Bsides PDX 2018 Workshops

Fri, October 26 2018, 12:00 AM - Sat, October 27 2018, 5:00 PM [PST]

777 NE Martin Luther King Jr Blvd, Portland, OR, United States

REGISTER NOW

1. Select Seats

2. Review and Proceed

Sorry. This event is currently not on sale. We apologize for any inconvenience.

Lee Fisher and Paul English - Detecting Evil Maid Firmware Attacks (Friday, Noon to 2PM) Partial Approval -$5.03

Sales end on -Not on sale yet

Firmware is software that controls the hardware; firmware-based malware (bootkits, firmworms, etc.) has very low-level system access, even while the system is powered off, and is invisible to most security tools. This workshop gives an introduction to platform firmware security, for DFIR professionals responsible for protecting critical infrastructure. Beginning with an introduction to the technologies (UEFI, ACPI, SMM, BMC, Redfish, etc.), the threats, available open source tools, and guidance and best practices, and the latest NIST firmware security lifecycle guidance. The presentation will cover and the lab will use tools like CHIPSEC, UEFITool, UEFIDump, FirmWare Test Suite, ACPIdump, and other open source tools to obtain diagnostic and security information – and ‘blobs’ from the firmware. We will demonstrate how our open source software Firmware Audit (fwaudit) can be used to assist with automation and logging and forensics, and our cloud service for storage and centralized analys

Erik Bjorge, Maggie Jauregui, Brent Holtsclaw, and Aaron Frinzell - UEFI and CHIPSEC development for Security Researchers (Friday, 2:30 PM to 5PM) Partial Approval - $5.03

Sales end on -Not on sale yet

Have you ever wanted to learn how to develop interesting firmware platform functionality? We believe in enabling the community to properly implement and use the Unified Extensible Firmware Interface (UEFI) functionality for both feature development and security research. Join our workshop and learn how to implement your very own bootloader. The class is based around the open source implementation of UEFI: TianoCore. We’ll go over UEFI development basics, TianoCore development do’s and don’ts, and how to implement interesting functionality including System Management Interrupt (SMI) handlers. You’ll get hands-on UEFI experience in coding, compiling, and testing platform firmware. Furthermore, the workshop will also include a CHIPSEC section in which you will learn how to develop your own CHIPSEC modules and tests (including fuzzing of platform interfaces) ideal for firmware security researchers looking for a deeper dive into platform configuration and stress testing. Pre-requisite

Wu-chang Feng - Smart-fuzzing with American Fuzzy Lop (AFL) (Saturday, 11AM to 1PM) Partial Approval -$5.03

Sales end on -Not on sale yet

Because of its potential for finding software errors quickly, smart fuzzing has become increasingly prevalent in software development and testing in order to secure the programs, libraries, and operating systems that we rely upon. This lab provides a guided introduction to smart-fuzzing using AFL with exercises that will walk you through how to use the tool to identify and correct some of the most common and devastating software errors. Participants should bring a laptop that is configured to run Docker locally or have access to cloud infrastructure that can run containers. Directions for doing this are here: https://thefengs.com/wuchang/courses/cs492/afl

Joshua Pereyda and Tim Clemans - Custom Network Protocol Fuzzing (Saturday, 1:30PM to 5PM) Partial Approval - $5.03

Sales end on -Not on sale yet

Get hands on experience writing custom network protocol fuzzers. This class will cover the basics of network protocol “smart fuzzing.” Exercises will utilize the open source network protocol fuzzing framework, boofuzz. Attendees will gain practice reverse engineering a network protocol, implementing and iterating on a custom fuzzer, and identifying vulnerabilities. After: You will know the basics of fuzzing. You will know how to write custom network protocol fuzzers using state of the art open source tools. You will have hands on experience with this widely-discussed but still largely mysterious test method. Before (Prerequisites): You should: Be comfortable doing some basic programming in Python. Understand basic network protocol concepts (e.g. what is a protocol and what is a network layer). Be familiar with WireShark and how to use it. Have a laptop with at least 8 GB of RAM. What you won’t learn: Exploit development. Python programming. Because you can already d

Enter your discount code

  • Subtotal (excluding fees and discounts)
  • Fee
  • Total amount

Event Information

Fri, October 26 2018, 12:00 AM - Sat, October 27 2018, 5:00 PM [PST]

About the Event

We have closed early registration for the workshops. Several of the workshops have prerequisites that must be done, but some will be able to accept walk-ins if there is enough space. We'll post availability outside the workshop room at the event.

 

See https://bsidespdx.org/events/2018/workshops for details about these workshops.

 

Security Bsides Portland 2018 will be Friday, October 26, and Saturday, October 27.

 

BSidesPDX will be held at the Oregon Convention Center

BSides PDX is a gathering of the most interesting infosec minds in Portland and the Pacific Northwest! Our passion about all things security has driven attendance from other parts of the country. Our goal is to provide an open environment for the InfoSec community to engage in conversations, learn from each other and promote knowledge sharing and collaboration. The Portland and greater Northwest information security community spans a broad spectrum of participation from CISOs, Fortune 100 company security experts, small business system admins, to independent security researchers.

Cancellation policy

Please cancel if you know you won't attend so others can reserve space

Event Location