Campfire Talks

hello and welcome to the very first b-sides campfire stories uh we are very excited to come to you today um and we appreciate all of the patience uh that you have shown because uh in true besides fashion we're starting just a little bit late um we have a lot of really cool stories for you today uh before we get to those i want to first off thank lickety and thank naus for getting everything set up for us um without them none of this would be able to happen also thank our judges and our storytellers because they are all awesome and i'm excited uh to see what they bring to you and i'm excited for you to hear what comes from them

as you can tell i am sitting in front of my natural fire totally natural not at all lit by an led panel above my head um because humans are natural storytellers we've had a long history of storytelling throughout humanity and this is the way that we've collectively passed on wisdom through the ages sitting around a campfire enjoying some roasted marshmallows or whatever you you care to cook over the campfire um that's the way that we pass on our information uh and we do it at hacker cons just in hallways or over uh korean barbecue or at fancy restaurants or at bars and so we wanted to bring a little bit of that to the virtual

environment to do some of this storytelling we've got several speakers who stepped up to the virtual campfire they're sitting here with their marshmallows on stick chocolate on graham crackers ready to make s'mores and we'll get to them in just a second the way we're going to work this is we're going to ask each storyteller to step up and then we're going to have a panel of distinguished individuals ask them a few questions just a little bit of follow-up and then the next storyteller will step up and and tell their tale at the end of all the stories we're going to have a special celebrity guest stop by and tell us the story while the judges

deliberate then we'll come back we'll announce the winner now at this point i would like to introduce our panel of judges uh to give a couple of quick words each uh for who they are what their background is whatever they want to tell you and um with that i will turn it over to cindy

you're on mute cindy cindy is on mute of course i am because why should technology work any different in the evening sitting in front of a campfire as it does in my office on the daily hi everyone um i'm cindy jones cinders and ashes or just cinders i'm really excited to be here really excited to hear these stories i am the president of the board of directors for besides las vegas long long time volunteer um and i'm just looking forward to this i've got my campfire burning over here we're holding off on the s'mores still after i eat some dinner but looking forward to the dessert all right thank you cindy and now rob why don't you introduce yourself

rob is also on mute sorry is it my turn to say hi it is your turn to say hi rob yes i was saying goodnight to my kids um so i'm rob i um do hacking stuff i guess and i um started network um i started um doing campfire stories back at schmuckon in what 2000 2007-ish 2008 and uh it's cool that uh we get to say campfire stories all over the place um and uh this is this is definitely not my thing beau made this possible and made this an amazing setup and uh i am looking forward to all those stories great and yeah rob i remember uh you gave a talk about uh hacker ghost

stories what keeps red teamers up at night uh and and that was great that was one of the inspirations for how we want to run this so i greatly appreciate your contributions and let me throw it over to naus naus introduce yourself hi everybody i'm naos i'm the executive producer and chief operations officer for besides las vegas which means hurting all of these cats is my job [Laughter] and i'm the one ultimately responsible if things go well or if they go poorly i'm super excited to see what we throw together here tonight and how the rest of the weekend goes and as always i'm just ecstatic to be with my people so thank you i love how you frame it let's see what

we throw together uh and i i realized i neglected to introduce myself at the start so i'll do that now my name is beau woods i run a couple of tracks at these sides i am the cavalry track in public rounds and i am very excited to be here as your host for this first ever thrown together campfire stories hopefully uh the the storytellers make up for uh some of my lack of preparation in this um as i i know that most of these folks are really uh great at storytelling so don't be so hard on yourself bo you've had a a difficult few weeks leading up to this so we completely understand yeah uh for those who don't know i am

over an armenian campfire tonight where we are cooking corvats for dinner so without further ado i want to invite s fractal aka duncan sparrow to step up to the stage and you will tell us about overlord desert shield the sequel duncan take it away thanks bo um overlord is a world war ii horror movie where the heroes go behind enemy lines and discover a nazi experimental lab to create zombie soldiers i'm going to tell my part in a true life sequel to overlord about a cyber war operation as part of operation desert shield to lead up to operation desert storm the only zombies are going to be zombie processes and i didn't go behind enemy

lines myself only my bits did so i don't know if you'll be scared by this tale but i left i left this operation very scared and that's what led to my last 30 years in cyber security because it started back in 1990 which is a really long time ago the internet was tiny it was basically useless back then and it was the year the first browser was invented in 1990 most data communications were still done via 4 800 baud dial-up modems note that's in kilobits not megabits or gigabits iraqi had invaded kuwait and annexed it the u.s and allied countries objected we declared war on them and desert shield was the buildup in preparation for operation desert storm

the first iraqi war now one of operation desert shield's objectives was quote preparing the battlefield end quote so let me digress a second into why i was chosen vol and told to be part of this turns out i had a minor reputation in the hacking community that i didn't i didn't even know existed i ran a quote special projects uh end quote mini business unit in att where basically i was a benevolent insider as opposed to a mellow of an insider and i worked for the law enforcement intelligence communities another background fact att was the prime contractor on the kuwaiti air defense comms which became part of the iraqi year defense comms with the annexation

you can probably correlate the dots there so based on my software experience my clearances my quote hacker reputation i was run into a special access program in the air force information warfare center an operational command to use cyber in battle now note i never heard of afwick um i didn't even conceive of the concept of a cyber attack which is totally rewarding this is 30 years ago um so yes i was naive but it didn't take me long to adapt as it turns out i'm really good at thinking evilly um so i had to go undercover three times in three different roles as part of this operation that was very light cover in the u.s for

