Browsing Tag

Security BSides

Conferences, InfoSec Issues

Backup Buddies – BSidesLV | BlackHat | DefCon 2015

July 20, 2015

We are back for the 3rd year!!!!

Backup Buddies

Backup Buddies started in 2013 due to the great deal of attention paid to the treatment and incidents involving females at conferences. Instead of just addressing problems after the fact or talking about it, this is our call to action to address any potential issues and offering at least somewhat of a solution. This year, much like last, I’m SO THRILLED to say that many amazing members of the Black Hat / DEF CON community have jumped onboard to help as well to be the ‘eyes’ and ‘ears’ for anyone who needed a hand.

I truly love this community and the amazing experience that the conferences can be, and we all want to do our part to ensuring everyone (from industry to journalists and everyone in-between) has the most positive experience that they can. For the 2015 week of Security BSides + BlackHat + DEFCON,  a bunch of us are offering up our time and efforts to help. If you or someone you know, especially (but not only) female, who is new to the conferences or might need a friendly hand, give them this number:


This has been setup to contact me via voice and text during the conference so if I’m not close by, I can pass it on to one of our trusted ‘Buddies’ that is close to the area to help assist people who find themselves uncomfortable, need a friend to talk to about something that happened, are in a situation that is turning bad that need some assistance, or need some first-time attendee guidance. Anyone who reaches out will have their information kept confidential and not shared unless the individual wishes for someone to speak on their behalf.

This number is not:

  • A party-info line. I can’t get you into parties.
  • A general conference information line. Google and conference staffs are there for you for general info.
  • A phishing expedition.
  • 1-900-CHATROOM.
  • “I just wanted to see what’s up”

This number is for situations such as:

  • I need help with or someone to talk to in confidence about an inappropriate situation that is developing or has occurred.
  • It’s my first conference and I feel absolutely alone or am having an absolutely horrid experience.

This line has been a positive experience, let’s keep the option open for those who may need it. Please don’t be “that guy/girl” who abuses the number or thinks it’s funny to crank call. Go crank call rooms at Bally’s instead 😉 .

If you are trusting, friendly, and want to help others, send an email to backups at


Gender Issues

It all started with a Pillow Fight….

February 9, 2012


At least the friendships did, and through the conversations over on the BSides threads that have been going on for sometime now, the direction has changed to history. Even though there has been much controversy around BSides, it is time that it moves forward with the ideas and principles that it was set out with. One of the ideas of BSides was being the opportunity to get talks/presentations to the public that the “big-box” conferences would never accept.

In 2009 for DefCon 17 a group of us girls (Ladies, Women, whatever makes you happy to be called… I prefer girls in this context) were planning a “Sec-y Pillowfight” to support EFF. What a mess this became as it brought into question how we view females and especially how females are treated and viewed in the InfoSec field. It was because of the first BSidesLV being planned that the idea of a panel discussion (Feathers will fly Panel! – Professional Image and Gender Issues for Women in Security) about the Pillowfight and the gender issues around it came to be. I knew a few of the people already that were going to be on the panel, like Jennifer Jabbusch @jjx and Stacy Thayer @StacyThayer,  but it was because of the collaboration that I became friends with four other incredible women in information security (Leigh HoneywellLeigh HollowellNicolle Neulist, and Magen Hughes)! The idea sharing and discussions have lasted far past the first panel, and well into today.

This is what SecurityBSides is to me. SecurityBSides is an opportunity to share ideas, have open dialogue with presenters during presentations, bring about new ideas, and foster lifelong friendships (professional and otherwise).

The idea of BSides will live far beyond the brand because the entire community is what creates the heartbeat of BSides. Yet, I would prefer the brand heal, as it is very special to a lot of us.


Security Summer-Camp – Part 1: The Talks

July 23, 2010

SecBarbie’s talk picks of the week:

Black Hat

Wednesday 1:45pm – 3pm

Augustus 1 & 2

Barnaby Jack – Jackpotting Automated Teller Machines Redux!

Wednesday 3:15pm – 4:30pm


Dan Kaminsky – Black Ops Of Fundamental Defense: Web Edition

Wednesday 4:45pm – 6pm

Augustus 5 & 6

Fyodor – Mastering the Nmap Scripting Engine

Milano 5 – 8

Alex Hutton / Allison Miller – Ushering in the Post-GRC World: Applied Threat Modeling

Thursday 10am – 11am

Augustus 3 & 4

Chris Hoff – Cloudinomicon: Idepotent Infrastructure, Survivable Systems & Bringing   Sexy Back to Information Centricity

Thursday 11:15am – 12:30pm


Cesar Cerrudo – Token Kidnapping’s Revenge

Forum 25

Lee Kushner, Mike Murray   –  Your Career = Your Business

Milano 5 – 8

Tiffany Rad – The DMCA & ACTA vs. Academic & Professional Research: How Misuse   of this Intellectual Property Legislation Chills Research, Disclosure and   Innovation

Thursday 3:15pm – 4:30pm

Milano 1 – 4

Samy Kamkar – How I met your girlfriend

Wednesday also has the Cloud Security Alliance Summit with some pretty amazing, insightful, and wicked cool folks such as:

Chris Hoff   –   Cloudersize Keynote

Josh Pennell   –   Hacking the Hypervisor 2010

Steve Riley   –   Security and compliance in the Amazon cloud


Security BSides – Las Vegas 2010

I can’t even begin to pick the Security BSides talks (special mention to the InfoSec Mentor Panel that I’ll be on Wednesday at 6pm) as I would whole-heartedly endorse all of them. Bravo to the talk selection guys! So, here is the BSides Schedule:


