BSides RDU Live Stream 2024

good morning all right we're going to get going here in just a couple minutes uh we're still settling in with the AV and Tech stuff and I know people are still funneling in

all right awesome thank you should be fairly easy

yep for

all right welcome to uh besides RDU Friday the 13th 2024 on this month of SE member uh first off thanks for uh coming out here today um real quick uh just so everybody's aware this will also be on the slides today Inc State at a random time will be doing a shelter and place drill um some uh staff members will be coming into all of the rooms um you just won't be able to leave that room for about 10 minutes but beyond that everything should resume as Norm normal if you do have questions the NC State uh staff will be in here and you are free to ask them but I don't want anybody to get super scared uh or

freak out but there is a drill happening today that we were unaware of uh until recently so welcome to uh Friday the 13th let the games begin all right so real quick this is our uh our official logo this year and and um we actually have a t-shirt fundraiser as you notice most t-shirts we don't have T-shirts here it can be a real logistical nightmare trying to figure out how many shirts we need and stuff like that and as most of you guys know you buy your tickets in the last week and it takes longer for us to actually get those here so it's a lot of guesstimates that happen so instead of doing that we figured we would do this

fundraiser type uh deal which we're not making much money off of it's just providing you guys the shirts if you're interested in buying them but the nice thing about it is they will be shipped directly to you after the conference um there's a little learning curve with that so next year we hope to um see about maybe having a couple of them some that will be shipped so you can wear them at the conference and then those that want to buy them here they can have them shipped to their house after so we'll figure that out for next year um the other thing that I want to mention is that those that have already bought

into the fundraiser um we got an email yesterday that um the printing company didn't really like this logo and in order for them to actually print this how it is uh we would need to get approval from the the artist uh and the the film company uh which we probably aren't going to do so one of the things we're thinking about doing even though this is a completely AI generated mask uh is taking the Friday the 13th and maybe doing that in some kind of hash or something so it says the same thing but without it being Friday the 13th so um we also thought about maybe putting the 2024 on there or something I don't know

but it's going to be very similar to this but without a bunch of things but mostly the participation of bides thank you guys for being out here today um get involved participate in the conversations that are happening around you again we want to thank all of our sponsors um we have a list of sponsors here who have been instrumental in making bides happen so again uh for next year if if you work for a company that can sponsor us please reach out we would we would love to have a conversation um our community is also made up of several awesome organizations we have uh CSA triangle Alliance uh DC 919 Raleigh Isa uh the 2600 Group Oak

City Lockport who's running the lockpick Village um RTP SE beers which is another Meetup Group all these organizations and their links are on the link tree which is you can get to again through the QR code on your badge a couple other things our community is made up of a lot of people in security but also it the fact that we have so many conferences available to us allows us to not only continue these conversations else where but it also allows us to go and see our friends again that we met at bsides or we met somewhere else so here's just a list of conferences that are happening either in the area or that are major ones that a

lot of people go to um there are a couple that I want know as well as I do that that kind of question is just a setup you should have prepared a dumb answer for that that's supposed to show your skills or something like that during uh the interview so I just chat okay can everybody hear me okay yes awesome I hate standing behind podiums so I don't not covid so it's weird you got to say that now right couple warnings before we get started one hi I'm Kevin that should be warning enough uh two I I would like to tell you that I've been diagnosed with Tourette's which is true but is not why I curse a

lot somebody recently told me that I speak like a sailor with a trucker accent I say [ __ ] a lot

spe

we're gonna wait hello everyone I'm the I'm the next speaker uh I'm not the world's most interesting man but hopefully um so when you see this you know you you probably think oh he's just being funny he's just he's just making a joke he's just making fun of people that don't test preprod because you have to test preprod right no that's not what what I mean I so there's our definition of a vulnerability now what's not a vulnerability is the stuff that comes in tainted but then gets sanitized and then gets to the D

thanks

for for [Music]

hey everybody uh just thumbs up volume voice good yes awesome perfect um so what we're going to be talking about today is nonhuman identities I will be actually doing a live demo so I like to live live in the edge so we'll actually I have a backup video in case do I do plenty of times right so a little about who I am uh Michael Silva I run the go to market engineering team at astrix surprise surprise we do non-human security right uh it's the last time you'll hear ASX it's all about the actual Market uh from this point forward uh a little bit about myself uh I've been in multiple different fields from networking data fabric security um

