For those who haven’t been to my blog before – welcome! My name is Sophia and I am EUROPE’S BEST NEW SECURITY BLOGGER OF 2018. Yep, that’s right – I won! After a successful video panel at InfoSecurity Europe (and meeting some great new connections) I adventured through London to attend the European Cyber Security Blogger Awards where I was pleasantly surprised to win the “Best New Security Blog” title of the evening. So, may I take this time to thank all my followers, friends, and connections for their ongoing support in my rise to 1337 hacker from script kiddie.
After a wonderful evening lugging quite the large trophy with me through a crowd of congratulatory messages and celebratory drinks, I then returned to my hotel room to undergo some final preparation for my BSides London talk – “From n00b to 1337: A CTF Story”. And then the day arrives.
Like anyone before their first conference talk, I was shaking like a leaf – you could hear the sheer panic in the fluctuations of my voice. But with a brisk “pat on the back” and pep talk from my mentor in the morning (Shoutout to Rory – the best mentor around!) I was ready for this. For if not now, when? As suggested from my mentor, I slipped my way into the Rookie Track room the talk before mine to adjust, judge the room size, and well – accept my unavoidable fate of utter disaster.
Before I knew It, it was 12:05pm and I was being called upon stage.
I pass my green tea (my pathetic attempt in calming my nerves) over to my good friend Sarah (shoutout to @G1nge98), turn on my computer and scan the room. Good Lord it was packed, I only knew a handful of people who kindly said they would come support me – you know who you are, and thank you, it really helped my nerves! But you know what, screw it. I made it this far – I might as well do it now! My mentor announces me, I start my slides *deep breath*.
It was over fast, not only due to nerves but it was literally over fast. I rattled through it, and before you know it – I ran out of slides and content. Lucky for me, an abundance of questions came from the audience, filling out my allotted time nicely – but I knew for next time, breathe, take your time and stay calm.
Regardless it was an amazing experience and an honour to speak at BSides London. I received a lot of positive feedback, and apparently the room reached full capacity mid talk as well! Definitely, a success.
So InfoSec Europe and video panel, check. European Cyber Security Blogger Awards, check. BSides London and Rookie Track talk, check. But you see, there’s no rest for the wicked… It was time for my next attempt at re-qualifying for Team UK.
The following week after my collection of conferences and commitments in London, I jet-setted to Manchester to compete in Cyber Security Challenge UK and the NCC Group’s Face-to-Face competition in an attempt to be a member of Team UK again and qualify for the grand final of cyber competitions, Cyber Security Challenge UK’s Masterclass.
After meeting my team, Team Lovelace – and completing a trivia as a quick ice breaker, I knew this was going to be a good’n. The day of the competition rolls round and running on two hours sleep (due to nerves) and a couple cups of caffeine I was ready once again to tackle this challenge. For the purpose of this blog, I’m going to compress the day into three phases and write about the main activities I was involved with.
First phase: Log Analysis. Hazar! My Security Incident and Event Management unit at university has come into play. From the brief we knew a client’s network has been compromised and through thorough log analysis from both access and proxy logs we identified a suspicious originating IP address and several security flaws. Including a beautiful admin/admin credential set, the ever so gorgeous lack of authentication for an upload page, evidence of dashing privilege escalation reconnaissance and a mesmerising web shell on the primary company web application – ah, music to my ears.
Second phase: Host analysis. Oh boy, don’t you love having RDP access? Granted access to the infected host, my team and I combed through the host (with some of us analysing the host through a dump in Autopsy) and identified a RAT (namely QuasarRAT - https://github.com/quasar/QuasarRAT) masked as a malicious executable – oo, more security things! Yay!
Third phase: Remediation. *cracks knuckles* Let’s bring out the management of my cyber security degree. So, the final few stages were split up between the team, with half of us tackling a second web shell and the other half (the better half, obviously) tackling the remediation plan proposal for the “client”. We wrote out recommendations from both technical and management perspectives, aiming to target everything that we discovered on the day – however, shortly realising that realistically we could not implement it in an hour. After a quick re-write of “immediate” remediation and “future” remediation we were then ready to rumble, tackling the lack of authentication, removal of malware and the writing of a sweet current threat analysis for the client.
Throughout the event we were instructed to produce both technical and non-technical reports and updates for the client – of which my team excelled in, and we were even notified that we produced some of the best reports that some of the assessors/mentors had seen (win!). I mostly wrote the non-technical reports, due to the nature of my degree and my ability to beautifully translate technical jargon into C-Suite friendly understanding – and honestly, I weirdly love it. Overall it was a challenging and amazing day, with our team securing 3rd place overall. I learnt loads about things I don’t usually dapple in (big up host analysis) and quite enjoyed spending at least a good half of the day addressing “management”. I made some great new connections and reconnected with some old friends – a massive thank you to both the NCC Group and Cyber Security Challenge UK for hosting an amazing Face-to-Face.
Oh yeah, minor detail I forgot to mention… I qualified for Team UK AND the end of year Masterclass competition again (double win!)
For now however, I’m hanging up my RTFM, Lockpicks and Arduino for a month whilst I have a (well deserved must I say) month long R&R holiday in Singapore before I start a year with Information Risk Management Ltd. In Cheltenham as a Junior Security Consultant and Pen Testing Intern.
It appears I really am on my way to becoming a 1337 hacker, who knew?!
For now – ciao, I’m ready to enjoy some (light) hacking in the sunshine.
Comments