2013 CONFidence

CONFidence round-up!

We have just finished the eleventh edition of CONFidence conference – fully dedicated to IT Security and related topics.

First day

The conference took place in the ZUW Bielany venue in Krakow on 28-29th of May 2013. After a short registration we begun the conference with an opening speech from Andrew Targosz, president of the Proidea Foundation and creator of CONFidence conference along with Slawomir Jabs, main organizer. After a short introduction, a representative of Sevenet, our platinum sponsor had a few words and then we proceeded to our first keynote talk held by Thomas Lim from Coseinc.

While the main track was being launched, trainers from the CORE Group were preparing the training rounds for a second run of X-traction Point game.

First talks were covered by Thomas Lim with his keynote speech, followed by Mariusz Sawczuk and Jochen Belke who talked about Invisible attacks inside your networks and how to detect them.

Our next keynote speech for the day included Ilja van Sprudel from IOActive who shared his thoughts and his recent discoveries in desktop Linux vulnerabilities.

In the meantime a different environment was set outside of the venue, with a huge leisure area, where people were seating all day long, despite the rainy weather. Propelled by coffee served in the Sponsors area people were waiting for a huge BBQ set up for a lunch break. Around noon a training round for X-traction Point was launched. For the next couple of hours, attendees could join the Lock-picking trainings, phone phreaking demos and a shooting range with ASG guns.

Right after the break and just before splitting into two tracks, we had a presentation from Nguyen Anh Quynh, a researcher at Coseinc who talked about an Opticode.

Then we split the conference into two tracks featuring such speakers as: Yaniv Miron and MC talking about hardware hacking kits, Nikita Tarakanov talking about windows kernel vulnerabilities, followed by Gynvael Coldwind, Mateusz “j00ru” Jurczyk describing their research on x86 assembly code while the second track was devoted to PHP object injection and led by Arseny Reutov.

In the meantime, the training round for X-traction Point was over and the Trials begun! The idea was to arrange four teams which will compete on the second day in the live hostage X-traction inside the bunker hidden near the venue. However in order to do so, a trial round had to be run so attendees begun their qualifications.

Back to the main track, we had a presentation from Robert Lipovsky about the research they performed at ESET on botnets stealing Facebook credentials. The second track featured Sergey Bratus, Julian Bangert talking about ELF binary manipulation.

Final presentations for the day were held by Georgia Weidman talking about leveraging mobile devices on pentests and Grzegorz Niemirowski on desktop applications vulnerabilities.

The first day of the conference was almost over, almost, as now the buses were taking speakers and attendees back to the city, everyone were preparing for a legendary CONFidence Afterparty held in a Base Club in the heart of Krakow…

Second Day

Sooner, then later, the second day has begun, for some attendees there wasn’t even a break between the two days…

The plan for the second day featured two tracks filled with spicy presentations and the finals of the X-traction Point game so while everyone were slowly arriving at the venue, we begun the day with two great presentations: Devesh Bhatt talking about different ways of bug hunting and Michał Sajdak sharing his reasearch about hacking embedded devices based on networking devices.

They were soon followed by Gaweł Mikołajczyk talking about overlooked security mechanisms and approaches in networking and Adam ‘pi3′ Zabrocki revealing his discoveries about crashdumps.

The noon has come and so has the finals for the X-traction Point game. All teams assembled in the Sponsors Zone for a briefing and then they were deployed in pairs to assault the bunker, where they had to disarm automatic sentry guards with ASG guns, tap into the phone and surveillance systems, penetrate the bunker secured by a couple of different doors and locks, get past the guards inside the facility. Team’s tasks included rescuing a hostage, unlocking the cabinets with secret documents, bypassing laser secured doors and activating the self-destruction sequence for a missile silo hidden in the bunker. All that was live streamed into the command station, where audience could see how the operatives are progressing.

While the teams were competing to become the X-traction Point champions, the main track featured a discussion led by Rebecca Bx Shapiro, Julian Bangert and Sergey Bratus on the ”Any Input Is a Program” approach in exploits. The second track featured Dmitriy Chastuchin talk on breaking the SAP Portal and J2EE Engine.

Before the lunch we had another keynote talk by Felix “fx” Lindner and Gregor Kopf about their recent findings on the virtualized systems and virtual networking devices.

Just a short lunch break later, we were almost at the finish of the X-traction Point finals yet there were still a couple of presentations ahead. Fernando Gont talked about network reconnaissance in IPv6 networks while Yury Chemerkin focused on mobile systems covering insecurities in blackberry devices.

They were soon followed by another mobile related topic covered by Jesse Burns this time talking on securing data in mobile application suites, while the second track had Marek Zmysłowski talking about seven deadly sins in penetration testing.

The closing keynote for the conference was held by Meredith L. Patterson and a state of a LANGSEC. Shortly after, we had a closing ceremony, with a quick round up, X-traction Point and Treasure hunt winners announcement and an official closure by Slawomir Jabs.

