There isn’t any happening much on Slovene local scene when it comes to security and conferences. Hek.si (subtitled Conference for Ethical hackers about Ethical hacking) is nice try of this kind events, but still far far far from events/conferences like HITB (that as also happening in the same week in Amsterdam), Defcon, Blackhat, BruCON, DeepSec, CCC related events ..
In this short review of the event I will try to focus on its content (highlights), and will leave besides maybe all organization and other failures.
- The keynote to open the event was presented by Milan Gabor (@MilanGabor), CEO and owner of Viris d.o.o.. Presentation had interesting title “Why your kind won’t be hackers” and can be summarized as today’s youth (the next generation of security researchers / hackers) is lacking persistence and drive in “hacking” (ethical hacking).
- IPv6 definitely is next big thing that is already happening to internet (hey, on internet side it works!) and Enterprise IT businesses and it opens a lot of security issues/challenges involving protocol itself and security threats when wrongly deployed in current networks. Security issues in setting up IPv6 via tunnel brokers and firewalling was presented by non-other than Jan Žorž (Zavod Go6 / ISOC). I could almost say – “There is no IPv6 without Jan Žorz“. Summarized in one sentence – when diving into IPv6 try using SI6 Networks’ IPv6 Toolkit, for security assessment and troubleshooting IPv6 protocols, highly recommended even from my side.
- Edi Strosar talk about “Enhanced Mitigation Experience Toolkit” was one of more advanced and well prepared talks. The upgraded and updated talk Edi already had in Cyberpipe and at one of previous OWASP Slovenia meetings.
- Milan and Viris team had another interesting talk on uPNP regarding common vulnerability CVE-2013-0229 & CVE-2013-0230 and put together some nice scripts for UPnP pentesting on Github. Very similar uPnP talk, I had chance to hear at Ninjacon 11 (Security BSidesVienna) back in 2011 by Arron “finux” Finnon.
- Let’s not forget about talks from SI-CERT by Gorazd Božič (@gbozic), for latest news for our e-banking attacks and what’s actually happening on “internet field” (very stylish slides!! Very “PresentationZen-ish” ). Regarding same topic, Tadej Vodopivec prepared talk on how secure are smartcards for on-line backing.
- Matej Kovačič‘s talk on Mobile security and cracking A5/1 stream cipher has also already been seen at last Infosek 2012 as well as in of one of regular Cyberpipe’s open sessions.
- Second round table titled “Responsible Disclosure” opened interesting debate; too bad it was not recorded. Maybe I will put some of its insights in one of futures blog posts.
Generally speaking I was expecting even bigger failure and thank for some individuals and several talks that really were above minimum you would have expected on events like this elsewhere. There were still too many talks (including from people who supposed to be professional pentesters) with screenshots of hacking tools with no technical background, no methodology, no insights why “system” is exploitable and how presented tool actually exploits vulnerability. Something Script-kiddies would pass on to newbies (becoming new Script-kiddies).
While writing this I am already packing for Security BSidesLondon 2013. \o/