The after party sponsored by Rapid7 on Friday, May 31 will be held at The Tobacco Company! After the last talk of the day head over to Tobacco Company for food and drink provided by Rapid7 from 6:30 to 9:30.
Party time!
Forensics Class is Full–Others Still Available!
We’re sorry (and happy!) to report that the Forensics Readiness class is now full.
As a reminder, there are still seats available in our other classes on 5/30:
- Lock Picking
- SANS MGT432: Information Security for Business Executives
- Introduction to Malware Analysis
And don’t forget that registration ends on 5/15 and that there are only a few seats left in each class–so don’t wait to sign up!
Nexus 7 and Raspberry Pi To Be Raffled at RVAsec
Thanks to Risk Based Security we are pleased to announce that we will be raffling off a Nexus 7 and Raspberry Pi at RVAsec! Thanks to our friend’s great work over at Pwnie Express both of these devices can be converted to a Pwn Pad and Raspberry Pwn, respectively.
Don’t forget that registration ends on 5/15.
RVAsec Update
RVAsec will be held on Friday and Saturday, May 31st and June 1st at the Commonwealth Ballroom at VCU’s University Commons. Training classes will be held on Thursday, May 30th.
The conference is only $75 and includes two days of talks, electronic badges from hack.rva, breakfast/lunch/snacks, more coffee this year, swag bag, parking at VCU, two receptions and an after party sponsored by Rapid7!
The 5/15 deadline is rapidly approaching (and we ordered more badges so they are still available)–so register now! Due to catering demands we cannot take any registrations onsite or after the deadline.
On Thursday 5/30 we have four training classes available at the lowest prices we can swing: Lock Picking with Schuyler Towne, Forensics Readiness with Glenn Dardick, SANS Information Security for Business Executives with Chip Greene, and Introduction to Malware Analysis with Tyler Hudak. Classes are almost full, if you are considering a class please register now!
RVAsec 2013 Speaker Lineup (Schedule)
Chris Wysopal – Keynote
Donald Allison
Rockie Brockway
Colby Clark
Gus Fritschie & Andrew Du
Adam Ely
Dan Han
Dan Holden
Schuyler Towne
Paul Watson
Alex Hutton – Keynote
Itzik Kotler
Barry Kouns
Brian Lockrey
Sean Mason
Daniel Ramsbrock
Mike Shema
Boris Sverdlik
Ben Tomhave
Schedule is posted!
We have posted the schedule and are very pleased to have such amazing speakers sharing their knowledge with us!
So you can plan your day at RVAsec we have posted the schedule here:
http://rvasec.com/schedule/
Full speakers bios and talk abstracts can be found here:
http://rvasec.com/speakers/
We will post the rooms for each session as the conference gets closer.
RVAsec Capture The Flag Update!
The RVAsec Capture The Flag (CTF) is getting close. The details below are meant to ensure participants are prepared for it! We’re excited to invite anyone and everyone who is interested in learning and exploring different IT/infosec tools and techniques in hands-on, practical exercises, to join us.
WHEN: 06/01/2013 – 10am-2pm. The exact time is subject to change but it will be on Saturday.
WHERE: We will have a table at the conference. You must be a registered conference attendee to participate.
WHO: Living humanoid-ish… seriously, this is for everyone from hobbyists, sys/net admins, infosec pros, tinkerers, makers, fixers and breakers… come out and play. We’ll all teach, learn and grow together!
WHAT TO DO:
-
DO bring a network-enabled laptop.
-
DO have the ability to run Backtrack 5r3 (http://www.backtrack-linux.org/downloads/), Pentoo (http://www.pentoo.ch/) or Kali Linux (http://www.kali.org/) either as a virtual machine, from bootable media (CD/DVD flash drive), or installed as your OS. Most of the scenarios in the CTF can be completed with the tools within these security-centric Linux distributions. Not a requirement, per se, but a BIG recommendation.
