Here is my wrap-up for the second day of the conference NoSuchCon organised in Paris. Where is the first wrap-up will you maybe ask? Due to an important last minute change in my planning, I just drove to Paris yesterday evening and missed the first day! This is the second edition of this French conference organised in Paris at the same place. A very nice location even if the audio/video devices are not of a top-quality. The event remains also the same: one single track with international speakers and talks oriented to “offensive” security. This year, I was invited to take part of the selection commitee.
This morning, I retweeted a link to an article (in Dutch) published by a Belgian newspaper. It looks that Belgian municipalities (small as well as largest) which do not properly secure their data could be fined in a near future! Public services manage a huge amount of private data about us. They know almost everything about our lifes! Increasing the security around these data looks a very good idea but… are fines a good idea? Fines are very repressive.
I’ll make a rough comparison with speeds tickets. I’m driving a lot, always on the road between two customers. More kilometers you spend on roads, more chances you have to be controlled by speed cameras. Sometimes, I receive a nice gift… a speed ticket! Ok, I admit: it’s frustrating. I’ve always the feeling to be 0wn3d but guess what? I just pay the bill and continue to use roads as before. This does not affect my way of driving, it is “part of the game”. I even know people who reserve a budget to pay their speed tickets! Just like any other risk, it can be quantified and we are free to take it into account … or not! Where is the breaking point between paying fines and driving slowly?
Here is a quick blogpost which might be helpful to the OpenVAS users. OpenVAS is a free vulnerability scanner maintained by a German company. Initiality, it was a fork of Nessus but today it has nothing in common with the commercial vulnerability scanners. OpenVAS is a good alternative to commercial solutions when you need to deploy a vulnerability management process and you lack of a decent budget. But, like many “free” solutions, it does not mean that they don’t have a cost associated to it. Particularly, OpenVAS is lacking of a good documentation, even if the users mailing list is quite active.
The third day is over! After the speaker dinner in a cool place and a very short night, I attended more talks today (no workshops). Let’s go for the daily quick wrap-up…
The second day is over! I’m just back from a great speaker dinner in Esch s/Alzette. It’s time to write a quick wrap-up. There was again some Cisco forensics workshops on the schedule, that’s why I was not able to attend all today’s talks.
The second day opened with Marion Marshalek‘s keynote called “TS/NOFORM“. This title is derived from the document classification used by the United States. Marion started with an nice introduction based on Starwars characters to finish by a fact: Today, it’s not Starwars anymore but Cyberwars! Cyber means a lot of threats, by example, the control of media, the intellectual property being stolen, nation states spying (and being hacked), the loss of corporate data. Then she explained in details how some malware were tracked. Interesting fact: it’s quite easy to detect the location/nationality of the malware developers by analysing the vocabulary and texts used in the code.
Hello Dear Readers, my agenda is quite hot at the moment, after attending BlackHat last week in Amsterdam, I’m now in Luxembourg until Friday to attend the 10th edition of Hack.lu. The conference organized in Luxembourg has already reached a decade! Congratulations to the organizers for the event that I’m attending since 2008! It remained since the beginning in my favorite top-three for the following reasons: nice atmosphere, good sizing (not to big not to small), most visitors are regular ones and allow me to meet them once (or two) times a year.
Yesterday evening, I had a nice dinner with awesome infosec folks. We faced a massive “Deny of Sushi” attack but we survived! So, I’m just back from Amsterdam and here is my small wrap-up for the second BlackHat day.
BlackHat is back in Amsterdam and here is my wrap-up for the first day. It rained all my way to Amsterdam this morning but it will not prevent motivated people to join the Amsterdam RAI where is organised this 2014 edition of BlackHat Europe! They moved from the center of the city to a bigger conference center. Nice place, but far away from bars and restaurants. After the classic registration process and a nice breakfast, let’s go with today’s talks. As usual, Jeff Moss opened the conference with some facts about the event. Interesting: this year 50% of the audience is coming for the first time! Fresh blood is always good. People came from 68 different countries (eg Brazil, Surinam, Ukraine,..). Jeff’s message was also: feel free to ask questions, participate and learn… The community is very important.
Once again, here is my quick review about the BruCON network that we deployed for our beloved attendees! Yes, we are glad to take care of your packets during the conference. Nothing changed since the last edition, we deployed the same network in the same venue with the same controls in place. But this year, the biggest change was our brand new wall of sheep…
When my friend Didier Stevens contacted me last year to help him with a BruCON 5×5 project, I simply could not decline! Didier developed a framework to perform forensic investigations on Cisco routers. His framework is called NAFT (“Network Appliance Forensic Toolkit”). It is written in Python and provides a good toolbox to extract juicy information from routers memory. From a development point of view, the framework was ready but Didier has the great idea to prepare a workshop to train student to analyze router memory images. The 5×5 project was accepted and thanks to the support of BruCON, it was possible to buy a bunch of Cisco routers to let students play with them. Why hardware routers and not simply a virtual lab (after all we are living in the virtualisation era)? For two main reasons: To avoid licensing issues and a virtual lab does not offer the ROMMON feature which is very useful to take a memory image of the router. The very first workshop was given last week during BruCON as a first premiere. With a fully booked room of people (40), it was a success and we already got good feedbacks. But not all people are able to attend security conferences and workshops, that’s why Didier had the idea to implement an online lab where registered people could perform the same investigations as in the live workshop. That’s where I was involved in the project!