The run of conferences over the last month are so have finally come to any end (FIRST, Blackhat/Defcon, and HAR2009). It’s been a whirlwind of technical content, new friends, old friends, planes, trains and automobiles (love that movie).

I’ve done my best to blog what I’ve seen that’s peaked my interest, and I’m sure they’ll be more to come. I know I’ve got another podcast scheduled with F1nux and Frank “Autonessus” Breedijk at some-point. For now however I need to rest. Lack of sleep and bad food have taken there toll on my body and mind. I’d say I need a holiday, but this was my holiday for the year (yes, I am that sad). Next year things will be a little calmer (conferences are fun and all, but too much is too much).

Conference comparison

The 4 conferences I’ve attended have given me a great chance to compare the various styles of conferences that are so popular in security right now. From the private “boys club” feeling of FIRST, through to the free for all (no geek left behind) feeling of Hacking at Random. Each has it’s own charm and plus/minus points.

FIRST

This was my first time attending FIRST (no pun intended). FIRST for those that don’t know, is the Forum of Incident Response and Security Teams and has more of a focus on incident response, forensic analysis and the business behind running a CERT/CSIRT team. Apart from the great chance to see Japan (Kyoto is lovely) I got a lot out of the conference both personally and from a business prospective. Personally I got to speak to and become friends with some really great people. I won’t name drop here, I do that enough in real life. However it opened my eyes to the benefits of networking at conferences instead of spending ALL the time running between talks. From a business prospective (it was a business trip after-all) I spent some time learning how teams deal with forensics, incident response and patch management. As a penetration tester it’s easy to forget that there are a lot harder jobs to do in security. Attack is easy after all. Defense is where all the hard work is done.

Blackhat US

Again a first for me. Actually more than one, as it was my first time in the US (if you can count Las Vegas as the US?). I’d had the chance to attend Blackhat Europe earlier this year so knew what to expect. However the range of tracks and size of the event took me a few days to get used to. As I had press tasks to complete, I attended the talks that I thought would be interesting and I knew I’d not be able to see again (at Defcon or HAR2009). Again I had the chance to meet up with a few friends I’d made online, or from previous events. It was also good to sit down with a few smart people from Core Technologies and go through a short training on the newest version of Core Impact (version 9.0). The vendor area gave me a chance to catch-up with a few people from Trustwave/Spiderlabs, Core Technologies and IOactive that I’d been looking to catchup with for a while. I even had a chance to talk to the guys at EC-Council at their stand. They had nothing to say that would change my opinions, but it’s always nice to give them the chance. I’m nothing, if not fair after all. I’m a little sad  that I missed out on the B-Sides conference (a side conference put on by speakers and non-speakers). From what I hear it went off very well and was a very close and personal style meeting of people. Less presentation and more exchange of ideas. Something to lookout for in your local area if you see the chance.

Defcon

If I thought Blackhat was large, then Defcon just made me scared. I recall attempting to make my way to a talk on the first day and almost being crushed in the crowds. That set the tone for the rest of the conference. People may have noticed a lack of blogs from Defcon. To be truthful I spent a lot of time talking to people I know (in the online sense of the word – we really need a new word for “knowing” somebody that conveys that better). It was great to chat to speakers and fellow bloggers/twitterers and exchange ideas and contact information. I managed to meet with almost everybody on my list (it was a big list) and a lot that I never thought I’d meet. I managed to see a few select talks, and lot of partial talks (sticking my head in to see what was up). Although I didn’t attend many talks, I still feel like I got a lot out of the event. Remember, going to EVERY talk is never going to be possible. The talks will be available online, blogs will be written about them, slides and PDF’s will be made available. However, the people will only be there for the duration of the conference.

Hacking at Random (HAR2009)

After a few days back home (sorry Gika*) I fly out to the Netherlands to attend the 4 yearly hacker camp (yes, we go camping in a field). This is the epitome of Europe hacker culture and gatherings. Where Blackhat/Defcon was full of hardcore security geeks, HAR is more open with talks on things like Wikileaks (fighting to expose things that should bee public), politics, legal rights and of course hardcore technical talks (both security related and not) covering every aspect of technology. The mixture of people and talks at the camp really opens your mind and makes you really appreciate things. It’s easy as a security professional to get pigeon-holed, this kind of conference really allows you to open up and go beyond what you do day to day. Due to the way the camp works, it allows you to do a great deal of networking alongside the talks. Drinking and dancing till 4am are pretty much normal. If you get out and wander around camp (3,000+ people is a big camp site) allowed me to meet new people and talk a lot of tech that I wouldn’t normally be able to do. A lot of people kept themselves to themselves at camp. That’s fine, but you really get the most out of camp by opening up and really talking to people. Alongside some good talks on GSM, DNSSEC, the Stoned-Bootkit and others, there were a number of great workshops on Autonesses (thanks Frank it was great), lock picking (TOOOL for the win), and hardware hacking (sad I missed this, again). As I was staying with the guys from Hackers on a plane again this year (Big thanks to Nick Farr for arranging this for me), I had a chance to meet some great people. I met Dan Kaminsky for the 3rd time this year (4th time since 2007). As expected, even though we met at Infosec and Defcon already this year, he had no idea who I was. That’s fine. To tell you the truth I’ve missed all 3 of his x509 presentations at Blackhat/Defcon/HAR2009 Did that sound bitter ? Anyway, if you’re US based and what to get in on the European scene you could do a lot worse than look at the Hackers on a Plane website to see if you can join in. Rumors are that they’ll be doing a HoaP to Japan soon as well. Getting home from the camp (I’m on a train as I write this) has proved to be more of an issue. Due to SkyEurope not paying their bills at Vienna airport, I’ve had to travel to Munich (grabbed a lift with some random con goers) and hop a train from there to St.Pölten. Even though it was a bit of a pain, hot (10 hours in a car isn’t pleasant) and costly, traveling across 3 countries to get home has it’s benefits. I managed to catch-up with an old friend in Munich, and had time to write this blog post. There isn’t always a silver lining in the cloud, but if there isn’t then it’s probably just web 2.0. That made sense when I said it in my head at least. I think I need more sleep.

Statistics

To give you all an idea of my last month or so, here’s some rough statistics to make you think.

• Countries visited – 6
• Locks picked (I’m still learning) – 3
• Days at conferences – 14
• Hours of talks – 150
• Talks attended – ??? (even I’ve lost track)
• DualCORE songs heard – 75+ (3 LIVE at the Defcon oCTF)
• Scary mental images courtesy of Martin – 50+ (possibly more)
• Scary mental images given to Martin in return – 10+ (I need to work on this)
• Sleepless nights – 10 (probably more)
• Tweets – 151 (HAR2009), search.twitter.com doesn’t go back far enough for more stats
• Kilometers driven – 1475 km
• Kilometers flown – 45,531 km
• Frequent-flyer miles – LOTS

Blog comments

Now to my final comments. I’ve been posting blog entries about talks from all around the globe for about a year now. So it’s time for your feedback. To date I’ve received a few comments about my blog posts, some good, some kinda meh. Do you like what I post ? Everybody needs feedback to improve. So here’s your chance before I hit my next conference (BruCON). Tell me what you think and what you want to make it more useful. love it, hate it, can’t understand it ?

* For reference, Gika is my lovely, supportive and intelligent girlfriend. If only I could code like her, I’d be a happy man. Without her, none of this is, was, or would ever be possible. Sorry I’ve been away so much.