Cатсн²² (in)sесuяitу / ChrisJohnRiley

Because we're damned if we do, and we're damned if we don't!

[Guest Post] A first-timers view of the “Hacker Summer Camp”

As many people are aware, the big „Hacker Summer Camp“ took again place in Las Vegas this August. This get-together describes the occasion of Black Hat, for the Business sponsored InfoSec employee, BSides Las Vegas, for the techies, and DEF CON, which apparently became object of both type of folks already years ago, and many more little side conventions.

As these types of conferences are usually a big chance to meet all of the friends that you don’t see the rest of the year, attending many talks is never a goal. Especially not, as these days most of the talks are recorded. As for the full lists of recordings, please check the following links:

The DEF CON 22 Talks will be published by the speakers on YouTube, or can be bought, some of the slides are also already available here: https://www.DEF CON.org/html/links/dc-archives/dc-22-archive.html

The Black Hat Talks will show up here: https://www.youtube.com/user/BlackHatOfficialYT

Over the last few weeks already many Blogposts arose that listed personal favorite talks and what the learnings are. For such a reference, check out other European sites like http://www.scip.ch/?labs.20140819 in German or http://blog.csnc.ch/2014/08/blackhat-and-def-con-usa-2014/ in English.

The big topics this year were infections over USB and wireless transmission of signals like the ones that can be read with a HackRF. One topic that isn’t completely over yet, is hacking of Point of Sale devices. Although they are usually very specific by the country the research originates, and therefore can’t be applied to every vendor or product. They are still interesting though and give new hints on what to consider when securing such an infrastructure.

As an outlook we were informed at the Closing Ceremony of DEF CON, that the next year DEF CON will be hold at the Paris and Bally’s. With DEF CON becoming not only bigger in numbers of attendees, but also space, and seeing the changes that just happened to the German Chaos Communication Congress, I personally like the change. More space can give more ways to be creative.

The CCC has become a very colorful but dizzying experience, which makes it hard for new people to find navigation or orientation in. But CCC, early on, started having villages where like minded people and friends have a “public” space where they can be found and present their stuff. The concept becomes very visible at the hacker camps, where usually even more equipment is brought in and spaces are decorated with lots of creativity and love. DEF CON has also started with the villages, by having for example, Hardware, Social Engineering and Wireless villages. This concept of organized interest groups can be quite a help, if an event becomes too big. I personally also wouldn’t mind seeing more talks in villages, which have smaller audiences but also give the speaker more chance to interact and talk, learn and share information. I always feel sorry for speakers who prepare a talk and only get to hold it once. Presenting a talk several times with slight variations, depending on the target audience, might improve the rate of knowledge exchange and therefore be beneficial for both sides. The big talks still should be held in big rooms of course, but information overflow has become such a big topic, that the concept of split, addressed information might help. If there were more spaces like DEF CON SkyTalks, the chance exists that the quality of the presented information would also improve again.

- Des

Last Hacker Standing… Episode IV: The Last Hope

Just when you thought it was safe to go back into the water…LastHackerStanding_singleFace

With the untimely demise of the Network Security Podcast, Martin McKeay (along with Dave Lewis and myself) decided it was time for something new.

In the inaugural podcast, we talk news (straight up, with a twist), alongside our wonderful guest Katie Moussouris from Hacker One.

 

 

We’ve tried to add a twist to the usual podcast style of news and interviews… so feedback on the first part of episode IV is always gratefully received!

Lookout for part II dropping in a few weeks…

Links:

My picks for the coming conpocalypse

25C7DBB7FDEE98EB339313F2B55B68D5Yeah, yeah… I know. I’ve been slacking on my blog for the past few months (in-fact I think this post has been sitting in my drafts folder for about 2 months). Still, the wheels of life must go on, and the last post (although tongue firmly in cheek), was a bit depressing. So, with as little fan-fare as possible, I thought I’d give you my picks for the up-coming conpocalypse (AKA #HackerSummerCamp, AKA “That thing in Vegas”).