pretty safe environments but it was still extremely nerve-wracking um it supported lots of undercover fbi ops but actually doing it was a whole different ballgame and very scary for me at least our mission was to hack in the iraqi air defense communications network and man in the middle of coms to allow the u.s military to give false orders to the iraqi military in particular to protect our incoming aircraft from their air defense now security consists of convinced confidentiality integrity and availability i'd been you know messing with confidential confidentiality in my sigan role and blocking communications i sort of understood that um and how we could do that as part of this but the whole issue of messing with

integrity was brand new to me and very powerful so i learned a lot about cyber attack techniques from the the special k nsa employees i learned a lot from the cia members the team on social engineering the role playing and practice prior to the actual social op was very eye-opening but i learned the most from my air force counterparts on mission planning decision trees and how much science goes into the process of planning a mission one tidbit that i hadn't appreciated i still think most people don't appreciate is that sort of everything's ancillary to the main mission if you have to do bank shot social engineering malware supply chain whatever those are all just techniques to achieve the mission

um now another nightmare aspect of this particular mission was the rules of engagement remember nobody done this before so nobody knew what they were it was virgin territory so we unfortunately were held to much tighter rules than what they're held to nowadays we had everything planned we did lots of practice ops which is really where i learned everything but we weren't green lighted until the special op teams were actually allowed to physically go in country two days before um zero hour um so now the iraqis at this point new war was imminent and that literally the day before our green light they pulled all the comms and switched them to human operator connected um now earlier i'd enlisted

some att operators to sort of help us as part of our sort of undercover thing um and we worked with the cia guys to actually try and social or engineer our way through that but we weren't successful um the iraqi operator actually said somebody had to translate it for me with there's a military officer with a gun checking every call i put through i'm not risking it so anyway um that that didn't work out but we still had had learned a lot from it and we'd actually tried one final leg in our decision tree was was to basically the special forces that went in we were going to have them do the hacking from in country

but we'd even train some of them and how to do it um but because again it was so it was literally the bombers taking off at that point so unfortunately it came in too late um now just like in the movies there are several side notes that occurred during this for comic relief but time shorts i had to cut those out of the talk um but i left operation with appreciation of the the planning that goes into a military operation and most importantly i was very scared for the future i i appreciated how easily it would be for bad actors to do to at t where i worked what i was trying to do to the iraqi cops networks

so i went back co-founded the at t chief security office and established the first ever sock so there's never enough time i think my five minutes are up so thank you for yours all right thank you duncan uh ended just on time as i'd expect from military precision and that is the alarm saying that your time is up perfect timing um so i've got a quick question for you and then i'll pass around to the other judges uh if you have a short vignette of one of the scariest things that you encountered or uh uh what you felt while you were there that scared you what was that um well there are actually a couple of

things i actually had to do undercover and some of them like that basically talking their operators through talking iraqi operators was you know it's really all distance stuff um but for some weird classification reason i actually had to do part of it literally undercover i had to pretend to be a government employee now i'd actually helped the fbi with undercover ops before and i actually helped them pretend to be t employees before so i sort of knew how hard it was and i'd been working with the government for a long time but until you're like actually there and physically trying to be somebody else when you're doing it uh even though it was a safe environment

it was like the real fbi used to get killed when this happened but this was really just to other for weird government classification reasons we had to have more people involved that were actually allowed to be briefed didn't know what we were doing so i had to pretend to be a a guppy guy in it and i just it was just scary pretending to be somebody else fair enough i know a lot of us feel that same fear um every day as we go and do social engineering so exactly cindy any questions from you yeah um how long were you in the position that you were in performing these activities um so i think we invaded in about august

that the op started in i think it was september um so basically september through december was all really the prep and the setup and the practice and everything else but the actual attempt to get in we started i think the bombers took off on the 17th and they gave us the green light on the 14th i think um and so that's when we were actually trying to do it so it's like you know almost six months of preparation for like three days of actual attack wow that's intense rob what do you think the biggest mind uh mindset shift that you had during this time was what did you go in thinking like this way and then came out thinking a

different way literally the concept that people would do this you know like once i get into it i actually was pretty good at it and everything but just the fact that you could want to do it and could do it and then how easy it was to do stuff like like i said i i literally went back and briefed extremely official uh extremely high att officers on the hey we got to start worrying about this stuff because people could like really do bad things to us so and it was really really eye-opening now again now you guys are all like probably laughing at that but this was 30 years ago it was it was a different world back then

now so any questions from you have you uh have you come to enjoy that sort of activity in a less maybe life-and-death sort of situation yes and and and i uh you know my tagline is think easily ethically actually i went back to att and and i was always the tinfoil hat guy and hey we got to worry about people doing this so i think of what other people could do to us which is like way easier um yeah so i really did enjoy it i still enjoy it actually

all right well duncan thank you very much for that that hopefully scared and delighted and entertained everybody uh next up we have cell phone dude cell phone dude pking on your creds you're up at the campfire hey i'm cell phone dude nice to uh see you guys tonight even though i i kind of can't see you because i got campfire from like three walls right now but we're good uh my story tonight is about doing an investigation for a company very well known company who shall remain nameless that uh maybe just maybe has all their keys wrapped up into one uh and with that i'll get started for many moons the threat actor quietly perused the

