OpenDNS had a very busy schedule in Las Vegas last week. From BSides Las Vegas to Black Hat to DEFCON 22, OpenDNS presented 5 talks involving 6 people over 6 days. To summarize what we experienced in the land of ringing bells, ridiculous buffets, and climate controlled environments, Vinny LaRiza, Adrienne Merrick-Tagore, Andrew Hay, and Thibault Reuille have some observations from the various conferences.
BSides Las Vegas – Vinny LaRiza
I have been to a few Security BSides events in the past, so in that regard this wasn’t my first rodeo. I felt like I pretty much knew what to expect. This time was slightly different, however. For one, I was no longer be in my backyard. This time I was in in sparkly Las Vegas, Nevada, the “Miracle in the Desert”, where the “Sky’s the Limit.” I also presented a thirty-minute talk about phishing sites, which was something that I’d never done before.
Was I nervous? Sure. Public speaking is high on the list of people’s biggest fears – and I am one of those people. But not for nothing, I have always appreciated the BSides events for their welcoming vibe and positive demeanor. It seemed like a fitting place to cut my teeth.
Needless to say, the talk – How To Punch a Phisher in the Face! (video) – went over quite well with the audience, who were chiming in towards the end with their own anecdotes as well as including their own solutions to how they prevent themselves from phishing attacks.
Speaking at BsidesLV was a great experience and I would encourage anyone involved in or with technology to participate.
BSides Las Vegas – Adrienne Merrick-Tagore
I’m a relative n00b to security conferences. In the last year, I’ve been to Black Hat, RSA, and Bsides San Francisco. This was my first time presenting in front of a security audience. My talk centered on my experience interacting with the OpenDNS Security Graph API, from the perspective as a fairly non-technical marketer. I opened by taking a photo of the audience, and then dove into my journey learning how to interact with the API.
I wanted to accomplish two things. At a technical level, I wanted to see what OpenDNS’s customers’ experience would be when they interact with our API. I wanted to put myself in their shoes, to learn how to use our product and its API.
At a personal level, I wanted to dust off my Python knowledge and apply it to something relevant in my real life, and to inspire others to take the plunge into hack away at something new.
This was a nerve-wracking, rewarding, fun experience! I faced my fear of public speaking by presenting in front of about 30 people. I learned something new that was personally fulfilling and that will also make me better at my job. In the process, I met some really cool people, some of whom are now inspired to learn Python or another programming language. And now I’m hooked – I want to do it again!
The recording of my talk can be found here: Can I Code Against an API to Learn a Product? (video)
Black Hat 2014 – Andrew Hay
I have attended Black Hat for a number of years but 2014 marks the first time I’ve been accepted to present. Thibault Reuille and I presented our talk entitled Unveiling The Open Source Visualization Engine For Busy Hackers, which served as a launch pad for OpenGraphiti – our free and open source data visualization engine.
How’d we do? Based on the applause, the laughing at our jokes, and the audience engagement during the talk (not to mention the continuous flood of questions at our booth on the show floor before and after the presentation) we believe that the session was a complete success! We were told the room held ~603 people and, based on a very rough count, I estimate that between 550 and 575 people attended – that’s >90% capacity for those of you counting along at home.
We also had the opportunity to brief several people including a podcast-style interview with DarkReading and several reporters from Forbes, Wired, and other well respected technology news outlets.
Thibault and I also provided a very informal (if not ad hoc) Q&A session at the booth adjacent to the OpenDNS booth. At the table, we were able to sit down with existing OpenDNS customers, data scientists, security analysts, and other interested parties who had specific questions about OpenGraphiti, Investigate, and Umbrella.
Thibault and I weren’t the sole OpenDNS representatives accepted to speak at Black Hat, however. Dhia Mahjoub and Andree Toonk joined Thibault at Black Hat to present Catching Malware En Masse: DNS and IP Style. (Note: Thibault will talk about this more in his DEFCON wrap up section as the talk was also presented there.)
DEFCON 22 – Thibault Reuille
What a great pleasure and honor to finally step foot in the legendary DEFCON ! It was a first for me and also for some of my partners in crime. Several OpenDNS folks attended DEFCON including (from right to left) Anthony Kasza, Dhia Majhoub, Andree Toonk, and myself.
I had a feeling that DEFCON wouldn’t disappoint, and it certainly didn’t! We were presenting our research in front of a very responsive crowd. Indeed, we had interesting content as Dhia was presenting discoveries and detection models to catch malware IP & DNS style, Andree offered his networking expertise and vision on monitoring the large ASN network and its BGP routing tables, and finally I did my best to illustrate our talk with interactive 3D visuals create with OpenGraphiti. Our talk was very well received and several times during the talk people stood up and started clapping. It definitely meant a lot to us.
A couple of minutes into the talk, the DEFCON “Goons” played a joke on us. They interrupted our presentation to have us drink a shot of Whisky. In fact, we learned this is a tradition for the first time speakers at DEFCON. Good times.
Other than that, it’s pretty hard to describe the DEFCON spirit other than saying that “it’s fairly unique”. The vendors were selling trendy security hardware as SomaFM played soft lounge music in the chill out room with beautiful animated visuals. The various villages presented interesting talks over a wide variety of topics (Cryptography, Wireless, Social Engineering …) while the impressive CTF contest took place with participants from all over the world. Last but not least, the Wall of Sheep! One of the rooms had a large screen showing the results of a password sniffer running on the open DEFCON network. If you were on that board, I’m sorry for your account.
Leaving Las Vegas
The entire OpenDNS team had a blast in Las Vegas. Sharing knowledge, answering questions, and engaging in deeply technical conversations are what make security conferences great. We will definitely be back at Black Hat in 2015 and I suspect we will have far more research to present at the Black Hat, BSides Las Vegas, and DEFCON conferences as the team continues to shine a light on the darker parts of the Internet.
Until next time!