BSides Lancashire In A Nutshell
Alsa Tibbit
??Cyber Security & AI Researcher ??? | Driving Innovation in APT Detection with eXplainable AI ?? | Engaged with Arm's Mojo Project
Holly-Grace Williams graced the stage as the keynote speaker and enlightened the audience about the limitations of artificial intelligence (AI) in replacing the creativity of humans. Instead, she shone a light on how AI can be utilized to enhance abnormality detection and tooling enhancement, amplifying its value as an effective tool in the cybersecurity arsenal.
One of the most valuable insights Holly shared was that the attack chain is not a single event, and ransomware is not a single event. She underscored the role of the human element in driving most cyber breaches and revealed how attackers can still breach systems using simple passwords like "admin admin."
Holly also delved into the immense potential of AI and machine learning (ML) to bolster defensive and offensive teams. She explained how ML can accelerate attack and defensive measures but cautioned that we should not rush to replace human security testing teams. Instead, she encouraged us to harness ML in solving problems where it is most effective in improving automation.
Overall, Holly's talk was a captivating and inspiring experience that left the audience with a sense of empowerment. She implored us to tackle intriguing problems while automating mundane tasks, thereby enhancing our cybersecurity defenses and safeguarding our systems and data.
Ric drawed took us into his world of expertise on the current state of OT cyber attacks. He began by shining a light on the disconcerting trend of cyber attackers deliberately targeting OT systems. He emphasized the continued relevance of Stuxnet, and the severity of the potential harm that can be inflicted upon OT systems.
Ric's explanation of how OT environments can be targeted by malware attacks was nothing short of intriguing, as he delved deep into the anatomy of an OT organization. He described how OT systems are unique in their design and function, with their critical role in maintaining the functionality of various industries. Yet, he noted, this criticality also makes them highly vulnerable to cyberattacks.
While he briefly touched on the dilemma of OT attacks, he offered a plausible explanation as to why such attacks may not be getting reported as frequently as they occur. He postulated that the lack of reporting could be attributed to the complexity of OT environments and the need for specialized knowledge to recognize and respond to OT attacks.
As his talk to a close, he emphasized the rise of OT-specific malware and attack frameworks, highlighting the need for heightened vigilance in protecting these vital systems. His insights were invaluable in illuminating the reality of the threats facing OT environments today, and the need for organizations to stay informed and prepared to defend against cyberattacks.
Gerald Benischke's talk on the severity of denial of service (DOS) attacks was nothing short of eye-opening. He stressed the importance of examining content types and curating all vulnerabilities in order to better prepare against potential DOS attacks.
Gerald emphasized the critical role of observability in detecting and responding to DOS attacks. He underlined the need for layered defenses to safeguard against the various types of DOS attacks that can be launched against an organization.
While discussing the different defense mechanisms against DOS attacks, Gerald made it clear that a web application firewall (WAF) cannot be the sole solution. He explained that while a WAF can provide some level of protection, it is not a cure-all tool for preventing DOS attacks.
Gerald's insights were invaluable in highlighting the severity of DOS attacks and the need for organizations to adopt a multifaceted approach to defending against them. His talk was a stark reminder that vigilance and preparedness are key in the fight against cyber threats.
Glenn Pegden his talk was on traditional vulnerability management.He delved into the process of buying tools to scan all systems and then patching them. He underscored that the true secret sauce lies in reporting.
He emphasized the importance of prioritizing critical vulnerabilities, followed by high and moderate ones, and setting achievable targets. He highlighted that the days of accepting risk on vulnerabilities are over, and that we should focus on risk rescore instead.
He encouraged the audience to focus on reporting the right behavior rather than simply presenting numbers that look good. He urged teams to record the reasons for persistent SLA failures, in order to acknowledge the risks without absolving them of responsibility for the vulnerabilities.
His insights were invaluable in driving home the importance of vulnerability management and reporting. His talk served as a reminder that the true value of vulnerability management lies not in scanning and patching alone, but in the meticulous reporting and risk rescore that accompanies it.
With the continuous advancement of AI technology, Leum Dunn and Dan Cannon talked about why there are concerns about whether increasingly sophisticated AI will eventually replace information security personnel. As AI becomes more capable of performing complex tasks, it's reasonable to question whether human professionals in this field will be able to keep up.
However, while discussing the potential for AI to replace human professionals, it's also essential to consider the impact on other professions, such as artists. How will AI affect the creative output of artists, and will there be a negative impact on their livelihoods? It's essential to be mindful of the broader implications of AI development beyond just the field of information security.
Furthermore, AI raises ethical concerns that must be addressed, particularly in digital art. As AI becomes increasingly advanced, it has the potential to create digital art that's indistinguishable from work created by human artists. This raises questions about the ownership of AI-generated art and whether it should be treated the same way as human-generated art.
