BSidesKC | April 26-27, 2019 | Plexpod Westport: 300 E 39th St, Kansas City, MO 64111

Cloud Forensics Challenge

Friday: 9am – 5pm

What, exactly, is “the Cloud”? Is it a network of machines connected via the Internet scattered all over the globe? Is it a data center environment located in the United States or anywhere in the world? Is it really just “someone else’s computer”? Or, is there more to it that needs to be understood by the Information Security professional, to arm him or her with enough knowledge to answer the tough question that inevitably will be asked by their employer, “Why should we take the risk to move our most sensitive data into the cloud?” To take it one step further, should in the event of a data breach that same employer should say, “We need to investigate how this happened;” what exactly will the Information Security professional need to know to successfully conduct a digital forensic investigation, especially if he or she doesn’t have direct access to the server or hardware?

The Cloud Forensics Challenge team is excited to bring our workshop to the 2019 BSidesKC conference. We have presented this training at both the 2017 BSides DC and the 2018 BSides Charm events, and seats have sold out both times. The focus of our workshop is two-fold: first, to explore key concepts of Cloud computing and understanding the procedures and processes of conducting a digital forensics investigation in the Cloud; and second, a half-day challenge to test students’ comprehension of the material and their skill sets by investigating a digital image of a Cloud-based server and searching for various “flags” to be turned in as part of a team competition. Prizes will be up for grabs and we anticipate a full crowd for our first time at this conference, so be sure to register as soon as tickets go on sale!

For more information, please contact us at Cloud4n6Challenge[at]gmail.com or follow us on Twitter under the handle of @Cloud4n6. Thanks, and we look forward to seeing everyone at the event!

Student Requirements:

  • A good attitude and willingness to learn.
  • COME PREPARED. (Seriously, we’ve ran into this before.)
  • Some knowledge of the Cloud (helpful, but not a hard requirement)
  • Some knowledge of digital forensics (again, helpful, but not a hard requirement)
  • Able to tear apart a PCAP file (helpful, but not a hard requirement)
  • Able to reverse engineer files (helpful, but not a hard requirement)
  • Laptop? Yes. How much RAM or what type of CPU? It needs to run Kali Linux or similar OS without bogging down.
  • Utterly despise Linux? Using Windows or a Mac? Not a problem. Grab the following: TSK/Autopsy, and Wireshark
  • You’ll also want to grab Volatility (or some other memory forensics app) and OpenStego (or similar)
  • Probably wouldn’t hurt to grab Ida Pro or Ollydbg (reverse engineering stuff) and Decrypter (or similar decryption tool)
  • Bookmark some cipher sites while you’re at it.
  • Hey, this is cloud forensics, remember? The cloud is dynamic and always changing. As does our challenge.
  • Like the man once said, “Life is like a box of chocolates. You’ll never know what you’re gonna get.”
  • Did we mention the key phrase: “COME PREPARED” ?
  • We should also mention, “NEVER GIVE UP, NEVER GIVE IN.” Yes, some of us are Doctor Who fans.
  • We encourage our students to stick around until the end of the workshop and challenge.

Presenter:

Kerry Hazelton’s career between Information Technology and Security has spanned the course of over twenty years, and with it he has developed considerable experience with systems and network support, data center operations, and information security. As such, he considers himself a “cybersecurity enthusiast” due to his desire and motivation to read up on the latest trends within the industry, to learn about a new exploit or tool, or his willingness to teach and share with others his experiences over the years. He also has presented technical workshops on the tools and procedures often used in security analysis and cloud-based digital forensics at prior conferences including BSides Charm, DC, and NoVA; which helped to form the basis for the Cloud Forensics Challenge he currently runs. Additionally, he recently gave a talk at his hometown inaugural BSides Idaho Falls conference about his experiences as an instructor, and the importance of mentoring the next generation of hackers.