Hek.si – local security event wrap-up

bg_headerThere isn’t any happening much on Slovene local scene when it comes to security and conferences. Hek.si (subtitled Conference for Ethical hackers about Ethical hacking) is nice try of this kind events, but still far far far from events/conferences like HITB (that as also happening in the same week in Amsterdam), Defcon, Blackhat, BruCON, DeepSec, CCC related events ..

In this short review of the event I will try to focus on its content (highlights), and will leave besides maybe all organization and other failures.

  • The keynote to open the event was presented by Milan Gabor (@MilanGabor), CEO and owner of Viris d.o.o.. Presentation had interesting title “Why your kind won’t be hackers” and can be summarized as today’s youth (the next generation of security researchers / hackers) is lacking persistence and drive in “hacking” (ethical hacking).
  • IPv6 definitely is next big thing that is already happening to internet (hey, on internet side it works!) and Enterprise IT businesses and it opens a lot of security issues/challenges involving protocol itself and security threats when wrongly deployed in current networks. Security issues in setting up IPv6 via tunnel brokers and firewalling was presented by non-other than Jan Žorž (Zavod Go6 / ISOC). I could almost say – “There is no IPv6 without Jan Žorz“. Summarized in one sentence – when diving into IPv6 try using SI6 Networks’ IPv6 Toolkit, for security assessment and troubleshooting IPv6 protocols, highly recommended even from my side.
  • Second round table titled “Responsible Disclosure” opened interesting debate; too bad it was not recorded. Maybe I will put some of its insights in one of futures blog posts.

Generally speaking I was expecting even bigger failure and thank for some individuals and several talks that really were above minimum you would have expected on events like this elsewhere. There were still too many talks (including from people who supposed to be professional pentesters) with screenshots of hacking tools with no technical background, no methodology, no insights why “system” is exploitable and how presented tool actually exploits vulnerability. Something Script-kiddies would pass on to newbies (becoming new Script-kiddies).

As mentioned above, in the same time HITB Amsterdam was happening and Xavier (@xme) put together two posts about its happening. See Day 1 & Day 2.

While writing this I am already packing for Security BSidesLondon 2013. \o/