BSides Raleigh 2017 – Хакеры, хакеры во всем мире

BSides Raleigh 2017 was last weekend, and it was another great year.

Introduction

This was my second year at BSides Raleigh, and I definitely still recommend going.

I was able to attend two talks (counting my own) this year, so that’s more than last year!

The venue was the same as last year, and a lot of the same vendors where there. That said, I convinced Secureworks to sponsor, so we had a booth there as well.

Training

I was able to attend An Introduction to Reverse Engineering with Binary Ninja by psifertex the day before the con.

This was a great course, and an even better reason for me to finally pick up a license.

I had never used Binary Ninja before, and Jordan did a great job balancing the introduction to the tool/RE in general. That said, I think this course could be even better if it was 2 days long.

I do have some ideas for uses now though, and I still want to finish up (and blog about) the bomb lab!

BSides Raleigh 2017 – Keynote

Cliff Stoll gave the keynote this year, and it was definitely a talk to catch.

If you’ve never read it, then I highly recommend The Cuckoo’s Egg. This is the book he is most known for, and what a lot of his keynote was about.

I wish that the organizers could post his talk online, but he asked them not to.

That said, it was a riveting talk with topics ranging from his book, to physics, and even to modern-day security/cellphones.

I’ve heard that it is very similar to his TED Talk, which I definitely need to check out.

Speaking

I was finally able to give my talk this year, albeit slightly modified.

We originally submitted our talk from CarolinaCon, “CTFs – Not Just for Halo”. That said, Jordan also submitted an awesome sounding talk about CTFs.

After talking with the organizers, we decided to combine both talks into one panel.

It was great being up there with Jordan, and most of EverSec was able to join in as well.

The crowd asked plenty of great questions about running and competing in CTF, and gave us lots of ideas. Additionally, we were able to interject with some stories and ideas of our own.

Hopefully this motivated even more people to run or take part in CTFs.

The video is not posted yet, but I’ll be sure to share it once it is.

CTF

While I wasn’t actually competing this year, I spent most of my time in the CTF area.

The CTF was again run by EverSec, and it was another good one. Some of the challenges were similar to last year’s, but there were a lot of new ones.

I helped everyone run it where necessary (though Gabe does most of this work), and gave out a few hints here and there.

The EverSec CTF operates in a mixed/scenario format, similarly to the DerbyCon CTF. A company got “hacked” and needed help finding out additional information for them.

That said, I ended up trying a few challenges to test them out and for future write-ups. Doing so, I accidentally ended up in fourth place.

BSides Raleigh 2017 - CTF Scoreboard

I didn’t actually accept any prize though, so my choice went to 5th place etc.

The challenges that I did complete were pretty fun though, so stay tuned for the write-ups.

First, I performed some NodeJS command injection and got a reverse shell from one of their systems.

Next, I solved an interesting crypto challenge that was giving other people some trouble.

Finally, I was able to hijack two of EverSec’s subdomains and post my Russian propaganda on them.

Towards the end of the CTF, Veracode ran another round of Hacker Jeopardy.

I didn’t compete in this either, partly because of how much I won last year, and partly to mess with Patrick. Even though I didn’t compete, I managed to win a nice windbreaker from the business card drawing before hand.

Speaker Gift

Another year, and another super awesome speaker gift! I again received a SneakyBook recycled book with a flask inside. They forgot I had already received one last year, but I was still glad to receive another.

BSides Raleigh 2017 - Speaker Book

BSides Raleigh 2017 - Sneaky Book

Just like last year, the flask was laser etched with the 2017 logo on the front, and my name on the back!

BSides Raleigh 2017 - Flask Front

BSides Raleigh 2017 - Flask Back

BSides Raleigh 2017 – Conclusion

Another awesome local con, and I cannot wait until next year.

If you have a talk idea? Submit it! If you have a company? Convince them to sponsor! If you’ve never been to a con before? Come to this one!

I’m already working on my talk idea for next year, and even some new CTF challenges.

doyler on Githubdoyler on Twitter
doyler
Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he's done it all. To show for it, he has obtained an OSCP, eCPPT, eWPT, eWPTX, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!

He currently serves as a Senior Penetration Testing Consultant for Secureworks. His previous position was a Senior Penetration Tester for a major financial institution.

When he's not figuring out what cert to get next (currently GXPN) or side project to work on, he enjoys playing video games, traveling, and watching sports.

Leave a Comment

Filed under Security Not Included

Leave a Reply

Your email address will not be published. Required fields are marked *

*