#SquadCon by Black Girls Hack

Date: Thursday, August 10th (9:00 AM PST) — Saturday, August 12th (2:00 PM PST)

Website: https://squadcon.me/

Location: The Industrial Event Space (2330 S Industrial Rd, Las Vegas, NV 89102)

Platform(s): HopIn

Schedule: https://squadcon.me/

Live Streams:

TBA

Chat: TBA

Accessibility: Offers Online Virtual & In-Person Attendance. Basic Virtual Tickets are FREE but LIMITED (https://hopin.com/events/squadcon/registration?code=DnNiZ3lruZk8vFgINPl5McBSk), only $80.50 VIP Virtual (they send you a physical badge in the mail) is available. General Admission In-Person is $172.50 and prices go up with VIP & VIP+

Tickets: https://www.eventbrite.com/e/girls-hack-village-presents-squadcon-tickets-634358692927

Code Of Conduct: TBA

Girls Hack Village presents SquadCon is a three-day conference that seeks to bring gender diverse perspectives of the contributions, experiences, and issues facing the industry’s other. Hackers that are new or from underrepresented communities may not often feel comfortable in existing conferences. SquadCon is a forum for conversations about topics that impact girls, women, and LGBTQ+ individuals, including mental health and all the factors that shape the experiences of marginalized groups in the industry. SquadCon is a cybersecurity conference that will include talks, labs, workshops, discussions, CTFs and panels to move towards our mission of improving diversity in ethical hacking.

SquadCon is an independent conference event in Las Vegas during Hacker Summer Camp scheduled for August 10–12th. It is run by the makers of Girls Hack Village and exists to help foster diversity and inclusion in cybersecurity.

BlackGirlsHack Foundation (BGH Foundation) is a registered non-profit organization in the state of Virginia with a 501(c)(3) designation. We are a training-focused organization that was created to help increase diversity in cybersecurity by helping to bridge the gap between what is taught in educational institutions and what is necessary for careers in cybersecurity.

While several organizations cater to the interests of women and minorities in cybersecurity, black women are still severely underrepresented both in the field and by existing infrastructures. BlackGirlsHack meets the needs left unmet by existing services by providing hands-on skills that are focused on people who are upskilling and reskilling in cybersecurity.

To that end, BGH provides weekly hands-on ethical hacking workshops and training programs aimed at helping to provide technical skills and certifications to one of cybersecurity’s most underserved populations. BGH partners with some of the world’s best training organizations to offer introductory to advanced-level training through our BGH Training program.

The newest hacker convention to burst onto the Las Vegas strip, #SquadCon was started by Black Girls Hack, who had a successful booth at DEFCON 30 last year, due to some infuriating boneheaded news:

Being the absolute girl bosses & chad hackers that they are, they literally did this:

And now what was going to just be yet another booth at DEFCON 31 turned into a three day circus extravaganza DURING DEF CON weekend!

The focus on what has been presented seems to be a mid-sized Goldielock zone; not super massive like Black Hat and DEF CON but not super niche and small like the previous Fuzzcons. Small enough to be intimate and social but large enough to be a three day tour-de-force. Focus similar to their booths is on diversity and inclusion in race, gender and sexuality. Balancing the business carrier side of InfoSec with the insane tricks of 1337 hackers, we welcome this new convention and can’t wait to see it in action come August!

Because remember…behind every great black man, is a black woman that got shit done.

TICKET TIER SYSTEM

General Admission Ticket ($150) includes:

Access to full day events and networking

Access to sponsors

Access to Party

VIP Admission Ticket ($200) includes:

Access to full day events and networking

Access to sponsors

Access to Party

Custom Badge

Free Shuttle or Lyft from Strip To/From the Industrial Event Space (Once each day)

VIP+ Admission Ticket ($250) includes:

Access to full day events and networking

Access to sponsors

Access to Party

Custom Badge

Box Lunch all three days

Free Shuttle or Lyft from Strip To/From The Industrial Event Space (Once each day)

Virtual Only Ticket (Free) includes:

Access to live streamed talks

Virtual+ Ticket ($70) includes:

Access to live streamed talks

Custom Badge (Shipped to U.S. addresses)

HOW TO HOP INTO HOPIN

https://youtu.be/EOlWYsnE3JU

BLACK GIRLS HACK WORKSHOPS

The first 15 to sign up for a workshop will have a reserved spot and the last 15 can sign up in person if you choose. For the preregistered spots, your registration will be held for 10 minutes at the start of the workshop and will be released to others wishing to participate if you do not show up.

