Summercon 2012

Here's a picture of Redpantz, one of the organizers, because I don't have a picture of myself.

Another successful year of Summercon in the books. This was the 2nd time we had Summercon at Littlefield in Brooklyn. I actually tried to take it a little easier this year, don't know how successful that was, but mainly because this year I won't be only 2 blocks away from the venue but a 30 minute walk. On Thursday when Redpantz and Jimbo arrived, we started drinking at lunch and had a rough time walking that far. Lots of cool talks this year, and 2 tools were released shortly after they were presented at the con (the IDA Toolbag and Vivisect version of Vtrace).

The schedule this year was a little more hangover friendly, doors didn't open until noon and talks not until 12:30 or so (though we were probably behind schedule on both counts). This meant that I didn't have to wake up super early and help run the registration tables, which was probably a bit more important this year than the last few years because there was a LOT of pre-registration and a surge was expected at the beginning. Fortunately, the registration desk ran pretty smoothly, thanks to the work of Michelle, Joann and Jimbo.

Fermin Serna had a talk about CVE-2012-0769 concerning info disclosure via Flash. Then Jon Oberheide and Dr. Charlie Miller gave a talk about Google's Bouncer and how to get around it. A pretty entertaining and informative talk that also featured an Android mascot Pinata filled with Colt-45. That was followed by a Collin Mulliner's talk about instrumentation on Android binaries. The first day was rounded out with a Busticati talk from Dr. Raid and Aaron Portnoy about their IDA Toolbag. I didn't get to sit in on a lot of the talks during the first day because registration was pretty hectic. There was a bit of a party afterwards with DJ Keith that was sponsored by IO Active, but I didn't end up going to that. Here's a G+ post with photos from Day 1.

Having not stayed out late, I got an early start for day 2 though Michelle was hurting a bit so we didn't get to Littlefield until after 11am. The day started with a talk about C/C++ static security checking using Microsoft's HAVOC by Julien Vanegue, was a pretty interesting talk, and the room was pretty quiet probably because people were hung over and haven't started saucing yet. Then Travis Goodspeed gave a talk about using radio noise to exploit the PHY layer. Really interesting talk about the flaws in something that's practically the backbone of networking. Then we had a highly anticipated talk about MD5 Collision and how it was used by the Flame virus by Alex Sotirov. Essentially, using MD5 collision, a fake cert can be signed using a valid certificate authority (Microsoft Update in the case of Flame, which still allowed MD5 signing). Invisigoth Kenshoto, godfather of Vtrace, talked about, well, Vtrace, and Vivisect. By this point, I was 3 glasses of whiskey into the night so things start getting fuzzy. Invisigoth doesn't give a lot of talks, so this was kind of a treat, plus Legs Malone got to spank his girlfriend on-stage. The night was rounded off with a talk by Gillis Jones about why security still isn't taken seriously by businesses. It was an interesting talk and was unfortunate that there were so many drunk people by this time because there was a lot of noise coming from the bar. This always happens by the evening, as I remember when I gave a Summercon talk, it was at 9pm and there was not a sober soul in the building. While my talk was also about single malt scotch, I didn't down the amount of booze Gillis managed to during his talk. Don't think I've ever seen someone drink a 5th of vodka that quickly, glad everything turned out ok. Reminded me of Jimmy Shah's talk last year, entertaining and a lot of alcohol. Not exactly sure what happened after that, at some point my girlfriend drove me home, and then at some point I wanted to make it back for the burlesque party. Here's my G+ post with pictures from Day 2.

Some feedback on twitter:

@mtrumpbour I completed my #summerc0n experience by being propositioned on the way home (by a lady). I kindly declined.
— Steve Kain (@sckain) June 10, 2012

Survived another #summercon, some goodies: ida toolbag thunkers.net/~deft/code/too?, HAVOC research.microsoft.com/en-us/projects?, and vivisect visi.kenshoto.com/releases/
— Kai (@chaisquaredx2) June 10, 2012

Woke up with an odd rash and 0-day...thanks @nudehaberdasher #Summercon
— Kyle Hanslovan (@Marqo09) June 10, 2012

#lulz RT @rabite: Maxlols. This medal speaks for itself.. yfrog.com/nv9wmmsj @summerc0n #summercon
— Cykocurt (@_Cykocurt_) June 10, 2012

@nudehaberdasher Awesome conference! Thank you man for making it possible! #summercon
— Fermin J. Serna (@fjserna) June 10, 2012

SRO for Alex Sotirov's 'MD5 Collision in Flame' it's actually quiet in here #summercon
— Space Rogue (@spacerog) June 9, 2012

The hell happened after my #summercon talk? I vaguely recall a homeless man's blessing then waking up on a bathroom floor beside a hedgehog.
— Aaron Portnoy (@aaronportnoy) June 9, 2012

@aaronportnoy I was impressed with you keeping your composure on stage at #summercon. I would have puked. Awesome job on IDA Toolbag!
— arebc (@nullandnull) June 9, 2012

@mtrumpbour @summerc0n easily the best time i've had at a conference, thanks for the oppurtunity! Glad I'm still alive to tell the tale!
— Gillis Jones (@Gillis57) June 10, 2012

I meet a lot of really awesome ppl @summercon I can truly say my experience was well worth the trip. #Summercon
— Sherwyn(@Infolookup) June 9, 2012

@SummerC0n does it right: "speakers don?t have to pay their way and attendees can have a blast learning something while making new friends"
— Jon Oberheide (@jonoberheide) June 7, 2012

Filed under: Summercon, Computers, Travel & Events
6/10/2012

HOME,CONTACT, TWITTER