BSidesOK 2017

BSidesOK 2017

Training: Thursday, March 23rd

Conference: Friday, March 24th

Glenpool, OK

Preparing for the Storm - BSidesOK 2018

About BSidesOK

BSides Oklahoma is a free information security conference focused on practical, hands-on training for improving security. Our featured keynote speaker will be Johnny Long ofHackers for Charity.


Registration is free and includes lunch and a t-shirt!

Walk-ins are welcome, but lunch and shirts are reserved for registed attendees first.

Click Here to Register!

Where it’s at

Located at theGlenpool Conference Center in Glenpool, OK (Just southwest of Tulsa).

Official Conference Hotel - Holiday Inn Express Glenpool
For a 10% discount on room prices, use the Corporate ID of "786825735".
Book Rooms Today!

We ♥ Our Sponsors


Interested in Sponsoring BSidesOK? View ourSponsorship Kit..

If you have any questions, please contact us viaemailor@BSidesOKon twitter.


Click on any schedule item to see details about the talk.


Welcome & Announcements

Example Speaker

Morning Keynote: What is the hacker community?

Johnny Long, Hackers for Charity

What is the hacker community? I’ve had some interesting adventures in my twenty-or-so years as a professional hacker and INFOSEC dude, and one thing I’ve learned is the value of failure. In this talk, I’ll unload some of the stories of my adventures all over the globe and share the valuable insights I’ve gained about what it means to be a hacker and why this community is unique, valuable and worth fighting for.

Johnny Long Johnny Long spent his career as a professional hacker. He is the author of numerous security books including No-Tech Hacking and Google Hacking for Penetration Testers. Johnny spent seven years living in Uganda, East Africa, where he focused on his work with Hackers for Charity (HFC). HFC is a non-profit organization that leverages the skills of technologists. They solve technology challenges for various non-profits and provide food, equipment, job training and computer education to the world's poorest citizens. Johnny's website is

Example Speaker
Track 1

Sounds of a Scammer

Rich Lay, FBI Special Agent

Sounds of a Scammer This presentation will include actual audio recordings of telephone calls and voicemails from scammers, collected by the FBI. The main feature will be a series of telephone calls a fraudster makes to a bank, pretending to be a bank customer. There will also be several voicemails left for money mules which had been hired by overseas front companies in order to facilitate the movement of electronically stolen funds to points overseas. If there is time, I will give a brief cyber crime presentation, and discuss topics of interest to the audience.

Rich Lay Richard Lay joined the FBI in July 1997. After attending the FBI academy, he was assigned to the Houston Division of the FBI, where he worked White Collar Crime and Cyber Crime. In 2003 he transferred to the FBI's Engineering Research Facility in Quantico, where he managed a variety of technical support programs. In 2007 he transferred to his home state of Oklahoma. He served as the supervisor of the Cyber Squad in the Oklahoma City Division of the FBI for 5 1/2 years. In 2013 he returned to investigative duties as a Cyber agent, focusing on computer intrusion investigations.

Example Speaker
Track 2

Sniffing Out Security Flaws in Your Web App

Mic Whitehorn-Gillam

Sniffing Out Security Flaws in Your Web App A skilled attacker is probably not going to throw a sheer volume of different attacks at your app to see what sticks. Much like a skilled coder learns to recognize "code smells" - certain symptoms that suggest a problem; a skilled attacker recognizes specific things that may indicate a vulnerability. A simple example would be a querystring argument containing a url. It may be an open HTTP redirect, an API call that can be hijacked, a cross-site scripting flaw, or perhaps nothing at all. One of the best tools developers and application owner can use to secure their own apps is the ability to spot potential vulnerabilities the same way an attacker would.

Mic Whitehorn-Gillam I started coding in the late 80s with MS-DOS batch files and later BASIC. a few years later I moved into Windows GUI apps, and then started into websites around 1997. It was several years later that I actually became primarily a web app developer, where I had full-stack responsibilities for the vast majority of a decade across several different stacks. Security was always an area of interest for me. I learned as much as I could, applied it as a developer, and in the last year it became my primary responsibility as a penetration tester. I don't know everything about web apps, but I've picked up a lot over the years and I'm always grateful for the opportunity to share that knowledge.

