Some notes from Trinity’s visit to Bsides Augusta
Bsides Augusta was a well attended security conference with nearly 800 delegates in attendance. There was a choice of talks that were running in 4 theaters concurrently, which made selecting which talks to go and listen to quite a challenge, as there was so much fascinating content to listen to. The keynote speech that started the day off was by Rob Joyce, Chief of Tailored Access Operations for the National Security Agency - quite a start to the day and a taste of the level of things to come.
The first of the talks that I attended was by Chris Sanders on the use of honeypots giving an overview of the cost effectiveness of their deployment and the pitfalls of installing them into production environments. Tom Webb’s talk on the hands-on aspect of SOC analysis techniques was clearly given by someone with a wealth of experience in the field and covered many aspects of training up analysts to be highly efficient, a process which he reckons takes up to 18 months. Data discovery was covered in his speech, where he stressed the importance of looking for known data pattern matches on egress traffic, such as social security code formats or driver licence formats - an invaluable tip for detailed SOC analysis. One of the key take-away phrases that he closed with was to never believe and end user who tells you “yes, the AV got it” !
Keelyn Roberts’ presentation on ‘ finding evil in DNS traffic’ was an excellent talk delving deep into the threats hidden inside DNS traffic. The talk can be found here Keelyn Roberts Bsides Augusta 2016 and is a gold mine of information from a security specialist with years of experience in the field.
‘Moving target defense’ was a talk on the art of asymmetric cyber warfare by Adam Duby, which including fascinating details of the cost of attack verses defense and focused on the possibilities of diversification of software to produce randomly compiled executable code. The topic is largely only being researched in the academic field at present, but has interesting possibilities for future implementation as a critical part of cyber defense infrastructure
Jake Williams’ talk on ‘Linux privilege escalation’ was a standing-room-only talk in which he enumerated several remarkably simply methods of escalating from user to root privileges on Linux systems. For the sake of security, it’s probably best not to list them all here, suffice is to say that my pen-testing abilities are considerably enhanced having listened to the talk. ‘Reusing adversary trade craft’ was a talk presented by Alexander Rymdenco-Harvey and explained in wonderful detail the art of reverse engineering malware then using those same techniques to develop anti-malware software - that is AV that only resides in memory so that malware cannot detect its presence. The day was completed by Brandon McRills with a light hearted look at the internet of everything, and the ease with which VOIP phones can be compromised.
A big thank you has to go out to all of those involved in this conference - a pleasure to attend and very well organised and I am sure we will be back next year !