Adrian

Boring eForensic Science Items - Brian Martin

Hackers in Unganda: A Documentary (Kickstarter Project) - Jeremy Zerechak

Small Businesses Deserve Security Too - Frank Hackett

Help from the helpdesk - Mick Douglas (@bettersafetynet)

Malware Analysis Triage for n00bs - Grecs (@Grecs)

CCDC and Industry - James L. Siegel Jr. (WolfFlight)

Building an Engaging and Effective Information Security Awareness and Training Program - Bill Gardner

Track 1

Model Integrated Computing (Code Generation) and how it loves you and deserves love back - Michael Walker

Guns & Privacy - Deviant Ollam

Domestic Preparedness (the zombie Apocalypse is nigh upon us) - Illustrious Niteshad & megalos

DIY Neuroscience, EMGs, EEGs, and other recordings - meecie

Hacking Your Ability to Communicate - kadiera

Lasers for Fun! Lasers for Science. Lasers for Security! - Ethan Dicks

Video Everywhere! aka The Personal Distributed HD Video Network - Woz

Esolangs - Daniel Temkin

How We Learned Security from Steve - ghostnomad, ghostnomadjr, knuckles & micronomad

Are we getting better? – Hacking Todays Technology - David Kennedy

Critical Making - Garnet Hertz

DC to Daylight: A whirlwind tour of the radio spectrum, and why it matters. - Stormgren

Skeleton Key: Transforming Medical Discussions Through 3D Printing - KK Pandya

Youthful Exploits of an early ISP - Dop & KevN

Whose Slide Is It Anyway? - nicolle @rogueclown neulist

Track 2

I Forked the Law and We All Won - Fork The Law

Make me Babyproof! - Gina “the kat” Hoang

The Maru Architecture Design: A proposed BYOD architecture for an evolving threat landscape - Michael Smith

You Keep A-Knockin’ But You Can’t Come In - grap3_ap3

Encryption for Everyone - Dru Streicher (_node)

How I Became an iOS Developer for Fun and Debt - Mark Stanilav

AR_GRAF.OBJ: a darknet for the nuEra ?? - kevin carey, shawne michaelain holloway & brian peterson

Creating professional glitch art with PoxParty - Jon Satrom & Ben Syverson

Let’s Go CSRF’n Now! - grap3_ap3

Bad Games Arcade - Jake Eliott

The Winamp Imperative - Yoz (sorry, audio died at 6:09)

Network King Of The Hill (NetKotH): A hacker wargame for organizers who are lazy - Adrian Crenshaw (Irongeek)

Can You Hear Me Now? Leveraging Mobile Devices on Pentests - Georgia Weidman

RAWR (Rapid Assessment of Web Resources) - @al14s and @c0ncealed

In other news, Jessica Miller from No Starch Press wanted me to announce this:

"We've just released the free PDF of bunnie's "Hacking the Xbox" in Aaron Swartz's honor, with links to support the causes Aaron believed in. I thought you might be interested in seeing bunnie's note and helping to spread the word -
http://nostarch.com/xboxfree "

I did not know Aaron, but as a person who has be screwed by an uncaring cover-ass bureaucracy before, I can sympathize.

“Thin Slicing a Black Swan: A Search for the Unknowns” by Michele “@mrsyiswhy” Chubirka & Ronald Reck
“When Did the Smartphone Pentest Framework Get Awesome?” by by Georgia “@georgiaweidman” Weidman
“ShellSquid: Distributed Shells With Node” by Tom Steele
“If You Can Open The Terminal, You Can Capture The Flag: CTF for Everyone” by Nicolle “@rogueclown” Neulist
“Becoming a Time Lord – Implications of Attacking Time Sources” Joe “@joeklein” Klein
“Swinging Security Style: An Immodest Proposal” by Wendy “@451wendy” Nather
“Drones: Augmenting your cyber attack tool bag with aerial weapon systems” by Zac “@ph3n0” Hinkel
“Managed Service Providers: Pwn One and Done” Damian “@integrisec” Profancik
“No Tools? No Problem! Building a PowerShell Botnet” Christopher “@obscuresec” Campbell
“Extending the 20 Critical Security Controls to Gap Assessments and Security Maturity Modelling” John “@pinfosec” Willis
“Protecting Big Data From Cyber APT in the Cloud” Bill “@oncee” Gardner
“Writing a Thumbdrive for Active Disk Antiforensics” Travis “@travisgoodspeed” Goodspeed

