Looking for the RVAsec 7 schedule? See m.rvasec.com where you can set your own agenda, rate speakers, and make sure you don’t miss a thing!
RVAsec 2018 is just a few days away, which means it’s almost time for another CTF! As mentioned in our first blog post, we have some exciting problems planned in topics ranging from cryptography to web and binary exploitation to lockpicking and badge hacking. The actual CTF will take place on Friday, June 8th all day, but we’ll have some practice challenges set up on Thursday.
Thanks to Crowdstrike as well as Offensive Security and Netsparker, we have some really exciting prizes. As done in the past, we will have two separate prize tiers: you can either compete individually or in teams of up to 5 people. The top 3 individuals and teams in each category will be guaranteed a prize, and the remaining prizes will be distributed to the next highest individuals/teams. Priority will be given to the highest finishing competitors/teams (1st place chooses first, then 2nd, etc), with the top 3 individuals picking first, followed by the top 3 teams.
As one last note, you’ll be able to connect to the CTF stuff both wired and wirelessly. As we don’t have enough hardware to allow everyone to connect via a wired connection, you are encouraged to bring your own switch and long Cat5 cable.
Without further ado, the RVAsec CTF 2018 prizes:
● 2x Offensive Security PWK Course with 30 days of lab + OSCP Certification
● 2х Netsparker License
● 2x Hak5 WiFi Pineapple Tetra Tactical
● 2x Hak5 Bash Bunny
● 2x Hak5 Rubber Ducky
● 3x Holy Stone Racing FPV Drone
● 2x Anker PowerCore Speed 20000 Portable Charger
● 1x $250 Visa Gift Card
● 2x $100 Visa Gift Card
Wondering where things are for RVAsec in the VCU University Student Commons? Look no further!
- Registration is outside the Richmond Salons
- Talks are in Commonwealth Ballroom & Commons Theater
- Vendors & food are in the Richmond Salons or outside Salons/Ballroom
- Capture the Flag (CTF) is in the Virginia Rooms
- Badges from HackRVA are in the Virginia Rooms
Click the map of the Commons 2nd floor for a larger version.
Virginia Commonwealth University Campus
University Student Commons, 2nd floor
907 Floyd Avenue, Richmond, VA 23284
Main Street Parking Deck
801 West Main Street, Richmond, VA 23284
- Print the RVAsec 2018 proof of attendance PDF and add your name
- Bring the printout to RVAsec
- Ask one of the volunteers or staff at the registration desk to sign your form
Proof of attendance:
We are pleased to announce that Cisco are sponsoring our After Conference Reception on Friday, 8th June. The Reception will be held in the Commonwealth Ballroom directly after the last talk on Friday afternoon. Thank you to Cisco, and we look forward to seeing you all there!
Come see us at RVAsec. Register now!
Nat Hirsch is the Director of the Red Team at a large financial institution. He has been doing Red Teaming, Pentesting, and other offensive focused security assessments for the last decade.
Brian Brurok is senior director of Security Software Engineering at Capital One focusing on delivering software solutions and automations for Security Operations teams. He develops and deploys custom applications focusing on Data Analysis, Incident Management, Automation and Live Response. His software tools have been used across teams to improve hunt operations, analyst performance, and incident management. Prior to Capital One, Brian spent 16 years in security operations building, maturing and managing over 50 security operations centers across DoD, Intel, Defense Contractor and Federal spaces. He’s active in the cyber community speaking at various conferences, and also regularly hosts and builds realistic training scenarios for multiple Capture the Flag events.
Building a Better Catfish
Picture this, a Red Team and a Blue Team working together to make the organization more secure, and not just trying to prove that they are better then the other one. This is how we did it.
Come see Nat and Brian at RVAsec! Register Now.
Karen Cole is the CEO of Assura, Inc. a cybersecurity consulting firm located in Ashland, Virginia. Her company just celebrated its 11th year in business and is considered in the top 1% of women-owned companies in the United States according to a recent study by the U.S. Women’s Chamber of Commerce. Throughout her 20+ year career, Karen has worked with various executives, boards of directors, and legislators to bring cybersecurity to the executive level and get programs the support and resources they need. Many times, she has helped them work through their own 5 Stages of Grief to get them to embrace their new corporate responsibilities.
