The original “non-con”, Day-Con is really three events in one: Packetwars Boot Camp, Dayton Security Summit and the Hacksec Invitational (thus the motto: “Learn, Work and Play Harder!”).
Day-Con is the US sister conference of Heidelberg, Germany-based Troopers conference.
Boot Camp: The week kicked off with potential cyber warriors getting caffeinated and gathering for the 5-day Packetwars training. The “recruits” were trained and drilled on offensive and defensive computing tools and techniques. Day 1 closed with a lecture on RED and BLUE team tactics and strategies by yours truly. Day 3 hosted special guest lecturers Solomon Sonya and Nick Kulesza who presented their research on botnets and targeted attacks. They also demonstrated their tool called Splinter the RAT. The rest of the time was spent preparing for Day 5’s final exam – the Hacksec Invitational Packetwars battle.
Dayton Security Summit: The 2-day, closed door, invitation only conference began with the obligatory introductions, ground rules and logistics discussion. The venue was laid out in board room style, which allowed all the “delegates” - this is what we call attendees and speakers - to see each other and easily interact. Seating was restricted to 50 delegates. Each day had two focused themes.
The first day Dr Piotr Cofta and Matthias Luft talked about tools of the trade. Dr Cofta took us through a trust assessment of the Snowden case. Turns out that we should not focus on Snowden so much, rather we should look at his handler and the vetting agency! Dr Cofta went on to share details of his “Trust-O-Meter”.
Matthias spent his time discussing the operational challenges of vulnerability ratings and shared the tools that ERNW uses in their own practice. After lunch Craig Smith, Graeme Neilson and Chris Werny tackled the subject of disruptive technology. Craig focused on anonymity in a world with funded Big Brothers. Graeme entertained and enlightened delegates by suggesting encryption is the most disruptive of all technologies because it facilitates anonymous currency and banking. That evening there was a group dinner with the delegates and the Boot Camp recruits. Many beers were drunk and much fun was had.
The second day kept the momentum going with Sergey Bratus, Rodrigo Rubira Branco, Kevin Thompson and Carl Federick II debating on radical thinking. Sergey painted a picture of a bug-free world where bad things still happen and people still get "pwnd". His propositions that features can be worse than bugs, “any input Iis a program”, and data is a liability resonated with the delegates. Sergey did a valiant job controlling his rant and managed to effectively communicate the challenge. Rodrigo claimed many of the so called “advanced” targeted attacks are actually pedestrian and had the research to back his position.
The afternoon was dedicated to POOH (Point of Origin Hacking). Brent Houston and Florian Grunow closed out the session with two fantastic presentations. Brent made a compelling argument that Alvin Toffler is the father of modern cybercrime and took us on a journey through the murky world of this thriving profession. He also challenged us to understand and adjust to the techniques of our adversaries, much of which were perfected during the Cold War. Florian took us beyond embedded when he talked about his experience hacking medical devices and demonstrated how bad it really is by playing a video on a heart monitor.
Hacksec Invitational: The combatants met mid-morning to compete for the coveted winners’ cup. Four teams participated in the annual hacker throw down; Zombie Liberation Front (ZLF), Living Dead Defamation League (LDDL), People for the Ethical Treatment of Zombies (PETZ) and Free the Walking Dead (FTWD). PETZ won the day by successfully achieving the most objectives. All four of the Boot Camp recruits passed their final exam and become certified Cyber Warriors.
The zombie theme continued through the night at the after party as delegates judged phobia inspired artwork, noshed on Zombie Dogs and got pickled on fancy drinks. It was agreed the new format worked well and will be used next year. One delegate was overheard as saying, “This is more like a family reunion then a hacker conference. This was the best year ever!”.
For those we did not get to experience the “Best Year Ever”, the presentations are posted here. We plan to release the Summit Notes, which will provide insight, quotes and meeting minutes from the closed door sessions. See you in Heidelberg!
Author: Angus Blitter.