Last month, I traveled to the “Bay State” to attend and present at SOURCE Boston 2014. The conference ran April 8-10 and consisted of 3 tracks covering the themes of “Application Security”, “Security & Technology” and “Business & Security”. Several great talks caught my attention, a small selection of which I will outline in this blog.
In the opening keynote, Justine Aitel (@justineaitel) shared some of her recent experience transitioning from an offensive security background to being the head of cyber risk at Dow Jones – a role in which she is charged with building the DevOps teams and promoting continuous deployment. In her talk, Justine also pointed out the importance of communicating the skills and expertise developed inside the security community to society at large.
In Top 50 Non-State Hacker Groups of the World, Christopher Ahlberg (@cahlberg) from Recorded Future gave a gripping presentation about monitoring and tracking the activities of renowned hacker groups such as Anonymous, SEA, Lulzsec, etc through mining of social media feeds and data visualization.
- The iOS environment (app security model, app binary format, Objective-C, ARM architecture),
- How to prepare a reversing environment (reversing tools, getting apps, app decryption),
- iOS reversing techniques such as dynamic analysis, network analysis, file system I/O monitoring, app debugging, app instrumentation, and reversing tools such as Otool, Class-Dump, IDA Pro, etc. and
- iOS app vulnerabilities involving the network and data storage (within the binary, the Plist, database, or logfile).
Finally, the keynote by Bruce Schneier (@schneierblog) stimulated the interest of a large crowd where he touched upon security and its relation to power in the light of the recent revelations about governmental mass surveillance; censorship employed by unsavory regimes; and propaganda in general. Bruce raised questions such as: “How do we as a society navigate this new world where big data blends with power and control?” and “How to preserve the good and prevent the bad in this relationship.”
In my talk “Marauder or Scanning your DNSDB for Fun and Profit”, I covered the malicious domains detection system I built that leverages both OpenDNS’s DNSDB and streaming authoritative DNS traffic. The DNSDB and streaming DNS platform were developed by our research and engineering teams and they represent core elements of our feeds for fast detection of internet threats. I described the inner workings of the system but also shared some useful data feeds and Python libraries for manipulating HBase, IPs, prefixes, ASNs, and graphs. You can find the combination of both my talks of BSides San Francisco and SOURCE Boston here.
Attending SOURCE Boston was also a great opportunity to meet with fellow security researchers and practitioners in addition to exchanging valuable ideas and knowledge bites.