30C3 happened in Hamburg at the end of December 2013. I’d never been before so I was
looking forward to it. Having never been or known that many people that have been,
I had no preconceived ideas as to what I was in for.
Little did I know that I’d learn stuff, write more code than I probably should at a
conference and realise that you don’t have to mission to Las Vegas to experience a
The TL;DR version of this blog post is “Go to 31C3..it’ll rock your panties”
So many interesting talks happened. The great thing about 30C3 is that if a talk is in
German (which quite a few are), you don’t have to miss out on anything. You can pull
up the translated stream and watch that or even listen in on the translation on your DECT
phone. Yes, there is a GSM network running at 30C3. No, I probably wouldn’t connect to
it with my stupid iPhone. Especially after watching ioerrors talk on Sunday/Monday.
Having access to the live stream was also awesome in that you never had to miss out
on a talk if you were hacking away at something in another room. This happened to me
a few times. And it also happened when the rooms filled up quickly. Thank god for the
overflow to Saal 2 for the keynote is all I can say…
Anyway, talks..here’s what I caught and why I thought they were interesting. Most of them
will be on the offical media page by the
time you read this so pick them up there.
10 Years of Fun with Embedded Devices
This was a little dry for my liking. It was a good overview of the OpenWRT project over
the last 10 years. Having never used the project it was cool to see how it evolved
over the years.
Electronic Bank Robberies
This was a very interesting talk up until the time I got kicked out of the isle.
While it wasn’t new tech or anything, it was interesting to see how the malware authors
were attacking ATMs. All it really proved was the physical access beats everything.
The highly anticipated keynote for 30C3. Saal 1 filled up very quickly so we managed to
get a seat at the back of Saal 2. Glenn Greenwald gave a very interesting talk about
the whole Snowden / NSA incident. It was great to hear that things like GPG/PGP are
starting to catch on outside of our circles.
The passion and dedication shown by Glenn and his colleagues left me with a little more
hope for humanity than before 30C3. I suggest that you watch this.
Hillbilly Tracking of Low Earth Orbit
Very interesting talk by Travis on tracking satellites (I think).
Travis has been doing awesome stuff with satellites and radio stuff for longer than
I’ve had a drinking problem. You should also check out PoC||GTFO.
My journey into FM-RDS
Really interesting talk by Oona. She described how she discovered a signal while listening
to her radio one evening. She then reversed said signal and discovered some awesomeness
behind it. While I’m not very into the SDR/radio side of things, it was a very interesting
talk. The way it was delivered was also great. Very understated with some rather awesome
sauces just dropped without the usual flashy showmanship you usually expect with something
like this. Must be a Scandianvian thing :)
I was hoping for a little more from this talk. I’m putting my lack of enthusiasm for this
talk down to a lack of Mate at that particular time. Really it was a good talk about
FPGA’s. I’ll probably catch the recording again just to make sure…
The Year in Crypto
Moral of this story, don’t put crypto talks late at night when people have been up
most of the night before…
I will catch the recording of this talk again as it’s something I’d like to learn
SCADA StrangeLove 2
A buddy said I should watch this. It was a pretty interesting talk on SCADA stuff
but I got the feeling that it was a little too much “look how awesome we are” more
than anything…but by this time I was fairly grumpy. I’m not a nice person when I’m
RFID Treehouse of Horror
This was a great talk on the use and abuse of RFID in Austria. The speaker gave a good
overview on how we got to this point. The information on the tech involved was great.
I’ve been tinkering with RFID for a while and this talk definitely gave me a few ideas
that should help me get over some of my own hurdles.
Another talk suggested by a buddy (damn you BSB). This was an interesting talk on X security.
We’ve long known that there are bugs in software. The speaker just showed that the
situation is a little worse in X :)
To Protect And Infect (part one)
A pretty good talk on the use of malware by nation states. I got the feeling that
there wasn’t anything new here. It seemed to be a rehash of what they had already showed
in previous blog posts and the like. Again, grumpy…
Virtually Impossible: The Reality Of Virtualization Security
I need to review this post. Mostly because it affects me directly. As it does the OpenSSL
project it seems.
What I caught of this talk was pretty good. Unfortunately a dinner run was made right in
the middle so I missed a vast portion of the good bits.
