Search Results for "2014"

David Kennedy to Keynote RVAsec!

March 10, 2014
AnnouncementConference

We are pleased to announce that David Kennedy will be keynoting RVAs3c 2014!

dave-kennedyDavid is the Founder and Principal Security Consultant for TrustedSec, who provides information security consulting services for a large portion of the Fortune 1000 space as well as medium-sized companies. Prior to TrustedSec, David was a Chief Security Officer (CSO) for Diebold Incorporated, a Fortune 1000 company located in over 80 countries with over 16,000 employees. David developed a global security program that tackled all aspects of information security. David is considered a thought leader in the security field and has presented at over three hundred conferences worldwide.

David has had numerous guest appearances on Fox News, CNN, CNBC, Huffington Post, Bloomberg, BBC, The Katie Show, and other high-profile media outlets. David is the founder of DerbyCon, a large-scale information security conference. David has testified in front of Congress on multiple occasions on the threats we face in security and in the government space.

David also co-authored Metasploit: The Penetration Testers Guide, which was number one on Amazon in security for over a year. David was also one of the founding members of the “Penetration Testing Execution Standard” (PTES). PTES is the industry leading standard and guideline around how penetration tests should be performed. David has had the privilege to speak and keynote at some of the nations largest conferences.

David is the creator of several widely popular open-source tools including “The Social-Engineer Toolkit” (SET), Artillery, and Fast-Track. David has also released several zero-day exploits and focuses on security research. David has over 14 years of security experience, with over 9 specifically in security consulting. Prior to the private sector, David worked in the United States Marines for cyber warfare and forensics analysis activities.

David also recently testified before the US Congress about the security of the healthcare.gov web site.

Training: Into the Worm Hole: Metasploit for Web PenTesting

Instructor: Kizz MyAnthia (@KizzMyAnthia)

Metasploit is most commonly known for its epic pwnage of network and service level vulnerabilities. What you may not know is that same epic pwnage can be leveraged exploiting web application vulnerabilities. By leveraging the ability to custom build Metasploit modules or tools using the framework the power of Metasploit is only limited by the imagination of the user. “Into The Worm Hole: Metasploit For Web PenTesting” will build on prior knowledge of Metasploit and help elevate the tester’s skills and abilities by working hands-on building a custom scanner, using Metasploit to exploit Web Vulnerabilities, and learn to use Metasploit for phishing, XSS, and other web application vulnerabilities.

See the full outline (PDF) for additional information.

About the Instructor

Kizz MyAnthia is an InfoSec specialist whose qualifications include an in-depth understanding of security principles and practices; C|EH, MCSE+Security designations; and detailed knowledge of security tools, technologies and development. Seven years of security experience in the creation and deployment of solutions protecting networks, systems and information assets for diverse companies and organizations, with over 10 years overall in the industry.

Title: Into the Worm Hole: Metasploit for Web PenTesting
Outline: PDF
Instructor: Kizz MyAnthia
Class Size: 25 seats are available total (register early!)
Date: 6/4/2014, 9AM-5PM
Cost: $250

Prerequisites: This is an Intermediate level class and attendees should understand what Metasploit is and how to use it. A knowledge of Ruby is extremely beneficial, but some scripting experience or skill (any language) is recommended.

Class Requirements: This class requires all attendees to bring a computer with a functioning installation of Metasploit; a Kali or BT5 VM is recommended, but not required. All commands and lessons will be executed on Kali Linux. If an attendee chooses to use MS Windows MSF Installation or other OS they must know if there may be syntax differences, etc, NO SUPPORT WILL BE OFFERED.

 

Register for this Class

Training: The Secrets of Security with the OSSTMM

Instructor: Pete Herzog

Get key insights from the very latest version of the Open Source Security Testing Methodology Manual (OSSTMM). Discover gems of knowledge that can greatly expand your view of security. Learn how and where to apply this methodology in a practical and efficient way. Then get your hands dirty on trying it out.

The OSSTMM isn’t the most easy or fun document to read but it’s full of advanced security information that’s practical and relevant. It’s also the best-known operational security manual on the planet with about half a million downloads each month for one particular reason: those who figure it out have a distinct security advantage as its instructions are about a decade ahead of the current buzz in the security industry.

About the Instructor

Pete Herzog is the lead security researcher and creator of the OSSTMM. His analysis of security, hacking, trust, fraud, and neuro-hacking have shown up in thousands of research papers, books, and government documents around the world. He’s passionate about hacking and figuring out how things (and people) work.

