So yeah I went to Bsides Canberra with the awesome Bsides bus sponsored by SecEDU. Didn’t have much time to do sight-seeing but maybe I might have time to do it again next time around!


Things I did

Context Security were holding this red teaming/penetration testing simulation called Operation Par00t.

There were multiple routes to get to the final objective which was to lift up a drone! I invested waaay too much time into this competition with my squadmates Lena, Joshua, Flora and Michael:

dronehack_play

Although we didn’t win (an industry professional who had been pentesting for 3 years managed to lift up the drone and won) we did get 2nd place for popping the first flag. We all contributed in some way too!

There were loads of neat attack vectors/entry points such as

  • Django webservers with debug mode left on
  • Wordpress admin accounts with default credentials

However, most of us didn’t really have that much lateral movement knowledge, it was definitely a good experience to know that there is much to do post-exploitation compared to the exploitation process itself!


In the end we won a medal and got to take a nice group photo with one of the organizers — Gerard Kelso, from Context Security 🥇
dronehack


Things I did but not so much

I also attended a few talks, some notable ones included

  • Operation Luigi [Blog] [Talk]
  • Social Engineering FOI (freedom of information)


There was also badge soldering which I found quite fun, it was called the Busside — (my second foray into Hardware Hacking, not experienced tho)

It has UART and JTAG inputs which allows access to debug ports on stuff like routers:

  • the manufacturers may block/seal the ports but there are ways to bypass
  • if memory corruption vulnerabilities are present in the firmware then it is possible to pop a shell! :shell:

Although I have not tried this, I am quite interested one day if the oppurtunity presents itself :)

(in other words I’m lazy and don’t really wanna fork out money for other equipments haha) busside


There were also locksport events, tamper evidence workshops as well as a CTF but I didn’t take part as I was busy with the drone hacking stuff.

Walking around Canbera was quite fun as well, they actually have city-wide free wi-fi which is pretty neat but as my local friends warned me, it is not as lively as other cities hahaha

Didn’t have much time to do sight-seeing stuff but maybe next time I can check out the gardens/museums :bank:


Things I should have done more

I wasn’t really active during the after-parties as I was still shy and didn’t know what to say, so I just stuck with friends and went home early instead of joining in conversations and networking.


Looking back — those were precious moments that could be used to network with people from all parts of the industry, in a booming industry like this sometimes one conversation could change the entire course of your career path. I shit you not.


So many times I got lucky or were given opportunities just by talking to individuals or knowning a mutual friend and getting a foot in the door…

Looking forward to BsidesCBR 2019 !