BSidesOK

Training: April 5-6, 2023

Conference: April 7, 2023

About BsidesOK

Hosted in Tulsa, OK – BSidesOK is a free information security conference focused on practical, hands-on training for improving security.

Each BSides is a community-driven framework for building events for and by information security community members.

This is the premier security conference for the state of Oklahoma, pulling speakers from around the country and attendees from several surrounding states. BSidesOK is completely non-profit and volunteer-driven.

Get Involved

Questions? Interested in volunteering?

Email us at info @ bsidesok.com

2023 Keynote

Madison Horn

Madison Horn, former U.S. Senate Nominee, has spent over a decade in cybersecurity, defending American interests against foreign adversaries, nation-states, and terrorist organizations. She has worked within both the startup ecosystem and global organizations, serving as a catalyst leader with an entrepreneurial spirit. Her focus on removing barriers and defiant charisma allows her to build people-first organizations focused on excellence and creativity effectively.

Agenda

9:00 am

Center Room

MADISON HORN

Can I Punch You In The Face?

For too long, we have been in the ring with our guard down, underestimating our opponents and where they come from. But now, new fighters are stepping into the ring, with AI and quantum computing threatening to dismantle the fighting techniques that have served us for years. And if that weren’t enough, there are global hotspots that are throwing their weight around the arena, making the fight more lucrative and compelling. As cyber warfare becomes the main event, we are taking more sophisticated hits, from economic sabotage to hostile-disruptive maneuvers. Fights are spilling into society, with the most damaging being the weakening of trust and confidence in social and political systems. This has caused 91% of industry leaders to believe a catastrophic event will happen over the next year.

As defenders of the ring, we need to ask ourselves: How do we avoid getting punched in the face? When organizations don’t know what’s motivating their opponents, they’re not learning – they’re just dodging punches flat footed. Instead of waiting to be the victim of a knockout blow, we need to change our fighting strategy and start prioritizing active prevention techniques. After all, even the lightest of punches can break through our defenses if we’re not vigilant.

9:00 am

Center Room

MADISON HORN

Can I Punch You In The Face?

For too long, we have been in the ring with our guard down, underestimating our opponents and where they come from. But now, new fighters are stepping into the ring, with AI and quantum computing threatening to dismantle the fighting techniques that have served us for years. And if that weren’t enough, there are global hotspots that are throwing their weight around the arena, making the fight more lucrative and compelling. As cyber warfare becomes the main event, we are taking more sophisticated hits, from economic sabotage to hostile-disruptive maneuvers. Fights are spilling into society, with the most damaging being the weakening of trust and confidence in social and political systems. This has caused 91% of industry leaders to believe a catastrophic event will happen over the next year.

As defenders of the ring, we need to ask ourselves: How do we avoid getting punched in the face? When organizations don’t know what’s motivating their opponents, they’re not learning – they’re just dodging punches flat footed. Instead of waiting to be the victim of a knockout blow, we need to change our fighting strategy and start prioritizing active prevention techniques. After all, even the lightest of punches can break through our defenses if we’re not vigilant.

10:00 am

North Room

Kate Sharp

Battle For The Bus: An Exploration of Targeted Attack on Vehicles

Street vehicles have become more reliant on current technology for daily operations. This improvement in functionality broadens the attack surface and magnifies the potential consequences. Threat actors may use vulnerabilities in vehicle networks such as the Control Area Network (CAN) to execute targeted attacks against high-profile groups. The nature of these attacks goes beyond the scope of a digital environment and threatens physical safety, pressuring the offensive security field to find new talent and technology. This presentation focuses on the basics of understanding the usage and vulnerability of the CAN and presents an offensive security tool in its early development stages. 

Center Room

David Bullas

Mitigate Identity-Based Threats by Climbing the ITDR Maturity Model

Are you concerned about mitigating identity-based threats like account takeovers and insider threats? Take control and secure your organization with Identity Threat Detection and Response (ITDR). Join me for a talk on enhancing cyberattack preparedness by climbing the ITDR Maturity Model.

South Room

Geoff Wilson

Keeping Out the Adversary With Attack Surface Reduction

Attack Surface Reduction is often the quickest way to improve cyber resiliency. Learn how to keep out the adversary using attack surface reduction techniques including Microsoft’s attack surface reduction rulesets, isolating crown jewels, and locking down PowerShell.

11:00 am

North Room

Ryan LaBouve

Hunting Before Day Zero

“Hunting Before Day Zero” is a talk that will delve into details of file and network access on Linux to expose signals of compromise that might indicate our systems are infected and possibly by a zero-day vulnerability!