Dan Oates-Lee mentioned that adept aims to build AI to automate any software process. While this kind of technology can streamline operations and improve efficiency, it's essential to consider the potential implications on human jobs and the broader social and economic impacts.
As AI develops, it's essential to consider the broader implications on various professions and the ethical implications that must be addressed. While AI has the potential to revolutionize specific fields and improve efficiency, it's essential to ensure that the technology is developed and implemented responsibly.
When it comes to defending against cyber threats, there are a variety of measures that can be taken. One crucial step is to conduct periodic audits and maintain DNS hygiene. This involves regularly reviewing and updating the DNS configuration to ensure it's secure and up-to-date. By keeping DNS records accurate and free of outdated or unnecessary entries, it's possible to minimize the risk of cyber attacks that can exploit vulnerabilities in the DNS.
Another critical step in defending against cyber threats is to implement bug bounty programs. These programs offer rewards to individuals or organizations who identify and report security vulnerabilities in a system. By incentivizing people to report potential issues, it's possible to identify and address vulnerabilities before malicious actors can exploit them.
In addition to bug bounty programs, extending pen testing scopes is important. This involves conducting more thorough pen testing to identify potential vulnerabilities in a system. By conducting extensive pen testing, it's possible to identify even the most subtle vulnerabilities that might otherwise go unnoticed.
Other tools, such as IaC-Terraform and dnsReaper, can also be helpful in defending against cyber threats. IaC-Terraform is a tool that allows for the automated deployment and management of infrastructure as code. This helps ensure that infrastructure is deployed securely and consistently. dnsReaper is a tool that tests all domains using nearly 60 signatures and pattern matches. This can help to identify potential vulnerabilities in the DNS that attackers may exploit.
领英推荐
During a presentation, the speaker mentioned several use cases for these measures. For example, auditing DNS configurations can help to identify and prevent potential vulnerabilities, while scanning for bounties can help to avoid bad deployments. The speaker also discussed various tools to aid this process, such as PWNSpoof, SMBeagle, and SecretMagple.
By implementing these measures and utilizing relevant tools, it's possible to enhance the overall security of a system and prevent potential threats from being realized. Cyber security is an ongoing process that requires vigilance and constant attention, but by taking these steps and staying up-to-date on the latest security trends and technologies, it's possible to minimize the risk of cyber-attacks and protect sensitive information.
?
During a presentation, the Dan provided a brief overview of the history of AI and explained some of the different types of AI that exist today. These included reactive AI, limited memory AI, theory of mind AI, and self-aware AI. Each of these types of AI has different capabilities and limitations, ranging from basic reactive responses to more advanced forms of reasoning and decision-making.
The speaker also discussed some of the pros and cons of using AI. On the positive side, AI can provide customisation, stability, speed, and availability. However, there are also potential downsides, such as limited understanding, lack of creativity, bias, and data security issues.
To illustrate some practical applications of AI, the speaker ran a questionnaire asking what types of tools should be created today. The audience suggested tools such as PCAP analysis, network enumeration, and exfiltration. The speaker then demonstrated the use of ChatGPT and developed an exfiltration tool using AI.
Finally, the speaker discussed some potential future uses of AI. One example mentioned was the use of AI to help with data security, particularly in the area of threat detection and response. AI can help to analyze large amounts of data and identify potential security threats more quickly and accurately than humans alone.
Overall, the presentation highlighted the potential benefits and challenges of using AI, as well as some practical applications of AI in areas such as data security. As AI continues to develop and become more advanced, it's important to consider both the benefits and risks of this technology and use it in a responsible and ethical manner.
Chris Roberts discussed the topic of "Welcome to the Dark Side." During his presentation, he discussed the importance of having a strong security posture, integrating your team, and digital cyber-surveillance. He emphasized that although many organizations pass audits, conduct awareness training, use SSL encryption, SFTP, and have good security personnel, the reality often differs from what we think.
Roberts shared some startling statistics with the audience. For example, the global average time to identify a data breach is 197 days, while the mean time to recover from a data breach is around 70 days. In the past 12 months, 83% of organizations were targeted by phishing attacks. Furthermore, 75% of companies have reported that a data breach caused a material disruption to their business processes. The global average cost of a breach is around?$4 million; on average, we are losing 22.5 million records daily. Shockingly, statistically, organizations now have a 33% chance of being breached in the next 24 months, and the US remains the most popular target, accounting for 57% of breaches and 97% of data stolen.
Moreover, Roberts highlighted that 77% of organizations need an incident response plan. He also discussed adversarial machine learning, called "pigs that can fly." He criticized cybersecurity companies that sell tools as 100% secure and encouraged them to stop lying about their guarantees. Roberts also referenced a quote from the Dalai Lama: "When you talk, you are only repeating what you already know. But if you listen, you may learn something new."
