BSides Cybersecurity Conference

Introduction

Between the 9th of April & the 11th of April, I along with a bunch of my friends attended BSides, an international cybersecurity conference exploring and discussing multiple new cybersecurity topics & trends. Through this conference, I networked & explored many upcoming cybersecurity trends as well as concepts with both beginners and experts alike. This was the first conference I've personally attended, and whilst it was a bit restrictive due to COVID, it was still a blast and I can't wait to attend BSides again next year.

Over this brief 3 day event myself as well as my colleagues covered and explored several different talks and participated in several different events including but not limited to; a CTF, an incident response challenge, a pseudo-lockpicking village event as well some other shenanigans throughout the week.

Day 1

Our first day of BSides mainly consisted of traveling to the venue itself. We left for BSides on Thursday the day prior to the event and spent most of our day driving there. The trip from Sydney to Canberra was about a 4-5 hour trip (with breaks) and whilst it was quite a long and exhausting trip, we managed to survive somehow and spent the rest of the day exploring around Canberra as well as our accommodations. We also spent this downtime preparing for our next two days ahead at BSides.

Albeit not fun, the majority of this afternoon was spent cramming out assessment tasks that were due the following week. Whilst it wasn't enjoyable, this was something we couldn't spend time procrastinating on any longer so we aimed to finish it off as soon as possible, whilst we still had energy.

After finishing our assessments off, we winded down the day by relaxing at our hotels' hot tub & sauna. Whilst the hot tub was very relaxing, our experience with the sauna was not so.

Due to no one else's fault but our own, before entering the sauna we may or may not have forgotten to rinse ourselves down from the pool, which may of ended with us accidentally gassing ourselves by creating chlorine gas.

Day 2

Compared to the accidental gassing on day 1. Day 2 proceeded much more smoothly. We arrived at the BSides convention center at around 9 am, a little hungover from the previous day. We quickly got our badges and related paraphernalia and got to work. We had a tour around the venue, finding where the convention centers, events, and merchandise was and then met up with some of our friends from UTS & UNSW the Cybersecurity Society & Security Society respectively.

After a quick meet-up, chat, and a couple of photos we decided to attend some of the conferences and talks. We listened to the Key Note ceremony by Mike Burgess, the Director-General of the ASIO then attended some of the talks. I personally listened to a talk describing the reality of fraud victimization by Dr. Cassandra Cross and then went over to the Incident response workshop to try my hand at some mock scenarios.

After a couple of hours of doing our own thing, we all came back together again to work on our main goal of the event. The CTF. Whilst I've done my fair share of CTFs over this semester and year overall, this CTF blew me out of the water completely. Whilst most of the ones I've done were relatively easy or at least somewhat guided, the ones at BSides were anything but. These CTF challenges were almost all multi-stage challenges with little to no tips. Even with several of us working on them together, we struggled to solve only but a few of them. We ended our night by doing this for a couple of hours, before trying our hands at the sauna again, this time without gassing ourselves.

Day 3

We took the convention a bit slower on the 3rd day. We attended the "Intelligence Application Security" keynote by Cristinia Cifuentes as well as the "Electronic Hardware Design" talk by Josh Johnson. The rest of the day we spent working on the CTF, mainly the badge CTF. We got a couple of flags here and there, but all of it was very foreign to us. This was the first time any of us had done a badge/hardware CTF before so a lot of our time was spent researching and a few of our badges may or may not have accidentally gotten bricked along the day.

We also spent this afternoon lockpicking! Whilst the lockpicking village was closed due to COVID, that didn't stop us from getting our lockpicking fix. We went over to JayCar and purchased a couple of the sets. With a couple of lockpicking kits, a few locks and a few youtube tutorials on our side, we learned how to lockpick. Whilst it was initially hard, even on transparent locks, we somehow figured it out, and it eventually just "clicked". After that we spent the rest of the afternoon doing speed lockpicking runs, trying to get several down in under a minute or two.

Conclusion

Overall this convention was a blast, I had great fun, meeting both new and old friends and colleagues alike as well as learning more about cybersecurity, a topic many junior and even senior software developers overlook or under-consider when building their apps. Through learning more about cybersecurity from attending more of these events, where unique and uncommon attack vectors are shown with ways also explored of how to prevent these. I personally believe we all stand to benefit from this not just from the tech community but society as a whole. Many developers focus too much on efficiency or scalability with little to no regard for security, one of if not the most important pillars of trust in the software we design.