JonTheNiceGuy and "The Chief" Peter Bleksley at BSides Liverpool 2019

Review of BSIDES Liverpool 2019

I had the privilege today to attend BSIDES Liverpool 2019. BSIDES is a infosec community conference. The majority of the talks were recorded, and I can strongly recommend making your way through the content when it becomes available.

Full disclosure: While my employer is a sponsor, I was not there to represent the company, I was just enjoying the show. A former colleague (good friend and, while he was still employed by Fujitsu, an FDE – so I think he still is one) is one of the organisers team.

The first talk I saw (aside from the welcome speech) was the keynote by Omri Segev Moyal (@gelossnake) about how to use serverless technologies (like AWS Lambda) to build a malware research platform. The key takeaway I have from that talk was how easy it is to build a simple python lambda script using Chalice. That was fantastic, and I’m looking forward to trying some things with that service!

For various reasons (mostly because I got talking to people), I missed the rest of the morning tracks except for the last talk before lunch. I heard great things about the Career Advice talk by Martin King, and the Social Engineering talk by Tom H, but will need to catch up on those on the videos released after.

Just before lunch we received a talk from “The Chief” (from the Channel 4 TV Series “Hunted”), Peter Bleksley, about an investigation he’s currently involved in. This was quite an intense session, and his history (the first 1/4 of his talk) was very interesting. Just before he went in for his talk, I got a selfie with him (which is the “Featured Image” for this post :) )

After lunch, I sat on the Rookies Track, and saw three fantastic talks, from Chrissi Robertson (@frootware) on Imposter Syndrome, Matt (@reversetor) on “Privacy in the age of Convenience” (reminding me of one of my very early talks at OggCamp/BarCamp Manchester) and Jan (@janfajfer) about detecting data leaks on mobile devices with EVPN. All three speakers were fab and nailed their content.

Next up was an unrecorded talk by Jamie (@2sec4u) about WannaCry, as he was part of the company who discovered the “Kill-Switch” domain. He gave a very detailed overview of the timeline about WannaCry, the current situation of the kill-switch, and a view on some of the data from infected-but-dormant machines which are still trying to reach the kill-switch. A very scary but well explained talk. Also, memes and rude words, but it’s clearly a subject that needed some levity, being part of a frankly rubbish set of circumstances.

After that was a talk from (two-out-of-six of) The Beer Farmers. This was a talk (mostly) about privacy and the lack of it from the social media systems of Facebook, Twitter and Google. As I listen to The Many Hats Club podcast, on which the Beer Farmers occasionally appear, it was a great experience matching faces to voices.

We finished the day on a talk by Finux (@f1nux) about Machiavelli as his writings (in the form of “The Prince”) would apply to Infosec. I was tempted to take a whole slew of photos of the slide deck, but figured I’d just wait for the video to be released, as it would, I’m sure, make more sense in context.

There was a closing talk, and then everyone retired to the bar. All in all, a great day, and I’m really glad I got the opportunity to go (thanks for your ticket Paul (@s7v7ns) – you missed out mate!)

TCPDump Made Easier Parody Book Cover, with the subtitle "Who actually understands all those switches?"

One to use: tcpdump101.com

I’m sure that anyone doing operational work has been asked at some point if you can run a “TCPDump” on something, or if you could get a “packet capture” – if you have, this tool (as spotted on the Check Point community sites) might help you!

https://tcpdump101.com

Using simple drop-down fields for filters and options and using simple prompts, this tool tells you how to run each of the packet capturing commands for common firewall products (FortiGate, ASA, Check Point) and the more generic tcpdump tool (indicated by a Linux Penguin, but it runs on all major desktop and server OSs, as well as rooted Android devices).

Well worth a check out!

Game Review – Kingdomino

Today saw a new game added to our collection – Kingdomino by Blue Orange.

