Introducing the 2017 BSides Knoxville Badge

For the first time since the last time we introduced an electronic badge, we present to you… an electronic badge!

The inaugural BSides Knoxville conference featured a badge that doubled as a BeagleBone Black cape that sported a second ethernet interface and rechargeable battery goodness.

This year’s badge is an RF hacking platform. It sports an ATTiny85 processor, a 433 MHz transmitter and receiver pair, and a 915 MHz transceiver. As can be seen in the photo below, there is a prototyping area on the board and it can be configured to run at 3 or 6 volts using one or two CR2032 coin cell batteries.

BSides Badge photo

When we squint, we think it looks a bit like a jellyfish!

The full resources for creating your very own boards are right here: Knoxville-BSides-RF-Badge-2017

This year’s 2017 BSides Knoxville logo and poster have been described as reminiscent of the Rat Fink art style.

Considering that the the ‘RF’ logo is prominently engraved on the RF board, I hope the rest of the team isn’t upset if I suggest we call it the ‘Rat Fink’.

The badge doesn’t require a BeagleBone or any other additional purchases to use it, beyond the components necessary to populate the board. We have enough components to populate a few dozen, and we’ll make some soldering equipment available at the conference for anyone that wants to try their hand at it.

Jed and the other wizards that came up with this badge say we might be able to get a ‘fox hunt’ together if we can get enough of these built prior to, or during, the conference. We’re not sure what a fox hunt is, but it sounds like a ton of fun.

See you in a few days!

–Adrian (@sawaba)

2017 CFP is now open!

On May 5th, BSides Knoxville returns to Scruffy City Hall, and we want you to be part of it! Makers, hackers, red teams, blue teams, or anyone who wants to rant about security and privacy! We’re looking for creative, cutting-edge presentations of interest to the security community. Whether you’ve devised a new attack against internet-connected gas pumps or discovered a new behavioral analysis technique for identifying botnet C&C, we want to hear from you!

Attacking, defending, threat intelligence, privacy issues, reverse engineering, philosophy; if it has a security, hacking, or privacy angle, BSides Knoxville is interested!

If you want to shape Appalachia’s view on security, please submit a short abstract describing your contribution HERE.

 

Key CFP dates and deadlines:

  • CFP Opening: January 20, 2017
  • Submission Deadline: March 20, 2017
  • Final Notifications: April 11, 2017

CFP Closed, Talks Chosen

TL;DR

The schedule is live, Travis Goodspeed is our keynote speaker and deciding on a CFP review process is tough and usually results in compromising somewhere, somehow.

CFP Review

Out of all the things we’ve done in preparation of this BSides, I can easily say that there are few things we’ve discussed and debated as much as the CFP. Little surprise, right? The talks and the attendees are the lifeblood of the event, and if we want the latter to come back next year, we’ve got to get the former (talks and speakers) right.

We talked about many ways to approach and run the CFP. We talked to other BSides organizers. We discussed among ourselves. We discussed with friends and family. Ultimately, we ended up leaning heavily on OpenConf to guide us, did the reviews ourselves and relied entirely on the scoring to choose. While I was concerned about the fact that I personally know more than half of the submitters, many people assured me that any unconscious bias on my part will be balanced out by the fact that the other three organizers and reviewers don’t know the same people I do. I found that the opposite held true as well. We had submitters that Roger, Jed and Adam personally know, but I don’t.

In analyzing the results, I found that we were in 100% agreement on many of the submissions – we received a number of very original, high quality talk proposals that we’re all genuinely excited to see! On the other hand, there were some that we were entirely split on – some scored these as a ‘one’ (out of six), while others scored as a ‘five’! I think we had several good talks that didn’t make the cut – we just didn’t receive many low quality ones. We were only unanimous in rejecting a few, and honestly, it wasn’t because the talks were necessarily ‘low quality’, but rather they seemed unclear and rushed. They left us confused or just weren’t very persuasive. I’d always suggest running your idea by a few of your peers before submitting.

CFP Results

We accepted the top fourteen highest-scored talks and had to reject seven. If I were to sum up and categorize the talks we accepted, they’d look like this:

Attack: 5
Defense: 4
Think: 3
Mods: 2 (mods = electronics hacking)

To give you an idea of how competitive the submissions were, a score of 4 our of 6 didn’t make the cut. We thought at one point that we might need to disqualify some outright. We didn’t. We even considered adding a third track, which would have allowed us to accept 100% of the talks (7 in each), but it was a little late in planning and logistics to go looking for a third venue.

Our congratulations go to the accepted speakers, and our condolences to the ones that didn’t make the cut – if we could, we’d have everyone speaking. We’re using Sched.org to manage the talk schedule and all related tasks (author bios, even integrates with EventBrite!), and you can view the schedule now. Also, we’re excited to announce Travis Goodspeed as our keynote speaker!

CFP Update: A slight change…

So the first round has ended, and after much deliberation, we’ve decided that we’re going to merge the second round with the first, and do submission selection all at once after the second round deadline on April 1st. There were many reasons for this, but ultimately we didn’t receive enough submissions to justify having two rounds and sought to simplify the process.

