Wednesday, March 6, 2013

Conference wrap-ups - ShmooCon, BSidesSF and RSA

Well, finally able to decompress and sort out everything from the past 3 BUSY weeks.

Started out going to ShmooCon in DC. That was the first time I had a chance to go and I was really impressed. For a smaller conference, there really were a lot of great talks. Orin Kerr and Marcia Hoffman had a really good talk on the CFAA. @Aestetix had an awesome talk on Nymwars and Online Identity. Michael Schearer (@theprez98) had a great talk on the law and various court cases as well. The FireTalks in the evening were outstanding. @rogueclown did a really cool talk on getting involved with CTF's. Joe Klein (@joeklein) had an interesting talk on hacking around with system time settings. And Chris Campbell (@obscuresec) had a great talk on using power shell. All of the Firetalks are available online at Irongeek's site. No wonder the barcodes get all snatched up in a matter of seconds. This is definitely one I will try to get back to next year.

Since I was going to be in San Francisco for RSA the next week, I decided to see if there were any tickets left for BSidesSF. Unfortunately I couldn't get my travel plans changed around to allow me to attend both full days, but I was able to get to the Monday sessions. It was definitely a smaller conference feel. The talks I did see were really good. I really liked the Valerie Thomas(@hacktress09)/Harry Regan talk on physical pen tests and Jason Andress's (@jason_andress) talk on Anti-Forensics. Both were really informative. One big drawback I felt was the venue though. The con was held at the DNA Lounge, which really wasn't suited for this type of event. The talks I attended in the small room upstairs (track 2) were hard to follow since there was so much noise from the main room. There was also the big dustup that led to Violet Blue's talk being cancelled at the very last minute. Not sure how that all started, but there are several accounts of it from all sides. I'm really kind of kicking myself now for missing the Sunday sessions. I think there were some really good ones that I would have liked to see. Maybe next year if I go back out to SF, I will plan the trip a little better so I can spend both days at BSidesSF.

Then the rest of the week was for RSA. Spent Monday evening cruising the expo hall checking out vendors that would be good to revisit throughout the week. New this year was a second, smaller expo hall. I don't know the exact count, but I'd guess there were probably about 375 vendors total. Things were definitely toned down from past years. Fewer booth babes and I don't think I saw any booths with cars. Veracode had photo ops with Larry Thomas, aka the Soup Nazi. That was kind of neat. I also saw Darth Vader and a Storm Trooper or two walking around, but I don't recall what booth they were from. I can't tell you how many plastic light sabers I almost got poked with. Maybe not one of the best booth giveaway ideas. Definitely had to keep watch for things like that hanging out of backpacks when the person in front of you abruptly stopped.

I ended up in my hotel room all Tuesday with a stomach bug, so I missed the opening keynotes and track sessions. I'll eventually run through the keynotes on-line as I get a few minutes here and there. I did make it to all the track sessions I wanted to see the rest of the week. The top three had to be (in no specific order): the Sysinternals talk by Mark Russinovich (@markrussinovich), Jeremiah Grossman's (@jeremiahg) talk on Application security and The Five Most Dangerous New Attack Techniques with Alan Paller, Ed Skoudis and Johannes Ullrich. I'm still going back over my notes and the slides from all the other sessions, but these three definitely stood out in my mind. I'm generally not a big fan of the keynote addresses, but I have to say I really enjoyed listening to Billy Beane and Condoleezza Rice on Friday.

Now I just have to go back through all these notes and slides and come up with some really good ideas to possibly turn into talks of my own for later this year.