SNOWFROC

2024 Workshops

Workshops are hands-on training sessions where participants can learn a new skill by doing, instead of just listening.

Workshops are meant to be an opportunity for you get to participate and apply your knowledge to learn a new skill or sharpen an old one.

There are four (4) scheduled workshops for SnowFROC 24: Security Onion Overview by Security Onion, A custom training from API University, Recon Like an Adversary, and Exploring Exploits with ChatGPT. This is what you can expect:

PREMIUM WORKSHOPS

Security Onion Overview

Time: 10:30am - 12:30 pm MT

This training session will equip security professionals with the knowledge base to successfully identify and investigate malicious network and host activity using the Security Onion platform. Participants will be afforded the opportunity to gain hands-on experience with authentic malware and utilize Security Onion's built-in case management interface to document and track a compromise effectively. This workshop will run for approximately 2.5 hours.

Key Takeaways

Hands-on experience investigating malware with Security Onion.

Prerequisites:

API University

Time: 1:00 pm - 4:00 pm MT

A Special Training for SnowFROC 2024!

The fine folks at API University will be running a custom training class exclusive to SnowFROC 2024!! This workshop will run for approximately 3 hours.

Prerequisites:

STANDARD WORKSHOPS

Recon Like an Adversary: Uncovering Modern Techniques in Attack Surface Management

Time: 10:00am - 12:00 pm MT

Join our expert, Jason Haddix (@jhaddix), in a comprehensive 2-hour workshop designed to demystify the advanced techniques adversaries employ to infiltrate organizations. This session is a deep dive into the world of attack surface management using open-source tools, tailored to emulate both adversaries and professional bug hunters.

Workshop Highlights:

Introduction to Reconnaissance Techniques: Gain insights into the methodologies used by adversaries in their initial approach to an organization.
Tool Mastery: Explore a range of common tools and techniques for targeting organizations.

This includes:

Email Acquisition: Methods and tools for gathering email data.
Technology Profiling: Techniques for identifying the technology stack of an organization.
External Attack Surface Analysis: A focus on cloud and mobile environments, among others.
Historical Data Mining: Strategies for uncovering valuable historical endpoint data.
Live Demonstrations: Experience real-time use of each tool in the toolchain. Jason will share personal tips and tricks, enhancing your learning experience.
Practical Application: The workshop features live targets, offering a real-world scenario for participants to engage with and learn from.
Interactive Learning Experience: Participants are encouraged to actively engage, ask questions, and share experiences throughout the session.

This workshop is an invaluable opportunity for anyone in the offensive security field, offering practical, hands-on experience with live demonstrations. Be prepared for an engaging and enlightening journey into the world of ethical hacking and cyber reconnaissance.

Red, Blue, and Purple AI

Time: 1:00 pm - 3:00 pm MT

From Jason Haddix (@jhaddix), "Red, Blue, and Purple AI" reverse-engineers the cybersecurity responsibilities of practitioners and modern security programs. It aims to augment these practitioners with practical and useful AI tools. This talk isn't about the future state of AI and ML; it's about taking home concrete strategies and prompts to empower your security team. We will break down these strategies into helpers for red teams, blue teams, and purple teams. Jason will also provide overviews on how to create your own best-in-class prompts based on his experience with OpenAI's ChatGPT-4 and having a top 500 GPT in the GPT store. Expect a wide variety of topics that will not only give you superpowers but also inspire you to augment other parts of your job.

Section Overview:

Red topics include API and algorithm setup, phishing with AI, using AI to bypass EDR signatures, using AI to create physical access tool scripts, using AI to augment C2 infrastructure, using AI to build vulnerability management and vulnerability scanning templates, and using AI as an assistant for web analysis and as an augment to Burp Suite.
Blue topics include an overview of the open source security stack, using AI to help you develop templates for Suricata, Yara, OSQuery, Semgrep, and more, and to design associated policies for security programs to support blue teams. Code scanning using GitHub and Semgrep is also covered.
Purple topics cover adversarial emulation, table topping, and atomics using today's AI tools.

Event Schedule

Please see below for the schedule of events for SnowFROC 2024. This schedule will be updated as required to depict the most accurate information on presentations, room locations and general event scheduling information. It's meant to be concise and easy to consume.

Details on the presentations and speakers are here.

The schedule (picture format) can be viewed HERE

Or, as a PDF below.....

