2008-10-20 16-32 T2 - we'll be back!

image.png

We had an opportunity to participate T2 conference this year. Clarified has a special relationship to T2. Our early prototype from our research days was presented at T2 2005. An not-so-pretty hack, usable only by nerdish research scientist, is nowadays an extremely usable and beautiful piece of software. That makes me wonder, is the technologies, workflows and idelogies presented this year in similar state in 2011? ;) Our presentation was titled: Iceberg Incorporated - A Peek Under the Surface of the Criminal Enterprise.

Setting

T2 is not a marketing event. I've often found myself frustrated (=mad) in many marketing events, disguised to be seminars. Thus I was extremely cautious not put forward anything from our business-as-usual category, which might be interpreted as marketing. Still, being proud of what we do, I wanted to include the technologies and our daily propaganda in our presentation. What a puzzle.

Then it hit me: lets talk about collaboration! And to demonstrate collaboration, lets bring in the collaborators of the year: Jussi from CERT-FI and Lari from Codenomicon. That sounded fun, and fun it was!

Presentation

The presentation was experimental in many ways. First of all, we introduced new technologies (although we didn't admit that our presentation was about technology ;). We introduced agent-technology. Agents download your tasks from collaboration environment, run the task in what ever part of the world they happen to be, and return the result back to the Collab-environment. We also pushed some of the collaboration features in Clarified Analyzer further. You can now attribute IP-addressess in Collab with search results and passive DNS information. Last but not least, we introduced a concept of 3 different speakers. We had similar objective, similar working habits and slightly differnt agenda. Lari wanted to talk about icebergs, Jussi about unsystematic data collection&analysis and me about collaboration. I'm eager to wait the feedback to hear if we managed to convey our message. :)

attribution.png

Picture: When you label an IP in Analyzer, a new page is born in the Collab environment. Our agents will notice it and deliver attribution, such as Country Code, AS number, whois output. Then you can upload your Analyzer packet content search results to the same page (http-get (dst)) and so forth.

Thoughts

The only thing I regret is that I set a bit too ambigious goal for my part of the presentation. I wanted to make the traffic audit demo as understandable as possible. Thus I ended up fine-tuning things to the last minute and I could not personally take the most out of the other interesting presentations. A feeling of unpoliteness shadowed my good time during the presentations, as I mindlessly stared my laptop, only to randomly snapping out of the fiddling. Upside is that during the breaks I got to talk to a lot of interesting people. I'm still half-way of following up those conversations. ;)

If you enjoy an intimate conference with lots of good security-minded people to network with, T2 is for you! Thank you T2 team! You put your heart to the event. You also take a good care of the presenters - although I must regretfully say that I didn't have the naked people in my hotel room that Ivan had. :)

-- jani 2008-10-20 19:27:25


return to the blog ...