We are pleased to debut our new RVAs3c 2014 logo by Mar (@spux)!
The T-shirt Mar made is amazing, but we’ll be keeping that one under wraps just a bit longer…
RVAs3c 2014 Logo
David Kennedy to Keynote RVAsec!
We are pleased to announce that David Kennedy will be keynoting RVAs3c 2014!
David is the Founder and Principal Security Consultant for TrustedSec, who provides information security consulting services for a large portion of the Fortune 1000 space as well as medium-sized companies. Prior to TrustedSec, David was a Chief Security Officer (CSO) for Diebold Incorporated, a Fortune 1000 company located in over 80 countries with over 16,000 employees. David developed a global security program that tackled all aspects of information security. David is considered a thought leader in the security field and has presented at over three hundred conferences worldwide.
David has had numerous guest appearances on Fox News, CNN, CNBC, Huffington Post, Bloomberg, BBC, The Katie Show, and other high-profile media outlets. David is the founder of DerbyCon, a large-scale information security conference. David has testified in front of Congress on multiple occasions on the threats we face in security and in the government space.
David also co-authored Metasploit: The Penetration Testers Guide, which was number one on Amazon in security for over a year. David was also one of the founding members of the “Penetration Testing Execution Standard” (PTES). PTES is the industry leading standard and guideline around how penetration tests should be performed. David has had the privilege to speak and keynote at some of the nations largest conferences.
David is the creator of several widely popular open-source tools including “The Social-Engineer Toolkit” (SET), Artillery, and Fast-Track. David has also released several zero-day exploits and focuses on security research. David has over 14 years of security experience, with over 9 specifically in security consulting. Prior to the private sector, David worked in the United States Marines for cyber warfare and forensics analysis activities.
David also recently testified before the US Congress about the security of the healthcare.gov web site.
RVAsec CTF: What to expect this year!
Last year RVAsec had its first CTF and it was a huge success. The team has been planning to make the event this years even better and have a lot in store. We caught up with Chris Gerling to get some information on what to expect this year.
(RVAsec) The CTF was aimed to be a bit of a different take than normal and huge hit at last year’s at RVAsec. Can you tell us a little about it?
Chris: We wanted to build an “Everyman” CTF, which allowed people from all skill levels and professions to participate and learn. Our goal was education, and to give people a platform for that to happen on. The trick was balancing easy challenges with medium and very difficult as well, giving everyone a challenge without making them feel too confused. We believe it worked very well.
(RVAsec) How many people participated? How did the RVAsec attendees do with the CTF?
Chris: 37 people ended up participating and nearly all scored on at least one challenge. It was really awesome to see people learning and solving problems, and even surprising themselves with what they could figure out.
(RVAsec) What were some things that you learned from last year?
Chris: We learned that the registration process needs to be cleaner, and we need to do a better job of keeping track of people for giving our prizes. It’s also going to be beneficial to have the event more organized with goals we want to hit in terms of announcements, at every stage of the event.
Hardware wise, we’re using a smaller machine that doesn’t weigh as much. The AP we used, which was a WNDR4500 held up well, but we’re going to augment that this year and look into providing wired access.
(RVAsec) What are the plans for the CTF this year?
Chris: We plan on offering a similar style CTF, with a tiered approach. Possible additions are a more robust story line, and a free 1 hour seminar for brand new participants who have never done a CTF before.
(RVAsec) If someone wanted to participate, what would you recommend they do to prepare?
Chris: There are a plethora of tutorials available on youtube and securitytube. There are also challenges available at https://www.honeynet.org/
(RVAsec) Can you give attendees any hints or teasers about the CTF?
Chris: Only if you bring us some beer. 😉 We’ll actually be releasing some teasers once we’ve got more content built out in the coming weeks!
(RVAsec) How do people sign up to participate?
Chris: You can register for the CTF when you purchase your ticket for RVAsec, or directly on the SecuraBit web site.
(RVAsec) Do you need any help? If so, what and how can people or companies help out?
Chris: We can always use help in creating this. We’re really ramping up over the next few weeks and starting to build things. If you want to build a challenge, or have any content at all you want to contribute, we definitely need that. If you’re really motivated and want to push on us all to do the best job we can, we’d love to have you on the team.
