Richmond, VA

June 2nd - 3rd, 2016

Badges: Hack.RVA At It Again!

We are very pleased that Hack.RVA will be the masterminds behind our badges once again!  They have been with us since the very beginning and this makes it the 5th conference in a row. We know just how much work is involved with this project and we are privileged to have their creations at our conference!

We recently spoke with Morgan Stuart and Paul Bruggeman about the badges:

(RVAsec) The badges have always been a huge hit at RVAsec. Can you tell us a little about the badges and the process over the years?

For us, the goal of the RVAsec badge has always been to make something that gets the conference goers talking and engaging with each other. That means puzzles, games, and usually some way to screw with each other.

This year, like the past years, the badges have all been built by hand, right here in RVA by a bunch of crazy HackRVA members. We start from bare copper boards, etch out our custom design, place surface-mount parts, hand-solder through-hole components, and flash them with our own firmware. This removes any manufacturing cost, which frees up some green to stuff the board with cool features and components. It also gives the badges a unique look that you won’t find anywhere else.

This will be the fourth RVAsec badge that Paul and I have organized out of HackRVA, and each year we try and find ways to improve on the end result. It’s been challenging, but everyone is proud of the progress we make each year. We’ll have all the past year’s badges on display at our booth, so newcomers and nostalgia-seekers should come check it out.

(RVAsec) What are the plans for the badges this year?  What are the new features?

We really liked last year’s hardware, and felt that the design could stick around at least one more year. Still, we reworked the layout quite a bit to help prevent the hardware failures we were seeing and improve some of the functionality. Since we didn’t have to redesign the hardware from scratch, or implement drivers for new components, we could procrastinate bit more on the whole project. In all seriousness, we’ve used the extra time to involve more people and start thinking a little bigger with software. We have a lot more people cranking out code, including some special attention to power management. We’re looking forward to the inevitable commit/merge frenzy in the final days.

(RVAsec) How is the badge build process going this year?

We’ve etched, placed parts, and performed an initial QC on over 350 Badges. Now we’re soldering on the final through hole components and doing a more thorough QC pass on every board.

(RVAsec) It was rumored the badges played a part in the CTF last year.  Can you tell us more?

It wasn’t a secret – last year we had a wide range of challenges for people to complete on the badge that would net them points in the conference CTF. Difficulty ranged from following simple instructions within the badge’s menu, to parsing through the raw firmware, to decoding low-frequency serial transmissions. And yes, there will be more badge CTF challenges this year!

(RVAsec) If someone wanted to hack them, what would they need to do?

The badges will again have standard USB, which can be used to re-flash the firmware or even call many of the core routines.

(RVAsec) Can you give attendees any other hints about the badges?

We’ve always enjoyed adding some nostalgia-factors to the badge, and this year will be no different. Also, this year’s badges should match almost any outfit…

(RVAsec) Anything else?

Obviously Paul and I are not doing this alone, we’ve had amazing help from some very dedicated volunteers out of HackRVA. We start in the fall with hour-long meetings each week and we slowly ramp up to 4 hour build sessions in the spring. It’s quite the commitment and support grows every year. Quick shout-out to some of those that have been contributing:

  • Jon Lundquist

  • Alan Ford

  • Lloyd Flanagan

  • Jason Phillips

  • Allison Sands

  • Thad Martin

  • Eli Woods

  • Giovanni Viscardi

  • Charles Nelson


We are very excited to see the badges this year and know RVA5sec attendees will love them again!

If you have time to visit one of their Thursday night Open Houses that occur every week, like tonight, you should go check them out!

Speaker Feature: Caleb “chill” Crable & Evan “detro” Keiser

Caleb “chill” Crable & Evan “detro” Keiser

@dirtywhitehat @detro

Caleb Crable

Cylance
Caleb is a Malware Analyst at Cylance, practicing dirtywhitehat, and frequent contributor to the information security community both online and at technology security events. Caleb enjoys long walks on the beach with polymorphic malware in his leisure.

Evan also serves as a Malware Analyst at Cylance, constantly disseminating new threat intelligence among his team and performing security incident Evan Keiserreconstruction in his spare time. Based in Raleigh-Durham, North Carolina, in his free time Evan is an avid lock picking enthusiast and penetration tester who enjoys finding holes in virtual and physical security controls of all kinds, belgian waffles and hacking all the things.

Cloud & Control: Where do we go from here?
With so many people taking advantage of the cloud, no one really thinks about how the cloud is taking advantage of you. We will be taking an in-depth look at the pros, and mostly cons, of the datacenter clusters that we harmlessly refer to as cloud infrastructure. Whether it be saucy selfies, bank or medical records, or even just highly valued data in general; How safe do you actually think it is…on someone else’s computer?

Register Now!

 

RVA5ec Schedule Now Posted!

schedule_clipartThe full schedule for the RV5sec 2016 conference is now published!

With the huge success of last year we have kept things pretty consistent for 2016.

Registration & breakfast start at 8 AM on Thursday, June 4th and end at 6 PM (followed by the after party).

Registration and breakfast start again at 8 AM Friday, June 5th and end at 4 PM, followed immediately by the closing reception at VCU.

For the full details and times for specific talks, please see the schedule page.

Silver Sponsor Feature: GE

www.ge.com

@ge

GE

GE (NYSE: GE) is the world’s Digital Industrial Company, transforming industry with software-defined machines and solutions that are connected, responsive and predictive. GE is organized around a global exchange of knowledge, the “GE Store,” through which each business shares and accesses the same technology, markets, structure and intellect.

