Automate the pain

Wrap Up: BSides Charm 2019 Edition

Monday, April 29 2019

This weekend marks another BSides complete and the post-con recharging takes place. It’s always a huge effort leading up to these types of conferences and isn’t possible without its organizing committee. I’ll recap my weekend as both an attendee and volunteer. We got up at 4:30 Saturday morning and made it to the conference hotel by 6:30 to start the day. We left the party around 11:30 to get to our room and oh MY GODS DID I SLEEP SOOOO WELL.

Volunteer

Volunteering is a large part of what makes any conference successful. While the organizers manage the lead time and all its requirements, the volunteers contribute in ways that bring life, enjoyment, as well as order to the chaos of an intentionally mischievous crowd. On top of that, there’s never enough volunteers. And that usually shows during set up and the horde waiting to go through registration. This year set up finished after 2AM and people getting to bed by 3AM only to be up between 6:30 and 7:30AM to complete last minute set up, run tests, and get ready for a full weekend.

Becoming a volunteer is usually very simple. We check Twitter for the announcement request from the @BSides-whatever Twitter account, or receive the email for returning to volunteer, sign up at the given link, and attend the schedules calls. The calls are important because the people that don’t attend the calls don’t volunteer. The organizers are usually managers in their day job, so not showing up means you’re not hired to do the job. The calls are usually less than an hour and run over the various roles, their responsibilities, and any wrap up questions.

My experience at BSidesCharm 2019 was a ton of fun, as usual. Usually I’m leading security for my area or roaming around (which my back is thankful for) but this time I was rescheduled on-the-fly to help manage the recording. We were around ~15 volunteers short. Nowhere near as stressful as BSidesDC, but I’ll get to later (no I won’t). Recording was a lot easier than I initially anticipated. irongeek has a well-tuned, solid process keeping it simple. We had some issues earlier on due to a splitter, but other than that everything went very smoothly. At this point I have developed a level of trust from various organizing committess where I just get assigned roles and shifts without having to do much outside of responding to the volunteer email. Needless to say, I’m wiped.

Villages

At these conferences I usually spend most of my time in TOOOL but this time I captured all your datas in the Wireless Village. It’s my first ever competitive CTF at a conference and it was a lot of fun. Wasabi has spent the past year recording wireless CTF preparation videos on his YouTube page so I had knowledge of what to do and what gear to bring going into this. Being a volunteer I was able to pull my executive authority card and go in hours before the attendees to claim a table and set up early. As soon as the networks were up I began capturing for all the hours during my shifts. The wireless team members are all experts in their domain and have this weirdly awesome cognitive ability of helping teach you how to do things without actually telling you how to do things. Every time I’ve seen them I do food runs for the team or just Wasabi if he’s dying of hunger. They really don’t get a break at all. They’re seriously awesome.

I stopped by the other villages, such as the Internet of Things Village and GRIMM’s Howdy Neighbor where they essentially recreated a mini-home of smart things to attack, from a coffee maker to toaster to probably your regular infrastructure. One of the participants gained access to the CTF’s Twitter account, which was a rabbit hole, but it was cool. Protect your privates, folks.

LOOK AT THE MINI SMART HOME IN ALL ITS GLORY!

I didn’t spend much time in the other villages outside of saying hello to old and new people and asking how they were enjoying the conference.

Sponsors

Sponsors basically pay for everything to happen so if you don’t go talk and let them know you appreciate them then you’re just a jerk. A big jerk. Plus, they have swag. Swag that is so cool and practical and then swag that has absolutely no business ever being a swag and you just wonder what were they thinking. The vendors also bring not just marketing folks with a technical engineer but also recruiters for the people looking to be hired. There’s also now Hiring Villages or networking socials at these conferences so that a thing as well. I usually go to the sponsor tables that aren’t swarmed with people and just ask how they’re doing, if they’ve acquired good leads, and if they need anything like coffee or a snack. I usually end up as the technical engineer (or booth babe) at my employer-sponsored events and it’s not easy. They need breaks like everybody else. I learned this the hard way at the Univeristy of Maryland’s Computer Science Hiring one year and all the undergrads were smarter than me and I just wanted to find a corner to lay down in.

Summary: visit the sponsors, you jerks.

Dinner & Party

Groups of people will go to Twitter to coordinate large groups of who is going to eat where. This happens for lunch and dinners. I wanted to know what’s good for dinner because I didn’t get lunch, so I went to Bryson Bort of GRIMM/Scythe running a CTF to start planning. We ended up grabbing a group of 20+ hackers (policy, risk management, red/blue team, managers, etc) and eating an ocean’s worth of sushi.

Want some peanut butter with your JEALOUS?!

I later figured out that we overtook a Women in Tech planned dinner. We had most of the would-be attendence at our impromtu dinner. I was upset about that. I know it’s not easy combating the constant barrage of dudes and then the good ole boys club. Other than that the evening turned out to be great. I ate until I couldn’t. There were four of those circle things and then three boats of sashimi. Don’t ask about the bill.

We went back to the conference and straight into the party where Inverse Phase kicked off his chiptunes set. He’s a rad artist and a super nice and kind individual. I met him at BSidesCharm 2018 and we’ve kept up since. Plus, he is recognized by his work from Trent Reznor making him officially cooler than us.

I didn’t hang out much in the pary room much. Just went to see who was there, where we all eventually grouped outside the party and conference area. Jeff Man was treated to cigars that lowered his age by 52 years. Happy guy, and shared with those that appreciate a FINE CIGAH. It was a fairly calm and welcomed evening for day one.

Stop now - stay alive for your close family and friends.

Wrap Up

The second day, Sunday, was tame compared to Saturday (as it usually is). We arrived before 8AM to set up our gear in Wireless Village to capture the initial handshakes from set up and the competitors coming back in. ALL YOUR HANDSHAKES ARE BELONG TO US. Except, I learned more about what I wasn’t doing correctly as I didn’t have any handshakes after hour’s worth of another recording shift. At the end of the village I left knowing what research I needed to look at and practice that I need to work on. I can set up a portable lab so I can work on this outside of the village. Lessons learned.

Since I was recording most talks I actually attended talks where I don’t go to them ever. I can’t sit still. Matt Blaze’s Saturday keynote was especially interesting to note as he talked about the evolution of security research to election security. He described the reasons that make us all scientists and citizen hackers. Thanks dude, because I’ve always wanted to be a research scientist. Hashtag failed degree.

I was fortunate to have been recording all the career and education talks. I learned quite a bit from there. More than that, I was thrilled to learn about all the education and opportunities that are available to students of various ages. irongeek has all of the recordings available on his site where they can be viewed. I recommend Ashley Benitez Smith’s I’ll Complete My Threat Model Later Mom!: Infosec in Middle School and the two talks captured in the career’s track. As troubleshooting technology is becoming diminished with availablility of just having answers, these education opportunities and career advice help us in the way that we can mentor the next generation and waves of juniors or mid-levels entering the professional environments.

That’s what there is to it. These conferences are the way we can give back to the community. They’re not your typical business networking conference and shouldn’t be treated as such. It’s all about helping one another and especially those that need it the most.