#Days Security & Risk Conference @ Lucerne

The last two days I attended the #Days Conference at the Blu Radisson Hotel in Lucerne. There were a lot of very interesting topics covered by the speakers.

Day One
The ceremony, and herewith day one,  was officially started with the opening ceremony of Paracelsius, the president of the Defcon Switzerland, an official Chapter of Defcon Las Vegas, followed by an awesome keynote speech “The state of (in)security” by Chris Nickerson.

After that, I attended another speech about anti-forensics by Morgan Marquis-Boire or how to fool law-enforcement.

“Head Hacking – The Magic of Suggestion and Perception” or “How to be a Master Manipulator” was another topic covered at the conference. Dale Pearson showed us, how to gain sensitive information from people by making use of simple social engineering techniques.

The afternoon was started by a speech of Kimmo Kasslin and Antti Tikkanen from the F-Secure Labs. During their speech “Rootkits in the Real World Today” they demonstrated us us, how modern root kits behave these days and how are they built. The demos were built based on the Brain virus and the Rustock and Mebroot root kits.

OSSTMM V3, the international security testing standard was brought to us in deeper detail by the creator himself, Pete Herzog.

Later during the day, Peter Oechslin from Objectif Sécurité also showed us how (in)secure Extended Validation Certificates really are how easy it is to trick the user by injecting fake certificates into your browser.

The last speech of this day was held by Jesse Burns: “Android application security, the fun details”.

After that exhausting day, most of the hashdays members went to jail. No, not the jail you mean. I mean a club called jail. 😉 But it was funny anyway.

Day Two
Day two started with a very interesting speech from Karsten Nohl “Busting phone encryption”. Although, there were not really many people attending (party last night), the speech was very in-depth and interesting. He outlined, how weak proprietary crypto on devices like car keys, GSM or DECT phones is. Basically, he went into details about the A5/1 crypto algorithm which is used by most of all GMS mobile phones around the world and explained the different weaknesses.

Later on, Andrea Lelli & Mario Ballano Barcena from Symantec gave us an overview over the current root kit landscape. They showed us how modern root kits in todays real world operate. It was quite impressing to see, that root kits today even infect the main BIOS of a computer system. That was an interesting and (very fast spoken) talk, but interesting.

Then, Nicolas Seriot held a speech about “Apple iPhone 4 iOS Privacy”.

For the rest of the afternoon, I spent the time hanging around with the guys from SPASS (Schlösser picken als Schweizer Sport). They spend their spare time breaking physical locks. Having the right tools and some locks can be very funny – And I have the right tools anyway :). It was very fun trying to break the different types of locks. Peter and Urs from SPASS teached me and some other guys how to breack them and how to use the tools correctly. It was thrilling to break the first lock. this afternoon I broke some locks which are sold in super markets for around 60 to 80 Swiss Francs in a couple of minutes (doing this the first time, well understood). Locks can suggest a secure feeling, where there really isn’t one. Bigger locks do not mean higher security. Moreover, the oppisite is the case: They are easier to break. So be cautious. Although I had some instant success stories to tell, there are many types of locks which are really hard to break, for example the Kaba 8 or the Kaba 20. I didn’t even try it. But you may never know 😉

I really have to give a shout to the Decon guys. They did a brilliant job to get this first edition of the hashdays conference up and running. Thank you!


Leave a Reply

Your email address will not be published. Required fields are marked *