Bsides SF
Here are my notes from BSides SF at DNA Lounge. These will be fragments of notes. It is crowded and there aren’t so many great chances to type.
twitter api integrate (or scrape) - generate lists of conference attendees via hashtag- find all hashtag results, add them to list
MCs on the stage have mentioned wanting feedback on the event several times and I respect that.
“dynamically anti-clueful” (describing law enforcement learning about encryption)
DNA Lounge makes great pizza and has a cool stage.
There is a Lockpicking Village, of course.
I am hugely outnumbered by men but without ill effects other than a great deal of mild accidental bodyslamming, which is just the nature of the space, which is dark, loud, and without enough chairs.
The “quiet lounge” is good to have. It is dark, but pleasant. The outlets have been removed, sadly.
osquery + elastalert (opensourced](https://github.com/yelp/elastalert)
flatline - shows spikes in DNS block (collect info from DNS revolvers)
Today I have set up shortcuts to turn my laptop wifi on and off from the commandline in just a few easily-memorable characters. I am happy about this.
osxcollector has been open csourced
internal blacklists, shadowserver API
I saw two people that I know are on GAP’s security team here, which was cool.
OpenDNS Investigate API
interesting company: pluralsight
interesting company: cyberdark
https://github.com/yelp/threat_intel
phishtank.com - from open dns, crowd sourcing database
vpn setup an old topic but a nice guide
Breaking honeypots for fun and profit
The presenter started by saying that he has given this talk many times before. Is this meant to prove his credentials to the audience, or to make them feel like they are not having a valuable experience because they could just watch it online, probably from a much more comfortable seat?
The presenter’s company is called Cymmetria. He has crap slides, but eh.
honeypot strategy- one open port on each box, and when its pinged, then it blacklists that pinger with the firewall. So a pen tester will see the network go dark to them as they look at it.
“This is the grandma example of honeypots” :/ I really fucking hate it when people refer to a grandma as the ultimate non-technical / dumbing-it-down example. It’s both ageist and sexist. Also it is decreasingly accurate.
Types of decoys (honeypots): ambushes, low-interaction
“Honeypot or not?” (Honeyscore)
Conpot - simulates ICS / SCADA system - (industrial control system)
The presenter reviews 8 honeypot projects:
- artillery (complete with crappy girl-in-a-bar jokes dude seriously why are you embarrassing yourself like this)
- beartrap, fakes the service? ftp
- every ftp query returns “530”
- honeyd (more famous)
- Nova - implementing one service is not enough. gotta do enough to be believable
- kippo (stack overflow qustions lol) so hackers are worried about losing their tools- well, at least revealing them)
- (dionea)[http://dionea.carnivore.it] fixed nmap detection lol
- glastopf, emulates website,
- KFsensor
shodan of course
scans.io
Everything is Awful (and you’re not helping)
twitter is one big opsec failure. Hes from New Yrk, works for Yelp. “I’m here to tell you something that you already know- you work in information security, and everything is awful.”
“the internet of unpatchable shit” RSAC? slide? Shaun Penn?
Welcone to infosec, where Hanlon’s razor is dull- assume maliciousness, not stupidity.
“hackers steal a hospital in hollywood”
“digital parenting dashboard” wat? uknowkids.com - very dangerous if hacked, and very hackable.
“You don’t know who is (name)? How did you get IN here?” <- This is bad for a presenter to say, because it creates an artificial barrier to welcomeness within a community encourages others to judge each other based on recall of factoids which is not inherently valuable because they can just be looked up. factoids can stand in for actual knowledge.
essential vs accidental complexity
“APT breaking our cryptos”
“cryptography is typically bypassed, not penetrated”
“Is the internet on fire? probably! In fact, we have an openssl advisory coming up on tuesday! The internet is ALWAYS going to be on fire.”
“When you say ‘just do X’, stop talking. You don’t understand everything. You do not know everything. You are not experts on their situation.”
day 2
I moved a broken chair off to the side
I caught the last bit of the talk Sedating the Watchdog: Abusing Security Products to Bypass Windows Protections
Sweet Security: Deploying a Defensive Raspberry Pi (by Travis from Tripwire)
tripwire was acquired by belwire, industrial space
“Can I install antivirus on my toothbrush? Is my door lock safe from ShellShock?”
raspberry pints- kegerator software for rasberry pi!
raspbian - “good for noobs”
tool: Bro IDS
threat intelleigence for free “critical stack” company - known bad IPs, malware- free, intel.criticalstack.com
geoIP stuff, pagerduty for the home, GROK tool, installing elasticsearch sounds super easy
“kibana- visualization engine for this stack.”
that meditative state of mind while listening to lecture- not directly involved. a form of meditation.
check.torproject.org/exit_addresses
malwaredomainlist.com/hostlist/ip.txt
phishtank, open phish
greenbone security assistant, openVAS, Trend Micro “medieval looking routers” what they call “AI protection” meh, securityonion, Kali Linux for Pi, offensive-security.com/