The DefCamp 2012 Bucharest security conference has come to an end. We’ve seen a great evolution compared to the previous edition and, judging by the organizers’ determination, it’s safe to say that DefCamp has the potential to become a must-attend event not only for Romanian infosec enthusiasts, but also for ones from other parts of the world.Bucharest’s Hotel Yesterday housed, for a period of three days, over 200 security specialists with a dire thirst for learning about various things that currently impact the industry.
We’ve learned some important aspects about zero-day vulnerabilities, the concept of “blended threats” in web applications, APTs, social engineering, powerful programming languages, and more.
Jim Manico, the VP of Security Architecture at WhiteHat, presented some interesting ways to secure web applications against cyberattacks. He couldn’t make it to the event, but his remote presentation offered a lot of insight and kept us all focused.
For those interested in the technical side of finding and exploiting bugs in kernel drivers, Andras Kabai, senior IT security specialist at Deloitte HU, had an interesting talk in which he showed step-by-step how to use available tools to perform the task.
Independent security researcher Carol Plangu demonstrated how neural networks could be utilized to break CAPTCHAs.
Bitdefender Chief Security Researcher Alexandru Balan showed an interesting way to perform silent man-in-the-middle attacks by utilizing Ettercap and Sslstrip. We saw firsthand how easy it was for an attacker to swipe a user’s credentials even if he was using an https connection.
Marian Ventuneac, founder of OWASP Ireland-Limerick Chapter, detailed some of the OWASP resources that could be of great aid to developers who wanted to ensure that the apps they created were secure.
A presentation that impressed the audience was made by KMPG Romania Security Consultant Adrian Furtuna who showed us a clever device that could beat security tokens when performing rounding attacks.
For mobile security fans, Bogdan Alecu showed not only how an attacker could abuse Web and WAP portals, but also how to surf the web from a smartphone for free.
Finally, the winners of the Capture the Flag competition ¬received Bitdefender licenses, wireless keyboards, USB 3.0 sticks and, most importantly, a 3-month paid internship at KPMG Romania.
Videos of all the presentations will be made available sometime in the upcoming period.
Here’s a short video overview that captures the atmosphere of the event: