Search Results for "2015"

Hacker Warehouse Will Be At RV4sec!

April 16, 2015
Announcement

We are pleased to announce that Hacker Warehouse will be at RV4sec!  This will be the first year attendees will be able to see HackerWarehouse_Banner-1500x750amazing security products that are available and be able to purchase them at the conference.

You can check out the Hacker Warehouse website and get a feel for some of their products. If you want something specific available at RV4sec be sure to let them know!

HackerWarehouse.com strives to be your one-stop shop for all your computer security needs from defense to offense. T understand the importance of tools and gear which is why we strive to carry only the highest quality gear from the best brands in the industry.

We’re dedicated to serving you—our customer—with the highest level of service. Don’t hesitate to contact them should you need anything.

 

CTF: New Hybrid Challenge Includes Live Bug Hunting!

April 15, 2015
AnnouncementCTF

ctfThe RV4sec CTF dev team has been hard at work for the last few months cooking up some great new challenges for this year’s Capture the Flag (CTF) event. We’re sticking with the tiered approach in an effort to bring a healthy mix of educational challenges, along with more difficult “hack the Gibson” challenges.

However, this year’s CTF has a new twist! We are combining the CTF you know and love with live bug hunting with the help of Bugcrowd!  Bugcrowd has run Bug Bashes at conferences before, but we are taking it to the next level at RV4sec: we’ll be incorporating aspects of the live Bugcrowd bug bounty system into the CTF scoring.  This means you can get involved in finding real live bugs on systems and they will count for points in the CTF. Isn’t that excellent?!

BugcrowdThe CTF has been a big success the last few years, and we are working hard to ensure that it continues to educate and provide a fun, safe environment to learn many aspects of IT, IT security, hacking and defending.

We are also working with Bugcrowd to allow CTF participants the ability to give back to the community. We are working on a process to allow local companies and not-for-profit organizations the ability to sign up to have their security tested as part of the CTF.  The live bug hunting aspect will provide real organizations security testing so they can better understand and improve the security posture of their online presence. In the end, isn’t that what IT security should be about?  We hope to provide more information on this very soon!

The CTF team is a mix of folks from many different facets of IT: we’ve got incident responders, hacker trackers, IT directors, pentesters, IT managers and everything in between. These folks have a passion for technology, enjoy exploratory dives into interesting problems, and want to share the joy, fun, frustration, learning, and general shenanigans that make the RV4sec CTF so much fun!

Our hope is that a healthy mix of folks will also come to participate in the free CTF hosted at RV4sec. We want everyone to come out and play, whether you’re new to tech, or you remember putting your first program on punch cards. Come out, plug in (well it’ll be wireless, but…) and get hacking, teaching, and learning.

Also, feel free to tweet us things you’d like to see in the CTF. It’s getting close but there may be time to get the ideas into a challenge. Use hashtag #rv4secctf and tweet to @pipefish_@mpbailey1911, or even @RVAsec with ideas and we’ll see what we can do.

Come out to the RV4sec conference and enjoy the training, the talks, and plan to stop by the CTF for some hackery!

Thanks again to UNOS for sponsoring the CTF, as well as the other organizations donating prizes.

We’ll see you there, and keep your eyes peeled for more information soon!

UNOS

Jennifer Steffens (@SecureSun) To Keynote RV4sec!

April 13, 2015
AnnouncementConference

We are pleased to announce that Jennifer Steffens will be keynoting RV4sec 2015!

As its CEO, Jennifer Steffens spearheads all aspects of IOActive’s global IOActiveCEO_JenniferSteffens_2013_02business operations and drives the company’s strategic vision. Jennifer brings a wealth of industry and business experience to the company, having been an early member of several successful startups.

Earlier in her career, Jennifer was a Director at Sourcefire, where she helped build and grow its run rate from $250K to over $35M in just four years. She helped commercialize the Snort open source intrusion detection and prevention technology and built several service offerings around research initiatives. Prior to joining IOActive, Jennifer came to Seattle to help startup GraniteEdge reinvent itself. While there, she led initiatives to restructure the company and developed a product strategy that ultimately secured two additional rounds of funding. With over ten years of industry experience, Jennifer has held senior management positions at Ubizen, NFR Security, and StillSecure.

Jennifer is a well-respected media source, appearing in InfoSecurity Magazine, SC Magazine, Good Morning America, BBC, Reuters, The Guardian, and CBS News. She has been invited to give keynote presentations at a variety of conferences such as HackInTheBox. Jennifer is a member of EWF, ISSA, and OWASP.

You can follow Jennifer on Twitter at @SecureSun.