-
DO understand that the CTF network is a closed private network, and will not have Internet access. CTF Participants will have the ability to connect to a separate guest wireless network with Internet access for research, tool downloads, etc., during the event, but will have to disconnect from the CTF network to do so.
-
DO listen to and respect any instructions and guidance provided at the event. We want to provide an environment that is conducive to learning, tinkering, exploring and having a good time.
WHAT NOT TO DO:
-
DON’T use words or phrases like “irregardless”, “all of the sudden”, “cybergeddon” or “cyber Pearl Harbor”.
-
DON’T feed or pet any of the conference organizers or volunteers.
-
DON’T attack any other CTF participants or any VCU devices (logically, physically or emotionally).
Pre-Register: If you plan to participate in the CTF we ask that you pre-register here: http://securabit.com/ctf/ for administrative purposes. The first 20 people will receive a free 8GB USB 3.0 Flash Drive! (You have to show up and participate!)
Sponsor: We are still seeking sponsors to help with the CTF costs. If you are interested or know someone that would be willing to support the CTF please contact sponsors@rvasec.com
Hope to see you there! If you have any questions please let us know!
Training: Introduction to Malware Analysis
We are pleased to announce that we are offering Introduction to Malware Analysis. The class will be taught by Tyler Hudak, and held on Thursday, May 30th before the conference. The class will cost of $250.
Due to the prevalence and business impact of malware, security professionals increasingly need the skills necessary to analyze worms, bots and trojan horses. This one day course will walk attendees through the concepts, techniques and processes for analyzing malware. Students will take a “from-the-wild” malware sample in a hands-on environment and learn how to analyze its characteristics and behavior to determine what it does and the risk it presents.
For more information on the class and the instructor, or to register, please see: http://rvasec.com/malware/
Training: SANS MGT432: Information Security for Business Executives
We are pleased to announce we are offering the SANS MGT432 class called Information Security for Business Executives. The class will be taught by Charles (Chip) Greene, and held on Thursday, May 30th before the conference. The class will be offered at a discounted cost of $600.
This is a one day version of Management 512: SANS Security Leadership Essentials Class. Designed for InfoSec Managers, Directors, and Senior Leaders (VPs, COO, CEO) looking to learn the fundamentals of information security at a 30,000 foot view.
Just a few of the main topics are as follows:
- How to understand what the security folks are trying to tell you
- The Four Phases of Security Tasks
- Cryptography, Wireless and Software Security
- Managing Vulnerability Situational Awareness
- Awareness/Training and Privacy
- Incident Response
- Response BCP/DR/Crisis Management
- Securing Virtualized Environments
For more information on the class and the instructor, or to register, please see: http://rvasec.com/infosecforbusiness/
Hack.RVA to do badges again this year!
We are pleased to officially announce that Hack.RVA will be making badges for RVAsec again this year! In order to be GUARANTEED that you get a cool badge you MUST be registered by 4/1. We spoke with Jamie Duncan about the badges:
(RVAsec) The badges were a huge hit at last year’s at RVAsec. Can you tell us a little about them?
(Jamie) We had an incredible time getting together! Last year was our first effort as a group at a project of that size (we delivered 105 badges that morning!). They were pretty simple devices, with a small LCD and four buttons for inputting text and finding little easter eggs hidden around certain keywords. We had the circuit boards printed up, and then built them out ourselves in addition to writing the firmware that was running on them.
(RVAsec) What did you learn from doing the badges last year?
(Jamie) Time is your greatest enemy. Hack.RVA is an all-volunteer effort that is incredible in the respect that we have a large base of willing people who use these badges and a teaching and learning experience. It can get tricky when the more experienced users have to work late or lives simply get in the way. But that is honestly one of the fun things about hack.rva, or any other Open Source – style project.
(RVAsec) What are the plans for the badges this year?