Presentations

There are multiple scheduled presentations on a wide range of cyber security topics which will be hosted in three different rooms (The Malone Theater, The Bresnan Boardroom, and the Great Hall). Most talks are scheduled for 50 minutes however some are 25 minutes in length. Each presenter has been given instructions to make their presentation available, with the idea that their presentation will be shared on this website after the event. Please come prepared to listen, learn and ask questions; have fun!

Workshops

There are multiple scheduled workshops on a variety of cyber security topics as well, taught by industry extperts. These will be held in the Saeman Excutive Briefing Room and the Delaplaine Newsroom. If you would like to attend a workshop, you will need to register for each one individually.

Thank you to our Sponsors!

The Call for Sponsors for SnowFROC '24 is currently open.

SnowFROC stands for Front Range OWASP Conference (and there is occasionally snow in March in Colorado!)

Choosing to sponsor SnowFROC is an excellent idea! If you plan to sponsor, know that The Open Web Application Security Project (OWASP) is a 501(c)(3) not-for-profit worldwide charitable organization focused on improving the security of application software, and that your sponsorship is tax deductible. SnowFROC is by no means limited to just Application Security however - we actively promote presentations focusing on all facets of cyber security!

SnowFROC is an exceptional conference because of our attendees, presenters, and presentations which make this a truly special event. All of which is not feasible without YOU!

By sponsoring SnowFROC, you get a front-row seat to partake in the action, and a direct line to your target audience - forward thinking security professionals: From hands-on practitioners, leaders, students, researchers, and everyone in between.

We aim to have ~350 attendees, and previous keynotes have included: John Strand, Troy Hunt, and Chris Roberts.

The sponsorship prospectus is available below:

SnowFROC 2024 Sponsorship Packet

For more information, please contact Vince (vince DOT pascale@owasp.org) or Frank (frank DOT victory@owasp.org).

Confirmed 2024 Sponsors include....

Information

The Denver OWASP Chapter is proud to present SnowFROC '24!

SnowFROC (Front Range OWASP Conference) is Denver's premier application security conference. It is an annual, one-day conference which draws about 400 people. For SnowFROC 2024 the event will be held Thursday March 7^th. While billed as, "Denver's premier application security conference", SnowFROC's presentations and workshops focus on many facets of cybersecurity and over the years, SnowFROC has come to be known for its exceptional value: Hands-on training, excellent food, spectacular networking, great location/venue and professional orchestration.

2024's keynote speaker:
Rob Lee

2024 Ticket Prices:

General Admission Tickets: $95 (required to attend)
Premium Workshops: $30 (optional)
Basic Workshops: $20 (optional)

SnowFROC includes breakfast, lunch, presentations, vendor giveaways, a panel discussion and optional hands on training and workshops.

The location of this event is The Cable Center on the University of Denver campus near I-25 and University.

Event Parking:

Use Lot 108 for parking this year. Location: Corner of Buchtel Boulevard and South Josephine Street.

Parking Map

Parking Details

Or use Lyft/Uber, or E/H lightrail lines. The Cable Center is about a 10 minute walk to/from the DU lightrail station and very convenient!

Check out our Slack Channel Join our slack channel

Meet the Team

Every year the Denver OWASP team works diligently to bring our cybersecurity security community the very best. This 100% volunteer team is comprised of:

Vince Pascale (Denver OWASP Chapter President)

Tee Cure (Boulder OWASP Chapter President)

Frank Victory

Steve Kosten

John Kittleson

Aaron Cure

Lilli Chang

Serge Borso

Floor Plan & Layout

Review the floor plan to see where each Presentation/Workshop is taking place

The Denver OWASP Chapter is proud to present SnowFROC '24!

SnowFROC (Front Range OWASP Conference) is Denver Colorado's premier application security conference and is taking place Thursday March 7^rd, 2024 for one day only. The location of this event is The Cable Center on the University of Denver campus near I-25 and University.

SnowFROC 20 Presentations

A request was made for all SnowFROC 20 Presenters to share their presentation. See below for those presentations and note that some PDFs are large in size.

AppData Oh My... Oh No!

As Bs And Four Cs Of Testing Cloud Native Applications

Climbing AppSec Mountains

Cyberpsychology

JavaScript Framework Security

Passwords

Patch Production Now

Purposeful Personal Branding

Demystifying CTFs

Top 10 Proactive Privacy Controls

Why AppSec is Hard for Devs

Automate or Die