Skip to main content
BSides Las Vegas 2017

ATTENTION PROSPECTIVE PRESENTERS AND MENTORS!!!

The CFP for Underground and Ground1234! (our Passwordscon placeholder) are OPEN through Midnight, 5/31.  

All other tracks are closed at this time.  All remaining acceptance/rejection letters will go out by Midnight on Wednesday, June 14th.

For more information on the Proving Ground program, please visit https://www.bsideslv.org/pgcfp/ (Speakers) or https://www.bsideslv.org/pgcfm/ (Mentors)

 

BSidesLV 2017 will consist of eight speaking tracks, and three workshop tracks.  The content of the tracks will be determined by this open Call For Presenters, as well as some select curated presentations for our "Hire Ground" and "I Am The Cavalry" events.

BSidesLV is committed to keeping our conference vendor-pitch free. Any abstracts that reflect a sales approach or talk of the product and not the tech will be rejected out of hand. Speakers sneaking a sales or product pitch in under the guise of a tech talk will be pulled from stage and publically shamed and humiliated on Social Media. All talks are vetted through our CFP committee, and any talks submitted on behalf of someone else (i.e.: not submitted by one of the primary authors) will not be considered.

Please refer to the Sample Submission below, for proper formatting!

We are excited to hear what you have to share, and look forward to seeing all of you in July!

 

Sample Submission

Note to the reader: This is a completely made up talk (courtesy of the fine folks at ShmooCon).

It’s not intended to be a perfect, canonical instance of a submission, but it does illustrate what types of information to include, the LOWEST level of detail to use, and the overall flow of a good submission. 

The more concrete data and context you can provide on your assertions and their impact, the more accurately we’ll be able to assess how interesting the research/concepts you are sharing will be to our participants, and how your talk will fit into the overall balance of the event. 

Did you implement your recommendations anywhere?  What was the result?  How many more root shells did you get, how much faster or with how much less tester time?  How prevalent are the unresolved attack vectors you’re trying to get industry to address, and what are the financial or other costs of ignoring them?

What reduction did you achieve in analyst turnover?  How much did you improve mean time to detection for breaches in your org?  How much more of your organization’s code base is getting audited intelligently because you’ve automated away XSRF detection and prevention? 

What failures/problems did you have before you learned your lessons and how successfully are you avoiding them now?  Tell us how amazing your amazing is, because we love your amazing and we want everyone else to love it too. 

1. Title of Presentation

Template Management Using Osiris

2. Presenter(s) Name(s)

Bruce Potter

3. Abstract

Osiris is an open source integrity monitoring software system written by the Shmoo Group many years ago. It is used in many organizations as a scalable means to monitor for changes created by change management violations and penetration by external actors. One of the challenges with Osiris (and any integrity monitoring tool) is minimizing the amount of noise created by inconsequential changes. Osiris addresses this problem through the use of templates that limit the scope of monitoring based on the host OS and user customizations. Unfortunately as OS’s evolve, the set of files that SHOULD be monitored can often change and osiris templates don’t account for these changes.

We have developed a lightweight tool to monitor running systems to instrument changes over time and ultimately recommend changes to the currently deployed templates. Rather than performing full blown scans and checksumming to look for changes, this tool will only examine MAC times thereby dramatically reducing a “normal” instrumentation scan. Administrators are able to look at the statistical data under the tool and determine what changes to accept to the running template. We have also developed a public database of templates based on results from the tool so that organizations can provide updated templates back to the community.

4. Detailed Outline

5. List of other conferences

We presented our data on system file drift at BSides Antarctica in July. However that research has been updated and the tools and database are completely new.

6. Why is this a good fit for BSides LV

We feel that integrity management is an important capability for any modern enterprise, especially with the ease of which adversaries can modify attacks and malware to avoid detection by AV and IPS. We feel that our template update system provides a key component that is otherwise missing in integrity management systems.

7. Previous experience

We have presented at BSidesLV  before. We have also delivered presentations at DefCon, Blackhat, The Gathering of The Shmoo, and InfoSec Anonymous.

You can see video of our best previous presentation here: https://youtu.be/dQw4w9WgXcQ

8. List of facilities requested

We need to be able to project 2 different systems at one time for our demonstration. Please let us know if that’s a problem as we’ll retool our demo to accommodate one screen.

Session Chairs:

Authors:

Review and Program Committees:

Chair:

 

Powered by OpenConf®
Copyright ©2002-2016 Zakon Group LLC