BSides NCL 2023
30th September
Organizers Room Battle Bots Cyborg Implantation
Vendors
Track 1: Resting Breach
Face
Track 2
Papa Don’t Breach
Organizers Room Battle Bots Cyborg Implantation
Vendors
Track 1: Resting Breach
Face
Track 2
Papa Don’t Breach
KEYNOTE
LEEMORTONAKAD34THBUTCH3R
"THEYKNOWMORETHANYOU,THEYDOITFORTHEBIG COMPANIES!"-ORDOTHEY?
9:15
LEEMORTON
OPENINGKEYNOTE
SCRANNOTE
JERRYGAMBLIN
OPENSOURCEVULNERABILITYINTELLIGENCE:AKEYTO
PROACTIVEDEFENSE(TRACKONE)
13:45
JERRYGAMBLIN
SCRANNOTE
LOCKNOTE
ROSIEANDERSONAKALADYCYBERROSIE
IDEASLIVEFOREVER
16:45
ROSIEANDERSON
LOCKNOTE
WITHALLTHECYBER-THISANDCYBER-THAT,WHATDOESITEVENMEAN?LET’SDIVEDEEPINTOTHEORIGINOF‘CYBER’TOUNDERSTANDTHEROOTSOF THETERMWHILELOOKINGATTHEEARLYHISTORYOFCYBERNETICS.LET’STRYTOUNDERSTANDHOWWEGOTHERE,INAWORLDWHERECYBER SECURITYPRACTITIONERSAREINACONSTANTBATTLETOPRESERVETHEINTEGRITY,AUTHENTICITYANDACCESSTOINFORMATIONANDSECUREOUR LIVESANDBUSINESS.
WESTARTBYLOOKINGATTHESOURCE[NOTCODE]OFCYBERBYUNDERSTANDINGCYBERNETICS.WEWILLDIVEINTOSOMEOFTHEWORKSOFNORBERT WIENER,GUYDEBORD,ALVINTOFFLERANDWILLIAMGIBSON,ANDEVENLOOKATSOMEOFTHEORIGINALROOTSOFTHEWORD‘CYBER’INGREEKAND LATIN.INFORMATIONISTHECOREOFCYBERNETICS,ANDITISMOVEDTHROUGHTHEDYNAMICFEEDBACKMEDIUMSOFOURWORLD,GETTING PROCESSEDANDCHANGED,ANDMANIPULATED.HOWDOWEPRESERVEINFORMATIONSOTHATITISN’TCORRUPTEDASITFLOWSTHROUGHMACHINES, ORGANISMS,ANDSOCIETY?IFALLINFORMATIONCHANGESTHROUGHPROCESSING,WHATDOESCORRUPTIONEVENMEANINREGARDTOINFORMATION?
HOWDOWEVALIDATETHATAPROCESSISEVENTRUE?HOWDOWEPADDLETHROUGHTHESTREAMSOFFEEDBACKANDNOISEOFOURREALITYWITHAN UNSINKABLESHIP?
NOTMUCHHASBEENDONETOBRIDGETOGETHERCYBERNETICSANDCYBERSECURITY.WEWILLALSOEXPLORESOMEOFTHECONTEMPORARYAUTHORS
ANDPHILOSOPHERSTHATTACKLETHECYBERREALMOFPHILOSOPHY,INCLUDINGTHERECENTPAPERSBYT.VINNAKOTA.WEWILLLOOKTOFORMSOME PLAUSIBLEANALOGIESSOTHATWECANBRIDGECYBERNETICSWITHCYBERSECURITYFORPRACTICALSOLUTIONS.
THEGOALOFTHISPRESENTATIONISTOBROADENTHESCOPEOFCYBERSECURITYANDBRIDGEITWITHCYBERNETICSINORDERTOUNDERSTANDHOW INFORMATIONGOVERNSTHEINDIVIDUALANDTHEMACHINE.WITHCYBERNETICSANDCYBERSECURITYMERGING,CANWEFEELABITMORESECURE?OR
CANWEMAYBEJUSTUNDERSTANDTHATSECURITYISONLYANILLUSIONTHATISPRESENTEDTOOURADVERSARYINORDERTOMAKETHEMFEEL INSECURE!