Through a prism, darkly
This was probably one of the best talks I’d seen on the whole NSA thing. Other than @ioerror’s
of course. The speaker gave a great overview of all the TLA’s, tech and laws involved in
the NSA shit pie. If you’re looking for an overview from a law and tech point of
view, I’d definitely review this talk.
All in all there was a great cross section of talks. Not many other conferences cater
for the various types of hackers that turn up at events like this.
And let’s not even talk about the workshops. I didn’t manage to make it to any of them
but there were a couple that I’d like to have made had there not been something
else on at the same time.
Shit BSB says…
BSB posed a simple question to me at some point during the conference. I say simple, but
given that we’d all been up for a silly amount of time and were now powered mostly by
a heady mixture of Mate, beer and chilli, it was anything but. But I digress…
The question he posed was “what was the best 5 minutes of the conference for you ?”
That was a bit of a toughie for me, but I can definitely say there were a few moments
when something either clicked, made me laugh or some such shenanigans
* Jason the SCADA guy - "hey..I this malware sample" "opens IDA" "mass reversing ensues"
* Secret beers and talking satellites and hardware with [fbz](https://twitter.com/fbz) and Travis Goodspeed while drinking delicious IPA
* The "how do I get RFID tag samples quickly and easily" moment...just build something simple and send it back to yourself :)
* The 8km of pneumatic tube system for shooting coloured flashy bottles all over the conference
* Heading somewhere at 3am and seeing a huge mob of people still swarming around doing stuff.
So this happened
I really suggest you watch the video here and make up your own mind.
Ian Amit also made a good point here.
I’m still trying to process this, but it’s definitely a game changer. I just hope that
it gains traction out of our circles. I fear that, while we as a community are very
angry and could make changes, the rest of the world may not care enough. Or want to make the necessary changes to improve things. But this is probably a conversation for another day.
This was a new concept for me. It’s probably a thing at DefCon and the other US conferences, but it’s the first time I’ve seen it in such scale. Throughout the conference areas
there were tables setup for groups or assemblies of people. Our little hackerspace had a table as did many others.
The idea was that if you had a group of people you could get yourself a table and some
internet access. This mean you had a little “home base” to come and go from. This was
great as you had a comfy place to sit and hack on stuff if and when the need arose.
There were so many different assemblies that I stopped trying to keep track of them all.
The guys making alcoholic slushies proved very popular on Saturday night for instance.
If you come through to 31C3, I’d recommend getting a group of people together and getting
yourself a table and network together…it does help.
I couldn’t get anywhere near the large lock pick village/assembly for the vast
majority of the weekend. This is both awesome and mildly annoying. Awesome in that
so many people wanted to learn more about lock picking and get some much needed practice
time in. Not so awesome in that I wanted to be one of these people but never managed it.
Flora Mate is a great alternative to regular Mate. I’d like to have had Mui Mui (I think)
Mate, but I haven’t found it outside of Marburg :(
IceFloor for OS X is a gigantic pain in the ass. Yes, I should really just use PF, but
I learned stuff. I felt like I know nothing about computer security. I learned more stuff.
More than anything, 30C3 showed me what we as a community of people can do when we put
our minds to it. It inspired me (as many of the conferences I have gone to before have)
and probably made me think a little bit more about what I’ve been doing and what I should
be doing. Mostly I know that I really want to spend more time doing real infosec work,
helping where I can and teaching others if I have something to share.
At this point I should probably sign off. It’s been an awesome few days and I need to catch
up on some much needed rest before we mission back to real home base. (Note to self, next
year…fly or catch a train. The truck is no way to travel long distances).
So thanks to @fbz, @blackswanburst, @travisgoodspeed, @ioerror, @Nickf4rr, @windyoona,
@pinkflawd, secret IPA and the @hackeriet crew. There’s a bunch of other people but
these guys and girls made the con for me.
Oh and thanks to CTP and the guy who runs Krypton Security for the great dinner at The Bird after
closing ceremonies. Great food, card tricks and general hackerynessness.
Finally, go here, download the PDFs and enjoy :)
I know I’ve forgotten stuff and people and things. 30C3 was just that awesome.
Also. Fuck German minimal house. Fuck it hard.