BSides MCR 2019
You are here: Home \ Bsides \ BSides MCR 2019
10 September 2019 - 10:30, by , in Bsides, Conference, Security, No comments

This week I was one of the lucky people who got to go along to Bsides Manchester, and not for the first time the team blew me away. Over the years I have been to a few Bsides events and have to admit that I am one of the few who have grown tired of “another UK security conference” popping up. Before the claws come out I completely agree that having more locations allows more people to attend and that the fact Bsides Manchester sold out within a minute this year means something is going right.

 

Before the conference itself there is “Beersides”, where as the name suggests it’s a pre event where we drink beer, not only this there are some lightning talks to get attendees into the swing of things and allow people to practice talking in a more relaxed setting. This was a great night with some really interesting talks, unfortunately these aren’t available recorded as recording don’t start till the main day.

I saw a few talks at the conference; the first of which being “Navigating the Red Forest” by Derek Price, where he introduced us to the concept of Microsoft ESA, its security capabilities, and a small amount of how it is implemented. Looking at this from a Splunk state of mind, knowing identity when you are investigating any event in Splunk, whether it be security, ITops or just having a browse through is crucial. If we can’t track the who, we can’t know the why. Often AD data is the most scrambled unreliable data in Splunk so having a structured system that your internal team can quickly understand and navigate helps a lot.

 

Now I always love when I see a Splunk talk at a security conference, and its getting more and more common, the talk by Ross Bingham and Tom Macdonald; “ Getting Splunky with Lateral Movement – Attack Detect and Evade”, highlighted a lot more than just Splunk but really showed how knowing what to look for can mean with just a short simple search you can detect obvious signs of malicious activity or intent. What was great was seeing a different take on the “How to hack X” kind of talk and seeing what the more obvious tells are and how you can use these to help your Blue team, and then also they wouldn’t be a red team without throwing in how to evade detection. The talk really gave a clear path to help both red and blue teams work with data not against it. From speaking to the guys after around their work they explained how they “threw the environment together” to get the data required and do the investigation for their talk, which shows that with little initial Splunk knowledge and a lot of pouring through the docs it can become quite straightforward to do.

James Stevenson gave a talk around his research into using Natural Language to predict crime; “Profiling the Attacker | Using Natural Language Processing To Predict Crime”, the talk was an introduction to the work that he has left to carry out. Recently I have been researching a lot into machine learning for my talk at .conf so it was really helpful to have someone breakdown the concept of how the algorithm is likely to learn and open the discussion on how we should be monitoring and supervising this. I am looking forward to the work to come in the future.

 

The last talk I saw was “Losing Battles but winning wars” by Phil Lynch, not only was the thick Scottish accent really a delight to finish the day, the talk was light-hearted and went through some of the “oh for f sake” moments in the job. Which happen to everyone and are needed to show the new guys and gals coming in that one day everything is going to break on you, you’re going to not find anything or you’re going to stare at a screen for a long time just thinking “what” or “how’.

 

The whole day was full of great talks and even better people, I even managed to pick a lock after a very long tutorial from more people than it probably should have. I managed to recover my laptop with stickers after its untimely needed repair while giving money to charity at the sticker table (phones and laptop screens don’t mix well).

This year the after party had retro arcade games dotted around, another ingenious way to get people talking to people they haven’t met before and give everyone that needed 5 minutes from drinking beer. Thank you to Bsides Manchester for having me and keeping me fed for a day, can’t wait to see how it grows next year.

Some of the talks are available on YouTube : https://www.youtube.com/channel/UC1mLiimOTqZFK98VwM8Ke4w

 

 

About author:

Leave a Reply

Blog Stats

  • 2,314 hits

Post Calendar

September 2019
M T W T F S S
« Apr   Nov »
 1
2345678
9101112131415
16171819202122
23242526272829
30  

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 80 other subscribers.

Recent Posts: 13Fields

Splunk datetime.xml needs your attention! Deadline? 1st January 2020

Splunk datetime.xml needs your attention! Deadline? 1st January 2020

For all of you Splunk users out there listen up! There is an important issue you need to address with your Splunk deployments today. It’s recently been disclosed that there is a date-time configuration issue on the current versions of Splunk Enterprise which will cause issues with some data onboarding in your environments come 1st…

Conf 19 Retrospective

Conf 19 Retrospective

So it’s been a few weeks since the amazing event that was Splunk .Conf19 wrapped up in those amazing lights of the Las Vegas strip…. but we haven’t got over it just yet! At 13Fields we are still feeling the high of the amazing experiences, opportunities, announcements, partnerships, and social opportunities that have come out…

BSides MCR 2019

BSides MCR 2019

This week I was one of the lucky people who got to go along to Bsides Manchester, and not for the first time the team blew me away. Over the years I have been to a few Bsides events and have to admit that I am one of the few who have grown tired of…

Why a Narrative is just as important

Why a Narrative is just as important

We deal with terabytes of data each week; we see the power of this data unleashed in multiple clients and how it is empowering various functions to make smarter, quicker and better decisions to solve IT, Security and business challenges big and small. But, there is something that can just as, or even, more powerful…

Speaking at Bluecoat School Liverpool

Speaking at Bluecoat School Liverpool

Hay all, Paul here, writing up my feelings and experiences of speaking at the Bluecoat School Liverpool this week. To me, nothing is more important that having the opportunity to share, inspire and leas the next generation to believe they can change things, to do better, to take us further and bring new perspective to…