BSidesLondon 2014 Closing Ceremony

quick closing session like we did last year. So, prize giveaways and things like that and a few thank yous. We'll start off with the prize giveaways. So, this year um so Alec Waters, if you don't if you don't remember him, he was one of our biggest challenge um players last year and he won quite a few things. Um, so this year he actually volunteered to run the challenges with a couple other guys. So he's going to present the challenge challenges and the prize and the winners of the challenges. Righty ho. Um, just when you thought the uh the rookie track was over. Um, woo, it's me. And um, yes, I'm a rookie. Um, it uh, it it turns out that it is

frowned upon for the for the challenges team to keep all the prizes for themselves. So, um, apparently we have to give them out. Um, so challenge number one, we had five challenges this year. Um, they were all absolutely top banana and challenge number one was the bot hunter and it was by Gareth Owen from the University of Portsmouth. Prize on offer.

prize on offer was a copy of practical malware analysis courtesy of Nur starch press and um Gareth. Hello everyone. Uh my name is Gareth Owen. I'm from the University of Portsouth. I run the digital forensics program. Uh this is my first bides and I volunteered to do a challenge and to give a presentation which is probably an unwise idea when you've never been to a conference before. Um so this year's challenge was based on a final year unit that we have uh that is essentially malware analysis. Um it's not your sort of what you might expect if you've come across universities which do malware analysis. Um certainly what I've heard from talking to people is a lot of

malware analysis units are sort of very low sort of not very low level. They teach you sort of just behavior analysis putting stuff through automated tools. Our malware analysis unit is IDA for 12 weeks. The students love it. Honest I swear they will love it at least by the end of it. Um so essentially I repurposed the coursework uh uh for this year's uh bides challenge. It is a botnet or is a was a botset as it were. Uh you got given an executable file. Uh it connected to an IRC channel which was a command and control server and from the IRC channel you could initi uh send commands down to the bots and get them

to do things. Uh big thank you to Alec for all the help he gave me in in sort of setting up and what have you. Um and also for telling me that it was probably a bad idea to let participants control each other's computers and uh insert stuff onto onto their things. So I think uh we've got uh two winners. I will just say the quality of the submissions was extremely high. Having entered a competition, I think one of the B-side challenges last year, I think I wrote half a paragraph and thought that would secure me the prize. Uh most of the submissions were in excess of 10 pages and the quality was extremely high. I

was very very impressed. So it's very well deserved to the two winners. Yep. The uh the winner of the book is um Leu who's presented today. um he's had his book already because he had to go early and um the second place winner, do you know what? Won a ticket um but he couldn't come. So I tried to give it to someone else and they already had one and I tried to give it to someone else and he already had one. So um we've had about a million second place entries um all of whom are here I hope. Thank you. No, no, this is for this is the second one. It's all it's all very confusing.

Look all will become clear. Challenge two uh was from uh KPMG by Anthony Cox and putting the prize into surprise. The prize is another copy of Practical Malware Analysis. Um and uh yeah, this year's winner um not only did he did he win the prize, but he's had to do battle um with several countries bureaucracy to be here today. Um tell you his name in a minute, but I think we have Chris from KPMG. Hi folks. Um, for those who are here at the at the 11 o'clock talk, you'll know I'm not as as um big as Steven Bonner. Um, I don't dress up in wigs. I don't put makeup on and I've got no chocolates

to um to um throw out. But what I do have in addition to the wonderful book is an iPad Air. Um and I think that what makes the story even more sweet is that for a winner in this year um he apparently won last year too. But um is what um what couldn't happen was he couldn't come over because of various um visas and what have you. um on this year he can make it. Um and the wonderful part of that is on the efforts of Paul um making sure that the right authorities are contacted with the various validations for getting him over we managed to get a um visa in place. So that's wonderful news. Um

so

in terms of the challenge itself um I would describe it as nails. It was five levels of encryption and decryption techniques including some which were a bit flawed and some which involved steganography. Um that meant that the numbers who actually got close on right was very few. Uh, and the man who nailed it in this one is here today. And that's great Alexander. One of those you were getting, did you? Good stuff. Good stuff. Well done. Thanks for making the trip. I can if you want to. Hello, my name is Alexander. I'm too much excited. I didn't expect anything. I work as a network administrator and small in one small company back in Bosnia. Just to to tell

you that I'm honored to be here and thank you everyone for support all the besides team Iggy Alec and all the others. Thank you very much.

