BSides Winnipeg 2013

Saturday, November 16th, 2013

Sunday, November 17th, 2013

An analysis of the current FUD surrounding the Cyber Threat Intelligence industry. The presentation will explore how you get to call yourself one and illustrate how a lot of folks are making a lot of money "guessing" about the bad guys. The presentation will illustrate how Cyber Threat Intelligence will possibly, maybe, perhaps, perchance, conceivably, feasibly, imaginably, plausibly, give your organization success in fending off cyber-attacks. The presentation will take a light hearted look at the future of Cyber Threat Intelligence and how guessing enough times will statistically increase the likelihood you will get something right. The conclusion will allow for audience participation as we walk through a cyber-crisis and decide if the Cyber Threat Intelligence Analyst should be "fired" or "hired", Donald Trump style.

Ian Trump is an ITIL certified Information Technology (IT) consultant with fifteen years of experience in IT security and information technology. As a project and operational resource, Ian has functioned as an IT business analyst, project coordinator and as a senior technical security resource as required. Ian's broad experience on security integration projects, facilitating technological change and promoting security best practices have been embraced and endorsed by his industry peers.

Ian enjoys and maintains a strong commitment to the security community; he is a board member of the Computer Information Processing Society (CIPS) Manitoba as well as an editorial review board member for The EDP Audit, Control, and Security Newsletter (EDPACS). From 1989–1992, Ian served with the Canadian Forces (CF), Military Intelligence Branch; in 2002, he joined the CF Military Police Reserves and has retired as a part-time CF Public Affairs Officer. He is currently the lead architect on the Canadian Cyber Defence Challenge and serves as a board member and treasurer for Canada's largest hackerspace, SkullSpace.

There is a divide between the so-called "security/technical" people and the "business" people. We've all heard about how we need to "speak the language of business" and "get soft skills" to succeed. However, even after decades of trying, the divide still exists. Why does it seem that we never make progress? Are we truly not improving? Is the goal receding as we chase it?

This presentation posits that we've been making a fundamental error in trying to explain things to people outside our field. One thing that people-oriented people do naturally and technically-oriented people do not is communicate with others using the target's metaphors. By taking this approach and translating issues into different frames of reference, more time is spent exploring the issue instead of arguing over why it matters.

By focusing first on being understood and second on the specific issues, rapport can be built and, over time, you can get the resources you need to win more battles.

Josh is a security consultant who blends agile/lean methodologies with practical security operations. He is also known as the Security Comic Book Guy for this. Josh is a published author, having written Assessing Vendors, and is currently working on his next book, Job Reconnaissance. You can find out more about him at his personal website, www.starmind.org.

The Canadian Cyber Defence Challenge, which took place at Red River College on May 13 of this year, was an "event driven, time constrained, full-spectrum cyber defence challenge" for the high school teams that participated. With the leadership of Ian Trump, Jared Bater (MERLIN) and Chris Kluka (Daemon Defense) were charged with building a robust, fully-contained, and high-performing system to support ~70 high-school cyber-defenders at any facility and at short notice.

The hosting facilities at Daemon Defense and MERLIN at the University of Manitoba would house the games' heavily-virtualized infrastructure, fat pipes to Internet and related research/education and content provider networks. At the game site would be our cyber defenders, red team, support staff, and media. They needed a solid, tightly contained network between the two sites, and an incredibly nimble and highly performing back-end to respond to the high peak usage, time-constrained event.

The CDC pulled the event together, seemingly out of thin air, by asking for help from Ian Trump. Ian brought Jared and Chris in to provide donated network and server resources. These resources would have easily cost tens of thousands of dollars for the CDC to procure. However, due to their virtualizable nature, they were able to implement enough compute and network resources to provision 144 virtual machines on loaned hardware.

In this presentation Jared and Chris will show off what they did, and discuss how they can do it better next time.

