Thanks to Risk Based Security we are pleased to announce that we will be raffling off a Nexus 7 and Raspberry Pi at RVAsec! Thanks to our friend’s great work over at Pwnie Express both of these devices can be converted to a Pwn Pad and Raspberry Pwn, respectively.
Don’t forget that registration ends on 5/15.
RVAsec will be held on Friday and Saturday, May 31st and June 1st at the Commonwealth Ballroom at VCU’s University Commons. Training classes will be held on Thursday, May 30th.
The conference is only $75 and includes two days of talks, electronic badges from hack.rva, breakfast/lunch/snacks, more coffee this year, swag bag, parking at VCU, two receptions and an after party sponsored by Rapid7!
The 5/15 deadline is rapidly approaching (and we ordered more badges so they are still available)–so register now! Due to catering demands we cannot take any registrations onsite or after the deadline.
On Thursday 5/30 we have four training classes available at the lowest prices we can swing: Lock Picking with Schuyler Towne, Forensics Readiness with Glenn Dardick, SANS Information Security for Business Executives with Chip Greene, and Introduction to Malware Analysis with Tyler Hudak. Classes are almost full, if you are considering a class please register now!
RVAsec 2013 Speaker Lineup (Schedule)
Chris Wysopal – Keynote
Donald Allison
Rockie Brockway
Colby Clark
Gus Fritschie & Andrew Du
Adam Ely
Dan Han
Dan Holden
Schuyler Towne
Paul Watson
Alex Hutton – Keynote
Itzik Kotler
Barry Kouns
Brian Lockrey
Sean Mason
Daniel Ramsbrock
Mike Shema
Boris Sverdlik
Ben Tomhave
We have posted the schedule and are very pleased to have such amazing speakers sharing their knowledge with us!
So you can plan your day at RVAsec we have posted the schedule here:
http://rvasec.com/schedule/
Full speakers bios and talk abstracts can be found here:
http://rvasec.com/speakers/
We will post the rooms for each session as the conference gets closer.
The RVAsec Capture The Flag (CTF) is getting close. The details below are meant to ensure participants are prepared for it! We’re excited to invite anyone and everyone who is interested in learning and exploring different IT/infosec tools and techniques in hands-on, practical exercises, to join us.
WHEN: 06/01/2013 – 10am-2pm. The exact time is subject to change but it will be on Saturday.
WHERE: We will have a table at the conference. You must be a registered conference attendee to participate.
WHO: Living humanoid-ish… seriously, this is for everyone from hobbyists, sys/net admins, infosec pros, tinkerers, makers, fixers and breakers… come out and play. We’ll all teach, learn and grow together!
WHAT TO DO:
DO bring a network-enabled laptop.
DO have the ability to run Backtrack 5r3 (http://www.backtrack-linux.org/downloads/), Pentoo (http://www.pentoo.ch/) or Kali Linux (http://www.kali.org/) either as a virtual machine, from bootable media (CD/DVD flash drive), or installed as your OS. Most of the scenarios in the CTF can be completed with the tools within these security-centric Linux distributions. Not a requirement, per se, but a BIG recommendation.
DO understand that the CTF network is a closed private network, and will not have Internet access. CTF Participants will have the ability to connect to a separate guest wireless network with Internet access for research, tool downloads, etc., during the event, but will have to disconnect from the CTF network to do so.
DO listen to and respect any instructions and guidance provided at the event. We want to provide an environment that is conducive to learning, tinkering, exploring and having a good time.
WHAT NOT TO DO:
DON’T use words or phrases like “irregardless”, “all of the sudden”, “cybergeddon” or “cyber Pearl Harbor”.
DON’T feed or pet any of the conference organizers or volunteers.
DON’T attack any other CTF participants or any VCU devices (logically, physically or emotionally).
Pre-Register: If you plan to participate in the CTF we ask that you pre-register here: http://securabit.com/ctf/ for administrative purposes. The first 20 people will receive a free 8GB USB 3.0 Flash Drive! (You have to show up and participate!)
Sponsor: We are still seeking sponsors to help with the CTF costs. If you are interested or know someone that would be willing to support the CTF please contact sponsors@rvasec.com
Hope to see you there! If you have any questions please let us know!
We are pleased to officially announce that Hack.RVA will be making badges for RVAsec again this year! In order to be GUARANTEED that you get a cool badge you MUST be registered by 4/1. We spoke with Jamie Duncan about the badges:
(RVAsec) The badges were a huge hit at last year’s at RVAsec. Can you tell us a little about them?
(Jamie) We had an incredible time getting together! Last year was our first effort as a group at a project of that size (we delivered 105 badges that morning!). They were pretty simple devices, with a small LCD and four buttons for inputting text and finding little easter eggs hidden around certain keywords. We had the circuit boards printed up, and then built them out ourselves in addition to writing the firmware that was running on them.
(RVAsec) What did you learn from doing the badges last year?
(Jamie) Time is your greatest enemy. Hack.RVA is an all-volunteer effort that is incredible in the respect that we have a large base of willing people who use these badges and a teaching and learning experience. It can get tricky when the more experienced users have to work late or lives simply get in the way. But that is honestly one of the fun things about hack.rva, or any other Open Source – style project.
(RVAsec) What are the plans for the badges this year?
(Jamie) In a word, Crazy. There is no comparison with what we were able to do last year. We started the design process just after the new year, and have gone through 7 (at least) development revisions and prototypes. We are building them almost 100% in house. We’ll be etching the circuit boards, building and testing the components, and even doing the graphics work to make this year’s badges more easily identifiable. A huge effort, and wrapping it up is going to a blast. Spear-heading our board design has been one of our ‘senior hackers’, Paul Bruggeman. While that has been going on one of our youngest hackers, Morgan Stuart (VCU Senior) has been working on the initial firmwares with Paul’s help (among others).
