BSides Manchester 2019

FIM is simple right? Everyone knows how to do FIM right? I'm gonna have to disagree!

This one's gonna be a simple one answering a few questions:
- How do we get FIM out there?
- How do we centralise those logs?
- What can we do with those logs?
- Ok, so where do we go from here?

I'm talking about the full shebang, we're cracking out ELK, Wazuh, and we're gonna have a peer into Apache Metron and what we can do with that! (Ooooooh... Aaaaaaaah...)

Everyone should be excited for this one ;)

Successful cyber attacks often involve gaining administrative access to a domain within a short amount of time. This results in bad actors having remote access to an organisation’s highly confidential information, which could include client information, source code and intellectual property. Attacks like these can have a severe financial impact through incident response and the implementation of remediations taking many person hours, along with intangible damage to reputation.
To combat these types of attack Microsoft introduced the concept of ESA (Enhanced Security Administration), also known as the Red Forest, to allow administrators to administrate with enhanced security and protection. 
This talk is aimed at those considering the implementation of the Red Forest but have not yet had the time to investigate in detail. The architecture and logistics of building the RedForest will be covered, along with 
Privileged Access Workstations (PAWs), which are given to all administrators as part of the Red Forest build out.
Windows Administration experience is presumed; the talk will provide advice on the strengths that the Red Forest can offer to a company and how to get up and running quickly and effectively. Gotchas and blockers found during the build out phases will also be discussed to save attendees from hitting the same issues.

I started my path into security back in 1993 with a job as a physical security guard. Since then, I’ve worked across a wide field of security jobs on both the offensive and defensive sides, for a diverse range of customers. I can’t predict the future, but i certainly have a lot of stories to tell when thinking back to the past. Highs and lows - wins and losses - joys and sorrows. Rather than deliver any deep technical knowledge, or drop a load of 0dayz, I’d like to take a step away from my normal presentation style and tell a few “war stories” from my life in this industry. The good, the bad, and the ugly. 

As more web applications move to cloud hosting, the security landscape is changing. Whilst network & server level attacks should be mitigated (to some degree) in cloud environments, the complexity of these systems and the ease of which they can be used leads to a new scope for attacks on misunderstood, and thus, misconfigured cloud resources.

This talk will give examples of what to look for when securing or testing AWS setups, guided by flAWS, an online playground for exploiting vulnerabilities with AWS in a safe environment. The talk does not require knowledge of AWS, and the resource is free online for those who want to continue learning afterwards.

(note for organisers: I have permission from the writer of this resource to use it in a conference setting)

During this talk we will explore how DevOps principles can be applied to red teaming, focusing on the implementation of a custom CI/CD pipeline to automatically consume, build and deploy existing and custom tooling to an environment in a manner agnostic to any command and control framework.
 
We will explain how this approach can not only significantly reduce indicators of compromise, but also introduce the capability to programmatically and automatically protect all your tools from DFIR.
 
Following the talk, we will release redpipe, a custom CI/CD pipeline developed by MDSec for use during red team engagements.
 
The future of red teaming is offensive development.

Ethical hacking, ethical living - how to devise your own moral code and live by it whatever you are doing.

The internet isn't fair, bots and automated threats make up the majority of web traffic and while they are not all bad they do pose a wide range of risks to businesses web apps. The talk is a tour of the bot eco-system and how bots are posing threats many aren't even aware of, from underground cheese markets to buying a single left shoe there is a weird world of bots to explore. We will also touch on how your friends and family might already be part of a botnet and not even realise it.

The talk is based around the collective negative experiences of Nettitude's Red Team and how through these losses the team has become stronger, more successful and ultimately "winning" by improving the blue teams they are up against. The talk will describe some of the failures in OPSEC, difficulties in accessing/compromising objectives and how these losses have led to the development of new tools and techniques as well as creating an environment where adversity on an engagement is merely an opportunity to become better as a team.