Event Recap: Security BSides London 2023

by Si Biles, co-host of the Forensic Focus podcast

Venue

The venue was the Novotel Hotel and conference centre in Hammersmith, and for me at least, this was gratefully welcomed, with underground parking that was convenient to access and which you could enter the hotel from without getting drenched – those (including a friend that I was attending with) who had to walk from the tube station (only five minutes away) probably dried out around three in the afternoon.

This is the first BSides that I’ve attended, but I’ve been aware of them for a while, and they’re a global phenomenon, with events worldwide, each run by their own local community, but for the good of everyone and anyone who can attend. I’m going to lean on them and use their own descriptions to explain what they are:

Security BSides is the first grass roots, DIY, open security conference in the world!”[1]

“… a community-driven event built for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is where conversations for the next-big-thing are happening …”[2]

Timetable

The annual event has been running in London since 2011 – with the notable exception of 2020, but we’ve all heard about COVID, so I think we can forgive this slip in their record. This year it was a new venue for them – and a good thing too, as I understand that the old venue had a maximum capacity of 1,200 people, and they managed a headcount of over a hundred and fifty more than that this year. This venue (with a maximum capacity of 2500) should allow them to expand again next year – which I think is well within their reach. The day is spread out over three levels, with a large open hall on the ground floor, smaller workshop rooms on the first, and large auditoria on the third. The schedule for the day is packed with content – and it’s only possible to sample a small subset of what’s on offer.

Timetable for the day.[3]

Doors opened at 0830hrs UTC, and the scheduled talks started at 0930hrs with the Opening Welcome Talk – apologies to the reader, I didn’t attend this as I was far too busy enjoying the hall downstairs which is one of the highlights of the conference as a whole. Some of this is because it was a great opportunity to catch up with Desi in his corporeal form as opposed to the disembodied ethereal presence that given our relative geographical locations is more normal. Desi was working, as Security Blue Team were the platinum sponsor for the event and had the prime spot inside the hall, right by the entrance to advertise their wares.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.

Unsubscribe any time. We respect your privacy - read our privacy policy.


Vendors

It should be noted, that this was not a vendor conference – rather that those who had sponsored the event had stalls. Yes, they are creating awareness of themselves and what they do, but more than that they were giving away the obligatory conference ‘merch’ (for the record, I like the trend of socks as a giveaway – I obtained one pair from one vendor, I returned to get some later in the afternoon and the other three sock sources that I had identified in the morning had run out, so clearly I’m not the only one!), but there were also competitions and raffles to win some rather nice, geeky, prizes – Lego made a number of appearances, as did AirPods and an Atari 2600+. I was satisfied with a new (high quality!) travel mug courtesy of my “Spin the Wheel” attempt at Security Blue Team, and I’m pretty sure that no-one went home empty handed.

A real live Australian – Desi!

“Villages” and Auditoria

As well as the vendor stands, there were also the “villages” – lockpicking, automotive security and trains[4] all had a presence. As a poor, but reasonably well equipped, lockpicker – I was most taken by the automotive area, which had a rather lovely simulator setup that had been shipped over from Cardiff University where it normally lives. There were also several In Car Entertainment (ICE) head units of dubious parentage and interesting CAN bus interfacing. There are some very knowledgeable people in the villages, and it’s easy to spend a lot of time talking to people who are not only very passionate about their area of interest but incredibly well informed.

The Automotive Simulator

I have some small gripes about the main hall. Firstly, the coffee provision isn’t enough for 1350 people who subsist on caffeine as one of their main food groups. And secondly, this main large space is a bit … I don’t know, utilitarian? It’s more like a storage area than a venue, and the lighting is poor at best. This is, of course, a criticism firmly levelled at the venue – who provided both catering and facilities, not at the organisers of the conference, who would have no real control over such things. Nonetheless, if I were to suggest areas for improvement, these would be they. The floors above got swankier the further you rose, and the auditoria were rival of any that I’ve been in before.

Speaking of swanky, the AV setup in the auditoria was very good – when it worked. The feature of being able to link all three of the main spaces so that the screens and audio in each displayed from one meant that no-one was left out of the opening or closing ceremonies, even though not everyone could be accommodated in a single room.

Talks, Presentations and Workshops

My choice of talks will show my particular areas of interest, and I’m sorry if this doesn’t align with yours. What I would say for future reference is that what I saw – whilst obviously varied in content and presentation style, as you would expect from different people, of different backgrounds, talking about different concepts – was of a universally high standard.

My personal favourites were the talks on Bluetooth Padlocks (which was an absolute masterclass in how not to create any sort of secure service), the one on Physical Intrusion testing (with a distinct flavour of smoke being given by a former fire systems engineer) and the one on the history of malware (very well and humorously presented indeed and a very rapid run through of decades of malicious software). The other talks during the day were enlightening, and I learned more about Linux on Windows (although why you’d bother with the Windows layer still escapes me), anti-forensic techniques in incident response and issues about machine learning systems messing with chemical plants. This last one was an interesting area of research that I think needs a bit more doing on it before it can address the full potential of both offensive and defensive sides.

Proof that we can exist in the same place!

As I’ve said, there is so very much to choose from in the day, and I only sampled one of the “Rookie Track” presentations and none of the workshops, but I don’t doubt for an instant that there is something that would be of interest to anyone in the industry in the available choice. (My friend who attended is in a decidedly different field to me and – in a way that concerns me regarding his mental health – writes decompilers for fun, and yet he also found things of interest, despite not winning any Lego or the Atari 2600+ …)

The atmosphere at this event was almost carnival like – evidenced by the presence of both stuffed sharks and some interesting headwear. From my side, I’m excited for the future of this particular spot in the annual calendar, and I hope that I’ll be able to return in future.


[1] http://www.securitybsides.com/w/page/12194138/BSides

[2] https://www.securitybsides.org.uk/

[3] https://www.securitybsides.org.uk/schedule.html

[4] Model trains is the source of the word “hacking” from the MIT Model Railway Club – Google it if you don’t believe me.

Leave a Comment