(RVAsec) Do you plan to make them interactive?
(Jamie) MASSIVELY. This year’s edition will have the ability to send and receive communications, be touch sensitive, and communicate to the world in two completely new ways as compared to last year.
(RVAsec) If someone wanted to hack them, what would they need to do?
(Jamie) That’s the best part. These are designed to be hacked. We want, and plan on you to hack them to do all sorts of things. To get started? Simply plug it into the usb port on your laptop. 🙂
(RVAsec) Can you give attendees any other hints about the badges?
(Jamie) Secrets!? While there are no secrets (these will be fully open source hardware and software projects), we want the users to find all of the little games and tricks and easter eggs we have planned for them. Isn’t that half the fun?
(RVAsec) When do you need to know the number of badges we need?
(Jamie) ASAP. We’ve been spec’ing out prices @200/300. The final BOM has a few tweaks, but it’s close.
(RVAsec) Anything else?
(Jamie) Thanks again to RVASec for allowing a group like hack.rva the incredible fun of essentially doing whatever we want to come up with something awesome for the conference attendees and staff.
Due to the badges be custom made we have to place an order for parts in the next few weeks. In order to be GUARANTEED that you get a cool badge you MUST be registered by 4/1. Yes, APRIL FOOLS DAY. This is no joke–if you are not registered by 4/1 then you run the risk of getting not getting one of these amazing badges. Seriously, last year we had to print up “I registered late for @RVAsec & all I got was this lame paper badge with string”. Don’t be that person.
Thanks to Hack.RVA members for all of their efforts. Please help us in the planning efforts by registering prior to 4/1.
We are pleased to announce that Alex Hutton and Chris Wysopal will be keynoting RVAsec 2013!
Alex Hutton
Alex Hutton is a big fan of trying to understand security and risk through metrics and models. Currently, Alex is the Director of Technology and Operations Risk Management for a top 25 bank. A former principal for Research & Intelligence with the Verizon Business RISK Team, Alex also helped produce the Verizon Data Breach Investigation, the Verizon’s PCI Compliance report, was responsible for the VERIS data collection and analysis efforts, and developed information risk models for their Cybertrust services. Alex is the veteran of several security start-ups. Alex likes risk and security so much, he spends his spare time working on projects and writing about the subject. Some of that work includes contributions to the Cloud Security Alliance documents, the ISM3 security management standard, and work with the Open Group Security Forum. Alex is a founding member of the Society of Information Risk Analysts (http://societyinforisk.org/), and blogs for their website and records a podcast for the membership. He also blogs at the New School of Information Security Blog (http://www.newschoolsecurity.com). Some of his earlier thoughts on risk can be found at the Riskanalys.is blog (http://www.riskanalys.is).
Chris Wysopal, CTO, Veracode
Veracode’s CTO and Co-Founder, Chris Wysopal, is responsible for the company’s software security analysis capabilities. In 2008 he was named one of InfoWorld’s Top 25 CTO’s and one of the 100 most influential people in IT by eWeek. One of the original vulnerability researchers and a member of L0pht Heavy Industries, he was one of the authors of L0phtCrack, the Windows password auditing program and the author of Netcat for Windows. Chris has testified on Capitol Hill in the US on the subjects of government computer security and how vulnerabilities are discovered in software. He is the author of “The Art of Software Security Testing” published by Addison-Wesley and has published several major security vulnerabilities in Lotus Notes, Microsoft Windows and Cold Fusion.
Registration for RVAsec 2013 is now open!
This year the conference will be held on Friday May 31st and Saturday June 1st at the Commonwealth Ballroom at VCU’s University Commons. The conference has a mixed focus on technical and management presentations.
Tickets to the conference are $75 for two days of talks, lunch, parking, swag and more! Tickets for training, which include a full day of training, parking and lunch will be available as the classes are announced.
You may now register for the RVAsec conference or training classes by visiting the event registration page.
RVAsec had an amazing inception last year, and we have been busy at work planning the second iteration, which will take place from May 30th to June 1st, 2013 on the VCU campus in Richmond, VA. This year’s event should be every bit as exciting and full of great opportunities to learn and connect with your fellow colleagues.
In conjunction with the SecuraBit podcast (which is also in Richmond), members of the richSEC organization are putting together a Capture the Flag (CTF) event to be held during the conference. The goal of the CTF is not simply to be a venue for folks to flex their tech skills, but rather an interactive learning/demonstration of real world scenarios that affect anyone that has a computer network.
The team has been hard at work coming up with what we like to call an “everyman” type of CTF. Not elitist, not intimidating and something that won’t take up all of a participant’s time at the con; a CTF where any level of IT participate. Whether you’re a student, a hobbyist, or don’t even have the word “security” in your job description, we’ve got something you will be able to play with and actually learn from! That’s our challenge: to ensure some folks aren’t intimidated by what we have up, but also not to bore anyone with simplicity.
The CTF’s goal: everyone involved is challenged, forced to use critical thinking (not just push the easy button on a tool) and has “ah ha!” moments. We want anyone to look at a challenge and say “That could really happen in my environment! Let’s fix that!”. Security professionals who have not had firsthand experience with how penetration testing takes place will also see some of the attack vectors that can be used (not just MS08-067). The penetration testers and reverse engineers out there will hopefully find themselves challenged as well.
We will provide more information as it becomes available. If you are interested in helping please let us know!
We’re pleased to announce the dates for RVAsec 2013!
The conference will be held on Friday May 31st and Saturday June 1st, 2013.
Training will be held on Thursday, May 30th 2013.
Stay tuned for more information about the conference. If you are interested in speaking, keep an eye out for a CFP announcement.
