Category: Announcement

Pwn Plug Elite To Be Raffled at RVAsec!

May 10, 2013
AnnouncementConference

We are pleased to announce that we will be raffling off a Pwn Plug Elite at RVAsec!  For those that attended last year, you most likely are aware of what the Pwn Plug is since Dave and the Pwnie Express team provided us a few to raffle off.  But this year they have upped the stakes big time and provided the Pwn Plug Elite which is valued at $995.

Pwn Plug Elite
The industry’s first enterprise-class penetration testing drop box. Through its innovative, patent-pending design, the Pwn Plug covers the entire spectrum of a full-scale pentesting engagement, from physical-layer to application-layer.

  • Includes all release 1.1 features
  • Includes 4G/GSM cellular, Wireless (802.11b/g/n), high-gain Bluetooth, & USB-Ethernet adapters
  • Fully-automated NAC/802.1x/RADIUS bypass!
  • Out-of-band SSH access over 4G/GSM cell networks!
  • Text-to-Bash: text in bash commands via SMS!
  • Simple web-based administration with “Plug UI”
  • One-click Evil AP, stealth mode, & passive recon
  • Maintains persistent, covert, encrypted SSH access to your target network
  • Tunnels through application-aware firewalls & IPS
  • Supports HTTP proxies, SSH-VPN, & OpenVPN
  • Sends email/SMS alerts when SSH tunnels are activated
  • Preloaded with Debian 6, Metasploit, SET, Fast-Track, w3af, Kismet, Aircrack, SSLstrip, nmap, Hydra, dsniff, Scapy, Ettercap, Bluetooth/VoIP/IPv6 tools, & more!
  • Unpingable and no listening ports in stealth mode
  • Includes 16GB SDHC card for extra storage
  • Includes stealthy decal stickers

 

The included unlocked 4G/GSM adapter is:

  • Compatible with SIM cards from AT&T, T-mobile, Vodafone, Orange, and GSM carriers in over 160 countries
  • HSDPA/UMTS (850/1700/1900/2100MHz)
  • GSM/GPRS/EDGE (850/900/1800/1900MHz)

 

Don’t forget to register by 5/15 to make sure you get a chance to win the Pwn Plug Elite!

Hotel Information – Book now!

May 10, 2013
AnnouncementConference

RVAsec has reserved a block of rooms at the Crowne Plaza for out of town guests. The rate is $112/night (which includes parking)–just mention block “RVAsec” to get the special rate.  Unfortunately, you will need to call the hotel to get the rate and cannot get the rate online.

If you need a room, please make sure that you get your room ASAP!

Crowne Plaza Richmond Downtown
555 East Canal Street, Richmond VA 23219
804-788-0900 or 800-2CROWNE

The hotel has a shuttle that runs back and forth from the conference location at VCU for both days.

If for any reason you are unable to get the RVAsec rate or the block of rooms has been filled, please let us know so we can contact the hotel!

After Party by Rapid7

May 9, 2013
AnnouncementConference

The after party sponsored by Rapid7 on Friday, May 31 will be held at The Tobacco Company! After the last talk of the day head over to Tobacco Company for food and drink provided by Rapid7 from 6:30 to 9:30.

rapid7_logo_orange-840px

 

 

Party time!

 

Nexus 7 and Raspberry Pi To Be Raffled at RVAsec

May 7, 2013
AnnouncementConference

Thanks to Risk Based Security we are pleased to announce that we will be raffling off a Nexus 7 and Raspberry Pi at RVAsec! Thanks to our friend’s great work over at Pwnie Express both of these devices can be converted to a Pwn Pad and Raspberry Pwn, respectively.

Don’t forget that registration ends on 5/15.

Schedule is posted!

April 26, 2013
AnnouncementConference

We have posted the schedule and are very pleased to have such amazing speakers sharing their knowledge with us!

So you can plan your day at RVAsec we have posted the schedule here:
http://rvasec.com/schedule/

Full speakers bios and talk abstracts can be found here:
http://rvasec.com/speakers/

We will post the rooms for each session as the conference gets closer.

RVAsec Capture The Flag Update!

April 3, 2013
AnnouncementConferenceCTF

The RVAsec Capture The Flag (CTF) is getting close. The details below are meant to ensure participants are prepared for it! We’re excited to invite anyone and everyone who is interested in learning and exploring different IT/infosec tools and techniques in hands-on, practical exercises, to join us.

WHEN: 06/01/2013 – 10am-2pm.  The exact time is subject to change but it will be on Saturday.