Example Speaker
Track 3

The Beginner's Guide to ICS: How to Never Sleep Soundly Again

Dan Bougere

The Beginner's Guide to ICS: How to Never Sleep Soundly Again Are you tired of missing the Modbus? Do you think DALI is a weird artist? You want to bring sexy BAC? Go from noob to clueful on the hottest new hacking targets of 2017, and see what all the fuss is about. Learn what exactly is SCADA/ICS/PCN, why it's important, and just how horrifyingly ancient it all is. If you've ever wondered why Stuxnet was so devastatingly effective, or want to lose sleep over chemical plants on your commute, this is your chance.

Dan Bougere Dan has recently been baptized in the world of ICS through his Senior Security Consultant job at Securion, LLC where he is a pentester. Before then he held various cybersecurity jobs in Afghanistan and domestically, with a quick stint as a Fed at the NSA. Dan holds a BS and two MS degrees (because reasons) and more than a few certs from SANS, where he acts as a mentor in the DC area. He especially enjoys learning about ICS, since you really can hack just like the movies.

Example Speaker
Track 1

Scary Tech that Tracks You Online

Luke Crouch

Scary Tech that Tracks You Online Abstract: There are over 5,000 online trackers that use and abuse web technology to identify and follow users online. From the humble HTTP cookie to WebVR to abusing the web's own security features to attack its users' privacy. This talk will demystify the technology that powers online tracking, show how developers can help protect users, and emphasize the important of privacy in online life.

Luke Crouch Luke writes web code at Mozilla, focusing on Privacy & Security prototypes & experiments for Firefox.

Example Speaker
Track 2

Eating the Elephant: Leveraging Data Analytics to Tackle Everyday Security Tasks and Provide Actionable Intelligence

Ramece Cave

Eating the Elephant: Leveraging Data Analytics to Tackle Everyday Security Tasks and Provide Actionable Intelligence n the fast paced world of information security, analysts are tasked to perform seemingly and often improbable feats of data analysis, and produce actionable results. Actionable could mean, things to block, collect, or be-on-the-look-out (BOLO). Data sources can range from data obtained on-line, device log files, PCAPs, and miscellaneous CSV files to name a few. Seldom does the data align properly, and it could be missing vital contextual information. On the surface, the various data sets may not appear to have any relationship. Not to mention, the small problem, the information totals are in the millions. As if your day was not already turbulent. When, where, why and how do we begin to make sense of the madness? The answer lies in in the solution to this question: How do we eat an elephant? One byte at a time.

Ramece Cave Ramece Cave is a Research Analyst with the Security Engineering Research Team (SERT) at NTT Security. His core areas of focus are distributed threats, which encompass but are not limited to: identification, remediation, and analysis of denial of service (DOS) attacks, covert channels, botnets, and command and control (C2) protocols, in malware and other network communication

Example Speaker
Track 3

How one line of Python can bring your network to its knees - and how to prevent it.

Bobby Simpson

How one line of Python can bring your network to its knees - and how to prevent it. In this talk, we’ll cover how to create a script that will cause Denial of Service throughout the network by creating IP address conflicts. After demonstrating the effects, we’ll discuss how to prevent this from happening in your network. Internal networking weaknesses are well known, and strategies to mitigate the problems have been around for a long time. What is new today is the ease with which attackers can cause massive chaos inside your network, and how many IoT devices are probably running free throughout your environment. Fortunately for the Blue Team, the Python language, and specifically the Scapy library, make it incredibly easy to craft and send fake packets, so mocking up attacks in the lab is easier than ever. Covered topics include how ARP works, an quick intro to Python and SCAPY, a script to cause chaos, and some tips on configuring your network to fight back.

Bobby Simpson Bob Simpson is the creator of GhostSentry, an access control and compliance firewall and CIO for Finley & Cook, PLLC, a private accounting firm where he has served for 9 years. Before that, Bob was Security Architect for the Oklahoma Department of Human Services. Mr. Simpson holds the CISSP, GCIH, GCIA, and GPEN, as well as MCSE and CCNA Security certifications. He is a member of the SANS Advisory board and InfraGard.

