this year Weston's grandmother died and it was brought to his attention that she was scammed several 1000s of dollars before she was admitted to a nursing home. Take a look at what happens when you scam a hackers Grandma.

Speaker Bio
Weston is currently working for NCR as a Principal Applications Security Engineer

Weston has been pen-testing for 13 years and has 14 years of experience doing security research and programming. He has recently spoken at Blackhat 2016,, ICS security2016, Defcon 22, 23, 24 and 25, Enterprise Connect 2016, ISC2-Security Congress, SC-Congress Toronto, BSIDESBoston, HOPE 11 and at over 50 other speaking engagements from industry specific events to universities on security subject matter. Weston works on several security research subjects at a time cellular hacking, car hacking, ATM/POS hardware hacking, malware reverse engineering.

BSIDES RALEIGH October 26th 2017 EVENT Schedule