Title: The Secrets of Security with the OSSTMM
Instructor: Pete Herzog
Date: 6/4/2014, 9AM-5PM
Cost: $250

Register for this Class

Training: Networking for Pentesters

Instructor: Rob Fuller

This is an introductory class into specific protocols and technologies that are used on corporate networks around the world focusing on the point of view of an attacker. Things like how DNS, HTTP, SMTP and other basics of networking, then moving on to “Layer 7” with IIS/Sharepoint, VPNs, Windows Active Directory, and Unix services.

About The Instructor
Mubix is a Senior Red Teamer. His professional experiences starts from his time on active duty as a United States Marine. He has worked with devices and software that run the gambit in the security realm. He has a few certifications but the title he holds above the rest is FATHER, HUSBAND, and United States Marine.

Title: Networking for Pentesters
Instructor: Rob Fuller
Date: 6/4/2014, 9AM-5PM
Cost: $199.95
Class Size: 20 seats are available total (register early!)

Prerequisites: No previous experience in pentesting is necessary as this course is designed for entry level. Students must be experienced with their OS of choice as well as have a basic understanding of Kali Linux.

Class Requirements: Students will be required to bring their own laptops for the class. Laptops will need a VMWare Workstation (NOT VMWARE PLAYER) or VirtualBox installation with an install of Windows 7 and Kali Linux as the guest virtual machines prior to the class.  All other tools will be provided.

Register for this Class

RVAsec tickets on sale now for $50

February 20, 2014
AnnouncementConference

Not $100!The base ticket price for RVAs3c is $100. However,  until 3/14 all registrations will be half off–only $50!

For the last two years RVAsec has brought the best speakers to Richmond, kept attendees fed and watered, and ensured everyone had a great time for the lowest possible cost. Despite selling out both conferences, the large number of late registrations is a serious problem and adds to conference costs. So this year we are trying something different & raising the base price a little, but offering a deep discount to encourage early registration,

And if that’s not enough incentive to purchase your tickets early, late registrations (after 5/17) will be $150!

Don’t forget all the things you get with registration, including 2 full days of talks, parking, meals, snacks, drinks, reception, prizes, a capture the flag contest, t-shirt & swag!

So, to recap the conference prices:

  • $50 discounted price until 3/14
  • $100 regular price until 5/16
  • $150 late registration until 5/30

Once again there will be no tickets sold at the door, and don’t forget that RVAs3c has sold out every year–so don’t wait!

Register now!

 

RVAs3c Badge Preview

February 6, 2014
Badges

For the first two years of RVAsec, our friends at hack.rva have come up with two awesomely interactive badges for attendees. Planning for the 2014 badge started right after the 2013 conference, and since June is coming quickly we caught up with Morgan Stuart to get some info on what they are planning.

The 2013 badges were a huge hit–can you tell us a little about them?

2013 RVAsec Badges

2013 RVAsec Badges

Morgan: Last year’s design focused on a large feature set. The badge included 8 LEDs, infrared transmitter and receiver, piezo buzzer, 3D printed button, and it even had USB support. This meant that these badges could talk back and forth to each other wirelessly, you could tap, turn, and shake for input, and you could plug it up to your laptop and compose some tunes with your keyboard. The “game” on the badge consisted of seven stages, where we progressively introduced a new feature of the badge in some puzzle. By the second day, we had many people’s badges partaking in the “game of death.” Your badged counted down your health with the LEDs (in base 2 of course), forcing you to scavenge for food. HackRVA’s table had a beacon on it that would occasionally emit some “food” over IR, but most importantly you could attack other players. When a player died, they’re respawn downtime included about a minute of transmitting food to nearby players. Eventually we introduced a patient zero for “zombie mutation” (thanks Ron) and things got pretty crazy.

The badges did get a little annoying making noise the whole time. What were some thing that you learned from last year?

Morgan: There was a lot we took away from last year’s experience. Most important is getting the manufacturing of these devices down tight. We ran into a lot of unforeseen problems that we are trying to avoid by starting early with refined processes. Still, there are plenty of areas that could use improvement. For instance, the past few weeks we’ve been working out a photo etching method. It still needs work, but it will remove a lot of difficult-to-control variables that last year’s toner-transfer method had. There was also quite a bit of difficulty getting the accelerometer soldered on the board correctly, this lead to about half the badges not having an accelerometer, which was a big let down for everyone. We’re avoiding these kinds of small and sensitive components this year.

The design’s other biggest limitation was the restricted user I/O; we don’t think a button and accelerometer were enough input and the 8 LEDs with piezo could only say so much. We want interfacing with the badge to be enjoyable and intuitive, not frustrating or complex.