Intro to CTF Workshop

If you think CTFs sound cool, but aren’t sure how to even get started, then come join us for this interactive session! We’ll walk you through everything you need to know to get started. Learn how to set up your workspace and discover useful tools and techniques to solve common challenges in open-source intelligence and cryptography. No cyber or CTF experience required — all you need is your laptop.

Protect the Pi Workshop

Girls Hack Village annual Protect the Pi workshop is back for its second year. It’s Red Team vs. Blue Team, who will win? In this workshop you will be place on either the Red or Blue team according to your desired preference. Either you will have to stop the Red Team from stealing your flags or you will go full Red Team and use exploits to gather as many flags from the Blue Team as possible. There will be a moderator and helpers for those that need it during this challenge in order to get the full experience of the workshop. Newbies are definitely welcomed and encouraged to participate as you will learn new defensive and offensive skills in cybersecurity as you protect your Pi or use it as a weapon against the Blue Team.

Join us for a mobile app workshop focused on hacking Android WebViews with Frida! Improper implementation can expose WebViews to attacks, compromising user data. This workshop will include Android security fundamentals, with a focus on WebViews, and will leverage the Frida dynamic instrumentation toolkit to analyze and manipulate WebViews in real-time. This hands-on session will provide participants of all skill levels with practical knowledge and skills to assess and exploit Android WebViews and Frida fundamentals for conjuring their own scripts.

Requirements:
- Laptop with administrative privileges

- Corellium virtual device will be provided

Optional:
- Android emulator with Frida installed

WIRESHARK & PASSWORD CRACKING WORKSHOP

If you’ve got the basics down and want to find out how you can strengthen your CTF game, then you’ll want to join us. In this interactive session, we’ll show you how you can use Wireshark to dive deep into packets and find out what hidden data is being sent on the wire. We’ll also show you the Linux command line to help you solve CTF challenges and teach you some password cracking techniques. Make sure to come prepared with your laptop and a Kali Linux virtual machine!

Write Up/ Read Out Workshop

Writing pentesting reports and bug findings is equally as important as finding the bugs themselves. This workshop will discuss note taking, appropriate level of detail, writing up reports and how to do an executive level readout.

CONTEST & PARTIES

📅 Date: July 21,2023

⏰ Time: 5pm to 7PM

BlackGirlsHack presents Wine and Whiskey DC event sponsored by CompTIA. The event will be in Washington DC and will include food and drinks and a fireside chat with BGH leadership.

Do you live in the Washington D.C, Maryland, or Virginia area? Do you want to network with other professionals in cybersecurity or the technology field? BlackGirlsHack and CompTIA are partnering for an exciting meet-up, so mark your calendars!

https://www.playcyber.com/defcon2023
Superheroes vs Villains ~ Saturday August 12th, 8pm-2am @ The Industrial Event Space

Due to the con’s smaller size and newness to the scene, we wanted to highlight these two special events! Repeat & More Detailed Info are listed in our CTF Guide & Party Guide respectively.

DCG 201 TALK HIGHLIGHTS FOR #SQUADCON 2023 (EST)

This is the section where we have comb through the entire list of talks on both days and list our highlights for the talks that stand out to us. Note that this does not invalidate any talks we didn’t list, in fact, we highly recommend you take a look at the full convention schedule beforehand and make up your own talk highlight lists. These are just the talks that for us had something stand out, either by being informative, unique or bizarre. (Sometimes, all three!)