Thank you all for participating in the eleventh edition of CONFidence! We hope that you enjoyed both the technical presentations, the games and the relaxed feeling of the conference and will join us for the upcoming editions! Soon we will send you additional surveys so that we could receive your appreciated feedback.

At this point we would like to say a huge THANK YOU to our sponsors and partners as without them we woldn’t be able to create this unique conference.

The Sponsors

Special thanks go to the Sevenet and Cisco companies for being platinum sponsors of the conference.

Many thanks go to ESET company, our Gold Sponsor of the conference and UBS and Safecomp who became our silver sponsors.

Thank you!

The Strategical partners.

The conference wouldn’t happen if not the support of our two strategical partners.

Marshal Office of Małopolska Region supported us not only by promoting in the region but also providing a support in terms of touristic and business related information coverage for the conference.

The MPWIK company allowed us to use the water pumping station at ZUW Bielany, which allowed us to create that unique atmosphere of the conference and use the bunker for the X-traction Point game.

Huge Thank you for both of them!

The partners and media partners.

Partners and Media partners are not only contributing by distributing the information about the conference. They are often helping us with the design of the conference, providing a feedback and by creating a social community, where we can obtain feedback.

Thanks to all them for being with us!

The CORE Group

The X-traction Point game wouldn’t be possible if not for the creativity and devotion of the CORE Group:
Keith Howell,
Babak Javadi and
Deviant Ollam.

Thanks to them we can improve the game every year and make it even more extreme experience!

Kudos to you mates!

The Proidea Foundation Crew

You might not know that, but the conference was prepared by a huge group of people connected to the Proidea Foundation.

The conference spirit was created by Andrew Targosz, the main organizer was Slawomir Jabs with a huge help and support from Marek Nowak, Dariusz Kosiba and Justyna Bień.

At the conference there were much more Proidea guys, providing assistance on the technical and logistics issues, making sure everything goes smoothly. To mention some of them: Jakub Kozioł, Joanna Kapłon, Karolina Pachel, Edyta Kopytko, Jakub Płaziński, Paulina Tylek, Kinga Tworzydło, Tomasz Cewicki, Sabina Pracuch, Roksana Snochowska and many more…

The staff also included 23 supporters, the guys and girls you could see all around the place, taking care of all the small details, so that conference was a great and smooth experience.

Thank you all!

Media channels and materials from the conference

The presentations have been uploaded here: http://2013.confidence.org.pl/materials

The photos from the conference can be found here: http://2013.confidence.org.pl/pictures and
https://picasaweb.google.com/PROIDEAconferences

Our official IRC channel is #confidence2013 at freenode.net

Our twitter account is #CONFidence_news

Facebook page is located here: https://www.facebook.com/confidence.conference

Once again thank you all!

So Long, and Thanks for All the Fish! (according to Douglas Adams)

Slawomir Jabs

CONFidence organizing committee

Conference eve

Some of you have come to hear about an incident which occurred in Krakow, Poland on Monday the 27th on the eve of our conference. While we are refraining from disclosure of names or specific details out of respect for the parties involved in this matter, we feel it is appropriate to provide some comment here in order to prevent misinformation because many tweets and public statements surrounding this incident have been deleted.

On the eve of our event, our speakers and guests were invited to meet for a dinner, as is customary for many conferences. During this evening at a local restaurant, drinks were served but everyone was well-behaved and respectful of one another. The two conference speakers who would later be involved in this incident were socializing, but ultimately both returned to their hotel in different taxicabs at different times.

Later that evening, after continued communication via Twitter direct message, these two speakers met again. Hotel security camera footage confirms the timeline and general interactions as described by both parties, but unfortunately it does not offer any clearer picture as to what transpired out of public view. As soon as CONFidence staff became aware of a problem, we verified that both hotel security and the local police were responding to the situation. Preliminary statements were taken that night.

While responding to this matter, we were informed of a number of misplaced personal items which were unaccounted for after these two individuals parted. As far as we are aware, virtually all missing belongings were returned either that evening or soon the following day.

CONFidence was providing all possible support to both of the parties involved in this matter. We handled all logistical arrangements to ensure that they would not be obligated to have any further contact with each other, we continued to serve as a liaison between them and the Polish authorities, and we have offered to do whatever is necessary in order to help them resolve this matter.

As of this time, neither speaker has elected to pursue additional avenues with authorities or make further statements to the Polish police. Both speakers were present for their talks at CONFidence and their presentations were each well-received.

We are deeply upset that this whole matter transpired and we are committed to seeing things resolved in a way that best satisfies the wishes of all parties involved and which satisfies those in the INFOSEC and hacker community who look out for one another with great care and kindness.

CONFidence Team

Big thanks to our strategical partner!

Małopolska Region is the cradle of science and culture, the region opened to tourists (9 million tourists a year) and investors, with a high level of economic development.

