Threat Intelligence Blog

Posted August 27, 2014

By Andrew Sharetts

Another DEF CON has come and gone, and with the public’s increased awareness of cyber security, it seems the conference has never been more in the public eye. We chatted with a Cyveillance Security Engineer who attended to get an insider’s perspective on what went down at this year’s event.

What was the mood like at DEF CON this year? What did most people seem to be talking about?

It seemed that everyone at DEF CON this year was in a sharing mood. Sharing information such as security-related adventures, shortcomings, accomplishments, advice, and especially contact information. The stereotypical h-word (hacker) might be viewed as introverted or anti-social; however, that was not what I experienced at DEF CON. Everyone seemed to be very lively and willing to experiment with their surroundings. Besides the typical back and forth of catching up with old friends and meeting new people, most people were talking about where the next party was and how to get in.

What was the most interesting panel or presentation you saw?

The lines to get into the presentations at DEF CON were so long that unless you queued up well in advance, you most likely were not going to get to see what you wanted. Luckily I was able to get into a great presentation called “Catching Malware En Masse: DNS & IP Style,” presented by Dhia Mahjoub, Thibault Reuille, and Andree Toonk, who are part of the OpenDNS collective. Without going into too much detail, they covered the following topics:

  • Efficient methods for tracking fast flux botnets;
  • Results of a study carried out for several months on the Zeus fast flux proxy;
  • Unique methods of identifying seemingly autonomous networks that are actually operated by one organization, which helps further to identify potentially malicious areas of the Internet; and
  • Techniques devised to efficiently discover suspicious reserved ranges and sweep the masses for candidate suspicious

DEF CON started out as a hacker conference. Has it changed now that many big tech companies have a presence there?

DEF CON’s hacker presence is indeed quite intact and, if anything, has grown in all aspects. At DEF CON, the big tech companies do not have as much of a presence as they might have liked to because the core group of DEF CON organizers try to include a diverse group of vendors. Black Hat is more for the big tech companies who are trying to recruit, market, and sell their services.

What was your single biggest takeaway from the conference?

The interactions and conversations with other like-minded security professionals are definitely the biggest draw for me. For example, as a participant of BSides Las Vegas, I was honored to be a member of a Capture the Flag competition known as Pros Versus Joes. As a member of the Joes team, Dentata, I met some very talented individuals, including a Red Teamer at Google and a Senior Security Specialist at Citrix. These interactions enabled me to learn new and different methodologies and tactics for actively defending and securing the various software, network devices, and host systems which were present in the CTF environment.


Additional Posts

Navigating the Threat Intelligence Hype

Having returned from Black Hat USA 2014 it has become apparent that threat intelligence is nearing ...