BSides MCR 2017 was an UnBEElievable Time

I got to attend BSides MCR for the first time this year, and it was well worth it.

I apologize for the pun in the title, but Manchester definitely tries to put the bee in BSides.

Manchester

This was actually not my first time in Manchester, but it was nice visiting there again.

I ended up making a longer trip of this con, so that I would have some time to myself.

First, I walked around the city for a bit and got over my jet-lag the first few days in town.

The day after the con, I got to take a tour of Old Trafford stadium, which was incredible.

BSides MCR - Old Trafford

Afterwards, I headed back to the neighborhood around my hotel and had some Pancho’s Burritos. The food was awesome, and I’m glad for the recommendation.

Finally, I spent one night drinking at the hotel bar with a local, which was also pretty fun.

BeerSides

BeerSides was the night before at a pub a block from my hotel, and it was a great start.

There were a handful of lightning talks, and more than a handful of people there.

It was an awesome experience to actually meet members of a community that I knew none of.

I had a few beers, had a few laughs, met a lot of people, and really enjoyed myself. By the end of BeerSides alone, I knew I wanted to come back to BSides MCR.

BSides MCR – Talks

I was only able to make it to a few talks, but they were still awesome.

  • Cracking the Lens: Targeting HTTP’s Hidden Attack Surface. This talk was awesome, and I’m so glad that I finally got to see it in person. This talk was about bug bounties and research by PortSwigger. In the end, they ended up with over $33,000 in bounties and a new open source tool release.
  • CTFs – Not Just for Halo. Of course I made it to this talk, because it was mine! A bit more about it below, but I think this went really well.
  • Hacking Wireless Home Security Systems. I finally made it to Eric’s talk at a con, and it was well worth it. He discussed various issues in IoT home security solutions, primarily focusing on 433 MHz. This gave me a few ideas for things I’d like to build, as well as hack.

Speaking

It was an honor speaking at BSides MCR 2017, and I’m so glad that they invited me.

BSides MCR - Talk

The presentation went great, and I wish Clayton could have made it. The crowd was awesome, and I had people coming up to me throughout the con regarding it.

BSides MCR - Talk 2

While this talk went a bit better than the last one, I did still forget a few things. Other than my speed, I think it was still a great experience.

I might not give this talk at another con (stay tuned), so it’s time to start on next year’s!

The resource page can always be found here, and feel free to offer additions.

As always, if you have any feedback (positive, negative, or neutral) about the content or speaker, then it’s always welcome.

The CTF

It’s not a con if I don’t spend some time participating in a CTF, and this was no different.

Eric and I ended up competing, and winning, in the NCC Group CTF. We of course competed with the tongue in cheek name of, “SC > NCC”. Note that the testing123 account was theirs to test things.

BSides MCR - CTF Scoreboard

This was a shorter CTF, with only 8 challenges. Two were VERY basic web, and the third web was some fairly simple SQL injection.

The other 5 challenges were all based around escaping a restricted shell or environment. It was definitely a fun, albeit difficult, CTF to compete in. We ended up winning with 2/5 of the escapes solved, and the 2nd place team only had 1/5.

In the end, we ended up winning a DIY 3D printer that I had to get back to America.

BSides MCR - Printer

While I have not put it together yet, you can always follow it on Twitter @BsidesMCRPrint

BSides MCR – Conclusion

First, huge thanks to the BSides MCR crew for putting on a great con, and for allowing me to speak at it.

This is a con that I’d love to go to in the future, if I have the chance. If you are local to the area, and interested in security, then you can’t miss it.

Finally, I got to witness the most American burger at the con after-party. It was [a patty, cheese, bacon, and a fried chicken breast] x2. While this cannot compare, here is a picture of MY burger (just one set of those toppings with pulled pork on top).

BSides MCR - Burger

doyler on Githubdoyler on Twitter
doyler

Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he’s done it all. To show for it, he has obtained an OSCP, eCPPT, eWPT, eWPTX, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!


He currently serves as a Senior Penetration Testing Consultant for SecureWorks. His previous position was a Senior Penetration Tester for a major financial institution.


When he’s not figuring out what cert to get next (OSCE?!) or side project to work on, he enjoys playing video games, traveling, and watching sports.


Leave a Comment

Filed under Security Not Included

Leave a Reply

Your email address will not be published. Required fields are marked *

ERROR: si-captcha.php plugin: GD image support not detected in PHP!

Contact your web host and ask them to enable GD image support for PHP.

ERROR: si-captcha.php plugin: imagepng function not detected in PHP!

Contact your web host and ask them to enable imagepng for PHP.