Due to the issues manufacturing last year, much of our focus was put on getting our hardware numbers up late in the build. The badges we ended up with had a great hardware feature set, but we just didn’t quite have the time we needed to fully exploit them with the software. HackRVA’s space has grown a lot in the last year, and we have some new and very responsible members who can help lift some of the weight off our shoulders when it comes to managing the fabrication of all this year’s boards. This means more time for software.

The good news about last year’s badge was that a lot things worked very well. Our design of the software and hardware was really founded on getting the attendees to interact with one another and we felt it did that in a big way. The badge became a great avenue to spark up a conversation or just geek-out with someone. Oh, and we’ll be sure to have a way to turn the sound off this year.

What are the plans for the badges this year?

Morgan: I first want to say that this year’s badge has again been redesigned from the “copper up,” but it’s undoubtedly the successor to last year’s badge. The badge games will again focus on getting the attendees to interact and think. Using them will be a whole lot of fun.

If someone wanted to hack or modify them, what will they need to do?

Morgan: Last year you needed a PicKit to modify the firmware–this is a piece of hardware that can cost as much as $30 or $40 for older versions. This year, we are aggressively pursuing a boot loader option which means you’ll simply need a USB cable and some free (as in beer) software to hack away.

Can you give attendees any other hints or teasers about the badges?

Morgan: One of the earliest changes we had in mind has really forced us to rethink the design and placement of every component. I won’t say much else other than we think lanyards are pretty lame…

Anything else?

Morgan: We would like to thank everyone at RVAsec, including Jake and Chris, for letting us do this these past few years. It’s challenging, but a whole lot of fun.

Thanks Morgan, we look forward to seeing this year’s badges!

If you are interested in helping out hack.rva with the badges, software or hardware, they have Thursday night open houses. More information can be found at http://hackrva.org/.

Surveys, Slides, Videos and more!

June 5, 2013
AnnouncementConference

RVAsec 2013 is over and we are very pleased with how everything turned out!  It was an aggressive move to grow the way we did this year, but we heard your feedback loud and clear, and you demanded more!

The first year RVAsec was a 1 day single track conference that attracted approximately 170 attendees.  This year, we grew to 2 days, 2 tracks and had over 265 attendees!

Some thanks are in order for:

  • Our brilliant keynote speakers Alex Hutton and Chris Wysopal
  • The amazing speakers that shared their time and knowledge!
  • All of the trainers for providing affordable classes to the RVA community
  • Hack.RVA for once again making awesome badges
  • Hope and VCU for all of their support and the facility
  • All of the volunteers for donating their time to ensure everything was in order
  • The sponsors for making it possible to put on the conference
  • Rapid7 for the after party
  • Create A Print & Sign for the shirts
  • The CTF team for putting on an amazing event
  • And of course to everyone that attended RVAsec 2013!

 

We are in the process of cleaning up some loose ends to wrap up RVAsec 2013.  Here are a few other quick updates:

  • Attendee survey will be out soon–we need your feedback to make RVAsec 2014 even better, so please take a few minutes to complete it
  • Training feedback survey has been sent to all attendees
  • Slides will be posted soon
  • We will be starting post processing on video in the coming days and will have them ready as soon as possible.

 

If you have any questions please contact us!

Lockpicking & Lock Forensics

Instructor: Schuyler Towne

Locks/Cuffs

A small sample of Schuyler’s locks.

Get comfortable with basic lockpicks, open some security pinned locks (and possibly high security), and have an understanding of Pin Tumbler, Wafer and Disc Detainer locks.

This workshop is based around understanding both how to pick locks and how to analyze the evidence picking leaves behind. We will explore myriad methods of entry on basic pin tumbler locks, then, after each method is fully understood, we’ll place the components of the locks you’ve opened under a high-definition microscope and explain how to interpret the tool marks you have left behind.

The methods of entry covered will include:
  • Single-pin picking
  • Raking
  • Percussive attacks (pick guns/bumping)
  • Impressioning
At the end of the workshop we’ll test your new knowledge by examining a few lock examples I’ve brought along under the microscope and analyze them together.

 

About The Instructor

Schuyler Towne is obsessed with locks. While he got his start picking locks competitively, his interest has since exploded into every aspect of their history, design and manipulation. He’s taught hackers, authors, cops and even toy designers. There is nothing Schuyler loves more than to talk locks with anyone who will listen. His interests in the history of physical security and design of locks provides a passionate background to his lectures and workshops on lockpicking. Currently he is writing an Almanac of Locksport for O’Reilly and studying media portrayals of lockpicking.

