Sweet Home Chicago

Well another year, another Chicago conference weekend in the books. Last weekend was the THOTCon/BsidesChicago tandem which started my conference circuit with THOTCon 0x2. Since then I’ve hit a number of conferences across the Midwest and even Ireland, but I went back to my home town to see old friends & make new ones.

You could tell that both conferences did their best to not only provide relevant content, but also create an atmosphere where people wanted to be and wanted to learn. The struggle with this is that without doing the traditional “conference setup” of rooms with chairs and permanent audio equipment you run into bleed over from “hallway con” or other areas. Both conferences struggle with this because of venue choices in Chicago. You are restricted based on your budget & locations that can hold hundreds of people, as well as public transit and a venue that can serve alcohol. That said, I think both did their best to reduce the noise so those who wanted to hear the talks could do so.

So regarding the presentations, I have to say it was difficult to do a “best of” on each. I was able to catch a number of them at both conferences and many had really relevant or interesting topics. I sat in on my friend @claudijd and his fiancée @L_ORA about a privilege escalation vulnerability in Cisco firewalls, as well as a talk by Joe Cicero on P.I.S.S.E.D. (Privacey In a Surveillance State, Evading Detection). Both were very detailed and gave a great overview on their topic. I had to give “best talk” to two different presentations for this one though. I couldn’t make up my mind on who presented better nor on what topic was better between them.

@wbm312 gave a great talk about the legal issues on taking devices across the border, including the fact that the US Government considers anything within 100 miles of a border, International Airport, or main body of water (Great Lakes, etc.) as the “constitution free zone“. This hit close to home as I just came back from visiting my girlfriend in Vancouver, BC.

@hacks4pancakes also did an outstanding job on her talk with the “Ten Commandments of Incident Response (For Hackers)”. It briefly touched on “burn out” which I believe is an issue in Information Security, but also gave lessons learned from her personal experiences. One main takeaway for me was the fact that technical skills are great, but let your technician work on the problem rather than sit in meetings asking when it will be finished.

Moving on to Saturday was BsidesChicago. A number of talks were given by coworkers or friends at this one. I had to leave a bit early as I was fading fast (whole introvert thing getting in the way), but I have to say I enjoyed @securitymoey’s talk on “InfoSec Big Joke – 3rd Party Assessments“. He brought up some pretty good points including vetting the answers that your service provider returns. If you aren’t doing it, no one is.

Overall I had a good time and got to hang out with some great friends that I don’t get to see often now that I’ve moved to “the mitten” of Michigan. Looking forward to seeing them all again soon & in the interim back to learning!

First working python code!

OK, so I decided I would write a temp converter for my first python program. It took me a few tries but it’s running now. It’s probably not the best way to code it, and I don’t have error handling in it but it runs!

Next steps:

  • Throw in an if statement for anything below absolute zero to return a message and exit
  • Return comment in response to an if statement for appropriate clothing to wear at the temperature entered
  • Error handling

If you have ideas of easy things to code for me to practice please let me know. I’ve already got one idea of a countdown to a specific day for a former coworker’s retirement so I may work on that this weekend too.

Code: http://pastebin.com/ZAtqqbab

How to focus on learning

So it seems that since my move life has been a bit of a blur. I’ve had to figure out where things are in the area, what vet to go to, get my license & plates changed over, and not the least of all, make sure all the bills get paid on time from the old house or the new apartment. While stressful, none of this is work related. I’ve been struggling to get time to sit down and learn new things like python scripting to plug into the API for the tool we use, or even get better with Linux to broaden my technical skills.

I even have an idea kicking around in my head for a talk the about the information security field and our constant thirst for knowledge but I haven’t had time to sit down and flesh it out. While some of you may be saying “yep, that’s life”, I wonder about those who struggle with time management and how they can continue to learn. When you have a long commute, or take care of a loved one (child or senior) in your off time, how do you manage to stay on top of things and remain relevant? Do you mainline espresso and forego sleep? Read articles when you’re on the train? Give up hobbies you loved in the past to keep up in the industry?

If you could leave a note and let me know what tips or tricks you can impart I’ll make them part of the talk I’m putting together regarding Infosec knowledge sharing.

