The Mission of our BIC Village
This village seeks to highlight Black experiences, innovations in the field, Black culture, Black history as well as provide a platform for the discussion of social justice and its impact on the progression and development of Technology.
"Social Justice and The Black Experience in Technology".
BIC Village Talk Categories:
Technology in Social Justice : Discussing and highlighting how disparity and lack of equality negatively effect the progression of Cybersecurity and/or the greater technology field.
Black Experience In Cybersecurity / Technology : Describing or narrating a cultural experience that helped shape innovation, develop a curiosity or fuel a mission.
Cyber Innovations and Advancements : Presenting a specific advancement, innovation or invention that has been preformed by a Black practitioner or has aided the Black community.
Talks will premier at their appropriate times on our Youtube Channel.
For information on the BIC CTF Please navigate to the BIC CTF Page.
BIC DEFCON 30 Village Schedule
Friday August 12, 2022
GACWR Team 10:00:00 AM (30 MIN) LIVE TALK
The GACWR Story: Building a Black Owned Cyber Range
Segun Olaniyan 11:00:00 AM (1 HOUR)
Creating More Black Hackers: Growth Systems for Cybersecurity Enthusiasts
The presentation gives perspective to the systems of growth for cybersecurity starters, students and enthusiasts that are rarely known or mentioned in the cybersecurity field and have helped many professionals grow from newbies to the experts they are today. These are systems that will help cybersecurity students become relevant in the industry as a student; these are systems that will give cybersecurity enthusiasts a voice in the industry, they are capable of giving newbies rapid growth in the industry, I call them Growth Systems for Cybersecurity Enthusiasts.
Alexis Hancock 12:05:00 PM (30 MIN)
"The Man" in the Middle
The Trans-Atlantic Slave Trade was a dark, cruel time in the history of much of the Americas. The horrors of slavery still cast their shadow through systemic racism today. One of the biggest obstacles enslaved Africans faced when trying to organize and fight was the fact that they were closely watched, along with being separated, abused, and tortured. They often spoke different languages from each other, with different cultures, and beliefs. Organizing under these conditions seemed impossible. Yet even under these conditions including overbearing surveillance, they developed a way to fight back.The continued fight today is an evolution of that history established from dealing with censorship and authoritarian surveillance. This talk walks through the technology and the tools used to fight back and re-establish connection within the community.
Damian Grant 2:00:00 PM (30 MIN)
DEI in Cybersecurity (Breaking through the barrier, behind the barrier... behind the barrier)
There are no shortage of articles about the worldwide cybersecurity skill gap over the last few years, and opportunities abound for skilled practitioners in the space. Studies have shown, however, that implicit biases abound for black people in STEM fields, and this barrier to entry and advancement is even more pronounced in cybersecurity. During this exploration of the hardships experienced by blacks in cybersecurity, Damian will share his experiences in the field, while highlighting best practices for improving technical skill, vaulting the gatekeepers and finding ways for individuals to thrive in the industry.
Ochuan Marshall 4:00:00 PM (1 HOUR)
The Last Log4Shell Talk You Need
The title is a lie. Log4Shell (CVE-2021-44228) vulnerability is an ongoing IT security crisis because of its widespread reach and impact.
While this is a nightmare for defenders, those of us on the offensive side have an easy RCE to pop a shell.
This talk I briefly touch on impact and demonstrate how to set up a homelab in Minecraft to exploit this vulnerability.
The demo is going to be a homelab setup using vagrant. Essentially you clone the repo to set up an older minecraft server with an older version of java. Then exploitation is as simple as running the payload in a minecraft chat message. If time allows, I’ll add another demonstration with how to do this on a real world system.The discussion/introduction part of the presentation will be split between infosec twitter storytime and some of the effects of log4jShell on organizations.The first part is important for practitioners who want to get good at exploiting the next zero day. The second part is useful for decision makers who want to improve their application security programs and start to think about their software supply chain.
Saturday August 13, 2022
Levone Campbell 10:00:00 AM (45 MN) LIVE TALK
When The "IT" Hits The Fan, Stick To the Plan
Incident Response is a critical process for any organization. The effectiveness of the incident response plan can determine whether or not an organization can sustain and recover from a cyber attack. With the steady rise in cybercrime, petroleum companies have to make sure they have a sound incident response plan in place to address every type of cyber attack. Organization data breaches seem to be in the news everyday now, therefore it is paramount that an organization have a concrete incident response plan in place. As with any process within the organization the incident response plan requires continuous testing and review to ensure it remains effective for the organization. This talk will specifically highlight three critical areas within the incident response plan where most companies fail. This talk will identify the common pitfalls and shortcomings, and also offer some suggestions on how to improve in those areas.
Stephanie Barnes 11:00:00 AM (45 MN)
Cryptocurrency: A Bridge Across the Digital Divide
Forbes points to the number of Black crypto investors be the largest demographic of crypto investors at 23% and to be on track to double to 44% (Hale, 2022). This type of investing provides Minorities with a gateway to not only feel more in control of their wealth, but also an introduction to other emerging technologies such as NFTs and Blockchain. With the current administration looking into developing a digital dollar the headlines have pointed to how this could help undeserved communities that have already adopted digital payment in the form of apps such as Cashapp, Paypal, and Venmo. With the rise in reported incidents in these unregulated applications stealing money and closing accounts the bridge that a digital dollar could be could also turn into another avenue for exploitation of a disenfranchised population if they (we) are not part of the development.
Birhanu Eshete 12:00:00 PM (30 MIN)
State of the Model: Promising Steps and Remaining Challenges Towards Trustworthy Machine Learning
With the fast-paced adoption of Machine Learning (ML) in high-stakes application domains such as autonomous vehicles, healthcare, finance, and criminal justice, its trustworthiness has lately been put under scrutiny. In this talk, we will first highlight security, privacy, transparency, and fairness pitfalls in ML and establish what it takes for ML to be trustworthy. We then dive into promising steps and remaining challenges in the quest towards ML that we will confidently deploy to drive our cars, diagnose our illnesses, or manage our finances.
GACWR Team 1:00:00 PM (30 MIN) LIVE TALK
Hacking Smart Contracts
Nick Gobern 3:00:00 PM (30 MIN)
Threat hunting? Ain’t nobody got time for that...
Hunting the advanced threats hidden in the enterprise networks has always been a complex and difficult task. Due to the variety of attacking means, it is difficult for traditional security systems to detect threats, and even harder to demonstrate value to leadership. This will discuss how to formulate a proper hypothesis to lead a quick efficient hunt, and effectively relay the information to improve a companies security and increase trust with leadership.
Kassandra Pierre & Nathan Chung 4:00:00 PM (30 MIN)
Neurodiversity in Cybersecurity: Find Your Competitive Advantage!