Camille Stewart Gloster, Esq. is the Deputy National Cyber Director for Technology & Ecosystem for The White House. In her role, Camille leads technology, supply chain, data security, and cyber workforce and education efforts for the Office of the National Cyber Director. Camille is a cyber, technology, and national security strategist and policy leader whose career has spanned the private, public, and non-profit sectors. She joined ONCD from Google, where she most recently served as Global Head of Product Security Strategy, and before that as Head of Security Policy and Election Integrity for Google Play and Android.
Jen Easterly is the Director of the Cybersecurity and Infrastructure Security Agency (CISA). She is a proud Mom, a mental health advocate, a Rubik’s Cube enthusiast, and an aspiring electric guitarist. Before joining CISA, Jen led the firm-wide resilience effort at Morgan Stanley after a lengthy public service career that included serving at the White House twice, helping to stand-up the Army’s first cyber battalion, and more than twenty years of service in intelligence and cyber operations, including tours of duty in Haiti, the Balkans, Iraq, and Afghanistan.
Tennisha Martin is the founder and Executive Director of BlackGirlsHack (BGH Foundation), a national cybersecurity nonprofit organization dedicated to providing education and resources to underserved communities and increasing the diversity in cyber. BlackGirlsHack provides black women and girls with resources, mentorship, direction, and training required to enter and excel in the Cybersecurity field. Tennisha has a bachelor’s degree in Electrical and Computer Engineering from Carnegie Mellon University and a Master of Science in Information Technology, Health Care Policy and Management, Cybersecurity, Digital Forensics and Cyber Investigation, and Business Administration from Carnegie Mellon, Johns Hopkins University, and the University of Maryland. She has worked in a consulting capacity for over 15 years in Penetration Testing, Project Management, Risk Management, Audit, Information Assurance, Quality Assurance, Software Development, and Testing roles. In her spare time, Tennisha is a Cyber Instructor, mentor, and red-team leaning ethical hacking advocate for diversity in Cyber and the executive suites.
Tia began her career as a high speed internet installer in the early 2000s, which sparked her interest in the information technology field, and ultimately led to her focus on cybersecurity. She has spent more than two decades in the IT and IT Security industry and is currently the Chief Cyber Resilience Officer & Field CTO at eSentire. In addition to her role at eSentire, Tia is an adjunct professor of Cybersecurity, a women’s tackle football coach, and a LinkedIn Learning Instructor. Tia holds several industry certifications including the CISSP, CISM, and GSLC in addition to a BS in Information Technology, MS in Information Security and Assurance, and MS in Cybersecurity and Information Assurance. She is also pursuing an Executive MBA as well as a PhD in Cybersecurity Leadership. She is also a Boardroom Certified Qualified Technology Expert (QTE), an executive with the education, applied experience, and/or formal education necessary to work in the corporate boardroom and oversee risk in complex digital business systems. Tia was recognized by SC Media as an outstanding educator in 2019, as well as one of The Software Report’s Top 25 Women Leaders in Cybersecurity and Cyber Defense Magazine’s Top 100 Women in Cybersecurity; both in 2020. In 2021, Tia was recognized as a Top Influencer in the Security Executives category by IFSEC Global and was most recently recognized by Dark Reading as #1 on the list of ‘8 More Women in Security You May Not Know but Should’ in 2022. Tia contributed a chapter to the book The Rise of Cyber Women: Volume 2 in 2021 and co-authored ‘Hack the Cybersecurity Interview’ with Ken Underhill and Chris Foulon in 2022. She is also the Founder of Empow(H)er Cybersecurity, a non-profit organization aimed at inspiring and empowering women of color to pursue cybersecurity careers.

This talk explores the journey of pursuing and navigating executive leadership, focusing on overcoming challenges and driving success in today’s dynamic and competitive market.

Head of Threat Research (Protect AI). Chloé Messdaghi is an accomplished security executive known for advising and developing solutions that have improved security teams and the industry. A sought-after public speaker and trusted source for national and sector reporters, her work has been featured in numerous outlets, and she has been recognized as a Power Player in Cybersecurity by Business Insider and SC Media. Chloé is also dedicated to various charitable causes, demonstrating her commitment to driving positive change.