9:45-10:15
ISTHEIPADDRESSYOU’RETALKINGTOREALLYAGENUINEINSTANCEOFTHATIPADDRESSORAMALICIOUSCOUNTERFEIT?
THEBORDERGATEWAYPROTOCOL(BGP)ISONEOFTHEMOSTIMPORTANTPROTOCOLSKEEPINGTHEMODERNINTERNETMOVING, BUTITSTILLRELIESONAHIGHDEGREEOFTRUSTBETWEENNETWORKOPERATORS.BGPHIJACKINGHASTHEPOTENTIALTOSEND HUGEVOLUMESOFTRAFFICTOANINCORRECTNETWORK-ACCIDENTALBGPERRORSAREOFTENQUICKLYREVERTED,BUT INTENTIONALHIJACKSCANBEUSEDTOIMPERSONATELEGITIMATENETWORKSTOPERFORMMALICIOUSACTIVITIESATSCALE.
INTHISTALKWE’LLGOTHROUGHACRASHCOURSEONHOWBENIGNBGPANNOUNCEMENTSWORK,THENWE’LLLOOKATHOWWE CANUSEOPENSOURCETOOLSTOEXAMINEUNUSUALBGPANNOUNCEMENTSANDEVALUATETHEIRSEVERITY.WE’LLALSOGO THROUGHACASESTUDYOFA‘BGPHIJACKFACTORY’,WHICHWASONEOFTHEFIRSTNETWORKOPERATORSTOBEEFFECTIVELY BANNEDFROMTHEINTERNETDUETOREPEATEDMALICIOUSBGPANNOUNCEMENTS.
10:20-10:50
VIVIANBAND
DELIVERINGTHEFAIL:THEPOSTOFFICEITSCANDAL COMPUTERSNEVERLIE,SOTHEREISNOREASONTONOTBELIEVETHEIRTRANSACTIONALANDLOGOUTPUT?LEGALLYTHAT MAYWELLBETHECASE.FORNEARLY25YEARS,THELARGESTMISCARRIAGEOFJUSTICEINCIVILANDCRIMINALLEGAL HISTORYTOOKPLACELARGELYUNNOTICEDASTHEFIRST,ANDTHEOLDESTGOVERNMENTAGENCY,THEPOSTOFFICE,SOUGHT TOCOVERUPTHENUMEROUSFAILINGSOFITSITSYSTEM,HORIZON.INSTEADTHEYCHOSETOCENSURE,PROSECUTE,ANDIN SOMECASESIMPRISONHARDWORKINGINNOCENTPEOPLE,ANDDEMANDEDMANYTHOUSANDSOFPOUNDSFROM
THOUSANDSOFOTHERSTOCOVERLOSSESTHATHORIZONINCORRECTLYREPORTEDWASMISSING.LIVESHAVEBEEN DESTROYED,FAMILIESBROKENUP,HOMESLOSTANDPEOPLE’SLONGGAINEDRESPECTEDANDWELLEARNEDREPUTATIONS DESTROYED.THEPOSTOFFICEHORIZONITSCANDALISASTORYYOUWON’TBEABLETOBELIEVEWASPOSSIBLEOREVEN HAPPENED,BUTITWAS,ANDITDID,ANDALLBECAUSE‘PROFESSIONAL’PEOPLEWITHINTHEITANDLEGALCOMMUNITIESFELT THEIREMPLOYERSREPUTATIONWASMOREIMPORTANTTHENADMITTINGISSUESEXISTED.FOURSUICIDESHAVEBEEN ATTRIBUTEDTOTHISSCANDAL,ANDAFURTHER27PEOPLEHAVEDIEDWITHOUTHEARINGTHEIRNAMESCLEARED,MOREMAY DOSO.ANDIT’SNOTOVERYET…
11:15-12:20PM
BRIANWHELTON DELIVERINGTHEFAIL
DONTBEADATADUMMY:PROTECTINGYOURBITSANDBYTESWITHASECURITY