target's infrastructure while slowly and effectively enumerating and endpoints and targets of value while slithering through pam modules and vpns our thread actors found themselves with the keys of the kingdom that they breached but how do you ask that is the tale of the evening how national threat actors targeted a pan module to print and ship credentials back to their infra once they were the holder of the creds to worthy members of the targets organizations our faithful criminals had access to the holy source code not only source but definitions packages alike the signing key used for all the targets hardware deployed worldwide the attackers of the story waited patiently and methodically gathering intel about their targets

late into the night exfiltrating terabytes upon terabytes of the holy source then they built their own custom definition files likely removing their attack infrastructure from the block list so they could launch attacks on one specific unspected customer you see this story isn't about what natural threat actors did to a major network appliance manufacturer but how that manufacturer was attacked by one nation state to attack another yes kids the stories of management not understanding the real ramifications of not having proper key management infrastructure in place the moral of this story is that a single point of failure is always going to fail thanks for listening to my campfire story i love it short but sweet and i know for

a lot of people uh pki itself is a terrifying scary uh spooky story that you tell um hopefully with uh with a cold one in hand um when you were investigating this um what was the thing that you found to be uh maybe one of the uh the things that you would do differently in retrospect or that they could have done differently in retrospect that would have avoided this scary tale uh wow so one one big gnarling thing that i think a lot of times insecurity especially dealing with upper management we find ourselves in situations where it's like you know we want convenience but we also want security so sso is awesome until sso is the reason why you get popped and

someone gets access to your vpn and so in retrospect if i were this company i was going to do it differently i'd definitely institute additional otp on on certain entry points like you know the vpn dial-in procedure etc etc that that's probably something that i definitely would have changed if it was mine so single sign-on is great but for getting access to particularly sensitive equipment perhaps multi-factor authentication or some kind of other out-of-band confirmation would be better yeah very good all right any of my other judges have any questions for cell phone dude i do um curious how receptive and were you able to discern how quickly or if remediation took place on the part of

the client afterwards or was it one of those drop the mic and walk away that we're so familiar with so this was a situation where two really large well-named very expensive firms came and did the work before me and told the client there was nothing there uh and then so we got bought on to do thing and the scope was like eight boxes very quickly i told them i need to scan your entire infrastructure all 3 500. you're like no way that's insane you can't do that i'm like yeah actually i can but like if you think that your scope is these eight boxes you guys are [ __ ] crazy uh and that and that's really what it

was because the last i i know because i ended up talking to one of the investigators from the other company privately and was we were comparing notes and telling jokes and realized that we worked in the same thing and found out from him like a year or so later oh yeah no scope stayed on unsaid eight boxes and so a lot of times like i find myself in these situations all the time where where clients always they always want to think they know where a thing is because of a end result of the core cause of what happened your application went down or you lost access to these services and because you lost access to these

services it was clearly this box nah that was just what happened after someone had been in your infrastructure for like six months because we're going through logs and what happened was we ended up running out of time on their engagement because we were the third company they ran out of budget to pay us it's a really good lowest paid company doing this particular engagement but after going through enough logs to find out that they had been in their infrastructure for just over six months and the entire time they were ex-filling source code and definition packages probably meanwhile reverse engineering said definition packages so they could understand how they worked et cetera et cetera et cetera it

it got to a point where we submitted our report and for four or five months i fought with their gc their general counsel their lawyers on redacting parts of my report because they didn't like some of my findings and my stance was sorry i have a reputation on the line i ain't rejecting [ __ ] what i found is what i found if you want to redact it that's not [ __ ] you so take the black market to this [ __ ] if you want and then scan it sorry i'm very familiar with that feeling as well so yeah i hear that i just know the company i get to say [ __ ] like that and there's

like no rainbow because it's my [ __ ] company so you you hired us unfortunately i i'm i'm kind of a bull in the china shop i'm i try to do things the right way so i'm not going to change my ethics because you don't like how bad the information is from what i heard on particular investigation these guys had been begging their upper management for a better answer to pki infrastructure and i find a lot of times what happens is is we know what the right thing is to do but finding the right talking points and the right way to communicate to upper management to be effective in the execution of the right security controls that need to be

in place to move forward that's always a hard conversation and that's determining and figuring out a way to communicate the value proposition well that's uh you mentioned several scary things that that i know keep hackers up at night including uh the scope is limited in this test that you're doing um any other questions from the judges all right well with that thank you very much for your story um and we will move next to alice hardy did you hear that noise alice did you hear it hi it's alice hardy uh did you hear that noise is really about um a junior security analyst being left to their own demise on an engagement so um i'm sure people are familiar with

this kind of story so i'll start with this uh the junior analyst is staring into the monitor wondering what next senior analysts are pulled for last minute tasks the fluorescent lights draw a dull hum they're excited and concerned will this receive the proper due diligence it deserves they're left to wing it their heart begins to pound and they think to themself it's just you and me server they've gotten their way onto a server likely rdp from pulled creds but now what figure out how to find credentials maybe pii well powershell is available it's not something they're very familiar with but it's what's there and so they start to run some search terms unfortunately for them

they start running a recursive searches for password nothing yet and then they think oh let's try some alternative ways to get info i've read on this person's blog okay well uh get location info already know that what about processes oh this looks interesting how about get 80 user or get 80 group member after several attempts fail after fail no useful output and then error after error and a notification pops up in their email there has been suspicious activity of powershell strings with the word password cert wants to know if anyone on their team is on this device but of course seconds before responding to the email their remote connection is lost the noob is realizing they need to learn

powershell commandlets especially the ones that run elevated and encode or figure out how to obfuscate some activity to avoid so much noise for crying out loud we don't know if the analyst ever learned enough powershell and rumor has it they still poke around servers noisy and unsupervised

and humorous because i think many of us have been here before alice thank you for your story um what would said analysts uh look to do better if said analysts wanted to uh to advance to the next level of newbery oh definitely definitely take notes definitely research what caused any of that detection activity try to point and get more guidance from team members on how to better how to better approach a situation like that again this is not the analyst's fault this is the lack of supervision part that's the fault that's that's your your leadership or not the analysts leadership field in that aspect yeah fairpoint leadership is often scary and spooky and uh and comes at us in the dark

