BSides was co-founded by Mike Dahn, Jack Daniel, and Chris Nickerson in 2009. In the summer of that year, Black Hat USA rejected several Calls For Papers (CFP) that were submitted from well-known security researchers. Security BSides was created in response to these rejections, which were primarily based on the lack of speaker space and at Black Hat. Most commercial conferences, including Black Hat operate within very restrictive time boundaries to which the conference must adhere to.
The goal of BSides is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening.
BSides is an open platform that gives security experts and industry professionals the opportunity to share ideas, insights, and develop longstanding relationships with others in the community. It is a rare opportunity to directly connect and create trusted relationships with key members of the community.
BSides Asheville (BSides AVL) was started in 2014 by several information security professionals living in the Blue Ridge Mountains of Western North Carolina. BSides AVL is a 100% volunteer-run information security conference that is held annually in Asheville, North Carolina. Presentations at this local conference cover a wide range of information security topics from technical topics, such as dissecting network protocols, to policy issues such as managing information leakage via social networks and complex international problems, such as cyber warfare. The conference also offers hands-on activities, such lock picking and ethnical hacking. Our programming focuses on high-quality content, and our smaller, more intimate networking atmosphere fosters strong audience participation and overall group interaction. BSides Asheville conference aims to give researchers, professionals, and practitioners alike a chance to meet, engage in conversation through scheduled talks and events, as well as offer a networking opportunity that will result in new collaborative efforts for research and other security projects in the local community and beyond.
Our goal is to make this conference affordable for all, so general admission tickets are only $32 dollars per participant, which includes lunch & t-shirt.
This year's conference will be held at The Collider, which is located in the heart of downtown Asheville.
Our annual after party will be held in the Aloft Asheville at the hotel's outside bar "The Ledge." This vivacious veranda gives you a clear view of the bustling boulevard below.
Every year we raffle off door prizes to conference participant. These door prizes have been graciously donate by sponsors and others.
Asheville was the first winner of USA TODAY's Beer City USA title, so BSides Asheville will be holding its Pub Crawl in the downtown area.
Unlike many other conferences where the speaker is rushed in and out, BSides Asheville provides a small and intimate environment for the attendees to directly engage with the speaker before, during, and after their presentation. The speakers for the 5th BSides Asheville Information Security Conference are cybersecurity professionals that you want to know at the conference, but also after the conference. This year's speakers are industry experts & thought leaders from North Carolina and beyond.
Title: Challenges in Applying Machine Learning to Cybersecurity
Abstract: Machine learning and artificial intelligence are all the rage in cybersecurity (and seemingly every other industry). Despite the hype, machine learning is not a magic bullet for security problems. In fact, the security domain contains many unique challenges that make applying machine learning especially difficult. In this talk, I will discuss challenges including sourcing useful data, labeling data, the adversarial nature of security problems, and validation of machine learning models.
Title: Testing Endpoint Security Solutions with Atomic Red Team
Abstract: As organizations deploy endpoint solutions, testing them becomes imperative. Red Canary's applied research team has developed a free open source framework called Atomic Red Team to help organizations conduct these tests. The framework is designed to provide teams with small, discrete tests that are vendor agnostic and representative of actual adversary behavior. This talk will explore the Atomic RedTeam framework and demonstrate basic tests, chaining tests, and opportunities for security teams to contribute to the framework.
Title: Stopping the Explosion of Ransomware
Abstract: Ransomware is spreading at an alarming pace and infecting networks across all industries and company sizes, primarily through phishing attacks. The cyber criminals behind the attacks are furiously innovating and keeping ahead of the defenses. In this session we will have an interactive discussion related to the latest in ransomware threats and how to best protect your organization and yourself against this growing threat.
Title: Categorical Correlations as Probabilistic Rules
Abstract: Identifying Malware Delivery, Port-Protocol Mismatches and Atypical Server Communications Defenders who must understand and protect new networks quickly have a need to rapidly understand a network’s setup, and quickly identify deviations from normality. While many networks run under typical settings due to norms (i.e. DNS runs over port 53), any given network can be configured in a variety of ways. This presentation and the associated paper describe research on leveraging Apache Spark’s FPGrowth and Association Rule Inference algorithms to identify strong categorical correlations, or “rules”, in enriched network data (e.g. Bro, YAF). The work continues by showing how the algorithms can be used to rapidly identify violations of the induced rules, which can be subjected to purpose-built whitelists to surface the most security-relevant violations. This research is novel, and helps analysts move beyond querying for “known knowns” in network traffic. Instead, the algorithms and workflow described here allow analysts to begin by identifying classes of atypical behaviors, and then prune those down to the ones they find most interesting. Running examples from (anonymized) enterprise data include identifying mime-type and file extension discrepancies, mismatched port/protocol combinations, and communications to/from servers over unusual ports. A set of extensions and other potential use cases is described as well.
Title: Leveraging Automation For Threat Intelligence At Scale
Abstract: Effective application of Threat Intelligence in an Enterprise environment presents many challenges, especially for small Threat Intelligence teams. Given the volume of data in threat intelligence streams, it is easy for teams to become overwhelmed with collecting and assimilating data leaving little time for analysis. Automation provides a way to ease the burden on individual analysts, freeing them to do the deep analysis necessary to protect their enterprises. This discussion will dive into freely available technologies and techniques that allow Threat Intelligence teams of any size or budget to manage intelligence feeds effectively at scale and deliver value to their organizations.
Title: Breaking Everything
Abstract: punk.sh is a just-released project that is the next generation of our former PunkSPIDER project. PunkSPIDER aimed to perform web application fuzzing using our custom, and open source, fuzzer/fuzzing library massweb. punk.sh is different in many many ways: first, it performs far more than just web fuzzing. It port scans and banner grabs along with web fuzzing and makes all of this information searchable via an intuitive front-end at https://punk.sh. The aim is to expose vulnerabilities that the bad guys are finding before they find them and alert sysadmins of these so they can then fix them. Oh and did we mention this is all completely free and that we're open sourcing all of the components? We think punk.sh is a cool project, but its architecture is undeniably awesome. On the back-end we're using a scalable relational database to slice and dice the data how we (or you) want and a massively scalable queuing system powered by Apache Kafka. We're using nmap for port and banner grabs along with 100+ (safe) NSE scripts we run against the server along with web app scans from our custom-written web app scanner Ferret. This is all distributed across our queuing cluster, so various nmap and Ferret scans go off at once - don't worry though, politeness of the domains we scan is of the utmost importance and we don't allow our system to flood them with traffic. In this talk we plan to go over the purpose of the project, its architecture, and generally how to use it to your advantage. We think it'll be fun!
For BSides Asheville to succeed in delivering thought-provoking and engaging content to our participants, we depend on the generosity of our sponsors. BSides Asheville extends our sincere appreciation to our sponsors, without whom this conference would not be possible. Please take the time to visit our sponsors' pages to see the great things these organizations are doing to improve cybersecurity in their communities.
These core volunteers helped make the BSides Asheville Information Security Conference possible for 2018. These volunteers are continuously working to improve the conference through community outreach and partnerships. Their goal is not only to build an exceptional conference in the Blue Ridge Mountains of Western North Carolina, but also increase cybersecurity education and awareness in the region.