The OpenDNS labs team once again continued it’s strong Thought Leadership history by being invited to speak at the 2016 BSidesNash conference, held in Nashville, Tennessee, with this author being the representative. A couple of things here that made this trip special: The first being that usually my speaking and event engagements take me to the border regions of the United States, and hardly ever inland, and the second being I’m an avid user of Ride-Sharing services while on the road, and this experience was like none I had to date.
Upon arrival at the Nashville airport, it was evident that I was not in California anymore. Not to distract from the talk itself, but it was refreshing to see signs where billboards for new homes no longer stated such things as “Homes now starting in the low millions!!”(whatever ‘low’ part of ‘millions’ means), a gallon of gas that cost $1.90 came from the “expensive” station, and where my first driver arrived in a monster sized pickup truck, and had a CB radio mounted to his dash(he had also created a charging station in the back out of duct tape and three of those old cigarette lighters you used to find in automobiles that worked quite efficiently).
Yet, I digress. The conference was held on Saturday, April 16th and hosted at Lipscomb University. There were three different tracks, with each catering inline to a certain aspect of Information Security. I was out there delivering my talk on Ransomware. Nothing extremely earth shattering, as from an operation standpoint, one can’t always talk about the methods currently employed in certain environments. I have covered my talk in past blogs and at other conferences, so I’ll move along to some of the talks I was able to watch. While there were many, time and space only allow me to cover a few.
Jayson Street(@jaysonstreet), Time Magazines “2006 Man of the Year”, opened up the conference delivering the Keynote address. I’m not quite sure, but it looked like he was presenting his slides off of his phone. Personally, I have never thought to use this approach to contain my slide deck, but I might swipe the idea and test it out for future conference talks.
Jayson gave an overview of some of the past mistakes he made throughout various jobs and roles he has held over the years. Specific aspects he covered centered around knowing your mistakes and being able to own up to them to aid in future success. He then went through several real life examples of where he knew he screwed up. This comes not so much in making major errors in what he was doing, but by not helping others succeed through their failures. Some inspiring insight into how to help others, without making yourself out to be a jerk in the process.
Ever Present Persistence
Evan Pena(@evan_Pena2003) and Chris Truncer(@ChrisTruncer) gave a great talk about how to get into a network, and then maintain a foothold. They started out by giving an outline of what the end goals should be before starting any operation, i.e. determining if you are going after an entire network, or a single individual system. The talk continued by covering the various steps taken by their Red Team to maintain persistence in a network by using various scripts and tools, both open-sourced and commercial. Using the tips and tricks presented, one can start to uncover possible threats inside networks.
Forging Your Identity
Continuing on with the Red Team theme, Brent White(@brentwdesign) and Tim Roberts(@zanshinh4x) presented on what it takes to create a credible persona that can pass the test of observant employees while undertaking a Pen Test. They went on to discuss various ways to scout out a target ahead of time, how to talk to people you are trying to social engineer(SE), and identify other weaknesses in security procedures. Other interesting points of topic included forging badges(and how not to), doing research to identify people in the company, and collecting all the necessary props needed to get the job done. The talk even included a small improv demo that included members of the audience giving their best SE spiel.
There were lots of other good talks, all of which can be found on this YouTube channel. The conference itself was very well organized, and everything, at least from what I saw, seemed to work perfect. A special thanks to Lauren(@lil_lost), Gabe(@gdbassett), Adrian(@irongeek_adc), and all the rest who helped put on a great conference.