One month ago I did visit the Hashdays in Lucerne for the first time. Hashdays is an international IT-Security Conference organized from Defcon-Switzerland. I definitely should meet this guys next year in one of their regular Beer Meetings 😉
I skiped the next two speechings because I did sign me up for a little Arduino Workshop. As you can see in the picture below the conference badge was based on a arduino UNO Board and I did see lot’s of people who modified their badge with gadgeds like LED Displays/sensors and many other crazy and creative ideas. 🙂
The Workshop itself was on a beginner level and this was great, because since my last little Arduino Project I didn’t do anything with it and I could see it as a refresh. I had fun and I got new inspirations. Thank you Jan for doing this Workshop! You’re a great teacher 😉
After the lunch break I dediced to go to the presentation of Alexander Kornbrust. He talked about self defending databases. If a database is under attack you’ve in most cases only a small time window to react. How would you react and what would you prefer? Service not available or Data is lost/published? He showed some pro and contras of popular defending methods and a possibility to implement an attack detection with automatic prevention in a oracle Database. The Challenge is to get the false positive rate down and he showed a way to improve the results. I couldn’t follow all the technical steps, but over all it was a very interessting presentation! You can find the slides here.
The next talk from IIja van Sprundel was about the security of iOS Applications and right after his talk I attended the presentation about Satelite Hacking from Martin Rutishauser. I had problems to follow the presentation of van Sprundel, but the introduction into Satelite Hacking was very interessting and invormative. You can find the slides here.
The final speech was about Firewall Rule Reviews from Marc Ruef. I know his personal Website http://www.computec.ch for a long time now, but it was the first time to see a presentation of him live. Marc Ruef is co-founder of the company scip AG and he did present their methodology how they analyze Firewal Rules of customers to find potential weaknesses like ANY Rules and Unsafe protocols. You can find the slides here.
Later I did visit the Swiss Lockpicking Group. They’re interessted in locks and keys as well as opening locks without keys. They see locks as puzzles. Solving them provides an enormous thrill which motivates to try more challenging locks without criminal energy! 😉
I had the possibility to try opening a lock without key! In another Event, the Swiss Cyberstorm II, I did buy a basic lockpicking set, but I’ve never tried it out!I had the set with me and gave me a try. Huh! I can tell you this is not easy and very time intensive! They gave me the easiest lock they had and I spend over an hour to open it! In the picture below I’ll show you a little impression.
My first choice of the second conference day was a speech about memory forensic from Dr. Endre Bangerter and Domenic Fischer. They showed a system how they can record memory traces and use this traces further for malware analysis.They gave an Example of such analysis with the malware ZEUS. Impressive Presentation, but sometimes difficult to understand if you haven’t the technically background!
For the rest of the day I did attend two different speechings about Intrusion Detection Systems. I laid the focus on this Topic because I’m still interessted on that area. Another presentation that I’ve joined was about Near Field Communication. Ben April showed how he was able to decrypt a hotel key card based on NFC and successful create a clone. It was possible for him to open every hotel room. Amazing 😉
I enjoyed my visit at Hashdays 2012. Most of the participants were Security professionals and working somwhere in the IT-Security Industry. I think for many it was a plattform to do business networking and therefore I would say that it had a bit commercial character, but this is not negative. It’s just other than a typical CCC Event. For many of the presentations a deeper technical understanding is needed and this is not even easy if Security is not the mainpart of your job. I got new inspirations and over all motivation to gain more knowledge in the field of IT-Security. I plan to write more about IT-Security related things that I’ve learned on my blog. In the last week of this year I plan to go over to Hamburg to attend the 29C3 Event of the Chaos Computer Club.