Sponsors are welcomed if any want to donate prizes to give away. We will give you a shout out and display your logo on the scoreboard.
(RVAsec) Anything else?
We can’t wait to see people learn again, and are very grateful to have a place to put this event on in RVAsec! If you want to get involved, have questions or want to sponsor please contact us at ctf@securabit.com
Training: Networking for Pentesters
We are pleased to announce that Rob Fuller (Mubix) will be teaching Networking for Pentesters. The class we be held on Thursday, June 4th before the conference and will cost $199.95.
Training classes are held on Thursday, June 4th, before the conference. This class will cost $199.95.
Networking for Pentesters
This is an introductory class into specific protocols and technologies
that are used on corporate networks around the world, focusing on the
point of view of an attacker. This class will cover things like how DNS, HTTP, SMTP and other basics of networking, then move on to “Layer 7” with
IIS/Sharepoint, VPNs, Windows Active Directory, and Unix services.
For more information on the class and the instructor, or to register, please see:
Training: The Secrets of Security with the OSSTMM
We are pleased to announce that Pete Herzog, the creator of the OSSTMM (Open Source Security Testing Methodology Manual) will be joining us at RVAs3c to teach a class on OSSTMM!
Training classes are held on Thursday, June 4th, before the conference. This class will cost $250.
The Secrets of Security with the OSSTMM
Get key insights from the very latest version of the Open Source
Security Testing Methodology Manual (OSSTMM). Discover gems of
knowledge that can greatly expand your view of security. Learn how and
where to apply this methodology in a practical and efficient way. Then
get your hands dirty on trying it out.
For more information on the class and the instructor, or to register, please see:
Training Class: Lockpicking & Lock Forensics
Back by popular demand, RVAs3c is pleased to announce the training class Lockpicking with Schuyler Towne! This year’s class will also offer new content on Lock Forensics!
Training classes are held on Thursday, June 4th, before the conference. This class will cost $250.
Lockpicking & Lock Forensics
This workshop is based around understanding both how to pick locks and how to analyze the evidence picking leaves behind. We will explore myriad methods of entry on basic pin tumbler locks, then, after each method is fully understood, we’ll place the components of the locks you’ve opened under a high-definition microscope and explain how to interpret the tool marks you have left behind.
The methods of entry covered will include:
- Single-pin picking
- Raking
- Percussive attacks (pick guns/bumping)
- and Impressioning
At the end of the workshop we’ll test your new knowledge by examining a few lock examples I’ve brought along under the microscope and analyze them together.
For more information on the class and the instructor, or to register, please see:
RVAsec tickets on sale now for $50
The base ticket price for RVAs3c is $100. However, until 3/14 all registrations will be half off–only $50!
For the last two years RVAsec has brought the best speakers to Richmond, kept attendees fed and watered, and ensured everyone had a great time for the lowest possible cost. Despite selling out both conferences, the large number of late registrations is a serious problem and adds to conference costs. So this year we are trying something different & raising the base price a little, but offering a deep discount to encourage early registration,
And if that’s not enough incentive to purchase your tickets early, late registrations (after 5/17) will be $150!
Don’t forget all the things you get with registration, including 2 full days of talks, parking, meals, snacks, drinks, reception, prizes, a capture the flag contest, t-shirt & swag!
So, to recap the conference prices:
- $50 discounted price until 3/14
- $100 regular price until 5/16
- $150 late registration until 5/30
Once again there will be no tickets sold at the door, and don’t forget that RVAs3c has sold out every year–so don’t wait!
Register now!
RVAs3c Badge Preview
For the first two years of RVAsec, our friends at hack.rva have come up with two awesomely interactive badges for attendees. Planning for the 2014 badge started right after the 2013 conference, and since June is coming quickly we caught up with Morgan Stuart to get some info on what they are planning.
The 2013 badges were a huge hit–can you tell us a little about them?
