BSidesLV Day 2 Postmortem

Just wanted to follow-up with our article from yesterday on some of the going-ons at BSidesLV this year… Unfortunately, I took the morning off to pick up my badge for Defcon but did manage to catch some gems later in the afternoon.

How embracing social media helped me stop the hackers, save the world and get the girl!: Javvad “@J4vv4D” Malik touched on his three-year journey of transforming himself from an infosec faceless nobody to one of the top video podcasters in our community. Now, not only is he more well-known throughout the community but his “marketing” effort has created new opportunities and career options moving forward. In essence there isn’t one path to achieve what Javvad did. Each individual has to go through the trial-and-error process  to figure out how their passions align to existing gaps that could open up opportunities.

Malware Management Framework – We detected WinNTI with it!: Michael Gough put together an interesting concept based on an elimination-based approach to managing malware. The general idea involves making it easier to find the needle by removing the stuff you know is hay. Basically, you create a box with all the applications you think you are going to use and run a specific Md5deep64 command to get cryptographic hashes of all the files. Burn this data to a CD and keep it in a safe place. When you suspect a box is compromised, simply run Md5deep64 with a compare option to discover any differences and focus only on those files for analysis. Later this year at DerbyCon Michael plans on releasing a tool that simplifies this process using a GUI. Learn more about his technique over at MalwareManagementFramework.org.

Crunching the Top 10,000 Websites’ Password Policies and Controls: Steve “@stevewerby” Werby really did a lot of work to come up with this talk. Unfortunately, evaluating password policies of 10,000 different websites doesn’t lend itself well to automation. With this limitation in mind, the first part of his talk focused on how he conducted his research. Initially, he asked friends and family to check each website but soon realized this method would take a several years. Steve next turned to the Amazon Mechanical Turk marketplace to see if that service could speed things up. Think of Turk as EC2 but for crowdsourcing simple tasks. He touched on some lessons learned from using this service and closed with some interesting stats from the resulting research.

For these and many more talks from the conference, be sure to check out @irongeek_adc‘s BSidesLV 2013 Videos page.

#####

What were some of your favorite talks? Let us know in the comments below. Today’s post pic is from WePay.com. See ya!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.