BSides Denver 2018 – Hacking the Mile High City

I traveled out to BSides Denver 2018 this past weekend, and had a great time!

BSides Denver 2018 - Introduction

This was my first time in Colorado, and I really enjoyed it.

BSides Denver was a fun conference sponsored by SecureSet Academy.

Of course, I had to rep SwAG during my time out there!

BSides Denver 2018 - SwAG

Venue, Area, Food and Drinks

While it was great that SecureSet sponsored the conference, the venue(s) were a bit crowded.

Two of the speaking tracks were in their downtown offices in some conference rooms. This led to a lot of talks having to turn people away due to seating reasons. Additionally, it was hard to hang out in the con area without being too loud for the conference rooms.

The third track + hang out area and meals was held at the Blake St. Tavern down the road. This was a bit less crowded, and I ended up hanging out here more often than not.

Denver was great, and I ended up having some awesome food and drinks during my time there.

BSides Denver 2018 - Dinner

BSides Denver 2018 - Dessert

Other than that, I visited the USAFA (United States Air Force Academy) since I know someone going there!

We walked around campus, and I got to take pictures of some of the awesome looking buildings.

BSides Denver 2018 - USAFA

BSides Denver 2018 - USAFA Building

There was also an F15 there, but they told me that it doesn't actually run anymore.

BSides Denver 2018 - F15

Finally, the mountains around campus (and the city in general) were gorgeous, and I wish I got some more pictures.

BSides Denver 2018 - USAFA Mountains

The beer in Denver was great, and I tried to make it to as many brew-pubs and/or places with local beer as possible.

Talks

I went to 4 talks this conference, and they were all pretty great.

  • Ducky-in-the-middle: Injecting keystokes into plaintext protocols - this was a fun talk about intercepting plaintext protocols for mouse/keyboard input and hijacking them. N00py mentioned a few neat tools, and I'd love to take a look as some of them.
  • GreatSCT: Gotta Catch 'Em AWL - this was a tool by ConsciousHacker that I've meant to look into for a while now. That said, after this talk, it has moved rapidly up my list. This is a framework that manually builds Metasploit payloads that can bypass anti-virus as well as application whitelisting solutions. You can find the source here, and I hope to blog about it fairly soon.
  • WiFiPi: Rasperries and Radios and Antennas, oh my! - This was my talk, and it went pretty well here! An infomercial styled talk about my WiFiPi and how to use it for wireless assessments. While I was unable to make the drink that I made at CarolinaCon, I still shared the recipe with my fans. I hope that the videos/slides will be up soon, but please let me know if there is anything specific that you want/need in the meantime.
  • Why Hackers Still Get In - this was a more basic talk given by B1tWr4ngl3r of Rapid7, but it was still a good one. The biggest takeaway for defenders (and attackers) were that passwords are bad. That said, I think I have a mouse that is vulnerable to JackIt, so I'm looking forward to playing with it.

Unfortunately, BSides Denver did not record any of these talks. That said, you can find a few of them from previous conferences below.

BSides Denver 2018 - Speaking

I spoke at BSides Denver this year, which was my main reason to go out there! This was my 5th total presentation, and second for this talk.

I definitely feel like I've got the speaking bug, and I'm constantly improving. That said, filler words and going too quickly are still where I have some issues.

There were no technical difficulties this time, but the talk wasn't recorded. That said, the CarolinaCon recording should be up soon, and if not, blame Curbob.

I did not make the themed drink at this venue, but I still shared the recipe for any brave souls.

This talk went very similarly to my CarolinaCon version, only with a few more slides. I tried to cover the questions that I was asked at CarolinaCon during the presentation, and that went well.

That said, there was even more questions than last time, which was awesome. My talk went a bit quickly (30 minutes), so I had almost 15 minutes left for questions, discussions, and demonstrations.

I'll be giving this talk one more time this year, , but be on the lookout for slides and a video when that is complete.

Finally, if you have any feedback (positive, negative, or neutral) about the content or presentation, then please let me know!

Villages/Events

There was a lock picking village at the Blake Street Tavern, so I popped over there for a bit to watch some people.

Other than that, I briefly participated in the CTF.

BSides Denver 2018 - CTF

While this was a great idea, there wasn't enough time or automation in place for it to work really well. That said, it was pretty neat, and I got 4/5 of the required e-mail addresses.

If you have any tips for obtaining e-mail addresses from a LinkedIn profile, then I'd love to hear them!

BSides Denver 2018 - Conclusion

This was a great con, and I'm glad that they invited me to come out and speak.

I was able to do a little (ok more than a little) eating, a little drinking, some networking, and some exploring.

That said, I wasn't able to escape my travel bad luck.

BSides Denver 2018 - Travel Woes

While that screenshot wasn't the real issue, I still had to deal with a 2 hour delay for my flight back home.

doyler on Githubdoyler on Twitter
doyler
Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he's done it all. To show for it, he has obtained an OSCP, eCPPT, eWPT, eWPTX, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!

He currently serves as a Senior Penetration Testing Consultant for Secureworks. His previous position was a Senior Penetration Tester for a major financial institution.

When he's not figuring out what cert to get next (currently GXPN) or side project to work on, he enjoys playing video games, traveling, and watching sports.

Leave a Comment

Filed under Security Not Included

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.