BlackHat Conference 2013
Sending one of your key staff to Las Vegas during a really busy period of project work seems like a counter-productive business idea. But when the main driver for this is to get them further trained up with the latest Cyber Security skills, then it is a no brainer decision. Adam Williams is a really experienced programmer and has been with the borwell team since 2008. He is a really capable C++ and C# programmer. In fact, he’s a really capable IT professional. The global IT Security conference ‘Black Hat 2013’ was held in Las Vegas at the end of July.
This is unique opportunity for IT Security professionals to get together and have two days of training in the latest vulnerabilities and corresponding software development best practices, followed by a two day conference ‘Defcon21’.
It’s like nothing you’ll see at other conferences, with references to the recent PRISM project, and people having their head shaved. Dare you connect to the so-called ‘free Wi-Fi’. My advice to Adam was to take a new hard drive and scrap it after he returns to the UK. Of course, he could always use one of the many free memory sticks available, just pick one up. Go on!
Adam attended the “Advanced C/C++ Source Code Analysis” training course at the BlackHat Conference, where he learned new practices in auditing large bodies of unfamiliar source code for potential security vulnerabilities and issues. Sadly, the borwell team does many ‘project rescues’, where we are asked to look at an existing application in development, or completed. Techniques such as Fuzzing and binary analysis were on the itinerary.
Normally Adam can bypass the security model in five minutes. A few weeks ago, with the permission of the client, he did it in three minutes. Needless to say that the business owner is ‘terminating the contract’ with their current provider, and will be shortly handing over all the source code and design documents (if there are any) to Adam to audit, document, fix and test.
The course also covered a huge number of audit strategies, all of which we will take a look at in slower time. As well as photos, Adam has written up comprehensive notes for me and the borwell team to learn from and use.
The conference followed, and there were some amazing speakers including General Keith B. Alexander is the commander of U.S cyber command and director of the NSA. How cool is that! Another talk was titled “I can hear you now”, and this talk discussed cellular 2G/3G femtocells. The presenters explained how they had compromised a phone network, and then proceeded to reverse, modify and expose internal components which culminated in being able to listen in on calls, texts and data. A MITM (Man in the middle) attack but on a phone network!
BTW, the reason that I am writing this blog? Adam is now in California, San Diego or somewhere else exotic, taking some well-deserved leave. We look forward to him coming back to work, and taking us through his notes and learning how to help our customers become even more Cyber Savvy.
blachat – http://www.blackhat.com/us-13/
defcon – http://www.defcon.org/
Contact borwell if you want to make your business more cyber savvy! – https://borwell.com/#contact