obviously all right I think that is time so thank you again for giving me a few minutes of your time especially in a Friday afternoon my name is Omar Santos um I'm actually talking to a lot of my friends in here because I recognize like half of the room so thank you and good to see you um a little bit about myself if you're not familiar um I work at Cisco I do a lot of Standards work I am the co-chair of the Coalition for secure AI along with anthropic open AI a whole bunch of other people there and uh I'm the original founder of bites 11 years ago uh I fell of a stage too you know

it's a a lot of things right but today what I wanted to do is at least give you have a super fast introduction to things that um that everybody's experimenting with which is basically Ai and how to actually use that for cyber security but importantly not just to use it is how we're introducing a lot of security problems as people are experimenting including security people including pent testers and ethical hackers and everything else you're basically the ones that are skipping a little bit of of that and I'm going to tell you why but anyways we're going to do super brief introduction to rag which is like in every single YouTube video you can actually imagine

in the world every single tweet the demystifying whether it's rag is dead you know how this is evolving even looking at some of the models that were just released and yesterday and um comparing different implementation separating the F from reality is it's actually really you know replacing Omar in two two days so

[Music] so can everyone hear me oh I sound so strange to myself this is really odd all right am I good to get started perfect well thank you everybody for coming here and joining me uh this afternoon I'm not here talking about anything significantly new not machine learning not AI not anything like that but something you're probably very familiar with actor directory been here forever uh has changed some over the last 20 some years and recently Microsoft been making some changes to make it more secure especially around around the authentic authentication protocols so want to cover this is what it means for a blue teamer and a red teamer both right both sides defending and

attacking little bit about me my name is Eric Keane I know it doesn't look like that but it is how it's pronounced I do answer to [ __ ] or anything close as well I'm a principal security consultant at secure ideas work with Kevin who did our keynote this morning uh I'm based out of Charlotte though just south of Charlotte but much closer than Jacksonville and I've been with secure ideas for seven years before that I was responsible for several very large active directory environments it does hey great we get to go home for the weekend that's a fantastic thing what is 1x or radius if you're not familiar so this is the ability for us to validate a device and

or user can be either or both um against directory active directory is the most common thing here right uh working like I hope that's not broken in me so like that's what that is if you want your body to light up and glow you can put LEDs in your body like again they're not radioactive they will harvest power from a reader and instead of waking up a chip they'll just wake up an LED right you can do that if you want to sure why I don't know just see why not why do anything do anything because it feels good and it's fun that's the only reason you ever need I don't have any LEDs in

me you you wouldn't put it in I would put it in ah where' you put it somewhere else that sounds a little bit uh not safe for work all right so yes there's a lot of questions and concerns that hacker minded people start to ask right about when I I've talked about this at parties and things and like okay well like they instantly you say what's this what's that the biggest one tends to be what I tried to warn you about at the beginning there's all different products out there online you look at a whole spectrum of options you're like wow what are all these things what can they do what can't they do we've talked about the form factor

glass versus flex but let's actually talk about the tech inside the silicon and what feature set they have starting with two of the most confused terms ever NFC NFC people am I getting this mic or is it cutting in and out how am I doing here can you hear me okay NFC especially now that it's all in our phones everyone's like oh I've heard of NFC right that's awesome that's like NFC is like RFID right that's the same thing not exactly okay vend diagram time hackers love ven diagrams everything we're talking about is RFID absolutely everything that is inductively coupled using modulated power to signal that is all RFID ultra low power Tech NFC is a

very small subset inside um first one uh hack hack pack come pick a book hack pack again pick another book pick pick the top two books you want yes you do I think this says Andreas all [Applause] right uh Andreas again he did say he wanted all the books Alice s for another book Alice s for for another book did you guys put all of the tickets in here I only put allegedly Andreas [Music] again listen I'm going to the bottom here all right um Amber hearse Raven boyin are you here Raven all right and sorry if I'm mispronouncing names I'm trying to read all the different types of handwriting some are very small Alice

[Music] s societal societal have you have you left us sad so sad Andreas y okay then one more I think right all right let's see who's This Blink Andreas just give it Andre all right next all right and this is the last one it's for the snowball

mic kiwi you literally wrote black black marker over black this is so hard to read but congratulations thank you uh for everybody coming out to bsides thank you to our sponsors uh those are so important all of our speakers all of our staff all the volunteers that we had today and we look forward to seeing you next year 912 the September the 12th right here please also buy your tickets early see you guys at the afterparty sorry

yeah e