Okay, challenge number three uh was from MWR. Um this was the most popular challenge this year. Had more entries than any others. Um and it's it's quite clear from the entries that people put a lot an awful lot of thought um and effort into their entries, squeaking every last little bit of performance they could from a from a Raspberry Pi. So here we have Rob Miller of MWR. Thank you. Um yeah, massive massive thank you to everyone who who took part. Um it actually came right down to the wire. Uh so a couple of guys in the office um took part in the challenge as well. Obviously they weren't allowed to win, but just to set a benchmark that

was beaten within about a week to go and then on the final day, three people actually beat that yet again. Um so just just a massive massive thanks to everyone who who took part and just the level of entries uh was was absolutely fantastic. So, the winner of challenge three was Alex Chapman, and he's already at his prize as well, but I'm sure we could give him a round of applause anyway.

So, yeah, sorry, he he turned up at lunchtime, but obviously had to travel back. Um, whilst I'm here, uh, a quick announcement about the afterparty. So, for those of you who are lucky enough to have, uh, a wristband, the afterparty is at the Greyhound. Uh, and that will be an open bar for those with wristbands. But if you don't have a wristband, it's still a pub. It's still a public place. So, please, please come along and maybe just talk nicely to the person next to you who has a wristband. [Applause] As if I didn't run enough all day today. Take anything that's not nailed down. Oh boy. All right, challenge number four. We're nearly there. Um, this was

by DDA Stevens. Um, and anyone who is familiar with DDA's work will know that he is a person who is very very familiar uh with the internals of various um file formats. Uh, in this case, it was a doc file. And the question that had to be answered was what is the create date of this doc file? So it's obly a question of looking at the document metadata and the create date differed depending upon which file you which program you used to open the doc file. Um so two dates could be extracted that way and there was a third date um which didda crammed in as well and I have no idea what he's talking about where he said he put it um

but no one found it. So, um, do do we do we have um Matt uh from Hack?

Is Matt from the media hack here? Oh, here he comes. Sorry, I'm gone blind as well. Beer improves vision. I I understand. Obviously, I haven't had enough. Okay. Um so is there anything you'd like to say or should we just use? Uh so hello I'm from the organization of Newark and um and so we organize an event on inf late June in Paris. So feel free to come and we have some tickets for the challenge winners. Okay. So the uh the winner this time around is Victoria Woolberg. [Applause]

Thank you. The other ones is for winner tickets. That's for

Okay, challenge five, last one, is by me. Um, prize for this one is a Raspberry Pi and a a really rather splendid, um, custom B-size London case, um, designed by Daniel down there. Come on, Daniel, come and show it. Yeah. No, that's what she said. I'll show you. There we go. You probably can't see it from down there, but it's awesome. Um, and um, and I want one. Um, there we go. So, ah, this was just a a silly little bit of insanity involving some RAW files and some bits of QR codes and some other hints and stuff like that. Uh, and and some squirrels in a blender for for anybody who got to the

end. Um so some people went and uh and learned far more than I intended to teach. Um there there were three quadrants of a QR code involved and some people um instead of to taking the approach of finding the fourth quadrant they tried to reverse engineer it. Um I yeah with with varying degrees of success. Um, anyway, the winner of challenge number five is Anthony Cox. [Applause] Thank you very much. Congratulations. Thank you. All right. And of course, there's plenty more where that came from because we've had a raffle and there's prizes for best rookie and best mentor. We're gonna do rookie.

Okay. So hopefully most of you made it up to the rookie track to see at least one or two of the talks. Uh it was very good day. We had 21 20 21 speakers in all. We didn't have anybody collapsing nerves on the floor which really good and I think virtually all the the talks were brilliant. Well presented uh looked really good. Speakers came across really well. You couldn't tell that some of them had never spoken before. Um, we've got a a really good prize for them which Phoenix is going to tell you about. Well, first and foremost, we should give the rookies a round of applause for being awesome. Yeah.

So, anyone that was around last year will know the prize that we gave last year for the best feedback for a rookie was pretty awesome. It's equally awesome this year. So, our good friends DeepSack have given us a ticket and hotel and uh we're covering flights for uh the best rookie. We didn't tell anyone until today, but um I didn't get to see his talk, so I apologize, but it's uh Georgie uh Boyco won the uh flight to Vienna at Deep Set. Congratulations, buddy.

We've not got anything to give you, but drop me an email. And these two are the people that you should speak to, too. We also run a uh a fun little prize uh for the best mentor. What do you give a geek that's got everything or you buy him a title? Um and and some of you know that Lord Campbell Murray couldn't get parked today, but he can't be Lord Lord anymore. But we've decided for someone who uh continually gives his effort um tries to give up tries to be a great mentor, we would like to give the title Lord Brian Honen. Um

of course in true Lord style he's not actually here. Um but do feel free to tweet him and tell him he's now a lord. Okay. Um, and from me and Robin, thank you very much. You've all been awesome. I just want to put in the the final decision on the speakers. It did actually come down to five and we had to really work hard to whittle it down to the uh to the one winner. And final just special thank you to um Joseph who did the who's the uh deaf speaker who did a presentation with an interpreter. That was an amazing thing and it's the first time I've seen it at a conference. So, thanks for coming up and and giving it a

go. Thanks guys. And congratulations, rookies. What do we have next? So, the next I think the we'll do the uh raffle. Okay, so we're going to do the raffle next. So, Ben, if you want to make your way up. So Ben's done an awesome job today uh of wrangling cash out of people who want to come to a free conference and um you know get free stuff. Uh so but he's done an awesome job and thank you for everybody that did buy raffle tickets. Um Thomas, did you want to draw the first one? So this is this one's for uh let's say this is for a hack in Paris ticket. Uh Pierre, are you in the audience as

well? Okay, cool. So number is 246246. Yellow 246. There is no name on the back. Name on the back. Have we have we have we found one? No. Okay. So draw So we'll draw another one. Since there's no name, we can't really attribute it. So it's orange 24. I've got a mobile number. I'm not going to read it out. Y cool. [Applause] Okay. Uh Thomas.

So, we got yellow 198. I can't read this. Can you read that? So, you know, I was saying Ben did a really good job. Dave Davemoundmail.com. Yeah. Is he here? Email him. We'll email him. He's got He left his name, so he gets the prize. So that's Yeah, you can do it. Two. So, we've got two more hacking Paris tickets. Orange 41 and Will Steve I think. Terrible handwriting. Yeah, we'll find you anyway. We've got your phone number. I won't read it out. And again for one more hack comparator kit. Uh orange 11 Marius Clark again phone number. Okay. So I'm going to hand over to Pier just to say 30 seconds. uh about hack

comparison. Well, first thanks to the besides uh crew for inviting us as a community sponsor. Uh we are holding an event uh at the end of June. It's called hack in Paris. It will be held in uh Paris as the name states. Uh it's a five-day event with uh something like 10 trainings uh 16 talks. It's pretty nice. Very similar to Besides. It's a very classical IT security event. So, you're all welcome. Where is it this year? Is it still in Disneyland or sorry, where is it being held? Yeah, in Paris. You know how big Paris is? Well, the the event takes place uh in the Disneyland Paris uh park. Yeah, that's what I thought.

Thanks. Thanks, Pierre. Uh, so the next one will be for a 44 con ticket. Any of the 44 con is Steve or Adrian around? No. Yeah. Ah, sorry. I'll let you draw the ticket and uh so 44 con another one of our community sponsors. Uh, an awesome conference if anyone wants to go. Yellow 94. No. And a unreadable name, but we'll work it out later. I say one. Yeah. Can you make the name? You sure?

Let's draw again. Yeah, another one. Sorry. Punish for bad handwriting.

So, yellow 29, yellow 295, and there's a Twitter handle at sit4bit. Yay.

Well, I I guess you're coming to 44 Con. Um, it's early September. uh two days of technical training 9th and 10th. The actual conference is the evening of the 10th and the 11th of the 12th. Uh multiple street speaking tracks, multiple workshop tracks. Jin O'lock gin o'clock. Lovely. So we see many of you there every year. The tense is going up every year and it's brilliant. Thank you for the supporting us. Okay, so the next one uh we've got a few lockpicking sets. So let's draw

So, yellow 238 Joss at tool line tool.nl. [Laughter] You did say lockpicking tool, right? I'll throw it back in.

Did you back in? Yeah. So, if you can come back at bit 4 bit

279. Uh where do we have them with us or uh they are in the box. So that box down there. Yeah, we've got three sets. So if you can draw another ticket uh a lockpick set. So we've got three. If you can draw another ticket, do us a favor. Do a ticket. So 50. So it's um Caitlyn4495 or Catia4495. Is she here? Yay.

Congratulations. And you get to pick one.

Thank you. 203 yellow. So at McGinle, is he still here? Yay.

Is that all of them? That's all that's free, right? So, we've ne the next uh prize. Uh we we'll push on because we're short of time. Uh is a Raspberry Pi custom case like the the one earlier. This hasn't got a Raspberry Pi in, but uh we had two made up. Um well, the chap who made them up was a bit worried about drilling, so he made a spare and he did a good job with the drilling, so we've got it to give away. Oops. I I was tempted to keep it, but So, yellow 14, orange. Sorry. Uh, so it looks like Vivian Enoji.

