BsidesLA

I attended the BsideLA con at the Dockweiler Youth Center in LA this past Thursday Aug 18^th2011. The event had a nice turnout a bit less than anticipated though. The first talk was done by Kevin Albano & Christopher Price of Mandiant titled: Ankle Busters to the Wedge. It was a good talk and got people talking about the Advanced Persistent Threat (APT) as it relates to their environment. The one piece that I took away from this talk is the fact that many of the defense industrial companies that have a good or strong security teams that are following this type of attacks will continue to not disclose many of the attack discoveries. This I learned for good reason is that many of these attacks at first look like an easily found backdoor but upon further investigation (reverse malware) that there are many other hooks in the organization that may be dormant. They often lay that way till sufficient time has past for the organization to clean up the compromise and then to relax its security. This talk lead to many discussions after.

The next talk I thought was the best “Solving the US Cyber Challenge: Cyber Quest” by Skyler Onken a graduate student who is in the US Army. This presentation went over every question on the cyber challenge and how the solution was found. The interesting part of the talk was how the lack of practical knowledge is out there on how one does Incidence Response. This started the discussion about CISSP and how many who have that cert may know policy but are lost on the command line. I could not agree more.

The next talk “Weaponizing the Smartphone: Deploying the Perfect WMD” another good talk and something I need to look at when I get the time. The talk was about taking the HTC (AT&T Tilt2) smartphone and loading it with the WMD platform similar to the backtrack distro. Then Nicholas performed a typical attack using nmap, metasploit to gain access to a Windows Server 2003. The use of this type of tool on pentest is limitless and opens the door to different attack vectors.