WE’LLBEDIVINGINTOTHEIMPORTANCEOFHAVINGASTRONGHUMANSECURITYSTRATEGY,ANDHOWTRAININGANDEDUCATIONCANMAKEALL THEDIFFERENCE.PLUS,WE’LLBESHOWINGYOUHOWTOUSEMICROSOFTPURVIEWANDSENTINELTOADDLAYERSOFPROTECTIONAROUNDYOUR DATA,SOYOUCANRESTEASYKNOWINGYOURINFORMATIONISINGOODHANDS.•UNDERSTANDTHEBIGGESTTHREATTODATASECURITY:HUMAN ERROR•CREATINGACULTUREOFSECURITYWITHCLEARPOLICIESANDPROCEDURES•IDENTIFYINGPOTENTIALSECURITYINCIDENTSAND DETECTINGANDRESPONDINGTOINSIDERTHREATS
WE’LLBEEXPLORINGWHYPEOPLEARETHEBIGGESTTHREATTODATASECURITYANDTAKINGACLOSERLOOKATHOWBEINGTOOCHILLOR FORGETFULCANLEAVEYOURDATAWIDEOPENFORATTACKS.ANDLET’SBEREAL,NOBODYWANTSTOBETHECAUSEOFADATABREACH.
12:25-12:55
KATIEMCMILLAN DON’TBEADATADUMMY
BYTHEENDOFTHISSESSION,YOU’LLHAVEANUNDERSTANDINGOFTHEHUMANSIDEOFDATASECURITY,ANDYOU’LLBEARMEDWITHTHE KNOWLEDGEANDTOOLSTOCREATEASUPER-STRONGSECURITYSTRATEGYTHATMITIGATESTHERISKSASSOCIATEDWITHHUMANERROR.SOGET READYTOBECOMEADATASECURITYSUPERHERO!
THISTALKWOULDBEANOVERVIEWOFHOWBASICASSEMBLYANDMEMORYWORKS,THESTRUCTUREOF PROGRAMSCOMPILEDINCANDHOWTOFOLLOWTHELOGICOFDISASSEMBLEDPROGRAMS.I’DALSOCOVER HOWTOUSETOOLSSUCHASGHIDRATODECOMPILECODEANDTOMAKETHEREVERSEENGINEERING PROCESSMOREEFFICIENT,ANDIFTHERE’STIMEI’DCOVERTHINGSSUCHASBUFFEROVERFLOWS,PATCHING CODEANDRETURNORIENTEDPROGRAMMING.
9:45-10
TOMBLUE
ANINTRODUCTIONTOASSEMBLY ANDREVERSEENGINEERING
THISTALKAIMSTOUNCOVERANEFFECTIVEMETHODFORINCREASINGTHESAFETYANDSECURITYOFANY ORGANIZATIONWHILEWORKINGWITHALIMITEDBUDGET,THROUGHTHEINNOVATIVECONCEPTOF‘SECURITY
CHAMPIONS’!DURINGTHECOURSEOFTHISINFORMATIVE,ENGAGING,ANDINSIGHTFUL15-MINUTE PRESENTATION,WEWILLREVEALTHISAMAZINGMODELWHEREORDINARYEMPLOYEESARETRANSFORMED INTOPOWERFULANDRELIABLESECURITYALLIES.
DELVEINTOTHEHIDDENTECHNIQUESUSEDTOSUCCESSFULLYRECRUIT,MOTIVATE,ANDEDUCATEYOURTEAM
10-10:15
AKOLADE "KAY"ADELAJASHIFTINGSMARTBYBUILDINGUP YOURSECURITYCHAMPIONS
MEMBERSSOTHATTHEYEVOLVEINTOVIGILANTPROTECTORSWHOCONTRIBUTETOTHEENHANCEMENTOF SAFETYTHROUGHOUTYOURENTIREWORKPLACE.WE’LLDISCUSSEVERYTHINGFROMTHEIMPORTANCEOF ACKNOWLEDGINGANDREWARDINGTHEIREFFORTSTOPROVIDINGONGOINGGUIDANCEANDMENTORSHIP.