WHERE: We will have a table at the conference.  You must be a registered conference attendee to participate.

WHO: Living humanoid-ish… seriously, this is for everyone from hobbyists, sys/net admins, infosec pros, tinkerers, makers, fixers and breakers… come out and play. We’ll all teach, learn and grow together!

WHAT TO DO:

  • DO bring a network-enabled laptop.

  • DO have the ability to run Backtrack 5r3 (http://www.backtrack-linux.org/downloads/), Pentoo (http://www.pentoo.ch/) or Kali Linux (http://www.kali.org/) either as a virtual machine, from bootable media (CD/DVD flash drive), or installed as your OS. Most of the scenarios in the CTF can be completed with the tools within these security-centric Linux distributions. Not a requirement, per se, but a BIG recommendation.

  • DO understand that the CTF network is a closed private network, and will not have Internet access. CTF Participants will have the ability to connect to a separate guest wireless network with Internet access for research, tool downloads, etc., during the event, but will have to disconnect from the CTF network to do so.

  • DO listen to and respect any instructions and guidance provided at the event. We want to provide an environment that is conducive to learning, tinkering, exploring and having a good time.

WHAT NOT TO DO:

  • DON’T use words or phrases like “irregardless”, “all of the sudden”, “cybergeddon” or “cyber Pearl Harbor”.

  • DON’T feed or pet any of the conference organizers or volunteers.

  • DON’T attack any other CTF participants or any VCU devices (logically, physically or emotionally).

Pre-Register: If you plan to participate in the CTF we ask that you pre-register here: http://securabit.com/ctf/ for administrative purposes.  The first 20 people will receive a free 8GB USB 3.0 Flash Drive! (You have to show up and participate!)

Sponsor: We are still seeking sponsors to help with the CTF costs.  If you are interested or know someone that would be willing to support the CTF please contact sponsors@rvasec.com

Hope to see you there!  If you have any questions please let us know!

Training: Introduction to Malware Analysis

April 1, 2013
AnnouncementTraining

We are pleased to announce that we are offering Introduction to Malware Analysis. The class will be taught by Tyler Hudak, and held on Thursday, May 30th before the conference. The class will cost of $250.

Due to the prevalence and business impact of malware, security professionals increasingly need the skills necessary to analyze worms, bots and trojan horses. This one day course will walk attendees through the concepts, techniques and processes for analyzing malware. Students will take a “from-the-wild” malware sample in a hands-on environment and learn how to analyze its characteristics and behavior to determine what it does and the risk it presents. 

For more information on the class and the instructor, or to register, please see: http://rvasec.com/malware/

Training: SANS MGT432: Information Security for Business Executives

April 1, 2013
AnnouncementTraining

We are pleased to announce we are offering the SANS MGT432 class called Information Security for Business Executives. The class will be taught by Charles (Chip) Greene, and held on Thursday, May 30th before the conference. The class will be offered at a discounted cost of $600.

This is a one day version of Management 512: SANS Security Leadership Essentials Class. Designed for InfoSec Managers, Directors, and Senior Leaders (VPs, COO, CEO) looking to learn the fundamentals of information security at a 30,000 foot view.

Just a few of the main topics are as follows:

  • How to understand what the security folks are trying to tell you
  • The Four Phases of Security Tasks
  • Cryptography, Wireless and Software Security
  • Managing Vulnerability Situational Awareness
  • Awareness/Training and Privacy
  • Incident Response
  • Response BCP/DR/Crisis Management
  • Securing Virtualized Environments

 

For more information on the class and the instructor, or to register, please see: http://rvasec.com/infosecforbusiness/

Hack.RVA to do badges again this year!

March 16, 2013
AnnouncementBadgesConference

We are pleased to officially announce that Hack.RVA will be making badges for RVAsec again this year! In order to be GUARANTEED that you get a cool badge you MUST be registered by 4/1. We spoke with Jamie Duncan about the badges:

(RVAsec) The badges were a huge hit at last year’s at RVAsec. Can you tell us a little about them?
(Jamie) We had an incredible time getting together! Last year was our first effort as a group at a project of that size (we delivered 105 badges that morning!). They were pretty simple devices, with a small LCD and four buttons for inputting text and finding little easter eggs hidden around certain keywords. We had the circuit boards printed up, and then built them out ourselves in addition to writing the firmware that was running on them.

