#ChompAroundandFindOut

VIRTUAL WORKSHOPS

9/17/21

LIVE HACKING CHALLENGES

9/18/21

Tickets: FREE

Registration Required and OPEN NOW!

https://www.eventbrite.com/e/security-b-sides-orlando-byte-sized-2021-tickets-162609446231

‘Lil Chompy took over and frankly we can’t stop them. Once that gator gets an idea it’s all tails and teeth. It’s easier to just go along. Check out this announcement video below.

‘Lil Chompy hacks the stream.

What is BSides Orlando Byte Sized?

Borrowing from our friends at KernelCon their Hack Live! event was such a wild success we said, “We have to try this.” The Hack Live! event was a live stream where professionals were given CTF style challenges written by other professionals and the audience got to watch as they tried to solve the challenge live. Often they weren’t able to solve it which was part of the fun. Even experts, when given a time limit and no prep, can fail. It’s not just beginners. At the end of each segment the challenge creator would come into the stream and help with/explain the challenge. Check out the videos here.

Seriously, check out Joe “Kingpin” Grand solve his hardware challenge. You won’t be disappointed. KernelCon and Major League Hacking did such an amazing job. Check out the Major League Hacking Twitch Channel where they do this every Sunday.

For BSides Orlando Byte Sized four challenges will be streamed with a professional that regularly works within the area of each challenge. They will be paired with a team of participants. The pro will get no additional information about the challenge. They have to solve the challenge in 90 minutes, but they don’t beat it if only they solve it. Each member of the team has to solve their part of the challenge. If they don’t beat the challenge in 90 minutes the challenge creator will come into the stream and walk everyone through how the challenge was created and how to solve it.

Part educational exercise, part entertainment, part CTF. That is BSides Orlando Byte Sized! Streamed live so everyone can learn! There are no winners beyond bragging rights and the knowledge we all gain!

Who are the Pro Coaches?

We have a fantastic crew of professionals that will work with our participants to solve challenges and help teach everyone watching.

PHYSICAL CHALLENGE

Deviant OLLAM
RED TEAM AND Physical entry Specialist

REVERSE ENGINEERING

Hahna Kane Latonick
INSTRUCTOR / AUTHOR / REVERSE ENGINEERING SPECIALIST

HARDWARE HACKING

JOSE RODRIGUEZ
EMBEDDED SYSTEMS SOFTWARE SECURITY SPECIALIST

CLOUD AND K8s CHALLENGE

IAN COLDWATER
KUBERNETES SIG SECURITY CHAIR / GOOSE ON FIRE

How can I become a Participant?

This year instead of talks/presentations you have a chance to be paired up with a teammate and coach to attempt to tackle a specially designed challenge within an allotted timeframe. Neither you nor the coach will be prepped as to the actual challenge.

The four areas are: Physical, Hardware, Reverse Engineering, and Cloud & Kubernetes. The challenges may potentially contain elements like the below:

  • Physical: Lockpicking, safecracking, lock bypass
  • Hardware: Soldering, component identification and troubleshooting, firmware code
  • Reverse Engineering: Code analysis and used of reverse engineering tools
  • Cloud & Kubernetes: Container and cloud challenges related to configuration and container security issues.

You are not expected to be an expert in any of the areas, however, you should consider applying for areas where you have at least some exposure or very basic knowledge. Example: You don’t need to know how solder SMD components, but you would want to know what they are and why they are different.

Instead of submitting a normal talk proposal, Chompy is changing it up and wants for you to submit a video of you telling us why you would make a good participant

For the video:

  • The video can be no more than 2 minutes in length highlighting why you would be a good participant.
  • We are looking for folks that have some familiarity with each area, are comfortable on camera, and don’t mind failing with an audience watching. The point of this is for everyone to learn and even the experts you are paired with may not be able to beat the challenges in the allotted time.
  • The video should show your ability to interact with the camera and the audience viewing the video. We will also be looking for good video practices like lighting and sound. However, that will only be a small component of consideration.
  • You can create this video in any way you see fit (Twitter, TikTok, LinkedIn, YouTube) whatever works for you. We suggest create a private video on YouTube and sharing the link. However, all that is required is the video can be viewed publicly. This is important as you will be on a live stream. If this is not something you are comfortable think about why you want to participate before submitting as you will need to be on camera in a live stream.

The BSides Orlando Staff and Volunteers will select contestants and notify them confirming their available. The selection criteria will be fairly qualitative and based on the overall quality your submission. Don’t just say why you will be a good contestant… show us! Have fun with it and show us why you will make the event fun and educational for everyone involved.

Ready to join us! Here is the Call for Participants, we hope you will apply and take part! https://bsidesorlando2021.busyconf.com/proposals/new

How do I Register and Watch?

Details will be posted shortly. The event is 100% virtual. It will be streamed to Twitch, Twitter, LinkedIn, and YouTube. Chat will happen in Discord along with Villages and Workshops.

Workshops – Friday – September 17

OSINT CTF STRATEGY & TACTICS

ALETHE DENIS

PWNING WEB APPS

Phillip Wylie

Schedule

Friday, September 17th

ESTWorkshops 1Main Track
8A – 9AWeb Apps Workshop Check-In
9A – 1PWeb Apps – Phillip
1P – 2POSINT Workshop Check-In
2P – 6POSINT – Alethe
6P – 6:30PKick Off Video and Introductions
6:30P-7:30PRecruiting Behind the Scenes Happy Hour

Saturday, September 18th

ESTMain TrackCTFLPV
9:30 AMRegistration
10:00 AMOpening CeremoniesCTF Opens
10:30 AMChallenge Kickoffs and Intros
11:00 AMHardware – Jose 11A – 1PTOOOL Intro to Lockpicking Talk
11:30 AM* Hardware ContinuedHandcuff Talk
12:00 PM* Hardware ContinuedLockpicking in Games Museum
12:30 PM* Hardware ContinuedDoors, Cameras, and Mantraps Oh My!
1:00 PMLate Lunch/Dinner – See LPVSafecracking Simulator Lunch Hour
1:30 PMReversing – Hahna Safecracking Simulator Lunch Hour
2:00 PM** Reversing ContinuedPhysical Security Testing with Trash
2:30 PM** Reversing Continued15 Minute Tour of Southord Website
3:00 PM** Reversing Continued1 Hour Lockpicking Hangout
3:30 PMK8s/Cloud – Ian ColdwaterTOOOL Intro to Lockpicking Talk
4:00 PM** K8s Continued
4:30 PM** K8s Continued
5:00 PM** K8s Continued
5:30 PMPhysical – Deviant
6:00 PM** Physical Continued
6:30 PM** Physical Continued
7:00 PM** Physical Continued
7:30 PMClosing Ceremonies
8:00 PMCocktail ConCTF closes 10AM Sunday