THISPRESENTATIONISDESIGNEDTOOFFERADETAILEDROADMAPFORCREATINGAMORESECUREAND PROTECTEDENVIRONMENTFORALLEMPLOYEESANDSTAKEHOLDERSTOENJOY.
ANANALYSISANDRECOMMENDATIONFORCOMMONLYNOTICEDMISUNDERSTANDINGSISEEFROMSOC
OPERATORSNOWADAYS.THEAREASOFRESPONSIBILITYINSOC’S,ANDWHYWORKINGINASOCDOESNOT AUTOMATICALLYMAKEYOUANINCIDENTRESPONDER.
10:20-10:35
JYMITKHONDHU
WHYOHWHY!THECONFUSION
WITHSOCANDIR
CANANOLD(ISH)DOGLEARNNEW(CYBER)TRICKS?
CANA31YEAROLDNETWORKADMIN,TURNEDITMANAGER,REINVENTHIMSELFINACYBERSECURITYROLE WITHTHEHELPOFADEGREEAPPRENTICESHIP?FINDOUTWHATHEWASTAUGHTANDHOWTHATMAYBE DIFFEREDFROMWHATHELEARNT.DOSUCHAPPRENTICESHIPSWORKANDCOULDTHEYBEFORYOU?ARE THEREOTHER(BETTER?)WAYSTOLEARNTHESAMETHINGSANDCOULDTHE3YEARSHAVEBEENBETTER SPENTDOINGSOMETHINGELSE?IFYOUDOITANDGETTOTHEEND,CANYOUGETANEWJOB?SPOILER-YES
10:35- 10:50
ANDREWCARR
CANANOLD(ISH)DOGLEARNEW (CYBER)TRICKS?
WHYOHWHY!THECONFUSIONWITHSOCANDIRTHEBROWSERISNEARUBIQUITOUS;WEUSEITFORPRETTYMUCHEVERYTHINGANDTRUSTITWITHSOMEOF OURMOSTIMPORTANTINFORMATIONASSETS…BUTBROWSERSAREPRETTYSCARYFROMASECURITY PERSPECTIVE;THEYEXECUTEARBITRARYCODEFROMUNTRUSTEDSOURCESBYDESIGN…ANDWE’RE SUPPOSEDTOBEOKWITHTHAT?
THISTALK,BYARECOVERINGBROWSERSECURITYENGINEER,LOOKSATSOMEOFTHELESSONSWECAN LEARNFROMHOWAWEBBROWSERDOESWHATITDOES(ANDACOUPLEOFLESSONSFROMHOW BROWSERSDOTHINGSTHEYSHOULDN’T).
11:15-11:45
MARKGOODWIN
WHATYOURBROWSERCANTEACH
YOUABOUTSECUREDESIGN
HOWCANYOUEXPEDITETRUSTINSECURITYAUTOMATIONWITHSOARTOFULLYAUTOMATED CONTAINMENTANDREMEDIATIONOFSECURITYEVENTS?WITHARISKBASEDRESPONSEFRAMEWORK THATALLOWSYOUTOBOTHCONTROL&FINELYTUNEYOURAUTOMATEDRESPONSES!CREATEYOUR OWN“SECRETSAUCE”FORYOURSPECIFICRISKAPPETITE!
11:5O- 12:20
TOMWISE
RISKBASEDRESPONSEWITHSOAR
HORRORSTORIES:WHENIT'SGOODIT'SGREAT,WHENIT'SBADITF*$^%$GSTINKS
SYNOPSIS:WHETHERITSPEN-TESTINGAFACTORYANDKNOCKINGITOFFLINE, SELLINGSIEMANDFORGETTINGTOTURNITON,ORMAYBESOMETHINGSMALLLIKE
ATTEMPTINGTOSABOTAGEACISOTHATWANTSTOCHANGEVENDOR...MANYOFUS
CANAGREECYBERSECURITYISPRETTYINTERESTING,BUTJUSTHOWMANYOFUS
HAVEPEELEDBACKTHESHEETSOFTHEVENDORMARKETANDSMELTTHEDUTCH OVEN?LET'SDISCUSS.
