Gardner Student Center at Utah Tech University
1037 E 100 S, St George, UT 84770
BSides Redrocks is a non-profit, 501(c)(3) run, conference focused on cybersecurity.
At this conference you can expect to meet & network with industry experts, many of whom are located throughout
Our goal is to provide a platform for the community to come together and share ideas, insights, and knowledge.
We want to help grow the cybersecurity community in Utah and provide a place for people to learn and grow.
Capture the Flag (CTF)
Prizes for the Winning Team and Top Individuals!
Sessions - GRAND BALLROOM
10:00 AM thru 10:25 AM - Opening Ceremonies
Bryce Kunz // TweekFawkes
10:30 AM thru 10:55 AM - Solving the People Problems in Your VMDR Program
VMDR programs need more than technology. Hear some real-world lessons and good advice on getting the people behind them on board across your organization. You'll be burning down those vulns in no time!
11:00 AM thru 11:25 AM - Table Top Exercises - (probably) not as boring as you think*
Zodiak - (Matt Lorimer)
Come to this high level presentation to learn how to have fun while perfecting your incident response plan. Table top exercises can help you survive the cybersecurity incidents you encounter. In this session you will learn about formal and informal table top exercises, how to choose which is best for your situation, and how to make them effective.
Presentation is applicable to all technical and management levels.
11:30 AM thru 12:25 PM - I Thought I Was Secure... Until I Wasn't
An overview of what happens when you don't follow best security guidelines or guidance. Examples of exposure from untrusted software (video cameras) Examples of what happens when you allow your computer on internet with out a password, and examples of what happens when you only use default creds. In addition we'll play with social media and how to do photo matching online.
12:30 PM thru 1:25 PM - PKI Unleashed: Navigating the Digital Trust Labyrinth in Modern Enterprises
The digital realm is rife with unseen pathways and hidden pitfalls, at the center of which lies the complex maze of Public Key Infrastructure (PKI). This session delves into the intricate world of PKI, demystifying its mechanisms and highlighting its significance in ensuring trust within an untrusted network. Attendees will embark on a comprehensive journey, unraveling the components and operations of PKI, from digital certificates to cryptographic algorithms and trust models. By session's end, participants will have gained a clear understanding of PKI's pivotal role in enterprise security, the challenges faced in its implementation, and best practices for its management. So, why join us? Because in the rapidly evolving landscape of cybersecurity, mastering the art of navigating the PKI labyrinth is not just advantageous—it's essential. Equip yourself with the knowledge to forge ahead confidently and securely in the digital domain.
1:30 PM thru 2:25 PM- Keep calm and BYOTTP - Leveling up your Offensive Security Game
Hey there! It's worth remembering that not every offensive toolkit you come across will fit your specific needs. As a Red Teamer or Penetration Tester, it's important to have a solid grasp of Offensive Security Tools Tactics and Procedures (TTPs) and potentially create or modify them as per your requirements. Don't worry, though! In this presentation, I'm here to lend a helping hand by outlining the key areas you should focus on to take your game to the next level. Whether you choose to build your own TTPs from scratch or utilize existing research to improve them, I've got your back. Also, I have a little surprise for you at the end of this presentation to help you get started! So, let's keep calm, focus on building our own Tools, Tactics, and Procedures (BYOTTP), and have some fun while we're at it!
2:30 PM thru 3:25 PM - Building a Resilient Security Program Post-Ransomware Attack: A Case Study of Rekt Casino
This presentation is based on securing a fictional organization called Rekt Casino after they experienced a ransomware attack. In this engaging presentation, you'll learn practical insights into cybersecurity that bridge the gap between security measures and business goals.
I'll cover everything from responding to a ransomware attack to the strategic planning required for a resilient security program. Discover how to adapt security measures to the ever-evolving threat landscape and align them with your organization's vision and objectives.
You'll gain a practical understanding of SWOT and PEST analyses, how to use industry-standard maturity frameworks, and conduct gap analyses to pinpoint security weaknesses. Learn how to prioritize security initiatives using a decision matrix and navigate stakeholder relationships effectively.
Finally, I'll explore the implementation of your security program, emphasizing continuous improvement and monitoring. Leave with actionable knowledge on how to rebuild and reinforce security post-breach while being a strong security leader in your organization.
3:30 PM - Closing Ceremonies
Bryce Kunz // TweekFawkes
Schedule is tentative and subject to change
Workshops - CONFERENCE ROOM B
10:30 AM thru 1:25 PM - Absolute Beginner's Introduction to Basic Malware Analysis
This is a workshop to familiarize people with concepts and techniques regarding basic malware analysis.
Generally geared toward people with some IT experience but NO prior knowledge of malware analysis or cyber-threat intelligence, this workshop can give you enough information to explore the field further on your own.
If you are an IT employee who has ever been asked "does this attachment look safe?" or are an IT student who would like to expand your knowledge into the InfoSec branch of the field, this is a workshop may be useful.
Attendees will be provided three virtual machines in VirtualBox format. You will need to bring a laptop capable of running all three VMs at the same time (about 6 to 8 gigs of VM RAM). You will want to import the VMs, test them, and snapshot them before the workshop.
2:00 PM thru 2:55 PM - Resume Review Session: Optimizing Your Cybersecurity Career Path
Tips and tricks for helping create resumes that get noticed. Review good and bad examples of resumes and answer questions/review resumes of students to give feedback
Gardner Student Center at Utah Tech University - Campus Map
Code Of Conduct
The core of our Code of Conduct is “Be Excellent to Each Other”.
We will remove anyone from the event who is not in compliance with our Code of Conduct.
We expect all participants to support our Code of Conduct.
Everyone at the event is a participant, including but not limited to sponsors, speakers, event organizers, staff, and volunteers.
We assume that the majority of people are intelligent and intended to do well, but this event will be a safe and productive environment for everyone.
To that end, we will spell out the behaviors and/or actions we support and do not support at the event.
We invite you to help us make the BSidesSLC event a place that is welcoming and respectful to all participants, regardless of race, gender, gender identity and expression, age, sexual orientation, disability, physical appearance, national origin, ethnicity, political affiliation, or religion.
We desire for everyone to be able to focus on the event, network with other participants, and build up of our community, hence we will not tolerate harassment of participants in any form or fashion, including but not limited to online or in person.
We have no tolerance for physical, verbal, sexual harassment or offensive behavior of any kind.
Examples of harassment include:
sexualized images in public spaces,
verbal threats or demands, offensive comments,
intimidation, stalking, slights and negative messages,
harassing photography, harassing recording,
unwelcome physical contact, unwelcome sexual attention, and/or
sustained disruption of sessions or events.
Harassment also includes both intentional and unintended offenses.
Our code of conduct extends to conference-related social events at off-site locations, and in related online communities and social media.
If you are not sure, ask, or err on the side of basic decency and common courtesy.
Participants asked to stop any harassing behavior are expected to comply immediately.
Conference participants violating this Code of Conduct will be expelled from the event without a refund, and/or banned from future events, at the discretion of the BSidesSLC staff.
Please bring any concerns to the immediate attention of the event staff.
You may also email firstname.lastname@example.org with any concerns.
We thank our participants for your help in keeping the event welcoming, respectful, and friendly to all.
*Staff reserves the right to determine what constitutes compliance with this Code of Conduct.
*Staff reserves the right to remove anyone from the event for any reason without a refund.