On the non-info-sec related front, you know I like to use my backlinks to get things in search results as sort of a bully pulpit. It's my understanding that IU Southeast Chancellor Sandra R. Patterson-Randles is searching for a new job because of some IU policy about mandatory retirement. Ask around the faculty/staff at IUS about her (off the record of course) before you make a hiring decision. Personally, I'd want someone who cares more about the espoused values of the organization, and less about appearances only. Then again, maybe she has the skill set you are looking for, but a parrot with good grammar would seem to be a much cheaper solution in that case.

Another video from Jeremy Druin.

Mutillidae: Using ettercap and sslstrip to capture login
This video by webpwnized (@webpwnized) reviews how to intercept web communications using ettercap and intercept web traffic that is supposed to be protected with SSL using SSLStrip.

Mutillidae SQL Injection via AJAX request with JSON response
This video by webpwnized (@webpwnized) covers pen-testing an SQL Injection vulnerability that occurs in an AJAX request made in the background. The response from the server is JSON. Since AJAX requests and regular request work the same way (since they both follow the rules of the HTTP protocol), the AJAX request can be pen-tested using the same tools and tecniques used with the more traditional requests. The SQL Injection flaw is first discovered then used to pull a list of the tables in the database along with the columns for the target table. Once the target is identified, the defect is used to pull a list of the username and password fields.

Introduction to buffer overflows from ISSA KY workshop 6
This recording is from the Kentucky ISSA Workshop #6 from the November 2012 meeting. In part 5, using Metasploit was covered. In this workshop, buffer overflow vulnerabilities were examined more closely to see how Metasploit exploits might be written. A custom program is written with a known buffer overflow and compiled without the stack canaries or non-executable stack. Also ASLR is disabled on the Ubuntu 12.04 testing host. The program is fuzzed to determine an overflow exists and decompiled with GDB to look at the program logic more closely. Python scripts are used to generate exploits that get closer to over-writing the return pointer with a user supplied value. Once the buffer overflow is identified and the size of the buffer found, the exploit development begins. A custom exploit is developed to inject shellcode into the buffer, determine a reasonable memory address in which to jump, and a root shell gained.

Where We're Going We Don't Need Keys - sp0rus

The Effects of Online Gaming Addiction - Gregory C. Mabry

Android Best Practices and Side Projects - Michael Walker

Starting up a Crypto Party - Peace

Build Free Hardware in Geda - Matthew O'Gorman, Tim Heath

IP Law: Myths and Facts - Rick Sanders

The Safety Dance: Wardriving the 4.9GHz Public Safety Band - Robert Portvliet, Brad Antoniewicz

The Power of Names: How We Define Technology, and How Technology Defines Us - Aestetix

DNS Sec Today - Thomas Clements

Why I am pessimistic about the future - Tom Cross

Welcome to PhreakNIC - Warren Eckstein

Magnets, How Do They Work? - Michael Snyder

Own the Network – Own the Data - Paul Coggin

Something about middleware - Douglas Schmidt

Homebrew Roundtable - Scott Milliken, Erin Shelton

Repurposing Technology - Kim Smith & Kim Lilley

Hiring the Unhireable: Solving the Cyber Security Hiring Crisis From DHS to Wall Street - Winn Schwartau

Network King Of The Hill (NetKotH): A hacker wargame for organizers who are lazy bastards - Adrian Crenshaw