Title: Lock Picking and Lock Forensics

Instructor: Schuyler Towne

Date: 6/4/2014, 9AM-5PM

Cost: $250


Register for this Class

Sponsors-Old

Platinum Sponsors
VCU Technology Services
Altria Client Services
CrowdStrike

Gold Sponsors
Assura Consulting
Fortinet
Carmax
Okta
University of Richmond School of Continuing and Professional Studies
RSA
Rapid7

Silver Sponsors
Trend Micro
BHIS
Risk Based Security
Advanced Network Technologies
Extrahop
Focal Point Data Risk
Cyberark
ISACA Virginia Chapter
Infoblox
Deltarisk
Aruba Networks
Segra Communications
NC4
Tenable Security
Checkpoint Security
Optiv
Netskope
Palo Alto Networks
Malwarebytes
ePlus
Venafi
Infranet
Intsights
LogRhythm

Bronze Sponsors
GE

Mobile Site Sponsor

Badge Sponsor
Cisco

CTF Sponsor
Capital One

Hospitality Sponsors
SentinelOne
Lacework

After Party Sponsors
Risk Based Security
Guidepoint Security

CTF Support & Prize Sponsors
Netsparker

Speaker Dinner Sponsor
Varonis

Reception Sponsor
Vector

Room Sponsors
McAfee
Atos

Bag Sponsor
Fortinet

Associate Sponsors
Akamai
cirt.net

Wifi Sponsor
ABS Technology

Ice Cream Sponsor
Risk Based Security

Popcorn Sponsor
Zscaler

About RVAsec

RVAsec is the first Richmond, VA based security conference to bring top speakers to the mid-Atlantic region.

Why Sponsor

RVAsec is the only security conference between Washington DC and Raleigh NC, reaching a largely untapped market of security professionals and executives. We expect RVAsec 2019 to be approximately 650-700 people–a mix of technical engineers, managers and CISOs. Sponsorship has the potential to reach local attendees from several large corporations, including Capital One Bank, Carmax, Dominion, Markel, Altria, Genworth, GE, Federal Reserve Bank of Richmond, Anthem, and MeadeWestvaco, among others.

Levels

We have multiple sponsorship levels to meet your needs–each level includes various items and perks. There are a limited numbers of sponsors at each level, and sponsors are picked solely at the discretion of RVAsec in order to best serve our attendees and sponsors. We are also seeking sponsors for items such as breakfast, lunch, breaks, receptions and after-parties!

 Contact Us!

If you are interested in sponsoring this event or have any questions, please contact sponsors@rvasec.com to request the full sponsor marketing package.

 

Speakers CFP

The call for presentations (CFP) for RVAsec 3 is open!

CFP deadline is Friday, February 14th, 2014 at 11:59 PM Eastern!

RVAsec 3
June 5-6th, 2013
Richmond, VA, on the Virginia Commonwealth University campus

RVAsec is a Richmond, VA based security convention that brings top industry speakers to the midatlantic region. In its second year, RVAsec 2013 attracted 265 security professionals from across the country. For 2014, the conference is a two day and dual-track format, with a mixed focus on technical and management/business presentations.

All talks must be 55 minutes in length, and submissions will need to select from one of two tracks:

  • Business
  • Technical

 

The following types of presentations will not be accepted:

  • Sales or marketing for companies or products
  • CFP submissions from in-house or agency PR/marketing professionals
  • Talks which do not offer new insight or perspective

RVAsec will hold no copyright on presentation content, but all speakers will be required to provide approval to post slides and video recordings of the talk on the RVAsec or other web sites.

Speaker Perks

  • Free admission to RVAsec
  • Invitation to the RVAsec speaker party
  • RVAsec T-shirt, badge & attendee swag bag
  • One 50% off pass for a friend or co-worker
  • Fame and glory, internet style!
  • Opportunity to be the recipient of the RVAsec “STFU” sign

RVAsec has a limited travel budget, but speakers who request travel
assistance may be eligible for:

  • Travel allotment up to $300
  • 3 nights hotel at the Crowne Plaza Richmond Downtown
Please note that companies that fund their speaker’s travel will receive a free Associate Sponsorship Level.

Click here to submit a talk to the CFP now!

 

If you are interested in running a training class on June 4th, please email us at info@rvasec.com with the following information:

1) Title Of Class
2) Overview of Class
3) Instructor
4) Instructor Bio
5) Class Size
6) Student Prerequisites:
7) Proposed Cost / Amount Required Per Student: