14 DAY TRIAL // DefCamp may be considered a small security conference by some standards, but this year, it gathered some 600 participants and speakers in Bucharest, Romania, some of them from far corners of the world like Asia and the US.
Under the roof of the London room at Crystal Palace Ballrooms, people with an interest in computer security blended in the lounge area of the event networking, discussing various topics, more or less security-related, or trying to sniff any sort of information sent insecurely over the network.
The event, which was at its fifth edition, mixed hackers, security experts, researchers in the industry, representatives from different companies (banks and telecommunications firms among them), students, and a few wannabes. Rumor has it that law enforcement agencies were also present, and from what I’ve seen, there is no reason not to believe it.
24-hour Capture the Flag competition
DefCamp was also the host of the largest CTF competition in Romania and Central Eastern Europe, with teams mostly from Europe competing for the number one spot and the cash prizes.
Ranking number one in the 24-hour contest was the Balalaika Cr3w from Russia, who got in the lead some 20 minutes before the battle ended. Runner up was the Penthackon team from Romania, who stayed in the lead for the most part of the competition, until the Russians managed to pull the rug from under their feet.
In separate talks with the team leaders, they told us that the average difficulty for the 22 challenges was a seven out of ten. Interestingly, both teams saw in each other a worthy adversary and a strong contender to the title.
For Penthackon, team Tasteless (coming in third place) from Belgium was also a significant threat. Tasteless leader Marius Münch even found the energy to hold a great presentation on CubeSats security after the competition was over.
Great talks, awesome speakers
Andrei Avadanei, head organizer of the event, told us that they tried to bring speakers who could deliver balanced presentations from a technical standpoint. From my perspective, DefCamp achieved this objective, as most of the talks had a clear focus and properly explained the details of their findings.
The presentations covered a diverse range of topics, from vulnerability assessment in SCADA systems (Fadli Sidek of Codenomicon), security in Android (Ralf Staudemeyer), penetration testing (Marek Zmysłowski of Trustwave, Adrian Furtuna of KPMG Romania) and intelligence gathered from open source data (Benjamin Brown of Akamai) to cryptography (Mika Lauhde of SSH Communications Security), bulletproof hosting (Silviu Sofronie and Catalin Cosoi of Bitdefender), social engineering (Tudor Damian of Transcent), privacy in the post-Snowden age (passionate talk from Raoul Chiesa), and hacking computers (Alex Balan).
The quality of most of the talks was above average, with interesting security aspects being revealed, and the general feel in the room was a comfortable one, with questions shot at speakers at the end of the presentation for better understanding.
Most of the speakers (32 in total) could be found in the lounge area afterwards and were willing to further discuss their presentation or even approach different other subjects.
DefCamp#5 announced an even larger DefCamp#6
Infosec gatherings with hackers being part of the event are very different from their counterparts touching on other fields of activity. This here is a friendly environment, although trusting the network is not an option, and secure solutions like VPN or relying on a different connection are always the safe way to go.
In fact, DefCamp 2014 even listed on the Wall of Sheep the users who did not protect their connections properly and were intercepted by the hackers.
Overall, the event was a complete success, and judging by the feedback coming from other participants, next year's edition should be bigger than ever. Several major companies have already announced their intention of sponsoring next year's gathering, based on the response to this one.
Hopefully, the organizers will be able to maintain at least the standards that attracted such an awesome crowd this year.