(RVAsec) What did you learn from doing the badges last year?
(Jamie) Time is your greatest enemy. Hack.RVA is an all-volunteer effort that is incredible in the respect that we have a large base of willing people who use these badges and a teaching and learning experience. It can get tricky when the more experienced users have to work late or lives simply get in the way. But that is honestly one of the fun things about hack.rva, or any other Open Source – style project.

(RVAsec) What are the plans for the badges this year?
(Jamie) In a word, Crazy. There is no comparison with what we were able to do last year. We started the design process just after the new year, and have gone through 7 (at least) development revisions and prototypes. We are building them almost 100% in house. We’ll be etching the circuit boards, building and testing the components, and even doing the graphics work to make this year’s badges more easily identifiable. A huge effort, and wrapping it up is going to a blast. Spear-heading our board design has been one of our ‘senior hackers’, Paul Bruggeman. While that has been going on one of our youngest hackers, Morgan Stuart (VCU Senior) has been working on the initial firmwares with Paul’s help (among others).

(RVAsec) Do you plan to make them interactive?
(Jamie) MASSIVELY. This year’s edition will have the ability to send and receive communications, be touch sensitive, and communicate to the world in two completely new ways as compared to last year.

(RVAsec) If someone wanted to hack them, what would they need to do?
(Jamie) That’s the best part. These are designed to be hacked. We want, and plan on you to hack them to do all sorts of things. To get started? Simply plug it into the usb port on your laptop. 🙂

(RVAsec) Can you give attendees any other hints about the badges?
(Jamie) Secrets!? While there are no secrets (these will be fully open source hardware and software projects), we want the users to find all of the little games and tricks and easter eggs we have planned for them. Isn’t that half the fun?

(RVAsec) When do you need to know the number of badges we need?
(Jamie) ASAP. We’ve been spec’ing out prices @200/300. The final BOM has a few tweaks, but it’s close.

(RVAsec) Anything else?
(Jamie) Thanks again to RVASec for allowing a group like hack.rva the incredible fun of essentially doing whatever we want to come up with something awesome for the conference attendees and staff.

Due to the badges be custom made we have to place an order for parts in the next few weeks. In order to be GUARANTEED that you get a cool badge you MUST be registered by 4/1. Yes, APRIL FOOLS DAY. This is no joke–if you are not registered by 4/1 then you run the risk of getting not getting one of these amazing badges. Seriously, last year we had to print up “I registered late for @RVAsec & all I got was this lame paper badge with string”. Don’t be that person.

Thanks to Hack.RVA members for all of their efforts. Please help us in the planning efforts by registering prior to 4/1.

Alex Hutton and Chris Wysopal to Keynote RVAsec!

February 18, 2013
AnnouncementConference

We are pleased to announce that Alex Hutton and Chris Wysopal will be keynoting RVAsec 2013!

Alex Huttonhutton-pic
Alex Hutton is a big fan of trying to understand security and risk through metrics and models. Currently, Alex is the Director of Technology and Operations Risk Management for a top 25 bank. A former principal for Research & Intelligence with the Verizon Business RISK Team, Alex also helped produce the Verizon Data Breach Investigation, the Verizon’s PCI Compliance report, was responsible for the VERIS data collection and analysis efforts, and developed information risk models for their Cybertrust services. Alex is the veteran of several security start-ups. Alex likes risk and security so much, he spends his spare time working on projects and writing about the subject. Some of that work includes contributions to the Cloud Security Alliance documents, the ISM3 security management standard, and work with the Open Group Security Forum. Alex is a founding member of the Society of Information Risk Analysts (http://societyinforisk.org/), and blogs for their website and records a podcast for the membership. He also blogs at the New School of Information Security Blog (http://www.newschoolsecurity.com). Some of his earlier thoughts on risk can be found at the Riskanalys.is blog (http://www.riskanalys.is).

wysopal-picChris Wysopal, CTO, Veracode
Veracode’s CTO and Co-Founder, Chris Wysopal, is responsible for the company’s software security analysis capabilities. In 2008 he was named one of InfoWorld’s Top 25 CTO’s and one of the 100 most influential people in IT by eWeek. One of the original vulnerability researchers and a member of L0pht Heavy Industries, he was one of the authors of L0phtCrack, the Windows password auditing program and the author of Netcat for Windows. Chris has testified on Capitol Hill in the US on the subjects of government computer security and how vulnerabilities are discovered in software. He is the author of “The Art of Software Security Testing” published by Addison-Wesley and has published several major security vulnerabilities in Lotus Notes, Microsoft Windows and Cold Fusion.