Come see us at RVAsec! Register now.

Trey Ford to Keynote RVAsec!

Trey Ford - low res - cropped-TIGHTERWe are pleased to announce that Trey Ford will be keynoting RVA5ec!

Trey Ford is a security executive, industry strategist and research advocate. Over the last 15 years, Trey ran Black Hat events worldwide as General Manager, and provided services ranging from global security strategy, incident response, product management, PCI QSA and security engineering for a variety for industry leaders including Rapid7, Zynga, McAfee, FishNet Security and WhiteHat Security.

Speaker Feature: Michelle Schafer and Tim Wilson

Michelle Schafer & Tim Wilson

@mschaferMichelle Schafer_Headshot

Merritt Group
Michelle Schafer is Senior Vice President and runs the cybersecurity team at Merritt Group, an integrated marketing and public relations firm based in the DC area. Over the past decade, Michelle has represented more than 50 security companies including BlackHat, CrowdStrike, Mandiant, Netwitness, Venafi, MACH37, PhishMe, (ISC)2, PGP and Fortify Software, among others. She is a MACH37 mentor and frequently presents at conferences like RVASec and Security B-Sides about the role of media in cybersecurity.

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech’s online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one of the top cyber security journalists in the US in voting among his peers, conducted by the SANS Institute. In 2011 he was named one of the 50 Most Powerful Voices in Security by SYS-CON Media.

The Changing Mind of the Security Pro — How Hype and Media Shape Infosec Priorities
One of the most difficult jobs of today’s security professional is setting priorities in a storm of news reports, vulnerability disclosures, and product announcements. With so much hype and misinformation on the Web and in the media, how can infosec pros determine which problems to tackle first? In this informative session, top experts in the fields of security PR and media will discuss the various ways that threats and technology are overhyped — and how you can sort through the noise to determine what really matters to your organization

Register Now!

Virginia Secretary of Technology, Karen R. Jackson to Keynote RVAsec!

Karen Jackson Pic

We are pleased to announce that Karen Jackson will be keynoting RVA5ec!

Karen Jackson serves as the Secretary of Technology for the Commonwealth.  Prior to her appointment, she served as the Commonwealth’s Deputy Secretary of Technology and Vice President of Broadband Programs for the Center for Innovative Technology.

Ms. Jackson serves as a senior advisor to the Governor on technology matters including innovation, data analytics, telecommunications, cybersecurity, and unmanned systems.  She is also responsible for overseeing the Commonwealth’s IT infrastructure.

As Secretary, she is responsible for policy and legislative initiatives as well as developing programs to facilitate innovation, entrepreneurship, technology development and adoption. Ms. Jackson also serves as the Virginia lead for the Mid-Atlantic Aviation Partnership (MAAP) and co-chair of the Virginia Cybersecurity Commission.

Ms. Jackson has been actively engaged in the federal policy initiatives including the development of the National Broadband Plan. She received a 2009 IP3 award from Public Knowledge for her work in information policy, and was named to Government Technology’s 2010 list of the top 25 Doers, Dreamers, and Drivers.  She was recently named to The Governing Institute Women in Government Leadership Program Class of 2015.

Ms. Jackson serves on a number of Boards including the Virginia Economic Development Partnership, the Center for Innovative Technology, and serves as Governor McAuliffe’s representative to the FCC’s Intergovernmental Advisory Committee.

She holds a bachelor’s of science in business management from Christopher Newport University and a master’s of business administration from The College of William and Mary.

Speaker Feature: Steve Christey

Steve Christey

Steve Christey

Steve Christey

@sushidude

www.mitre.org

MITRE
Steve Christey Coley is a Principal Information Security Engineer in the Cyber Security Division at The MITRE Corporation, supporting FDA CDRH on medical device cyber security. Steve was co-creator and Editor of the CVE list and chair of the CVE Editorial Board from 1999 to 2015. He is the technical lead for CWE, the Common Weakness Scoring System (CWSS), and the CWE/SANS Top 25 Software Most Dangerous Software Errors. He was a co-author of the influential “Responsible Vulnerability Disclosure Process” IETF draft with Chris Wysopal in 2002. He was an active contributor to other community-oriented efforts such as CVSS, CVRF, and NIST’s Static Analysis Tool Exposition (SATE). His interests include adapting traditional IT security
methodologies to new areas, software assurance, improving vulnerability information exchange, and making the cybersecurity profession more inclusive for anybody who seeks a place in it. He holds a B.S. in Computer Science from Hobart College.

Toward Consistent, Usable Security Risk Assessment of Medical Devices
“CVSS? For *my* medical device?” It’s more likely than you think.

With so many different stakeholders in the medical device ecosystem – including manufacturers, hospitals, researchers, third-party coordinators, and patients – it’s no wonder that risk assessment is looking kind of discombobulated right now. When a new medical device vulnerability comes out, rarely is there any agreement about how bad it is. It can be very difficult for health care providers to use existing information to make appropriate, defensible risk decisions

If only there were a common vulnerability scoring system to stop the madness! Enter CVSS. But how can this IT-oriented system be used for evaluating medical device vulnerabilities, and should it? Fortunately, FDA’s CDRH has tasked MITRE to work with the medical device community to find out, so I’ll tell you all about it.

Register Now!