Valerie Thomas: Appearance Hacking 101 - The Art of Everyday Camouflage

Tim Tomes "LanMaSteR53": Next Generation Web Reconnaissance

Thomas Hoffecker: Hack Your Way into a DoD Security Clearance

John Seely CounterSploit MSF as a defense platform

Chris Murrey "f8lerror" & Jake Garlie "jagar": Easy Passwords = Easy Break-Ins

Tyler Wrightson: The Art and Science of Hacking Any Target

Thomas Richards: Android in the Healthcare Workplace

Spencer McIntyre: How I Learned to Stop Worrying and Love the Smart Meter

Shawn Merdinger: Medical Device Security

Rockie Brockway: Business Ramifications of Internet's Unclean Conflicts

Nathan Magniez: Alice in Exploit Redirection Land

Magen Hughes: Are you HIPAA to the Jive

Justin Brown & Frank Hackett: Breaking into Security

Josh Thomas: Off Grid Communications with Android

Jennifer "savagejen" Savage & Daniel "unicorn Furnance": The Patsy Proxy

Jason Pubal: SQL Injection 101

James Siegel: Nice to Meet You

Brett Cunningham: Beyond Strings - Memory Analysis During Incident Response

Gus Fritschie & Nazia Khan: Hacked Hollywood

Evan Anderson: Active Directory Reconnaissance - Attacks and Post-Exploitation

David Young: ISO8583 or Pentesting with Abnormal Targets

David Cowen: Running a Successful Red Team

Damian Profancik: Managed Service Providers - Pwn One and Done

Ben Toews & Scott Behrens: Rapid Blind SQL Injection Exploitation with BBQSQL

Andy Cooper: Why Integgroll Sucks at Python..And You Can Too

SkyDogCon 2012 Videos
Here are the videos from SkyDogCon. Thanks to all of the SkyDogCon crew, especially SeeBlind and others for running the cameras.

Opening Remarks-Trevor Hearn-Skydog

Rious and Sachin - "Hack the Badge"
 
GCS8 and Ginsu - Physical Security; Make sure your building is "Butter Knife Proof"...

Marcus Carey - Security Myths Exposed
 
SpikyGeek - Dealing with difficult co-workers: How I became the "Thanks for the candy" guy
 
Peter Shaw - Pivot2Pcap: a new approach to optimzing cybersecurity operations by tightly coupling the big-picture view provided by Netflow with the in-depth resolving power of PCAP.
 
Carter Smith - Gangs and the use of Technology
 
G. Mark Hardy - Hacking as an Act of War
 
Jeff Brown - RE, CND and Geopolitics, Oh My!

Curtis Koenig - Insanely Great!

Lee Baird - Setting up BackTrack and automating various tasks with bash scripts

Bob Weiss & Benjamin Gatti - Cryptanalysis of the Enigma

Dr. Noah Schiffman - Bioveillance: The Surreptitious Analysis of Physiological and Behavioral Data

Martin Bos & Eric Milam - Advanced Phishing Tactics Beyond User Awareness

Sonny Mounicou - Build a UAV!

Alex Kirk - Lifecycle and Detection of an Exploit Kit

Chris Silvers - Go With the Flow: Strategies for successful social engineering

Scott Moulton - Hack your Credit Score; How the System is Flawed

David Wyde - User-Readable Data and Multiple Personality Disorder

Closing of Conference

Index:
Keynote Jack Daniel InfoSec Stress & Community
Nathan Heald - No Keys, No Worries Lock Picking
Jeremy Druin - NOWASP Mutillidae 2.2 A web pen-testing environment for secure development
Curtis Koenig - Grey Hats and Bug Bounties
Deral Heiland - From Printer to Pwnd Leveraging multifunction printers during penetration testing
James Jardine - Ninja Developers App Sec Testing and SDLC
Joshua Bartley - Data Hiding In Your Application
Keynote Michael Peters The Security TrifectaT - Isolation vs. Collaboration

In this batch we have:

