BSidesChicago Workshops (3 hours)
** Once BSides Registration is complete, register here for a half day workshop

Morning Session (9am – 12pm) (Register here)

Wazuh – Open Source Security for Host and Infrastructure Monitoring

Host-based security monitoring has become increasingly important as the number and severity of threats keeps growing. In addition, network security monitoring tools are now harder to deploy, and not as efficient as they used to be.

Another driver for the adoption of host-based monitoring tools is the increased need to comply with security regulations (e.g. PCI DSS).

Wazuh started as a fork of the OSSEC project, and has quickly evolved into a more comprehensive solution. It now integrates OpenSCAP and Elastic Stack providing additional security monitoring and analysis capabilities.

In this session we will show you how to deploy and use Wazuh to:

  • Detect intrusion attempts using rules to automatically analyze log data
  • Monitor files integrity, detecting changes in system binaries or configuration files
  • Index and store log data with Elasticsearch to meet PCI DSS compliance requirements
  • Identify malware (e.g. kernel level rootkits) and system anomalies
  • Monitor systems configuration to ensure they meet standards and hardening guides


Santiago Bassett <>

Santiago is the founder of Wazuh, and is known for his contributions to OSSIM (Open Source Security Information Management) and OSSEC projects. He has over 15 years of experience in IT Security, covering advanced network security implementations with Open Source technologies. His solid technical knowledge of intrusion detection and security management systems correlates with an intrinsic ability to design, develop and implement security software. He has been a speaker in other Security conferences such as RootedCon, Campus Party, OSSECCon and previous editions of Cornerstones of Trust.

Pedro Sanchez <>

Afternoon Session (1pm – 4pm) (Register here)

Advanced Wireless Attacks Against Enterprise Networks

This workshop will instruct attendees on how to carry out sophisticated wireless attacks against corporate infrastructure. Attendees will learn how to attack and gain access to WPA2-Enterprise networks, bypass network access controls, and perform replay attacks to gain administrative control over an Active Directory environment. External wireless adapters and preconfigured live USBs will be provided to all workshop attendees, and material learned in the lectures will be practiced within a realistic lab environment. Areas of focus include:

  • Wireless reconnaissance and target identification within a red team environment
  • Attacking and gaining entry to WPA2-EAP wireless networks
  • LLMNR/NBT-NSPoisoning
  • Firewall and NAC Evasion Using Indirect Wireless Pivots
  • MITM and SMB Relay Attacks
  • Downgrading modern SSL/TLS implementations using partial HSTS bypasses

Presenter : Gabriel Ryan 

Gabriel currently works for Gotham Digital Science at their New York office, where he provides full scope red team penetration testing capabilities for a diverse range of clients. He also contributes heavily to his company’s research division, GDS labs. Previously, Gabriel has worked as a penetration tester and researcher for the Virginia-based defense contractor OGSystems, and as a systems programmer for Rutgers University. He also is a member of the BSides Las Vegas senior staff, coordinating wireless security for the event. In his spare time, he enjoys live music, exploring the outdoors, and riding motorcycles.