So its the day after the conference and I sit here in bits. Unfortunately since friday i’ve been struck down with an attack of sciatica however I downed my ibuprofen along with a few paracetamol for good measure and drove the many hours up’t north and found myself in Sheffield at the best conference I have had the pleasure of attending thus far.
Robin (@digininja) appears to have taken all of the best bits from every conference out there and packaged them into one incredibly affordable weekend.
It started on the friday when arriving up in sheffield, the actual real conference starts on the saturday but there is a well publicised “pre-con” meet up in a local tavern. The best bit about this being a relatively new to the field (4ish years now) and shy as hell i’m not exactly known to anyone. I’m not in the league of sausages, I know a few testers and I can now recognise a few of the twitter legends I follow, but I’m not exactly on any invite lists for pre-con meetups or beers.
All of that doesn’t matter here, as its a publicised meet up, everyone rocks up and all of a sudden I’m talking to folk such as digininja, Finux DaveHardy20, FreakyClown, etc… people i’ve followed since starting out in the world of infosec, over a few beers and shooting some pool. There are no barriers and for someone who suffers from extreme social anxiety usually, I found it brilliant.
Saturday came and wow… again a brilliant setup. Breakfast provided for the attendees, a kids track that resulted in some AWESOME lego robotic RUBIK cube solvers, fantastic conference loot (loving the lockpicks from Mad.Bob) and a keynote by the one and only Campbell Murray (@xyz2k). Refreshingly a well balanced technical talk but also not too heavy for the first talk, opened the conference with a good few laughs #blindslided and left me nodding my head excessively at everything he had to say.
The Gist: Penetration Testing was never meant to be a test of compliance. (Checkbox Pentesting) and Red Teaming as we (the industry) call it is NOT Red Teaming…
Analogy: Red Teaming is taking a block of thermite to the hinges of a safe door and smashing it in with a sledgehammer
it’s how penetration testing should and used to be with a wide scope, a definition of the client’s crown jewels and an allowance for the testers to make use of their imagination, not for them to be constrained to arbitrary compliance objectives, low costs and unrealistic timelines.
Following up that talk I watched an exceedingly knowledgable Darren Martyn (@infodox – http://insecurety.net/) give a bloody blinder of a talk on hacking embedded devices. Not a talk aimed at those of you with exceptional hardware hacking experience but rather aimed at the low hanging fruit, through a series of examples and a detailed case study he illustrated just how easy it is to find these flaws and then to exploit them. If you run a home router, chances are it’s part of someone’s botnet, this stuff was ridiculously easy to do and has made it firmly onto my “to-do” research list.
A few more talks and a lunch that had more than enough food to share amongst the numerous attendees the next talk worthy of particular mention for me was Dave Hardy’s and Ben Turner’s talk on powershell and their work with the metasploit framework. These chaps have taken metasploit’s capabilities with powershell and made it bloody brilliant.
Gone are the days of running a single script and bodging scripts to work. They have created a full blown new “payload” type which returns you a full powershell session with backgrounding, the ability to actually interact with the objects returned as and when you require them and a whole series of utility post modules/scripts that make life even easier.
Evading AV? Powershell is easy mode right now for doing that, these chaps have modified inveigh (read: responder using powershell) in order to work appropriately with the new payload type, you can now invoke-mimikatz within a powershell session and essentially given the armoury of powershell scripts out there, you basically never have a reason to touch disk and therefore never get caught by AV.
Seriously, I can’t do their work justice with a simple write up as part of a post here but check out their websites and get the info.
http://www.hackwhackandsmack.com/
https://pentestn00b.wordpress.com/
https://www.nettitude.co.uk/interactive-powershell-session-via-metasploit
So that brings us to the closer where Harold and Kumar (FreakyClown and Dr Jessica Barker) went to White Castle and taught us to burn the motherf…ker down #pookie. Or rather gave us a disturbing account of how the infosec world could go. The issue we have as an industry is trying to sell what is basically ineffective, we scare-monger users and our sales staff promote new shiny bleeping blinky products until they are blue in the face but people don’t appear to respond as we believe they should and we say that it’s their problem. It isn’t, it’s ours and we as an industry need to drive a new approach.
Roll on to the evening party where netitude placed £3k behind the bar, I believe we achieved the goal of drinking the bar dry by about midnight. It was a brilliant evening, starting with a scavenger hunt, Dr Jessica Barker (@drjessicabarker) and FreakyClown (@__freakyclown__) led us all once again only this time into a quiz that proved I do not know my game consoles anywhere near as good as I thought I did but oddly I do know that Coco Chanel was the inventor of the Trouser Suit and “purdy” is a haircut. 🙂
Throw in some copious amounts of drinking with a few chaps from Prospective Risk, Netitude and others while being expertly chaperoned by a member of the SteelCon day staff who’s only name I remember is “Laura” and “Woody”.
The “Flatcappers” (the conference badge was a traditional flat cap) partied the night away and it all ended for me in the early hours of the sunday morning where I was left wondering “wtf!?” as we emerged to bright sunlight.
05:10am… bedtime, thank goodness for late checkout 😉
A truely fantastic conference with the right mix of tracks, talks and one that doesn’t just focus on the 9-6pm conference but one that really put the effort in around the sides to provide a cracking experience that will have me smashing that F5 key once again to grab a ticket next year.
For those of you that want more, on the Sunday they also had laser tag/quasar activities and pizza lunch planned out, I myself opted to sleep and neck paracetamol 😉
After a weekend of activity, my sciatica attack never did end and I was left crawling out of my car this evening poking at my medicine cabinet unable to stand up properly, trying to knock the dihydrocodine off the shelf so I may get some relief.
I may be in agony but every minute was worth it. I learned so much in the company of so many excellent people, it was worth every wimper.