Blog Posts

Workshops

Check out the event registration page for new workshops available!

Burp Suite Workshop

Gain hands-on experience with Burp Suite in this three hour workshop with the author of the Burp Suite Cookbook, Sunny Wear. She will teach you how to start using Burp Suite like a pro! 

Outline:

Workshop Agenda:

Materials, Lab Setup 
Calibrating Burp 
Intruding with Intruder 
Attacking the Client 
Extending Functionality with Extensions 
Writing Burp Macros 

Student Requirements: 

Each student must provide their own Laptop: 
Operating System: Windows 7 or above (with admin privilege) 
OR Any Linux Distro 
OR MAC RAM: Minimum 4GB (but 8GB is preferred) 
Hard disk: Minimum 50GB free space 
Oracle Virtual Box 

Software will be provided via a USB drive but having VB already installed will accelerate the process for getting students into the content.

A Modern and Practical Introduction to Software Reverse Engineering

Taught by Hahna Kane Latonick and Kevin Fujimoto

OVERVIEW 

This course introduces students to software reverse engineering using a modern and practical approach. Students will walk away from this class knowing how to reverse x64 and x86 binaries. We believe it’s best to learn by doing; therefore, the concepts covered in this training will be taught primarily through hands-on exercises using modern tools for static analysis. 

Thus, we immediately dive into analyzing binaries. We get everyone up to speed by briefly covering x64 assembly, so that you can analyze any x64 or x86 binary without the need for source code. Using key features of IDA Pro, we’ll reverse engineer binaries to identify data types and operators. We’ll recognize control flow patterns and understand arithmetic sequences. We’ll dissect function calls, calling conventions, and program structures. Using the disassembler, we’ll cover memory layout and addressing, including registers, the stack, heap, and memory segments. We’ll then master low-level analysis of pointers, arrays, and structures. 

Each step of the way, students will be solving binary puzzles that are reflective of real-word applications to learn the concept at hand. By the end of this class, students will have the necessary skills to reverse engineer binaries for offensive and defensive applications as well as for fun in CTF competitions. 

COURSE OUTLINE 

4-Hour Half-Day Workshop 
● Introduction to x64 assembly 
● Introduction to IDA Pro 
● Static Analysis Methodology 
● Lab exercises throughout entire workshop 

WHO SHOULD TAKE THIS COURSE 

Whether you’re a security professional, security enthusiast, or hobbyist, this course is for anyone who wants to figure out how to analyze, understand, and modify software without source code. 

STUDENT REQUIREMENTS 

Some knowledge of x86 assembly is required. Students should be comfortable with the basics of the C programming language. Familiarity with C++ or Python is a plus. 

WHAT STUDENTS SHOULD BRING 

Students should bring a laptop with VMware installed, and at least 50 GB of free disk space. VMs with examples, tools, and exercises will be distributed in class via USB sticks. 

WHAT STUDENTS WILL BE PROVIDED WITH 

Instructors will provide a USB stick loaded with course slides and the complete reverse engineering environment for the class, including tools, sample code, and lab exercises.

Defensive Security Podcast – Live

Jerry Bell and Andrew Kalat of the Defensive Security Podcast will be recording their podcast live at B-Sides Orlando! If you have not listened before it’s a great show put on by seasoned pros working in information security.

From their About Page:

The Defensive Security podcast is an attempt to look at recent security news and pick out lessons we can apply to the organizations we are charged with keeping secure. This podcast is hosted by Jerry Bell (@maliciouslink) and Andrew Kalat (@lerg). This podcast and web site are not affiliated with the employers of Mr Bell or Mr Kalat.

You can subscribe to the Defensive Security Podcast in iTunes here.  The RSS feed for the podcast is here.


Changes to Workshops

We’ve made some changes this year to our workshops that we think will help grow BSides Orlando and the talent in the Central Florida community. We have also dedicated ourselves to being transparent about decisions regarding the conference as this is a community event and you are our community.