She here. She's gone. Okay. So, we'll get her that case. I need Okay. Uh, we've got uh we've got a Steelcon ticket. So, thanks to uh to Robin. I'm going to hand over he'll say a couple of words about SteelCon while I draw it.

Check Sako at Gmail. Jacko. Well, yeah, it's Jack now.

Mr. Jacknau from tool, could you please come in, please? You just won a steelcom ticket.

While while it's coming up, quick plug for Steelcon. Uh it's the first year I'm running it or we're running it. It's going to be the weekend of July 12th. Trying to do things slightly different. We're going to make it a bit more of a family oriented um event. Friday night is going to be film and pizza night at Lotal Cinema. Saturday is a day full of talks um standard hacking stuff. We're also looking to uh go out a little bit on some other security related stuff. Also putting on a kids track. So it's we're not sure yet either a full day or a half day depending on how many kids will get signed up. Going to be building robots,

talking about being safe online, that kind of stuff. And then big party for Saturday night and Sunday we're going to get away from the keyboards and get out and do something different. whether it's Laser Quest or Walking in the Peak District, something to get people talking and get people away from screens. So, if you're interested, come along. Tickets coming out very soon. So, there you go. Okay. So, uh that's all of the raffle prizes I'm aware of. Is there anyone else that had prizes that they were expecting to give away and they haven't? No. Okay. Uh no. Okay. So, this is for the Nebula City. Sorry, Lawrence. I forgot. Sorry, it's been a manic day, Lawrence.

And um I knew that we'd miss one. Sorry.

This is for uh Nebula CTF. It's a bit of fun. uh three stages, uh lockpicking, uh a box with loads of stuff on it, and then uh a rather nice game which was meant to be Pac-Man that turned out to be Space Invaders. Um and the winner is Ben Dapau from DA.

Congratulations

Uh so we've got one more prize ceremony which is from tool for the lockpicking. Uh in the meantime, do you want to thank some people? Yeah. So uh so thanks to all of the volunteers that have um helped make today possible. Um, we put a lot of responsibility on people because it is crazy for anyone who's organized an event. Um, and there's a few people specifically I'm going to mention, but it doesn't take it away from all of the team have been done done really well. Uh, Alec for running the challenges, Nick for running registration, uh, Glenn and the crew for running the lightning track. They even made me stand up and talk and it went down really well. So,

uh, Steve, uh, Ben Wicked Clown for security and Martin. Uh, Ben for running the raffle. uh rookie track uh Aaron and Robin. Um I'm not I can't mention all of you because there's too many of you, but um yeah, you've done an awesome job today. Uh and it wouldn't happen without you. Thanks to all the participants because you know again without you we wouldn't have a conference and uh coming and just talking is is all part of besides. Yeah. So that's so for the volunteers and the crew crew type pos type work, we do look for volunteers. So if you're interested to help us out next year, please, you know, ping us at London events at securitycuritybesside.org.uk.

Um that we're always looking for people to help. Um we're we're looking for people to also join the core team to just to facilitate our our lives because we were running it with two by two people this this year. Um Iggy did help out a lot. So, I'd like to thank Iggy for helping out in the first six months because without her, uh, we probably wouldn't have really gotten kicked off. That's why we got kicked off really late as well. So, if you're interested, please, you know, approach us. And now, if we have the guys from tool to present the prize for the lockpicking competition.

So these guys, I don't know if anyone everyone saw, but I we started off the lock picking challen workshop with one circular table and when I went up there, there was about 40 people sitting there picking locks and I thought, you know, that's bloody awesome. Uh supported us last year and have come back again. So over to you. Thanks. And the customers to public speaking. Um right, who was the clever bugger who picked the lock on the toolbox? Come on, own up because you won a set of picks if you make yourself known. No, not here. Are you here? Not going to be punished. Fair enough. Oh well. Well, they didn't leave any fingerprints. Definitely a professional.

So, I'm sure somebody will know. We'll put it on Twitter. And uh the guy who joined tool who was like there for half the day, but uh strangely no one took his name because, you know, we're professionals. I must say that I'm only handling the money, not the membership. So, we're trying to reach out on Twitter. If he's here, could he make himself known? Warren may know. What's his name? He spent like two hours talking to him. So, Warren, come on. Warren, the man who never stops talking. Come on. Come and talk. One time you can't talk. I can always talk. Hello. Anyone here who knows what Tool UK is? Anyone at all? Oh, thank you. Thank you. Thank you. Did

