Tuesday, 4 September 2012

Deep INTEL Day two

Another good day at DeepINTEL, combination of talks on APTs, security intelligence gathering, social media and evasion techniques.

So if I had to pick my two favourites (other than yours finux!) from day 2 it would be

Massive Storage - Richard Perlotto (of Shadow Server fame)

Richard's talk had tech-awesomeness stamped right through it.  The Shadow Server Foundation does some really cool analysis and intelligence gathering.  Have a look at their site to get a good idea, I'll never do it justice here. http://www.shadowserver.org/wiki/.  Richard went into the details on how they handle the sheer volume of data that they have to work with.  We're talking petabyte storage requirements without EVAs or SANs, relational databases are out,  Hadoop HDFS and Casandra are in, and some custom software to do even more index and data management.  Without doubt my favourite slide was the server density pic, where they show the servers are mounted vertically rather than horizontally as this allows more to be squeezed into a rack.  The shelves were straining and lights were flashing.  Couldn't look at it without wanting one!

Facebook and you - Jonathon Deutsch

Here's Johnny!  Nicely delivered presentation showing how intelligence gathering can be done by the various government agencies by crawling through Facebook profiles and the default settings for friend lists.  The concept of Facebook-hardening was interesting although quite counter to what facebook is all about.  Some good examples of where certain nation states had crafted fake profiles to try to get intel on military personnel.

The day has been stacked with discussion on mass malware, advanced persistent threats, and how to respond to them.  Add in some antivirus evasion and DNS tunnelling examples and the audience were well engaged.

Hope I get to speak at a Deepsec event again, the guys run a good con.  Everything ran really smoothly, scheduling was kept on top of and the venue was top notch.  Highly recommended.

No comments:

Post a Comment