[Laughter] and i really hope that the analyst didn't uh die you said demise so i'm very scared for that analyst yeah that i i think the analyst is is not dead yet i think that analyst i think the analyst has earned a lot of trust to be able to poke around that's what i've heard i i hope that analysts got a good mentor wasn't coming from internships internally organizations do my uh do the other judges have any further questions for alice just foreign forward my information to whatever analysts you're talking about because like i'll i'll help anytime they want like man that had me having flashbacks of my my entry into infosec i think it did for many of us thank you

alice for your terrifying tale next up we have the admirer ian that time i accidentally infiltrated a large rodent-based theme park through underground tunnels do tell indeed thank you for having me i hope everyone's completed their summer camp merit badges for their masks and for their distilling sanitizer in your bathtub but tonight i have a thrilling and terrifying tale for you the type of tale that can only make sphincter pucker into diamonds when you find yourself deep in the tunnels and bowels of a multi-billion dollar rodent-based theme park now you may be thinking to yourself i know which theme park this is it's chuck e cheese but i assure you my lawyers have told me that i can't

mention which theme park it is but i can assure you you've heard of it so take yourself back to 1997 a land and time before we remember a land in time before i understood rules of engagement and worked at a taco bell and drove a 84 usps station wagon and a friend said i just got a job at disney what why why why why why are you saying disney we're not talking about disney so i just got a job at a rodent-based theme park and i can get you in we can maingate and we all knew as central floridians people could do this people could maingate into and take guests and so we say yes

let's go after high school let's go after class and we'll go and we'll ride the rides and we'll enjoy the magic but what we didn't know or what we didn't realize is our friend was a compulsive and idiotic liar and as we got there they said wait i'm going to park in the employee parking lot because i i don't want to pay for parking we said no oh okay is it and we're going to go onto this bus so when they ask you for id just tell them you forgot and at that point we start thinking oh oh oh okay so we walk to the bus and we're thinking oh we're just going to go to the main

gate and the bus is going to take us there and they say no rightfully you're not getting on the bus so then we say okay well i guess we're turning around we're going to go pay for parking and they say no no no wait get in the station wagon and i'll just drive this to a different gate but could y'all get in the back of the station wagon and just cover yourself with a blanket um are you are you 100 certain this is legit oh yeah it's fine it's just we're going to take some back roads we don't want we don't want anybody to to see or ask questions and i just don't want to have to stop

oh okay so we lay down under the blanket and we park in a small parking area and as we emerge like out of a clown car from this blanket for five scruffy looking teenagers i look back and i see guards and to this day i swear those guards have rifles maybe in magical colors disney princess whatever it is but those guards were looking away and we entered into a large tunnel and suddenly we were realizing don't think he's really gonna main gate us into the park now as we're continuing to walk i realize wait a minute as i hear people talking that this is the utilidor and if you've never heard of the utilidor it is the main entry into the bowels of

the magic the underground tunnels that connect all the rodent-based kingdom and we walk and we walk and we're seeing everything laid out we're seeing uh costumed characters with their heads on spikes we're seeing you know staff members drenched in sweat with cartoon pants on and we realize that no one is asking us any questions and it's because it is absolutely ludicrous that anyone would be in there that shouldn't be and we now realize the danger we're in because if we're discovered we are very very far inside a very very very litigious company and we are not supposed to be there and we are 18 years old and our station wagon is parked somewhere between behind

armed eared guards so we just have to go forward and as we go forward we see a door with a tinker bell on it it's important remember that but we keep walking and we keep walking and we keep walking finally we emerge and we can see the park we've walked under the entire park and there it is there's the jungle cruise there's main street usa and all we gotta do is walk through a gate walk across the small piece of asphalt we're in we've done it we've we've escaped we're in the park we're gonna ride the rides and then we hear can i help you and we turn around and it's a disney security guard

and they're looking at us and they say can i help you d how did you find yourself back here and all panic stricken the friend that works at the park says oh it's okay i'm returning these guests to the park a delightful lie a beautiful lie because directly behind us and behind him was a first aid station the lie presents itself they went to first aid i'm taking them back and instead what does our courageous ignorant and utterly stupid friends say they all work here now we have no idea i've yet to do social engineering i sling tacos and i do math in high school this is what i do for a living and they look at me and they say

he doesn't work here and now i'm terrified how does this man this man who lives in this magic kingdom know that i do not belong what is it about me that is giving away is it the drenching and sweat is it what what is it they continued continue no he works behind the scenes he works in construction he works in this he doesn't work here finally the jig is up now this wonderful security guard says i'm going to call a friend of mine and they're going to load you in a van and they're going to escort you off a property and we're just going to pretend like this didn't happen and as that's happening johnny sargent

pants comes up like the full you know disney security they just live for the mouse and they are what are these people doing back i was like i've got it and we ride in the world's quietest minivan out of the park not being trespassed and this is why my friends pen testers out there remember your grooming habits your beard can give you away because what gave me away is you're not allowed to have any facial hair as a disney employee in 1997. and that tinkerbell door had we just exited through it we would have come out in a private exit behind the castle where tinkerbell does meet and greets and would have been in the park but we

