Recapping my day at BSidesCT 2017

CON 3 Minutes

I had the pleasure of spending the day at BSidesCT today, and wanted to share a few of the highlights. The full speaker lineup and more information about BSidesCT can be found here.

20171007_153110.jpg

The Badge

No CON is complete with a cool badge to write home about – and BSidesCT is no different.

 

The CON Organizers put together a GitHub Repo to help attendees take full advantage of the technology contained in the badge.

The Talks

All the talks I attended were really well put together, but I wanted to highlight two of them here.

Removing Haystacks to Find Needles – Playing to Our Strengths

by Monica Jain

This talk focused on eliminating the “Known Good” from your SIEM/Alerting scope to minimize the “noise” your SOC has to deal with, allowing them to focus on the “unknowns” – which could be malicious activities, or just new “Known Good” actions. Reducing the noise will allow your analysts to identify and investigate issues sooner.

Monica identified that the SOC Analysts have traits no technology can replace:

  • Security Intelligence
  • Tribal Knowledge
  • Intuition

By taking her approach to eliminate the “known good” Monica is attempting to empower the SOC Analysts to use these three skills to the fullest extent possible. She presented a case study where they were able to reduce response time for a specific incident from roughly 24 minutes, down to an average of just ONE minute – for the company involved this saved 1.5 FTE over the year – very cool stuff.

A few quotes I tried to capture during her talk:

How Should You Prepare for the Implementation of Connecticut’s New Cyber Strategy?

by Loren Dealy Mahler

I marked this talk as one I had to attend once the schedule went up – I work with many companies in the state of Connecticut, and I was eager to hear about the implications of the new Cybersecurity Strategy for Connecticut – especially coming from the perspective of someone with government policy experience.

This Strategy isn’t exactly introducing anything new – in fact there are several components that overlap with the recent release from NY DFS. Both documents focus on the Risk Assessment process, and they both stress the importance of an Organization’s Incident Response Plan.

Loren’s call to action:

Although there were going to be costs associated with meeting the requirements outlined in the Strategy, Loren made it clear that this doesn’t need to be another painful compliance task for CT Organizations, this can be a real opportunity. Being able to identify yourself as a true leader in the cybersecurity space will be differentiate that is continually gaining traction.

From the Connecticut Cybersecurity Strategy:

…managing cyber risks can provide a competitive advantage for Connecticut businesses, a more secure living environment for Connecticut residents and better stewardship of information and services by Connecticut state and local governments…

The CTF

Have no fear – there are no spoilers here.

This was my first CON where I took the plunge and spent a significant portion of my time working the CTF. I found the experience really entertaining, and ended up spending more time in the CTF room than I originally planned.

CTF.PNG

Being a complete newbie, I went right for the low hanging fruit. The “Something You Know” category turned out to be low value Flags (due to the number of people claiming them) but gave me a quick morale boost to jump into some of the more technical Challenges.

The next set of Challenges I took on were the “Analyze This” category – each Flag coming from a set of .pcap files. I learned a few new tricks, specifically for pulling files out of a .pcap for further analysis – so definitely a win/win there.

The one “barnacle_bill” Challenge I was able to solve ended up being so much simpler than I was making it. I spent countless minutes and several key entry attempts going well beyond what the Challenge was looking for. It finally clicked to K.I.S.S. and I was able to grab a few quick points.

In the end, I didn’t place as a highly ranked competitor (coming in at #13), but I had a great few hours and learned a few new tricks along the way.

//platform.twitter.com/widgets.js

Published by Sean

seangoodwin.blog

Published

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s