BsidesOK Security Conference – April 30, 2021

Register to attend.

Conference and training sign-up available now.

Our Call for Papers is now open and closes on March 5th, 2021.

If you’ve got a new and industry talk you want to give to Oklahoma’s InfoSec community, then we encourage you to submit.

webmaster@bsidesok:~/bsidesok/2021$ ls -al

drwxrxr-w   2 webmaster webmaster 4096 Jan 27 01:17 .

drwxrxr-w  11 webmaster webmaster 4096 Jan 27 01:16 ..

-rw-r–r–    1 webmaster webmaster 167 Jan 27 01:18 announcement

webmaster@bsidesok:~/bsidesok/2021$ cat announcement

BSidesOK is proud to announce that our 2021 conference will be held on April 30th. The event will be virtual again this year. Follow our twitter for more information.



Application Security & Web / API Penetration Testing

Kris Wall – Stinnett & Associates

April 28 & 29

This course is designed to quickly familiarize students with basic and advanced methodologies of application security testing and give hands-on experience exploiting applications. Students will learn the common weaknesses that web developers introduce to applications by learning to exploit:

  • web applications
  • APIs
  • single page apps
  • code reviews

Students will learn about chaining these vulnerabilities into a full fledged attack chain and their underlying infrastructure. This is a hands on course and a laptop will be required. We’ll go from the basics and into advanced detection methods using commonly available tool sets. To be clear, this is much, much more in depth than the OWASP Top 10.

Red Team Fundamentals for Active Directory

Eric Kuehn – Secure Ideas

April 29

Focused on explaining the fundamentals of Active Directory and how different aspects can be exploited during penetration tests, this course covers different attacks and explains the details of why they work. We also explore how an environment can be made resilient to attacks or detect malicious activity. The course includes hands-on exercises exploring common misconfigurations which are commonly seen in Active Directory. We then exploit these issues to pivot and escalate our access, ultimately gaining full control of an AD Forest.

Professionally Evil Container Security

Cory Sabol – Secure Ideas

April 28

Learn the ins and outs of container security. We start with some foundational lessons on containers and container orchestration. This is followed with container security concerns, configuration issues, and how to abuse them.  The lessons include hardening tips and guidelines. This class is focused primarily on Docker and Kubernetes but can be applied to other container technologies.

Incident Response with Digital Forensics

Donovan Farrow – Alias Forensics

April 28 – 29

Ransomware, phishing attacks, insider threats, business email compromise. All these and more are attack vectors you need to know how to handle as information security professionals. Knowing how to soundly handle devices and what to do with them forensically can make or break your recovery process. In this class, we’ll be taking an in-depth look at digital forensics and how it applies towards various incident response situations. You’ll get hands-on experience with a few different forensic tools and as well as learn the do’s and don’ts of forensic incident response.

Audit Analytics Anyone Can Do

Trent Russell – The Audit Podcast

April 29 (4 hours)

Audit analytics can be overwhelming and fearful. Some might spend more time developing excuses on why not to use analytics than trying to learn the basics. In this seminar, Trent will take us through multiple analytics techniques so you too can learn not only the basics but advanced techniques as well. This course isn’t about concepts. This course is about how to actually do an analysis. We’ll also walk through not only how to develop analytics, but how to develop analytics competencies within your own team. Trent will also walk us through using analytics for IT General Controls testing and how best to use analytics for SOX procedures. Additionally, Trent will provide real-world use cases for using predictive analytics, text-based analytics, and fraud analytics techniques within the audit function.

IT Fraud and Countermeasures

Richard Cascarino- Integrated Decision Engineering Analysis, Inc.

April 28 – 29

With the increasing growth of fraudulent activities within the business world it has

  • become essential that auditors are able to:
    • Examine data and records to detect and trace fraudulent transactions
    • Interview suspects to obtain information and confessions
    • Write investigation reports, advise clients as to their findings and testify at trial
    • Be well-versed in the law as it relates to fraud and fraud investigations
    • Understand the underlying factors that motivate individuals to commit fraud

Fraud prevention and investigation, in particular IT fraud, have become an everyday part of corporate life and the auditor must gain expertise in this area. The workshop covers such issues as the tasks of the forensic auditor, computer fraud and control, abilities required of the fraud auditor, the type and nature of common frauds, and the auditor in court.

Cyber-attacks against the organization.  A primer for Management, Auditors, and non-technical staff

Jonathan Kimmitt – Tulsa University

April 28

In this one day session the class will be covering the primary methods that an attacker might use against an organization.  I will be performing live attacks against a mock environment and we will discuss what they are, how they work, and how to defend from a non-technical point of view.    The class attendees will see the attack and the results, and they will have opportunities to discuss the risk, management decisions, and security controls.

Vendor and Contract Management for IT Management and Auditors

Jonathan Kimmitt – Tulsa University

April 29

In this one-day session the class will cover the review process for contracts and service agreements.  Students will learn how to perform a high-level review of contracts, and then do a deep dive as it relates to IT related items.  This is a highly interactive discussion-based class. We will be reviewing contracts and building a checklist for understanding the contract terms.  This class will help you provide valuable input to your General Counsel and contract managers, while helping your IT department protect your data and systems.