Training: Networking for Pentesters

We are pleased to announce that Rob Fuller (Mubix) will be teaching Networking for Pentesters. The class we be held on Thursday, June 4th before the conference and will cost $199.95.

Training classes are held on Thursday, June 4th, before the conference.  This class will cost $199.95.

Networking for Pentesters

This is an introductory class into specific protocols and technologies
that are used on corporate networks around the world, focusing on the
point of view of an attacker. This class will cover things like how DNS, HTTP, SMTP and other basics of networking, then move on to “Layer 7” with
IIS/Sharepoint, VPNs, Windows Active Directory, and Unix services.

For more information on the class and the instructor, or to register, please see:

http://rvasec.com/training/


Training: The Secrets of Security with the OSSTMM

We are pleased to announce that Pete Herzog, the creator of the OSSTMM (Open Source Security Testing Methodology Manual) will be joining us at RVAs3c to teach a class on OSSTMM!

Training classes are held on Thursday, June 4th, before the conference.  This class will cost $250.

The Secrets of Security with the OSSTMM

Get key insights from the very latest version of the Open Source
Security Testing Methodology Manual (OSSTMM). Discover gems of
knowledge that can greatly expand your view of security. Learn how and
where to apply this methodology in a practical and efficient way. Then
get your hands dirty on trying it out.

For more information on the class and the instructor, or to register, please see:


Training Class: Lockpicking & Lock Forensics

Back by popular demand, RVAs3c is pleased to announce the training class Lockpicking with Schuyler Towne! This year’s class will also offer new content on Lock Forensics!

Training classes are held on Thursday, June 4th, before the conference.  This class will cost $250.

Lockpicking & Lock Forensics

This workshop is based around understanding both how to pick locks and how to analyze the evidence picking leaves behind. We will explore myriad methods of entry on basic pin tumbler locks, then, after each method is fully understood, we’ll place the components of the locks you’ve opened under a high-definition microscope and explain how to interpret the tool marks you have left behind.
 
The methods of entry covered will include:
  • Single-pin picking
  • Raking
  • Percussive attacks (pick guns/bumping)
  • and Impressioning
 
At the end of the workshop we’ll test your new knowledge by examining a few lock examples I’ve brought along under the microscope and analyze them together.
For more information on the class and the instructor, or to register, please see:

RVAsec tickets on sale now for $50

Not $100!The base ticket price for RVAs3c is $100. However,  until 3/14 all registrations will be half off–only $50!

For the last two years RVAsec has brought the best speakers to Richmond, kept attendees fed and watered, and ensured everyone had a great time for the lowest possible cost. Despite selling out both conferences, the large number of late registrations is a serious problem and adds to conference costs. So this year we are trying something different & raising the base price a little, but offering a deep discount to encourage early registration,

And if that’s not enough incentive to purchase your tickets early, late registrations (after 5/17) will be $150!

Don’t forget all the things you get with registration, including 2 full days of talks, parking, meals, snacks, drinks, reception, prizes, a capture the flag contest, t-shirt & swag!

So, to recap the conference prices:

  • $50 discounted price until 3/14
  • $100 regular price until 5/16
  • $150 late registration until 5/30

Once again there will be no tickets sold at the door, and don’t forget that RVAs3c has sold out every year–so don’t wait!

Register now!

 


RVAs3c Badge Preview

For the first two years of RVAsec, our friends at hack.rva have come up with two awesomely interactive badges for attendees. Planning for the 2014 badge started right after the 2013 conference, and since June is coming quickly we caught up with Morgan Stuart to get some info on what they are planning.

The 2013 badges were a huge hit–can you tell us a little about them?

2013 RVAsec Badges

2013 RVAsec Badges

Morgan: Last year’s design focused on a large feature set. The badge included 8 LEDs, infrared transmitter and receiver, piezo buzzer, 3D printed button, and it even had USB support. This meant that these badges could talk back and forth to each other wirelessly, you could tap, turn, and shake for input, and you could plug it up to your laptop and compose some tunes with your keyboard. The “game” on the badge consisted of seven stages, where we progressively introduced a new feature of the badge in some puzzle. By the second day, we had many people’s badges partaking in the “game of death.” Your badged counted down your health with the LEDs (in base 2 of course), forcing you to scavenge for food. HackRVA’s table had a beacon on it that would occasionally emit some “food” over IR, but most importantly you could attack other players. When a player died, they’re respawn downtime included about a minute of transmitting food to nearby players. Eventually we introduced a patient zero for “zombie mutation” (thanks Ron) and things got pretty crazy.

The badges did get a little annoying making noise the whole time. What were some thing that you learned from last year?

Morgan: There was a lot we took away from last year’s experience. Most important is getting the manufacturing of these devices down tight. We ran into a lot of unforeseen problems that we are trying to avoid by starting early with refined processes. Still, there are plenty of areas that could use improvement. For instance, the past few weeks we’ve been working out a photo etching method. It still needs work, but it will remove a lot of difficult-to-control variables that last year’s toner-transfer method had. There was also quite a bit of difficulty getting the accelerometer soldered on the board correctly, this lead to about half the badges not having an accelerometer, which was a big let down for everyone. We’re avoiding these kinds of small and sensitive components this year.

The design’s other biggest limitation was the restricted user I/O; we don’t think a button and accelerometer were enough input and the 8 LEDs with piezo could only say so much. We want interfacing with the badge to be enjoyable and intuitive, not frustrating or complex.

Due to the issues manufacturing last year, much of our focus was put on getting our hardware numbers up late in the build. The badges we ended up with had a great hardware feature set, but we just didn’t quite have the time we needed to fully exploit them with the software. HackRVA’s space has grown a lot in the last year, and we have some new and very responsible members who can help lift some of the weight off our shoulders when it comes to managing the fabrication of all this year’s boards. This means more time for software.

The good news about last year’s badge was that a lot things worked very well. Our design of the software and hardware was really founded on getting the attendees to interact with one another and we felt it did that in a big way. The badge became a great avenue to spark up a conversation or just geek-out with someone. Oh, and we’ll be sure to have a way to turn the sound off this year.

What are the plans for the badges this year?

Morgan: I first want to say that this year’s badge has again been redesigned from the “copper up,” but it’s undoubtedly the successor to last year’s badge. The badge games will again focus on getting the attendees to interact and think. Using them will be a whole lot of fun.

If someone wanted to hack or modify them, what will they need to do?

Morgan: Last year you needed a PicKit to modify the firmware–this is a piece of hardware that can cost as much as $30 or $40 for older versions. This year, we are aggressively pursuing a boot loader option which means you’ll simply need a USB cable and some free (as in beer) software to hack away.

Can you give attendees any other hints or teasers about the badges?

Morgan: One of the earliest changes we had in mind has really forced us to rethink the design and placement of every component. I won’t say much else other than we think lanyards are pretty lame…

Anything else?

Morgan: We would like to thank everyone at RVAsec, including Jake and Chris, for letting us do this these past few years. It’s challenging, but a whole lot of fun.

Thanks Morgan, we look forward to seeing this year’s badges!

If you are interested in helping out hack.rva with the badges, software or hardware, they have Thursday night open houses. More information can be found at http://hackrva.org/.


RVAsec 2014 CFP is now open!

The call for papers for RVAsec 3 is now open!

Conference: June 5-6th, 2015

Location: Richmond, VA

CFP Submission Deadline: February 14th, 2014 at 11:59 PM Eastern


RVAsec is a Richmond, VA based security convention that brings top industry speakers to the midatlantic region. In its second year, RVAsec 2013 attracted 265 security professionals from across the country. For 2014, the conference is a two day and dual-track format, with a mixed focus on technical and management/business presentations.

All talks must be 55 minutes in length, and submissions will need to select either technical or business/management tracks.

Join us and enjoy the perks!

For more information and requirements, or to submit, please visit:

http://rvasec.com/2014-cfp/

If you are interested in running a training class on June 4th, please email us at info@rvasec.com with the following information:

1) Title Of Class
2) Overview of Class:
3) Instructor:
4) Instructor Bio:
5) Class Size:
6) Student Prerequisites:
7) Proposed Cost / Amount Required Per Student:


RVAsec 2014 – June 4-6

RVAsec 2014 will be held on Thursday and Friday, June 5th and 6th at the Commonwealth Ballroom at VCU’s University Commons. Training classes will be held on Wednesday, June 4th.

CFP information will be coming shortly!


RVAsec Videos: Schuyler Towne & Dan Holden

And wrapping up the RVAsec 2013 videos are Schuyler Towne and Dan Holden!

Schuyler Towne: Vulnerability Research Circa 1851

Dan Holden: DDoS and Modern Threat Motives


RVAsec Videos: Jericho & Don Allison

Jericho: Our Straw House: Vulnerabilities

Don Allison: Observations on the (Mostly) Inadvertent Effect of Data Management on International Cybercrime Investigations


RVAsec Videos: Colby Clark & Rockie Brockway

Two more videos from RVAsec 2013!

Colby Clark: The Digital Battlefield

Rockie Brockway: Business Adaptation or: How I Learned to Stop Worrying and Love the Internet’s Unclean Conflicts