Last week I was able to attend the CyberThreat 23 (CT23) conference in London, held by SANs and the National Cyber Security Centre (NCSC)
The conference has been running for a few years now and from SANs marketing material the event is:
Designed for security practitioners and spanning the full spectrum of offensive and defensive discipline, the event has a strong technical emphasis, including case studies from the field, new security tools and encouraging collaboration on bleeding-edge techniques.
In terms of technical content of the presentations I would put CT23 between Bsides, which from my previous experience have been less technical and Defcon which can be highly technical. The speeches were mostly delivered by employees of major industry players (Microsoft, Google, Crowdstrike, Sentinel 1, Dragos etc). There was a particular focus on Cyber Threat Intelligence which is not surprising with the involvement of the NCSC. More on the talks in a bit.
The event was held at the Novotel London West, there was one hall for the talks and then large space allocated for networking, this also had sponsor stands, the excellent Pen Test Partners Airbus A320 simulator, several arcade machines and games consoles (no Delorian this year).
There were 2 competitions running, the first was a Capture The Flag (CTF) event that runs over the two days of the conference, booths are set up in the presentation hall for teams to compete, but there is also an individual leader board, with the top prize for both being a free SANs course. The CTF looked pretty interesting and apparently covered a lot of specialities, it's a real shame that it stops at the end of the event though, I would have loved to get involved with the CTF but know that with my poor multi-tasking skills I would have missed most of the talks.
The other competition involved the conference badge. The badge was fully interactive with many different challenges. I was able to make some good progress on these, from logic-based puzzles through to physical interaction, lots of CyberChef usage and even some firmware analysis. My favourite task involved downloading the devices firmware, identifying a specific offset, modifying it and re-uploading. I had a brief nervous moment as the upload bar progressed, but a feeling of relief as the badge booted successfully and I was informed that I had moved on to the next challenge. Its perhaps no surprise that I didn't win that competition, but we got to take the badges home with us, and I plan to complete it in my own time.
There was a lot of content delivered in the speeches, and I am looking forward to them being released online so I can revisit some of the content but highlights for me were:
- Day 1 Keynote – Delivered by the new CTO for the NCSC, I found his presentation interesting, focusing on some of the frontier challenges facing the industry, as well as opportunities. He provided an interesting analogy about cloud services charging a premium for security features being similar to seat belts in cars, it took a major manufacturer releasing the patent to put seatbelts in every vehicle and make it something that we take as standard these days.
- Day 2 Keynote – This presentation asked the question whether Cyber Threat Intelligence is really just clever marketing for research teams. It explored some of the moral/ethical quandaries in the industry, for example how we are quick to label foreign APT activity with fancy names and branding, but we don't really treat Western groups in the same way.
- I can't remember the speaker, but there was a good presentation about red team engagements vs real adversaries, it highlighted how clients often desire good value for money and so elaborate steps are taken by teams to test complex attack paths, whereas an adversary will look for the simplest way to get from A to B.
Unusually for a SANs event CT23 is actually pretty reasonable price wise, Blackhat Europe which is also a 2 day event is almost double the price of a full price ticket. CT23 content is relatively specific however and other events may offer a wider range of talks.
There are also various discounts available, Military and Government employees can apply to enter a ballot for a free seat (that's how I attended previously). There are also CTF style challenges that if completed reduce the price, as well as a discount, I believe, for students. Alternatively it's possible to purchase online attendance, however I do think a big part of these things is to be able to interact with others in the industry.
I would like to say thanks to CND for letting me attend, their desire to ensure that employees are able to professionally develop was one of the reasons for me joining them, and they have continued to reflect that throughout.
Comments