BSidesChicago 2017 has ended
Workshop [clear filter]
Saturday, July 15

9:00am CDT

Wazuh – Open Source Security for Host and Infrastructure Monitoring

Host-based security monitoring has become increasingly important as the number and severity of threats keeps growing. In addition, network security monitoring tools are now harder to deploy, and not as efficient as they used to be.

Another driver for the adoption of host-based monitoring tools is the increased need to comply with security regulations (e.g. PCI DSS).

Wazuh started as a fork of the OSSEC project, and has quickly evolved into a more comprehensive solution. It now integrates OpenSCAP and Elastic Stack providing additional security monitoring and analysis capabilities.

In this session we will show you how to deploy and use Wazuh to:

  • Detect intrusion attempts using rules to automatically analyze log data
  • Monitor files integrity, detecting changes in system binaries or configuration files
  • Index and store log data with Elasticsearch to meet PCI DSS compliance requirements
  • Identify malware (e.g. kernel level rootkits) and system anomalies
  • Monitor systems configuration to ensure they meet standards and hardening guides


Santiago Bassett

Santiago is the founder of Wazuh, and is known for his contributions to OSSIM (Open Source Security Information Management) and OSSEC projects. He has over 15 years of experience in IT Security, covering advanced network security implementations with Open Source technologies. His... Read More →

Saturday July 15, 2017 9:00am - 12:00pm CDT

1:00pm CDT

Advanced Wireless Attacks Against Enterprise Networks

This workshop will instruct attendees on how to carry out sophisticated wireless attacks against corporate infrastructure. Attendees will learn how to attack and gain access to WPA2-Enterprise networks, bypass network access controls, and perform replay attacks to gain administrative control over an Active Directory environment. External wireless adapters and preconfigured live USBs will be provided to all workshop attendees, and material learned in the lectures will be practiced within a realistic lab environment. Areas of focus include:

  • Wireless reconnaissance and target identification within a red team environment
  • Attacking and gaining entry to WPA2-EAP wireless networks
  • LLMNR/NBT-NSPoisoning
  • Firewall and NAC Evasion Using Indirect Wireless Pivots
  • MITM and SMB Relay Attacks
  • Downgrading modern SSL/TLS implementations using partial HSTS bypasses


Gabriel Ryan

Gabriel currently works for Gotham Digital Science at their New York office, where he provides full scope red team penetration testing capabilities for a diverse range of clients. He also contributes heavily to his company’s research division, GDS labs. Previously, Gabriel has worked... Read More →

Saturday July 15, 2017 1:00pm - 4:00pm CDT
Filter sessions
Apply filters to sessions.