walked right by it and that is my story of tale and woe of almost being detained taken away in the world's quietest ride and uh unforeseen trespassing of a rodent-based theme park wow uh that scared me and i wasn't even in that position i'm sure that that many people felt the same way uh ian that was great um so uh now that you are presumably farther along in your social engineering career uh what did you learn from that event that helped you uh become a better social engineer oh absolutely um know the details know when and how you belong one of my first maybe second conference talks included this particular story uh and it was

dress for the job you want to fake not the job you have and it was paying close attention to the details doing you know research going to local cafeterias restaurants nearby what do people wear what do they look like what do their badges look like uh get to know you know those different things because if just facial hair could give you away that easily and you didn't know those rules uh you can do everything to a t and you're still sticking out like a sore thumb yeah uh cindy or rob do you have any any questions for our distinguished storyteller here oh one of the go ahead oh i just wanted to know if you ended up on the

blacklist or the the deny list i guess at disney on their uh in their most wanted i have no i can say that i'm on i was on there at one point in time so no and and i and i hope as i tell this story they find the humor in it if they were to ever ever hear it but um because it was it was like i said it was completely that was not the intention an employee escorted us back and he was he was an employee he worked there and we just found out that he his his his britches were were bigger than his head actually were um so no no and it was

like i said the world's coolest security guard he was just like yeah you're not doing any harm we'll load you in the van and get you out of here whereas that could have gone very poorly yeah i've been on that on that wall so i i could have gone i absolutely know you're on the monorail to hell um [Music] so one of the one of the tricks that you touched on is um is monitoring what they what people wear um to to the place of work and stuff like that so um one of the things that um early on in my career a mentor of mine told me was um go to the local coffee

shop dress like you work there with a badge like you work there like wherever you're doing a red team pen test in um like do look like you're in full get up but look like you're a peon like uh like a entry-level employee or or something like that and then have the best laptop you can afford and be and people and sit alone sit in the middle of the coffee shop people will say how did you get that from my tea where did you get that and they'll start talking to you instead of you talking to them and they will walk you into the building over to it so you can explain to them how you got it

that's really slick right like they will literally walk you into the building and yeah just come on let's let's walk over to it and i'll i'll talk i'll show you the right person to talk to and and we'll get you you know an upgraded laptop just like me done easy that's like that i'm gonna put that in the repertoire that's nice all right well thank you for that ian um we uh i just want to remind everybody that every storyteller who came on here tonight is going to get a 20 no starch press gift certificate which you can use to get any other awesome books and the winner gets a donor package for 2022 that includes a badge

t-shirt four meal tickets for when we all come together and are able to do this in person yet again so this is going to be a really cool experience and we we we may have some other stories from some of the same storytellers uh who um might want to go again uh let me throw it out there if there's anybody who has a second story um maybe just raise your hand if you want to tell it [Music] i can keep talking but let somebody else go before me is he's helping we have a hand from cell phone dude cell phone dude join us around the campfire once again and tell us your scary spooky story of

hacker woe so this one is very recent so it's very unprepared it's very extremely conscious but this is a tale of you know someone calls you and it's you know all fires blazing puns sort of not really intended because we're sitting around a campfire but all fires blazing red alarms everywhere there's a problem there's a problem there's a problem we we we need hackers to figure out who how are why is all our stuff broken who broke it so you you know you're usually your onboarding call and try and figure out the scope of the story and the scope of the machines and scope of work as a whole and you know on windows networks you

start diving through and diving through and you know someone else's story powershell commands a bunch of powershell commands asking the ad for stuff getting no answers asking the ad for stuff getting no answers i know these people were here they have vlogs that say they were here but they don't exist what about the logs but talk about all the old users what about all the security logs from like before today no don't make sense what about any logs for the security portion of windows at all though something why did all the backups get deleted between this state and the state why for whatever reason is there no central logging across 237 boxes for a multi-million dollar company that

outputs an application for lawyers doesn't exist companies acquired in the acquisition the acquirers of said company decide to cancel the multi-million dollar msp contract for the guys who run the infrastructure the company that they just bought does anyone see where this story is going come in one day everything's gone application database is gone user data database is done the actual application server itself is gone the sql server that runs the application behind it's gone as i mentioned all the logs are going there's no central logging in place so there's nothing to actually go find so i thought okay cool i have a forensics specialist on my team i'll have them go ham on the disc

okay go ham on the disc find all the logs i really really sort of wanted to find at least for one machine and they're only good enough to tell me that some guy that got deleted from the domain controller logged in and did the stuff that i knew he did i think the moral of this story is when you log into a domain controller and all the settings are turned from normal defaults to off um you kind of it's kind of like an open and shut case like i i got called by the company that hired us to do the investigation and the guy says to me he says well isn't there more meat that you can

add than mediation i said what more meat remediation you want me to add other than turn logging on that's my campfire story truly terrifying uh you know logs are an essential part of any campfire and any campfire story uh and in this case the logs were missing and that is is terrifying for anybody with a bag of marshmallows and a stick i mean thank you if you're a law firm you don't want to keep anything that's damaging to your clients anyways right so sorry rob [Laughter] i mean oh man seems smart to me yeah well it's funny this particular one was there's like an extra kick in this one because it's like all right so like