Matt Weeks: Ambush- Catching Intruders at Any Point
Joshua Marpet: separating security intelligence from security FUD
Steve Werby: Building dictionaries and destroying hashes w/amazon EC2
Raphael Mudge: Dirty Red Team Tricks II
David Schuetz (Darth Null) – Slow down cowpoke – When enthusiasm outpaces common sense
Nicolle Neulist: Write your own tools with Python
David McGuire: Maturing the Pen Testing Professional
Matt Presson: Building a database security program
Chris Jenks: Intro to Linux system hardening
Eric Milam: Becoming Mallory
Patrick Tatro: Why isn't everyone pulling security- this is combat
Jason Frisvold: Taming Skynet-using the cloud to automate baseline scanning
JP Dunning & Chris Silvers: Wielding Katana- A live security suite
Mick Douglas – Sprinkler: IR
Matthew Perry: Current trends in computer law
Leonard Isham: SE me – SE you
CLOSING CEREMONY

See you next year, or at Hack3rcon, Skydogcon or Phreaknic.

In this batch we have:

Michael Schearer – Flex your right constituion and political activism in the hacker community
Eric Smith – Penetration testing from a Hot Tub Time Machine
Chris Nickerson (ind303) – Tactical Surveillance: Look at me now!
Jamie Murdock – How to create a one man SOC
Branden Miller / Bill Gardner – Building an Awareness and training program
Dan Crowley / Chris Vinecombe – Vulnerability Spidey Sense
Nathaniel Husted –  Everything you always wanted to know about Security Academia (But were too afraid too ask)
Bill Sempf – What locksport can teach us about security
JP Dunning (.ronin) - The Glitch: Hardware With Hacking Made Easy
Christopher Domas – The future of RE: Dynamic Binary Visulization
Tom Eston / Kevin Johnson – Social Zombies: Rise of the Mobile Dead
KC. Yerrid / Matt Jezorek / Boris Sverdlik (JadedSecurity)- It's not your perimenter. It's you
Deral Heiland -Format String Vulnerabilities 101
Jack Daniel – How Screwed Are We?
Kellep Charles: Security Vulnerablity Assessments. – Process and best practices
John Woods – So you got yourself an infosec manager job. Now what?
K.C. Holland (DevAuto) - Personal Darknet or How to get pr0n @ work
Tony DeLaGrange / Jason Wood:SH5ARK ATTACK- taking a byte out of HTML5!
Matthew Sullivan: Cookie Cadger – taking cookie hijacking to a new level
Stephen Haywood (AverageSecurityGuy) - Introduction to Metasploit Post Exploitation Modules
Noah Beddome: The devils in the Details-A look at bad SE and how to do better
Jay James & Shane MacDougall: Usine McAfee secure/trustguard as attack tools
Roamer and Deviant Ollam - Welcome to NinjaTel, press 2 to activate your device now
Laszlo Toth & Ferenc Spala: Think differently about database hacking

In this batch we have:

Skip Duckwall / Chris Campbell – Puff Puff Pass – Getting the most out of your hash
Jordan Harbinger – Social Engineering Defense Contractors on LinkedIn and Facebook: Who's plugged into your employees?
Paul Asadoorian / John Strand – Everything they told me about security was wrong.
Zack Fasel – Pwned in 60 Seconds -From Network Guest to Windows Domain Admin
Ryan Elkins – Simple Security Defense to thwart an Army of Cyber Ninja Warriors
atlas: RfCat-subghz or bust
Georgia Weidman – Introducing the Smartphone Pentest Framework
Gillis Jones – The Badmin Project
Kyle (kos) Osborn – Physical Drive-By Downloads
Johnny Long – The Evolution of HFC
Dual Core (int0x80) – Moar Anti-Forensics – Moar Louise
Bruce Potter – Security Epistemology: Beliefs – Truth – and Knowledge in the Infosec Community
Josh More – Pen Testing Security Vendors
Jason Gunnoe & Chris Centore -Building the next generation IDS with OSINT
Babak Javadi / Keith Howell: 4140 Ways your alarm system can fail
Benjamin Mauch – Creating a powerful user defense against attackers
Bart Hopper – Hunting Evil
Doug Burks – Security Onion – Network Security monitoring in minutes

Direct downloads from Archive.org will be uploaded when I have all of Day 2 ready.

Hi all. Expect these to come out in phases.

Opening Ceremony
HD Moore – The Wild West
Dan Kaminsky – Black Ops
Mudge – Cyber Fast Track; from the trenches
Jayson E. Street – Securing the Internet: YOU’re doing it wrong (An INFOSEC Intervention)
Jason Scott – Rescuing The Prince of Persia from the sands of time
Dave Marcus – 2FA-Enabled Fraud: Dissecting Operation High Roller
Rafal Los – House of Cards
Rob Fuller / Chris Gates – Dirty Little Secrets Part 2
Chris Hadnagy – Nonverbal Human Hacking
Rick Farina: The Hacker Ethos meets the FOSS ethos
Brent Huston – Info overload..Future shock.. IBM & nature of modern crime
Ian Amit – SexyDefense – the red team tore you a new one. Now what?
egyp7 – Privilege Escalation with the Metasploit Framework
Larry Pesce / Darren Wigley – Hacking Survival: So. You want to compute post-apocalypse?
James Arlen – Doubt – Deceit -Deficiency and Decency – a Decade of Disillusionment
Carlos Perez – DNS Reconnaissance
Sam Gaudet: Pentesting for non-pentesters…through virtual machines
Ryan Linn – Collecting Underpants To Win Your Network
Jerry Gamblin: is it time for another firewall or a security awareness program?

Setting User Agent String And Browser Information

Introduction to user-agent switching: This video uses the Firefox add-on "User-Agent Switcher" to modify several settings in the browser that are transmitted in the user agent string inside HTTP requests. Some web applications will show different content depending on the user agent setting making alteration of the settings useful in web pen testing.

Walkthrough Of CBC Bit Flipping Attack With Solution

This video shows a solution to the view-user-privilege-level in Mutillidae. Before viewing, review how XOR works and more importantly that XOR is communicative (If A xor B = C then it must be true that A xor C = B and also true that B xor C = A). The attack in the video takes advantage that the attacker knows the IV (initialization vector) and the plaintext (user ID). The attack works by flipping each byte in the IV to see what effect is produced on the plaintext (User ID). When the correct byte is located, the ciphertext for that byte is recovered followed by a determination of the correct byte to inject. The correct value is injected to cause the User ID to change.

Mutillidae is available for download at http://sourceforge.net/projects/mutillidae/. Updates about Mutillidae are tweeted to @webpwnized along with announcements about video releases.

Breaking Ground

KEYNOTE, Jack Daniel: "The State of Security BSides"

Matt Weeks: "Ambush - Catching Intruders At Any Point"

Robert Rowley: "Max Level Web App Security"

Davi Ottenheimer: "Big Data's Fourth V: Or Why We'll Never Find the Loch Ness Monster"

HD Moore: "Empirical Exploitation"

Christopher Lytle: "Puzzle Competitions and You"

Parth Patel: "Introducing 'Android Security Evaluation Framework' - ASEF"

Terry Gold: "RFID LOL"

Raphael Mudge: "Force Multipliers for Red Team Operations"

Andrew Hay & Matt Johansen: "Applications and Cloud and Hackers, Oh My!"

Brendan O'Connor: "Reticle: Dropping an Intelligent F-BOMB"

Josh Sokol/Dan Cornell:"The Magic of Symbiotic Security: Creating an Ecosystem of Security Systems"

James Lester & Joseph Tartaro: "Burp Suite: Informing the 99% of what the 1%'ers are knowingly taking advantage of."

dc949 - "Stiltwalker: Round 2"

Gillis Jones: "The Badmin project: (Na-na- nanana Na-na-nanana BADMIN)"

IPv6 Panel / Drinking Game

Proving Ground

Michael Fornal: "How I managed to break into the InfoSec World with only a tweet and an email."