From Grief to Enlightenment: Getting the Executive Support for Information Security
Most information security professionals got into the field to enjoy the technical challenges of keeping the hackers at bay. However, as information security has moved into the executive level of organizations, most professionals struggle to get connect with executives and get the support they need for their programs. Karen Cole has been successfully handling the most ardent opponents of information security (think politicians, board members, and C-suite executives) for 16 years getting her clients what they need. This session is focused on real-world actions you can take to get the support and resources for your program. Leave your governance theory at the door. This session is going to get real!
Come see Karen at RVAsec! Register Now.
Tyler works at BlackBerry Product Security as a Security Program Manager and is the lead incident manager during emergency response events. His focus areas include SDLC, sustained engineering, vulnerability management, and risk management across multiple operating systems. He is currently researching pre-acquisition and post-acquisition security processes. In the past, Tyler has been responsible for vetting malware being submitted to mobile app stores, and ensuring that users are properly informed of the privacy risks posed by mobile applications and mobile ad packages.
Let’s build an OSS vulnerability management program!
Does your company use Open Source Software (OSS) libraries in the products that it builds? Do you worry that your customers and company will be exploited because no one in your organization is maintaining those libraries with vulnerability fixes? Let’s do something about that.
During this presentation, we will start from nothing and build a process for identifying the OSS libraries that your company uses in order to build a bill of materials. We will source threat intel on those libraries, and we will take action to remediate the vulnerabilities in our source code repository so that we can keep our customers and company safe.
Come see Tyler at RVAsec! Register Now.
Mike Hodges is a senior consultant for the Optiv Attack and Penetration Practice. He has a background in application development and is currently OSCP, Assoc CISSP, and CEH certified. He is currently interested in evasive penetration tactics and techniques and is constantly looking to build new ways to automate attacker evasion.
Hiding in the Clouds – Leveraging Cloud Infrastructure to Evade Detection
Organizational spending on cybersecurity is at an all-time high. From an attacker’s perspective, this means that target networks are becoming increasingly hostile environments to operate in. This has pushed attackers to look for new ways to diminish a defenders ability to identify their activity. The introduction of cloud providers and their associated content delivery networks have provided ample ways to attack and communicate with attack infrastructure while piggy-backing on the cloud provider’s infrastructure and reputation.
Techniques and tactics such as domain fronting for multiple cloud providers, distributed scanning, and leveraging API gateways will be discussed. Also, more nuanced aspects these cloud services will be explored as they sometimes provide many benefits to an attacker’s infrastructure, including encryption. Most importantly, mitigations for these techniques will provided so that defenders can go about better protecting their network.
Come see Mike at RVAsec! Register Now.
Simone is Chief Cyberstrategy Officer at CyberVista where she leads product development and delivery of cybersecurity training and education curriculums as well as workforce initiatives for executives, cyber practitioners, and continuing education. Previously, Simone was a Senior Associate at Booz Allen Hamilton in the firm’s commercial sector cybersecurity practice focusing on the creation of cyber fusion centers and the integration of cyber security operations. Prior to that, she led the firm’s all source cyber threat intelligence business in the national security and Defense sectors, including intelligence support to both defensive and offensive operations. Simone received her J.D. with honors from Catholic University Columbus School of Law and graduated from Georgetown University with a B.A. in Government and a M.A. in International Law and Policy.
How Do You Measure Expertise? A New Model for Cybersecurity Education.
The industry relies upon a strong and knowledgeable talent base to protect both commercial and national interests, but without a more universal and standardized education model we still have an overall cybersecurity workforce shortage.
This session, designed both for leaders and learners, will explore the current training landscape, describe a model for the new/emerging cybersecurity profession and introduce a career model based on skills/knowledge that are mapped to the field. Participants will leave this session understanding all the tools available for cybersecurity managers to effectively grow the profession from the bottom up, top down, and through the middle via upskilling, reskilling, continuing education and mentoring. They will understand the foundations upon which a framework can be built to address the needs of the individual and the profession as a whole. Finally, participants will recognize the optimal way to balance qualitative measures in the cybersecurity profession (i.e. degree, certifications, etc) and qualitative ones (i.e. continuing education, practice, experience).
Come see Simone at RVAsec! Register Now.
RVAsec Announce Signup