Author: rvasadmin

RVAsec 7 CTF

The CTF crew is once again hard at work preparing challenges for this year’s competition. As in the past, the first day of the conference will be CTF prep while the actual competition will take place on Day 2 (Friday, June 8th). Even though it will contain some hard challenges, this is a learning CTF – not just a bash-your-head-against-the-wall competition. As such, there will be plenty of challenges from lockpicking to recon and web exploitation for people of all levels and backgrounds. Additionally, you may choose to compete as an individual or form teams of up to 5 people – there are separate prize categories for both.

You will need an updated Kali machine, but we will provide everything else.

Below is a list of some of the skills/topics that have been covered in previous years.

Entry Level: Primarily aimed at beginners and those with a less technical background, focusing on basic infosec skills and concepts.

  • Rot N encoding
  • Google Fu / OSINT
  • Examining website source code
  • Basic file analysis (eg. file, strings)
  • Trivia

Intermediate: Expect to begin taking a deep dive into the core categories by finding and exploiting vulnerabilities, cracking passwords, etc.

  • Extracting objects from Wireshark dump
  • SQL Injection
  • URL Fuzzing
  • Cracking password hashes (using john, Hashcat, etc)
  • Reverse Engineering and Disassembly

Hard: For our battle-hardened, seasoned CTF players which will challenge competitors to truly think outside the box, crack encryption, exploit binaries, and more.

  • Blacklist filter evasion for SQL Injection
  • Binary Exploitation (buffer overflows and more)
  • Cracking RSA Encryption
  • Multi-step OSINT investigation
  • Hardware

In addition, we are always looking for volunteers to help out with creating and testing all of the problems. If that interests you, please reach out to us at contact [at] metactf.com, and we’ll add you to the mailing list.

We are pleased to announce that CrowdStrike has sponsored the CTF this year!

Finally, good luck to everyone and we’ll see you in June!

 


RVAsec 7 After Party at The Circuit — Register Now!

The RVAsec 7 after party sponsored by Risk Based Security and GuidePoint Security, will be at The Circuit on Thursday, June 7th, after the conference!

Thu, June 7, 2018
5:30 PM – 7:30 PM

The Circuit is located at:

3121 W. Leigh St
Richmond, Virginia 23230

The Circuit is an arcade bar in the Scott’s Addition Beverage District of Richmond, VA. We have a growing family of 70 arcade games, pinball machines, and skeeball lanes, as well as a forever rotating 50-tap beer wall boasting both local and national favorites.

This is an exclusive event with limited availability, so you must be registered to attend and bring your RVAsec badge or you will not be allowed entrance–no exceptions!

Even if you have a ticket for RVAsec and said that you wanted to attend during the signup process, you MUST now registered for the party!

Register Now!

https://www.eventbrite.com/e/rvasec-7-after-party-tickets-45987727531



Josh Corman (@joshcorman) To Keynote RVAsec 2018!

 

Joshua Corman is a Founder of I am The Cavalry (dot org) and CSO for PTC. Corman previously served as Director of the Cyber Statecraft Initiative for the Atlantic Council, CTO for Sonatype, Director of Security Intelligence for Akamai, and in senior research & strategy roles for The 451 Group and IBM Internet Security Systems. He co-founded RuggedSoftware and IamTheCavalry to encourage new security approaches in response to the world’s increasing dependence on digital infrastructure. Josh’s unique approach to security in the context of human factors, adversary motivations and social impact has helped position him as one of the most trusted names in security. He also serves as an adjunct faculty for Carnegie Mellon’s Heinz College and on the Congressional Task Force for Healthcare Industry Cybersecurity.


RVAsec 2018 Speakers and Schedule Announced

We had many great submissions to the CFP this year! It was extremely hard but the CFP team has managed to select a great lineup for RVAsec 2018.

Thank you to everyone who submitted a proposal to the CFP –the review team had to make some tough decisions and we appreciate all the time and hard work that went into submitting.

Without further delay, here are the speakers for the RVAsec 2018!

For the full details and times for specific talks, please see the schedule page.

Ticket are selling quickly so if you haven’t now is the time to register if you haven’t yet!


Katie Moussouris (@k8em0) To Keynote RVAsec 2018!

We are pleased to announce that Katie Moussouris, CEO of, Luta Security will be keynoting RVAsec 2018!

Luta Security is a company offering unparalleled expertise to create robust vulnerability coordination programs. Luta Security specializes in governments and multi-party supply chain vulnerability coordination.

Ms. Moussouris recently testified as an expert on bug bounties & the labor market for security research for the US Senate, and has also been called upon for European Parliament hearings on dual-use technology. She was later invited by the US State Department to help renegotiate the Wassenaar Arrangement, which she successfully helped change the export control language to include technical exemptions for vulnerability disclosure and incident response.

She is a coauthor of an economic research paper on the labor market for bugs, published as a book chapter by MIT Press in 2017, and presented on the first system dynamics model of the vulnerability economy & exploit market in 2015, as part of her academic work as a visiting scholar at MIT Sloan School.

She has over 20 years of pioneering leadership in information security, as a former penetration tester at @stake , to creating Microsoft Vulnerability Research, the first MS Bug bounties, and advising the US Department of Defense for years resulting in the launch of the Hack-the-Pentagon program. She is also an author and co-editor of standards ISO 29147 Vulnerability disclosure and ISO 30111 Vulnerability handling processes.



RVAsec 2018 Registration Is Now Open!

Tickets for RVAsec 2018 are now on sale!

Early registration price is only $150 for two days of great speakers, food and beverages, t-shirt, swag, parking and more!

RVAsec’s base ticket price for 2018 is $175 and will be in place on 3/1–so don’t wait! And if that’s not enough incentive to purchase your tickets early, late registrations (after 4/21) will be $250!

Don’t forget all the things you get with registration, including 2 full days of talks, meals, snacks, drinks, reception, after party, prizes, a capture the flag contest, t-shirt & swag!

Once we sell out there will be no more tickets available.

So, to recap the conference prices:

  • $150 discounted price until 2/29
  • $175 regular price until 4/20
  • $250 late registration until 5/26
  • $350 super late registration until 6/1

If you are unable to attend due to the price, please contact us to discuss as we do have stipends available for students and also we have volunteer opportunities that provide a great way to get in for free!

Once again there will be no tickets sold at the door, and don’t forget that RVAsec has sold out every year–so don’t wait!

Register now!


RVAsec 2018 CFP is now open!

The call for papers for RVAsec 2018 is now open!

Click here to submit a talk to the CFP now!

Conference: June 7-8th, 2018

Location: Richmond, VA

CFP Submission Deadline: March 18th, 2017 at 11:59 PM Eastern


RVAsec is a Richmond, VA based security convention that brings top industry speakers to the midatlantic region. In its sixth year, RVAsec 2017 attracted 460 security professionals from across the country. For 2018, the conference is a two day and dual-track format, with a mixed focus on technical and management/business presentations.

All talks must be 50 minutes in length, and submissions will need to select either technical or business/management tracks.

Join us at RVAsec and enjoy the perks!

For more information and requirements, or to submit, please visit:

http://rvasec.com/2018-cfp/


RVAsec 2017 Videos: Robert Wood and Greg Pepper

Robert Wood
Maintainability + Security = <3 

 

 

Greg Pepper
Best Practices for Securing the Hybrid Cloud (Slides)