Center Room

Kevin Sesock

Your Cybersecurity Training Sucks

Scared straight doesn’t work! Still walking your users through how to create a password? STOP! Start teaching your users how to use their Apple iPhone or Android built-in password managers, leaked password tools, and tap-to-pay, and gamify security to create a security culture in your organization.

South Room

Andrew Lemon

Black Swans and Rocket Launchers, what's actually in your threat model?

Pen Testers love showing off … sometimes a little too much. At what point do attacks move from within a customers relevant threat model and into something you would see in a James Bond movie. This talk dives into examples of going too far and learning how emulate relevant threats.

12:00 pm

Center Room

CISO Showdown

1:00 pm

North Room

Jamy Casteel

Intro to API Hacking

APIs have exploded in popularity. It’s imperative to learn the basics and common vulnerabilities so that you can understand the basics for testing APIs. This talk covers API basics, discusses the OWASP API Top 10 and includes learning resources for getting more familiar with the covered material.

Center Room

Todd Wedel

Why John Wayne Works: Social Engineering in the Wild Wild West

Back the blue. Don’t start a fight; always finish one. Hold the door. Yes, ma’m. Don’t mess with Texas. From serious to seemingly frivolous, we’re steeped in ways to think, act, and believe. What if those are all expressions of a “code” that social engineers can use to leverage better exploits?

South Room

Kallen Curtis

Threat Intel for Beginners

In this presentation, you’ll learn practical tools and tips on how you can use defensive threat intelligence to stay ahead of malicious threats and better protect your business.

2:00 pm

North Room

Rachel Schwalk

Misbehaving Binaries: Methods for Detecting LOLBin Abuse

If you’re struggling with detection and having to respond to malicious activity well after occurrence, this talk is for you. I will use a replicable process of identifying normal vs. malicious behavior of commonly abused binaries to create effective detection logic that is bound to catch evil.

Center Room

Susan Lindberg

Machine Learning for Managing Internal Risk: At the Intersection of Security and Privacy

Your boss is watching! While employee supervision isn’t a new idea, electronic monitoring and vetting using machine learning is relatively new. At the same time, consumer privacy law is being extended to employees. What are the hazards, and is bossware worth it?

South Room

Jonah White

EndPoint Security 101: The tools of the trade

Ever wonder what Endpoint Security is and what tools you should use to secure your devices of all different kinds? Jonah white from TrustDigital will discuss the ins and outs of the latest endpoint security tools that vendors offer today to help mitigate against the attacks of tomorrow.

3:00 pm

North Room

John Vecchi

xIoT Hacking Demonstrations & Strategies to Disappoint Bad Actors

I’ll demonstrate several hacks against xIoT (Extended Internet of Things) devices. Bad actor & defender stories will be shared. Research from over six years & millions of devices will be explored. Steps organizations can take to mitigate xIoT risks will be outlined.

Center Room

Ed Schaefer

From Security Last to Security First: How Threat Modeling Can Help Your Agile and DevOps Teams Make the Shift

Too many agile teams take a “security last” approach, relying on scans and automation to fix known vulnerabilities. Threat Modeling gives teams a shared language and model for security so they can think like an attacker and a tool to build into their schedule to really be “security first”.

South Room

James Lawler

Hardening Windows 10 (at home or anywhere) Made 'Easier'

I will take you through security settings that you can apply today to your win10 machine and some other settings that can be applied with caveats and what those may be. The goal is to give a simple approach to making your Windows a more hardened and secure operating environment for all.

4:00 pm

Center Room

Final Remarks and Raffle

Training

Check-in for trainings opens at 8:30am and classes begin at 9:00am.

NOTICE:

After purchase, training tickets will reflect the conference date. Please be aware, the training dates and times listed on the website and the Eventbrite main page are accurate.

Responding to an Incident and Beyond: IR Training

Taught by Donovan Farrow and Tanner Shinn of Alias Infosec

1-day training class on Wednesday, April 5 - $250

Don’t get caught by surprise – join the Alias IR team and learn how to respond to a cyber-attack. Understand how to walk through an incident response situation and become familiar with the various tools our team utilizes during an engagement. You’ll learn the best ways to respond to different types of IR situations (ransomware, business email compromise, data breach, etc.) in the event your business is compromised. Bring your laptop as this will be a hands-on-keyboard, interactive learning environment.

