16 Sep 2022
Blogs
BSides Melbourne is a not-for-profit event that is wholly run by volunteers for the benefit of the community. It’s a community-driven conference that encourages and welcomes first-time speakers and students along with industry professionals, experienced and new alike!
AUSCERT was delighted to sponsor the event, providing the tote bags for all attendees to fill with the array of goodies on offer. Some of the AUSCERT team ventured south to participate in the long-awaited (thanks to COVID delays) BSides Melbourne 2022.
The following is an account of events from one of our Analysts, Vishaka.
Day 1
The conference started with Joff Thyer’s keynote presentation that told of his inspirational journey in Information Security. He highlighted the key skills and qualities for a successful 21st-century career with my main takeaways from his speech being:
- If you make a mistake, do not walk away from it but take the owners of it and learn from it.
- Learn a programming language (he specifically mentioned Python)
Afterwards, Mike Pritchard and Shanna Daly showcased how the craft of traditional espionage maps to the modern cyber world. Mike who is a passionate collector of historical espionage presented his extensive collection of spy gadgets – I found this to be super cool!
I then made my way to a presentation about the data leak published on Twitter about the Conti ransomware gang that uses Ransomware as Service (RaaS). The presentation by Thomas Roccia, a Senior Security Researcher at Microsoft, highlighted how the leaked chat logs revealed private discussions between Conti members and how the data provided a unique insight into the inner workings of the group.
I next ventured to Data, Demogorgons and the Upside-down world… and a Battleforce Angel by Tara Dharnikota which discussed data breaches and data thefts. Specifically, how it gets sold and distributed on darknet forums and marketplaces. Tara also emphasized the power of OSINT and how it can be used for the good.
One of my favourites of the day was the talk by Jo, “How to (almost) get a DEFCON black badge”. She is the runner-up of The DefCon Social Engineering CTF (SECTF) competition and shared her experience at the 2019 SECTF in the battle for the DefCon Black badge.
The last talker of the day was Emerald Sage who spoke about APT Catfishing and demonstrated how Open Source Intelligence tools and techniques can reconstruct the APT actor playbook for engineering and executing catfishing facilitated attacks.
Day 2
Laura Bell kicked off the second day with a talk that demonstrated how proximity affects human behaviour, and how we as a cyber security community can embrace this knowledge to secure an entire country.
My quest for knowledge and insight delivered me to “The Socio-Economic Impact of Women in Tech” by Kathy Robins. In this fascinating talk, she discussed the lack of female participation in the technical fields within the cyber security sector and STEM and how it creates a ripple effect throughout the development of technologies, systems and services.