Skip to content ↓ | Skip to navigation ↓

Today was another successful day at BSidesSF, with more insightful presentations and an animated crowd ready to learn.

Although there were a handful of intriguing topics to choose from, my time only permitted for a half-day of sessions.

You can watch most of the videos at IronGeeks’ website, and most of the presenters announced they would make their slides available within the next couple of days.

Here’s a quick recap:

How SecOps Can Convince DevOps To Believe In The Bogeyman

Speaker: Leif Dreizler (@leifdreizler)

Watch Here (Source: IronGeek)

 How SecOps Can Convince DevOps To Believe In The Bogeyman

Leif started our day discussing the importance of integration between SecOps and DevOps. Although Dev and Ops teams traditionally have different goals, Leif explained combining the two would help build a new fence, moving security as close to the code as possible. This integration is core to agile software development, giving us the capability to deploy code more frequently or continuously, as well as increase speed of release cycles. However, builders and breakers are different and are often seen as adversaries. In order to change this perspective, we should work towards educating developers about the security implications of the code they write. As Leif said, everyone has to care about the process. By decreasing the friction between Dev, Ops and Sec, they will begin to feel more comfortable collaborating with one another.

Ground Zero Financial Services: The Latest Targeted Attacks from the Darknet

Speakers: Jonathan Curtis

Watch Here (Source: IronGeek)


Jonathan Curtis began by discussing the increasing number of targeted attacks against the financial services industry. Curtis explained the most common attack vector impacting banks comes from botnets, and the biggest exposure is seen following an acquisition, likely due to the large number of changes that occur when the two companies merge into one. An interesting statistic he found from his experience was the rather short time it typically takes for an announced CVE to go from a vulnerability to an exploit, which is only four to six weeks. Curtis encourages the industry to increase information sharing among trusted groups, and closed with a few other takeaways:

  • Automate where you can.
  • Create honeypots on a VPN – build and restructure these.
  • Publish your work.
  • Think about consuming data.

Phighting Phishers’ Phake Phronts

Speaker: Kevin Bottomley (@k3v_b0t)

Watch Here (Source: IronGeek)

Phighting Phishers’ Phake Phronts

Kevin, a security analyst at OpenDNS, gave an informative talk on modern phishing techniques. RSA recently estimated the loss of more than $453 million in December 2014 alone due to phishing scams. Kevin walked us through the different techniques leveraged by attackers:

  • Spear phishing = a form of social engineering aimed at garnering trust between sender and receiver in an attempt to steal usernames and passwords, credit card numbers, etc.
  • Clone phishing = an attacker learns as much information about the person it is trying to phish in order to send a highly targeted email.
  • Whaling = phishing targeted at CFOs, CEOs and other high-level employees in hopes of attaining sensitive/financial information on the company.

As part of his talk, Kevin showed a video demonstration of how an attacker may go about creating a fake website, which turns out can be very inexpensive (less than $15 for a domain name and server), and relatively easy (as fast as 6 minutes from inception to deployment). If you run across a phishing site, Kevin recommended notifying ISP, the domain registrar, the site owner, or even the web browser.