12:25-12:55
ELIZA-MAYAUSTIN-HORROR STORIES:WHENIT'SGOODIT'S GREAT,WHENIT'SBADITF*$^%$G STINKS
"IDON'TKNOWWHATI'MDOING!"-AHITCHHIKER'SGUIDETOIMPOSTORSYNDROME
IMPOSTORSYNDROME:YOUHAVEIT,IHAVE(ALOTOF)IT,MOSTPEOPLEINTHEINDUSTRYHAVE(SOME FORMOF)IT.
BEINGTHEIMPOSTORISAFEELINGTHATKNAWSATYOURGUTS,MAKESYOUDOUBTYOURSELFFROM WHENYOUWAKEUPUNTILWHENYOUGOTOSLEEP,ANDMAKETHEREMARKABLEDEEDSYOU’VEDONE SEEMLIKE“FLUKES”OR“HAPPYACCIDENTS”.
2:20-2:50
MAYABOECKH
"IDON'TKNOWWHATI'MDOING!"AHITCHHIKER'SGUIDETO
IMPOSTORSYNDROME
IWANTTOSHAREMYOWNEXPERIENCESWITHIMPOSTORSYNDROME(INCLUDINGSUBMITTINGATALK ONATOPICI’MINTIMATELYCONNECTEDTOBUTHAVENOEXPERTISEIN),HOWIDIDN’TDEALWITH THEM,ANDHOWIHAVEAPPARENTLYINADVERTENTLYBEENCONSTANTLYWEAPONIZINGITTO IMPROVESOMEOFMYABILITIES.
LOOKATME!I'MTHEMANAGERNOW:BECOMINGASECURITYENGINEERMANAGER, COMMONPITFALLS,LESSONSANDMORE
OH,NOWYOU’REAMANAGER,BUTHOWDOESTHATCHANGEYOURLIFE?HOWWILLYOUFACETHECHALLENGES?WILL ALLTHOSEHOURSOFOFFICESPACEANDTHEOFFICEBEUSEFUL?ENTERTHEFUNWORLDOFBEINGASECURITY MANAGERWITHALLITSFUNANDRISKS.DIDISAYWE’REGOINGTOHAVEMEMES?WOWMUCHMEMES.
THISSESSIONDIVESINTOTRANSITIONINGFROMASECURITYENGINEERTOASECURITYENGINEERINGMANAGER, ADDRESSINGCOMMONPITFALLS,VALUABLELESSONS,ANDCRITICALERRORSTOAVOID.WEWILLHAVESOME INSIGHTSINTOTHECHALLENGESFACEDDURINGTHISTRANSITIONANDLEARNPRACTICALSTRATEGIESTOOVERCOME THEM.THETALKEMPHASIZESTHEIMPORTANCEOFEFFECTIVECOMMUNICATION,STAKEHOLDERMANAGEMENT,AND CULTIVATINGACOLLABORATIVETEAMCULTUREBYSHARINGREAL-WORLDEXAMPLESANDPROVIDINGGUIDANCEON NAVIGATINGPOTENTIALERRORS(THATIDID,AGAINOHDEARSOMANY)
9:45-10:15
MARCUSTENORIO
LOOKATME!I'MTHEMANAGERNOW
THE'THINKING'ANALYST:UNLOCKINGCORESOCANALYSISSKILLS
EVERASKEDWHATSEPARATESANOVICEANDSEASONEDBLUETEAMER,ANDBEENMETWITHARESPONSE NOTHINGMORETHAN“EXPERIENCE”?
THISTALKWILLGIVEYOUPRACTICALDAYTODAYEXAMPLESOFTHINKINGMODELS,BIASRECOGNITIONTIPS, COMMUNICATIONMETHODS,QUESTIONFORMATIONTIPSANDMORE.
WEWILLEXPLOREANDPROVE,REGARDLESSOFTOOLSETANDENVIRONMENT,THATACHANGEINYOUR THINKINGTOWARDSINVESTIGATIONS,YOUCANBECOMEAMORESEASONEDANALYST.