This talk specifically targets security leaders and explores the detrimental effects of a lack of vision or direction on employee burnout. Over 35% of burned-out workers experience uncertainty about their goals and how to achieve them, leading to anxiety and a sense of aimlessness. Security leaders play a crucial role in mitigating burnout and fostering a healthier work environment. The talk provides strategies for security leaders to provide clear vision, establish goals, and combat uncertainty-induced stress among their teams. By creating a supportive work environment and promoting leadership accountability, security leaders can enhance employee resilience and decrease burnout rates. Attendees will gain insights into the correlation between uncertainty, burnout, and organizational performance, and learn practical strategies for fostering a positive work environment tailored to the unique challenges of the security field.

Sr. Security Engineer (Cisco Meraki). Christina is a ex-circus performer turned web developer turned Senior Enterprise Security Engineer. She’s worked in highly regulated tech industries such as healthcare and finance. In her current role, she is the vendor review SME performing reviews and security integration liaison for a company of over 3,000 people. Her favorite outdoors activities include climbing large rocks and hiking extremely slowly to look at wildflowers, mushrooms, and shiny smaller rocks.

The very idea of public speaking strikes fear into the hearts of even the bravest people, creating clammy hands and pounding hearts. But when fear of speaking keeps diverse voices and perspectives off Security conference stages, the lack of diversity and inclusion in the Security industry is reinforced by the absence of those voices.

Attendees will take away effective and actionable techniques to ensure that they fearlessly crush it and hone their public speaking skills. More specifically, how to rehearse for talks and other preparation.

Garrett is a cybersecurity analyst in the manufacturing industry who also learns and teaches some offensive security basics. scFlag{foundit}

Yes, another talk about preparing and dealing with ransomware. Just sit back and listen.

Senior Cloud Advocate (Microsoft). Sarah is a Senior Cloud Security Advocate working at Microsoft. She has lived all over the place but currently calls Melbourne home. Sarah has been working in cyber security since before it was cool, holds numerous industry qualifications and has co-authored a few Microsoft Press technical books. In 2019, Sarah won the Security Champion award at the Australian Women in Security Awards. She is an active supporter of both local and international security and cloud native communities and a co-host of the Microsoft Azure Security Podcast. Sarah spends most of her spare time speaking at security conferences in various parts of the world, eating hipster brunches and high teas and spending a disproportionate amount of her income on her dogs.

Many cloud security breaches start from implementation mistakes: whether it be bad coding practices, misconfiguration, etc. Before (best case) your security team or (worst case) an outside attacker finds them; how can you be proactive about finding and fixing common security mistakes?

Dr. Sylvea Hollis is an Assistant Professor of African and African American History at Montgomery College. She earned a Ph.D. from the University of Iowa. Before coming to Montgomery College in the fall of 2020, Dr. Hollis was a National Park Service-Mellon Postdoctoral Fellow and taught courses in the American Studies Department at The George Washington University. She earned a MA in History Museum Studies from the Cooperstown Graduate Program (SUNY-Oneonta) and has extensive experience in the museum field. Her most current work is a research project on the “Birmingham Years” of the African American sculptor, John W. Rhoden, for a forthcoming exhibition catalog with the Pennsylvania Academy of Fine Arts. Dr. Hollis also runs a blog (http://www.sylveahollis.com) that explores the intersections between African American history, archives, public humanities, and teaching.

This talk explores my preliminary thoughts about AI as a site of knowledge production and its implications for everyday people who seek to understand Black History. How accessible is Black History within the AI? How accurate is Black History within AI? What kind of tools/products could be useful in future iterations of this technology? Why do such questions matter?

Modern ransomware has become synonymous with some of the most devastating cyber attacks of our time.. But it hasn’t always been so. 30 years ago, ransomware was born as a wild scheme, devised by a man armed with 10,000 floppy disks and a virus. How has this evolved into the most impactful form of cybercrime today, and what can this surprising, untold history teach us about our present and future?

