My first infosec conference

In this post I would like to share with you my thougts about the first infosec conference I have ever attended, earlier this year in June.
But I would like to start by thanking again my company and my boss for allowing me to attend this event on working days, and for funding the whole trip.
This may not look like a big deal, but 2 of my coworkers and me attended and that is already 25% of our small company that our boss cut loose for 3 entire days.

Pass the salt!

As a newcomer into the infosec world, I had high expectations from such an event, and Pass the salt fullfiled all of them.
PTS is a 2 and a half days conference about security and libre talks, taking place in Lille, FR, every year early June.

From their own words:

A free Security & Free Software conference.
Building bridges between Security communities and Free Software hackers!

The topics are various and all really interesting, going from hardware hacking, to reverse engineering, red-teaming, GDPR, OSINT…

The talks

The conference starts on Monday afternoon which allowed my coworkers and I to travel in the morning and be ready for some talks all afternoon.

The first talk (by Ange Albertini) named “Kill MD5, demystifying hash collisions” was a perfect example of the kind of talks I came for: blowing your mind, easy to understand for a beginner like me, but also easy to understand the consequences of the topic on your daily life as a security “professional”.

NB: I will not describe all talks here because that would take too long, but you can find all the slides here, do take a peak as all of them were really interesting.

As a total newbie in developing and reverse-engineering, the second talk by FrenchYeti named “Dexcalibur – automate your android app reverse” *almost* got me to understand how Android reverse works, and definitely made me want to dig deeper after the conference.

The workshops

After a good night sleep, the talks start again for the whole day, but my mind was focused on the workshops. A total of 9 workshops take place during the 3 days of PTS, so you’ll have to choose between the talks or them. Some workshops offer you some privileged time (groups of 20 max.) with a speaker you would want to meet, and some give you a real opportunity to get your hands dirty on some hardware.

As an RFID enthusiast, my main goal in this conference was to finally meet Chris Herrmann aka Iceman, the man whose work got me hooked into RFID. Luckily, him, Philippe Teuwen aka doegox, and RRG (RFID Research Group) were holding a workshop that lasted all afternoon (but somehow was not long enough!).

Fanboy picture!

After camping the queue like a teenager at a Justin Bieber concert, one of my coworker and I got in. Some of the attendees were total beginners in RFID and we got paired to try and get homogeneous groups, and we discovered home made safes with RFID locks which we were going to try and open for the next few hours with the use of the Proxmark3 provided (I will come back on this device in a next article as there is simply too much to say).

Working on the challenges

I will not go into details about the workshop as I do not want to ruin people’s fun if they plan on going to the next ones, but do know that those 3 gentlemen acted as true professionals, took time to answer all of our questions and many more, and provided us with real challenges. We not only “Unlocked Proxmark3’s secrets” (name of the workshop), but also learnt about RFID and physical intrusion in general.

At the end of the day, beginners could use the devices enough to crack into a few locks and doors, intermediate users like me learnt a lot of new tricks, and I’m sure experts discovered some tips they had no idea about. To me, this is the best way a workshop could be summarized.

In short…

  • The conference takes place in the University of Lille, and therefore the conference room was big enough for all of the attendees.
  • It was really easy to go on site with public transportation, and the PTS team had everything advertised and planned for the D day.
  • Food trucks were planned on site for the 3 days.
  • Last but not least, PTS also held a “Social event” on the tuesday night, with a privatized bar and some free beers. This was the occasion to discuss with speakers and attendees without stress and was a really fun night!

The extras

As a security conference wouldn’t be one without some “hacking”, here is how we kept ourselves busy at night…

Hotel WIFI password… At least they changed it, my pinky told me last year it was 1234567890
When you realize the hotel gave you an RFID access card as a room key
Cloned hotel room key works like a charm
In the train on the way back from PTS, workshop got us inspired

Conclusion

I do not have any reference point as this was my first experience but I’d like to thank everyone that got involved in PTS to make it possible, as it was good enough to make me want to come again ūüėČ
Since it is a free conference, I would recommend anyone (beginners or not) to attend in 2020! See you there!