Monday, August 26, 2013

Hack3rCon^4 - Eye of the Storm

Drum roll please!!!

I have been selected to present at Hack3rCon^4. This will be my second time presenting at what is one of my favorite cons. What is the topic you ask?

NSA wiretaps are legal and other annoying facts

I debated whether I wanted to display my outline here but, to be honest, my presentation grows with every day of research.

As usual, I will write a blog post about the con and will provide a link to the video provided by IronGeek.

Tuesday, August 13, 2013

DEFCON Shoot (Two days I never should have missed)

To sum it up...♫ I did a bad bad thing ♫ You see, while volunteering at BSides Las Vegas, I decided not to go the DEFCON shoot. After all, I didn't have a car, I didn't know anyone, and I was having a good time at the Tuscany. Now that I am home and the con craze is over, I realized I should have gone anyway. Here are the top 10 reasons why:

(Drum roll please!)

  1. What better way is there to exercise your 2nd Amendment rights than to throw some lead down range!
  2. Having no car is not an excuse! The DEFCON Forums include a shoot thread where details of the carpool are discussed.
  3. The BSides staff had a shuttle bus that ran to the Rio multiple times a day.
  4. Registration for the shoot is easy.
  5. The price is right. $20 at the door. Cheaper if you register early and get one of the discounts.
  6. You get to spend time with some really great people. Deviant Ollam (of DEFCON17 "Packing & Friendly Skies" fame) for one.
  7. A bad day on the range is still a great day!
  8. The smell of gunpowder is exhilarating!
  9. Transfer of knowledge. I have been shooting for 30+ years and am still learning.
  10. The chance to shoot guns that you haven't shot before. I have access to quite an extensive collection but there are still guns haven't shot. Friendly shooters will let you shoot their guns.
(Crash of the cymbals!)

     To correct my transgressions, I reached out to Deviant and volunteered for the DEFCON22 Shoot. After all, the top reason for me becoming a certified NRA Pistol Instructor and Range Safety Officer was to promote the shooting sports in a positive and safe manner.
     I encourage you head out to the DEFCON forums and the Unofficial DEFCON Shoot Page for more information. I hope to see you next year and remember to shoot safe, shoot accurately, and defend your 2nd Amendment rights!

Friday, August 9, 2013

Thanks Irongeek!!!

     I had the honor of assisting Irongeek (Adrian) with video capture at BSides Las Vegas last week. Not only did it get me a free badge to the event, it reinforced a lesson I learned years ago: The more you help others, the more you get in return. Volunteering at BSides connected me with a whole new group of friends as well as solidified my friendship with those I had met before.

Irongeek ButtonToday I added Irongeek's RSS feed to my blog. His feed/website hosts videos from many conferences (BSides Las Vegas, BSides Boston, AIDE, Outerz0ne, and Notacon to name a few), InfoSec articles (Raspberry Pi recipes, How I Got Pwned, and I2P/Tor workshot notes) , and a host of other information. Please check it out regularly and don't forget to click on his sponsored links (he does get a few pennies when you do).

Thursday, August 1, 2013

The BSides that started it all

This year I was fortunate enough to attend Security BSides Las Vegas. Security BSides spawned from the inability of Black Hat USA to include all of the worthy presentations in their lineup in 2009. This shortcoming resulted in one of the best InfoSec conferences in the nation.

     The first thing that I noticed was that the venue changed from the Artisan to the Tuscany Suites and Casino. I liked the unique atmosphere of the Artisan but felt cramped (this from a former Navy submariner). The Tuscany suites were nice and spacious, cheap, and clean. In addition, the hotel staff were friendly.
     Because I arrived the morning before the conference, I decided to take a stroll around the facilities. This is something that I learned in the military. Always know where you need to go, how to get there, and develop a sense of situational awareness. While doing so, I stumbled across the main meeting room for the con. There were many volunteers rushing around putting the finishing touches on the meeting rooms. Because I like to meet new people and felt the need to pitch in, I asked where I could help. Over 2 hours later, after folding what seemed like thousands of t-shirts, I managed to meet many new friends. Exhausted from the days travels, I turned in.

     The morning of July 31st, I woke early and returned to the conference area to check in and badge up. The abilities of the volunteer staff was evident as the line constantly flowed and I got my volunteer badge and complimentary sling bag in no time. In addition, a random staff member handed me a social engineering badge and explained that I was now part of the Social Engineering Capture the Flag. Fun! I quickly found Irongeek since I was volunteering to be one of his video monkeys (he used a different name for me).
      What I experienced next was pure joy and
excitement. I was witness to 2 full days of information security, computer hacking, and life enrichment/self help. I only attended 2 presentations out of 16 that I didn't absolutely enjoy. These 2 just weren't to my liking (personally, not professionally). The con staff did an excellent job at selecting presentations/presenters. Every presenter was personable and stayed to ask questions after their talks (something that doesn't always happen at other cons).
     Some of the presentations I attended were:

  • Christien Rioux: "The Security Industry - How to Survice Becoming Management" (KEYNOTE)
  • Jimmy Shah, David Shaw, and Matt Dewitt: "Discovering Dark Matter: Towards Better Android Malware Heuristics"
  • Jay "Rad" Radcliffe: "Mom! I Broke My Insulin Pump...Again!"
  • Evan Davidson and Noah Schiffman: "Dungeons & Dragons, Siege Warfare, and Fantasy Defense in Depth"
  • Jack Daniel: "The Erudite Inebriate's Guide to Life, Liberty, and the Pursuit of Happiness"
  • Nicholas J. Percoco and Joshua Corman: "The Calvary Isn't Coming: Starting the Revolution to FSCK it All!"
  • Steve Werby: "Crunching the Top 10,000 Websites' Password Policies and Controls"

     So, I have rambled on as usual. I will now cut to the chase. Here are the takeaways from my BSides Las Vegas 2013 trip:

  1. The new venue (Tuscany) was open and airy with plenty of space
  2. There were 6 distinct tracks (double last year): breaking ground, common ground, proving ground, underground, lightning talks, and training ground
  3. The staff were approachable, helpful, and cared about their product
  4. The volunteers did a great job
  5. The price was right - FREE!
  6. The talks were informative and high quality (new presenters were assigned mentors)
  7. There were free shuttles to the other cons (Black Hat and DEFCON)
  1. I didn't get my free drink coupons upon checkin (remedied quickly when I notified the staff)
  2. There are not many budget restaurants within walking distance (the midnight Steak and Egg special in the hotel was only $5.99)
More information on BSides Las Vegas can be found at and

***BSides Las Vegas presentations (and many others) can be watched for free on the website