Training: Vendor Risk Management and Trust Analysis

Instructor: Pete Herzog

Get a grip on the risk caused by your vendors, cloud, software
providers, partners, and other third parties you need to work with.
Manage it in an orderly way that doesn’t overwhelm you or become the
paperwork that sucks the life out of your job. Master it so you can
make sure the people in charge of those relationships can also help
you manage the security of those 3rd parties. This provides you with
the means and the toolkit you need to do it in a practical,
responsible, and secure method.

The class is divided in 2 parts. The morning will cover how Vendor
Risk Management works:

Part 1
What makes up Vendor Risk Management?
Decision-making for Vendors, Products, Cloud, and more
Techniques for Risk, Trust, and Security Analysis
Managing compliance, the four-letter-word with too many letters

Part 2
Working with the toolkit (web or iphone app).
Hands on- risk management techniques for:
– software
– vendors
– cloud
How to address new tech or new vendor types.
The finale: making your choice from solid facts.

Attendees will take home new, exclusive software tools and checklists
that will let them do amazing things in risk analysis.

About The Instructor

Pete (@peteherzog) is an expert at security tactics orchestrating
operations to fit strategy. As such he is able to solve very complex
security problems across many technologies and then teach and enable
his clients to do the same. He is best known as the creator of the
OSSTMM and Hacker Highschool. He is the co-founder and Managing
Director of ISECOM, a security research non-profit focused on
innovation. You can read about his background:
http://en.wikipedia.org/wiki/Pete_Herzog

His full profile can be found here: www.linkedin.com/in/isecom/.

Here are details about his work in Trust and Neuro-hacking:
http://en.wikipedia.org/wiki/Social_engineering_(security)#Pete_Herzog

Title: Vendor Risk Management and Trust Analysis
Instructor: Pete Herzog
Date: 6/3/2015, 9AM-5PM
Cost: $350
Class Size: 25 seats are available total

Prerequisites: None.

Class Requirements: None.

Register for this Class

Training: Hands-On Lock Picking

Instructor: Schuyler Towne

Get comfortable with basic lockpicks, open some security pinned locks (and possibly high security), and have an understanding of Pin Tumbler, Wafer and Disc Detainer locks.  Learn the baseline knowledge to plan your own facility security, and get a number of excellent references to help continue your study.

The focus will be on Pin Tumbler locks, as they are what a North American audience will encounter most often. You will begin picking these locks early and get plenty of practice with access to the instructor’s lock library, including various specially prepared mid- and high-security locks. From there you will branch out to other locking concepts, and gain an understanding of a wide range of lock types, from safes to magnetics, with particular attention to Wafer and Disc Detainer locks as they are also quite common in the US. The basics of facility security, including what to look for in modern digital locks, will also be covered.

About The Instructor

Schuyler Towne is obsessed with locks. While he got his start picking locks competitively, his interest has since exploded into every aspect of their history, design and manipulation. He’s taught hackers, authors, cops and even toy designers. There is nothing Schuyler loves more than to talk locks with anyone who will listen. His interests in the history of physical security and design of locks provides a passionate background to his lectures and workshops on lockpicking. Currently he is writing an Almanac of Locksport for O’Reilly and studying media portrayals of lockpicking.

Title: Hands-On Lock Picking

Instructor: Schuyler Towne
Date: 6/3/2015, 9AM-5PM
Cost: $250.00
Class Size: 20 seats are available total

Register for this Class

 

Praise for Schuyler Towne’s Class

“I attended Schuyler Towne’s lock picking class at RVAsec a few years ago, and it was bloody amazing. Literally…. it drew blood. This was hands-down and in cuffs one of the best classes I’ve ever attended. Schuyler is very passionate about what he does and incredibly skilled at not only picking locks (though he still has to successfully pick the Ruko locks I gave him), but also passing on his knowledge in an exciting and entertaining manner. Whether you’ve never picked a lock in your life (just like I hadn’t) or quite skilled at it, you will definitely learn something from this class. Challenges are tailored to each attendee’s skillset, and there are both simple locks, advanced locks, digital locks, handcuffs, and combination locks to play with. I definitely recommend this class.”

– Carsten E

“I think the classes [lock picking] are fascinating and valuable whether you’re a hobbyist, or if physical security testing is in (or you want it to be) your job description. Schuyler’s passion for research, and his presentation style really make the whole experience a joy.”

– Nick P

Training: Integrating Computer Forensics with Incident Response

Instructor: Gregory Bell

Over the last decade, the number of crimes that involve computers has grown, spurring an increase in companies and products that aim to assist law enforcement in using computer-based evidence to determine the who, what, where, when, and how for crimes. As a result, computer and network forensics has evolved to assure proper presentation of computer crime evidentiary data into court.

