Recently I had the opportunity to present at a few local security meetups, and one international security conference.
At the start of 2017, I set a loose goal in the back of my mind that I would like to "get out there more" and "speak about the things I do". Little did I know at the time that this would actually eventuate; leading to me having a pile of great experiences, and meeting some really cool and talented people!
- SecTalks Canberra (November 14th, 2017; Canberra, Australia)
- CSides Canberra (November 17th, 2017; Canberra, Australia)
- "Gophers, whales and.. clouds? Oh my!"
- "Gophers, whales and.. clouds? Oh my!"
- BSides Wellington 2017 (November 23-24th, 2017; Wellington, New Zealand)
SecTalks Canberra is a monthly security meetup with more of a focus on participation and learning from others, rather than the traditional 'super awesome technical talk but how do I do it' style of things.
Hack FaaSter: Leveraging Docker and OpenFaaS for fun and offensive (security) profit.
Slides, workshop files and more details are available from the 'TL;DR' section above.
I had the opportunity to present a
v0.2-prewlg-alpha version of my BSides Wellington talk, and get some practice and feedback in before the big thing.
Gophers, whales and.. clouds? Oh my! (v0.2-prewlg-alpha)
Slides and more details are available from the 'TL;DR' section above, as well as the BSides Wellington section below.
BSides Wellington (Twitter) is an annual security conference (based in Wellington, New Zealand) that ran it's first event in 2017. Popping up to fill the void left by Kiwicon (Twitter), they had a strong first event, and hopefully will continue that trend into the future!
Gophers, whales and.. clouds? Oh my!
Slides and more details are available from the 'TL;DR' section above.
You can read the official brief of my talk:
Go, Docker and Microservices; some great technologies and buzzwords that we hear so much about on the development side of the fence, but how can we leverage these technologies to improve our offensive capacity? Armed with a passion for new tech, a vague theory, and an ‘nsa-o-matic’ approved project name; gopherblazer was born.
Whether through dockerising and improving existing tooling, leveraging Function-as-a-Service (FaaS) offerings, or just distributing offensive capabilities; I’ll share what I learned on my journey into improving my offensive capacity and productivity (while having an excuse to play with shiny technologies along the way!).
And I can even now say that I have a professional speaker bio:
Glenn ‘devalias’ Grant is a full-stack, polyglot developer with an acute interest in the offensive side of security. Whether building something new or finding the cracks to break in, there is always a solution to be found; even if it requires learning something entirely new. If you can improve/automate something, do it, and if you’ve put the effort in to do so, open-source it and share it with everyone else.
When not hacking and coding, Glenn can be found snowboarding the peaks of Japan, falling out of the sky, floating around underwater, or just finding the most efficient path between A and B (even if that’s over walls). Life is short. Do the things you love, embrace the unknown, live your dreams, and share your passion.
Overall, the conference was amazing. As expected, there were a number of deeply interesting technical talks, but as a bit of a twist from traditional security conferences, there were quite a few talks that focussed on mental health, impostor syndrome, and other 'culture based' topics that so often go unmentioned in the infosec industry. Very much appreciated and would love to see this sort of thing happen at more conferences in future.
If you missed the talks, or want to go back and re-watch them, videos should be posted online at some point (once the organisers recover from running the conference). A lot of the presenters also seem to be pushing their slides/content out online. Here's a selection of the few I've stumbled across so far (in no particular order):
- Glenn 'devalias' Grant, "Gophers, whales and.. clouds? Oh my!" (Twitter)
- Ben Hughes, "Layer 2 person spoofing and impostor syndrome" (Twitter)
- Serena Chen, "Design for Security — BSides Wellington 2017" (Twitter)
- "Alex", "Operation Luigi: How I hacked my friend without her noticing" (Twitter)
- @jenofdoom, "Give your users better feedback about rubbish passwords with zxcvbn"
- Simon 'bogan' Howard, "Influencing Meat Puppets Through Memes" (Twitter)
It looks like there are also some good summaries, notes and writeups of the conference popping up around the net. Some places to start looking:
- B-Sides Wellington - Day 1 (Notes) (Twitter)
- My Talk: Gophers, whales, and clouds? Oh my.
- B-Sides Wellington - Day 2 (Notes)
- BSides Wellington Badge Challenge (Twitter)
And of course, Twitter is always full of content when it comes to the security industry, with 3 hashtags mainly being used throughout the conference:
While at times I was definitely feeling the stress and pressure of having a few looming deadlines, and at times possibly not allocating enough time/energy/focus to working on them as I would have liked, it has been a great experience, and left a smouldering flame of passion to speak at more events in the future.
Know of any other writeups, slides or tools; or got a cool story to share from BSides Wellington? Would love to hear from you in the comments!