BSides Tallinn 2022

I love myself a good Security BSides, and I’ve never been to Tallin in Estonia. So when I saw the CFP was open I submitted and was delighted to be selected.

View of Riga, Latvia

Unable to find a reliable direct flight to Tallin, and horrendously long connecting flights – I opted for the scenic route which involved flying into Riga in Latvia, and then driving across the border to Tallinn in the fastest car ever made… a rental car.

The walk from the hotel to the venue, was short, but scenie. A blend of newer buildings mixed in with some very old architecture, overlaid with some tasteful (and not so tasteful) graffiti.

The badges were cool, and at about 400-500 attendees, it had the perfect vibe that you’d expect from a regional BSides event. Lots of locals, lots of interactions, a few out-of-towners all blended together for some engaging discussions, and educational sessions.

Cool badge with lights (if you could figure out how to make them work)

Overall it was a superbly organised event, and the organisers and attendees all deserve a massive thank you for making it all happen.

I sat through most of the talks on the day in the main stage and tweeted out my thoughts, so rather than type it all up again, I’ll embed the tweet thread below.

Things kicking off at @bsidesTLL with @petskratt talking about how logs, unlike Shakira’s hips do lie. #bsidestallinn

“This is how I like my logs” says @petskratt

You can tell a lot about a person in how they like their logs. Is log psychology a thing? I think it should be. Rorschach tests with logs to work in a SOC. Follow me for more brilliant ideas @bsidesTLL #bsidestallin

“Theres always some smartass who implements whatever they read on stackexchange” @petskratt

Great talk by @petskratt at @bsidesTLL . Taking questions is every speakers hardest part as you have to fight the lights shining on you to see the speaker. Like trying to look at a solar eclipse without a pinhole camera.

Next up @bsidesTLL, international man of mystery, @thegrugq .

Such amazing opsec. I bet he’s in the building, yet pretending to livestream from somewhere else in the world… smart… so smart.

Is that a steven segal poster in the back? #bsidestallin

If i had a shot of redbull for every time @thegrugq has said the word “cyber” my heart would have exploded by now.

Cyberwar is more cyber/war or cyber plus war. It doesnt exist in isolation.

Civilians shouldnt partake in cyberwar efforts. They more likely screw things up.

An informative talk on cyberwar by @thegrugq and he only overran by a few mins. Me trying to be polite and wait till the end when i can hear plates clinking outside as lunch has been served!

Summary of talk… if you’re a civilian, stay out of cyber war.

I spent too long having lunch and going over my slides again because other speakers give me imposter syndrome.

Anyway, back in the hall, the session started and i joined as we’re being told about a phishing attack and 2fa bypass @bsidesTLL

A great red v blue team session presented by the bank formerly known as Transferwise and Clarified Security by Taavi Sonet and Rasmus Männa. @bsidesTLL

Lot’s of pitfalls to look out for with 3rd party SSO sessions and crafty phishing methods.

The presenters have great interactions with each other, which is difficult to pull off in 2 person presos.

They also interact with the audience by throwing stuff at anyone that answers a question.

Noteworthy takeaways

Next up @Turmio_ is going to talk about finding vulns in MacOS… I’m sure @ThomLangford will be bitterly disappointed to hear Macs aren’t 100% secure!

Step 1… RTFM

Fine… keep your secrets to yourself @Turmio_ 😉

Floris Laden of @splunk talking about prioritising security using MITRE ATT&CK

All the talks at @bsidesTLL have been fanTAStic today. The whole vibe has been amazing.

My turn to take the stage in just under 30 mins before closing and the after party. #bsidestallin

I’ll be waiving my selfie fees today… rejoice Tallinn!!!

Mic’d up like Britney and ready to oops do it again! @bsidesTLL

That’s a wrap. @bsidesTLL loved me. You can see how excited everyone was to see me. Much love and thank you for having me.

A quick break and to the afterparty we go!

Originally tweeted by The Javvad Malik A.I. (@J4vv4D) on September 22, 2022.

*** This is a Security Bloggers Network syndicated blog from Javvad Malik authored by j4vv4d. Read the original post at: