My first real cybersecurity conference/event in Florida was B-Sides Tampa. It was hosted at University of South Florida (USF), The Muma College of Business.

Agenda for BSides Tampa X 2023
Agenda for BSides Tampa X 2023.pdf
48 MB
download-circle

Vendors, Panels, and Unicorns?

It was honestly pretty cool talking to all the vendors and learning about the different products and services out there. Everyone was super friendly too!

Nothing against any of the speakers but I'm personally not really keen on panels because I always feel like its sort of useless (or rather not actionable) thought leadership ๐Ÿ˜…. But I'm always hopeful that someone will change my mind one day.

Tracks

Unfortunately I didn't have Hermione's Time Turner, so I couldn't attend all the tracks but I biased towards the offensive stuff and tried to poke my head in as much of the other stuff as possible.

Conference Laptop Updates

I got some cool stickers to add to my old dell latitude lab pc!

Pentesting AWS

I was determined to not miss this talk from Mike Felch of Black Hills Infosec. Maybe it's my loathing for Active Directory or maybe it's genuine interest on how to hack cloud environments. Either way it was a great talk on enumerating and highlighting some assumptions about AWS.

I think every time there is a "new-ish" technology it suffers from these quiet assumptions that people make about it. I think it's the job of security engineers to focus on those assumptions and shine a lot on them to see what's really what.

Welcome to the Jungle - Pentesting AWS
welcometothejungle-230402000210-e1e4b155.pdf
3 MB
download-circle

Purple Team

This was a more blue-team leaning talk and I believe it even was on the security operations (blue-team) track. Bucketing aside, it was a very interesting idea to me. Usually blue and red teams just sort of do their own thing. Those teams run their services, complete their jobs, generate their reports, share their findings and then they are on their separate ways in life. But purple team involves a lot of collaboration and tuning of the blue team by being more interaction with the red teamers.

Purple Team
Purple Team_ 101 Tampa BSides.pdf
5 MB
download-circle

Cloud Red Teaming: Initial Access & Priv Esc

This was a very interesting talk but the thing that stuck out to me the most was just how vulnerable browser extensions could be. It seemed that browser extensions would be the perfect vector for doing some real damage. This also reminded me of how powerful BeEF could be on an engagement.

BeEF - The Browser Exploitation Framework Project
BeEF is a security tool, allowing a penetration tester or system administrator additional attack vectors when assessing the posture of a target
Beef logo
Cloud Red Teaming: Initial Access & Privilege Escalation
20230401_-_BsidesTampa_-_Cloud_Red_Teaming_AWS_Initial_Access_and_Privilege_Escalation_-_v0_0_6.pdf
11 MB
download-circle

Close Out, Happy Hour, and Wow Florida

I met some really awesome people here. AWS even sponsored the after party/ happy hour. I don't really drink ๐Ÿ˜… but it was nice to further connect with all the people I could in the Tampa cybersecurity scene. I was wholly surprised to learn about all the cybersecurity companies that are actually based in Florida. It'll be an exciting next few years I think.

RANSOMWEAR
This is the index description.
RANSOMWEAR

My First "Cool" Conference Badge

Oh yeah! Almost forgot about this part.