Lunch Break

Example Speaker

Afternoon Keynote: Put on Your Own Mask Before Helping Others

Jack Daniel

Put on Your Own Mask Before Helping Others We hear it every time we fly, but it is good advice for many situations in life. To prepare for and thrive in a career in technology we have to plan to take care of ourselves, and others. The demands on infosec and technology professionals often seem overwhelming, this talk discusses ways to maximize your ability to thrive in the high-stress, high-demand environment of technology and security. Building on lessons learned from stress and burnout research and other projects this presentation looks at the other side, how to avoid getting into trouble and ways to sustain high efficiency and satisfaction. Topics range from the defining terminology and prior study, to preventing potential personal and professional problems, and will include day-to-day advice for being content and productive.

Jack Daniel Jack Daniel is a co-founder of Security BSides and works for Tenable Network Security. Jack has over 20 years' experience in network and system administration and security, and has worked in a variety of practitioner and management positions.
Jack is a technology community activist, a frequent speaker at technology and security events and is a co-host on the award-winning Security Weekly Podcast. An early member of the information security community on Twitter, @jack_daniel is an active and vocal Twitter user. Jack is a CISSP, holds CCSK, and is a Microsoft MVP for Enterprise Security.

Example Speaker
Track 1

Canary Tokens: Attacks and Defense

Nathan Keltner

Canary Tokens: Attacks and Defense Canary tokens can be thought of as web bugs for documents, executables, or even database records and source code repositories -- canaries that fire when a victim or attacker interacts with a tokened resource. This talk discusses techniques to use canaries for offense and defense, detecting interactions with your token when they occur on any system that isn't fully isolated from the internet.
For defense, these grant visibility into successful attacks in a manner similar to honeypots, but focus on the information attempting to be obtained rather than a network asset. They are particularly interesting for the feedback provided in cloned site phishing attacks and other areas that are usually "dark" to defenders.
But tokens are also highly useful for attackers. They've become indispensable in our attacks against live networks, granting valuable debug information on failed exploits, failed and successful phishing attempts, the specific types of network defenses getting in the way, and similar useful information.
This talk will cover typical setups, modifications to the open source repos and configs you'll want to make, and fun examples of all of the above.
I mean, what attacker wouldn't open the file 'Netsec_passwords_all_Q1_2017.xlsx'?

Nathan Keltner Nathan Keltner, one of three founding partners at Atredis Partners, plans, leads, and executes advanced, custom-scoped projects for the Assessment and Embedded practices. He has over 13 years of experience in the security industry, working with top teams of attackers and vulnerability hunters at large organizations performing penetration testing and research assessments of unique hardware, software, and organization targets.
Atredis Partners is an information security company focused on improving the security of complex systems and networks. We thrive in the unknown of niche products and difficult networks, where the market was typically underserved. Our clients include some of the top organizations in hardware manufacturing, mobile device OEMs, healthcare, the financial sector, and many other verticals.

Example Speaker
Track 2

How did that get there? The ICS attack surface you may be missing

Jason Holcomb

How did that get there? The ICS attack surface you may be missing With media attention and the advent of IIoT, awareness of control system vulnerabilities is arguably at an all-time high. What you may not be aware of, however, are the lesser known technologies and attack opportunities lurking in many industrial control environments. While you’ve probably heard about fragile IP stacks in embedded devices, unpatched Windows, and rampant MS08-067 in ICS, the story doesn’t end there. In this presentation, we'll examine overlooked and often undiscovered attack surface based on a decade of ICS assessment and testing experience in the oil and gas, electric power, and manufacturing industries.

Jason Holcomb Bio

Example Speaker
Track 3

Pirates Be Lurkin' at the Single Sign-On Watering Hole

Rodney Beede

Pirates Be Lurkin' at the Single Sign-On Watering Hole Enterprises have standardized on offering web-based applications for their user community and are using Single Sign-On to make accessing them simple and secure. But if an attacker finds a weakness in the Single Sign-On environment, they can access all web applications as though they were legitimate users. This talk discusses a mass-compromise scenario in certain real Single Sign-On environments and more importantly how to avoid it.

