BSides Las Vegas

Hear From Our Security Experts

Laser Beams & Light Streams: Letting Hackers Go Pew Pew, Building Affordable Light-Based Hardware Security Tooling

When: Tuesday, August 5 | 6-6:45pm PT
Location: Breaking Ground Track

Sam. Beaumont
Director of Transportation, Mobility, and Cyber-Physical Systems

Larry Trowell
Director of Embedded/Hardware

Stored memory in hardware has had a long history of being influenced by light, by design. For instance, as memory is represented by the series of transistors, and their physical state represents 1’s and 0’s, original EEPROM memory could be erased via the utilization of UV light, in preparation for flashing new memory. Naturally, whilst useful, this has proven to be an avenue of opportunity to be leveraged by attackers, allowing them to selectively influence memory via a host of optical/light-based techniques. As chips became more advanced, the usage of opaque resin was used as a “temporary” measure to combat this flaw, by coating chips in a material that would reflect UV. Present day opinions are that laser (or light) based hardware attacks, are something that only nation state actors are capable of doing. 

Currently, sophisticated hardware labs use expensive, high frequency IR beams to penetrate the resin. This project demonstrates that with a limited budget and hacker-and-maker mentality and by leveraging more inexpensive technology alternatives, we implement a tool that does laser fault injection, can detect hardware malware, detect supply chain chip replacements, and delve into the realm of laser logic state imaging.

Beyond the Command Line: Transitioning from Individual Contributor to Leader

When: Tuesday, August 5 | 1-1:45pm PT
Location: Hire Ground Track

Leo Pate III
Senior Director, Consulting

The leap from technical expert to leader is one of the most challenging transitions in cybersecurity. Many high-performing engineers, penetration testers, and analysts find themselves in leadership roles without clear guidance on how to succeed. The skills that make a great individual contributor—deep technical expertise, problem-solving, and hands-on execution—aren’t always the same ones that make a great leader. This session will explore the challenges and rewards of moving into leadership, including how to develop managerial skills, communicate effectively, and lead teams successfully. Attendees will leave this discussion with a clear understanding of what it takes to transition from an individual contributor to a successful cybersecurity leader. They will learn how to shift their mindset from personal technical execution to team success, develop critical leadership skills like communication and delegation, and navigate the challenges of managing former peers. The discussion will also tackle imposter syndrome, common leadership pitfalls, and how to build an authentic leadership style that aligns with your strengths. Whether you’re considering a leadership role or already in one, this session will provide actionable insights to help you grow, lead, and thrive in your cybersecurity career.

So You Want to Give A Talk: How to Write a CFP

When: Monday, August 4 | 11am PT
Location: Common Ground Track 

Philip Young
Practice Director, Mainframe Penetration Testing

The one thing I love about our community is the passion to give back. And if you’re reading this and thinking “I would love to give back, but I don’t know where to start” than this talk is for you. Almost every month it seems like there’s a cybersecurity conference happening, and each of those conferences have what is called a Call for Papers (CFP). It sounds scary and daunting, but submitting a CFP isn’t very hard once you know what you’re doing. As someone who’s given dozens of talks and has been on the review board for a few conferences, including BSidesLV, I know a thing or two about CFPs.  

The purpose of this talk is to walk you through what makes a good CFP, what’s in it for you, how to properly fill out the various sections, what a CFP review board is and what they want to see. We’ll use examples of the BSidesLV CFP as well as DEFCON and BlackHat (since they ask for extra special stuff). By the end of this talk you’ll have the confidence to submit your first CFP and start giving talks!