10:20-10:50
MICHAELLAMB-THE'THINKING' ANALYST:UNLOCKINGCORESOC
ANALYSISSKILLS
WHYUSECARPETBOMBDDOSWHENATARGETEDSTRIKECONSISTENTAFEWWELLCRAFTEDREQUESTSCANCRIPPLE ASERVICE?
ASANADDEDBONUS,PRECISIONSTRIKESMAKEITTHATMUCHEASIERTOAVOIDWAFCOUNTERMEASURES.
ANDWHERETOFINDTHISAMAZINGCYBERWEAPON?WHYINASEEMINGLYUNIMPORTANTCVSSSCORE7.5.
11:15-11:45
GERALDBENISCHKE
PRECISIONMUNITIONSFORDENIAL OFSERVICE
DUDE,CHECKYOURPRIVILEGE!-PRIVILEGEDACCOUNTMANAGEMENTSOLUTIONSANDHOWTHEYCOULD EITHERBECOMEYOURBESTIEORTOTALLYRUINYOURDAY
ALTHOUGHPAMSOLUTIONSAREUNABLETOPROTECTANORGANIZATIONJUSTBYTHEMSELVES,THEY DEFINITELYPLAYANIMPORTANTPARTWHENITCOMESTOSECURITYCONTROLS.ADISCUSSIONOFHOWBEST PRACTICESCANPROVIDEADEFENSEINDEPTHLAYERORHANDATTACKERSTHEKEYSTOTHEKINGDOMONA SILVERPLATTER.
11:50-12:20
MELINAPHILLIPS-DUDE,CHECK YOURPRIVILEGE!
RUSSIANROULETTE:HACKTIVISMINTHEMIDDLEEAST
SINCEFEBRUARY,I’VEBEENTRACKINGSEVERALMIDDLEEASTERNTHREATGROUPSAFTERFALLINGINTOARABBIT HOLE.FROMTYGTEAMTOALITTLEGROUPKNOWNASANONYMOUSSUDAN,HACKTIVISMHASGROWN SUBSTANTIALLY.I’MCOVERINGINFIGHTING,WARSBETWEENGROUPS,ANDHACKTIVISTSTURNEDAPTS,PLUS RUSSIANINVOLVEMENT.
RETURNOFTHEROBOTS
TALK&WORKSHOP
1230-13:00
JAKEKEAST
RUSSIANROULETTE:HACKTIVISMIN
THEMIDDLEEAST
14:20-15:30
16:00-16:30
RETURNOFTHEROBOTS
TALK&WORKSHOP
LASTYEAR,WECOVERED“BUILDINGROBOTSFORCOMPLETEBEGINNERS”.THISYEAR,WE’LLBUILDONTHE FOUNDATION(DON’TWORRY,IT’SSTILLSUITABLEFORBEGINNERS)ANDCREATESOMETHINGABITMORE… INTERESTING.THEREWILLSTILLBEMICROCONTROLLERS.ANDLEGO.AND,POSSIBLY,SOMEACTUALREVERSE ENGINEERING.
GIVINGATTENDEESTHEOPPORTUNITYTOSTEPIN,WRITEALIGHTNINGTALK(3-5MINUTES),ANDDELIVERIT ALLWITHINTHESAMEDAY.
ATTENDEESWILLCOMEIN(IDEALLYWITHTHOUGHTSONTOPICSALREADY),BETAKENTHROUGHOUTLINING ANDSTRUCTURINGTHEIRTALK,PRACTICALTIPSONBUILDINGSLIDES,ANDPRESENTING.THEY’LLWALKAWAY
WITHAFULLYBUILTPRESENTATIONANDTALKSTRUCTUREREADYTOBEDELIVERED,ANDEITHERATTHEEND OFTHEWORKSHOP(IFAWORKSHOP)ORATDESIGNATEDPOINTSDURINGTHEDAY(IFAVILLAGE)THEYWILL DELIVERTHEIRTALKSLIVE(PREFERABLYRECORDEDANDONASTAGE).