it's one thing to like i've seen a couple where it's like it's always the msp that's like it has this crazy contractor getting paid millions of dollars right and it's like oh we have this one client who basically pays all our bills but they're going to fire us i know how we'll get back at them and how we'll get our contract back we will hack them the all holy hell and we will make their infrastructure suffer so we will be the heroes that they will call but that's precisely what will happen and then there's a non-zero amount of time that happens but then there's you know the amount of time and they call an investigator to figure

out what's going on and and then it's like y'all didn't think to maybe lock out the dudes that you just told you were taking a multi-million dollar contract from well no they were doing work okay so from a logistical perspective at no point during the business relationship did you think that telling them that they were going to lose the contract while they were in the middle of doing work product for you in the middle of an acquisition at no point that was a bad idea and this is how i actually talk to people like some of you know me actually really in person and i kind of am this way with clients because english works best and like

you should and everyone had their their [ __ ] camera on and i of course didn't and so i turn my camera on and i just start looking like so that that didn't register at all and everyone just thought that looking at the bottom line and handling the hemorrhaging operational cost was going to be the thing to do here instead of really looking at the fiscal understanding of why they might spend a million dollars with one company for many years over and over and over and over and over no you just thought to acquire them and get rid of them okay well now you don't have an application for an application server or a user

database i mean most people don't want to go to jail so i that would you know you you assume that people will not want to go to jail oh yeah they did a good job with that they removed every single log from their entire time that they were engaged at the company and touched any of the machines i put i deployed grr through the entire infrastructure just looking for just sids and stuff that i knew was there all [ __ ] gone dude like like worse than someone like me going through and be like never going to find me something to be said for off-site backups i guess bruh or any backup or any logs or anything

for logging or anything doing it but it's like and then it's weird because it's like oh well i i asked them i was like so do you know about you know domain controllers logs being turned off and set so that there's no logging do you know about this this and this being said wrong no no we have no it's okay so so what was the problem here is that you guys indicate control of your infrastructure before you remove control of your infrastructure but that's the problem that's the operational problem sorry i'm making taking too much time i just you know recent [ __ ] that just recently happened and i'm still processing it it's like really

all right can judges tell stories uh we can rob if you would like to tell a story let's hold it until after we have announced the winner and then we can allow you to tell some of your terrifying tales from i would like to hear a rock story i would too uh we do have one more from ian ian i believe you have one for us that's called it's coming from inside the data center it is yes so as we find ourselves here i'm going to tell you another tale of terror and packetized woe that comes only from the types of times where you're challenged to understand what's actually going on a few years ago

you come into work we sit down the security team and by about noon every site of 800 retail locations dispersed throughout the united states is hard down nothing can move there's no traffic moving they can't log in everything is overwhelmed with some nefarious and yet undiscovered traffic pattern now the network teams come running to security it's a ddos attack at the nation state where under attack it has to be a ddos now the security team looks they look around and say there's something not right everyone's terrified they're running around the sites are down what do we do but we can still get in from the outside we have to use an adjacent company's guest wifi

and we can get in everything's there but the stores the corporate headquarters are completely saturated no one can figure out what's going on it has to be in the building and as we look and as we discover it wasn't just in the building it wasn't just in the data center it was in the core router itself the ghost of spanning tree past in a room hidden above the data center a lone cable rose 10 gigs for imaging of laptops and desktops and a cable a single cable some say is still there today was looped back into the patch panel sending terabytes of terrifying images through the router again and again and again until the company was brought to

its knees on that day they said it was a nation state they said it was china they said it was attackers unknown others said it was the intern others said it was the custodian we may never know it was the intern but the cable was plugged in the systems were brought down and for those moments we didn't know if it was the ghost of change control past spanning tree gone amok or a simple intern plugging in a cable thinking they're doing the right thing and that's the story ian truly terrifying uh especially the intern part um i i think when you have interns getting blamed for multi-billion dollar security issues in front of congress maybe maybe your company shouldn't be

able to fall over because of an intern i mean i don't know maybe you know that's just wishful thinking um name one company that isn't yeah run by interns i know i'm no i'm just saying name a company that can't be toppled by an intern oh please i don't think that's that's not reality i mean absolutely every single day yeah yeah i mean well perhaps that's the scariest part of all of these tales is is how vulnerable and exposed these organizations are not to nation-state level threats but to simple accidents yeah all right did the interns always a good question to ask they did they did survive they they actually and and i mean that truthfully it really

actually was the intern we we found out that you know they were in their imaging laptops and then you know they're unplugging network cables and they they lit and it was right around lunch time and they're like oh i must have knocked this one loose and they plugged it back in and went to lunch and uh thankfully they were very well liked in turn and to everyone's point that shouldn't be possible it's it's like okay well here's a cannon and just try not to kill yourself um you know you generally offer some training on the howitzer before you give it to them um so yeah also don't put it in front of them it's already aimed at them ago

um so yeah so they were very well liked and and everyone was like no i uh it was it was actually kind of funny that the people that they worked for were like oh i think it was the custodians like yes because the custodians are in there at lunchtime just cleaning up the place sure okay um but uh but it wasn't a problem like they they were still there and i'm sure they have a their own terrifying campfire story of when they plugged in a a network cable and brought a multi-billion dollar uh company to its knees yeah and uh to your to rob's point earlier um leadership management uh and some of the way that they support their