We’d like to apologize for everyone that submitted early for this first round – we appreciate that you sent us some great submissions early on. Thank you!

We only ask for some understanding that this is our first BSides, and though we’ve got other BSides organizers’ experience to draw upon (especially Dallas-Ft. Worth and Nashville, thanks!), we’re going to make a few mistakes and modifications as we go along.

Be assured the rest of the conference is going relatively smoothly so far, and we’re on track for one heck of a security con, even for a little scruffy town like Knoxville.

Tickets available and first sponsor

Tickets on sale

We are excited to announce that tickets are now on sale at Eventbrite! Tickets are $10, but there’s good news and bad news. The bad news is that you have to pay the $1.54 fee in addition to the $10 ticket price. The good news is that, for $11.54:

  • We will have food catered in to feed you (exact details are still working out, but it will likely include breakfast, lunch, snacks and drinks but not dinner)
  • You’ll get an opportunity to network with both Knoxville’s experienced security professionals and aspiring security professionals – the only other opportunity to do this is in the fall at the East Tennessee CyberSecurity Summit (ETCSS)
  • We will have 2 tracks filled with interesting, high quality talks for all sorts of interests (keep sending in those submissions!)
  • Every attendee will get a cool badge. We played with the idea of having fully functional electronic badges, but costs were prohibitive. Instead, we’ll have an awesome looking PCB and will aim to have the necessary components available onsite for you to purchase, and soldering stations allowing you to put them together. Or build it later and enjoy the talks instead!
  • No talks you’re interested in? Though we’re still working out exact details, we’ll have some fun activities (‘villages’ we like to call them) for you to engage in.

Sponsorship

We’rCiscoe happy to announce Cisco as our first official platinum sponsor. Knoxville is a special place when it comes to Cisco and security, as the company’s Advanced Security Initiatives Group (ASIG) is based here.

Other Stuff

  • We’ve already been using it, so it looks like the official hashtag for this event will be #BSK2015.
  • If you are a student, email info (at) BSidesKnoxville.com to receive a discounted rate for tickets! Student IDs will be checked to confirm the special rate at the door.
  • Tickets have been limited, as space is limited at this venue, and no one likes getting surprise visits from the fire marshall. If all tickets sell out and demand is still high, we will consider going to… plan 9. Just kidding, we have a plan B.
  • Since we’re providing food, we want to be respectful of any particular dietary needs. If you have any special needs, email us at info (at) BSidesKnoxville.com and let us know.
  • If you have any other questions, email us at info (at) BSidesKnoxville.com

CFP is open!

Calling all Makers, Hackers, Red Teams, Blue Teams, or anyone who wants to rant about security and privacy! The first ever BSides Knoxville is scheduled for May 15th, 2015 @ Scruffy City Hall, and we’re looking for creative, cutting-edge presentations.  Whether you’ve devised a new attack against internet-connected gas pumps or discovered a new behavioral analysis technique for identifying botnet C&C, we want to hear from you!  Attacking, defending, threat intelligence, privacy issues, reverse engineering, philosophy; if it has a security, hacking, or privacy angle, BSides Knoxville is interested!

If you want to shape Appalachia’s view on security, please submit a short abstract describing your contribution at:

http://cfp.bsidesknoxville.com

Key CFP dates and deadlines:

  • CFP Opening: Feb. 1st, 2015
  • Early Submission Deadline: March 1st, 2015
  • Early Submission Notification: March 7th, 2015
  • Final Submission Deadline: April 1st, 2015
  • Final Notifications: April 7th, 2015

BSides comes to Knoxville

This ‘scruffy little city‘, after one aborted attempt and a lot of planning, is finally going to host its first BSides conference. Knoxville is an interesting place for security professionals. The InfoSec community is small here, but the area has its share of notable security events – good and bad. Knoxville gave birth to Neighborcon a ways back. Oak Ridge National Lab employs a significant security force and has had its struggles as a target. The Sarah Palin hack was carried out by a UT student. The Cisco Advanced Security Initiatives Group (ASIG) is based in Knoxville and its members are directly involved in getting this conference going. Knoxville has a number of companies headquartered here, a few of which include Pilot Flying J, Scripps Networks (HGTV, Food Network, DIY Network, Travel Channel, etc), Ruby Tuesday (in nearby Maryville), AC Entertainment, Bush Brothers, Jewelry Television, Sea Ray, Magnavox and Regal Entertainment.

All this factored into the decision to launch a security con here, though one of the most influencing factors was the great local need for security skillsets. This is a college town and there is some interest in the security world from students living and going to school here. Many of the companies I’ve mentioned are on the cusp of growing large enough to require full time security staff, or are currently looking to grow security staff.

Within the last 2-3 years, Knoxville received its first DEFCON group (DC865), ISSA chapter (almost there, actually) and maker space. Our experiences with these three groups all but validate our suspicions that this is a town begging for a hacker con. We hope. Tickets go on sale on February 15th, and our fingers are crossed.