Yesterday was my first time attending Knoxville’s BSides security conference. Shout out to the event organizers! I arrived to discover a programmable board for an attendee badge:
Most of the talks were given from the perspective of system administrators or security researchers, which can be difficult to apply to software development. Still, it’s interesting and insightful to get a picture of the cybersecurity landscape in 2019. Some notable talks:
- Extracting the Attacker: Getting the Bad Guys Off Your SaaS by David Branscome reviewed common attacks on the Office 365 SaaS platform, along with strategies for security hardening and incident response.
- UNIX: the Other White Meat by Adam Compton and David Boyd discussed old and new attacks on a variety of UNIX operating systems.
- Building a Bridge to a Legacy Application - How Hard Can that Be? by Scott Ford presented a case study on reverse engineering a legacy database system.
- Exploit development for penetration testers by Adam Reiser walked through a Linux privilege escalation exploit using dmidecode. Example code can be found on Github.
Thanks to all the speakers! Looking forward to next year.