David Keene: "Breaking Microsoft Dynamics Great Plains - an insiders guide"

William Ghote: "Lotus Notes Password Hash Redux"

Spencer McIntyre: "How I Learned To Stop Worrying and Love the Smart Meter"

Christopher Campbell "Shot With Your OwnGun: How Appliances are Used Against You."

Shawn Asmus, Kristov Widak: “Mirror Mirror – Reflected PDF Attacks using SQL Injection”

Georgia Weidman: "Introducing the Smartphone Penetration Testing Framework"

Phil Young: "Mainframed - The Forgotten Fortress"

Walt Williams: "Metrics that Suck Even Less"

Conrad Constantine: "The Leverage of Language: or : How I Realized Information Theory could Save Information Security"

Jason Ding: "The Blooming Social Media Economics Built on "Fake" Identities

Lightning Talks

Here are the talks from the OISF Anniversary Event 2012:

Conference Kickoff - Deral Heiland & Abyss of Cybersecurity - John Bumgarner
Size Does Matter: Password Tools and Data - Bob Weiss
Dingleberry Pi Building a Blackthrow: More inexpensive hardware to leave behind on someone else's network - Adrian Crenshaw
Threat Model Express - Sahba Kazerooni

Here are the talks from Bsides Cleveland 2012:

Secret Pentesting Technigues Shhh...Dave KennedyDave "ReL1K" Kennedy
Focusing on the Fool: Building an Awareness & Training Program - Branden Miller & Bill Gardner
<? $People ?> Process Technology - Jeff @ghostnomad Kirsch
Dingleberry Pi Building a Blackthrow: More inexpensive hardware to leave behind on someone else's network - Adrian "Irongeek" Crenshaw
Testing Enterprise DLP Systems // Advanced data exfiltration techniques - Albert School
Automating Incident Response - Mick Douglas
Business Ramifications of the Internet's Unclean Conflicts - Rockie Brockway
Netflow for Incident Response - Jamison Budacki
Winter is Coming: Cloud Security in Dark Ages - Bill Mathews
What locksport can teach us about security - Bill Sempf <missing>
Pass the Hash like a Rockstar - Martin "PureHate" Bos
Naked Boulder Rolling - Applying Risk Management to Web Application Security - J Wolfgang Goerlich
Anti-Forensics Filler - Irongeek
Outside the Echo Chamber - James Siegel (aka WolfFlight)
Pentesting ASP.NET - Bill Sempf

More Web Pen-Testing Videos From Jeremy Druin
Here are two more videos from Jeremy Druin (@webpwnized):

Using Command Injection To Gain Remote Desktop On Windows

How To Exploit Metasploitable 2 With Nmap Nexpose Nessus Metasploit

Recorded at AIDE 2012. Big thanks to Bill Gardner (@oncee) for having me out to record.

Anti-Forensics: Occult Computing
Adrian Crenshaw

Out of Character: Use of Punycode and Homoglyph Attacks to Obfuscate URLs for Phishing
Adrian Crenshaw

An Introduction to Traffic Analysis: A Pragmatic Approach
Jon Shipp

Pen Testing Web 2.0: The Client
Jeremy Druin

Breaking into Security
Frank J. Hackett and Justin Brown

Sabu the Hacker: The capture, the crimes, the damage done, the slip, the apprehension, and the fallout.
Dr. Marcus Rogers
Jill McIntyre
Boris Sverdlik
Ronald Layton, U.S. Secret Service

BNAT Hijacking: Repairing Broken Communication Channels
Jonathan Claudius

Setting up BackTrack and automating various tasks with bash scripts
Lee Baird

Going on the Offensive - Proactive Measures in Securing YOUR Company
Dave Kennedy

What: BSidesCleveland
When: Friday, July 13, 2012
Where: Embassy Suites Cleveland - Rockside
Address: 5800 Rockside Woods Boulevard, Independence 44131
Cost: Free (as always!)

Register at:
http://www.securitybsides.com/w/page/27427415/BSidesCleveland

Submit to CFP at:
http://www.securitybsides.com/w/page/53552319/BSidesClevelandCFP