Category: Announcement

Help Choose The RVAsec Logo!

voteJune is fast approaching and we are in high gear planning RVAsec.  The CFP just closed and the committee is in the process of reviewing and choosing talks for this year.  We hope to publish the speaker selection very soon!

A quick reminder that you have until April 20th until ticket prices increase.  If you have not yet purchased your ticket, you might as well go ahead and get it done now:
http://rvasec.com/register/

This year we are having a contest to determine the logo design for the conference and shirts!   We did an initial first round of voting, and used that feedback to help improve the designs.

Now we need everyone to help us and vote on the logos!

Here is the link for the final round of RVAsec logo voting:
https://99designs.com/logo-design/vote-pewk3j

The poll will be open until the end of the week, and then we will choose the winning design.  Thanks everyone for your help, and please spread the link so we get as many votes as possible!


Wendy Nather (@RCISCwendy) To Keynote RVA5ec!

Wendy Bio PicWe are pleased to announce that Wendy Nather will be keynoting RVA5ec 2016!

Wendy Nather is Research Director at the Retail Cyber Intelligence Sharing Center (R-CISC), where she is responsible for advancing the state of resources and knowledge to help organizations defend their infrastructure from attackers. She was previously Research Director of the Information Security Practice at independent analyst firm 451 Research, covering the security industry in areas such as application security, threat intelligence, security services, and other emerging technologies.

Wendy has served as a CISO in both the private and public sectors. She led IT security for the EMEA region of the investment banking division of Swiss Bank Corporation (now UBS), as well as for the Texas Education Agency. She speaks regularly in locations around the world on topics ranging from threat intelligence to identity and access management, risk analysis, incident response, data security, and societal and privacy issues. Wendy is co-author of The Cloud Security Rules, and was listed as one of SC Magazine’s Women in IT Security “Power Players” in 2014. She is an advisory board member for the RSA Conference, and serves on the board of directors for Securing Change, an organization that helps provide free security services to nonprofit groups. She is based in Austin, Texas, and you can follow her on Twitter as @RCISCwendy.


Come one, Come all – It’s CTF 2016 time!

The RVAsec CTF team is beginning the setup and planning phase of the 2016 conference.  As many of you know, we pride ourselves with this CTF being an all-inclusive learning CTF and not just a ‘stump the chump / who’s the best engineer in the room’ kind of CTF. That said, we need volunteers to come up with fresh ideas, challenges, and setups that are both fun and informative. Additionally, we do want to provide a challenge for those who show up looking for one, so if you are a more advanced user or admin and have some killer challenges that can stump someone, we’ll need those too for the higher tiers.

Speaking of Tiers, we plan to have 3 or 4 tiers this year and they will be as follows:

Tier 1 -Beginner

This tier will comprise the majority of the challenges and points ideally. Challenges in this category should be purely beginner level challenges. Some examples of year past are:

 Connecting to SSH and copying part of the SSH key as the flag

 Looking in web page source code for the flag

 Trivia questions related to IT / Hacking History / Etc.

 Wireshark dumps of plain text authentications

 Port and/or device identification (that’s port 25, used for SMTP, running on a Raspberry pi, identified by its MAC OUI)

Tier 2 – Moderate

This is a moderate tier geared more towards people who digging deeper into Security and the different facets it includes as well as experienced Pentesters. Some examples from the past:

 XOR code samples with python

 Heartbleed exploit to retrieve login information

 Local privilege escalation to find the Flag

 SQL injection

 MS08-67 Exploits

 Brute force SSH or SFTP sites

 DFIR recovery and artifact location

Tier 3 – Hard

The hard tier, built mainly with ‘stump the chump’ challenges that are for the seasoned CTF player and people solely after winning prizes and spending the whole con in the CTF:

 Reverse engineering samples

 Malware C2 traffic Analysis

 Chained exploits

 Ghost services that have to fuzzed

 Firmware disassembly

Tier 4 – Hardware

Hopefully, we will be able to include various hardware challenges this year with the help of HackRVA as we have in the past, this tier will be specific to the Badges but we are always open to including other Hardware or IoT related challenges in at this level, so any idea, let us know!

So all that said – Come help out! If you are interested in assisting, please send an email to Mike Bailey and we’ll add you to the mailing list going forward as we begin to work it all out.

We are looking for a sponsor for the CTF, if you are interested please contact us to discuss!

Thanks and we will provide more updates as they happen!


RVA5ec Registration Is Now Open!

Tickets for RV45ec are now on sale!

Early registration price is only $125 for great speakers, food and beverages, t-shirt, swag, parking and more!

RV4sec’s base ticket price for 2015 is $150 and will be in place on 3/1–so don’t wait! And if that’s not enough incentive to purchase your tickets early, late registrations (after 4/21) will be $225!

Don’t forget all the things you get with registration, including 2 full days of talks, meals, snacks, drinks, reception, after party, prizes, a capture the flag contest, t-shirt & swag!

Once we sell out there will be no more tickets available.

So, to recap the conference prices:

  • $125 discounted price until 2/29
  • $150 regular price until 4/20
  • $225 late registration until 5/26
  • $350 super late registration until 6/1

 

If you are unable to attend due to the price, please contact us to discuss as we do have stipends available and volunteer opportunities are a great way to get in for free! Once again there will be no tickets sold at the door, and don’t forget that RV4sec has sold out every year–so don’t wait!

Register now!


RVAsec 2016 CFP is now open!

The call for papers for RVA5ec 2016 is now open!

Click here to submit a talk to the CFP now!

Conference: June 2-3rd, 2016

Location: Richmond, VA

CFP Submission Deadline: March 13th, 2016 at 11:59 PM Eastern


RVAsec is a Richmond, VA based security convention that brings top industry speakers to the midatlantic region. In its third year, RVAsec 2015 attracted 365 security professionals from across the country. For 2016, the conference is a two day and dual-track format, with a mixed focus on technical and management/business presentations.

All talks must be 55 minutes in length, and submissions will need to select either technical or business/management tracks.

Join us and enjoy the perks!

For more information and requirements, or to submit, please visit:

http://rvasec.com/2016-cfp/

 


RVAsec 2016 – June 2-3

We’re pleased to formally announce the dates for RVAsec!

RVAsec 2016 will be held on Thursday and Friday, June 2nd and 3rd at the Commonwealth Ballroom at VCU’s University Commons.

If you are interested in speaking, keep an eye out for a CFP announcement coming shortly!

 


RV4sec 2015 Recap

We have finally recovered from RV4sec and wanted to bring you a quick recap!  We sold 386 tickets this year, and was on par for attendance from the previous year.  It was great to see so many new faces this year and we hoped everyone had a great time.

What were thrilled to bring you:

  • RVAsec 6 pack cooler bag stuffed with swag
  • Capture The Flag with live bug hunting sponsored by UNOS!
  • RVAsec t-shirt with “Inside the Mind of the Hacker” logo designed by 14-year-old @AylaMadison
  • Post-con reception with adult beverages (and more food) with great Passport prizes
  • After party sponsored by Rapid7, GuidePoint and nVisium!

 

What to expect in the coming weeks:

  • Surveys should be sent out shortly, please take the time to provide us your valuable feedback
  • Slides will be posted
  • Videos will be posted to the RVAsec YouTube channel.
  • We hope to be able to post up a CTF recap as well

 

Thanks again to all our our speakers, sponsors and volunteers!

Next year, RVAs5c will be June 2-3, 2016.

See you next year.

Jake and Chris


After Party Update: Sponsored By Rapid7, Guidepoint and Nvisium!

We have a few quick updates about the after party brought to you by Rapid7Guidepoint and Nvisium have all come together to sponsor the RVAsec after party!

The after party will be held at The Vintage Room above Pearl Raw Bar on Thursday, June 4th at 6:30pm!

The event takes place shortly after day one of the conference ends–and it is a quick walk over so you can head right from VCU for some cocktails and food!

If you plan to attend, please register to ensure we have enough staff & space reserved!

https://www.surveymonkey.com/r/rv4sec-after-party

Event Details:

The Vintage Room is above Pearl Raw Bar. Please enter The Vintage Room to the left of the of the main entrance to Pearl.

Thursday June 4th 6:30pm-8:30PM (maybe longer!)
2229 West Main Street Richmond, VA 23220
(804) 353-2424

Google Maps Link

Thanks again to our sponsors for making sure RVAsec attendees will be well taken care of this year!

 

Rapid7 logo - web JPG

WebsiteLogo.png (184×96)

 

nvisium_logo

 

 


Silver Sponsor Feature: Sun Management

Sun Management

https://www.sunmanagement.net/

 

sun_m_logo

Sun Management is a dedicated group of sales and engineering professionals focused on introducing leading-edge, disruptive technologies to corporate and government organizations, providing solutions to their evolving IT security needs. Sun Management has served the Federal and Commercial DC Metro, MD, PA, VA, WVA markets for over 11 years.

 


CTF Update

We caught up with Nick Popovich from the RV4sec CTF team and he had some great information to share with us!

The RV4sec CTF is next week, and is going to be the most intense CTF the 804 has ever seen! Here’s what’s new and amazing this year. Also you’ll want to read on for some info that will aide you during the event.

New:

1). We have what most folks expect: the RV4sec CTF with new challenges and our smiling faces.

2). Bugcrowd will be onsite, and all LIVE, REAL vulns in the Bugrcrowd bug bounty system that CTF participants submit during the event will be checked on the spot. Points for the CTF will be awarded if the submitted bugs are accepted as valid by Bugcrowd.

3). GE has partnered with us and will have their Ghost Red CTF running with MANY amazing challenges (including hacking a simulated nuclear power plant). All points for Ghost Red will also be added to total RV4sec CTF score.

4). Last but certainly not least, the HackRVA folks have included CTF challenges in the RV4sec badges. That’s right, you can tinker with your badges and find “keys” or “flags” and submit those into the RV4sec CTF scoreboard for points.The scoreboard also has clues (for all the challenges).

Info:

There will be three systems that folks can register for that will count towards their total score for the CTF:

1). The RV4sec CTF scoreboard.
2). The Bugcrowd system via the Internet (click here for more info for Bugcrowd)
3). The GE Ghost Red CTF scoreboard

The Bugcrowd info linked to above has some values for “points” but that is for the Bugcrowd system only. We will be adjusting the point values for Bugcrowd vulns for the CTF to match our points system. But obviously, the harder/neater the vuln is to exploit, the more points you’ll get.

It is CRAZY important that in all the systems you choose THE SAME USERNAME, and append “_rvasec” without quotes to your username. I’ll say it again. CHOOSE SAME USERNAME IN ALL SYSTEMS and AND “_rvasec” without quotes to your username. if you don’t the points won’t be added up for all your hard work across the systems.

Example: If i want my username to be pipefish, I would put pipefish_rvasec in when creating accounts in all 3 systems.

I know some App Devs, DBA’s and IT folks are scowling now, asking why we don’t have API’s or some consolidated system that curates all the data from the three systems and shows a single leaderboard. To you I say… maybe next year 😉 This year, we have three systems, and that’s that.

We’ve got some rad prizes too including a OnePlus phone loaded with NetHunter courtesy of OffsecNetsparker licensesWiebeTech Forensic ComboDock v5, USB-WiFi-Premium KeyGrabber and a Yubikey NEO!