(ALSO AT BSIDES LV)

George Kamide is the co-founder and co-host of Bare Knuckles and Brass Tacks, a podcast dedicated to repairing the vendor-customer trust divide in cybersecurity.

As AI becomes integral to business operations and cybersecurity tooling, the technology will dramatically reshape infosec teams’ processes and impact its people.But the crucial question remains, who will be the guiding force when these decisions are made? The existing gatekeeping issues coupled with the prevalent homogeneity in the leadership within AI and cybersecurity realms threaten to compound challenges for defenders from traditionally marginalized communities. In this talk, we will challenge this potential future state and provide a way forward for today’s defenders.

With the technology terrain increasingly veering towards AI, what does it take to ascend into a leadership role? Is it a deep dive into specialization or a broader approach via generalization? The aim of this talk is to empower you to take the initiative, provide you with a blueprint of today’s AI security landscape, and show you how to develop strategies to lead and influence the integration of AI into business and security tools within your organization.

This talk is not just about informing you; it’s about empowering you to become a leader as we step toward the era of AI-driven cybersecurity risks and defense.

Stefani Goerlich is a Clinical Social Worker and Certified Sex Therapist who specializes in working with gender, sexuality, and relationship diversities. She is the multi-award winning author of The Leather Couch: Clinical Practice with Kinky Clients and co-host/organizer of Securing Sexuality, a podcast and live conference exploring issues at the intersection of intimacy and technology. Her first book for couples, With Sprinkles On Top: Everything Vanilla People and Their Kinky Partners Need to Communicate, Explore, and Connect is available for pre-order now.

Throughout time, folks looking for love (or lust) found and formed relationships with one another by leveraging community networks — relatives, clergy, nosy neighbors, even matchmakers. For the first time in human history, our relationships are no longer being mediated by other people but rather by technology. From social media and circuit boards to algorithms and artificial intelligence, tech is influencing the way humans form intimate bonds in ways never seen before. In this talk, Certified Sex Therapist and Clinical Sexologist Stefani Goerlich will talk about the emerging themes in mental health and relationship counseling and how these have been influenced by the explosion in SexTech, online dating, and the pervasiveness of erotica, among other topics. She will explore the potential positives and emerging drawbacks of transitioning one’s most intimate relationships into the cloud. This session offers a framework for health and safety for the first generation of digital natives entering into adult relationships.

Malik Girondin has diverse work experience starting from 2017 in the Customer Service sector, specifically in Walgreens, where he worked as a Customer Service Associate and handled phone calls, resolved customer issues and complaints, and conducted exchanges, returns, and refunds. Malik then shifted to the Healthcare sector, where he worked as a Customer Service Specialist at HealthTrust Workforce Solutions and answered incoming inquiries from DHPs, Facilities, and Agencies. In 2023, Malik started working in Security Blue Team as a Junior Defensive Content Engineer and in Correlation One as a Teaching Assistant in Cybersecurity. Malik taught cybersecurity and provided office hour sessions for Fellows, worked with fellow TAs, and lead instructors on ways to improve the learner experience. Malik also hosted review sessions to ensure Fellow’s progress and satisfaction. Additionally, they worked for BlackGirlsHack as a Course Instructor in Cybersecurity.

I am going to talk about Content Engineer being a new and thriving career within cybersecurity. I will also talk about the state of cybersecurity and how can we become better professionals.

Camille Singleton brings seventeen years of professional experience to cybersecurity topics, both in the US government and as an analyst at IBM. She is conversant on a range of topics affecting the cyber threat landscape, including industry-specific analysis, multifactor authentication, ransomware, destructive malware, and phishing trends. She has published multiple articles addressing pressing cybersecurity topics, ranging from threats to operational technology and vulnerability management to Powershell-based attacks and trends in ransomware. Camille has appeared as a speaker at THINK, RSA 365, the Australian Cyber Conference, and multiple WiCyS events and has authored several white papers, including “Combating Destructive Malware: Lessons from the Front Lines” and the 2021 and 2022 IBM Security X-Force Threat Intelligence Index. She has two master’s degrees — one from Oxford University and another from George Mason University — lending academic depth to her analysis to complement her professional experience. Since May 2023, Camille has been managing the Adversary Investigations and Analysis Team in X-Force Threat Intelligence, where her team tracks threat actor TTPs and provides intelligence support to X-Force Incident Response Team.