anyone join Tool UK? Who is here? Never mind. If he can't remember, then I can't remember then. H. There we go. But from the UK. Um, there was one chap who's not here now. I'm standing up here. I can see that he's not here. So, I'll stop talking. Thank you very much everybody who picked. You were wonderful. Hopefully, it was a prize in itself. We hope hopefully you all enjoyed picking locks and learning stuff. Okay, thank you. Thanks. Thanks. So, we'll take these. We'll just do one final thank you I think. So the sponsors uh so MWR, Tennibble, Nebulus, and KPMG, they're uh you know, our platinum sports support and uh they really do put you know, this

this isn't cheap. You know, this this event today costs £38,000. I should know because I was I'm the treasurer. And it's uh you know, it's it's not cheap to put an event on in London. And what we do love is that those guys come along and they don't do the info. Sorry, did I say infosc? Uh they don't do the sales pitch and they just come and support the community. That's what's really cool. Uh, and thanks to all the other sponsors. There's too many to list. Uh, they're all in the brochure. You know, they're cool. They come and support us and and that's great. Uh, has anyone got any final points before we uh, hit the

bar? Can we get a big round of applause for these two?

Cuz

what never gets made enough about there's the bundles of the crew and we bumble along and we help out on the day and then there's the rest of the year where these two cry. I really cried and they go, "Oh, so we need to get a building. How much the building cost?" And then we need to explain to the building that we're going to put lots of people with lockpicks in it and say, "Don't worry about the silver." So, I have to say something. Glenn came up to me yesterday. He goes, "Do you know there's like four cabinets of silver everybody's going to be walking past? Are you taking responsibility for that?" And getting all the money together and

getting all the sponsors and then smiling nicely at the sponsors. And the sponsors were all wonderful and amazing people, but getting them all to give you money is challenging. So, one more round of applause because they have done more work than everyone else put together.

So, just final words sponsors as well. Uh I'll just put one more touch on the sponsors for uh uh from Paul's point of view. I'd also like to thank the new sponsors. We had a few new sponsors this year. It's really great to have you guys. I hope you come back next year. Um, and we have two more things. So, where's your pitch laptop? We've got two more things. I'm sorry. This is running over. It's I'm going to blame it on somebody, but I won't say who. Oh, while he's doing that, um, I sent out the link via email to the participants. So, please take some time to fill in the feedback form. We really

appreciate it. the speakers would appreciate it to get feedback on how they did and things like that. It's in your emails. Look for an Eventbrite email. Is this on? Perfect. Um Glenn kind of uh beat me to the punch a little bit about thanking these guys. Um but five years ago um I was actually listening to Martin Mccay's Netsec podcast and uh he was talking about this uh event that just started called Bides in um uh in Vegas and um so I went on Twitter and I thought it'd be really cool if we started this event and um uh I got loads of responses from people and uh people like Paul and Iggy and Martin

and uh lots and lots of other people like all all joined in and and we collaborated and we come up with this uh idea. of uh Bides event here in London. That was four years ago. Um so I'm a glutton for punishment and um the UK deserves another BIDS event. So I'm here to officially announce to you, if you haven't already heard um if you're not on Twitter, um that on the 27th and 28th of June this year in Manchester, um we are going to be having our first Bides event outside London. And what I'm doing here right now is uh I'm asking you for help. Um I I need help. Um I need volunteers. I need sponsors. I need

speakers. Um and I may need some more delegates because pretty much all the tickets have gone, but that there is another trunch of tickets being released. So um if you think you can help just like these guys have helped um all these guys in the blue shirts, um all the sponsors, they all helped. So if you think that, you know, no matter what your contribution, that you could you could chip in something, then um please do. So um yeah, thanks very much. And I think you should give another round of applause for for Paul and um for Thomas cuz um I know how hard they worked cuz uh um I've been there. Thanks Matt. So, we have one more announcement.

We've got uh Glenn from White Hat Rally. Thank you. Um I'll keep this really brief because I know you're desperate to go to the bar. Um White Hat Rally for those who've not seen it before, it's uh an industry event. We're all volunteers from the security industry. We raise money for vulnerable children via Bernardos. Um, basically we spend three days driving around the country raising loads of cash. Last year we raised £45,000 which a lot of it comes from you guys in the room. If you're interested in taking part um we're going to Amsterdam this year um in September. Um for some reason that destination is proven really popular. We've got 15 cars already signed up. If you want to uh

come along we've got a stand at infosc. Let us know. We're all over um social media as well. Uh white hat.org. or and finally I was lucky enough to win a Hacking Paris ticket um in the raffle. I'm probably not going to be able to make it unfortunately. So if anyone wants the tickets for a reasonable donation or we'll find a way to raffle it off um at Infosc tomorrow, come by the stand and we'll see what we can do. Thank you very much.