people uh is also a scary part of that tale so thank you very much for that uh for all of our storytellers we greatly appreciate you we now have a celebrity guest story queued up and ready to go i believe lickety do the thing well hello campers hackers hackerlings and everyone else it's your uncle jack with a little uh campfire story time while the judges do their thing so what stories to tell well once upon a time my friend paul no wait uh bob bob uh my friend bob borrowed one of my virtual labs which was based in moscow at the time and he oh right never mind bob doesn't like prison okay how about another story uh

how about this one once upon a time oh we need a campfire don't we there we go this is better once upon a time about 12 years ago a bunch of people were complaining on twitter i know that seems hard to believe but it's true people were complaining on twitter but it was actually a productive conversation because some of us had been talking about a lack of community feel in some events and we saw some talks that we thought that that's cool but it's probably not a lot of people interested the people that are going to be interested are going to be really interested but it's not going to fill a big room it's too bad there isn't a place for

those folks to share these ideas and then we saw some others it's like you know the big conferences they just get too many talks they can't take them all it's like okay that that's life but we saw a few that were like yeah that's really not a fully baked idea it's a pretty cool idea but it's it's not ready for prime time and we've said to ourselves and each other it's really too bad that there isn't a place that they could give these talks get some feedback and turn this into a really cool project or a really cool presentation or whatever it was just too bad there's no place to do it we saw some more that were just like i'm

sure they got 10 of those they chose the best that's really too bad they can't take them all and we saw a few that were just like i don't that that's not really a fit for the conferences this summer that's not really a fit for those other conferences i don't know where this one fits it's really too bad that things that interest the hacker mindset can't always find a place to be heard and so we said it's really too bad there isn't a place for it a lot and the bright idea was hatched maybe we should make a place for it and we'll just do this thing this year and chris nickerson had rented a house

and mike don and chris and i and a bunch of 303 folks who didn't you know some were friends some didn't know each other except for on the internet we got together and and we sort of made a thing happen and and that thing it looked like this because the air conditioning wasn't up to speed so there was a lot of duct tape and masking tape and garbage bags and tarps on the roof and things but what happened then was an event happened and we filled rooms and there were talks large and small and there were talks on gender issues in the field and hd gave his first talk on warvox and there was just a whole bunch of cool stuff and if

the talk wasn't your thing you went into the next room which was the kitchen and you grabbed a snack or a drink and you sat down and had side conversations and by the second day there were lightning talks going on and the pool was going and the second night there was a wild party that was fantastic and it was all wonderful and it sort of exploded from there but you know every good campfire story needs a little scare so as chris as indy was leaving for the afternoon the last person to leave uh except for jarrell jarrell was lying on the couch saying i'm tired i'm going to take a nap and indy said just don't burn the house down

and he came back to a house full of smoke carpet burned a door burned an extension cord burned here's a pro tip do not coil up an extension cord then plug an extension cord or a air conditioner into it and then set a door on top of the coil science and stuff anyway uh other than some hacking and coughing and a skid scare nothing really bad happened and this is the 676th b-sides since that won in july of 2009. thank you all for joining us and for being a part of it

wow that was a fantastic story of b-sides las vegas hacker history with a little hope and a little horror yeah it could have been really scary for us if if the house had burnt down we wouldn't be able to do b-sides now that's true how close how close everyone came yeah and almost every year since then has had some kind of an element of what if right i mean the artisan hotel all by itself heck all right before we announce tonight's winner i want to give my distinguished judges an opportunity to say a couple of words just about this event or anything else that they want to say before we announce the winner cindy go

to you oh sorry now let's go to you thanks bo i just want to thank everybody for joining us tonight um for for sharing their stories with us and for joining on the stream to hang out um we're really excited to be doing campfire talks and you know trying new things and reaching out and stretching our our talents in new directions so i'm just i'm thrilled that everybody joined us and and volunteered to get on camera for who knows how many people and and tell stories so thank you all very much for being here yeah cindy you're next cool um uh to echo uh nasa's statements though thank you all so much for joining us this has been a blast

your stories have been amazing um there was some debate happening behind the scenes uh during the course of these this debate internal debate too is kind of great in my part anyways i just want to really give likety and uh beau a huge shout out for what they put together here of lickety for rallying like nobody's business before that started and see it's all good now we're cruising it's all good everything's cool so thank you guys all for putting this together and it was my pleasure to be here and thanks again to these storytellers as well as my fellow judges thanks rob uh y'all suck at following directions he said say a few words about uh this so a few words

see y'all oh rob you're so literal i am very literal right um no thanks uh for putting this together bo um when you when you first told me about this happening i was super excited about it i think year one um you know this is you know just starting off gonna kick off make so much you know i'm looking forward to year two three five ten um and uh we'll see how the stories evolve thanks for all the stories that you all told too that was awesome yeah i agree i'm i'm really excited to see what comes next um and uh especially if we can we can have this in person back together again we'll have to next year figure out how

to rig up a campfire display maybe we'll put uh caspian on that um oh you'll be out by the fire pits by the pool right yeah yeah there you go i like it that's where we like sitting yes get really close to that fire just uh just lean on it that'll be perfect toasty to warm your hands okay bo how exactly do you lean on a fire like that there's this one actually has a glass rim around it that you could lean on and carry so and it and it hasn't it's in a table so like you know there's a table space and then there's the glass yes but but there's no like physics tell me that i

can't actually lean on a fire stop being literal it'll be a ghost now if you're watching you experiments we'll find out all right well with that uh an exciting announcement to make and again remember that the winner of this will get a a donor package for 2022 which comes with a badge t-shirt four meal tickets and the winner is ian meyer for his story that time i accidentally infiltrated a large rodent-based theme park through underground tunnels ian thank you very much do you want to give us a couple of thoughts about what it means to win that's awesome thank you i love telling stories and thank you for having me and i love b-sides and

