DefCamp 2011 - Bran
DefCamp 2011, the first cyber-security conference in Romania, was held in Bran between 30 September - 2 October. Almost 70 hackers gathered to talk, share experience and have fun.
Prologue
I learned about this conference first from Andrei Avadanei at GrepIT. He told me that he has secured 2 nights for about 60 persons, at a nice hotel in Bran. I was a little sceptical, but nevertheless, I waited for an online confirmation.Then on 9 September, the website went on. Based upon a form, the participants were split up in 2 groups: VIP and non-VIP. The VIP ones had their accommodation paid, at Club Vila Bran.
First day
I took the bus from Valcea to Bran on 30 September. After a 5 hour travel on the potholed roads of Romania, I finally arrived near the hotel. There, I met Andrei and other guys from RST, a well known Romanian security forum which I often visit.Also, I met Vlad Stoian. He is a CS student at University Al.I. Cuza in Iasi. We talked about computer science Olympiads at Yahoo! Open Hack, and he was in the jury at InfoEducatie (but not at my category). So we decided to stay in the same room.
The location was a geek's dream: a remote 3 stars hotel, in a good Romanian mountain resort. The conference room had enough space for all of us, but the router didn't manage to serve all the 60-70 laptops (medium speed was about 8 kb/s...). And also in the conference room it was a little cold, but the coffee, red bull and coke from the organisers made us forget about it
The first presentation was a call to action by Andrei, in which he exposed the current problems of security and the fact that communities tend to not cooperate. Then Ilie Valentin presented a history of security and vulnerabilities, in which the "old" guys remembered how was it when the number of IRC bots represented your status in the hacking world. The last presentation was by Petre Popescu about PHP flaws, and how to protect from them.
After the keynotes, we went to the nearby restaurant to eat. Adrian Zainea was a guy who helped Andrei organise the event, and he was especially intrigued about us, hackers, as a community. So we tried to explain him the basic rules on how we live and work.
Second day
Presentations started at 9 o'clock with Tamper Data for Processes, by Ionut Popescu, where he presented methods of hijacking processes (this was the most exotic presentation for me). Then Andrei presented his pet project SYDO, a plugin which tries to secure data permissions between client and server, by adding another middle server (it's available on Github). Then, one of the most interesting presentations was by Ionut Maroi on SQL Injection, because he coded a demo website, where we could exploit the vulnerabilities. Then Andrei came yet again, and presented us his big project, Smart Fender, a defensive platform with lots of tools that help developers be prepared for attacks be malicious persons.From 3pm, DefCamp Forensic Contest 2011 started. It was a hacking contest which consisted of an archive, which had other 7 archives in a "matrioska" style, where to get to the next level, you had to solve a problem. I teamed up with Vlad, and we managed to solve 3 levels, till 2 a.m. in the morning. The tasks consisted of decoding esoteric languages, or observing a well known algorithm problem in a Javascript, or even doing matrix multiplication from images (feel free to try and solve the problems). Thank you Hertz for creating these awesome challenge. After 12 hours of brain draining, we went to sleep very tired (w/o playing any Starcraft :( ), but we were happy that Andrei told us that we are in top 3.
Last day
At 9 m, we were sleeping at the first presentation: Injection in forms, by Dragos Gaftoneanu, and then we slowly woke up at "Bypass CSRF with Captcha". At the award ceremony we learned that we got 2nd place, and that Cristofor Ochinica owned us, finishing level 5. However, me and Vlad won Bitdefender licenses and an external hard drive.Going home was not as easy as I planned, because I didn't know where the bus picked up people. So I managed to loose it for the first time. But the 2nd time, I wasn't alone, so successfully got it right
Epilogue
All in all, it was a hell of a conference :D. So that's why I recommend you participating in the next DefCamp, at Iasi, on 17 december. Sadly I cannot participate (fuck school), but I think it will be another great event.PSes
- Pictures and all presentations are available here (in English)
- Some of the moments I remebered from Securitate-Informatica.ro
- Happy birthday Andrei