BSides Cape Town 2017 - Lightning Talks

my name is Barry Lewin high-bred now the Rhodes person here yay I'm at Rhodes University I run the security and entrance research group here but really made me happy today is the number of roads people here roads people stick your hands up in the air please it's a capital unit and some of them are run away so having had my arm twisted year since the I'll dude in prompted lightning talk talking to grant last night he said

consuming some malted beverages God saying a lot of you or people not a lot of people were really aware of the security program that we ran at Rhodes it's been running for quite some time there's you've actually seen three of our students today Veronica Brent and earlier this morning Ibrahim and the big program that we run is a part-time master's program okay it's called an evil MHC it's a program that is very much focused around bringing industry practitioners back into academia or a two-year period and that's about building a sense of community as well we've got a really nice group and I think some of the people who've been on the course can attest to it you Bober you get to meet

people that from other sectors and from around the country but really just to say this is not a paid promotion that is what I was made to say right we at Rhodes we do have a program it's fortunately full up for next year but yeah we've been but yeah we'll be we'll be opening things again sort of the second half of next year if you've had an itch you want to scratch if you sitting in development or something and you would like to get into vault AB space it might also be something that is we even had a our most respected both lawyers and auditors we in a nun non-judgmental space very much yeah we've had a couple of

auditors through it and they didn't feel too sad so really that's that it's a program we've got another program which I can't talk about which all yet but it's a really exciting program that will also be launching for 2019 and which would hopefully allow us to take a whole lot more but those of you that have made a pile of money your butt coin speculation has paid off we also have a full-time student come back and relive your glory days [Music] we we offer the mystic also give me see so you come and do

the

yeah that's me I'm not gonna monopolize the stage it's like I see there's hundreds of people queuing at the CV or just to see take over the stage but I'm around if you wanted to have a chat otherwise I was drop me a mail

[Applause]

so is there anyone else who would be keen to give a quick five minute lightning talk Eric

Oh friends it's me again Oh sir well we're spamming events here so what is back hoodie I just came back from it it's basically a malware reversing workshops - conference for women and people you know they like this woman she I think it's the same thing sorry um anyways so it was really cool I went there and if you're any interested in getting into malware reversing so like x86 arm stuff that's the beginner track please do sign up it's run by Mary and Marshall egg who who exper Intel as a malware analyzer and they've also got really great conference talks there was is a Lea with Azaria who is running a workshop on the advanced track so if

you're advanced malware analysis like you should go there as well as when as for where it is as usually in like it's like Europe so if you have trouble getting there you can sign up for a travel grant and this year it was a lottery so Zack Ivy right it's a lot sure you're not gonna win but Google was like you know you get a travel card everybody gets a travel grant so I would really encourage people to sign up it's it's a really great space with a lot of energy and especially like you know it was a really good space and I would like to see more african-american women going there and really cool

[Applause]

it's not really a lightning situation but it's a data given situation so we're giving away some gigabytes some wanna collect names and come get your data that's five gigs no suppose Oh jack oh

we've empty em data

I've got an Altima Redmond

Jimmy burgers

think it's germane or something Jermaine Jermaine Jermaine it means muncher okay

bronze Brown

nocebo but uh you know I'm seeing sponsors souther can wrap your right and don't say anything negative about that we do respond to them there is hope we know there is okay we've got some rap rap you just adjust for you

but it just for you

[Applause] alright so is anyone else who's keen to talk about anything anyone at all you're welcome to

go five minutes that's very dangerous

how it got approved about zero days and basically the idea is that the main causes of zero days to come out and we can't actually defend against two days at least that's the typical thinking problem the code and now Wow okay broken so now we and I think the idea is to try and reject and say like what can we do so it's more like defense intent and it's not just a problem the code it could be problem the firmware it could be management engine etcetera hardwood floors config thaws they're not technically all zero days is the strict definition of the unicode patch like a conflict miss up the idea is to try and figure out looking existing the releases

of zero days like the NSA and CIA and team guys the bases like these are the causes of problems that are coming out and this is what we don't this was going to come we could have done this like we had a firewall which prevented the internal management engine burning home then that might help or disable management engine certain countries and governments have X you got computing program and Intel will actually ship you then the management engine which is kind of a big clue that was never the best idea in the first place anyway so if one wants to talk about 0 days been to them and what an auditing firm where and going beyond the actual hosts if that's

where the problem is like management engine you've got beyond dead you firewall on well you have a route or a switch which is gonna take the traffic they try because I'm very interested and thanks

ok does anyone else have a lightning talk that they'd like to present if not we'll take about a 10-minute break and we'll set up for closing I don't all right I'll need a minute to get set up but I'll give a quick lightning talk actually

I'm gonna get started sorry for the long set-up time and the terrible resolution this isn't gonna work too well I didn't think but we'll give it a try and so this is I'm doing the infinite masters at Rhodes that Barry was mentioning in his lightning talk so for my research what I did was take a piece of software that's about ten years although was written in Rhodes University by another student in order to visualize network network traffic and it was written about ten years ago it was used there and it wasn't really maintained so it was a bit out of date so for my research I took this piece of software updated it added features

and all that type of thing and so if I can get this working you can load up a packet capture file and basically visualize that on that 3d cube

yes yep okay so I've loaded the packet capture and this is going to be very difficult to to just sitting it up quickly so you can choose a home network which is what one of the axes you don't said that then it doesn't really scale properly you don't see as much as you could have so

yeah so you can see on the bottom there these points are basically Network events that are being plotted so that the y-axis is the port this x-axis she has the destination address and the z-axis going there the red line that's the source address so typically this would be like a port scan or something coming in from the internet into this into a network and you can see you can rotate it and basically interrogate the data and the control panel back and there are a lot of other things that make this tool useful for example you can speed it up 120 times and then you can actually see like you can see port scans and for

sweeps and things that's what these lines represent this plane at the bottom he has ICMP packets they're just getting locked they're in a two-dimensional fashion so there's no differentiation between the different types of ICMP there but yeah yes I mean that's the basic functionality there's a lot of customization you can actually do for example you you can choose how long you want points to be displayed on the screen for the default is one day if you drop it down to an hour for example you should see less depending how big this pack of capture father's I just chose one at random basically you put it down to you can actually see as I change it what number of points

display on the cube drop I mean like if you're looking at very long very large packet captures that are going over multiple months you can use that to filter out the data and get rid of the noise and what you're not interested in looking at yeah it can do a lot of other stuff but basically and it can reap there - really high speed for example like that and if I press you can make it spin one of the new features that God during my research contributed by someone at Rhodes as well

that's basically what it what it does