In previous years all workshops have been 100% free. However, recently we’ve received feedback that attendees want more technical content, training, and workshops for people who are mid-level in their careers. We also have the opportunity to engage some world class trainers in workshops. To that end we decided to see how we could balanced paid training with our driving ethos of helping grow students and professionals new to security.

We will continue to offer free workshops, but we will also begin to offer some high quality low cost workshops that allow us to bring in professionals from the field to provide training. Our goal is this:

  1. Keep costs for paid workshops low: $50-$100 – This price range is something many students can still afford while also being a price professionals looking for training can manage.
  2. Cover travel for trainers when needed – Too often conferences ask for favors of professionals to spread knowledge. Our community is amazing, but if we don’t help them offset some travel costs we are essentially asking them to pay for the privilege of improving our conference. We don’t want to be that conference.
  3. For some trainers training is their job – In some cases, we may engage professional trainers that may be compensated for their time. Generally this is in the form of some revenue sharing of the seat count in the class. When we have this type of arrangement it allows the conference to be better and benefits the attendees. The Board will discuss all professional training options and make a decision based on the benefit to the attendees. The goal will always be to deliver the content at low or no cost to attendees.
  4. Any money made after covering costs will go into a speaker travel fund – We are very excited about this! Essentially, for those that can afford to purchase paid training that money will go into a fund to help cover travel for nationally known technical professionals to come speak at B-Sides Orlando in the future. This will help ensure that students just breaking into the field can hear from some of the best in the business without those pros paying out of pocket to travel to our conference

Our goal is always to keep B-Sides Orlando 100% free for students. However, with the feedback we received last year adding some paid workshops strikes a good balance between serving the community, taking care of the people sharing their knowledge through training, and taking any money made and feeding it back into the conference to improve the experience without raising ticket prices

Let us know what you think and keep an eye out for workshops soon!

Ean

A big welcome to our new organizers

We’d like to give a warm welcome to our new organizers Julianne and Bree! Julianne is a sysadmin, jack-of-all-trades, and wannabe InfoSec, currently attempting to learn almost everything she can get her hands on while Bree is a DFIR analyst with a specialty in host based analysis and litigation matters. We’re honored to have them both on staff helping us provide the best security conference in the central Florida area.

CFP 2019

Our organizing team has been hard at work preparing for B-Sides Orlando 2019. This year we’re continuing efforts to improve transparency and we hope this helps aspiring speakers plan talks and content for this year and future iterations.

  • This year we moved from Eventbrite to BusyConf in an effort to move to a blind review where CFP reviewers are unaware of the submitter’s name. We believe a blind review will remove unintentional bias and give speakers an equal footing on submissions.
  • To increase the diversity of the event, our staff has reached out to both women and PoC to encourage speakers from minority groups to submit.
  • We have a goal of a 70/30 split of blind review talks to staff picks to ensure that new voices are heard while maintaining a technical core.

We hope these adjustments will improve our content while providing a more diverse set of speakers that represent our local community.

Improvements for 2019

Coordinating a successful community conference from year to year requires a drive for continuous improvement based on the feedback we receive from the previous year. Last year we sent out a survey on what we could improve and based on your feedback we will:

Add content

  • Increase the content by adding another track (from 2 tracks to 3 tracks)
  • Reduce the length of the lunch gap
  • Further encourage diverse speakers to present
  • Solicit a technical keynote
  • Promote Fire Talks on Twitter

Improve workshops and villages

  • Add more soldering stations
  • Add workshops
  • Provide clearer instructions for labs

General conference improvement

  • Provide further onsite food and beverage options
  • Increase signage
  • Add outdoor shade

Be on the lookout for another survey after this year’s conference. Thank you for your feedback and we look forward to providing an improved conference experience for B-Sides Orlando 2019!

Hack the Planet

Join us for another amazing con as we celebrate 7 years.

March 30th, 2019

7:30AM – Registration Opens
5:00PM – Closing Ceremonies

Full Sail Live

141 University Park Dr
Winter Park, FL 32792

Copyright © 2019 Jonathan Singer & Security B-Sides Orlando. Software Company | Developed By Rara Theme. Powered by WordPress.