Rodney Beede Bio

Example Speaker
Track 1

Panel: Infosec Professionals Ask Me Anything

Jack Daniel, Johnny Long, Kevin Johnson, & others?

Panel: Description

Speaker Bio

Example Speaker
Track 2

Security Risk Management: Risk Assessment and Beyond

Greg Guhin

Security Risk Management: Risk Assessment and Beyond My presentation will concentrate on using the results of Information Security Risk management activities to drive strategic and tactical outcomes. The material will include the use of components of the Octave Allegro Information Risk Assessment methodology to perform threat scenario modeling, with the results driving investments in information security tools and capabilities. There will be general discussions on how risk assessments are used in different organizational gates that introduce risk, including Vendor Management, Project and Data Protection.

Greg Guhin I have spent 20 years in Information Technology, Information Security and Risk Management. I began my career in technology after a short time in the US Army which landed my in Fairbanks, AK. I spent 8 years working in Alaska with time spent with an ISP (Internet Alaska), and into Network Consulting and Engineering for small and midsize companies. I have worked in healthcare and banking as both an engineer | analyst and a manager, with the last 7 years focused on Information Security and Risk Management. I have accumulated certifications along the road ranging from a Cat 5 installer to and MCSE for NT, Network +, ITIL V3, VMware VCP, GIAC-GSEC and most recently my CISM.

Example Speaker
Track 3

Crypto: 500 BC - WWII

Luke Crouch

Crypto: 500 BC - WWII "Crypto Before Computers": A 60-minute overview of content from The Code Book by Simon Singh, covering secrecy from ancient Greece to Enigma machines used in World War II. This is a cursory, high-level, mostly-non-mathematical survey of centuries of crypto - good as an intro to crypto for developers and non-devs alike.

Luke Crouch Luke writes web code at Mozilla, focusing on Privacy & Security prototypes & experiments for Firefox.

Example Speaker
Track 1

Uncovering IoC using PowerShell, Event Logs, and Nagios

Dallas Haselhorst

Uncovering IoC using PowerShell, Event Logs, and Nagios What security concerns keep you up at night? Is it pivoting, persistent access, the time to detect compromise, or one of a thousand other possibilities? What if you were told that without a doubt, you have tools at your disposal to periodically verify your security posture and you are not presently using them? Why spend more hours and more budget implementing a new product with new agents and new headaches that will not effectively reduce your workload or anxiety level? Even if you have commercial tools already monitoring your systems for security events, how do you know they are working? Is it even practical to use a customized PowerShell scripts/plugins, built-in event logs, and a traditional monitoring tool such as Nagios to monitor for indicators of compromise on Windows systems? In addition, you will be presented with some applied research as well as easy-to-follow guidelines you can integrate into your own environment(s).

Dallas Haselhorst Dallas Haselhorst has worked as a security and general IT consultant for over 14 years. He founded and co-owned a managed IT service provider until 2016. In 2000, he received concurrent bachelor degrees in Information Networking and Telecommunications (INT) and Computer Information Systems (CIS) from Fort Hays State University. He is currently a Master's Degree candidate with the SANS Technology Institute (STI) in Information Security Engineering (MSISE). Dallas presently holds numerous industry certifications including the CISSP, GSEC, GCIH, GCCC, GCPM, GPEN, and GMON. When not working, Dallas loves learning new technologies and spending time with his family.

Example Speaker
Track 2

Tracking Down the R0uge N0de

Donovan Farrow

Tracking Down the R0uge N0de We live in a world today where most security analyst only respond to the blinking lights or the RED pie charts on a dashboard. What if you really wanted to find some real silent actors? Where would look and what would it even look like and what tools are available? During this presentation, we will go through a few scenarios of different attacks, what they look like and what you can do to stop, track and intellectual crush attacker!

Donovan Farrow Bio

Example Speaker
Track 3

Ransomware: History, Analysis, & Mitigation

Andy Thompson

Ransomware: History, Analysis, & Mitigation Just as the title says, we go over the humble origins, touch on the notable variants of yesteryear, the big hitters today, and discuss the future of ransomware. It's no longer just for windows anymore. Linux, Mac, and mobile platforms are all ripe for extortion.
This humorous and entertaining talk teachest everyone, from Mom and Pops to large enterprise organizations, what's really happening and how to protect themselves.

