Steel Con 2017

This was my first trip to Steelcon, I traveled up to Sheffield on the Thursday evening ready for an early start the next day for the workshops that I’d signed up for. After hearing lots of good stuff about the conference my expectations were high, here’s how I got on.

Workshop 1 – How to win at remote social engineering with @5ub34x & @myexploit2600

This was the workshop I was most looking forward and it certainly delivered, it covered harvesting credentials by exploiting functionality in Windows & MS Office through to techniques to avoid detection from anti vius scanners.
Throughout the workshop there were plenty of great stories and the content was delivered in an entertaining way.

Workshop 2 – Thick Client Destruction with Rob Maslen

The second workshop I attended I was less excited about as I don’t regularly code .Net/Java applications in Windows anymore. The workshop started off with some theory, then went into some practical examples of exploiting a vunlrible application inside a VM before finally setting us a set of challenges to apply the the techquies to gain admin access to the application.
I managed to get quite far by sifting through the memory used by the application and finding database connection credentials (+the odd hidden link to https://www.offensive-security.com/offsec/say-try-harder/ on route).
At the end of the workshop I was amazed how much I’d learnt and it has made me super aware of just how vulnrabile applications can be if not coded in a secure manor.

The Conference

On the Saturday there were some great talks from some of the best guys in the industry, the ones that really stood out for me were:

  • CheckPlease – Payload-Agnostic Sandbox Detection – Brandon Arvanaghi (@arvanaghi) and Chris Truncer (@ChrisTruncer)
  • Mahkra ni Orroz – Chris Boyd
  • HTTP Invisibility Cloak – Soroush Dalili
  • Samurai of the west – Neil Lines

I look forward to watching the videos on the YouTube channel for the talks I didn’t get to see.

The conference also raised a lot of money for local charities, partly thanks to Lord Helmets sticker stand (I even bought a few stickers and a book by @ZephrFish).