Written by Sean Lyngaas Oct 15, 2019 | CYBERSCOOP

Of the countless security conferences held across the globe, only one combines craft beer and malware analysis in the National Security Agencys backyard.

Every year, federal contractors andanalysts at Beltway cybersecurity companies gather for a day at Jailbreak Brewerys Laurel, Maryland, headquarters to trade specialized knowledgein digital forensics.

The training is really good; the beers are even better, said a Department of Justice employee sipping a Lemon Meringue Berliner Weisse.

The DOJ employee, who declined to speak on the record, has been coming since the summits inception in 2015. I learn something new every year, he said, before descending from the bar and taking a seat in front of the presentation stage.

That is the comfort zone that Kasey Turner, a former NSA employee, sought to create when he opened the brewery in 2014 with cybersecurity contractor-turned-entrepreneur Justin Bonner.

We wanted this to be everybodys own jailbreak, Turner told CyberScoop. Whatever drama is in your lifewhile you sit here and drink a beer, we hope that you dont think about that for a few minutes.

The brewerys name is a nod to the cybersecuritydefinition of a jailbreak: using a vulnerability to gain root access to a device and install whatever programs you like on it.

Its more about the freedom of the jailbreak, so to speak,Turner said. Youre setting your phone free from the network and all of the constraints that are put on it.

It was early Friday evening and Turner and his colleague Tom McGuire, another ex-NSA-er, were taking a break from the exertions of running the brewery to reflect on how their project had progressed. Around them, glasses clinked as attendees lingered long after the last speaker had finished to share stories and exchange contact information. 0Day IPA was available at the bar, the walls were adorned with Big Lebowski-themed art, and 90s grunge hummed through the hall.

Before cybersecurity became a multibillion-dollar and endlessly hyped industry, security conferences had this low-key feel.

They were small, they were intimate, and you pretty much went to them because there wasnt anywhere else to talk about this stuff, Turner recalled. This was your opportunity to meet with these people and talk with them and put a face to a handle.

Sarah Edwards, a Mac/iOS forensics specialist who, fittingly, presented on jailbreaking tools at the conference, said the event was fertile ground for collaborating with others in her niche. It helped drive home the many positive reasons to jailbreak a phone, she said, including to study the devices interactions with its applications in order to make them more secure.

While previous summits focused on SCADA systems or Internet of Things devices, this years theme was reverse-engineering malware.

We need to make reverse engineering accessible to more people, proclaimedapresenterfrom theJohns Hopkins University Applied Physics Laboratory, in between meditations on binary static analysis. Carbon Blacks Erika Noerenberg riffed on the ability of a threat-hunting tool to decrypt payloads, while Google Project Zeros Maddie Stone walked attendees through how she deconstructed a vulnerability exploited in WhatsApp.

Each of us in this room may have a different reason for analyzing [a bug], Stone said.

Mike Bell, a longtime NSA contractor, presented on Ghidra, the reverse-engineering tool that the NSA publicly released earlier this year.

Looking relaxed in a sailor hat after going outon a boatthe previous night with fellowpresenters, Bell talked about his hope that Ghidra would be a valuable resource for academic researchers. Bell, who had helped write some of Ghidras algorithms, stood at the bar, his chin raised slightly, exuding an eagerness about where the project would go next.

The simple fact is the team cant keep up with all the changes in industry, Bell said, explaining one reason why the NSA released Ghidra publicly.

The camaraderie on display is one reason Turner and McGuire say they want to keep the conference small and unassuming, a contrast to the pomp and glitz of other industry events. What started for Turner and McGuire as a means of catching up with former colleagues will stay that way, they said.

Having a conference at a brewery gets people going, Turner said. They talk to one another.

View post:

Binaries and Brews: Jailbreak Security Summit convenes hackers on NSA's doorstep - CyberScoop