We’re pleased to announce the immediate availability of the RVAsec 2018 videos!
Click through to watch all presentations on YouTube, and all the slides are also now available as well!
Looking for the RVAsec 7 schedule? See m.rvasec.com where you can set your own agenda, rate speakers, and make sure you don’t miss a thing!
RVAsec 2018 is just a few days away, which means it’s almost time for another CTF! As mentioned in our first blog post, we have some exciting problems planned in topics ranging from cryptography to web and binary exploitation to lockpicking and badge hacking. The actual CTF will take place on Friday, June 8th all day, but we’ll have some practice challenges set up on Thursday.
Thanks to Crowdstrike as well as Offensive Security and Netsparker, we have some really exciting prizes. As done in the past, we will have two separate prize tiers: you can either compete individually or in teams of up to 5 people. The top 3 individuals and teams in each category will be guaranteed a prize, and the remaining prizes will be distributed to the next highest individuals/teams. Priority will be given to the highest finishing competitors/teams (1st place chooses first, then 2nd, etc), with the top 3 individuals picking first, followed by the top 3 teams.
As one last note, you’ll be able to connect to the CTF stuff both wired and wirelessly. As we don’t have enough hardware to allow everyone to connect via a wired connection, you are encouraged to bring your own switch and long Cat5 cable.
Without further ado, the RVAsec CTF 2018 prizes:
● 2x Offensive Security PWK Course with 30 days of lab + OSCP Certification
● 2х Netsparker License
● 2x Hak5 WiFi Pineapple Tetra Tactical
● 2x Hak5 Bash Bunny
● 2x Hak5 Rubber Ducky
● 3x Holy Stone Racing FPV Drone
● 2x Anker PowerCore Speed 20000 Portable Charger
● 1x $250 Visa Gift Card
● 2x $100 Visa Gift Card
Wondering where things are for RVAsec in the VCU University Student Commons? Look no further!
Click the map of the Commons 2nd floor for a larger version.
Virginia Commonwealth University Campus
University Student Commons, 2nd floor
907 Floyd Avenue, Richmond, VA 23284
Main Street Parking Deck
801 West Main Street, Richmond, VA 23284
Proof of attendance:
We are pleased to announce that Cisco are sponsoring our After Conference Reception on Friday, 8th June. The Reception will be held in the Commonwealth Ballroom directly after the last talk on Friday afternoon. Thank you to Cisco, and we look forward to seeing you all there!
Come see us at RVAsec. Register now!
Nat Hirsch is the Director of the Red Team at a large financial institution. He has been doing Red Teaming, Pentesting, and other offensive focused security assessments for the last decade.
Brian Brurok is senior director of Security Software Engineering at Capital One focusing on delivering software solutions and automations for Security Operations teams. He develops and deploys custom applications focusing on Data Analysis, Incident Management, Automation and Live Response. His software tools have been used across teams to improve hunt operations, analyst performance, and incident management. Prior to Capital One, Brian spent 16 years in security operations building, maturing and managing over 50 security operations centers across DoD, Intel, Defense Contractor and Federal spaces. He’s active in the cyber community speaking at various conferences, and also regularly hosts and builds realistic training scenarios for multiple Capture the Flag events.
Picture this, a Red Team and a Blue Team working together to make the organization more secure, and not just trying to prove that they are better then the other one. This is how we did it.
Come see Nat and Brian at RVAsec! Register Now.
Karen Cole is the CEO of Assura, Inc. a cybersecurity consulting firm located in Ashland, Virginia. Her company just celebrated its 11th year in business and is considered in the top 1% of women-owned companies in the United States according to a recent study by the U.S. Women’s Chamber of Commerce. Throughout her 20+ year career, Karen has worked with various executives, boards of directors, and legislators to bring cybersecurity to the executive level and get programs the support and resources they need. Many times, she has helped them work through their own 5 Stages of Grief to get them to embrace their new corporate responsibilities.
Most information security professionals got into the field to enjoy the technical challenges of keeping the hackers at bay. However, as information security has moved into the executive level of organizations, most professionals struggle to get connect with executives and get the support they need for their programs. Karen Cole has been successfully handling the most ardent opponents of information security (think politicians, board members, and C-suite executives) for 16 years getting her clients what they need. This session is focused on real-world actions you can take to get the support and resources for your program. Leave your governance theory at the door. This session is going to get real!
Come see Karen at RVAsec! Register Now.
Tyler works at BlackBerry Product Security as a Security Program Manager and is the lead incident manager during emergency response events. His focus areas include SDLC, sustained engineering, vulnerability management, and risk management across multiple operating systems. He is currently researching pre-acquisition and post-acquisition security processes. In the past, Tyler has been responsible for vetting malware being submitted to mobile app stores, and ensuring that users are properly informed of the privacy risks posed by mobile applications and mobile ad packages.
Does your company use Open Source Software (OSS) libraries in the products that it builds? Do you worry that your customers and company will be exploited because no one in your organization is maintaining those libraries with vulnerability fixes? Let’s do something about that.
During this presentation, we will start from nothing and build a process for identifying the OSS libraries that your company uses in order to build a bill of materials. We will source threat intel on those libraries, and we will take action to remediate the vulnerabilities in our source code repository so that we can keep our customers and company safe.
Come see Tyler at RVAsec! Register Now.
Mike Hodges is a senior consultant for the Optiv Attack and Penetration Practice. He has a background in application development and is currently OSCP, Assoc CISSP, and CEH certified. He is currently interested in evasive penetration tactics and techniques and is constantly looking to build new ways to automate attacker evasion.
Organizational spending on cybersecurity is at an all-time high. From an attacker’s perspective, this means that target networks are becoming increasingly hostile environments to operate in. This has pushed attackers to look for new ways to diminish a defenders ability to identify their activity. The introduction of cloud providers and their associated content delivery networks have provided ample ways to attack and communicate with attack infrastructure while piggy-backing on the cloud provider’s infrastructure and reputation.
Techniques and tactics such as domain fronting for multiple cloud providers, distributed scanning, and leveraging API gateways will be discussed. Also, more nuanced aspects these cloud services will be explored as they sometimes provide many benefits to an attacker’s infrastructure, including encryption. Most importantly, mitigations for these techniques will provided so that defenders can go about better protecting their network.
Come see Mike at RVAsec! Register Now.