It was my first visit to Florida, so I wasn’t sure what to expect. And I definitely was surprised by the size of local cockroaches. Those guys are huge! However, in general I came to Florida at one of the best times of the year. It wasn’t too hot and humidity level was acceptable. The venue, located at the main campus of UCF, was great as well. This was the fourth year of BSides Orlando and it had a great turnout, approximately 500 attendees. BSides is driven by the passion to connect security professionals, whether it’s to build relationships for a project, or to get to know others in the industry. Organizers encourage new and aspiring speakers the chance to present for the first time, so I was quite eager to attend and presenting my talk about Angler Exploit for the first time. My primary purpose was to give people an understanding of this particular campaign, explain ways we identify threats here at OpenDNS Labs, and ways to mitigate risks for our customers.
I was most impressed at this keynote speech on offensive security, which showed how skilled and dedicated these guys are when it comes to infosec. I have a background in pentesting, but never had a chance to penetrate a real enterprise network, so it was very exciting to get inside details from Black Hills colleagues.
One of the most important takeaways for me was the analysis of Bitcoin VPS, because analysis of the money flow in criminal business is a topic that interests me greatly.
So if your network has been attacked and you were not able to track it back to the hacker, he most likely used a setup similar to the one mentioned above. And mentioned by the speaker, 99 percent of the pentests they conducted were successful, which again reminds us how insecure most enterprises are.
Another important aspect of this talk is that it focused on the attacker’s point of view, and this is something that really makes me think about how important it is to have a red team in the security department.
This talk covered protocol fuzzing and reversing for finding vulnerabilities, but a lot of the methods can be used for research of custom protocols, that are created by malicious authors specifically for malware.
Reverse engineering of custom protocols is getting more and more important when it comes to new ransom, Trojan, and worm threats. Their authors continuously change code, encryption protocols, and obfuscation. We still can identify and stop a lot of them because they use well known protocols for delivery and communication, but it would become more challenging if they change this behavior.
The organizers for BSides Orlando did a remarkable job and deserve a big round of applause for their efforts and having everything run smoothly. I can’t wait for the CFP to open for next year’s event so I can hopefully return again.