Month: March 2014

RVAs3c Speakers!

March 31, 2014
AnnouncementConference

Here are the speakers for the 2014 RVAs3c conference!

David Kennedy – Keynote
David J. Bianco Evan Booth
Sarah Clarke Jonathan Dambrot
Inga Goddijn Seth Hanford
Pete Herzog Dan Holden & Elizabeth Martin
Ray Kelly Jack Mannino & Abdullah Munawar
mubix Kizz MyAnthia
Kimberley Parsons & Carmen Sullo Joey Peloquin
Nick Popovich David Sharpe & Katherine Trame
Jayson E. Street Ben Tomhave
Schuyler Towne Steve Werby

 

Head to the Speaker’s Page to see information about each speaker and the topics they will be presenting!

Badge Update From @hackrva

March 20, 2014
AnnouncementBadges
We recently had an update from the Hack.RVA team on the badges for this year’s conference and we had to share!  They have been heavily focused on the etching process the past few months and are making great progress. They tested a spray-on resist with very unpredictable results, and have replaced it with a resist film application, with one more method to test out before making a final decision. Last year the etching stage was a huge time sink and a source of some errors, so they are determined to get it right this year!
The software is currently only in the driver “bring-up” phase, and the only component that hasn’t been tested is the IR, which is the same model used in last year’s badge, only smaller. 
Here is a picture of one of the first prototypes. 
IMG_20140215_140315

Hotel Information – Book now!

March 17, 2014
AnnouncementConference

RVAsec has reserved a block of rooms at the Crowne Plaza for our out of town guests. The rate is $114/night (which includes parking)–just mention block “RVAsec” to get the special rate.  Unfortunately, you will need to call the hotel to get the rate–it will not work online.

If you need a room, please make sure to book ASAP!

Crowne Plaza Richmond Downtown
555 East Canal Street, Richmond VA 23219
804-788-0900 or 800-2CROWNE

The hotel has a shuttle that runs back and forth from the conference location at VCU for both days.

If for any reason you are unable to get the RVAsec rate or the block of rooms has been filled, please let us know so we can obtain a larger block from the hotel.

Discount Ends Tonight & Sell Out Risk High!

March 14, 2014
AnnouncementConference

Just under 10 hours left to get RVAsec tickets at half off–only $50!

And if that’s not enough incentive to purchase your tickets early, and you still want to attend you better think about pulling the trigger soon. We have already sold approximately 75% of all available tickets for the event!

Don’t forget all the things you get with registration, including 2 full days of talks, parking, meals, snacks, drinks, reception, prizes, a capture the flag contest, t-shirt & swag!

So, to recap, we are closing in on selling out already and the conference prices are as follows:

  • $50 discounted price until 3/14
  • $100 regular price until 5/16
  • $150 late registration until 5/30

 

Register now!

 

David Kennedy to Keynote RVAsec!

March 10, 2014
AnnouncementConference

We are pleased to announce that David Kennedy will be keynoting RVAs3c 2014!

dave-kennedyDavid is the Founder and Principal Security Consultant for TrustedSec, who provides information security consulting services for a large portion of the Fortune 1000 space as well as medium-sized companies. Prior to TrustedSec, David was a Chief Security Officer (CSO) for Diebold Incorporated, a Fortune 1000 company located in over 80 countries with over 16,000 employees. David developed a global security program that tackled all aspects of information security. David is considered a thought leader in the security field and has presented at over three hundred conferences worldwide.

David has had numerous guest appearances on Fox News, CNN, CNBC, Huffington Post, Bloomberg, BBC, The Katie Show, and other high-profile media outlets. David is the founder of DerbyCon, a large-scale information security conference. David has testified in front of Congress on multiple occasions on the threats we face in security and in the government space.

David also co-authored Metasploit: The Penetration Testers Guide, which was number one on Amazon in security for over a year. David was also one of the founding members of the “Penetration Testing Execution Standard” (PTES). PTES is the industry leading standard and guideline around how penetration tests should be performed. David has had the privilege to speak and keynote at some of the nations largest conferences.

David is the creator of several widely popular open-source tools including “The Social-Engineer Toolkit” (SET), Artillery, and Fast-Track. David has also released several zero-day exploits and focuses on security research. David has over 14 years of security experience, with over 9 specifically in security consulting. Prior to the private sector, David worked in the United States Marines for cyber warfare and forensics analysis activities.

David also recently testified before the US Congress about the security of the healthcare.gov web site.

RVAsec CTF: What to expect this year!

March 4, 2014
AnnouncementConferenceCTF
Last year RVAsec had its first CTF and it was a huge success.   The team has been planning to make the event this years even better and have a lot in store.  We caught up with Chris Gerling to get some information on what to expect this year.
(RVAsec) The CTF was aimed to be a bit of a different take than normal and huge hit at last year’s at RVAsec. Can you tell us a little about it?
Chris: We wanted to build an “Everyman” CTF, which allowed people from all skill levels and professions to participate and learn. Our goal was education, and to give people a platform for that to happen on. The trick was balancing easy challenges with medium and very difficult as well, giving everyone a challenge without making them feel too confused. We believe it worked very well.
(RVAsec) How many people participated? How did the RVAsec attendees do with the CTF?
Chris: 37 people ended up participating and nearly all scored on at least one challenge. It was really awesome to see people learning and solving problems, and even surprising themselves with what they could figure out.
(RVAsec) What were some things that you learned from last year?
Chris: We learned that the registration process needs to be cleaner, and we need to do a better job of keeping track of people for giving our prizes. It’s also going to be beneficial to have the event more organized with goals we want to hit in terms of announcements, at every stage of the event.
Hardware wise, we’re using a smaller machine that doesn’t weigh as much. The AP we used, which was a WNDR4500 held up well, but we’re going to augment that this year and look into providing wired access.
(RVAsec) What are the plans for the CTF this year?
Chris: We plan on offering a similar style CTF, with a tiered approach. Possible additions are a more robust story line, and a free 1 hour seminar for brand new participants who have never done a CTF before.
(RVAsec) If someone wanted to participate, what would you recommend they do to prepare?

Chris: There are a plethora of tutorials available on youtube and securitytube. There are also challenges available at https://www.honeynet.org/challenges that are really great to learn on.  Getting familiar with tools like Wireshark, and basic command line usage in a distribution such as Kali Linux will be very valuable.  From a DFIR standpoint downloading and learning the SANS SIFT workstation is also one way to learn forensics tools.

(RVAsec) Can you give attendees any hints or teasers about the CTF?
Chris: Only if you bring us some beer. 😉  We’ll actually be releasing some teasers once we’ve got more content built out in the coming weeks!
(RVAsec) How do people sign up to participate?
Chris:  You can register for the CTF when you purchase your ticket for RVAsec, or directly on the SecuraBit web site.

(RVAsec)  Do you need any help?  If so, what and how can people or companies help out?
Chris: We can always use help in creating this. We’re really ramping up over the next few weeks and starting to build things. If you want to build a challenge, or have any content at all you want to contribute, we definitely need that. If you’re really motivated and want to push on us all to do the best job we can, we’d love to have you on the team.

Sponsors are welcomed if any want to donate prizes to give away. We will give you a shout out and display your logo on the scoreboard.
(RVAsec) Anything else?
We can’t wait to see people learn again, and are very grateful to have a place to put this event on in RVAsec!  If you want to get involved, have questions or want to sponsor please contact us at ctf@securabit.com