Infosec Scribbles

April 26, 2013

B-Sides London 2013

This was my second time at B-Sides London and 3rd time at a huge hacking conference. But considering countless tech meetups, Abertay Ethical Hacking Society meetings and stuff like that one could say I am a frequent goer to such events.

Anyway,

Day 1: arrival

Remembering last year, on my way down to London I was checking what is happening the night before bsides. Last year DC4420 and 44Cafe came together for a social event after InfoSec. This year they were separated and apparently there was a third event by IOActive with open bar that I was not aware of at this point. Seeing how 44Cafe had the most talks lined up I headed their way.

44Cafe

A memorable talk was given by Steve Lord, who took the challenge of ripping some motherboard firmware into pieces in under 48 hours. He successfully completed the challenge and got those who could afford a drinking game in London (£4 drinks, not student friendly!) pretty hammered by getting them to down their drinks every time root access was on the screen.

Another talk was about bashing it out of Trusteer developers who apparently had problems with fixing bugs to put it softly. Some of the fellow students showed up with bags full of InfoSec swag. Everyone agreed that the exhibition was 110 and only worth noticing because of the freebies. I left early in order to be in shape for B-Sides London the next day.

Day 2: connect the underground

After seeing a fair share of professional talks over my two years in the UK the plan for B-Sides was to wander around and make random decisions on what to do. After all, you can hear about pentesting, malware and social engineering on every other event, but having some really awesome folks from MWR explain Android exploitation with Mercury to you from scratch in such a friendly manner is absolutely fantastic! Mercury is definitely first thing to try out on my list after the coursework is done.

B-Sides London 2013 Talks

The comic book in question

As for the talks, David Rook has some mad story-telling skills. He was also giving away comic books which served as slides for his talk. Quite interesting to see how security department grows with the company and how various decisions can affect the situation.

HTML5 talk by Ksenia Dmitrieva was fantastic. Especially due to the fact that I was experimenting with exactly these things - session storage and CORS - two days before the event, so it was still fresh and very relevant. Now I have an evil master plan on making my experimental code work with iframes and probably something to talk about at the hacking society next year. Also brilliantly delivered, props for the “all right, in this case I have a pre-recorded video where it works” trick.

Rookie Track

The apple of discord...

The Rookie Track is surely noteworthy. I managed to see the talk on Cyber Warfare by Konstantinia Charitoudi and it was interesting to see how people from around the world perceived what was happening next door to my school in Estonia in April 2007. As far as I am aware, the events had little to do with state-level cyber warfare and had lots to do with the emotional side of things - Russian botnet owners/hackers getting really pissed off and showing support to their people in Estonia. But lets not get sidetracked into politics too much.

I believe the Rookie Track was a great idea and hope that it stays a tradition - it brings new people into presenting talks and the 15-minute format of the talks should ease the stressful side of things. Especially with experienced mentors helping out the rookies, I expect it to be even more popular next time. Might submit a talk of my own! :)

Track 3 - On The Day

I would like to thank the person managing Track 3 on the day. The man was literally running around the conference looking for quality talks and people interested in seeing those. A talk on static code analysis by Paco Hope was somewhat relevant to my interests, because bugs lead to exploits! I expected to see a bunch of dead listings from IDA and instead got an overview of a broader picture and how static code analysis developed over time. Add Paco’s excellence at delivering talks and you get people caught up in a little programming languages holy war after the talk :)

#SWAG

Hackademics during lunch break

Our ethical hacking society had a great run this year with Securi-Tay 2 and the leadership did not miss the chance to advertise by wearing their hoodies with EHS symbolic and website address during the lunch break.

MWR InfoSecurity 2013 Design

B-Sides t-shirt this year does not have fancy hidden ASCII art on the back, but the logo is pretty cool by itself and makes up for that.

Exceeding their last year’s achievement at making a proper hacker t-shirt, this year MWR brought their 2013 design - “Rop & Roll”. Brilliant. The t-shirt will keep motivating me to work on the second year uni project (exploit development + DEP/ASLR) in the next four weeks, thanks!

Afterparty

Same as last year, happy people from MWR sponsored the afterparty. The Archangel night club was booked and with a few thousand pounds behind the bar there was enough food and alcohol for everyone. Live DJs provided the atmosphere and an amazing night put an end to an amazing day.

Yes, I am the guy who rushed to the dance floor once the first beats of drum and bass reached the speakers. Jumped out of a conversation with Steve Lord to get dancing - I am a hopeless drum and bass addict :( On a related note, I am one of the founding members of Russian Drum and Bass Dance Community and I recently started putting together an international version of it.

Day 3: the end

Surprisingly, morning hangover was not that bad and I even managed to go and pretend to be a 21-year old CIO at InfoSec to grab some of the remaining freebies. Being the only guy not in a suit at the event, I got fed up with 100% detection rates pretty quickly and decided to have a decent lunch at King’s Cross instead before catching my train.

A giant thank you goes out to the crew of B-Sides London 2013 and all of the sponsors! This was a fantastic community organized event covering a wide range of interests and providing all kinds of opportunities to those who attended. Thank you for connecting the underground!