BSides Vancouver Security Conf: kinda lit

in #cyber-security7 years ago (edited)

Lucky enough to attend BSides Vancouver for the first time this week and boy was my mind blown! What a treat to hear from so many knowledgeable folks discuss cyber-security in such an array of permutations! Time for a recap :)

For reference: https://bsidesvancouver.com/ and I will just go over the talks I was able to catch, oh and that ongoing lock picking demo:

Nuff said on that.

Firstly, the venue was a cool choice. It went down at 560 on Seymour, which is basically a club. What even happens in a club on a Monday from 9–5?! Well, wouldn’t you be surprised.

Opening remarks and presentation were pretty blah, MCing was lackluster, I will have to offer my services next year. I mean, I get it, we’re all nerds here. Moving on.

Don’t blow up the safe! Use Software silly…

An in-depth study of ATM malware by Numaan Huq

This talk was sooo interesting! Ha. What can I say. Anatomy of code used to infect ATMs. Basic idea was an agent would approach an ATM with a usb key and, using some key purchased on eBay, open up the outer casing of the ATM (easy to open compared to the safe that holds the cash), plug in that USB and excute some malicious script that allowed a money mule to pull up on that ATM, tap a code through the keypad and empty out the box!
Hilarious. Key take away:

Compared to ransomware, malware targeting ATMs represents a drop in the ocean.

Excuse me, I think your Dark Web is leaking!

by Sarah Lewis

Sarah nailed this talk and is rightly being asked more and more to speak on this topic. She basically smacked down all the sloppy configs you see on darknet websites with her own pen testing skills and illustrated just how ineffective onion sites really are at hiding themselves. She used a lot of visualizations to illustrate how networks are easily assembled based on a myriad of details from the fingerprints of SSH keys, to the emails used to gen SSL certs to the simple blunder of hosting a darknet site on the same box as a clear net one (wait wut?)! Yeah. Furthermore, she also spoke out about the grossly insecure practice of reusing Bitcoin addresses across networks/identities, something people often over look with crypto:
Packaging labeled as anonymous is mostly marketing

Reverse engineering & hijacking toy quadcopters

by Yannick Formaggio

Big ups to my boy Yannick (@thelumberjhack) for doing this presentation in English (he’s from France). It was dope! I can’t even really speak on it because I barely comprehend receiver talk but very cool work reverse engineering the signals captured from the remote and figuring out how to impersonate the controller, only louder and more frequently. Ok here’s a vid:

Woop! Bodies that drone.

There were two more talks I attended that both focused on recovering stolen laptops by way of software installed in the BIOS or even software installed on the OS. These were both interesting, basically stories pertaining to case studies but also kind of came across as sales pitches. Main takeaway:

Don’t leave your laptop in your car!

Ha. Fair enough.

A few things were notably absent from the conference imo:

  • Any discussion (or mention?) of the recent Wikileaks reveal re the CIA

  • Anything practical for lay people

Yeah, I understand, this was for ‘industry members’ to educate themselves further in matters pertaining to their employer and the speakers, obviously, had prepared their content well before the news of last week. Still, a little grass roots relevance would have spiced things up a bit ;)

Been to any security conferences? Thoughts? Comparisons?

Where should I go next?!

Sort:  

Thnx @md5 for putting this info all together.

Congratulations @md5! You have completed some achievement on Steemit and have been rewarded with new badge(s) :

You published your First Post

Click on any badge to view your own Board of Honor on SteemitBoard.
For more information about SteemitBoard, click here

If you no longer want to receive notifications, reply to this comment with the word STOP

By upvoting this notification, you can help all Steemit users. Learn how here!

Congratulations @md5! You have completed some achievement on Steemit and have been rewarded with new badge(s) :

You got a First Vote

Click on any badge to view your own Board of Honor on SteemitBoard.
For more information about SteemitBoard, click here

If you no longer want to receive notifications, reply to this comment with the word STOP

By upvoting this notification, you can help all Steemit users. Learn how here!

Congratulations @md5! You have completed some achievement on Steemit and have been rewarded with new badge(s) :

You made your First Vote

Click on any badge to view your own Board of Honor on SteemitBoard.
For more information about SteemitBoard, click here

If you no longer want to receive notifications, reply to this comment with the word STOP

By upvoting this notification, you can help all Steemit users. Learn how here!

Congratulations @md5! You have completed some achievement on Steemit and have been rewarded with new badge(s) :

You made your First Comment

Click on any badge to view your own Board of Honor on SteemitBoard.
For more information about SteemitBoard, click here

If you no longer want to receive notifications, reply to this comment with the word STOP

By upvoting this notification, you can help all Steemit users. Learn how here!

Congratulations @md5! You have received a personal award!

1 Year on Steemit
Click on the badge to view your Board of Honor.

Do not miss the last post from @steemitboard:
SteemitBoard World Cup Contest - The results, the winners and the prizes

Do you like SteemitBoard's project? Then Vote for its witness and get one more award!

Congratulations @md5! You received a personal award!

Happy Birthday! - You are on the Steem blockchain for 2 years!

You can view your badges on your Steem Board and compare to others on the Steem Ranking

Vote for @Steemitboard as a witness to get one more award and increased upvotes!