2024 Workshops
Workshops are hands-on training sessions where participants can learn a new skill by doing, instead of just listening.
Workshops are meant to be an opportunity for you get to participate and apply your knowledge to learn a new skill or sharpen an old one.
There are four (4) scheduled workshops for SnowFROC 24: Security Onion Overview by Security Onion, A custom training from API University, Recon Like an Adversary, and Exploring Exploits with ChatGPT. This is what you can expect:
PREMIUM WORKSHOPS
Security Onion Overview
Time: 10:30am - 12:30 pm MT
This training session will equip security professionals with the knowledge base to successfully identify and investigate malicious network and host activity using the Security Onion platform. Participants will be afforded the opportunity to gain hands-on experience with authentic malware and utilize Security Onion's built-in case management interface to document and track a compromise effectively. This workshop will run for approximately 2.5 hours.
Key Takeaways
- Hands-on experience investigating malware with Security Onion.
Prerequisites:
- TBD
API University
Time: 1:00 pm - 4:00 pm MT
A Special Training for SnowFROC 2024!
The fine folks at API University will be running a custom training class exclusive to SnowFROC 2024!! This workshop will run for approximately 3 hours.
Prerequisites:
- TBD
STANDARD WORKSHOPS
Recon Like an Adversary: Uncovering Modern Techniques in Attack Surface Management
Time: 10:00am - 12:00 pm MT
Join our expert, Jason Haddix (@jhaddix), in a comprehensive 2-hour workshop designed to demystify the advanced techniques adversaries employ to infiltrate organizations. This session is a deep dive into the world of attack surface management using open-source tools, tailored to emulate both adversaries and professional bug hunters.
Workshop Highlights:
- Introduction to Reconnaissance Techniques: Gain insights into the methodologies used by adversaries in their initial approach to an organization.
- Tool Mastery: Explore a range of common tools and techniques for targeting organizations.
- Email Acquisition: Methods and tools for gathering email data.
- Technology Profiling: Techniques for identifying the technology stack of an organization.
- External Attack Surface Analysis: A focus on cloud and mobile environments, among others.
- Historical Data Mining: Strategies for uncovering valuable historical endpoint data.
- Live Demonstrations: Experience real-time use of each tool in the toolchain. Jason will share personal tips and tricks, enhancing your learning experience.
- Practical Application: The workshop features live targets, offering a real-world scenario for participants to engage with and learn from.
- Interactive Learning Experience: Participants are encouraged to actively engage, ask questions, and share experiences throughout the session.
Red, Blue, and Purple AI
Time: 1:00 pm - 3:00 pm MT
From Jason Haddix (@jhaddix), "Red, Blue, and Purple AI" reverse-engineers the cybersecurity responsibilities of practitioners and modern security programs. It aims to augment these practitioners with practical and useful AI tools. This talk isn't about the future state of AI and ML; it's about taking home concrete strategies and prompts to empower your security team. We will break down these strategies into helpers for red teams, blue teams, and purple teams. Jason will also provide overviews on how to create your own best-in-class prompts based on his experience with OpenAI's ChatGPT-4 and having a top 500 GPT in the GPT store. Expect a wide variety of topics that will not only give you superpowers but also inspire you to augment other parts of your job.
Section Overview:
- Red topics include API and algorithm setup, phishing with AI, using AI to bypass EDR signatures, using AI to create physical access tool scripts, using AI to augment C2 infrastructure, using AI to build vulnerability management and vulnerability scanning templates, and using AI as an assistant for web analysis and as an augment to Burp Suite.
- Blue topics include an overview of the open source security stack, using AI to help you develop templates for Suricata, Yara, OSQuery, Semgrep, and more, and to design associated policies for security programs to support blue teams. Code scanning using GitHub and Semgrep is also covered.
- Purple topics cover adversarial emulation, table topping, and atomics using today's AI tools.
Event Schedule
Please see below for the schedule of events for SnowFROC 2024. This schedule will be updated as required to depict the most accurate information on presentations, room locations and general event scheduling information. It's meant to be concise and easy to consume.
Details on the presentations and speakers are here.
The schedule (picture format) can be viewed HERE
Or, as a PDF below.....
Presentations
There are multiple scheduled presentations on a wide range of cyber security topics which will be hosted in three different rooms (The Malone Theater, The Bresnan Boardroom, and the Great Hall). Most talks are scheduled for 50 minutes however some are 25 minutes in length. Each presenter has been given instructions to make their presentation available, with the idea that their presentation will be shared on this website after the event. Please come prepared to listen, learn and ask questions; have fun!
Workshops
There are multiple scheduled workshops on a variety of cyber security topics as well, taught by industry extperts. These will be held in the Saeman Excutive Briefing Room and the Delaplaine Newsroom. If you would like to attend a workshop, you will need to register for each one individually.
Thank you to our Sponsors!
The Call for Sponsors for SnowFROC '24 is currently open.
SnowFROC stands for Front Range OWASP Conference (and there is occasionally snow in March in Colorado!)
Choosing to sponsor SnowFROC is an excellent idea! If you plan to sponsor, know that The Open Web Application Security Project (OWASP) is a 501(c)(3) not-for-profit worldwide charitable organization focused on improving the security of application software, and that your sponsorship is tax deductible. SnowFROC is by no means limited to just Application Security however - we actively promote presentations focusing on all facets of cyber security!
SnowFROC is an exceptional conference because of our attendees, presenters, and presentations which make this a truly special event. All of which is not feasible without YOU!
By sponsoring SnowFROC, you get a front-row seat to partake in the action, and a direct line to your target audience - forward thinking security professionals: From hands-on practitioners, leaders, students, researchers, and everyone in between.
We aim to have ~350 attendees, and previous keynotes have included: John Strand, Troy Hunt, and Chris Roberts.
The sponsorship prospectus is available below:
SnowFROC 2024 Sponsorship Packet
For more information, please contact Vince (vince DOT pascale@owasp.org) or Frank (frank DOT victory@owasp.org).Confirmed 2024 Sponsors include....
Information
The Denver OWASP Chapter is proud to present SnowFROC '24!
SnowFROC (Front Range OWASP Conference) is Denver's premier application security conference. It
is an annual, one-day conference which draws about 400 people. For SnowFROC 2024
the event will be held Thursday March 7th. While billed as, "Denver's premier
application
security conference",
SnowFROC's presentations and workshops focus on many facets of cybersecurity and over the years,
SnowFROC
has come to be known for its exceptional value: Hands-on training, excellent food, spectacular
networking,
great location/venue and professional orchestration.
2024's keynote speaker:
Rob Lee
2024 Ticket Prices:
- General Admission Tickets: $95 (required to attend)
- Premium Workshops: $30 (optional)
- Basic Workshops: $20 (optional)
SnowFROC includes breakfast, lunch, presentations, vendor giveaways, a panel discussion and optional hands on training and workshops.
The location of this event is The Cable Center on the University of Denver campus near I-25 and University.
Event Parking:
Use Lot 108 for parking this year. Location: Corner of Buchtel Boulevard and South Josephine Street.
Parking MapParking Details
Or use Lyft/Uber, or E/H lightrail lines. The Cable Center is about a 10 minute walk to/from the DU lightrail station and very convenient!
Check out our Slack Channel Join our slack channel
Meet the Team
Every year the Denver OWASP team works diligently to bring our cybersecurity security community the very best. This 100% volunteer team is comprised of:
Vince Pascale (Denver OWASP Chapter President)
Tee Cure (Boulder OWASP Chapter President)
Frank Victory
Steve Kosten
John Kittleson
Aaron Cure
Lilli Chang
Serge Borso
Floor Plan & Layout
Review the floor plan to see where each Presentation/Workshop is taking place
The Denver OWASP Chapter is proud to present SnowFROC '24!
SnowFROC (Front Range OWASP Conference) is Denver Colorado's premier application security
conference and is taking place Thursday March 7rd, 2024 for one day only. The location of
this event is The
Cable Center on the University of Denver campus near I-25 and University.
SnowFROC 20 Presentations
A request was made for all SnowFROC 20 Presenters to share their presentation. See below for those presentations and note that some PDFs are large in size.
As Bs And Four Cs Of Testing Cloud Native Applications