A few key takeaways include:

  • A comprehensive break down of how to respond to a cyber incident.
  • The tools our team utilize while working an incident.
  • The do’s and don’ts of negotiating with a hacker.
  • How to rebuild your business so you don’t get hit again.

How to review contracts for IT Security Professionals

Taught by Jonathan Kimmitt of Alias Infosec

1-day training class on Thursday, April 6 - $250

In this one-day session the class will cover the review process for contracts and service agreements. Students will learn how to perform a high-level review of contracts, and then do a deep dive as it relates to IT related items. This is a highly interactive discussion-based class. We will be reviewing contracts and building a checklist for understanding the contract terms. This class will help you provide valuable input to your General Counsel and contract managers, while helping your IT department protect your data and systems.

Whether it is a software as a service, a software license, sales contract, or a user agreement, we deal with contracts daily. At the organizational level, there may be several contracts executed every single day, and many times there are IT requirements either directly in the contract, or in the underlying support of the contract terms.

Additionally, with new laws about data privacy and new liability requirements for decisions makers, it is important that IT professionals understand and be involved in the entire ‘Contract Life Cycle’ for their organization.

Professionally Evil Network Testing

Taught by Aaron Moss & Nathan Sweaney of Secure Ideas

2-day training class Wednesday, April 5 and Thursday, April 6 - $500

This hands-on course will teach attendees a basic methodology for network penetration testing and an introduction to the processes used. Students will walk through the phases of Reconnaissance, Mapping, Discovery, Exploitation, and Post-Exploitation with demonstrations of various tools and tactics used in each phase. The course is heavily focused on hands-on labs so that attendees have the opportunity to actually use common tools and techniques. By the end of training, students will understand the structure of a penetration test and have the experience necessary to begin practicing the demonstrated toolsets.

Students are expected to have some prior knowledge of network principles (i.e. be familiar with network troubleshooting, TCP/IP protocols, etc), and some general IT experience. Familiarity with command line interfaces and a basic understanding of security concepts are also useful. This is not an advanced course, however, students with little IT experience may struggle to keep up.

BASH'n PowerShell

Taught by James Lawler & John Robertson

1/2 day training class Thursday morning, April 6 - $125

This course will go over and attempt to train the student in everything they need to know about BASH and PowerShell in hopes to get more people comfortable with command line interfaces and display the power and speed in doing so. We will go over ways to use these shells for anything from system administration to information security. This course will have instructor led instruction, but will be mostly practical based and very hands on for the students’ learning benefit.

Blue Team Operations

Taught by James Lawler & John Robertson

1/2 day training class Thursday afternoon, April 6 - $125

This course will attempt to get the student more familiar with some ‘Blue Team’ concepts with a focus on log gathering from various sources, and loading them into a central location to conduct analysis. We will use open source and built-in system techniques to do that today, and ways you can implement the concepts we display as well as give some hands-on lessons to get dirty yourself in log parsing and analytics. Like the BASH’n PowerShell class, which is not a prerequisite but may help, this course will be as hands-on as possible.

Save the Data

Vendor-provided event sponsorship by Rubrik

1/2 day training class Wednesday afternoon, April 5 - $20

Ever witnessed a ransomware attack firsthand? Get all of the experience with none of the risk in this fully immersive experience.

It’s the middle of the night. Your phone rings. Your heart sinks as the person on the other end reads you the ransom note. All your data is encrypted—even your backups—and they want $1 million. Luckily, it’s all part of the live, role-playing experience.

Join Rubrik in partnership with Microsoft for this in-person event to see what happens behind the scenes during a ransomware attack and run through what you might do if faced with a similar situation.

Palo Alto Ultimate Test Drive

Vendor-provided event sponsorship by Palo Alto

1-day training class Thursday, April 6 - $20

This is your chance to get behind the driver’s seat of the industry’s leading network security solutions. It’s a guided, hands-on experience that’s designed for every experience level. Each workshop is customized to enhance your understanding of how our products work and how they can improve your organization’s security posture. We’ll take you step-by-step through each of our solutions, with an expert instructor to guide you.

This is way more than a demo. With Ultimate Test Drives, you’re running the show. Get access to our solutions in a virtual lab environment to discover exactly how they perform in the real world. You’ll work through an array of common enterprise security problems and see firsthand how you can use our security technologies to solve them.

Happy Hour

Join us on Thursday, April 6th at 5pm to kick off BSides OK 2023 with drinks, food and games. Pre-registration closes noon Friday, March 31st.

Main Event
7830 S Santa Fe Ave
Tulsa, OK