About the Con

UtahSAINT Conference 2012

The UtahSAINT Conference has become the most important security conference event in the State of Utah by remaining true to our core values: Serving the information security community and providing valuable and actionable security information in a fun and exciting environment.

Conference Venue

Search for a new Venue //FAILED

After a long and frustrating search for a new venue for UtahSAINT, we learned in early Summer that our efforts to find a venue in northern Utah were not going to pan out. There are a lot of reasons, but the major ones are cost and capacity.

Our Old New Host //Dixie State College

After our failures to find a suitable new venue in the timeframe we needed, we reached out to Dixie State College of Utah and they have graciously offered to host the UtahSAINT Conference once again this year.

We would like to express our gratitude to Dixie College for their willingess to once again allow a bunch of security geeks to descend on their facilities, and contribute all of the time and resources that go into making the conference successful.

Taylor Health Science Center
1526 Medical Center Dr.
St. George, Utah 84790

Hotels and Lodging //Get them early

Get your hotel reservations early! Once again we are booking our conference in St. George at the same time that the Sr. Olympic Games are going on. Rooms will fill up quickly. This year we have elected to NOT have blocks of rooms at hotels arranged. We are unable to commit to paying for unsold rooms, and feel that most attendees do not always utilize blocked out rooms.

Registration Information
REGISTER NOW

EARLY Registration //Extra Stuff

Conference Cost

The cost of the conference this year is $175.
The purpose of the increased cost is to cover the increased costs of the materials and tools being distributed to the attendees.
Lock Pick Sets -- USB 3.0 Drive -- Mini-USB Arduino Based Hardware -- Printed Materials -- All-You-Can-Drink Beverages -- Provided Meals -- Much more..

UtahSAINT Membership Registration

Beginning August 15, 2012, as tradition dictates, we will be opening up registration to UtahSAINT Members. This provides the membership with the first opportunity to get a seat at the conference.

Public Registration

On August 20, 2012 we will open registration to the general public and remain open until all seats are sold.

Limited Seating

Register early!! There are only 150 seats available. When they are gone, they are gone!

Conference Stream

STREAMING THE CON //Live

Online Streaming of the UtahSAINT Conference

Once again this year we will be offering the option to stream the conference. This is a very popular option, and this year we will be providing it in 720p HD. You will not however be able to stream both sessions of the conference. Due to the time and equipment we have available, we will only be streaming Track One of the conference. We apologize to those of you who would like to see the Track Two content.

To participate in the stream, you will need to register for the conference, but select the STREAMING option. Only those who register for streaming will be provided with the codes necessary to participate in the online stream

Conference Keynote Address

Invited Keynote Address //RSA Security

Anatomy of an Attack //RSA Security

In the past 18 months, a series of highly sophisticated and targeted cyber-attacks across the globe have revealed a seismic shift in the threat landscape. With both private and public-sector organizations, targeted attacks are becoming increasingly advanced and audacious. In March of 2011 RSA suffered a significant and highly publicized cyber-attack. This presentation will detail the elements of the attack, the lessons learned by RSA, and suggested best practices for continuing to combat Advanced Persistent Threats.

Presentations and Trainings

UtahSAINT Conference //Presentations/Trainings

Lock Picking Training // Troy Jessup

An indepth training on Lock Picking. Learn to use the tools to perform this critical penetration test function. Tools and instruction will be provided to attendees at the conference. Includes: Lock Pick Set, Test Locks, Instruction Materials.

Threat Intelligence // Boyd Webb

A look at the recent high-profile attacks against the State of Utah. A discusson of how the attacks happened, processes both effective and uneffective used during the incidents, and the lessons learned we think are important to share with the rest of the State.

The Art of War // Kelly Genessy

Learn about a mix of deceptive tactics to bypass physical and social human perimeters. Get your hands wet with ardruino hardware and client side attacks.

Cybersecurity Training Options // Laura Hunter

Cybersecurity training is an important issue for everyone. We will discuss the options you have available to you, and some cool ideas we have to make it even better.

How to be a Rambling paranoid Lunatic // Miles Johnson

We have finally talked Miles into sharing his deepest and darkest security secrets!!

How to make killer nachos // Scotty Neilsen

Our first ever Black Badge defender will guide us down a pathway of culinary bliss!! Oh and he will probably talk about some cool security stuff as well.

Netcat MEOW MEOW// Jeremy Cox

The TCP/IP Swiss Army Knife! Learn how to build custom network TCP / UDP connections, redirect shells, create backdoors, TCP relays, and much much more.

Pealing the Security Onion // Jon Barclay

An introduction to network security monitoring using the Security Onion linux distribution. We'll install multiple Snort sensors and dive into malicious packet captures using built in tools including: Snorby, Squil, Squirt, and Xplico.

Things we learned at Def Con // Troy Jessup

An overview of the Def Con conference and the security bombshells which made their way into the public domain

Current Trends and Tactics 2012 // Troy Jessup

We will cover the last 12 months of Miscreant Trends and Tactics. A lot has changed in the past year, and the targeting of information has begun to shift to new methods. We will explore these methods and discuss ways to protect yourself and your organizations from the threats.

Interfacing with Law Enforcement // Special Agent Cheny Engtow - FBI

Our friends at the FBI will disucss with us the proper ways and situations to involve Law Enforcement in incidents on your networks. We will also have an opportunity to learn about what Law Enforcement is doing in the cyber security arenas and how the UtahSAINT community can properly assist in this mission.

Secure Cisco Router/Switch Configurations // Troy Jessup

We will dive into the specific configurations and methods used to secure your Cisco Routers and Switches. This is especially valueable for those of you running infrastructure in an environment where they are not hiding behind a firewall, or otherwise have semi-public traffic.

Our little froggy is turning 4! // Troy Jessup

Something new is coming...

SuperSNMP, How did you ever live without it // Pete Kruckenberg

We have been developing another interesting tool at UEN to help monitor the network. We think you might think its interesting too. We will show you what it is during this presentation

The IlliniCloud Cloud Computing for Education by Education // David Thurm

We will introduce the Illinicloud to members of the SAINT community. Covering the use of Disaster recovery, Software-As-A-Service, Infrastructure-as-a-service, and online file storage and syncing in the Illinicloud. We will discuss security measures we employ to secure data in the cloud. Background info: The IlliniCloud is a coop of schools who came together and formed their own community cloud. Today there are 300+ schools and government agencies represented. We have won numerous awards including SNW's 2011's Best Practices in Virtualization and Cloud Computing.

WPS - The Backdoor to your home Wifi // Kevin Howard

In a world where people always forget to secure their protocols, we find that nearly all home Wifi routers are vulnerable to a brute force attack agains the Wifi Protected Setup *feature*. This talk will discuss how WPS works and why its vulnerable. We will also walk through a demonstration of how to attack your neighbors for fun, no profit, and possibly jail time. Oh, and we'll show you how to protect yourself, because that is whole point of this topic isn't it?  **Bring your promiscuous wifi adapters and laptops**

Bluetooth Extreme // Kevin Howard

Bluetooth packet sniffing is getting a makeover in the VERY near future. In the past, Bluetooth sniffing has never been an easy task for anyone who doesn't have thousands of dollars to spend on equipment. However, these days, there is a project in the works that will likely put the power of bluetooth sniffing in the hands of those with just a couple hundred dollars. Its called the Ubertooth One. This presentation will discuss the current development of the Ubertooth One as well as how it can be used to sniff Bluetooth packets.

Securing with PHP // Scott Harpster

Dive into the magnificent realm of PHP and scribe your web applications with security and the greatest of confidence.  Impress blokes, bosses, supervision, co-workers and those down at the pub with the bees knees new skills that will keep them wondering how you can know your way so well around a technical spanner.  You may feel like a tosser now but after this class you will know coding from A to Zed and will leave those around you gobsmacked!  We will use xampp. A tad bit knowledge of PHP on your part will come in handy.

Password Cracking // Kevin Young

Things you can learn about your user's passwords with a $1000 system and 6,000,000 exposed hashes.

IP Video Survellience Policy // SEDC CR3W

If you are providing Video Surveillance for your organization, you will want to attend this session as we will  discuss items such as proper protocol for who can view archived video on the system, rules for posting notifications of video surveillance, GRAMA issues, etc..

StreamDB // Andrew Goble

Post Compromise Detection and Recovery // Corey Roach

IPv6 Magic // Luke Jenkins

IPTV Overview // Jonathan Karras

Virtualization Security // Joe Deveraux

HoneyPots "for the bees" // Allen Fox

7 habits of highly effective Hackers // Josh Dustin

USU does Incident Response // Miles Johnson

Conference Agenda
Hackers Challenge Game

UtahSAINT Conference //Fun and Games

Yes, there will be a Hackers Challenge Game for those of you that need a reason to not pay attention to the con.

Come prepared to use your hackers thinking cap. The puzzles are more crazy than ever. You may also find one or two that are similar to years past coming back to haunt you.



Lets get this party started //Conference Challenge #1

Crypto Challenge for Bragging Rights

Here is the Challenge: 

FWOSE SOSEHU  US.OI.Z OHDSTH FNPER THYUNAE ROEOTOI EUSEACOSGNR 
TCSFE UGX ZIGFHUEHDO HAIARLUTZ TIOAWTILA 
ONT LSDRPLE SRLIHNEN SSHLTBEAEWT WLLETTD EEETHEOR.HEA 
ELF.TZ OEMHEAU  TGERRN NOTEI FTAENBT  OORADGE 
LRRS YHDSYLTFT  ENSEEL 
IA2 OENEOEHTOYDLMDOT I5 UCELUTI HTOPAE TWSS .


Hint #1: I hate whitespace too.

Hint #2: http://www.youtube.com/watch?v=VMitkRc5jHA

Hint #3: Frequency Analysis might tell you more about this data. http://en.wikipedia.org/wiki/Frequency_analysis

Solved by TWO people already