(Jamie) In a word, Crazy. There is no comparison with what we were able to do last year. We started the design process just after the new year, and have gone through 7 (at least) development revisions and prototypes. We are building them almost 100% in house. We’ll be etching the circuit boards, building and testing the components, and even doing the graphics work to make this year’s badges more easily identifiable. A huge effort, and wrapping it up is going to a blast. Spear-heading our board design has been one of our ‘senior hackers’, Paul Bruggeman. While that has been going on one of our youngest hackers, Morgan Stuart (VCU Senior) has been working on the initial firmwares with Paul’s help (among others).
(RVAsec) Do you plan to make them interactive?
(Jamie) MASSIVELY. This year’s edition will have the ability to send and receive communications, be touch sensitive, and communicate to the world in two completely new ways as compared to last year.
(RVAsec) If someone wanted to hack them, what would they need to do?
(Jamie) That’s the best part. These are designed to be hacked. We want, and plan on you to hack them to do all sorts of things. To get started? Simply plug it into the usb port on your laptop. 🙂
(RVAsec) Can you give attendees any other hints about the badges?
(Jamie) Secrets!? While there are no secrets (these will be fully open source hardware and software projects), we want the users to find all of the little games and tricks and easter eggs we have planned for them. Isn’t that half the fun?
(RVAsec) When do you need to know the number of badges we need?
(Jamie) ASAP. We’ve been spec’ing out prices @200/300. The final BOM has a few tweaks, but it’s close.
(RVAsec) Anything else?
(Jamie) Thanks again to RVASec for allowing a group like hack.rva the incredible fun of essentially doing whatever we want to come up with something awesome for the conference attendees and staff.
Due to the badges be custom made we have to place an order for parts in the next few weeks. In order to be GUARANTEED that you get a cool badge you MUST be registered by 4/1. Yes, APRIL FOOLS DAY. This is no joke–if you are not registered by 4/1 then you run the risk of getting not getting one of these amazing badges. Seriously, last year we had to print up “I registered late for @RVAsec & all I got was this lame paper badge with string”. Don’t be that person.
Thanks to Hack.RVA members for all of their efforts. Please help us in the planning efforts by registering prior to 4/1.
Alex Hutton and Chris Wysopal to Keynote RVAsec!
We are pleased to announce that Alex Hutton and Chris Wysopal will be keynoting RVAsec 2013!
Alex Hutton
Alex Hutton is a big fan of trying to understand security and risk through metrics and models. Currently, Alex is the Director of Technology and Operations Risk Management for a top 25 bank. A former principal for Research & Intelligence with the Verizon Business RISK Team, Alex also helped produce the Verizon Data Breach Investigation, the Verizon’s PCI Compliance report, was responsible for the VERIS data collection and analysis efforts, and developed information risk models for their Cybertrust services. Alex is the veteran of several security start-ups. Alex likes risk and security so much, he spends his spare time working on projects and writing about the subject. Some of that work includes contributions to the Cloud Security Alliance documents, the ISM3 security management standard, and work with the Open Group Security Forum. Alex is a founding member of the Society of Information Risk Analysts (http://societyinforisk.org/), and blogs for their website and records a podcast for the membership. He also blogs at the New School of Information Security Blog (http://www.newschoolsecurity.com). Some of his earlier thoughts on risk can be found at the Riskanalys.is blog (http://www.riskanalys.is).
Chris Wysopal, CTO, Veracode
Veracode’s CTO and Co-Founder, Chris Wysopal, is responsible for the company’s software security analysis capabilities. In 2008 he was named one of InfoWorld’s Top 25 CTO’s and one of the 100 most influential people in IT by eWeek. One of the original vulnerability researchers and a member of L0pht Heavy Industries, he was one of the authors of L0phtCrack, the Windows password auditing program and the author of Netcat for Windows. Chris has testified on Capitol Hill in the US on the subjects of government computer security and how vulnerabilities are discovered in software. He is the author of “The Art of Software Security Testing” published by Addison-Wesley and has published several major security vulnerabilities in Lotus Notes, Microsoft Windows and Cold Fusion.