In Kingdomino, you play the ruler of a single square of land, and each turn you compete with the other players to select which piece you get to play into your kingdom next. Each piece has a value on it’s back ranging between 1 and 48, with the lower rated pieces having less chance of increasing the value of your kingdom, and the higher value pieces (complete with crowns) helping each patch score more points.

The game is pretty quick to pick up (match at least one side of your tile with another piece you’ve played already, maximum board size of a 5×5 grid, the crowns offer a way to score points, multiplied by the size of the patch of same-land-types) and easy enough to play that my 3-year-old managed it. Two determined adults (Jules and I) got through two games in 30 minutes. The kids took a little longer (but not by much).

Make sure you have something to tot up the scores at the end though!

Book Review – “For The Win” and “Makers” by Cory Doctorow

I read my first Cory Doctorow book a month-or-so before the first OggCamp, September 2009. It was “Little Brother”, a “young adult” book about rebelling against the panopticon that was being created by the War on Terror. It made such an impact on me that I gave a talk at OggCamp about the technologies discussed in the book (primarily Tor and PGP) and their role in society. It went down well enough that I gave that talk again at BarCamp Manchester… a talk on a technology I’d not heard of two months before, and had significantly changed my views on how much I wanted to share with faceless companies and organisations.

My next Doctorow book was an audiobook version of “Eastern Standard Tribe”, which I only really was focused on the first chapter (it’s hard to be focused on audio when you’re as much of a magpie as I am) but it made me want to build a chording computer keyboard to use with my mobile phone after a passing comment in the opening chapter.

Last month, I heard that “For The Win”, a follow up Young Adult story had been released, so I eagerly reserved it from my local library and noticed that “Makers”, a more adult novel, had also been released, so I reserved that too.

A colleague knew that I’d read and loved “Little Brother” so asked me to tell him what I thought of “For The Win”. I read it in a couple of days. Sadly, it’s not a good book and it’s far too fragmented to tell the story in a way that you could stop for a couple of days and come back to it. It’s also desperate to explain the subtle nuances of in-game economies and unions – neither of which particularly interested me. By the end of the book, I was left wondering what the point had been – there was no real conclusion and while a battle had been won, it was clear the war was far from over. The characters all ran together and a lot of the characters were little more than stereotypical extras, whether that was racially stereotypical, gender or even ageist.

I left that book sad that I’d read it… but, I had another Cory book to read. After all, the recent books can’t *all* be stinkers, right?

I picked up “Makers” and started reading. It’s a thicker book, and this took me nearly four days to read… although admittedly, I was building a new server part way through days two and three.

This was more like the story I’d hoped “For The Win” would be. It’s a three part story; part one is about the friendship between the two lead characters, the commercialisation and massive growth of their hobby-cum-career. Part two is where that growth suddenly died, taking all the jobs with it, and their homage to “New Work” – the name given to the outcome of part one. Part three is where a mega-corp notices they’re losing money to the homage (called “The Ride”) and they try to destroy it.

It describes my experiences and hopes for the hacker culture perfectly, wanting to build something for the sake of it, discussing the concepts behind making something great from something passé and the ideas behind making an open API to let anyone play with your ideas. It also suggests how big business doesn’t “get” the hacker culture. As with much of Cory’s work, there’s lots of scope to implement his ideas in the real world, and some of the projects he mentions, I’d love to set up at my local hackspace.

The only downside I’ve found with “Makers” is that I think there’s a lot of sex in it, both implied and referred to… I guess I don’t see the relevance in a sex scene unless it’s key to the characters growth, and in “Makers” you could have removed 3/4 of the sex scenes and it would have been mostly the same book. I realise it explains some of the decisions in the book and gives some colour to the characters, but one of the side effects is that it means I can’t give this book to my 13 year old cousin – hell, I can’t even give him “Little Brother” because of the single solitary, and destinctly unnecessary sex scene 2/3rds of the way through the book.

In summary, I’d skip “For The Win”, and read “Makers”. 2/5 and 4/5 respectively.