What do you expect in a security conference filled with professional hackers, security companies and students? Passwords being leaked live, hacking challenges, and an insecure feeling? Right! That's what really happened!
As an overview of BruCON, it was like this: free T-shirts, retro games (Duck hunt anyone?), hacking challenges (an IP address was all we knew), talks (some of them boring), workshops (learned a lot) and, last but not the least, Belgian beers.
On Thursday, I had planned to go to one workshop and all remaining talks. (In big events such as this, there's always different venues with different talks/workshops going at the same time; and you plan your own day.)
The first talk on Thursday was given by Chris Nickerson and it was called "Nightmares of a pentester", in another words, how to keep your systems secure. (link: https://www.youtube.com/watch?v=2ufBtLw6QgY ) After a workshop on effective communication in a company, went for lunch where they were also having a DJ workshop with Count Ninjula and Keith Myers. (Amazing stuff!) For the evening, I was trying all talks on the main venue, but they weren't as good as I expected. So, I would go to a talk, left fifteen minutes later to have a chat with other students, teachers, companies and making sure I had some beer.
On Friday, after the not-so-interesting-talk-leave-the-room lesson, I choose to be in a 4-hour workshop named Hands-on Incident Response (with my Forensic Analysis teacher): we were given a compromised windows virtual machine. This was a set up pretending that we were playing the role of the information security guy in a company where one guy had been hacked. We only knew that one file was encrypted. Some time later, and after using different tools, we knew that this guy had a ransomware on his computer, he was surfing Russian porn website that downloaded the malware into his computer (Yes, just by accessing a website, you can get a virus on your computer!), we could read the Java code in which the malware was written and understand how this guy was infected. After three hours and a half, we were really close to solving the problem. In the end, no one other than my teacher was able to get the file decrypted. The feeling of accomplishment amused me. For the rest of the afternoon, I was talking, once again, with some security companies (got some business cards!), students and the Linux Security teacher.
Overall, the BruCON was a nice experience: No classes, all security students and teachers were there, and learned a lot about all different people I've met in the conference and the workshops.
The BruCON talks are online and can be found in here: https://www.youtube.com/user/brucontalks
No comments:
Post a Comment