all my friends and everyone at b-sides orlando and and uh you know it's been wonderful being here it's very very enjoyable and i hope uh i hope this continues on and other people decide to jump in and tell their stories so thank you no it's awesome so really quick before before we cut out i have to tell ian how his headrest on both mouse actually brought it up in our chat she's like does anybody else think that that's part of a cape and like a popped up collar on a cape and i legitimately thought it was so you have filled the role and the costume it goes with the background even the cape goes exactly we brought it we

brought a vampire to our campfire i wish i would have thought of that to be honest because that would have been great i have like a cloak you didn't need it this is what it looked like that's awesome it was great sorry for interesting thank you thank you very much to all of our storytellers uh as cindy mentioned we had some pretty intense debate going on behind the scenes about about which one of these stories from which one of the storytellers uh was the one that we wanted to select they were all really really amazing and uh hopefully we got this recorded and can can keep this around because these are going to be i think an amazing resource for people

who want to laugh and learn i thought i thought that rob was going to tell us the story before before we cut out yes i was just gonna say uh i think we can uh we can end the more formal part of this session and uh devolve into just uh free-for-all campfire jump in so rob if you want to go first as our first storyteller you are welcome sure so uh this is a story from a while ago um and some people who may have been or may or may not be on this call or or um watching know this story pretty well um it is the story of walking on water so i i have uh a few claims to fame and

one one of which is i got to i can literally walk on water um and so we're i was doing an assessment one time or let's you know make it a story sorry uh some random person was doing an assessment one time i'm sorry i'm not as good a storyteller storytellers y'all and we went out to do this site assessment for this building they had security guards and guns and dogs and gates and really scary stuff and none of us wanted to go do a physical assessment against this place and they had badges and visual cues to who the badge owned by and were like we're never going to get in here and all of the gates were so far away

from any of the buildings we we couldn't do wi-fi attacks because like you can send but you're not receiving all this bad stuff we're like yeah we're we're screwed we're not gonna you know we'll just go back and say we did our best and there's nothing on this because we don't want to get shot and so we go back from our site assessment and we start writing up our findings because we know nothing's going to happen when we actually come out for the real thing and so um this is around september uh october november timeframe and the timing is very important because um because we go back out in january and we go back out to our assessment in

january and there's this huge deep raging river behind this facility and it's there and um and one of one of our one of the people in our group was like hey you know if we could you know rent a canoe or something we could probably paddle across this thing and uh on the other side we could drive to the other side um and when we were out for the side assessment and this thing this river is going probably a hundred miles an hour like it's there's no way we're gonna get in this thing and um and do anything but like float down river thousands of miles and get lost um and so uh uh we go back out for our actual

assessment we're like okay we tried to swipe someone's badge we treat you at the local coffee shop because that's a go-to for us we we walk around to look at the young guards guards block eyes with us we're like okay that's not happening and um we we walk around the facility a little bit more and we're like hold on a minute the river's frozen then so this river had not frozen in like 50 60 years never ever like so long it hadn't like never frozen and it had frozen the night that night that like the night before and so we walk out um on the river and start like do you really want to like test this

this is this is scary right and so we walk on out onto the river and we walk across like uh i think it's like two football fields wide walk across this river that has frozen for the first time in in decades and we get over to the other side and it's a steep cliff like a cliff that you don't want to get out of a canoe or or anything out of because you're gonna like the canoe's gonna tip so we start walking up the cliff get into the facility we walk right up to our point of contact's desk inside the facility and he's like how in hell did you just do that and we're like we can walk on water

that's why and that's my story wow that was excellent thank you for sharing right place right time that's like it and it unfroze like two days later like just perfect timing well done i wonder if that's in their uh their right model in this rap model yeah they were considered i mean it hasn't frozen in you know decades but they even put that in their threat model contingency planning for that wow pretty cool hey yeah do do we get to ask questions now yeah which bash bunny module freezes the stream [Music] [Laughter] i'm sorry uh no hump no hop does it oh man all right got so many fun stories yeah who else has got a story

cindy you've got stories i've got stories um i can't think of it you put the yeah i didn't i mean i shared off camera about the time that i took down the network being the intern being the the wrong person i don't know there's so many times when you walk into an organization and you're just blown away with the fact that their identity management system is being managed by another party somewhere who doesn't know what they're doing i mean you just all the times the consultant you've got all these little like are you kidding me those moments that happen all the time but um i think one of the biggest horror stories i have is around working for

product manufacturers and and doing assessments for them and being called upon by customers to meet their security requirements and the expectation around some of these organizations that are your customers of doing things like patching a medical device in three days for a critical vulnerability that's been deployed to a customer site that we have no connectivity to and the ridiculousness of that expectation and the horror comes in from the sales team because they freak out they have no idea this is not something that we could get accomplished so having that happen is pretty interesting but yeah i think my my hot dog i have some hot dogs on the fire over here and they're looking a

little burnt right now and i think i really need some nutrients so my white claw is not carrying me through tonight

well thank you for that uh stories pseudo exactly sudo or sudo now i'm just trolling all right uh unless there any story or other stories i think we can conclude this televised campfire sure uh and cell phone dude why don't you mute yourself before you tell us all who you're talking to uh i gave up host control to lickety so lickety can okay there you go awesome all right well uh on that terrifying tale of zoom horror we we will now wish you all a good night and uh shaking good night everyone have a good night you