Digital forensic techniques can be used for many purposes, such as investigating crimes and internal policy violations, reconstructing computer security incidents, troubleshooting operational problems, and recovering from accidental system damage. Practically every organization needs to have the capability to perform digital forensics.  However, organizations current incident response policies and procedures do not contain clear statements addressing all major forensic considerations, such as contacting law enforcement, performing monitoring, and conducting regular reviews of forensic policies and procedures.

An accepted definition of “Incident Response” is:

Incident response is an organized approach to addressing and managing the aftermath of a security breach or attack (also known as an incident). The goal is to handle the situation in a way that limits damage and reduces recovery time and costs. An incident response plan includes a policy that defines, in specific terms, what constitutes an incident and provides a step-by-step process that should be followed when an incident occurs.

An acceptable definition of “Computer Forensics” is:

Computer forensics is the application of investigation and analysis techniques to gather and preserve evidence from a particular computing device in a way that is suitable for presentation in a court of law.

This class will show attendees the basic phases of the forensic process and incident response considerations, how to better integrate Computer (Digital) Forensics into their current Incident Response plan and Information System life cycle, and the tools and skill sets used to support computer forensics.  For instance, when employees are terminated does Human Resource notify Information Security to preserve the terminated employee’s hard drive in the event litigation occurs at a later date?

 

About The Instructor

Currently, I am the ISO for the Department of Behavioral Health and Development Services.  In addition, I teach Information Security courses at several colleges as an Adjunct (VCU, University of California, South University, University of Phoenix, Stratford University).  As a Computer Forensic expert, I have handled several high profile cases in the Central Virginia area and provided testimony as an Expert Witness in those cases.

Title: Integrating Computer Forensics with Incident Response
Instructor: Gregory Bell
Date: 6/3/2015, 9AM-5PM
Cost: $300.00
Class Size: 25 seats are available total

Prerequisites: Working knowledge of incident response and some knowledge of computer forensics are helpful.

Class Requirements: None.

Register for this Class

Terry McAuliffe, Governor of Virginia To Provide Remarks At RV4sec!

April 8, 2015
AnnouncementConference

We are pleased to announce that Virginia Governor McAuliffe will be providing remarks at RV4sec!

Terry McAuliffe is the 72nd Governor of Virginia. Since being sworn-into office, Governor McAuliffe has aggressively focused on building a new Virginia Governor Elect Terry McAuliffeeconomy.

Whether traveling to Bedford or Beijing, Governor McAuliffe has made it clear that his number one priority is economic development and he is working hard to create and maintain jobs throughout the Commonwealth.

The Governor is also working to restore trust in government. On his first day in office, he signed an executive order imposing a $100 gift ban on himself, his family, and members of his administration and their families. He established through executive order the Commission on Integrity and Public Confidence in State Government, which will focus on ethics oversight and enforcement, limits on gifts and loans, rules on conflicts of interest, disclosure requirements and post-public service restrictions.

McAuliffe has proven that his administration will be smart stewards of Virginia’s transportation dollars. Demonstrating his commitment to bipartisanship, he worked with Republican leadership on House Bill 2 to prioritize transportation projects based on what is best for Virginia’s commuters not politicians.  He followed through on his commitment to lowering the downtown/midtown tunnel tolls to alleviate the burden on Hampton Roads residents, commuters, and businesses. He eliminated the EZ Pass maintenance fee for all Virginia commuters, and suspended work on Route 460, because he does not believe that Virginia taxpayers should be spending hundreds of millions of dollars on a road when we don’t have permits to ensure its completion. Governor McAuliffe also worked with the Governor of Maryland and the Mayor of the District of Columbia to invest $75 million in our regional metro system – taking cars off the roads and relieving congestion.

Governor McAuliffe understands that in order to compete for the jobs of tomorrow, it is essential that we make key investments today. The Governor signed legislation increasing the amount of Virginia qualified research and development expenses that can now be claimed as a tax credit. This legislation is important because it encourages private companies to invest in the jobs of the future.

In order to ensure that Virginia continues to have the best workers in the world, Governor McAuliffe understands that Virginia must continue to have a world-class education system. This year, he was proud to sign standards of learning reform legislation, to make Virginia’s education system work better for students, teachers, and our schools.

Virginia is home to approximately 800,000 veterans, and the Governor is committed to fighting for those who have so bravely served our country. He expanded the Virginia Values Veterans initiative, which encourages employers to recruit, hire, train, and retrain our veterans. He also signed legislation to provide unemployment compensation to military spouses who leave their job to accompany their spouse to a new military assignment in another state, as well as legislation that will expand access to higher education for eligible veterans’ family members.