2013 RVAsec Badges
Morgan: Last year’s design focused on a large feature set. The badge included 8 LEDs, infrared transmitter and receiver, piezo buzzer, 3D printed button, and it even had USB support. This meant that these badges could talk back and forth to each other wirelessly, you could tap, turn, and shake for input, and you could plug it up to your laptop and compose some tunes with your keyboard. The “game” on the badge consisted of seven stages, where we progressively introduced a new feature of the badge in some puzzle. By the second day, we had many people’s badges partaking in the “game of death.” Your badged counted down your health with the LEDs (in base 2 of course), forcing you to scavenge for food. HackRVA’s table had a beacon on it that would occasionally emit some “food” over IR, but most importantly you could attack other players. When a player died, they’re respawn downtime included about a minute of transmitting food to nearby players. Eventually we introduced a patient zero for “zombie mutation” (thanks Ron) and things got pretty crazy.
The badges did get a little annoying making noise the whole time. What were some thing that you learned from last year?
Morgan: There was a lot we took away from last year’s experience. Most important is getting the manufacturing of these devices down tight. We ran into a lot of unforeseen problems that we are trying to avoid by starting early with refined processes. Still, there are plenty of areas that could use improvement. For instance, the past few weeks we’ve been working out a photo etching method. It still needs work, but it will remove a lot of difficult-to-control variables that last year’s toner-transfer method had. There was also quite a bit of difficulty getting the accelerometer soldered on the board correctly, this lead to about half the badges not having an accelerometer, which was a big let down for everyone. We’re avoiding these kinds of small and sensitive components this year.
The design’s other biggest limitation was the restricted user I/O; we don’t think a button and accelerometer were enough input and the 8 LEDs with piezo could only say so much. We want interfacing with the badge to be enjoyable and intuitive, not frustrating or complex.
Due to the issues manufacturing last year, much of our focus was put on getting our hardware numbers up late in the build. The badges we ended up with had a great hardware feature set, but we just didn’t quite have the time we needed to fully exploit them with the software. HackRVA’s space has grown a lot in the last year, and we have some new and very responsible members who can help lift some of the weight off our shoulders when it comes to managing the fabrication of all this year’s boards. This means more time for software.
The good news about last year’s badge was that a lot things worked very well. Our design of the software and hardware was really founded on getting the attendees to interact with one another and we felt it did that in a big way. The badge became a great avenue to spark up a conversation or just geek-out with someone. Oh, and we’ll be sure to have a way to turn the sound off this year.
What are the plans for the badges this year?
Morgan: I first want to say that this year’s badge has again been redesigned from the “copper up,” but it’s undoubtedly the successor to last year’s badge. The badge games will again focus on getting the attendees to interact and think. Using them will be a whole lot of fun.
If someone wanted to hack or modify them, what will they need to do?
Morgan: Last year you needed a PicKit to modify the firmware–this is a piece of hardware that can cost as much as $30 or $40 for older versions. This year, we are aggressively pursuing a boot loader option which means you’ll simply need a USB cable and some free (as in beer) software to hack away.
Can you give attendees any other hints or teasers about the badges?
Morgan: One of the earliest changes we had in mind has really forced us to rethink the design and placement of every component. I won’t say much else other than we think lanyards are pretty lame…
Anything else?
Morgan: We would like to thank everyone at RVAsec, including Jake and Chris, for letting us do this these past few years. It’s challenging, but a whole lot of fun.
Thanks Morgan, we look forward to seeing this year’s badges!
If you are interested in helping out hack.rva with the badges, software or hardware, they have Thursday night open houses. More information can be found at http://hackrva.org/.
RVAsec 2014 CFP is now open!
The call for papers for RVAsec 3 is now open!
Conference: June 5-6th, 2015
Location: Richmond, VA
CFP Submission Deadline: February 14th, 2014 at 11:59 PM Eastern
RVAsec is a Richmond, VA based security convention that brings top industry speakers to the midatlantic region. In its second year, RVAsec 2013 attracted 265 security professionals from across the country. For 2014, the conference is a two day and dual-track format, with a mixed focus on technical and management/business presentations.
All talks must be 55 minutes in length, and submissions will need to select either technical or business/management tracks.
Join us and enjoy the perks!
For more information and requirements, or to submit, please visit:
If you are interested in running a training class on June 4th, please email us at info@rvasec.com with the following information:
1) Title Of Class
2) Overview of Class:
3) Instructor:
4) Instructor Bio:
5) Class Size:
6) Student Prerequisites:
7) Proposed Cost / Amount Required Per Student: