RSS

#BSidesDetroit conference recap

12 Jun

Here is my Matrix style pic from the 38th floor of the RenCen in Detroit, MI. Queue echoy base baooooooo sound.

20130607_162944

For a mere $206 a night you can stay at the Marriot too but I wouldn’t recommend it. Location was good since the conference was right downstairs. There were cheaper hotels but I didn’t want to walk the streets of D-Town without a crowd. I split the room with a co-worker so I could afford a little nicer location.

I considered submitting a session but I wanted to get a feel for the conference since it was my first Security B-Sides event. I volunteered for the conference mainly because I know from experience that is a good way for my introverted self to get more involved.

This was a Friday – Saturday gig so I woke up crazy early and drove to Detroit Friday morning. There was good organization and almost too many volunteers ready to assist at the check-in. Coffee was hot and ready so I studied the sessions and layout so I could assist anyone with my bright yellow shirt on.

The keynote by Kellman Meghu (@kellman) was an all-around good opening act. He covered his enterprise class firewall system he deployed in his house to monitor his family and open wifi visitor usage. It was eye opening to see some of the data like hippa keywords for early medical alerts, swear charts, dating site conversations, false positives, random forum board usage, and malware events be so easily extracted and condensed. He didn’t even tamper with any SSL traffic which he hinted at maybe doing in the future. Spoiler alert, “porn” was the most popular inappropriate word used on his network (I know shocking right?!).

I saw the conference had the lock picking station setup so I sat down and tried it out. At GrrCON 2012 I picked the first and only lock I had ever picked until now. That Friday I pwned several locks including this one:

20130607_101205

There were a few other highlights Friday.

The Michigan Cyber Range is a great effort to help drum up support for ethical hacking.

James Foster gave a talk on “Insidious Implicit Windows Trust Relationships” that was spot on. It’s a problem that doesn’t really have a secure solution besides scrapping active directory. He discussed cached credentials that are stored hashes and in-memory tokens that can reveal plain text passwords. I’ve heard bits and pieces of the malicious SMB server and he briefly explained it here as well. The session explained a lot of the basics very well and definitely left me wanting to do more research.

As I learn powershell, I learn to hate it more and more but I know eventually my mind will make the switch. Matt Johnson @mwjcomputing has helped put together a swarm of good looking scripts to aide with server setup and baselines. The baseline appears to be key in incident response so you can identify that nasty malicious crap which does not belong. Also, checking in the server build to source control keeps it safe(*see footnote 1) and ready for deployment.

The after party was at Tom’s Oyster Bar (not exactly shellfish allergy friendly but I escaped without incident). Sequris kindly sponsored a couple drinks, cheap appetizers and some weird sexual looking prizes stuffed with candy. We left when the beer ran out and headed over to the Detroiter which was a dive a couple blocks away. We considered the Volt bar but it was crazy expensive so we called it a night.

20130608_090301

Day 2 was mind blowing. I highly recommend attending a workshop by @armitagehacker. His wares are top of the line and he is also a great presenter. I hope to find some time to finish the expanded workshop steps in the near future, maybe another post on that. I did some recon for Raphael on Friday to make sure there was power and enough space for us. But that was really the end of my usefulness, the other volunteer showed up early and really took care of business including organizing a sandwich order from http://www.mudgiesdeli.com/ which was awesome.

Raphael joked that during the workshop there was always someone, for some reason, that couldn’t get the hacks to work. They were nicknamed the anti-neo. Fortunately I wasn’t the anti-neo and was able to pop my first penguin.

20130608_113956

I was running out of gas and mental storage space but managed to attend a few more sessions on Saturday. I would like to give some props to @alexgatti for managing a very philosophical discussion with some smooth professionalism. He points out some gaps between the end of college and the start of a career in IT security. A general consensus of the crowd was wondering why more college students don’t attend conferences since that might help. The problem, IMHO, is time and money. Full time students are busy and broke. Class attendance is a necessary evil. My professors never really made is clear I could attend a conference and not fall behind. Also, I was unaware of these resource that was at my fingertips. I think for the gobs of $ I threw at my university, they could have done a better job of engaging me and forcing me to check some things like that out.

Kevin Poniatowski gave an interesting talk on BYOD. His intent was to advocate for preparation of BYOD because if you don’t already have it at your organization there will be a day when it’s forced on you. The title was a bit misleading because I am more worried about it than before. Someone’s comment I won’t forget was, “How can you be so sure the employee’s device is less secure than the current system?”

BSides Detroit was a great conference. I can’t wait for the next one!

*1 – hah, you actually think I use footnotes?

Advertisements
 
Leave a comment

Posted by on June 12, 2013 in Security

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: