Getting a Golden Ticket: Fire Eye Summit 2018
Receiving a Golden Ticket
I was scrolling through Twitter and saw a really cool retweet from @jessploit about tickets being given for training classes and a security conference. Previously I attended a 2 day Black Hoodie bootcamp at Google for Web Security. I really wanted to learn more about web vulnerabilities. I jumped on the replies real quick with the entering hashtag and was given the 10th ticket! This was the last available ticket before rolling out the waitlist! I was instructed to DM @ItsReallyNick to get set up for the summit. He definitely trolled at first replying with, “Hey that’s not real that’s a marketing stunt” but jokes aside he wanted to share training passes from the employees at Fire Eye with the online community. After I selected my training class, Nick provided a code to sign up for a Red Team Training and attend the conference free of charge!
I received confirmation for my 2 day training and conference attendance. I realized afterwards as someone who was in between freelance jobs I had no idea how I was going to cover travel expenses to DC. I reached out to Rachel Tobac — chair of the WISP board- about ideas for covering travel expenses. She suggested I start a GoFundMe and she would promote it via her Twitter. So I immediately started typing my campaign! It was around 11pm when I finished. My friend @djnemec proof read my story suggested I added cost breakdown for transparency and I published the campaign around midnight. I was sleepy and set a time to tweet the campaign out next day early morning.
Fund Raising: A Communal Effort from the InfoSec Community
Let me tell you the #infosec community of Twitter is W I L D. I mean, with the support of the amazing Rachel Tobac my GoFundMe campaign reached the goal in A DAY. Actually, not even a day. I posted the campaign at around 8:30 am on Twitter and by 2:20pm the same day the goal was reached. Roughly around 7 hours! People from all over the infosec security community came through providing donations. Shock after shock I was excited to be getting closer to the goal. Around $920 was left to cover travel expenses. Notification from retweets and were pouring in on Twitter from the campaign. I received a ping asking if I would be interested in getting air miles (which I had no idea they were). I DMd the contributor she explained air miles are points earned after flying with an airline a bunch which can be exchanged for flights. So basically she wanted to use her points to get me a direct flight to DC. I was moved by @bethlogic generosity of who sponsored my full flight.
After the generous donation the amount left to complete the GoFundMe was $302. Enough to cover the cost for a single Airbnb room for 4 nights. Just as I tweeted a notification of the remaining amount, another infosec angel @jmcmurry donated the full remaining amount plus more. The goal was reached. I was just in awe. I could not believe it. I received so much support. Thanks to all the angel sponsors from the amazing W I L D #infosec community on Twitter.
The Day of the Creative Red Teaming Training:
First of all let’s explain red teaming: it’s targeting an organization by leveraging weaknesses in Processes, People and Technology and executing techniques, tactics and procedures that real life attackers would use. So put simply, a corporation suspecting or wanting to know weak points in their system pays you to dress up as the bad guy and attack them as if you were a real attacker.
What was really cool about the training-aside from the open source hardware badge received- was, it was led by red team leads from Mandiant a Fire Eye cybersecurity firm. Meaning, they shared their personal techniques based on hands-on red teaming missions with customers. While, we quickly browsed the web security section, (which is what I was interested in). I learned about some great topics such: creating listeners for payloads, social engineering , privilege escalation, persistence techniques , Open Source Intelligence (OSINT) and a bunch more.
Open Source Intelligence (OSINT), is using publicly shared information found on sites such as Pastebin, social media and data dumps to achieve objectives. It was one of my favorite topics to learn about. For example, if you want to lead a spear phishing email campaign you can use sites such as LinkedIn to cook up a script for the email naming convention of Corporation X then sent your emails. Similarly, you can look through Corporation X’s job postings to find out what tech stack they use to get an idea of what technologies you are up against.
For those interested in the tools used for the training we used used two virtual machines. One loaded with windows 7 the other was Kali Linux (Rolling Distro). To name some of the tools used in the training: Cobalt Strike, nmap, Powershell, EyeWitness.
The Summit Experience:
Being at the Fire Eye Summit was such a surreal experience. Speakers such as the former CEO of Home Depot, 64th United States Secretary of State and many others! More importantly, met some of the people who supported me to travel to the summit such as Sharat Ganesh from Fire Eye. I had a lot of fun freely walking into talks from DARPA managers, FBI agents and all the brilliant tech leads of Fire Eye.
Some golden nuggets learned from an executive talk from Holly Ridgeway Executive VP and CISO (Chief Officer of Security) of Citizens Financial Group. She mentioned after a company encounters a breach, and you are a CISO get ready for bricks to come down on you. First of all, as a CISO you need to get it together. Secondly, when you go to talk to the board. You are probably going to need to ask for a higher budget to ensure you have the sufficient resources to prevent another incident from happening, maybe invest in continuous red teaming processes .To get approval for a higher budget don’t start spitting out technical terms. Put the incident in terms the board cares about. For example: How long can you be website being down? How many customer’s credit card liability could we cover?
Another golden nugget was taken from the talk ATT&CKing FIN7: The Value of Using Frameworks for Threat Intelligence by Katie Nickels threat intelligence lead at MITRE and Regina Elwell senior threat analyst at Fire Eye. They did an in depth dive at the techniques used by FIN7 a billion dollar credit card stealing group of attackers. What stood out was when they talked about the brilliant social engineering techniques used by FIN7 to complete attacks. For example, when FIN7 pretended to be no other than the FDA and contacted large food corporations. We have all seen the sketchy “You won a 10000 trip to Miami with Beyonce!” emails in the spam folder but how ingenious is it to use photoshop to make an FDA looking document declaring concerns over food production attached with a Microsoft document attached with a bomb of malicious macros embedded waiting to be executed in the background? To say the least FIN7 really enjoys living on the edge.
I was very lucky to attend the summit thanks to the WILD infosec community on Twitter. WISP, Fire Eye, and all the donors @bethlogic @jmcmurry @SharatGanesh @tmslft @djnemec @melsecurity @torresariass anonymouse kyleLady thank you all so much!