This year I’m volunteering at BSidesLV so won’t have much time at all to visit Blackhat. This might not be such a bad thing though… I think Blackhat and me need some time apart to see if we miss each other. Times move on, and I’m not sure I feel the same way about Blackhat as it feels about me… it’s not me… it’s you. Sorry Blackhat! Maybe I’ll pop over and see if it feels all funky or not! Who knows…

BSidesLV

This years BSidesLV is looking great… and I’m not just saying that because some of my favourite people in the world are running and helping shape it (you know who you are ;). Alongside all the hallway track stuff that’s much talked about, and working a couple of morning shifts as a room host (still not sure what this means… guess a mix of stand-up comedy routine and crowd control!) I’ve got a couple of talks on my radar to attend!

Tuesday 10:00 – 11:00 Opening Keynote — Beyond Good and Evil: Towards Effective Security

Tuesday 16:00 – 17:00 Anatomy of memory scraping, credit card stealing POS malware

Wednesday 17:00 – 18:00 We Hacked the Gibson! Now what?

Wednesday 18:00 – 18:45 Closing Keynote –> It’s A S3kr37
 

On the Wednesday I’ve booked in to play around in the RFID Hacking workshop… maybe I can finally pot this Proxmark3 I’ve had on my desk for about 3 years to some good use ;)

I was really hoping to attend @HackerHuntress‘ Hacking the Hustle Hands-On, Infosec Resume and Career Strategies workshop… however I’m volunteering at that time. So hopefully she’ll still be around to chat to for the remainder of the conference!

If you’re around at BSidesLV, make sure to pop into the “i am the cavalry” area to see what those crazy kids are up to!

DEF CON

By this time of the week everybody is pretty much dead… along with the inevitable mass of people and agoraphobia kicking in! So consider these as my dream picks if I can get into the room ;)

Don’t forget to check out the DEF CON SkyTalks (https://skytalks.info/) as well… these talks aren’t recorded usually, so it’s be there, or be ²!

Friday 12:00 – 12:30 From root to SPECIAL: Pwning IBM Mainframes

Friday 12:30 – 13:00 The $env:PATH less Traveled is Full of Easy Privilege Escalation Vulns

Friday 14:00 – 16:00 DefCon Comedy Jam Part VII, Is This The One With The Whales?

Saturday 10:00 – 11:00 Screw Becoming A Pentester – When I Grow Up I Want To Be A Bug Bounty Hunter!

Saturday 14:00 – 15:00 NinjaTV – Increasing Your Smart TV’s IQ Without Bricking It

Saturday 15:00 – 16:00 Advanced Red Teaming: All Your Badges Are Belong To Us

Sunday 14:00 – 15:00 Android Hacker Protection Level 0

… that’s a lot, and I don’t expect to hit them all! Hallways con and other events will keep me from that. Still, those are my picks for the Summercon marathon!

Hope to see you there… below photos can be used to identify me throughout the conference (depending on the day)

Easy Identification pictures…

8bit_startDay 1 8bit_mediumDay 2 – 3 8bit_endDay 4+

The long goodbye…

endI remember when I first saw him… I thought he was ugly, unruly and unworthy of my attention… and so I shunned him. After a time, I looked back, unable to ignore that “something” that I was missing. I went back, and once more he failed to impress. Again, I shunend him. There was just that something that was missing. It was all there in the promise, but in reality, it just didn’t click… once again I shunned him and moved on. It was some time later that I realised what I’d done. That i’d misread him and mistaken what he offered. He was my future after all, and there was nothing else that would be better for me. I embraced him, let myself fall into a rhythm and never looked back!

Years later I can think on that moment, having moved on to newer and better things, and remember the first time I saw him across the room. He seemed to glow, at least that’s what my memory tells me. We’re not together anymore, and I miss him sometimes, but you know what… it’s OK. It’s Ok for both of us. We grew apart and he just couldn’t fill my needs anymore. To be honest, it was me that first broke away… I don’t want to call it playing away, but it’s what it was I guess. There were just needs that he couldn’t forfill anymore, and I needed something that I couldn’t get from him anymore. I knew that he knew… and he knew that it was what I needed… he never judged! He was good like that.

The time has come though my friend. I can’t be with you anymore… those long nights we spent together have to come to an end. The time has come to say goodbye forever.

Goodbye my friend… you’ll always be in my memories!

Windows XP (2001 – 2014)

Follow

Get every new post delivered to your Inbox.

Join 129 other followers