Andy Thompson Andy Thompson aka Rainmaker(@R41nm4kr), has 20 years in the fields of Web Development, Systems Engineering/Administration, Architecture, and Information Security. Currently, he is a Strategic Advisor for CyberArk Software. He's a active member of the Dallas Hackers Association and Shadow Systems Hacker Collective. In his free time he enjoys going on adventures all over the world with his wife and two girls. Andy holds a Bachelors of Science in Information Systems from the University of Texas at Arlington as well as the Systems Security Certified Practitioner (SSCP) and Certified Information Systems Security Professional (CISSP) from (ISC)2.

Example Speaker
Track 1

Your Crypto is Broken

Frank Gifford

Your Crypto is Broken Cryptography provides protection of data that is inside one trusted unit which can be delivered to another trusted unit via a channel controlled by an active attacker. When done properly, this allows communication of data which can be trusted by both sides and has no value to an attacker. When done poorly, this is nothing more than the illusion of security and history has its share of bad implementations of cryptography. These were accidental issues, or mistakes made by creating home-grown algorithms by someone who knew just a little about cryptographic theory.
While the Blue Team is struggling to stay on top of the never-ending chaos of log messages from every script-kiddie around the world, there is a continuing struggle to determine whether the trusted communication channels can actually be trusted. Additionally, there’s always the nightmare scenario of the code simply walking out the door. What secrets would be exposed in that case and is cryptography really helping?
In this talk we show why home-grown cryptography should not be trusted and even third-party code should be examined with a skeptical eye. Practical tips are given for doing audits related to cryptography and how to have an early warning on breaches.

Frank Gifford Frank Gifford is an Offensive Security Certified Penetration (OSCP) tester working for NCC Group and has a life-long passion for all things relating to cryptography. He spent many years as an embedded C programmer working on networking equipment and IPS products. During his spare time he factors certificates (CVE-2016-6670) and he has a life goal of creating a scholarship relating to cryptography.

Example Speaker
Track 2

The Machines are NOT Out to Get Us! How Machine Learning and Artificial Intelligence are Changing the Security Game

Chris Yates

The Machines are NOT Out to Get Us! How Machine Learning and Artificial Intelligence are Changing the Security Game We’ve all been using machine learning and artificial intelligence for some time now with such things as facial recognition in Facebook to voice recognition on our smart phones. What many are not aware of is that there are significant innovations occurring in the security space that utilize machine learning and artificial intelligence to provide the next evolution of tried and true security tools like anti malware, network forensics, and user identity.
This presentation will start with an overview of machine learning and how it works at a high level. We will then take a brief look at one use case – antimalware, that is currently displacing traditional antimalware solutions at an increasing pace. We will then discuss some up and coming use cases that are being still developed, and provide some examples of existing tools in these spaces.

Chris Yates Bio

Closing & Door Prizes


Other Events

Technical Demos

ZScaler - Nicole Powell

Defense-in-depth: How Zscaler protects against CryptoLocker.

Carbon Black

Cyber Ark

RSA Netwitness Suite - Jay Dunks

Critical Start

College of Lockpicking

Come learn the basics of lockpicking and how locks work.

Hacker Hired

Need help with your InfoSec career? Whether it’s resume assistance, help with finding jobs, handling interviews, or just trying to get the job you want, this is the place to ask! Social engineering is used to help attendees better prepare themselves to get the job they want. This can also be used for recruiters to help find InfoSec talent.

First Lego League Demonstrations - Cascia Hall Team

Interested in robotics? Come see the students from Cascia Hall demonstrate their First Lego League competition robot.

Code of Conduct

Everyone deserves to attend a learning, community or professional event with a reasonable expectation of good behavior. As members of the Techlahoma community, the Techlahoma CoCapplies to all attendees, speakers, volunteers, and vendors.Contact usif you have questions.


This conference wouldn't happen without our great organizers and volunteers. Many thanks to: Nathan Sweaney, Nathan Keltner, John Robertson, Carrie Randolph, Aaron Moss, James Lawlz, Devon Greene, Donovan Farrow, and Wes DeVault

If you'd like to volunteer, please contactour team.