BSidesSF 2010 - An Alternative Conference

BsidesSF was an amazing event, and I congratulate Mike Dahn for putting together an event that ran super smooth.

All of the presentations at BsidesSF were cutting edge and highly informational. There were two presentations, that in my opinion, clearly stood out.

Gunter Ollman - Your Computer is Worth 30 Cents

Gunter Ollman’s presentation explained how botnets and malware has changed the state of penetration tests.

Penetration tests are sometimes misunderstood and it is important to understand what a “real” penetration test is. Penetration tests are supposed to replicate real attacks that an attacker would use to penetrate your network.

Gunter explains how these penetration tests have evolved over time:

In 2000, the easiest way to break into a network was to submit a job application, get the job, plug into the network, own it, and never show up the next day.

In 2005, the easiest way was to hand out USB drives in the parking lot that called home.

Now, the easiest way is to purchase machines inside of the corporation that already belong to a botnet.

I think this was a very eye opening presentation and although we have seen startup companies focused on protecting your corporate assets from becoming part of these botnets, I think we will begin to see startup companies focused on removing your corporate assets from botnets.

Tim Keanini - Computing Risk without Numbers: A Semantic Approach to Risk Metrics

The other talk that was very ground-breaking was presented by Tim Keanini, CTO of Ncircle. TK presented on identifying risk through the use of semantic language. This is an alternative and interesting approach to risk management, that uses semantic language to rate the risk of assets to a network.

After the presentation most people explained they would need to watch TK’s presentation three or four times to extract all of the information out of it. I completely agree and am thankful that all of the presentations have been archived.