Paraben Forensic Innovation Conference 2018 Takeaways
his year the Paraben Forensic Innovation Conference from Paraben Software returned to Park City for one of the best security conferences of the year. The conference yields great conversation, educational and collaborative deep dives into emerging trends in cyber forensics, and an incredible sense of community among many talented security professionals.
In my opinion, there are three general types of information security conferences. First, there are industry conferences which are often heavily focused on product demos. Basically, the security equivalent of a car show. The second type are purely academic. These conferences include great tech talks, but ultimately the attendees seem to play a game of “stump the presenter”.
The last, and best, are practitioner conferences. At this type of conference, attendees actively participate in hands on labs and are there to expand skill sets. At these conferences, attendees revel in sharing ideas, tricks, and tips. This is what the Paraben Forensics Innovation Conference (PFIC) is.
There was an informative session on collecting data from IoT integration hubs (think Amazon Alexa) from the founder of Paraben, Amber Schroeder. The wealth of information stored on these types of devices is frankly astounding. Amber led an awesome hands-on lab using the E3 tool suite to access data.
Another interesting session on network based forensics was led by Mike Raggo from 802 Security. This talk focused on the explosion of IoT and how it offered a treasure trove of data for forensic analysts.
This year, I was fortunate to speak about automating packet analysis with PacketExaminer and Python. During incident response analysts will perform packet captures and analysis. These steps can be tedious and require advanced techniques, and most investigators tend to get a bit overwhelmed when a packet capture is put in front of them. PacketExaminer is an open source project released under the GPL that’s goal is to automate both routine and advanced analysis. This tool is not only meant for DFIR but also for security analysts who need to determine where data is flowing and what that data is. The tool has the ability to perform data analysis including creating network maps, extracting all DNS queries, all HTTP URLs, creating reports on top IPs/flows/bytes, and performing automated file carving and geo location. My lecture also covered using python tools like ScaPY, NetworkX and others to perform advanced analysis and pen testing.
I went through step by step examples regarding the topics listed above, including sample code. View the slides and code covered during my session hosted on GitHub here.
There are plenty of great conferences to go to, but make sure to look for one like PFIC that provides great technical content and a great vibe. PFIC includes a casino night where everyone bets with free chips, encouraging attendees to talk about non-tech stuff for a few hours. This is quite the feat in a field full of introverts! If you decide to attend next year, stop by and say hello! As always, feel free to email me if you have any questions firstname.lastname@example.org.
Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes aperture of attack by more than 80% with just half the effort of traditional solutions.
Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.
Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.