The future holds many more demands: an order of magnitude more teams, many more concurrent game sites across Canada, and a need to scale network, security, storage, compute, memory, and operational capability. We plan to heavily leverage virtualized networking, virtualized compute and virtualized storage to stand up an extraordinary game experience for short periods of time, with the ability to do it all again in short order (on the road where needed), all on a reasonable dime.

Jared is a network design and security guy with a day job in K-12 education. He is passionate about diving into the truth that is the packet trace, and about solving real-world problems below layer 8.

Chris is an IT Systems Infrastructure Architect. He builds hypervisor clusters and enterprise networks for professional sports, financial, educational, and content distribution clients. His recent projects have included: the Investors Group Field (the new home of the Winnipeg Blue Bombers), the McMichael Canadian Art Collection (Vaughan, Ontario), the Canadian Museum for Human Rights, and the Affinity Credit Union.

This talk will cover the creation of bots. Specifically, it will focus on @abotlafia, a Twitter bot inspired by the "bot" in Umberto Eco’s 1988 novel Foucault’s Pendulum. The talk will demonstrate how little code is required to create automated accounts on Twitter. This will be followed by a discussion of the security/ethical implications of algorithmic social media accounts, and the possibility of a future where we are unable to determine who is real and who is a bot on the Internet.

Kyle is a Winnipeg based computer engineer, web coder, and artist. He is a co-founder of Open Democracy Manitoba, a volunteer organization dedicated to political education and the empowerment of local voters. Their most recent projects, ManitobaElection.ca and WinnipegElection.ca, have helped over eighty thousand local voters research their candidates and better understand the electoral process. Separately, as a coding instructor at Red River College, Kyle challenges and inspires the next generation of Manitoban web and app innovators.

(Abstract Unavailable)

Les is a telecommunications super hero. He single handedly built, and owns a CRTC regulated Class-1 facilities based CLEC (Competitive Local Exchange Carrier). LES.NET is one of the 52ish phone companies in Canada, and has the largest SIP/VoIP coverage of any provider in Manitoba.

This presentation will discuss information security penetration testing methodology, and how portions of the test process may be automated. The analysis of test results can be made more efficient through development of additional tools to assist the analyst. The Open Source Security Assessment Management System (OSSAMS) will be presented, which is a framework for the automation, data collection, analysis, and reporting in penetration testing and vulnerability assessment efforts. OSSAMS is written in Python and allows for the processing of tool results, parsing and normalizing the data, extraction of meaningful information via query, and more effective analysis.

Adrien is a senior Information Security Consultant with Intru-Shun.ca Inc., experienced in penetration testing and incident response. He also holds the ISC2 CISSP, GXPN (GIAC Exploit Researcher and Advanced Penetration Tester), GWAPT (GIAC Web Application Penetration Tester), GPEN (GIAC Penetration Tester), GCIH (GIAC Certified Incident Handler), GCIA (GIAC Certified Intrusion Analyst), GSEC (GIAC Security Essentials), OPST (OSSTMM Professional Security Tester), and OPSA (OSSTMM Professional Security Analyst) certifications. As a volunteer member of the SANS Internet Storm Center (isc.sans.edu) he performs incident handling and threat analysis duties. When not geeking out Adrien can be found with his family, or at the dojo.

Solid state storage devices provide many performance improvements but they also change how data is managed at the physical layer. Those changes lead to new opportunities for the extraction of sensitive data. This talk will outline how SSDs work, how they are managed, how this can be exploited, and what we can do to mitigate the risks.

Michael is a Senior Instructor in the Department of Computer Science at the University of Manitoba. In addition to being the best Computer Science instructor around (opinions may differ), he has developed a number of vehicular embedded systems, including transmission controllers and instrument clusters. Michael also developed a go kart engine controller that receives commands via a custom designed handheld device, over a radio protocol of his own design.

Mike will discuss areas of experimentation and research for NFC and RFID harvesting including the best ways to make your own long range antennas for NFC reading, and the most interesting hardware builds that you can create to harvest data for close or wide range target applications. Physical hardware examples will be made available throughout the day for experimentation.

