I recently attended #BSidesDFW2012 this past Saturday. A great time was had by all. There was hacking. There was a lock pick village. There was beer. There were two CTFs. This was my first BSides. But I would gladly attend another. Below are some of the highlights.
- Anti-Anti-Forensics – David Cowen: This talk focused on David’s tool ANJP (Advanced NTFS Journal Parser). ANJP allows you to parse the NTFS journal out to a CSV file. It contains all actions performed on the NTFS file system (creations, deletions, metadata changes, etc.). So if someone deletes files and wipes them with a utility like BCWipe (thus making the files unrecoverable), you can parse out the NTFS Journal and find out what was deleted. A really great talk and a very cool utility. Slides from the presentation are at his blog:
- ASEF (Android Security Evaluation Framework) – Parth Patel: Parth explains how to use the Android Security Evaluation Framework (ASEF) to determine what Android apps are actually doing. This looks like a really interesting tool. It’s on Google Code. This looks like something that could be folded into an MDM solution or placed along side one. At the very least, it would be interesting to know what data is being exposed by apps users are installing on their Android devices.
- Sniper Forensics Toolkit – Michael Gough: I got a chance to speak with Michael about their approach to finding malware. Their tool facilitates the white listing of known-good files on a system. As you build your white list of “known good” things, it becomes easier and faster to spot bad and malicious files and services. They are kind of in a “beta” mode right now. The tool is available on request. I can’t wait to get it. They claim to have had good success using it in large environments, so my hope is that it can useful to me as well.
The two CTFs they ran were interesting. There was a traditional CTF in one of the rooms where people were using computers to hack into other computers. Then there was what they called the social engineering CTF. What that entailed was finding other people at the event who had badges with QR codes on them. You scanned the QR codes and then had to figure out what to do with the information. One guy solved it within a few hours, but it was still a fun exercise.
And, of course, there was the beer. At lunch they had 2 beers from local brewer Franconia out of McKinney, TX. Both the Dunkle and the Koelsch were very good. I think I preferred the Koelsch and it’s light biscuit dough quality. Very refreshing. Nothing like drinking a good beer and listening to security presentations.
Overall, BSides was a great experience. I can’t wait to attend the next one.