THOTCon & Bsides Chicago

Well I’ve had a few days to recover from the awesomeness that is the Chicago Con Weekend. This year I was able to ride/stay with a friend from GrrCon who was attending with some coworkers, meaning the base for operations was in the city. This proved to be good for location but only average for room quality.

Friday morning we headed to THOTCon for networking, beer, food, talks, and just all-around awesomeness. Although I didn’t see all the talks I wanted, or the people I wanted to meet, I was able to catch the keynote, Ben Ten’s “Creating A Powerful User Defense Against Attackers”, James Arlen’s “The Message and The Messenger”, Cyberwar” with Josh Corman & Jericho, PhreakingGeek’s “Y U No Sanitize bro?” and David Schwartzberg’s “Fun with Exploit Kits for Tech Support”. You can find the information (but no recordings) at www.thotcon.org

Most of the talks I was able to see were good (the ones that weren’t don’t read my blog anyway). The information presented was relevant, and the speakers held their own on stage. James’ talk about presenting will help when I speak at GrrCon later this year, but I think the Cyberwar talk was by far my favorite. So much information was condensed into an hour talk it was hard to take it all in. What I did like was the discussion about the audience being a “cyber militia”. You do have to wonder if we all had to “fight” online, how many casualties would there be?

Saturday morning had us on the way to Bsides Chicago. This was set to be my first CTF experience and I wasn’t sure what to expect. I brought pretty much every piece of electronics I own with me and the weight of it tore my backpack. Learning how a CTF works and banging my head against the wall for most of the day was ironic when Nicolle Neulist’s talk about how to start with a CTF was at the end of the day 🙂

The CTF itself was not only brain-draining but a lot of fun! The challenges were set out in groups based on easy/hard/etc. When you get so close to solving one without knowing exactly what they are looking for, it can be frustrating, but seeing the points go up on the board makes it worth it. I was able to capture 8 flags total in what I feel was a respectable showing for a first-timer!

The THOTCon after-party was in downtown and had good food and drinks as well as DualCore on the mic for a short period. More people were met, more hands shaken, and more networking all the people!

All-in-all it was a great weekend and I’m glad I was able to see/make friends and most importantly learn a lot! Looking forward to Source Conference Dublin in a few weeks so I will see some of you again soon!

GrrCON & DerbyCon

Although this is quite late, I think I need to write a post on the amazing time that I had at GrrCON and DerbyCon.

Well I started out the long weekend with a trip up to the speaker dinner for GrrCON (They actually wanted me to present something! Joke was on them! 😉 hehe). Grand Rapids is around two hours from my house so it wasn’t a long trip to start. Dinner was good, and I had some good conversations with David Schwartzberg, Nick Percoco, and Rafal Los in addition to the organizers & presenters of the conference. What I was not aware of was that the person I was staying with that evening lived an hour outside of the Grand Rapids area. We didn’t leave the dinner until after midnight local time so sleep was hard to come by for the day of my talk.

When I got to GrrCON and finally downed enough coffee and sugar to stay alert the rest of the day, I proceeded to wander the floor. I spoke to a few vendors, said hi to some friends, and even caught a few talks before it was time for me to speak. My talk on Infosec Flameout seemed to go over well, and although I didn’t quite make the times that I did in practice sessions, I hit a respectable 17 minutes for a 25 min talk. This left time for some audience participation & questions, and there were quite a few great comments from some of the attendees. I not only was able to reconnect with some people I knew, but create some new friendships that have been really beneficial as well.

I took the lazy way out that evening and drove home to sleep in my own bed before heading down to Derby for the remainder of the weekend. The ~4 hour drive wasn’t too difficult and I was there in time for some of the talks on Friday evening. The two conferences definitely had some differences also. Where GrrCON was held in a conference center and had a more traditional feel, DerbyCon felt more like a bunch of friends hanging out at a hotel. Derby also seemed a little more hectic because of the amount of people in the setup at the hotel lobby.

The talks that I was able to catch at both events were pretty decent and I only walked out on one. I’ve listed each (except for the one I walked out on to protect the innocent) below if you want to watch them when they’re posted. Next year the organizers have also ensured that the two conferences are on different weekends so you can attend both. I will definitely be trying to go to both if possible. Guess that depends on if I can save enough pennies!