Michael is an entrepreneur in the security industry who focuses on innovative approaches to building things that secure large enterprise. As a security practitioner, Michael spends his time on researching topics that impact security architecture, risk assessment and forensic procedure, working with folks across the globe to try making things better one day at a time.

Theo will discuss the day-to-day challenges that face an established Internet Service Provider (ISP). Topics to be discussed will include knowing/monitoring/defending your network, and specific threats to ISPs operations.

Theo is a senior Systems/Network Administrator with Voi Networks Inc., experienced in the design and operation of ISPs in Manitoba. He has been involved with the creation, operations and security at several small to medium sized ISPs in Manitoba over the past decade. He previously ran wpgwifi.com to raise awareness about wireless security before 802.11n became prevalent.

This presentation will discuss the sorts of data sources available to network operators and big companies running their network, and how to sort through that data to find abuse, malicious activity, and malware.

The bulk of the focus of the presentation will be on detecting botnet Command and Control (C&C) but will definitely cover drive by exploits and other things too. A big focus will be on transparent HTTP proxy logs (like the stuff you get out of WebSense or BlueCoat or Web Security Appliance) but mining other data sources including passive DNS queries will be covered.

Brandon got his start in security by contributing to the Nmap project. From 2007–2011 he did a lot of work on malware and botnet architecture and C&C. This included building a P2P crawler to enumerate and measure the entire Stormworm botnet.

Brandon also dabbles in cryptography and helped knock two hash proposals out of the SHA-3 hash competition (Spectral Hash and NKS2D).

Motivations for operating an offline bitcoin wallet will be explained and security risks associated with obtaining and relying on such software will be examined. The practicality of performing software audits will be discussed, with the size of Armory's code as an example. A small, offline bitcoin wallet implementation will be demonstrated and auditability examined. The presentation will conclude with the potential useful role for self-programmable retro computers under more paranoid circumstances.

(Bio Unavailable)

This talk will be an introduction to the USB protocol at the packet level, leading into an overview of a hardware device that sniffs the USB data of a connection by sitting on the wire between the two endpoints — host and device. Also covered will be the analysis of a USB device through PCAP analysis.

Richard has his P. Eng., and is an instructor at the University of Manitoba's School of Medical Rehabilitation. While his courses and research are primarily in the field of assistive technology, information security and reverse engineering have been of interest to him since his early days of programming on the TRS-80, Commodore VIC-20, and Apple IIe.

Chris is a senior developer at Novra Technologies in Winnipeg. He has over 15 years of experience, both personal and professional, designing and developing various systems and products ranging from embedded controllers and interfaces, mobile Android application development, to developing parts of DB2.

How to kill, analyze and protect Internet Exchange Infrastructure using ARP protocol.

Sergii is the Creator of UA-IX (world #5 ranked by volume of traffic), Giganet IXP, and WPG-IX. Formerly, he was a European IPv6 evangelist.

Yvan will talk about the pitfalls, challenges, and humour of running security in an open source project, including bug bounty programs, funny incidents, and bug reports. Along the way he will also share information that other teams can learn from and the value of being open and honest about security issues.

Yvan works on building communities in the regions he live in. While in Winnipeg, he ran the OWASP Winnipeg chapter and was involved with IPAM; now in Vancouver, he runs OWASP and participates in teaching the tech community about security.

Yvan manages Web sites and service security for Mozilla; they have hundreds of sites that serve literally hundreds of millions of users, and support Firefox, Firefox for Android, Mozilla Thunderbird, and Firefox OS. He also designed Minion, an open source security as a service. He has presented at AppSecUSA, BSidesSF, BSidesSeattle, and organized BSidesVancouver, and delivered several presentations on air.mozilla.org. He has given guest lectures at several academic institutions, including Red River Community College and the University of Winnipeg.

The closing ceremony consisted of thanking our sponsors, giving our Tier 3 sponsors time to address the attendees, and announcing the winners of the CTF.