11:30 - BeaCon opens; intro (with brief pimping of SECore.info by banasidhe)

12:00 - Dan Crowley - Why UPnP is Awesome and Terrifying

13:00 - Keith Gilbert - Malformity

14:00 - Patrick Laverty - Pharmaspam at a .edu: A Case Study

14:15 - Schuyler Towne - Long Lost Locks: The X-Patents

14:30 - Ben Jackson - Blitzing With Your Defense

15:30 - Collin Mulliner - TBA

16:30 - Dan Rosenberg - Cyber Pompeii 3: Tokyo Drift

17:30 - StoopCon

18:00 - Outro; BeaCon ends 

Dan Crowley - Why UPnP is Awesome and Terrifying

UPnP daemons can be found on a wide range of devices these days, from network devices to desktop OSes to network-attached electrical outlets and more. While UPnP is mostly known for its use in automated port forwarding, it serves as a general interface to allow interaction with a host in a variety of ways determined by the host providing the UPnP interface. This talk will explain how UPnP discovery and interaction occurs, and demonstrate issues with various devices running UPnP daemons.

Daniel (aka "unicornFurnace") is a Managing Consultant for Trustwave's SpiderLabs team. Daniel denies all allegations regarding unicorn smuggling and questions your character for even suggesting it.

Daniel has developed configurable testbeds such as SQLol and XMLmao for training and research regarding specific vulnerabilities. Daniel enjoys climbing large rocks. Daniel has been working in the information security industry since 2004 and is a frequent speaker at conferences including DEFCON, Shmoocon, and SOURCE. Daniel does his own charcuterie.

Keith Gilbert - Malformity

Malformity is an Open Source project based on the Canari framework for conducting malware and malicious network research using Maltego (MALware transFORMs and entITY). Not only is it cool, but it saves time for analysts and produces pretty pictures for the management to look at. The transforms included within Malformity allow an analyst to query platforms such as Virustotal and ISC PassiveDNSDB, as well as other popular malware analysis sites for a variety of different characteristics. The sources will soon expand to host based tools such as pyew as well. The Canari framework makes deploying these transforms locally extremely quick and easy. As the project is under active development, the number of transforms and functionality will continue to grow. Additionally, support for Machines and Maltego Scripting Language will allow for increasing levels of automation and analysis as the project develops.

Keith Gilbert is a digital forensic analyst and threat researcher with experience in non-criminal domains. Keith obtained both his B.S. and M.S in Information Assurance from Norwich University. Keith’s experience has incorporated media forensics, network forensics, intrusion analysis, and threat research. Keith is a member of the Verizon RISK Team and is currently serving as a moderator at ForensicArtifacts, specifically helping with the IOC portion of the site. Keith is a GIAC Certified Forensic Analyst (GCFA), GIAC Certified Incident Handler (GCIH), and an Associate of (ISC)2 at the CISSP level. 

Patrick Laverty - Pharmaspam at a .edu: A Case Study

In 2012, a major university's web server was being used to game Google results and increase visibility of online discount pharmacies. In this talk we'll see how it may have been done, the tools used and fun with .htaccess to make all the magic work. Oh yeah, and some prevention steps too.

Patrick splits his time between building web apps and breaking/fixing them at Brown University. He is also an intern with PaulDotCom, the OWASP-Rhode Island chapter founder and co-host for BSidesRI. 

Ben Jackson - Blitzing With Your Defense

The traditional response model for blue teams, designed with years of experience with virus and worm outbreaks, starts to become less effective when applied to adversaries who are actively attempting to bypass your defenses. The days of simply responding to alerts are over and a shift to employing more "active" defenses along with developing intelligence about threat actors has started. This presentation will discuss developing a defense that “blitzes” how to gather threat intelligence via open source data, how to analyze and extract data from attacks against your environment, and how to establish a more "active defense" of your network. 

Ben spends his time enjoying being a husband, dad, and messing around with anything that has a button, dial, or blinking light on it. He was the author for "Asterisk Hacking" from Elsevier Publishing, has spoken at various conferences, and has appeared on various media outlets discussing security and privacy. Ben strongly dislikes Thursdays and writing about himself in the third person.

Dan Rosenberg - Cyber Pompeii 3: Tokyo Drift

Race cars*, volcanoes*, death-defying stunts*! This talk has all that* and more*!

* - subject to change

Dan is a security researcher at Azimuth Security. He specializes in breaking things.

Schuyler Towne - Long Lost Locks: The X-Patents

In 1936 there was a terrible fire at the US Patent Office that destroyed nearly 10,000 patents, drawings, models, everything. Only 1/4 of those patents have been restored. Unfortunately for me, not one of the 53 lock patents that were lost managed to get recovered. So? I'm doing it myself. It's entirely likely that I'll never fully recover even one of these patents, but I am on a mission to discover as much as I can about both the locks & the inventors. In this talk I'll tell some of the stories that I've uncovered so far.

Schuyler is obsessed with locks. He got his start as a competitive picker, winning the American Open and competing internationally as well. At an early point in his lock collecting he came across an old "Yale & Towne" padlock. This potential familial connection drove his interest further and he spent the next several years of his life trying to understand everything he could about locks. From how they work and why they fail, to the stories of who invented them and when and where they came into existence.