I had the pleasure of attending my first Bsides event yesterday and it went great! Special thanks to all the organizers, sponsors, and other presenters for making it awesome. The venue was nice, and I think events like these are perfect for newb presenters like myself to start getting some experience. I was also happy to finally be able to meet several of the people I’ve talked to on Twitter and put some faces to the names. Schedule available here and be sure to keep checking for the recordings, or follow @BSidesBoston on twitter.
The morning Keynote was, as expected, superb. Dr. Dan Geer gave an interesting and thought provoking talk about the pace of technological development and effects on identify and privacy. I won’t rehash all the worthwhile quotes (many of which are available in the #BsidesBOS twitter feed), but there was one point that I liked a lot. What’s your definition of privacy? Is privacy based on observability, or is it the lack of identifiability? That is, if you can still observe someone, do they still enjoy privacy so long as you can’t identify them? When you frame this in a digital context, it raises a good point. We are quickly approaching (or may have hit…) a point where everyone can be observed both in their daily lives and on the Internet. Ensuring that people can’t be automatically identified based on this observation is probably something we should pay attention to. A few other quick points for thought: Law is increasingly ignoring intent as a requirement for crime, intrusion tolerance is the new intrusion prevention, and the U.S. should corner the vulnerability market in an effort to collapse it.
The talks I attended were by and large excellent. I started off the day with a talk about cloud security. I was hoping there would be some technical discussion and perhaps a comparison of different cloud providers, etc. It ended up being a very basic talk on beginner cloud concepts. It was also given by a MS employee, and focused on Azure. I hope the fact the venue was in a MS building didn’t influence that. It wasn’t a bad talk, but I don’t think it was paired correctly with the audience at a security conference. I also think that the speaker was a little surprised at the level of distrust of the crowd. At the the end of the talk, the presenter asked who trusted MS with their data. Not one hand.
I was really looking forward to the Malware Automation talk, but the speaker had some travel issues and wasn’t able to make it. Instead, I attended the Plunder, Pillage, and Print talk by Deral Heiland. Long story short: printers and similar devices get ignored (go figure 🙂 ). The talk was fun & interesting, and the pentest examples were entertaining. I highly suggest anyone in pentesting watch the recording when it comes out and check out the author’s auto-pwn like tool for those devices. Looks awesome!
The afternoon keynote by Josh Corman was also excellent. The topics covered are undeniably important, yet many of them get little attention or coverage. This was a personal talk, and you could tell Josh is passionate about all the topics covered. I recommend checking out his blog if you havent, especially the posts here.
The next two talks I caught were great, also as expected. Alissa Torres gave a great talk on ID’ing and potentially bypassing a variety of anti-analysis techniques used by malware. I thought the talk hit an interesting segment, because it wasn’t aimed at in-depth analysis that would be carried out by a dedicated reverse engineer. It was targeted at incident responders and provided some background on how to get a little bit further down the analysis stack in a timely fashion while on-site. One of the best things about the talk, Alissa is very enthusiastic about the field and that serves to enhance the delivery. I was then able to sit in on Andrew Case’s talk on using memory forensics in IR. Andrew is obviously a really smart guy and extremely proficient. On top of that, Volatility is just awesomesauce. Put those two things together, and you’ve got a great talk no matter what.
After my talk, I hit up another Maltego talk by David Bressler on using Maltego in the enterprise. Many of David’s projects (which also use canari, like Malformity), focus on using Maltego to visualize data from corporate devices or information sources. These include Palo Alto, NetWitness, and released at the conference, Nexpose. If you use any of these projects (or cuckoo…), you should definitely check out David’s work.
As promised, my preso is available below. It is modified from the BeaCon preso, and the project itself had a bunch of additions between the two, so if you’re running a version from prior to last week, you may want to pull it again!