Our Developer Alex recently attended BSides Cheltenham on behalf of The Cyber Scheme, here is an account of his day there:
On the 3rd of June I attended BSides Cheltenham hosted at Cheltenham Racecourse. BSides is a conference for anyone with an interest in Cyber and Information Security. Upon arrival, I was struck by just how laid back the atmosphere was. I was quite early due to my excitement, and people were already getting coffee, talking with the exhibitors, and each other. I joined the queue for my swag bag, badge, and programme.
The swag did not disappoint.
A branded BSides T Shirt, Cap, and Water Bottle were present along with an excellent programme laying out the talks, and methodologies behind the conference.
The badges designed by Punk Security, were extremely cool! It was a circuit board shaped like a DeLorean, components can be attached to the badge in order to make the headlights glow and flash. Simon Gurney, the designer of the badges, gave a talk on how he designed them. He revealed they contained a small mini game, activated by a button press sequence. A great little easter egg for those who attended his talk.
After grabbing a coffee, I sat down and made small talk with various attendees. Everyone was very friendly, and from a diverse set of I.T Security Roles with varying levels of experience. It was then time for the Keynote. The original keynote speaker had dropped out, Dr. David Abrutat from GCHQ stepped in to fill the slot. Giving a fascinating history lesson on the origins of signals intelligence in Britain, the roles it played during the War, and its development of the first digital computer.
I then moved back out into the exhibition area to grab yet another coffee and have a look around the exhibitors: Culture AI, Corelight, North Green, and Infosec to name but a few. Further into the exhibit was the lock picking and car hacking village. The car hacking stand was of particular interest to me hosted by Mintynet.com. The entire electronic system of a Peugeot had been recreated outside of the car, with various sensors and dials allowing you to control different aspects of the vehicle. It was a very inspiring stand, that has given me more than a few ideas for my own implementation.
After a very delicious BBQ lunch, I attended a talk by James Stevenson: Identifying Rogue Android Devices | The World Of Android Attestation. This was my favourite talk of the conference, largely focusing on the API calls made by googles safety net software. I found it extremely interesting. The way the talk was presented was also fantastic, each slide was clear and concise, and even the most technical aspects were conveyed clearly. The duality of the talk was also interesting, Blue Teamers could use the information to make sure that they were seeing the behaviour and calls that are expected on the device, and Red Teamers could use the information presented to circumvent these measures.
After drinking yet more coffee, I settled in for the remaining talks, all of which were a nice mix of highly technical and more conversational. I would love to see the event grow, keeping the same mix of experienced and new speakers. It would also be nice to see an expansion to interactive sections of the exhibition, such as the lockpicking and Car Hacking as well. I will definitely be back next year on behalf of The Cyber Scheme.
