BSides San Diego - Tutorials 2024

Registration

Please Note: A BSides San Diego Badge is required to attend

Registrations are full.

Since capacity is limited, we do attach a nominal $5 fee to advance registration to prevent speculative registrations and limit no-shows. We will not keep a wait-list, but empty seats will be made available first-come-first-served at the start of the workshop.

If for any reason, this fee is a barrier to your attending, use the coupon code ‘IPROMISETOATTEND’ to register for free.

Tutorials

Attacking the Models: An Introduction to Adversarial Machine Learning

by Travis Smith, @MrTrav

10:25 (120 Minutes)

As a condensed version of a two-day training course that we offer here at HiddenLayer, we will dig into adversarial machine learning tactics and techniques to introduce these concepts to the attendees. Over the course of the workshop we will introduce techniques on inference attacks, model hijacking, as well as prompt injection. To accomplish this we'll provide instruction on using open-source adversarial tools to stage and execute these styles of attacks while giving access to a safe environment to do so. While this is offensive in nature, we will also introduce recommendations on how these types attacks can be prevented and detected.

Student Requirements: Students should bring a laptop. Attendees will not need any prior machine learning experience, but familiarity with python is highly recommended.

Bio: Travis Smith is the VP of ML Threat Operations at HiddenLayer. His original research has been presented at dozens of conferences worldwide including BlackHat, RSA, SecTor, and InfoSec Europe.

Blue Crab Shells: Getting Started with Offensive Rust Programming

by Michael Taggart, mttaggart@infosec.town

12:35 (120 Minutes)

Haven't you heard? Everything's getting rewritten in Rust! Not really, although it can sometimes feel like it. And if you're unfamiliar with the language, there can be serious FOMO. So let's get you started writing Rust binaries for Windows.

Rust offers a lot of advantages for both red team operators and criminal malware developers. As it turns out, the first-party support from Microsoft for the Windows API is very robust. In this two-hour training, we'll go over the basics of the Rust language, set up our development environment, and write some offensive Rust code! Prior programming experience is expected, but we will go through everything necessary to get started with Rust.

Student Requirements: Students should bring a laptop

Bio: Taggart is a security researcher and educator, currently leading threat hunting at UCLA Health. A former teacher and software developer, he uses his experience to create affordable, accessible cybersecurity and programming training at The Taggart Institute.

Intro to Social Engineering

by Ed Miro @theedmiroshow

3:00 (120 minutes)

Intro to Social Engineering” is a 2-hour course that will provide students an extensive crash course in the study, practice, and defense of social engineering. The course will include interactive elements/technology designed to make the session fun and engaging. In this course we will clearly define ‘social engineering’, cover the most common attack vectors utilized in this domain, and explore the history & development of social engineering.

Students will also learn about the psychological factors that make social engineering effective, learn how to develop supporting skill sets, such as intelligence gathering/communication/basic non-verbal analysis, and effective pretext/sock puppet creation. We will also cover basic technical proficiency of tools used in a social engineering attack such as the Social-Engineer Toolkit, Metasploit, and GoPhish. Finally, we will discuss considerations for red teamers such as props and physical penetration concepts when carrying out a social engineering exercise. The course will conclude with recommendations for more advanced training and answering any questions students might have.

Social engineering is a factor in more than 90% of reported breaches. The human element will always be a major potential vulnerability and our best defense is knowledge and awareness. The goal of this course is to give you the tools and information necessary to help keep your organization or network safe.

Student Requirements: Students should bring a laptop

Bio: Ed Miro is a senior technical trainer, and has presented at DEF CON, HOPE, Wild West Hackin’ Fest, Antisyphon Training, and SaintCon. He specializes in training, education, physical security, and social engineering. Ed also organizes Octopus Game, an official DEF CON contest.