BSidesRDU 2019 – Security Dumpster Fire

Yesterday (18 October) was BSidesRDU 2019, so it's time for another conference blog post!

BSidesRDU 2019 - Introduction

This was officially the second year of BSidesRDU, as the earlier iterations were BSides Raleigh.

The theme this year was Security Dumpster Fire, and it turned out awesome. There was even this sweet badge to go with the theme.

For another review, you can check out Steve's post.

BSidesRDU 2019 - Keynote

Chris Wysopal (WeldPond) gave the keynote address this year, and the topic was, "Security is already here – it’s just not evenly distributed yet".

I wish I could summarize this talk better, but I couldn't do it justice. Instead, I'll just give you the description from the website/pamplet:

"When the FBI is having a hissy fit because Apple can’t help them unlock the data on a phone you know it is pretty secure. On the other hand, there are products shipping with without signed updates and people still manage to make their S3 bucket world readable. The knowledge to build and operate secure systems is out there. Why don’t we implement it? This talk will take a look at how to distribute security more evenly across all technology."

I highly recommend watching this talk once the videos are posted.

Speaking

I spoke again this year, and it went well.

For starters, I made a "special request" as a speaker, and Patrick came through for me! Of course, I shared them with whoever asked, but it was still a fun time.

BSidesRDU 2019 - M&Ms

My topic was, "What is HTTPS, and Why Does It Matter?", and I had to go on stage right after the keynote!

BSidesRDU 2019 - HTTPS

This was the only conference that accepted this talk this year, so I'm glad that I got the opportunity to present it.

I'll have the slides (and videos) up soon, but please let me know if you have any questions or comments in the meantime.

Special shout-out to Rebecca for paying attention to my slides!

BSidesRDU 2019 - Paying attention

The only other talk that I made it to this year was Rebecca's, "Extinguishing the Vulnerability Management Dumpster Fire". This was another good one that was both fun and informative. I also recommend checking it out once BSidesRDU posts the videos.

Booth(s) Babe

I spent a little time helping at our booth, but I wasn't officially scheduled to spend any time there.

That said, a few of my co-workers held it down, and rocked our orange.

BSidesRDU 2019 - Avalara

I also made sure to harass and catch up with Michael and the rest of the SwAG crew that came out.

BSidesRDU 2019 - SwAG 1

BSidesRDU 2019 - SwAG 2

CTF

Another BSides, and another CTF by EverSec CTF.

This year went well, and even better with the gear we got from the DerbyCon crew!

We had over 50 participants/teams, and there were only a few issues, but no actual server fires again!

I also wanted to thank strupo, and anyone else that helped at the CTF noobs table.

The prizes this year were awesome, and I wanted to thank everyone who donated them or time.

From eLearnSecurity, we got an eCPPT voucher and eJPT voucher, which went to 1st and 3rd place respectively.

We also got a SANS NetWars voucher, which went to 2nd place.

Finally, we got an AWESOME trophy, made by the amazing JoyKil.

BSidesRDU 2019 - Trophy

Also, if you did not see her leggings, then you really missed out!

In the end, Cos1ne ended up on top, with a decent lead.

BSidesRDU 2019 - CTF Scoreboard

I've got at least one, if not more, write-ups for challenges that I wrote or solved. In the meantime, I recommend you check-out Steve's write-ups for the challenges that he created.

Speaker Gift/Dinner

Just like 2017 and 2016, I got a special speaker's gift from the crew!

This was another sneaky book, which was is so cool.

BSidesRDU 2019 - Sneaky Book

The conference logo for this year was laser etched on the front.

BSidesRDU 2019 - Flask

And, like before, my name was etched onto the back!

BSidesRDU 2019 - Flask back

There was also a speaker dinner the night before at Blue Corn Cafe. This was a fun time, and I had some pretty awesome food.

This is one of the best conferences for speakers, and you feel appreciated when you give a talk here.

BSidesRDU 2019 - Conclusion

There was no hacker Jeopardy this year, but that is my only complaint (other than location).

If you live anywhere near the Triangle, then I highly recommend that you head to this con next year.

Not sure what my topic for next year will be, but I've already got ideas for new CTF challenges.

Finally, my bookshelf is getting fuller year by year!

BSidesRDU 2019 - Bookshelf

doyler on Githubdoyler on Twitter
doyler
Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he's done it all. To show for it, he has obtained an OSCE, OSCP, eCPPT, GXPN, eWPT, eWPTX, SLAE, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!

He currently serves as a Senior Staff Adversarial Engineer for Avalara, and his previous position was a Principal Penetration Testing Consultant for Secureworks.

When he's not figuring out what cert to get next or side project to work on, he enjoys playing video games, traveling, and watching sports.

Common passed on this blog, I made it to a jam.

Leave a Comment

Filed under Security Not Included

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.