My post-Shmoocon recovery is taking a bit longer than usual but it’s finally come to that sad time in the year where I have to write an after-Firetalks post announcing the winners. Also, be sure to check out our Firetalks conference page to learn a little bit of history about Firetalks. Well on to the prize winners…
First Place: “Chronicles of a Malware Hunter”
by Tony Robinson (@da_667)
Over the past year, since I’ve joined [undisclosed] I’ve been given unparalleled freedom to go forth and Detect Evil, both in my role as a Security Analyst, and outside of my role as someone with far too much dedication to infosec. Come listen to me talk about some of the fun things I’ve observed over the past year, including inadvertently discovering an (at the time) an APT, a not-so APT, and learned that sharing is caring.
Second Place: “Collaborative Scanning with Minions – Sharing is Caring”
by Justin Warner (@sixdub)
As knowledge of advanced adversaries becomes more publicized, expectations for red teams to model their methods and procedures to emulate such adversaries increases. Network reconnaissance is a foundational component in a full-scope advanced engagement. An effective red team is able to conduct their reconnaissance while evading common detection capabilities. In this talk, I will release Minions, a proof-of-concept tool for flexible, distributed scanning at scale. Minions builds upon DNmap (developed by Sebastian Garcia), which is a Python script for the distribution of batch Nmap jobs across multiple scanning nodes. DNmap provides the core functionality for distributed scanning, but lacks a feature-rich interface to facilitate collaboration. Minions, however, will enable penetration testers and red teams to perform covert reconnaissance against target networks in an organized and efficient fashion. Utilizing a modified version of DNmap to distribute tasks, Minions can execute jobs across multiple scanning nodes with flexible profiles, scheduling, and more. With Minions, red teams or researchers can easily perform enumeration against large network ranges in a stealthy way, emulating the techniques of real-world adversaries.
Third Place: “Resource Public Key Infrastructure”
by Andrew Gallo (@akg1330)
Resource Public Key Infrastructure (RPKI) is a new security mechanism to address the problem of prefix hijacking on the Internet by establishing a cryptographically traceable trust chain to prove an organization has the authority to advertise a specific prefix. The problems addressed by RPKI will be introduced, specifically, the manual and error prone method of prefix and route filtering. Examples of BGP hijacks will be presented. The method used to verify prefix<->Autonomous System relationship will be reviewed. The current state of RPKI deployment will be discussed, with particular attention paid to impediments to deployment and failure scenarios not addressed by this technology.
Thanks to everyone for playing! See you all again next year!