As I mentioned in the previous post, just after Source Seattle some days ago, the ToorCon (also in Seattle) began. Some speakers took advantage of this to present the same or different presentations at both conferences. Friday the 13th was the opening day, with a small party, but the presentations didn’t begin until the following day. There were thirty talks in total, each delivered in a 15 minute period of time, with a short break for lunch. It was an entire day of presentations, from 8:30 till 10:30, quite a day!
The subject of the talks was very varied, from hacktivism themes through to hard disk recuperation. During the morning we could attend, amongst others, presentations about the use of concurrence in Python for the creation of stronger security tools, an appeal for the real securing of communications, exploit kits, details of the fall of the Rustock botnet by Julia Wolf, how to physically recover a hard drive (a real surgical intervention of a hard disk) and it ended with some interesting thoughts about Bitcoin from Dan Kaminsky: if a normal user does not have the capacity to generate a large amount of bitcoins, because it depends on the capacity of the calculation, who will end up having them all?
The afternoon sessions were no less interesting. In my opinion, the highlights were the discovery of exploitable vulnerabilities in the kernel through emulation, a practical example of telephone social engineering, where you could hear how they obtained data from a real secretary, and one that dealt with the compromise of a domain through a PBX telephone system. Without a doubt, this last one brought more than one person to their feet and received the best applause of all, as its staring point was a telephone system and they managed to query sensitive data from the network systems.
Finally, the closing event took place at a club in the city where people could socialize in the best possible way ;) This wasn’t a conference where you could go and put up a company stand, but a place where you could meet unusual people with a wide knowledge of IT security and share a beer. There is a risk that by the last speech you wouldn’t be paying full attention to the platform, but nothing is perfect, is it? It is another type of conference, very different from Source, but equally recommendable. In summary, the best thing to do is to attend them both ;)
Jose Miguel Esparza