On Tuesday November 21st I had the opportunity to speak at the first annual BSides at Fredericton NB. BSides is a annual Cybersecurity conference, this particular one was run by Curtis Slade, an employee at Bulletproof aka the company that is doing the virtual Co-op. This event had multiple speakers from many companies, all with the goal of sharing the latest In Cybersecurity. In my case I was sharing educational experiences in cybersecurity.
Because this event was far away from where I live Mr. Kelly and I drove in the night before, and got a hotel. We had some pizza, ran over my presentation once or twice, but the best part of the evening was when we went down to the ballroom that BSides was held in and had the opportunity to meet Curtis Slade and Peter MacPherson. Peter MacPherson is the director of the security operations centre (SOC) at Bulletproof. Meeting him was amazing, he spoke about his different experiences, his hobbies relating to cybersecurity, and some of his tech. Hearing him talk about his experiences really energized me and it was inspiring me to try out some hacking.
The next day was BSides. I went down in the morning before Mr. Kelly, I found this frightening as I didn't know anyone there, I was the youngest person there and I have no real experience in cybersecurity. I had no idea how to talk to the people and I was really under dressed. I showed up wearing a Black T-Shirt and jeans and the room I walked into was full of men in suits and ties. I learned later that the way someone dresses doesn't necessarily represent the role they play in an organization.
After what felt like forever the Opening remarks started, then it was time for the speakers. First up was Rick Roulette, to be honest i don't overly remember what he was talking about, I was pretty nervous as I was scheduled after him. Once he was done I was up, I was pretty nervous. Of the 20 minutes i had available to me I probably only spent ten.
Next up was Peter Morin, and his presentation was about honey pots. Honey pots are essentially fake servers you mix in with your real ones, but they are left vulnerable. They are used to lure a malicious hacker in. They help alert the security team of their presence and will allow the security team to watch to see how they are attacking. This information can then be used to further security in the other servers. It's like having a second house meant for someone to break into so you know there's a bugler, and you can figure out the best way to prevent them from entering your real house.
. After Peter there was a lunch, It was soup and sandwiches, with cakes for dessert, however the bonding with the people there was much more valuable than the food. I got to meet more people in the cybersecurity profession, and grow my knowledge. After lunch they started to pull for prizes, there was Penetration testing tools made by hak5, and a few Raspberry Pi's, and a drone. I think there was more but I wasn't around for when they got drawn. I never actually won anything, but Mr.Kelly did, he won a Bash Bunny (more info here -www.hak5.org/gear/bash-bunny- ). Before I left we also listened to Sylvain Dumas, he spoke about machine learning, but we didn't have time to listen to the last one, and went home instead. It was a great experience, and if you are into cyber security I definitely recommend Bsides.
Last Friday, November 3 The Cyber Patriot team had its first round in the Cyber Patriot X Challenge as part of Cyber Titan. For those of you who don't know, the Cyber Patriot Challenge is a competition where teams of students are given badly corrupted operating systems and it is their job to correct them. Teams are made of up of 4 students and a coach. To actually do the competition, we use virtual machines, which allow you to essentially run a second computer from your regular desktop, We were using a software called VMware. Once the virtual machine is opened the clock starts ticking and you have to find as many security issues as you can in 6 hours. A simple Read Me file guides your team through the overall problem but rarely helps locate the specific corruptions. Forensics questions are also embedded making this more than a scavenger hunt.
The timer started at 9 am EST; we had to wait until 10am due to our Atlantic Time Zone. This was actually helpful as it gave us time to prepare for what was to come. Ten o'clock hit and we got the email giving us our passwords and any other tools we needed before starting. First we booted up the Linux image, then the Windows 7. We had one team member in charge of Linux, 2 in charge of Windows, and I worked on the Cisco Networking part of the challenge.
It started off quite well, Windows and Linux were getting points left and right, changing passwords, weeding out unwanted users, checking for updates, and much more. While overseeing those systems, my additional task was to do a quiz on networking. I had about two days experience before hand so most of the test was answered based on life experience and my current understandings. I finished with a score of 39.15 out of 50 and earned my team 20.5 out of the 22 points for Cisco Networking.
We worked until lunch, when our coach did something amazing, and showed up with pizza. In my opinion there is nothing better than pizza after a long time working. After pizza we got back to it. After you find the initial issues it gets more difficult to find the well hidden problems. As a team we fought hard and finished with about 150pts of the possible 220 in round 1. Round two happens December 8th!