New York, New York

The inaugural BSidesNYC was held on January 16th at the John Jay College of Criminal Justice in New York City, not far from Times Square. I was one of the lucky ones selected to speak at the event, where I presented “The Ransomware Threat: Tracking the Digital Footprints” to a standing room only crowd. The take away of the talk centers around using DNS and other behavioral traits to detect proxies (read: compromised servers) used in various Locker campaigns almost immediately after they become live. Some of what I covered in my talk can also be found in my blog from August, “Tracking the Footprints of Ransomware.” The audience was great and had lots of questions during the Q&A session after the talk, enough that I actually ran over my allotted time slot and continued in the hall afterwards.

Notable Moments

Of course, there were other talks going on besides my own. While I was not able to attend them all (some you couldn’t attend unless you were one of the first in line due to capacity restrictions, and probably some type of fire code), I did manage to get a seat for a few of them.

Docker Containers for Malware Analysis

While I didn’t actually get to attend Lenny Zeltsers(@lennyzeltser) talk at BSidesNYC, since it ran parallel to mine, I did get to see it during IRespondCon in San Francisco in the beginning of December, so I can vouch to say that if you have the chance to catch it in the future, you should. Using Docker as part of your analysis toolkit is a convenient and simple way to do IR in a lightweight manner, but not without a couple pitfalls. Lenny’s slide deck can be found here.

Mobile implants in the age of cyber-espionage

Dimitri Bestuzhev(@dimitribest) gave an excellent presentation on mobile devices and some methods and techniques used in APT attacks. As someone who isn’t all that knowledgeable in the intricacies of cell phone’s and the like, I had some very eye-opening moments in how much an attacker can glean off of someone’s device, as well as how easy it can be to gain access and privileges.

Screen Shot 2016-01-28 at 9.11.06 AM

Change is the only constant: A day in the life of DNS changes

I always like to sit in on DNS talks whenever I can, if for nothing else to see what others in the industry are working on. Ben April(@bapril) delivered his talk on how to use DNS and pivot around different aspects of network traffic to help identify intrusions, and  to surface indicators of possible attacks and compromises. As a fan, and a user, of ‘jq‘, I was really glad to see Ben put it into action during his presentation. If you haven’t checked it out before, it’s a really powerful CLI tool for working with json files.

After Party

And of course, what conference wouldn’t be complete without the obligatory after-party? Red Balloon Security was awesome and put on a great event with food and drinks after the event, plenty of conversation, and one pretty great view.


The organizers for the first BSidesNYC did a remarkable job and deserve a big round of applause for their effort involved in getting everything organized and running smoothly. I can’t wait for the CFP to open for next years event so I can hopefully return again.

This post is categorized in: