This week I was one of the lucky people who got to go along to Bsides Manchester, and not for the first time the team blew me away. Over the years I have been to a few Bsides events and have to admit that I am one of the few who have grown tired of “another UK security conference” popping up. Before the claws come out I completely agree that having more locations allows more people to attend and that the fact Bsides Manchester sold out within a minute this year means something is going right.
Before the conference itself there is “Beersides”, where as the name suggests it’s a pre event where we drink beer, not only this there are some lightning talks to get attendees into the swing of things and allow people to practice talking in a more relaxed setting. This was a great night with some really interesting talks, unfortunately these aren’t available recorded as recording don’t start till the main day.
I saw a few talks at the conference; the first of which being “Navigating the Red Forest” by Derek Price, where he introduced us to the concept of Microsoft ESA, its security capabilities, and a small amount of how it is implemented. Looking at this from a Splunk state of mind, knowing identity when you are investigating any event in Splunk, whether it be security, ITops or just having a browse through is crucial. If we can’t track the who, we can’t know the why. Often AD data is the most scrambled unreliable data in Splunk so having a structured system that your internal team can quickly understand and navigate helps a lot.
Now I always love when I see a Splunk talk at a security conference, and its getting more and more common, the talk by Ross Bingham and Tom Macdonald; “ Getting Splunky with Lateral Movement – Attack Detect and Evade”, highlighted a lot more than just Splunk but really showed how knowing what to look for can mean with just a short simple search you can detect obvious signs of malicious activity or intent. What was great was seeing a different take on the “How to hack X” kind of talk and seeing what the more obvious tells are and how you can use these to help your Blue team, and then also they wouldn’t be a red team without throwing in how to evade detection. The talk really gave a clear path to help both red and blue teams work with data not against it. From speaking to the guys after around their work they explained how they “threw the environment together” to get the data required and do the investigation for their talk, which shows that with little initial Splunk knowledge and a lot of pouring through the docs it can become quite straightforward to do.
James Stevenson gave a talk around his research into using Natural Language to predict crime; “Profiling the Attacker | Using Natural Language Processing To Predict Crime”, the talk was an introduction to the work that he has left to carry out. Recently I have been researching a lot into machine learning for my talk at .conf so it was really helpful to have someone breakdown the concept of how the algorithm is likely to learn and open the discussion on how we should be monitoring and supervising this. I am looking forward to the work to come in the future.
The last talk I saw was “Losing Battles but winning wars” by Phil Lynch, not only was the thick Scottish accent really a delight to finish the day, the talk was light-hearted and went through some of the “oh for f sake” moments in the job. Which happen to everyone and are needed to show the new guys and gals coming in that one day everything is going to break on you, you’re going to not find anything or you’re going to stare at a screen for a long time just thinking “what” or “how’.
The whole day was full of great talks and even better people, I even managed to pick a lock after a very long tutorial from more people than it probably should have. I managed to recover my laptop with stickers after its untimely needed repair while giving money to charity at the sticker table (phones and laptop screens don’t mix well).
This year the after party had retro arcade games dotted around, another ingenious way to get people talking to people they haven’t met before and give everyone that needed 5 minutes from drinking beer. Thank you to Bsides Manchester for having me and keeping me fed for a day, can’t wait to see how it grows next year.
Some of the talks are available on YouTube : https://www.youtube.com/channel/UC1mLiimOTqZFK98VwM8Ke4w