Richmond, VA

May 30th - June 1st, 2013

Jericho added to RVAsec lineup!

Just in case you still haven’t bought a ticket for RVAsec a day before registration ends, here’s a bit more to sweeten the pot: Jericho of (@attritionorg) has agreed to present again! We’re  not sure what he’ll come up with on short notice, but we’ve demanded it end with a standing ovation.

In case you missed his talk from last year, here’s the video:

(note: no squirrels were harmed in the bribing of jericho)

Pwn Plug Elite To Be Raffled at RVAsec!

We are pleased to announce that we will be raffling off a Pwn Plug Elite at RVAsec!  For those that attended last year, you most likely are aware of what the Pwn Plug is since Dave and the Pwnie Express team provided us a few to raffle off.  But this year they have upped the stakes big time and provided the Pwn Plug Elite which is valued at $995.

Pwn Plug Elite
The industry’s first enterprise-class penetration testing drop box. Through its innovative, patent-pending design, the Pwn Plug covers the entire spectrum of a full-scale pentesting engagement, from physical-layer to application-layer.

  • Includes all release 1.1 features
  • Includes 4G/GSM cellular, Wireless (802.11b/g/n), high-gain Bluetooth, & USB-Ethernet adapters
  • Fully-automated NAC/802.1x/RADIUS bypass!
  • Out-of-band SSH access over 4G/GSM cell networks!
  • Text-to-Bash: text in bash commands via SMS!
  • Simple web-based administration with “Plug UI”
  • One-click Evil AP, stealth mode, & passive recon
  • Maintains persistent, covert, encrypted SSH access to your target network
  • Tunnels through application-aware firewalls & IPS
  • Supports HTTP proxies, SSH-VPN, & OpenVPN
  • Sends email/SMS alerts when SSH tunnels are activated
  • Preloaded with Debian 6, Metasploit, SET, Fast-Track, w3af, Kismet, Aircrack, SSLstrip, nmap, Hydra, dsniff, Scapy, Ettercap, Bluetooth/VoIP/IPv6 tools, & more!
  • Unpingable and no listening ports in stealth mode
  • Includes 16GB SDHC card for extra storage
  • Includes stealthy decal stickers


The included unlocked 4G/GSM adapter is:

  • Compatible with SIM cards from AT&T, T-mobile, Vodafone, Orange, and GSM carriers in over 160 countries
  • HSDPA/UMTS (850/1700/1900/2100MHz)
  • GSM/GPRS/EDGE (850/900/1800/1900MHz)


Don’t forget to register by 5/15 to make sure you get a chance to win the Pwn Plug Elite!

Hotel Information – Book now!

RVAsec has reserved a block of rooms at the Crowne Plaza for out of town guests. The rate is $112/night (which includes parking)–just mention block “RVAsec” to get the special rate.  Unfortunately, you will need to call the hotel to get the rate and cannot get the rate online.

If you need a room, please make sure that you get your room ASAP!

Crowne Plaza Richmond Downtown
555 East Canal Street, Richmond VA 23219

804-788-0900 or 800-2CROWNE

The hotel has a shuttle that runs back and forth from the conference location at VCU for both days.

If for any reason you are unable to get the RVAsec rate or the block of rooms has been filled, please let us know so we can contact the hotel!

Forensics Class is Full–Others Still Available!

We’re sorry (and happy!) to report that the Forensics Readiness class is now full.

As a reminder, there are still seats available in our other classes on 5/30:


And don’t forget that registration ends on 5/15 and that there are only a few seats left in each class–so don’t wait to sign up!


RVAsec Update

RVAsec will be held on Friday and Saturday, May 31st and June 1st at the Commonwealth Ballroom at VCU’s University Commons. Training classes will be held on Thursday, May 30th.

The conference is only $75 and includes two days of talks, electronic badges from hack.rva, breakfast/lunch/snacks, more coffee this year, swag bag, parking at VCU, two receptions and an after party sponsored by Rapid7!

The 5/15 deadline is rapidly approaching (and we ordered more badges so they are still available)–so register now!  Due to catering demands we cannot take any registrations onsite or after the deadline.

On Thursday 5/30 we have four training classes available at the lowest prices we can swing: Lock Picking with Schuyler Towne, Forensics Readiness with Glenn Dardick, SANS Information Security for Business Executives with Chip Greene, and Introduction to Malware Analysis with Tyler Hudak. Classes are almost full, if you are considering a class please register now!

RVAsec 2013 Speaker Lineup (Schedule)

Chris Wysopal – Keynote
Donald Allison
Rockie Brockway
Colby Clark
Gus Fritschie & Andrew Du
Adam Ely
Dan Han
Dan Holden
Schuyler Towne
Paul Watson

Alex Hutton – Keynote
Itzik Kotler
Barry Kouns
Brian Lockrey
Sean Mason
Daniel Ramsbrock
Mike Shema
Boris Sverdlik
Ben Tomhave

RVAsec Capture The Flag Update!

The RVAsec Capture The Flag (CTF) is getting close. The details below are meant to ensure participants are prepared for it! We’re excited to invite anyone and everyone who is interested in learning and exploring different IT/infosec tools and techniques in hands-on, practical exercises, to join us.

WHEN: 06/01/2013 – 10am-2pm.  The exact time is subject to change but it will be on Saturday.

WHERE: We will have a table at the conference.  You must be a registered conference attendee to participate.

WHO: Living humanoid-ish… seriously, this is for everyone from hobbyists, sys/net admins, infosec pros, tinkerers, makers, fixers and breakers… come out and play. We’ll all teach, learn and grow together!


  • DO bring a network-enabled laptop.

  • DO have the ability to run Backtrack 5r3 (, Pentoo ( or Kali Linux ( either as a virtual machine, from bootable media (CD/DVD flash drive), or installed as your OS. Most of the scenarios in the CTF can be completed with the tools within these security-centric Linux distributions. Not a requirement, per se, but a BIG recommendation.

  • DO understand that the CTF network is a closed private network, and will not have Internet access. CTF Participants will have the ability to connect to a separate guest wireless network with Internet access for research, tool downloads, etc., during the event, but will have to disconnect from the CTF network to do so.

  • DO listen to and respect any instructions and guidance provided at the event. We want to provide an environment that is conducive to learning, tinkering, exploring and having a good time.


  • DON’T use words or phrases like “irregardless”, “all of the sudden”, “cybergeddon” or “cyber Pearl Harbor”.

  • DON’T feed or pet any of the conference organizers or volunteers.

  • DON’T attack any other CTF participants or any VCU devices (logically, physically or emotionally).

Pre-Register: If you plan to participate in the CTF we ask that you pre-register here: for administrative purposes.  The first 20 people will receive a free 8GB USB 3.0 Flash Drive! (You have to show up and participate!)

Sponsor: We are still seeking sponsors to help with the CTF costs.  If you are interested or know someone that would be willing to support the CTF please contact

Hope to see you there!  If you have any questions please let us know!