If you're excited to attend a workshop, be sure to register for the conference.

Workshop registration is live! Register to guarantee your seat, but don't worry, there is usually space for walk-ins as well.

Announced Workshops:
Friday 10/14/16

Elk All The Things: Security Analytics for the Masses (1pm-3pm)
Security analytics can be a difficult and expensive, but it doesn't have to be. Using the open-source ELK stack (Elasticsearch, Logstash, and Kiban) is a cost effective way to gain similar functionality found in more expensive commercial tools. The difficult part of the ELK stack mainly lies in complex normalization rules.

This workshop will teach students the basics of normalizing machine data with Logstash. Additionally, students will learn how to create useful and powerful dashboards within Kibana to expose the most critical data. 

Attendees will need a laptop capable of powering a virtual machine (VMDK) with 4GB of memory and 20GB of storage space.

Travis Smith is a Senior Security Research Engineer at Tripwire. He has over 10 years of experience in security, holds an MBA with a concentration in information security, and multiple certifications including CISSP and GPEN. Travis specializes in integrating various technologies and processes, with a passion for digital forensics and security analytics.

Exploring the IoT For Fun (3pm-5pm)
In this workshop I will walk through how to get an IoT starter kit from Amazon up and connected to AWS IoT. I will begin with an overview of the AWS IoT architecture and the microcontroller board that is typical in IoT devices. Then I will help participants get the cross-compiler tools installed on their laptop, connect to a IoT board and upload new code to their board. Then we will walk through building the AWS demo and connecting each device to an AWS account and interacting with the board using the AWS IoT dashboard. Finally, I will talk about the threat model for these IoT architecture and how to take what we learned here to analyze the security of real IoT devices.

This 2 hour workshop will require a Linux or Mac laptop with an available USB port. I will try to supply installers for the necessary software, but it is best if you come with the following software pre-installed from your preferred repository:
openOCD: apt-get install openocd OR brew install openocd
gcc-arm-none-eabi version: 4.9-2015q3-20150921 – linux, macosx 
minicom or other serial terminal: apt-get install minicom OR brew install minicom
A familiarity with the C language will help in understanding the code used on the boards.

Bob Loihl. I am a Software Engineer with 20+ years of experience developing business applications, leading teams and spreading the security word. I have a strong interest in delivering applications that are secure by design in an agile world. In order to do that better I am learning to break them using network and web app penetration testing tools. I am currently employed by Tripwire focused on maturing our Secure Software Development Lifecycle practices. In my spare time, I play with IoT devices, guitars and my kids.


Saturday 10/15/16

The Modern SOC: Adapting the Security Operations Model to How We Work (9am-11am)
Security Operations Centers are a central place where security incidents flow through an organization, using technologies and ideas such as IDS, IPS, network flow monitoring, threat analysis and incident response to protect and secure an environment. However, the SOC of today is often out of date and out of touch with how we use our machines and data.

This workshop will first provide an overview of how SOC's work, where they aren't keeping up with how we work today and methods for improving SOC workflow.
Following the overview, attendees will be guided through setting up modular intrusion detection systems for physical and cloud servers. The systems will be configured to send their data to a central location where alerts can be analyzed. 

Attendees who want to follow along will be doing the following:
Building Intrusion Detection Systems in Docker containers in a Linux virtual machine or natively on their system
Saving these containers for use in other applications and environments.
Configuring the IDS to securely send alerts to an instance of Snorby. 
Attendees will have the choice to use a pre-configured Snorby installation hosted at a website or to use a virtual machine provided for them.

Please bring your own laptop. Those in the workshop will be provided with virtual machine images for VMWare and VirtualBox as well as all the configuration documentation needed to follow along and re-create these systems at a later time

Josh Pyorre is a security researcher with OpenDNS. Previously, he worked as a threat analyst with NASA, where he was part of the team to initially help build out the Security Operations Center. He has also done some time at Mandiant. His professional interests involve network, computer and data security with a goal of maintaining and improving the security of as many systems and networks as possible. Josh hosts a podcast looking at the most notable topics in security called: Root Access.

Hands-on Embedded Programming with Black Magic and the Lights On (11am-1pm)
Developing embedded firmware using Open Source tools is usually associated with arranging furniture in a dark room with the lights off. In this self directed workshop you will be able learn and experiment with an ARM Microcontroller and a JTAG debugger. The JTAG debugger allows you to shed light on what is happening inside the ARM microcontroller when you are running your program. Step, halt, watch variables and much more. This workshop is based on the 1BitSy STM32F405 development board and the Black Magic Probe Mini V2 JTAG/SWD debugger with built in GDB server. Both were designed to work transparent with common open source tools and minimal abstractions, making the understanding of what is happening in the system simple. When things go south you don’t want to spend hours peeling back the layers of abstraction. This workshop is based on, and expands on, the tools and techniques introduced in the “Using Black Magic to make embedded programming fun” talk. (Saturday 3:30pm-5pm) The talk is not a prerequisite to be able to attend the workshop.

All required materials for this workshop will be provided, including laptops with software pre-loaded. 

Piotr Esden-Tempski develops Open-Source hardware and software for personal micro UAS as well as tools for Embedded hardware development. Founder and maintainer of libopencm3, Open-BLDC and 1BitSy embedded hardware development platform. Core developer of Paparazzi UAS and Black Magic JTAG probe project contributor. Founder of 1BitSquared. Today Piotr is running 1 Bit Squared, a company providing services and hardware to universities and innovators all around the world. He is pushing the boundaries of what is possible with Micro Unmanned Aerial Systems, as well as embedded systems development and hardware security.