On The Keys



10:00 AM David Rook Injecting Simplicity not SQL Daniel Molina Top 10 Things IT is Doing to Enable CyberCrime
11:00 AM Ryan Linn Multi-Player MetaSploit Will Gragido Through the rabbit hole: An Expose of Darknets and the Onion Routed Underground
12:00 PM Christopher E. Pogue Sniper Forensics Gene Kim Mobilizing the PCI Resistance: Lessons Learned From Fighting Prior Wars (SOX-404)
01:00 PM Chris Lytle, 

Leigh Hollowell

CCDC Andrew Hay, 

Chris Nickerson

Building Bridges –  Forcing Hackers and Business to Hug it Out
02:00 PM Sean-Paul Correll, 

Luis Corrons

Catch That Butterfly: Stopping Mariposa in its Tracks and Revealing a Growing Underground Network of Amateur Hackers Vik Phatak ExploitHub: Arming the Pen Testers to Plug the Holes
03:00 PM Dave Kennedy (Rel1K) SET 0.6 release with special PHUKD Key Paul Judge, David Maynor The Dark side of Twitter, Measuring and Analyzing Malicious Activity on Twitter
04:00 PM frank^2 Fuck Tools, Do It yourself Jerk Grecs Infosec Communities for Career Success: Understanding, Participating, and Cooking One Up
05:00 PM Jabra Joseph Sokoly Infosec Young and Restless
06:00 PM Jim MacLeod Stupid IP Tables Tricks INFOSEC Mentoring, Mentee-ing Panel
10:00 AM Jimmy Shah Mobile Hackery Josh Corman, Dennis Fisher, HD Moore, Jack Daniel InfoSec Speed Debates
11:00 AM Egyp7 Beyond r57 Chris Sumner Social Network Special Ops
12:00 PM HDM Fun with VxWorks Frank Breedijk, Ian Southam The road to hell is paved with best practices
01:00 PM Davi Ottenheimer Keypad Bypass Hacks Bruce Potter How to Make Network Diagrams that Don’t Suck
02:00 PM Zach Lanier It Melts In Your Hand: An Overview of Security (Failures) In Mobile Applications Eric Smith Roman Profiles : The 6 Mistakes of
03:00 PM Ray Kelly A mechanics view of SQL injection ValSmith Social Engineering the CFP Process
04:00 PM Moxie Marlinspike How technology killed my heroes, and why they will never be born again Chris Roberts Planes, Trains and Automobiles: (OK, Cars and Buses)
05:00 PM Jason Ross Who Owns the Internet? AKA: Where did all that cyberspace go? Andre Gironda App Assessments Reloaded


DefCon 18

Friday 1pm – 2pm

Track 4

Dennis Brown – How Hackers Won the Zombie Apocalypse

Friday 2pm – 3pm

Track 3

Jim Rennie, Eric Rachner – Search & Seizure & Golfballs

Friday 3pm – 3:30pm

Track 5

Righter Kunkel – Air Traffic Control Insecurity 2.0


Friday 4pm – 5pm

Track 4

Tottenkoph – An Introduction to Virtual Graffiti

Friday 5pm – 6pm

Track 2

Sumit Siddharth – Hacking Oracle from Web Apps

Friday 6pm – 6:20pm

Track 5

Marisa Fagan – Be A MENTOR!

Friday 9pm – ???pm

Track 1

Hacker Jeopardy!!!!!!!      – Bring Booze!

Saturday 10am – 11am

Track 2

Jeremy Brown – Exploiting SCADA Systems

Saturday 10am – 11am

Track 4

Chris Paget – Extreme-range RFID Tracking

Saturday 11am – 12pm

Track 4

Barnaby Jack – Jackpotting Automated Teller Machines Redux!

Saturday 12pm – 1pm

Track 1

Nicholas Percoco, Christian Papathanasiou – “This is not the Droid you’re looking for..”

Saturday 1pm – 2pm

Track 1

frank^2 – Trolling Reverse-Engineers with Math: Ness…. It Hurts…

Saturday 3pm – 4pm

Track 2

James Arlen – SCADA and ICS for Security Experts: How to avoid Cyberduchery

Saturday 3pm – 4pm

Track 5

Garry Pejski – My Life as a Spyware Developer


Saturday 4pm – 5pm

Track 4

Jayson Street – Deceiving the Heavens to Cross the Sea: Using the 26 stratagems for Social Engineering


Saturday 5pm – 6pm

Track 4

Leigh Honeywell, follower – Physical Computing, Virtual Security: Adding the Arduino Microcontroller Development Environment to your security toolbox

Saturday 7pm – 9pm

Track 5

DefCon Security Jam III: Now in 3D?

Saturday 10pm – ??pm

Track 4

10,000 Cent Pyramid

Sunday 10am – 11am

Track 4

Mike Bailey – Web Services we just don’t need

Sunday 11am –  12pm

Track 2

Valsmith, Colin Ames, Anthony Lai – Balancing the Pwn Trade Deficit

Sunday 1pm –  2pm

Track 5, rvd, vyrus, no maam – ChaosVPN for Playing CTFs

Sunday 2pm –  3pm

Track 3

David Smith, Samuel Petreski – A new approach to forensic methodology – !!BUSTED!! Case Studies

Sunday 4pm –  5pm

Track 1

The Suggmeister – Social Networking Special Ops: Extending Data Visualization Tools for Faster Pwnage


Sunday 5pm –  6pm

Track 1

Justin Morehouse, Tony Flick – Getting Social with the Smart Grid

Sunday 6pm


Please reclaim all lost livers here!



If you are NOT going to be in the melt-your-face-off land of Las Vegas next week, you can follow all of the action and some of the parties via my live-conference feed on twitter.