Like any other HackerCon there are good and bad things, so I will jump right into the interesting stuff. The start of the conference was a little slow taking less of an attacker security approach, which I prefer. In any event around midafternoon was a talk called “Wipe the Drive!!! Techniques for Malware Persistence”. Mark Baggett and Jake Williams discussed some amazing techniques used by attackers. I mean things that even memory forensics don’t catch. They were discussing persistence tactics like:
- You remove malware and later your computer scans for a wireless access point as a part of normal activity and that scan releases the malware again.
- Your remove malware and later you plug in a standard clean USB key. At this point the trigger of the key being plugged in releases the malware and infects the system.
Again their entire suggestion on the talk was to suggest wiping the drive is again the only safe way to possibly remove malware and to think otherwise might be foolish.
Day 2 and More
On the second day I ended up attending a few different sessions. There was a talk on running a CTF that went through some of the tactics but mostly explained the amount of time it takes to setup and run a CTF. Several of the other talks I went to were less than technical in my opinion and I felt everything could be Googled in about the same time I was in the presentation. There was one exception, Carson Zimmerman packed the room (seriously no sitting space) with his talk on “Ten Strategies of World Class Computer Security Incident Response Team”. I came in late, but what I saw was good.
Other activities at the Con were always entertaining. The Lockpick village always provides a good time filler in-between sessions. I enjoyed spending some time handing out a few Hacker&Agent card decks to kids. Also, there was plenty of hacker and security speak in the evenings at the hotel bar. Otherwise if you like games there were some contests on the Xbox or I would suggest testing your skills by taking a stab at Shmooganography. If you get a chance and get into the 2014 conference its worth at least taking a look. Below is a preview of the 2013 contest.
Again overall a good Con, but I think some of the talks need to be more technical and in-depth next year.