The Unique Advantages of Women in Tackling Cybersecurity Problems

Craig Newmark is best known as the founder of the classifieds ad site craigslist, which showed tens of millions of Americans that the Internet could be reasonably useful and easy to use.

Now, he engages in full time philanthropy, focusing on helping and protecting the people who help and protect our country. That includes cybersecurity, trustworthy journalism, and support for military families and veterans.

He was greatly influenced by his Sunday School teachers who had escaped the Holocaust, set his moral compass, and taught him to treat people like you want to be treated, and how to know when enough is enough.

Craig might be #nerdpatient0, having worn plastic pocket protectors, thick black glasses, taped together, and being poorly socialized. He remains poorly socialized but can simulate social skills as needed.

He originally intended to study Large Language Models like ChatGPT in the early seventies, but decided he wanted gainful employment, and went into software development.

Since then, he’s worked at IBM, Charles Schwab, Bank of America, and worked at craigslist for about 25 years. He retired from craigslist customer service job some years ago.

He ascribes any success to accidentally being in the right place at the right time, making him the Forrest Gump of the Internet.

Using her background in Psychology and Education, Chantel weaves human behavior into her work as a Security Consultant & Risk Specialist. She specializes in pentesting a number of technologies across different industries and sectors. In her free time, she enjoys learning new hacking techniques, researching the cosmos, reading philosophical texts, and spending time with her loved ones. Bringing integrity, positivity, collaboration and an open mind to all things new drives her passion for hacking.

A pentest is only as good as the pentester! For a pentester to successfully cover a client’s needs, it’s important that a thorough pentesting methodology is utilized. Methodologies typically expand as we gain more hands-on experience. In this talk, we’ll cover elevating our methodology as pentesters within a shorter time frame while also addressing the barriers that can get in the way of learning new tools & techniques that will ultimately expand our methodology.

Yarden is an iOS security researcher at Cellebrite labs

iOS is considered to be one of the most secure operating systems in the world.

Apple puts a lot of effort to maximize security on their platforms
They are building layers on layers of protections in order to make exploitation much harder
But how are they doing it?

In this talk we will go through some of iOS security mechanisms and the way they complete each other for maximum coverage.

Ryan is cybersecurity professional with a focus on security policy from a Governance, Risk and Compliance space. His journey to cybersecurity has given him a unique perspective on the industry and how we can best serve our communities. After obtaining a Bachelor of Arts in Political Science from Whittier College he became deeply involved in elections and election administration. While working with the Los Angeles County Registrar-Recorder to pilot the county’s new voting system he decided to continue to pursue formal education in the cybersecurity field. After completing a course of study at Cal State University Long Beach, Ryan made the transition into cyber in a help desk role and currently serves as a Compliance Analyst for one of the top MSSP’s in the nation. Ryan’s ultimate goal is to bridge the gap between legislators and cybersecurity professionals. Recognizing that effective cybersecurity policies are crucial for securing not just government systems but also the online landscape for all citizens, he aims to advocate for sensible and comprehensive cybersecurity policies. By leveraging his background in political science and cybersecurity expertise, Ryan seeks to promote legislation that will protect and educate marginalized communities as they navigate the digital realm.

How our most mundane security policies can lead to some of our most meaningful security maturity wins? Good habits build on one another, just like bad habits. Our good habits tend to encourage other auxiliary good habits. A neat space, cultivates a neat mind. In this talk, we will explore how neatness is the under celebrated linchpin of a mature cybersecurity culture.

--

--

DCG 201
DCG 201

Written by DCG 201

North East New Jersey DEFCON Group Chapter. Dirty Jersey Represent! We meet at Sub Culture once a month to hack on technology projects! www.defcon201.org

No responses yet