Author: rvasadmin

RV4sec 2015 Recap

June 11, 2015
AnnouncementConference

We have finally recovered from RV4sec and wanted to bring you a quick recap!  We sold 386 tickets this year, and was on par for attendance from the previous year.  It was great to see so many new faces this year and we hoped everyone had a great time.

What were thrilled to bring you:

  • RVAsec 6 pack cooler bag stuffed with swag
  • Capture The Flag with live bug hunting sponsored by UNOS!
  • RVAsec t-shirt with “Inside the Mind of the Hacker” logo designed by 14-year-old @AylaMadison
  • Post-con reception with adult beverages (and more food) with great Passport prizes
  • After party sponsored by Rapid7, GuidePoint and nVisium!

 

What to expect in the coming weeks:

  • Surveys should be sent out shortly, please take the time to provide us your valuable feedback
  • Slides will be posted
  • Videos will be posted to the RVAsec YouTube channel.
  • We hope to be able to post up a CTF recap as well

 

Thanks again to all our our speakers, sponsors and volunteers!

Next year, RVAs5c will be June 2-3, 2016.

See you next year.

Jake and Chris

Mobile Schedule

June 4, 2015
Uncategorized

As  reminder, the RV4sec schedule is available in regular and mobile!

CTF Update

June 1, 2015
AnnouncementCTF

We caught up with Nick Popovich from the RV4sec CTF team and he had some great information to share with us!

The RV4sec CTF is next week, and is going to be the most intense CTF the 804 has ever seen! Here’s what’s new and amazing this year. Also you’ll want to read on for some info that will aide you during the event.

New:

1). We have what most folks expect: the RV4sec CTF with new challenges and our smiling faces.

2). Bugcrowd will be onsite, and all LIVE, REAL vulns in the Bugrcrowd bug bounty system that CTF participants submit during the event will be checked on the spot. Points for the CTF will be awarded if the submitted bugs are accepted as valid by Bugcrowd.

3). GE has partnered with us and will have their Ghost Red CTF running with MANY amazing challenges (including hacking a simulated nuclear power plant). All points for Ghost Red will also be added to total RV4sec CTF score.

4). Last but certainly not least, the HackRVA folks have included CTF challenges in the RV4sec badges. That’s right, you can tinker with your badges and find “keys” or “flags” and submit those into the RV4sec CTF scoreboard for points.The scoreboard also has clues (for all the challenges).

Info:

There will be three systems that folks can register for that will count towards their total score for the CTF:

1). The RV4sec CTF scoreboard.
2). The Bugcrowd system via the Internet (click here for more info for Bugcrowd)
3). The GE Ghost Red CTF scoreboard

The Bugcrowd info linked to above has some values for “points” but that is for the Bugcrowd system only. We will be adjusting the point values for Bugcrowd vulns for the CTF to match our points system. But obviously, the harder/neater the vuln is to exploit, the more points you’ll get.

It is CRAZY important that in all the systems you choose THE SAME USERNAME, and append “_rvasec” without quotes to your username. I’ll say it again. CHOOSE SAME USERNAME IN ALL SYSTEMS and AND “_rvasec” without quotes to your username. if you don’t the points won’t be added up for all your hard work across the systems.

Example: If i want my username to be pipefish, I would put pipefish_rvasec in when creating accounts in all 3 systems.

I know some App Devs, DBA’s and IT folks are scowling now, asking why we don’t have API’s or some consolidated system that curates all the data from the three systems and shows a single leaderboard. To you I say… maybe next year 😉 This year, we have three systems, and that’s that.

We’ve got some rad prizes too including a OnePlus phone loaded with NetHunter courtesy of OffsecNetsparker licensesWiebeTech Forensic ComboDock v5, USB-WiFi-Premium KeyGrabber and a Yubikey NEO!

Win Amazing Things With Passport for Prizes!

June 1, 2015
Announcement

After last year was such a great success, we are brining back Passport For Prizes again this year!

Each attendee will receive a Passport at registration. If you want to play, then you must visit each sponsor table on the passport and obtain a signature, initials or stamp on your Passport–you must complete the entire Passport (yes, including contact information) in order to be eligible for the prize drawings, which will be held at the reception on Friday. You must be present at the reception to win.

What can you win?

  • Exclusive RV4sec speaker beer mugs (set of 2) provided by richSEC
  • Not just one, but two “Mystery Bags Of Shit” provided by richSEC (in honor of Jericho – this prize also comes with peer pressure to blog about the contents!).
  • $100 gift card provided by Sunera
  • Beats Headphones – Red – Solo HD Special Edition provided by Trend Micro
  • GoPro provided by SLAIT Consutling
  • Toucan Wireless Bluetooth Speaker provided by Rapid7
  • GoPro Hero 3 provided by Netskope
  • $100 Visa Card provided by CORE Security
  • $100 Amazon Gift Card provided by Pulse Secure
  • Visual Land Prestige Elite 9″ Tablet 8GB Quad Core & Keyboard Case provided by Capitol Technology University
  • Fitbit Charge HR™ Wireless Heart Rate + Activity Wristband provided by Bit9

RV4sec Registration Is Now Closed!

May 31, 2015
Announcement

We are pleased to announce that RV4sec 2015 registration is now closed and we look forward to a great event! In the coming days we will provide some additional information about the conference to everyone registered.

