It’s been a while since I’ve had the chance to update the blog, and that makes me a sad panda… still, sometimes life gets in the way of the really important stuff. Plus, nobody really reads this crap anyway right!
Still, pleasantries aside, next week is BSidesLondon (and a couple of events that run alongside it, such as 44cafe, and that small $vendor thing called InfoSec Europe). I was lucky enough to get selected as one of the speakers for this years event, and despite not dressing up like a gay biker, I hope the talk will be interesting. So, if you like number, weird edge cases, or innovative ways to protect web applications, come along to my talk and let me know what you think!
Defense by numbers: Making problems for script kiddies and scanner monkeys
Chris John Riley
Track One 12:45 – 13:30
On the surface most common browsers (user agents) all look the same, function the same, and deliver web content to the user in a relatively uniformed fashion. Under the surface however, the way specific user agents handle traffic varies in a number of interesting ways. This variation allows for intelligent and skilled defenders to play with attackers and scripted attacks in a way that most normal users will never even see.
This talk will attempt to show that differences in how user agents handle web server responses can be used to improve the defensive posture of a website. Further examples will be given that show specially crafted responses can disrupt common automated attack methods and cause issues for casual attackers and wide scale scanning of websites
Just to warn those brave souls to plan to attend… I have LOTS of slides… it could get messy ;) I’ll try to put my slides up on Slideshare prior to the talk so people can follow along if they want.
Anyway, as part of the build-up to the conference I wanted to list a few of the talks I’m really looking forward to seeing (time permitting).
Pentesting like a Grandmaster
Track One 10:15 – 11:15
Chess is a complex game: The number of permutations is just too great to compute the best possible move during a game. This is similar to pen testing in that we also have too many vulnerabilities to find and choose from not only on a 1 by 1 basis but also how we would chain them together like a real attacker. Chess players must analyse efficiently to beat time constraints like pentesters but unlike pentesters they have been doing this for a long time.
Abraham’s talks are always interesting, and I expect nothing less from his latest talk. He seems to have a unique way of looking at things and from a sneak peek at his slides, I think this one is going to be another interesting talk point.
Going Stealth: Staying off the Anti-Virus RADAR
Track One 17:00 – 18:00
Anti-Virus software is often the first line of defence in host based intrusion prevention. For years both black-hats and ethical hackers have researched how to avoid detection – some to compromise hosts reliably and others to improve detection. Executable packers are a popular technique used by virus and malware writers. They “pack” their malicious payload by compressing and/or encrypting it and they distribute it with enough clear-text instructions to “unpack” it. In particular, we’ll look at basic AV detection concepts and the basic design principles for packers. We’ll also touch on advanced techniques like polymorphism and metamorphism. You’ll leave marvelling that your AV ever catches anything at all.
Sometimes AV is the only standing between a good penetration tester and total domination… Anything we can do to test the limits of AV and maybe get that elusive shell is certainly worth the time to learn. Hoping for a few hints and tips here that might help in those situations.
How to build a personal security brand that will stop the hackers, save the world and get you the girl
Track Two 11:30 – 12:30
You’re a security professional, but even your boss doesn’t remember your name. Your brilliant ideas aren’t listened to, you’re never invited to speak at conferences and not even your mother visits your blog. In this talk I will take you down a journey of self-discovery that took me 3 years and went from another faceless security dude, to someone in control of my personal security brand. What worked, what didn’t work and all the behind-the-curtain magic exposed. If you’re into building your personal brand, making your voice heard amongst the 100′s of security ‘rockstars’ and dinosaurs who get all the attention – this is the talk for you to attend.
Fuck rockstars… no really, in this industry we need solutions, not primadonas with a god complex. Still, that said, having a brand and a platform to shout from is something we need. Plus Javvad is wicked funny and I’m sure he’ll CISSP mofo everybody in the crowd at LEAST once!
Dissecting Targeted Attacks – Separating Myths from Facts
Track Two 14:30 – 15:30
A lot of media do report on targeted attacks or so-called APTs, but how sophisticated or those attacks really? Flamer & co. are only the tip of the iceberg and even they had flaws. Most of the attacks are not so smart at all, but nevertheless successful. I will elaborate on the common methods of targeted infection & exfiltration, happening every day around the globe. Explaining the methods and tools used by the attackers with real life examples. I will show why they successfully bypass most security tools and analyse where these attacks differ from the common malware flood.
Learn your APT from your elbow… not everything is OMGtargetedStateSponsoredBBQ Malware from China with love!
Well, those are my picks… so much cool stuff, so little time! Before I sign-off however, I wanted to remind all attendees that it’s your JOB (yep, attendees also have a job to do) to give feedback to speakers. Even if it’s a single point, an idea, or a pat on the back and “that was cool” comment… be part of making the conference better… give feedback or the kitten gets it!
Read my thoughts on “Giving feedback” –> HERE
Hope to see you all in London. Please come up and say hi if you’re about… I only bite when provoked!