Today I’m visiting Cybercrime Security Forum 2009 with Andy Malone. I found an agenda in english here, but it does not correspond 100% to the swedish one that I’ve got.
Looking forward to two days of hopefully new knowledge or new point of views…
“All in all”-recap
I had the wrong expectations going into this event, thinking it would be more hands on, real world tests, active examples of tool usage etc. There was some, but not of the sort I expected. That dropped me a bit the first day and made me a bit unhappy.
However, the second day remedied almost all of the problems I had with the first one. For example the issue of legislative questions was cleared up, and all other questions of scope was handled. This was good for me as I could switch my brain from hackermode to managementmode, which was the state I should have been in from the beginning in order to gain as much as possible from the sessions.
It is also important to recognize the value of the information provided. Not many people bring the traditional issues up on the table anymore, just because they’re not hot anymore. You usually get stuffed with SQL injections, XSS, CSRF and other “web 2.0″ hax at a lot of seminars, but those are really very secondary to a Cisco router with an open SNMP implementation.
This situation makes it harder for people new to the securityworld (managers dropped into a security role for example) to get hold of the basics, and seminars like these are the ones that get them up to speed.
William Matthey had a slide showing all the layers and possible attack vectors in all of them that illustrated this quite clearly.
When summarizing the event for myself, I’m not regretting my attendance. I am however, regretting the mode I was in entering the event. It covers the whole big picture, and some finer details, but it’s not a hands on hacking event.
UPDATE (after day one):
Actually a bit dissapointed so far. 50% of the lectures have been good and 50% not good at all. Some things are presented as facts even though there aren’t any and it feels a bit like fearmongering.
For example, one fact presented was that it would be against the law (as in legislation) for us in Europe to store data on US-owned computersystems… emmm.. goodbye globalization? Goodbye SalesForce? Goodbye Google? It just doesn’t feel right hearing this from people sitting on more certifications than I can memorize… I might have misunderstood so if any of the lecturers would like to comment on that statement it would be nice.
Some of the time the networking details and hacking methods also feel a little bit outdated. I expected to learn something new, but it aint happening. I’m guessing you have to adapt to a varying level of expertise in the audience, but come on… I want SQL Injections, mapping of botnets, details of current threats etc… Not references to Netbus (plz, if removing or replacing something, remove that one!).
I get very frustrated when things turn this way as it clouds out all the good things that’s being delivered.
Andy Malone is a very good presenter though, even when his Microsoft MVP status shines through from time to time, and I appreciate his presentation style. Clear and to the point.
I enjoyed Andy M’s physical hacking info the most, as that’s where I have the least experience. Not very often you break into buildings, hehe… but more seriously that might come in handy if doing bigger audits in the future.
During the seminars he also had some illustrative video clips that broke off the “Death by Powerpoint”-syndrome. I’m probably going to “steal” that trick for some of my future seminars.
As all nerds/semi-nerds I also appreciated the wide array of gadgets he seems to carry 
I mean, a camera pen, what’s not to love about it?
Hoping for a day 2 with less to whine about
UPDATE (day 2 in progress):
This day has started out better with a great seminar by Andy Malone called “Defense against the dark arts!”. He passed over some physical security stuff, IDS’s, IPS’s and HIPS’s and other local and remote protection mechanisms and tools. This too felt a little MS-ified at times, but the overall level of the information was good.
[...]
All other sessions was good, and William Matthey had one called “The invisible network” about wireless networks and their inherent vulnerabilities. Actually made me a bit uncomfortable as I remembered an old firewall rule I’ve left in a place it shouldn’t have been. Fixed now though, hehe.
The afternoon session with Andy Malone was also interesting and he touched on many subjects. Among them the CIA triad (what it is, how to use and look at it) and tools that can be used to help secure your environment. The one that was the most interesting and new for me was the latest version of MSAT (version 4.x), that helps you to assess your overall risk exposure. Might not sound very interesting to some, but I’m going to do a testrun first thing tomorrow morning in our test environment.