In July 2014, Governor McAuliffe signed Executive Order 23 Establishing the New Virginia Economy Workforce Initiative.  With a goal of an additional 50,000 credentials, aligning the workforce supply with demand and giving experience credit to our veterans, Governor McAuliffe wants to redesign our current workforce system to work with the needs of our communities and businesses.

The Governor’s administration has made unprecedented progress on the restoration of rights to rehabilitated felons who have served their time. People who have paid their debt to society should be able to work, pay taxes and vote.

Governor McAuliffe ran for office to fight for uninsured Virginians and that is why he took bold executive action to expand health care. His plan, A Healthy Virginia, will help improve the lives of more than 200,000 Virginians by expanding access to care, improving care for veterans and for those with severe mental illness, and enhancing value and innovation across our health system.

Governor McAuliffe previously served as Chairman of the Democratic National Committee from 2001 to 2005, was co-chairman of President Bill Clinton’s 1996 re-election campaign, and was chairman of Hillary Clinton’s 2008 presidential campaign.

He and his wife Dorothy were married in 1988 and have five children.

The Governor attended Catholic University and Georgetown Law School.

 

Training: Hunting The White Whale – Offensive Application Pentesting

Instructor: Kizz Myanthia

This course will introduce the attendees to the concepts of Information Security, the security issues that plague all applications today, learn how to create an attack strategy, and execute against the problem. This course will encompass both common and easily exploitable vulnerabilities and the more advanced or custom exploits and techniques that attackers use in the real world. We will discuss what motivates an attacker, what the types of mindsets are, and what tools they will most likely use. “The White Whale” will give the attendee an opportunity to learn the fundamentals of Information and Application security through hands on training and QA Lecture. We will work to understand both application and host vulnerabilities and exploits. This class will not only guide a novice tester or admin into the mindset of an attacker, but will give the advanced tester a deeper understanding of IS and application security issues and how to detect, attack, and defend against them.

All students will leave with an in-depth understanding of not only why and how these vulnerabilities are found, but also all of the tools and techniques needed to execute them.

Host/Server

  • Protocol Issues
  • Platform or Host Vulnerabilities (Services and Ports)

 

Web Applications

  • OWASP Top 10 Vulnerabilities (Understanding and Exploitation)Attack the User
  • MITM (Session Hijacking, Snooping, Sniffing)
  • Leveraging the information gained to impersonate an authorized user- Phishing Attacks (How to clone and impersonate a site, Click-jacking, Custom Java code embedding and execution

About The Instructor

Infosec specialist whose qualifications include an indepth understanding of security principals and practices; C|EH, MCSE+Security designations; and detailed knowledge of security tools, technologies and development. Seven years of security experience in the creation and deployment of solutions protecting networks, systems and information assets for diverse companies and organizations, with over 10 years overall in the industry.

Title: Hunting The White Whale – Offensive Application Pentesting
Instructor: Kizz Myanthia
Date: 6/3/2015, 9AM-5PM
Cost: $300.00
Class Size: 20 seats are available total (register early!)

Prerequisites: This course is most useful for anyone that wants to learn how the “Hacker” mindset works, the Information Security administrator, Pentester, or anyone else that wants to gain the knowledge of how a malicious Hacker executes successful attacks. This class is focused on real-world issues and will focus on having the student use the techniques to understand each step.

Class Requirements: Your own laptop with a Virtual Instance of Kali Linux (the instructor can’t provide tech support) and a moderate understanding of PenTesting vocabulary.

Register for this Class

Time is running out!

March 10, 2015
Announcement

WHAT???? 

Only 4 days left to claim your Early Bird Registration special pricing for RV4sec 2015!

For only $125 you get 2 full days of talks, meals, parking, snacks, drinks, reception, after party, prizes, a capture the flag contest, t-shirt and swag.

The price goes up to $150 after Friday, so don’t wait!

REGISTER NOW!

http://rvasec.com/register/

 

Hotel Information – Book now!

March 4, 2015
AnnouncementConference

RVAsec has reserved a block of rooms at the Crowne Plaza for out of town guests. The rate is $113/night (which includes parking).

You can either book online or call the hotel.

When you call (855-472-7802) the hotel please tell mention the block “RVAsec” to get the special rate.

Crowne Plaza Richmond Downtown
555 East Canal Street, Richmond VA 23219
800-2CROWNE



View Larger Map
 

The hotel has a shuttle that runs back and forth from the conference location at VCU for both days.

If for any reason you are unable to get the RVAsec rate or the block of rooms has been filled, please let us know so we can contact the hotel!

Once the block is full or expires we are not able to have it extended.

Make sure you check out information on getting to the conference.