Hack.RVA to do badges again this year!

March 16, 2013
AnnouncementBadgesConference

We are pleased to officially announce that Hack.RVA will be making badges for RVAsec again this year! In order to be GUARANTEED that you get a cool badge you MUST be registered by 4/1. We spoke with Jamie Duncan about the badges:

(RVAsec) The badges were a huge hit at last year’s at RVAsec. Can you tell us a little about them?
(Jamie) We had an incredible time getting together! Last year was our first effort as a group at a project of that size (we delivered 105 badges that morning!). They were pretty simple devices, with a small LCD and four buttons for inputting text and finding little easter eggs hidden around certain keywords. We had the circuit boards printed up, and then built them out ourselves in addition to writing the firmware that was running on them.

(RVAsec) What did you learn from doing the badges last year?
(Jamie) Time is your greatest enemy. Hack.RVA is an all-volunteer effort that is incredible in the respect that we have a large base of willing people who use these badges and a teaching and learning experience. It can get tricky when the more experienced users have to work late or lives simply get in the way. But that is honestly one of the fun things about hack.rva, or any other Open Source – style project.

(RVAsec) What are the plans for the badges this year?
(Jamie) In a word, Crazy. There is no comparison with what we were able to do last year. We started the design process just after the new year, and have gone through 7 (at least) development revisions and prototypes. We are building them almost 100% in house. We’ll be etching the circuit boards, building and testing the components, and even doing the graphics work to make this year’s badges more easily identifiable. A huge effort, and wrapping it up is going to a blast. Spear-heading our board design has been one of our ‘senior hackers’, Paul Bruggeman. While that has been going on one of our youngest hackers, Morgan Stuart (VCU Senior) has been working on the initial firmwares with Paul’s help (among others).

(RVAsec) Do you plan to make them interactive?
(Jamie) MASSIVELY. This year’s edition will have the ability to send and receive communications, be touch sensitive, and communicate to the world in two completely new ways as compared to last year.

(RVAsec) If someone wanted to hack them, what would they need to do?
(Jamie) That’s the best part. These are designed to be hacked. We want, and plan on you to hack them to do all sorts of things. To get started? Simply plug it into the usb port on your laptop. 🙂

(RVAsec) Can you give attendees any other hints about the badges?
(Jamie) Secrets!? While there are no secrets (these will be fully open source hardware and software projects), we want the users to find all of the little games and tricks and easter eggs we have planned for them. Isn’t that half the fun?

(RVAsec) When do you need to know the number of badges we need?
(Jamie) ASAP. We’ve been spec’ing out prices @200/300. The final BOM has a few tweaks, but it’s close.

(RVAsec) Anything else?
(Jamie) Thanks again to RVASec for allowing a group like hack.rva the incredible fun of essentially doing whatever we want to come up with something awesome for the conference attendees and staff.

Due to the badges be custom made we have to place an order for parts in the next few weeks. In order to be GUARANTEED that you get a cool badge you MUST be registered by 4/1. Yes, APRIL FOOLS DAY. This is no joke–if you are not registered by 4/1 then you run the risk of getting not getting one of these amazing badges. Seriously, last year we had to print up “I registered late for @RVAsec & all I got was this lame paper badge with string”. Don’t be that person.

Thanks to Hack.RVA members for all of their efforts. Please help us in the planning efforts by registering prior to 4/1.

Alex Hutton and Chris Wysopal to Keynote RVAsec!

February 18, 2013
AnnouncementConference

We are pleased to announce that Alex Hutton and Chris Wysopal will be keynoting RVAsec 2013!

Alex Huttonhutton-pic
Alex Hutton is a big fan of trying to understand security and risk through metrics and models. Currently, Alex is the Director of Technology and Operations Risk Management for a top 25 bank. A former principal for Research & Intelligence with the Verizon Business RISK Team, Alex also helped produce the Verizon Data Breach Investigation, the Verizon’s PCI Compliance report, was responsible for the VERIS data collection and analysis efforts, and developed information risk models for their Cybertrust services. Alex is the veteran of several security start-ups. Alex likes risk and security so much, he spends his spare time working on projects and writing about the subject. Some of that work includes contributions to the Cloud Security Alliance documents, the ISM3 security management standard, and work with the Open Group Security Forum. Alex is a founding member of the Society of Information Risk Analysts (http://societyinforisk.org/), and blogs for their website and records a podcast for the membership. He also blogs at the New School of Information Security Blog (http://www.newschoolsecurity.com). Some of his earlier thoughts on risk can be found at the Riskanalys.is blog (http://www.riskanalys.is).

wysopal-picChris Wysopal, CTO, Veracode
Veracode’s CTO and Co-Founder, Chris Wysopal, is responsible for the company’s software security analysis capabilities. In 2008 he was named one of InfoWorld’s Top 25 CTO’s and one of the 100 most influential people in IT by eWeek. One of the original vulnerability researchers and a member of L0pht Heavy Industries, he was one of the authors of L0phtCrack, the Windows password auditing program and the author of Netcat for Windows. Chris has testified on Capitol Hill in the US on the subjects of government computer security and how vulnerabilities are discovered in software. He is the author of “The Art of Software Security Testing” published by Addison-Wesley and has published several major security vulnerabilities in Lotus Notes, Microsoft Windows and Cold Fusion.

Training: Forensics Readiness

January 31, 2013
AnnouncementTraining

We are pleased to announce that we will have a Forensics Readiness workshop! The class will be taught by Glenn S. Dardick, and held on Thursday, May 30th before the conference.  The class will cost $395.

The workshop is a hands-on introduction to cyber forensics for IT Security personnel and Incident Response Teams. The workshop will cover where artifacts lie, and how to forensically retrieve them. More importantly the workshop will cover forensics readiness – knowing what can be available, leads to being prepared prior to a breach or other incident – instead, after the breach or other incident, wishing you were prepared. 

For more information on the class and the instructor, or to register, please see: http://rvasec.com/forensicsreadiness/

Back By Popular Demand: Lock Picking!

January 29, 2013
AnnouncementTraining

We are pleased to announce that, back by popular demand, we will have Physical Security Training! The class will be taught by Schuyler Towne, and held on Thursday, May 30th before the conference.  The class will cost $250.

Get comfortable with basic lockpicks, open some security pinned locks (and possibly high security), and have an understanding of Pin Tumbler, Wafer and Disc Detainer locks.  Learn the baseline knowledge to plan your own facility security, and get a number of excellent references to help continue your study.

For more information on the class and the instructor, or to register, please see:

Registration is now open!

January 22, 2013
AnnouncementConference

Registration for RVAsec 2013 is now open!

This year the conference will be held on Friday May 31st and Saturday June 1st at the Commonwealth Ballroom at VCU’s University Commons.  The conference has a mixed focus on technical and management presentations.

Tickets to the conference are $75 for two days of talks, lunch, parking, swag and more! Tickets for training, which include a full day of training, parking and lunch will be available as the classes are announced.

You may now register for the RVAsec conference or training classes by visiting the event registration page.

Register before 3/1 with code ‘early’ to receive a $25 discount on regular admission!

New Style Of Capture The Flag (CTF) Coming To RVAsec!

January 17, 2013
AnnouncementConferenceCTF

RVAsec had an amazing inception last year, and we have been busy at work planning the second iteration, which will take place from May 30th to June 1st, 2013 on the VCU campus in Richmond, VA.  This year’s event should be every bit as exciting and full of great opportunities to learn and connect with your fellow colleagues.

In conjunction with the SecuraBit podcast (which is also in Richmond), members of the richSEC organization are putting together a Capture the Flag (CTF) event to be held during the conference.  The goal of the CTF is not simply to be a venue for folks to flex their tech skills, but rather an interactive learning/demonstration of real world scenarios that affect anyone that has a computer network.

The team has been hard at work coming up with what we like to call an “everyman” type of CTF. Not elitist, not intimidating and something that won’t take up all of a participant’s time at the con; a CTF where any level of IT participate. Whether you’re a student, a hobbyist, or don’t even have the word “security” in your job description, we’ve got something you will be able to play with and actually learn from!  That’s our challenge:  to ensure some folks aren’t intimidated by what we have up, but also not to bore anyone with simplicity.

The CTF’s goal: everyone involved is challenged, forced to use critical thinking (not just push the easy button on a tool) and has “ah ha!” moments.  We want anyone to look at a challenge and say “That could really happen in my environment! Let’s fix that!”.  Security professionals who have not had firsthand experience with how penetration testing takes place will also see some of the attack vectors that can be used (not just MS08-067). The penetration testers and reverse engineers out there will hopefully find themselves challenged as well.

We will provide more information as it becomes available.  If you are interested in helping please let us know!

RVAsec 2013 CFP is Now Open!

December 3, 2012
AnnouncementUncategorized

The call for papers for RVAsec 2013 is now open!

Conference: May 30 – June 1, 2013

Location: Richmond, VA

CFP Submission Deadline: February 4th, 2013 at 11:59 PM Eastern

RVAsec is a Richmond, VA based security convention that brings top industry speakers to the midatlantic region. In its first year, RVAsec 2012 attracted 175 security professionals from across the country. For 2013, the conference is expanding to a two day and dual-track format, with a mixed focus on technical and management/business presentations.

All talks must be 55 minutes in length, and submissions will need to select either technical or business/management tracks.

Join us and enjoy the perks!

For more information and requirements, or to submit, please visit:

http://rvasec.com/2013-cfp/

 

2013 Conference Dates

September 29, 2012
Conference

We’re pleased to announce the dates for RVAsec 2013!

The conference will be held on Friday May 31st and Saturday June 1st, 2013.

Training will be held on Thursday, May 30th 2013.

Stay tuned for more information about the conference. If you are interested in speaking, keep an eye out for a CFP announcement.