Roberts discussed the reality of cyber threats and how easily hackers can obtain sensitive information. For instance, it only takes one minute to convince someone to hand over their email address, one free offer to get their phone number, and one clicks to get them to open a malicious email. He explained how cybercriminals could connect to Bluetooth or wireless networks, guess passwords, and gain access to unattended electronics or social media networks. Despite the severity of these threats, it takes organizations between seven to twenty times to get through to their employees about cybersecurity awareness.
Roberts emphasized the importance of communication, cooperation, coordination, and collaboration in cybersecurity efforts. He encouraged organizations to take the time to exchange ideas, have independent goals to share data, work together towards a common goal, and understand each other's perspectives.
In his closing remarks, Roberts focused on understanding assets, locations, access control, and purpose. He emphasized that organizations must know what they have, and which assets are critical to their operations. He also pointed out that organizations need to be prepared for a breach and asked, "When, not if?"
?
During the panel discussion on "Skills Gap and What We Need to Unlearn if You Want to Break into Cyber Security," the audience raised questions about the current job requirements and how to overcome the skills gap in the field. The panellists, Ryan Brady of BAE, Nick Prescott of Nettitude, and Dr. Andrea Cullen of Capslock, shared their expertise and insights on the topic.
One of the critical areas of discussion was what a CV should look like when applying for a cybersecurity job. The panellists emphasized the importance of highlighting relevant skills and experience, including soft skills such as communication, teamwork, and problem-solving. They also advised against padding a CV with irrelevant information and urged candidates to focus on their unique strengths and accomplishments.
The panellists also discussed the skills gap in the cybersecurity field and how it can be addressed. They suggested that individuals interested in a career in cybersecurity should focus on developing core skills, such as networking, operating systems, and programming. They also highlighted the importance of having a strong foundation in the basics of cybersecurity, including risk management, compliance, and incident response.
In addition to technical skills, the panellists emphasized the need for soft skills in the cybersecurity industry. They discussed how the ability to communicate effectively, work in a team, and problem-solve could be just as important as technical proficiency.
Throughout the discussion, the panellists reiterated the importance of continuous learning and professional development in cybersecurity. They suggested that individuals should seek mentorship, attend industry events and conferences, and pursue certifications to stay up-to-date with the latest industry trends and technologies.
Overall, the panel discussion provided valuable insights into the skills gap in the cybersecurity field and what individuals can do to overcome it. The panellists' expertise and advice on CV building, core technical and soft skills, and continuous learning can be valuable resources for those seeking to break into the cybersecurity industry.
?
The event was an insightful and engaging experience, featuring knowledgeable speakers who shared valuable insights on various topics. One of the key themes that emerged throughout the event was the growing significance of AI in the cybersecurity landscape. Attendees were interested in exploring how to harness the potential of AI while being mindful of ethical considerations.
The event also highlighted the importance of expanding our knowledge in different areas of cybersecurity, such as operational technology (OT) and ethical hacking. Attendees learned about other practices and approaches to cybersecurity and were encouraged to apply these insights to their work.
The event provided a valuable networking opportunity, allowing attendees to connect with like-minded professionals and discuss cybersecurity issues with experts in the field. The evening party at the end of the event was a bonus, providing a fun and relaxed atmosphere for attendees to socialize and network.
Overall, the event was well-organized and well-executed, thanks to the hard work and dedication of the event team and the participation of excellent speakers. The insights gained from the event will undoubtedly prove valuable to attendees as they continue to navigate the evolving cybersecurity landscape.
Front-End l Infraestrutura | Cybersecurity | Redes |
1 年Quero ser dev
Cyber Consultant @ Capgemini | CIAM | CIMP | CIGE | CAMS
1 年Excellent write up, Alsa ??
Head of Strategic Solutions aka Magical Genie Person for th4ts3cur1ty.company & PocketSIEM / Head of Mentoring for Capslock / Co-Founder BSides Lancashire / Director BSides Leeds, Manchester 2600 Co-Organiser
1 年Thank you for your kind words Alsa - I'm glad you enjoyed it!
?? Entrepreneur | ??? Specialist Cybersecurity Technical & Sales Recruitment | ?? Founder at NQB Cybersecurity Solutions | GRC Specialists
1 年Hope you feeling better now Alsa!
Head of Sales - The SecOps Group | Co-Founder - @BSidesLanc | Co-Founder - Cyber House Party | Co-Founder - Respect in Security | Cyber Security Assessments | Attack Surface / Vulnerability Management | Passwordless Auth
1 年Love this Alsa Tibbit and thank you the kind words! That is some write up, so elequent and articulate - my god, you must have been paying attention ?? Rosie Anderson, sign her up, Rosie, Rosie sign her up!