Kraków – Quintessentially Polish, the country’s former capital and the polish kings headquarter embodies everything tourists seek. Its attractions includes Wawel Castle, the Dragon, the oldest Polish university, festivals, countless cafes, and charming narrow streets. Małopolska – vibrant and rich in cultural and natural attractions, offers an opportunity for adventure while exploring Poland’s history and heritage.

More information here

IRC channel

There is a new comm channel on IRC for the CONFidence con.

use #confidence2013 at freenode.net!

Web login is here:
http://webchat.freenode.net/?channels=confidence2013&uio=MT11bmRlZmluZWQb1

Conference Guide, Shuttle Buses to the venue and mobile schedule!

The preparation for the CONFidence 2013 is under way!

Together with the CORE Group, we’re now preparing the venue to host the X-traction Point Game, while in the meantime speakers traveling from all over the world are arriving…

Below you can find a v.1.0 Guidebook for the CONFidence conference! What’s inside?

How to get to the con?
Schedule and descriptions of the presentations
X-traction Point details
Contests descriptions
Shuttle Buses Plan
Sponsors and Partners

The guide is available here: THE GUIDE

The online schedule can be found here:

http://lanyrd.com/2013/confidence-news/schedule/

Remember you can use a mobile app so that to keep track of the schedule.

Shuttle Buses

The buses to get get you to the venue from the city center will be departing from the parking in front of the Sheraton Hotel (near the Wawel castle) on Tuesday and Wednesday in the time range of:

Direction: Conference Venue
Departing from: Parking in front of Sheraton Hotel
From 8:00 till 11:00

Details can be found here: http://2013.confidence.org.pl/podroz-i-pobyt

Note: there is a free parking available at the venue so you can also arrive by car. A quick map help: http://goo.gl/maps/CeUjF

X-traction Point 2 revealed!

Last year at CONFidence, attendees saw the birth of a new challenge game – an immersive and detailed contest that was both physically and technically demanding. Entitled X-traction Point, this game involved a two-person team-based assault on the secure bunker of ZłoCo in order to rescue a trapped hostage by agents who were simultaneously attempting to hack systems, disable alarms, and shoot at targets. This year’s installment continues that same trend.

The finals will be held on a second day while on the first there will be three training areas:

lockpicking,
wired systems,
shooting.

More details, game story, team assignments and more can be found on an X-traction Point subpage!

X-traction Point 2012 Trailer przez proidea

X-traction Point 2013 przez proidea

Registration price threshold extended!

Due to the fact that the registration form was down for the durration of the weekend we decided to extend the price threshold to the 22nd of May.

We apologize for the inconviniences!

Workshops and the Schedule annouced!

We incourage you to check out the draft of the CONFidence 2013 schedule! Two days packed with lectures hosted by the best specialists not only from Europe but from all over the world!

The schedule can be found where.

Moreover the day before the conference there will be two workshops:
Fernando Gont – IPv6 Hacking Crash Course
Georgia Weidman – Attacking and Securing Mobile Devices

More information about the workshops, touched topics, how to register and much more can be found in the workshops section.

A special 10% discound code for CONFidence attendees. Please contact: marek.nowak@proidea.org.pl

ATTENTION!
The number of workshops participants is limited so first come first serve!

Registration for ZeroNights is open!

We are proud to announce that registration for ZeroNights 2013 has begun. ZeroNights is an annual international practical security conference, conducted by ERPScan and CareerLab, and supported by Yandex. Technicians, administrators, ISOs and CISOs, programmers, and everyone interested in the practical side of information security are welcome to participate.

ZeroNights shows new attack methods and threats, discovers new possibilities of attack and defense, and suggests out-of-the-box security solutions. Experts, infosecurity practitioners, analysts, and hackers from all over the world will share unique knowledge and skills and dispel delusions with reason, research, facts, and figures.

Date: November 7–8, 2013.

Venue: Coworking center 2.0, 28A Varshavskoe shosse, Moscow, Russia.

Features:
Best papers delivered by the experts from around the globe
There are no invulnerable systems. There are only well-defended ones. And there should be no place for illusions in the quest for a well-defended system. Star speakers from various countries will help you disavow myths, , and assess the actual security level of one system or another. You will know how hackers plan their actions, how malware and exploits work. The experts will show their current research, analyze the most important problems of the field, and demonstrate actual attacks.

Workshops by world-class professionals
The gurus of infosec are ready to share unique knowledge and skills. At their workshops, you will learn how to write exploits, how to bypass the defense of OS and browsers, how to find vulnerabilities in web projects. Practical knowledge fortified by theory is priceless.

Business track
The new separate track for CISOs is an opportunity to actually evaluate the business risks imposed by infosec threats. You will find everything you wanted to know about information security: figures, facts, opinions, and solutions.

Best place for friendly and professional communication
ZeroNights gathers professionals from Russia and other countries. Here is the informal venue to get the answers to the hottest questions, to meet the best infosec practitioners, and to acquire unique knowledge.

Contests for the gifted
Age, sex, occupation, personal achievements mean nothing in our contests. The main thing is talent, daring, speed and unique skills. Just act and win.