Silicon Shecky

Infosec Practitioner

Connect

TehcEd Day 3

By Leave a Comment

A day without keynotes. A day with lower energy. TechEd day 3 brought sessions on top of sessions on top of sessions.

Going to a convention such as TechEd for the first time is an interesting experience. the first two days, the Keynotes were the highlight. Announcements, even with little new information, were made. The attendees were fired up or inspired. The was an energy in the air. Day 3, not so much. Don’t let that fool you, there was still a lot going on.

I went to 3 sessions, 2 of them on security, 1 on group policy. The sessions on security were the best. Not just from an I am learning something perspective, but the speakers were great. They made everyone feel welcome, joked around, would get sidetracked, and made sure you walked away with knowledge. Don’t get me wrong, the gentleman who did the group policy session was funny and all, but something about the session left me bored. Maybe group policy is just that boring compared to learning the basics of penetration testing, or seeing how hackers hide.

All that being said, I head into day 3 feeling great and looking forward to the last sessions before I head home.

TechEd Day 2

By Leave a Comment

Yesterday I said I was surprised by the lack of Windows 8 talk in the keynote. Today remedied that, plus some interesting security facts.

After everything that happened on the first day of TechEd, I was not sure what to expect from the keynote that kicked off day 2. I got a much closer seat to the stage when the room opened up and got ready for the speakers. Antoine Leblond was the main speaker and today was all about Windows 8. The information doled out was a lot of info that had been around for a bit along with a couple of nice nuggets. During the introduction of the keynote, Antoine made sure to point out that touchscreens were coming to laptops and PCs. Although he made it sound imminent, we all know that prices and the economy will really dictate how long until this technology was to be adapted.

When we got into the meat of the presentation, certain things jumped out at me. First was the swipe motions that Windows 8 accepted from a touch-pad on a laptop. Almost the exact same as what the Macbook uses at this time. It started me wondering about patent lawsuits, since the tech industry has gone sue happy. Then there was the performance enhancements and the addition of a hypervisor native to Windows 8. The did show Windows 7 running very smoothly in that hypervisor, which can be a nice point should you need to run both together. The did show a nice demo of Windows 7 open in the hypervisor with a windows 8 metro app running side by side so you could see and work with both at the same time.

They went on to talk about the performance improvements, how the convergence of home and work devices helped shaped what Windows 8 has become, and then into a beta app from SAP. We went over the Windows Store, which is organized very nicely by groups. Other points mentioned during the keynote (which should be available online to watch) included how your desktop will follow you across devices if you use a Windows Live ID to log into the machines, and my personal favorite, booting a machine off a Windows8PE image from a USB stick, which for troubleshooting and malware removal will be nice.

The next session I went to was 10 Administrator Security Mistakes, hosted by a MVP and PenTester from Poland named Paula. This woman knows her stuff and showed some things that can put the fear of security into you. How using the password rested on a DC stores the password in clear text in the memory and how easy it can be to get at it was one of the most eye opening demonstrations I have seen. So in order, the top ten we were given are:

Sin 10: Misunderstanding how passwords are used

Sin 9: Ignoring offline access

Sin 8: Incorrect access control (We were shown how Robocopy can be used to gain access to a folder which you have a deny access on)

Sin 7: Using old technology

Sin 6: Encryption, What is encryption (We were shown how HTTPS does not guarantee Encryption by a man in the middle hack which shows LinkedIn sends its passwords in clear text)

Sin 5: Installing Pirated software

Sin 4: Lack of Network Monitoring (Again shown an issue with the reset password feature in AD where is sends the password to the network broadcast address in clear text)

Sin 3: What you see is not what you get

Sin 2: Too much trust in people

Sin 1: Lack of documentation

The final session I went to was on using SysInternals software to fight malware. Mark Russinovich who created Sysinternals was the speaker. The seminar was a logical progression from the way to go about the removal process, to how to use different tools to discover different items. Again, this one was video taped, so it should be available soon for viewing. Needless to say even on Windows 8 there are gotchas, and some tools, such as msconfig, don’t have the information they used to. Between Process Explorer, Autoruns, Desktops and Process Monitor one should be able to find most if not all malware. Considering Mark said that 33% of web malware is not detectable because of time to get signatures out from the AV vendors, this seminar is a must for anyone dealing with malware removal.