There is a bit more time left to register for the training classes but act fast!

See you soon!

Last Week To Register & Sell Out Risk High!

May 27, 2015
Announcement

There are only a few days left to get tickets for RVAsec, and remember we will not be selling tickets at the door!

And if that’s not enough incentive to purchase your tickets right this second, and you still want to attend you better think about pulling the trigger soon as we are reaching our capacity for this year!

We do have plenty of space left for training and suggest you take advantage of this great opportunity to attend classes locally in Richmond at affordable prices!

What to expect at RVAsec:

  • RVAsec bag stuffed with swag
  • Capture The Flag with live bug hunting!
  • RVAsec t-shirt with “Inside the Mind of the Hacker” logo designed by 14-year-old
  • Post-con reception with adult beverages (and more food) on Friday
  • After party sponsored by Rapid7, GuidePoint and nVisium!

Training Feature: Integrating Computer Forensics with Incident Response

May 27, 2015
Training

Our everyday life depends on a stable and safe cyberspace. However, cybercrime threatens this arena and is one of the fastest growing areas of crime. Today almost every criminal, or civil, case has an element of electronic evidence.

However, protecting evidence of a crime takes different skill sets than performing an incident response. Understanding how to identify when an incident is now a potential litigation issue, and performing the proper methodology, is key to having the evidence admitted into court.

Join instructor, Gregory Bell, at his course as he will introduce you to computer forensics, both its fundamentals and the best practices for incident response. You will learn to understand the legal aspects of computer forensics, as well as its relationship to the Information Technology field. Hands-on projects will give you the tools and techniques you will use to perform a full computer forensic investigation.

For more information you can see the details here:
http://rvasec.com/integrating-forensics-ir/

RV4sec 2015: Ticket Transfers & Cancellations

May 26, 2015
AnnouncementTraining

Did you know you can transfer an RVAsec ticket to a co-worker or friend directly in Eventbrite?

Log in to your account and go to My Tickets (you may need to create an account using the email address you registered).

Then you can view your Current Orders (select RVAsec), and “Edit details” for the ticket. Changing the “Contact Information” will update the name of the person registered to check in at the conference. You can also change the questions asked at registration, which will help us plan for parking, catering and other items.

Also, please note that no refunds for training or the conference will be issued after May 26th.

RV4sec 2015 Badge Build

May 15, 2015
AnnouncementBadges

Paul Bruggeman from HackRVA provided us with an update on the badges!

Badge Design

Badge2015-1

 

The printed circuit board, or PCB, is the backbone of any circuit board. It supplies the physical strength and fundamental wiring for the board. It also determines the minimum size.

 

The circuit design artwork is Badge2015-2drawn, usually with special software but hobbyists sometimes just draw them by hand. The gEDA software suite has a component called “pcb” that was used to draw the badge.

 

Badge Etching

Badge2015-3

 

 

The PCB board is fiberglass-reinforced epoxy laminated with a thin copper sheet which is etched away using ferric chloride to recreate the artwork.

 

 

 

 

One goal of this year’s badge was to use a professional process to cover the Badge2015-4boards with the acid resist. Attempts last year worked but were not consistent.

 

 

 

 

Badge Cutting

Badge2015-5

 

 

Once the boards are etched they have to be cut down to final size. PCBs are tough material to cut.

 

 

 

The addition of a sheet metal cutter this year has made it much easier to do.Badge2015-6 The steel blade is 1/2″ thick and the whole thing weighs 60 lbs!

 

 

 

 

 

 

Badge Parts

Badge2015-7

 

With the boards cut down, the next process is to put the surface mount parts on. Most of the 50+ parts are surface mount. This means they have no wires to solder, because they have metals pads that melt and attach when heated to 510F degrees.

 

The process of installing the parts is called “pick and place.” Not very Badge2015-8complicated, but it can be tedious to do, especially 350 times!

 

 

 

 

 

 

Badge pick+place

Badge2015-9First a solder paste containing thousands of beads of tin is drawn across a stencil that leaves the sticky grey paste where the parts will be placed. This stencil is etched copper foil. Stencils can also be plastic or steel.

 

The board then makes its way down the volunteer assembly line where parts Badge2015-10are carefully placed on the solder paste. We have had the help of over a dozen HackRVA people so far this year.

 

 

Badge Cooking

Badge2015-11The solder paste has to be melted or “re-flowed” to electrically connect the parts to the PCB. This currently is not very hi-tech: $20 donated ovens.  A volunteer last year built a micro- controlled unit but the heating element died on it.

 

The manual ovens require attention. Failures are usually of the distracted Badge2015-12human type. We had a board last year survive a 5-hour session underneath the oven, and it worked fine–though it looked like burnt toast!

 

 

Badge Wrap-up

Badge2015-13

 

The last things to go on are the hand- soldered parts: infrared transmitter and receiver, piezo buzzer, USB connector, USB detection wire, and the LCD panel.

 

 

 

 

If you plan on doing any software development we recommend the reset Badge2015-14button option (red in picture) which can be soldered across the middle and far right pin on the lower center 5-pin programming header.

 

 

 

 

Design: Paul, Morgan

Electronics: Paul

Coordinator: Morgan

Etch: Paul, Jon, Aaron

Pick+place: Jon, John, Bill, John, Yijie, Sidney,

Thad, Tony (so far)