Please Note: A BSides San Diego Badge is required to attend
Registration for tutorials is OPEN
Since capacity is limited, we do attach a nominal $5 fee to advance registration to prevent speculative registrations and limit no-shows. We will not keep a wait-list, but empty seats will be made available first-come-first-served at the start of the workshop.
If for any reason, this fee is a barrier to your attending, use the coupon code ‘IPROMISETOATTEND’ to register for free.
Return of the Mac: How to Bring it Back From a Malware Attack
by Aspen Lindblom @blcklstddbggr
March 7th 10:30-11:15am (45min)
The MacOS environment can present unique challenges in terms of analyzing malware and providing appropriate mitigation. This presentation will provide an introduction to tackling the problem of Mac malware and will include demonstrations on malware analysis. Topics will include understanding the structure of fake installers, tools to use when hunting for Indicators of Attack/Compromise, and answer the ultimate question: What do you do if you think your Mac is infected? A must-take class for those beginning their journey into Mac Malware analysis and defense.
Student Requirements: Preferred Students have a Macbook, all students with a minimum skill level of familiarity with terminal or command prompt are welcome. Please bring a Macbook OR a laptop capable of running a REMnux VM from a USB drive.
Bio: Aspen Lindblom is a Threat Analyst at CrowdStrike. She was in IT for 8 years before switching to cyber security. In her spare time she volunteers as the VP for WiCyS SoCal and participates in bug bounty programs.
Qubes: A Most Unusual and Exciting OS
by Larry Biggs (Giglio) @larrybiggs
March 7th 1-3pm (2 hrs)
In this session you will learn about Qubes and can bring your own blank Qubes compatible laptop (for examples see https://www.qubes-os.org/hcl/) and we will walk you through installing Qubes on it and demonstrate several helpful use cases illustrating the benefits of the Qubes operating system. We will show you how to install a portable local pi-hole (https://pi-hole.net/) instance within your Qubes laptop with DNS over HTTPS to filter and block ads and other malicious sites.
Registered attendees will have access to our Qubes slack for this session containing resources related to Qubes, the presentation and other suggestions regarding ways to increase your privacy and security in our increasingly invasive digital world.
Upon completion of the session you should have Qubes installed on the laptop you brought with you, have learned how to use Qubes, have a local portable pi-hole instance for filtering and protecting your Internet activities.
Students should bring a laptop compatible to install Qubes which is ready to be formatted. Compatablity lists can be found here:
Bio: Larry Biggs is a Forensic and Threat Analytics Security Engineer at MedImpact Healthcare Systems. Biggs has worked in the staffing, manufacturing, mortgage and healthcare industries, each providing unique insights into how critical information needs to be protected.
Anatomy of a Hack
by Charles Gamboa
March 8th 10:00-11:30am (1.5hrs)
Experience an interactive, cautionary demonstration of how a hacker might gain control of a company's entire network with just the information found on a business card.
Students will not need to bring anything to the training and It'll be written for basic-intermediate pentest professionals.
Bio: Charles has over 8 years of experience. He has a BS in Computer Networking, his CEH, CASP, Security+, Network+ and specializes in Risk Management. He also supports Sentek Global's Haiku Cyber Range team with with the California Mayor’s Cup and the SoCal Cyber Cup Challenge.
Please, Run This File: Introduction to Backdooring x86 Executables
by v3ga @Dataclast
March 8th 1:00-2:30pm (1.5hrs)
This class will focus on the basic skills needed to backdoor a Windows x86 executable for exploitation on an Intel x86 processor running Windows. The class will assume there is a general knowledge of Buffer Overflows, ASM and general knowledge of working with a debugger. This course is meant to be first time exploit development friendly and help to help you gain interest in the field of exploitation.
Windows 32 Bit (XP, Vista, 7, Windows10) which can be running on your systems in a VM
Ollydbgor OR Immunity Debugger
a Hex Editor (xvi32)
Bio: My name is v3ga and I am a Penetration Tester for large corporation.