Time left until BSidesBUD 2017


What is BSides?

Security BSides is the first grass roots, DIY, open security conference in the world!  It is a great combination of two event styles: structured anchor events and grass-roots geocentric events.

“ It is no failure to fall short of realizing all that we might dream.

The failure is to fall short of dreaming all that we might realize. ”

Dee Hock, Chairman Emeritus, Visa International

‘Security BSides is a community-driven framework for building events for and by participants in the information security community. It creates opportunities for individuals to present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction by participants. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. This is where conversations for the next-big-thing happen. The open platform gives community participants a rare opportunity to directly share ideas, insights, and develop longstanding trusted relationships with others in the community.’ Security BSides


  • Conference hall – Morning
    08:30 - 08:35
    Attila Marosi - Opening ceremony
    08:35 - 09:20
    Zoltán Balázs - Hacking IP cameras through the cloud
    Hardly a day goes by without an article about a new IoT (Internet of Things) device being hacked. IP cameras, routers, baby monitors, smart homes, NAS devices, light bulbs, cars, rifles, you name it. We have seen in the past 5-10 years how horrible the security of these devices is. Some people play VNC roulette, others hijack cars driven by a journalist. Junk hacking has become part of the ITSEC industry. Journalists are happy because of improved click-through rates through scary headlines, security researchers feel they are the celebrities of the day. But this is just part of the full story.
    09:20 - 09:50
    M4xk & Sıx - Legend of Windows – A Link to the Hash
    During one of our IT security investigation we have observed an undocumented Windows feature which leaks much valued hashes from the system. No complicated exploitation is needed to play the trick we will present and it can drastically speed up owning all the users in the systems and reaching to domain administration privileges.
    09:50 - 10:35
    Tobias Schrödel (GER) - Hacking toys, lamps and other stuff
    In this presentation, it will be demonstrated live how to hack at least three IoT devices. At first, a childrens toy, which is a radio-controlled car with a built-in video camera. Second, an “adult toy”, that is accessible via bluetooth from any person in reach. Here, a second “adult toy” will be demonstrated, that has security built-in, so this can not happen. At last, it will be shown, how to hack into Philips HUE light system from within the same network. As a wrap-up there will be a talk about what needs to be done from vendors in the future to make the IoT safe.
    10:35 - 11:05
    Coffee break (30 mins)
    11:05 - 11:35
    Péter Höltzl - Getting the most out of security logs using syslog-ng
    Event logging is a central source of information for IT security. The syslog-ng application collects logs from many different sources, performs real-time log analysis by processing and filtering them, and finally it stores the logs or routes them for further analysis. This session focuses on how syslog-ng parses important information from incoming messages, enriches them with additional contextual information, and concludes with demonstrating how all of this can be used for alerting or for dashboards.
    11:35 - 11:50
    Csaba Fitzl - IOC sharing – we are doing it wrong
    Threat Intel and IOC (indicators of compromise) sharing are very hot topics these days, and has been around for a few years. People tend to rely on these kind of information more and more. In my talk I will talk about why we are sharing IOCs in the wrong way, why those won’t be useful at all in large enterprises, and what we should change to make it valuable. I will also talk about what IOC types we share and don’t share, and which of those could add the most value to an organisation.
    11:50 - 12:35
    Paul Coggin (USA) - Hallowed be thy packets
    Blue and Red teams are missing the low hanging vulnerabilities that exist in many enterprise networks today. This session will show in detail how the red team can quickly identify and exploit numerous network protocol vulnerabilities that the previous security test team probably missed. Methods for securing routing and switching protocols will be covered. Detailed PCAP examples will be covered. Recommendations for adding visualization and instrumentation to the network to detect network exploits will be covered.
    12:35 - 13:05
    Tamás Hetesi - Security issues about backup
    Do you have a backup strategy? I’m glad. But what about security? In my presentation I will introduce the problems, that may arise during backup saving, and also talk about how our own backup can be harmful for us. The participants can also meet some solutions that can help to protect themselves against threats.
  • Conference hall – Afternoon
    13:05 - 14:05
    Lunch break (60 mins)
    14:05 - 14:20
    Tamás Boczán - Cheating - The malware for video games
    In the last decades video games have grown into a multi-billion dollar industry, creating new opportunities for attackers. Connected features of the games and their lack of security solutions provide an ideal platform for malware developers, who managed to exploit it for financial gains. In time, attacks and defenses have become more and more sophisticated. This escalated into an ongoing war of cheaters and anti-cheat developers, which is very similar to the one between malware authors and security companies. In this talk I focus on the parallels of regular malware and cheating exploits, also showing the struggle of mitigating attacks in an extremely performance-sensitive environment. I present methods attackers have used to gain money by cheating and talk about the current state of cheat and anti-cheat software.
    14:20 - 15:05
    Jeff Hamm (USA) - What the Shell? Powering through PowerShell Forensics
    PowerShell is a remote administration tool built into modern Windows operating systems. The shell is a command line driven tool that can be very powerful for network administration, scripting, and even gathering artifact evidence across an enterprise network. In this session, the attendee will see basic uses of PowerShell to gather data, and what traces the use of PowerShell leave behind and how to analyze the data. Finally, the presentation will walk through a case study of an attack that leveraged only PowerShell and Metasploit PowerShell scripts to compromise a bank’s network, move laterally through multiple domains, and ultimately transfer funds out of the bank using SWIFT transactions.
    15:05 - 15:25
    Break (20 mins)
    15:25 - 16:10
    Dr. László Erdődi - Analysis of the exploitation of heap usage based memory corruption
    In the past few years several heap based software error exploitations have come to light and so several solutions have been created for detecting and preventing them. The presentation will discuss the different allocation methods of the up-to-date main heap solutions (e.g. low fragmentation heap) and the different exploitation techniques (e.g. use after free). These will be demonstrated through the analysis of existing software vulnerabilities.
    16:10 - 16:55
    Pedram Hayati (AUS) - A cost effective way to setup a Deceptive Defence environment
    The concept of deception security has been around since early 1990. However, its rate of adaption has been very slow. Deception security has been primarily used for research (ad-hoc hobbyist using honeypot systems or commercial rebranding of the same systems) and rarely as a protection mechanism. The security industry has a very limited understanding of Deception security and is not using it at its full capacity.
    16:55 - 17:10
    Attila Marosi - Closing notes
  • Workshop room
    08:35 - 10:35
    Milán Gábor - Visualization BIG DATA
    In these days we very often find ourselves in position, where we are facing with large amount of data and we need to analyze it. A lot of people think it is hard to visualize that data, but we will show it, that this is not always true. Using ELK stack (Elasticsearch, Logstash, Kibana) some good environment can be built which serves as good base for additional analysis. ELK stack is a modern solution that can handle large amount of data and make it search and visualize in an easy way.
    10:35 - 11:05
    Coffee break (30 mins)
    11:05 - 13:05
    Gábor Katus - Developing Cuckoo modules (in Hungarian)
    Cuckoo automata malware elemző sandbox-al fogunk megismerkedni, megmutatom nektek, hogy milyen könnyen lehet egy ilyen sandbox-ot összerakni, majd a Cuckoo keretrendszer képességeit kihasználva készítünk néhány új modult, új funkciót a Cuckoo sandbox-unkhoz.
    13:05 - 14:05
    Lunch break (60 mins)
    14:05 - 16:05
    Dávid Szili - Getting the most out of Windows Events Logs
    A typical mistake repeatedly seen in many SOCs is that they collect such a large amount of events that at the end they suffocate their SIEM solution. "Collect all the events!!!" sounds nice in theory but in practice, less is often more and security teams must select and focus on events that have an actual use-case and provide real value from a security perspective. But what if we do not even have a SIEM and cannot afford one? Luckily, in a Microsoft Windows environment we have built-in and free tools at our disposal to get quickly started with security monitoring and hunting using Windows Events Logs.
    16:05 - 16:15
    Break (10 mins)
    16:15 - 18:15
    Miklós Desbordes-Korcsev - Hands-on with JavaScript analysis in WinDBG
    JavaScript analysis automation JavaScript code deobfuscation always presents a challenge for malware analysts, analysis being time consuming, sometime even anti-debugging techniques make it more difficult. What if we had a mechanism to see into the very core of the JavaScript engine and the DOM and be able to track down what the malware was up do without having to make any changes to the code and without giving the malware a chance to sense a debugger being present?

You should come if…

… you’re a student who’s interested in IT security…

… you’re  student who wants to work in the field of IT security…

… you’re an IT professional who wants to build relationships with similar experts…

… you want to meet/talk/exchange experience with people who has similar interests…

… you are interested in the latest trends of IT security…

… you want to experience the international atmosphere of BSidesBUD…


Click here for registration, it’s FREE:


What participants said about BSides?