As I stated in my talk at GrrCON, networking with the community is incredibly important. You need to have friends, contacts, whatever you want to call them. They are invaluable for advice, help with finding a job, or just someone to bounce an idea off to see if you’re on the right track. So next time a conference is near you, get out there and get involved!

Talks at GrrCON:

  • House of Cards – How not to Collapse when Bad Things Happen – Rafal ‘Wh1t3Rabbit’ Los
  • Punch and Counter-punch with .Net Apps – J Wolfgang Goerlich
  • Mobile Attacks: What will the future bring? – Nick Percoco

Talks at DerbyCon:

  • Jayson E. Street – Securing the Internet: YOU’re doing it wrong (An INFOSEC Intervention)
  • James Arlen – Doubt – Deceit -Deficiency and Decency – a Decade of Disillusionment
  • Robert (Arch3Angel) Miller / Boris Sverdlik (JadedSecurity) / Rafal Los / Heather Pilkington /Krypt3ia – Bring your own doom or sane business decision
  • Michael Schearer – Flex your right constituion and political activism in the hacker community
  • Benjamin Mauch – Creating a powerful user defense against attackers
  • Boris – You Can’t Buy Security. Building an Open Sourced Information Security Program
  • Andy Cooper: Why Integgroll sucks at Python..And you can too
  • Chris Jenks: Intro to Linux system hardening

How I learned about file encryption

So a week or more ago I mentioned on Twitter that I would tell the horrible encryption failure I had when I first found out about how to encrypt data. When I first moved into Information security years ago, I learned about how you could encrypt data and no one would be able to view it without the key.

So I was running Windows XP at the time and I decided to play with the Windows EFS on my home machine. I encrypted my local “personal data” folder, and moved it off to secondary storage.  I was able to view it, open it, move it back and forth, etc. The time came to reload my machine. I was careful to move and verify all my data on the secondary storage, verified I could access it, open it, etc.

I proceeded to DBAN the local drive, reload the OS, install the applications, and when the time came to move the data over, I couldn’t open it. I thought “Hmm…that’s odd…” I proceeded to try to re-copy the data over to the local drive, and check a few of the attributes of the file before realizing that I had encrypted the files before moving them. I moved them to a NTFS drive, which meant it kept the encryption intact when I copied them to the external drive. I did my best google-fu to try to find any way to get this data back. The “personal data” contained family photos, my resume, web favorites, etc., so I was definitely not happy about losing it.

I even went so far as to ask a coworker to call in a favor to a friend at Microsoft. The reply was there was no backdoor/master key to get the data back again. I was learning a hard lesson in encryption really fast. Although I knew the passcode for the key, I was unable to retrieve the data. The good thing that it did was make me want to learn more about file encryption and what can/can’t be done with it.

I learned about file versus whole disk encryption, as well as where keys are stored. I also learned to be sure that no matter what, you move the keys if you’re going to wipe a drive! If I can offer anything to anyone about file encryption it would be to completely understand how it works before you play with live data when you have no other copy.

Also…if anyone breaks 256-AES EFS I’d like to chat with you 🙂

Treading water in the sea of knowledge

So I had this thought last night watching a video from SecurityTube (which is now my new video hangout place) about burp proxy. SecurityMoey mentioned it to me, I’ve talked about it in my presentation at BsidesDetroit, I’ve said it to people, but I haven’t done it myself lately…

Unplug.

When you’re swimming, you can only power-stroke so long before you become exhausted. You need to get out of the water, dry off, sleep, eat, de-prune yourself, etc. You get to the point that you can spend forever in the water until the only thing you can do is float or tread. The same is true for learning. I would assume this is the reason for summer break for school kids. They need time where they can “just be”. You need time where you aren’t constantly learning. You need to let your brain idle for a bit so you can go back at it with renewed vigor.

I started to realize that I wasn’t taking my own advice. I needed to take a step back, and watch a movie, play a game, or just sit and have a conversation with my family. So while I ordered a few new books, and I updated all my tools to play with, I think tonight will be a no twitter, no computer, no tech evening.

Anyone seen my towel? It’s time to dry off for a bit.