poniedziałek, 24 października 2016

Security BSides Warsaw 2016

About a year ago I had a honour to be a speaker at the Security BSides 2015 and you can watch it here. Shomehow I didn't share my experience, but as the event is annual, I would like to describe what happend this year.

The event

It is 3-day lasting free IT Security conference in Warsaw, the capital of Poland. Event is organised by people from the IRC channel #listekklonu on pirc network. Leading person is piatkosia. Most of the presentations are in polish, however there were some english ones and organisers are very open to have more speakers from abroad.

Tickets and crowdfunding

As I mentioned, the event is free, but that does not mean that everything is costless. Organisers started crowdfunding campaing on wspieram.to site. The threshold was 5600 zł and they managed to get 6000 zł. The capacity of the conference room was limited and there were some tickets available. They were splitted to three parts: the small part was available on the crowdfunding, and the rest was divided to two halves of 75 seats. One was completely free and the other was about 12 zł each. The paid tickets were cheap and knowing how hard it is to organise an event, I have bought one.

The place

Event was located in Państwo Miasto at Andersa 29. On the ground floor there is a small restaurant with moderately expensive food an drinks, however very tasty. On the first floor there are some non-goverment organisations and medium-size conference room. The room has two disadvantages. Most notable is lack of air - with about 150 people it is very hard to not yawn or even faint on hot days. Between presentations there is a mandatory break for refreshing the air. Pro tip: Sit at the very back, so you would get air from back window and the doors. The other disadvantage is the visibility of the white screen (on which the image of the presentation is displayed). It is very low and the ceiling construction would cover it if it would be higher. Pro tip: while sitting at back, sit against the column without seats - therefore you would see much more than sitting behind people. Nevertheless, the higher standard of conference room would cost serious money and may influence the atmosphere of hacker's meeting.

Organisation

I was a bit late and my named badge was waiting for me and few promotional materials (newspaper, paper notebook etc.). Upstairs there was a presentation ongoing, organisers were where they should be, speakers got their free lunch and there was an after party. What would you expect more? Well, you might expect that every speakers would be on time. This is nothing wrong with the organisers but some speakers cancelled their presentations in the last minute. There were therefore numerous changes in the agenda and only due to hard work of piatkosia and the rest of the team (prezes, xaxes, nikow and others that I don't know).

Most interesting presentations

Well, It is very hard to point the best among so many well candidates. Therefore I would like to single out four most interesting to me. Many more were at least good and were presented by well-recognised people. Even more - these presentations will be presented at way more recognised events as Secure, Confidence etc.

Mateusz Szymaniec, Jarosław Jedynak - "Jak zdobyć flagę" ("How to capture the flag?"
Speakers are the founders of the CTF team p4 They spoke about CTF - what it is, what are the kinds of tasks and what was needed to capture the flag in some example challenges. Quite a good introduction made by one of the top teams. What is worth mentioning, they told how CTF influenced their professional career.

Miłosz Kaniewski - TLS 1.3: Co nowego? ("What's new in TLS 1.3")
This presentation was exactly what it should be: what is wrong in TLS 1.2 and what is being proposed in TLS 1.3 to address the known issues of current implementations (e.g. no CBC mode of AES, no 3DES etc.)

Mateusz Kocielski - "Make DragonflyBSD great again?"
Mateusz also known as shm or akat1 told about how he noticed an error in DragonflyBSD and how he exploited it. Pretty awesome skills and in effect: root. It was a very well-spoken and coherent story. There was a little surprise when the prepared example didn't work but Mateusz momentarily understood the problem and resolved it explaining why it didn't work at the first time.

Adam Haertle - Wlamania do bankow z łomem i bez ("Bank robbing with and without the crowbar")
Adam told the audience about bank robberies which took place in the last decacade or so. It was a fascinating story about the physical (in)security. What is worth remembering: the bank trays are very secure and even having two days of full access, robbers are able to break into about 10% of them.
Later he told about latest e-bank robberies with keyboard used instead of the crowbar. Among them the most notably is the theft of $80 mln from Bangladesh central bank.

After party

What happens at BSides stays at BSides :) That's all what I would say. Great people, great beer and [top secret] :)

Overall

It was a great event and I really do have a great hope that in 2017 it will take place again. It will be almost impossible to have such quality progress as it was between 2015 and 2016 editions so, organisers, especially patkosia: I challenge you :-)
I definitely will be present in 2017 since I consider this event as one of the most interesting IT Security events in Poland. Well done :-)

Someone may be asking, why I am writing in english about the conference in polish. This blog is in english and there may be no speakers from abroad if there will be no articles about Security BSides Warsaw in english. How else would you know about such an event abroad?

1 komentarz:

  1. A playlist of all the videos for the day can be found here:
    https://www.youtube.com/playlist?list=PLLkxrZuQ5G20i1sxKEcul9vFxM8A13ZY2

    OdpowiedzUsuń