Day 2 was a lot more intense and overall a lot better quality than day 1 for me. Tomorrow, there are more seminars to be had, and more things to do.

TechEd Day 1

By Leave a Comment

As a first time attendee to TechEd, I did not know what to expect. The first day was filled with information, seminars and a couple of things that made me wonder.

You wake up the first day of a conference and feel a little out of place. A hotel room, being by one’s self, and the uncertainty of what will be going on. At least this is how the day started for me.

I arrived extra early to TechEd so I could get in on the twitter army meeting. Rod trent who runs it, and is CEO of myiITforums.com, got off to a late start because of missing projectors. Once things got rolling, we were informed of what was expected of us, and how important we can be to TechEd and letting the world know about what was going on with it. considering the power that social media has in this era, I can understand why something like the Twitter Army is formed at every Microsoft event.

The Keynote was next on my docket (and just about everyone else) . For those who don’t follow my Twitter account I will give a run down of what I heard. First was probably the coolest thing in the whole Keynote, which amounted to the DJ they had using a piece of hardware/software called Emulator. A piece of glass that is see through but also a screen, and is available for anyone to purchase. The device works only with Windows machines, so sorry Mac users. Satya Nadella came out and opened the event. He went through a brief history of the 20 years of TechEd, making sure to hit on the way things have changed from a client/server focus to a device/service focus over the years. This setup the majority of the keynote, as it was heavily cloud based. Event the sections going over the upcoming Server 2012 operating system had a cloud slant to them. Unfortunately, as much as Microsoft, and other companies, keep pushing the cloud (and I dislike that term for nothing more than distributed, offsite computing) the fact is that there are a great many businesses that are not ready to make that jump yet. Between bandwith costs, regulation and compliance issues, and just general wariness over who owns the data and who is responsible should data be illegally copied, it just isn’t quite there yet, but I digress. The virtualization improvements, especially throughput and network virtualizing, in Server 2012 are impressive, and it looks like a good solid upgrade.

The Windows Azure stuff that came next really was more of a sales pitch than anything else. Then of course we got into the developers section, which doesn’t affect me directly, so I just half paid attention, instead trying to watch twitter for news from Apple’s WWDC that was getting ready to start. What did surprise me though was outside of one brief moment, there was no mention of Windows 8. Considering you have the people who will be supporting the new versions of both Server and Desktop, not showing how they can work together, what was coming up in it, and basically brushing it aside does not allow us to push for its adoption. In fact I felt like they did not have enough faith in Windows 8 to bring it up. This is in stark contrast to the forums before TechEd where a large amount of people were asking Microsoft to give us Windows 8 tablets while we are here, so we can start learning them. Now Windows 8 might not be meant for businesses, but to completely brush it off just doesn’t make any sense, especially when people are asking for it.

After the keynote, a little time was spent walking the TechExpo floor. With all the companies there, it was rather interesting to see so many that were focused on security or management software. I still have more companies to visit, even after the TechExpo Reception, which seems like a way to just get the attendees loosed up with free food and alcohol to be more susceptible  to the sales pitches from the vendors, than an actual reception. Still it was a nice effort on all of their parts.

In the afternoon, I went to 2 “cram” sessions for exams that I am taking while here. To call these cram sessions is really a misnomer as they were only 75 minutes long and barely had enough time to just go over the basic areas of studying. Its a nice attempt but they should have allotted more time, especially since they were given by Microsoft Certified Trainers. The trainers tried their best, but there is only so much one can do when they have such little time.

Overall, it was an interesting day. Tomorrow comes exams and some regular sessions, which should give me a better feel for what is really out there. The experience is definitely worth while here so far, even with the shortcomings of today.