Celebrating its third year, BSidesPDX took over the Oregon Convention Center in delightfully rainy Portland. Though one of the smaller BSides events, it’s drawn the attention of many in the security community, notably keynote speaker Senator Ron Wyden. It’s a challenge to find lawmakers sympathetic to cybersecurity professionals, especially given the current political climate, so Wyden’s message of mindfulness was particularly well received. In addition to the Senator, many speakers were present from a wide variety of organizations and disciplines. From companies such as Tripwire and Symantec, as well as a range of universities all over the globe, security minded people came together to share victories, horror stories, techniques, and tools with their peers and colleagues. From OpenDNS, Josh Pyorre was invited to present a workshop on building a cloud based IDS and Patrick Colford went as our newest Analyst.
Over two days, the conference went academically and practically through a wide range of topics; from discussing hardening cloud environments to advice about how to purposefully break things for better understanding, there was a lot to both say and do. Josh’s attention was devoted to his presentation on cloud-based IDS techniques. His instructions (available here) document the process to implement a server-side IDS and SIEM. In addition to his workshop, Tripwire’s Bob Loihl delved into the wide world of the Internet of Things, and attendees got to tinker with a board fully connected through AWS. The conference, only a week before the Dyn DDOS attack, seemed to foreshadow that security event.
From the speaking sessions, the standout speakers were:
Joe Grand, the creator of many Defcon badges, presented his research on communicating through optical covert channels. He demonstrated the use of an LED on a circuit board to transmit textual data to a remote sensor. To our eyes, the LED appeared to be a in a solid state, but he designed it to blink just fast enough to appear that way. When a light sensor was connected to a simple terminal, the terminal would display random textual data from the ambient light in the room. As the LED was brought closer to the sensor, a message, ‘Hello BSides Portland!’ would appear.
Kevin Haley, spoke about “Selling the Brooklyn Bridge: Can historic scams, cons and flimflam teach us ways to stop social engineering and educate end-users on cybercrime?” He used an analogy of the well-known scam in which new immigrants to the US were sold the Brooklyn Bridge. That some fell for it didn’t mean they weren’t smart, but that they didn’t understand the culture. He relates this behavior to the users who fall for social engineering and phishing scams, as they’re looking at a new technology and may not understand the rules.
Ken Westin presented “Mad Data Science: Threat Hunting with Machine Learning“, in which he demystifies the world of data science for the average security professional, explaining concepts of machine learning, k-means, Bayesian Probability, Lambda Architecture and how they apply to real world security use cases.
Travis Smith discussed “Sending the Elevator Back Down: Getting Youth Interested in Security“, in which he described lessons learned while organizing high school internship programs designed to interest youth in information security. Pairing practical lessons with the fun of building a go-cart, he got kids to think about closing off avenues of misuse.
Isaac Robinson presented “Securing the End User – Patching the End User“, in which he explained his procedures for conducting phishing awareness training campaigns the collection of metrics that assist in evaluating their effectiveness.
Gary Smith talked about “Blacklisting Badguys With IPTables“, a discussion on how to use the widely distributed firewall application to create a comprehensive and scalable IP filtering system to mitigate bad actors through publicly available IP lists.
Overall, BSides PDX is a terrific event for both security professionals and enthusiasts or hobbyists wanting to learn more. You can bet OpenDNS will be there next year for more excellent content.
Once again, BSidesLA held their annual conference at Dockweiler State Beach, which sits just south of LAX in sunny Southern California. OpenDNS was there to represent as well with Sr. Security Analyst Kevin Bottomley invited to present his talk on “Whois Who? Mining Miscreant Registrant Records” in which some of the topics discussed included: how to hunt down registrants who create massive amounts of nefarious domains, ways to create systems to automatically flag said registrants, as well as connecting the dots between numerous registrants and campaigns. More of the more granular details about the system and findings will be covered in a forthcoming blog.
Of course, there were a few other speakers presenting as well, and while there isn’t enough space to cover everyone, a couple highlights I found follow:
Andrew Hay (@andrewsmhay), CISO at DataGravity (and former Director of Security at OpenDNS) discussed how to create a security strategy without having a security team to help create, facilitate, and maintain the increasing responsibility for the security and privacy of customer and employee information, mitigate a serious, and perhaps, business-ending data breach
Eric Rand, in his talk “Domains of Grey: Using DNS Grey Listing for Defense”, introduced the audience to the powers of running a DNS greylist to mitigate risks in relying upon end-user training and basic requirements for setting up a greylisting DNS proxy grant significant security benefits to the network on their own, encouraging the adoption of good practice network administration procedures.
As always, a special thanks to the organizers and sponsors of BSidesLA 2016 putting on yet another great event!