The 9th Annual BSides
Connecticut
Conference
September 30th
2023

About


Security BSides is a platform run by the infosec (information security) community, for the infosec community. It's all about creating friendly events where everyone can share their ideas and learn from each other. It's a great place for insightful discussions, practical demos, and interactive sessions on the latest trends. In short, it's where people get together to talk about and shape the future of information security.

Where


Quinnipiac University
North Haven Campus

When


September 30th
2023

DIRECTIONS


370 Bassett Road, North Haven CT. 06473

Use the parking garage!

OUR HISTORY

Security BSides started in 2009 when some talented speakers couldn't fit into a major conference. So, we decided to make room for them. Our goal is to break down the typical barriers of conferences, allowing for more speakers, more topics, and more events. Since 2009 every state, and every country has held a Security BSides event. (Most states hold more than one per year.)

WHO WE ARE

BSides Connecticut started in 2011 with an all-volunteer crew. As more people learn about us, we've grown ever larger in size and scope. BSides events are about sharing and learning from each other. They're a platform for security experts and professionals to share ideas and make lasting connections. Each BSides event, including ours, is driven by the community. The idea is to take the conversation beyond the usual conference setting and encourage collaboration. It's a chance for participants to share their knowledge and learn from each other.

Schedule

Schedule is subject to change.

Saturday

CTF runs from 9:35 AM to 4:45 PM!
8:30 AM
Registration
Registration opens!
9 AM - 9:35 AM
Opening Remarks
BSidesCT
Opening remarks to kick things off.
9:45 AM - 10:45 AM
Keynote - Scaling the Security Researcher to Eliminate OSS Vulnerabilities Once and For All
Jonathan Leitschuh
Discusses an innovative solution for addressing security vulnerabilities in Open Source Software (OSS) projects at scale: automated bulk pull request generation. It emphasizes the challenge of efficiently triaging and fixing widespread vulnerabilities, showcases practical applications, and highlights the importance of providing actionable fixes to volunteer maintainers to make a real impact on OSS security.
10:50 AM – 11:20 AM
Code is Law. Applying Security Techniques to Profit in Web3
Skeyellama
Web3. It's more than just monkey jpegs. Explore how Web3 crashes into real world problems to create profit opportunities for the savvy black or grey hat.
11:25 AM - 11:55 AM
OT Cybersecurity and Defending the Grid
Michael Tetto
An overview of Operational Technology and techniques used to protect our nations Critical Infrastructure.
12:00 PM - 1:00 PM
LUNCH!
BSidesCT
Come stuff your face!
1:00 PM – 1:40 PM
Methods for Protecting AI Enabled Applications
Jim Miller
LLMs are a powerful new technology with a wide range of applications. However, they also pose new security risks. In this talk, we will discuss the threats posed by LLMs and how to defend against them. By using open source tools like LangChain Rebuff and NVIDIA's NeMo Guardrails, we can defend against prompt injection and open the ability to adopt LLM capabilities within our organizations and businesses. (Yes, this summary was generated by an LLM.)
1:50 PM – 2:20 PM
How to Prepare for the SEC Cybersecurity Rules before December 2023
Dick Brooks
The SEC cybersecurity rules that take effect in December 2023 place Officers and Directors in charge of Cybersecurity processes and policies. This talk describes the SEC cybersecurity requirements and solutions following NIST standards for process disclosure and material cyber-incident reporting relating to software supply chain vulnerabilities and exploits that could lead to a cyber-incident and potential shareholder lawsuits seeking to hold Officers and Directors personally liable for losses due to a material cyber-incident.
2:30 PM – 3:10 PM
Windows Search Index: The Forensic Artifact You've Been Searching For
Phalgun Kulkarni
Explores how the Windows Search Index can serve as a crucial forensic artifact for investigating cyber-crimes on Windows devices. It covers default data, user-triggered modifications, structure differences between Windows 10 and 11, and practical applications. Learn how to leverage open-source tools for efficient analysis, enhancing your digital forensics capabilities.
3:20 PM – 4:00 PM
Finding mobman
illwill
Subseven, a groundbreaking Remote Administration Tool (RAT) from two decades ago, reshaped cybersecurity by allowing hackers remote control over computers. This talk explores its history, the hunt for its creator "mobman," and the acquisition of Sub7 2.1.3's source code, shedding light on Backdoor Trojans, OSINT/DFIR analysis, and versatile cybersecurity insights.
4:10 PM – 4:50 PM
Effective Adversary Emulation
Jeremy Mill
So you've built an amazing suite of security tools that provide defense in depth. But, have you actually tested them? This talk describes an effective method for adversary emulation designed for small and medium sized teams. Learn how to build a plan, execute it safely, and how to evaluate the results.
5:00 PM - 5:45 PM
Closing Remarks
BSidesCT
Alas, all good things...
...but then!

🍻 THE AFTER-PARTY! 🥳

Join us for the BSidesCT 2023 After-Party!

Unwind in a dynamic setting perfect for the infosec community after a day packed with groundbreaking talks and interactive sessions.

With a cash bar, hors d'oeuvres, diverse musical genres, and engaging activities like foosball and classic arcade games, the venue promises a night of relaxed networking and enjoyment.

Ample parking ensures a hassle-free experience, so mark your calendars and let's continue the conversation in an informal setting!

CTF

flag{infosec_mastery_in_progress}

CTF prizes provided by:

We're excited to announce that we're hosting a Capture the Flag (CTF) game at our upcoming Security BSidesCT event on September 30th! This isn't just any game - it's a test of your infosec skills and a chance to learn even more.

Our CTF challenges will stretch your offensive and defensive abilities in information security. You'll have the opportunity to simulate real-world scenarios, test out new strategies, and see first-hand the impact of your actions. Whether you're a seasoned pro or new to the field, it's a fantastic way to apply what you know, identify areas for growth, and have some fun!

Remember, the goal is not just to win but to learn and grow. Everyone is welcome, regardless of skill level. So mark your calendars for September 30th, and get ready to capture the flag at BSidesCT! We can't wait to see what you can do.

 

CTF participation is limited to ticket holders, and information will be sent to the email address used for registration.

Sponsors

Our sponsors make it all possible!

BSidesCT is proud to host its 2023 community-driven information security conference, an event that's become a fixture in the industry, thanks to our dedicated sponsors.

This year's conference will showcase presentations from leading information security experts, interactive workshops, and our signature event, the 'Capture The Flag' learning contest. All this provides a unique and engaging platform for sharing knowledge and fostering innovation in our field.

We are extending an invitation to your esteemed organization to join us as a sponsor. By lending your support, you will not only be facilitating this enriching event but also gaining valuable visibility and connection within the information security community.

To learn more about our sponsorship opportunities and the various benefits associated, please reach out to us at info@bsidesct.org. We look forward to the possibility of your organization being part of this exciting event.

Contact Us

Don't worry, it's cool.

Newsletter

Subscribe below for updates.

Security BSides is a community-led initiative where information security enthusiasts come together to learn, share, and connect. Our events are designed for everyone, whether you're presenting or just participating. We cultivate an environment that sparks collaboration and insightful conversations. Our intense, engaging experiences break the mold of typical meetings with hands-on demos and deep discussions. Here, you'll find cutting-edge talks about what's next in our industry.