This' gonna be a little wrap up about the experience at BlackHat Europe 2014, in which I presented my tool, NFCulT, at the Arsenal and I'd like to start with some differences between the security conferences in which I partecipated and then go a little more in details about this very last one.
I got an amazing year, in less than 18 months I've been at DefCon ( twice ), 30th Chaos Computer Congress, BlackHat US and BlackHat EU; all of them or as a speaker or as a presenter at the Arsenal.
Actually this is a little ranking of those conferences:
30th Chaos Computer Congress
BlackHat Europe 2014 AND DEFCON22
- BlackHat U.S. 2014
This is been my very first conference in which, at the age of 18, I presented my very first security research. So it is almost impossible to get over the feelings I had in those moments.
At DEFCON there is always such great atmosphere; everyone is quite glad to help you, there are the most crazy contest and quest I found so far, the talks are really great ( not really all of them but this is actually true for all conferences ) and organization is well made.
I just had one bad memory for this DEFCON edition, and it is not really a bad memory: just some minutes before my talk, I was in the Speaker Room with my team mate Eagle1753, checking out the presentation and as you can suppose the pressure on me was increasing more and more. When few minutes before the talk begun I released that I forgot my EU-US power adaptor in my hotel room. And here I need to do a little note, since I was 18 I could not book any Hotel in the Strip area cause they all have Casinos, so I was staying at the Best Western Hotel, just near the airport.
Then I asked to almost any goons I found, running through the whole Rio's Conference area and no one could help me. Damn, you are running one of the biggest international conference and you do not have a European power adaptor? Thanks God a friend of mine, tpropheta, had one in his room and gave it to us.
Beside that everything was awesome. The funniest memory I had was when the goons came to our stage while I was speaking, bringing some alchol to us completetly ignoring the fact that we were underage. After that, the talks was really more smoothly.
Moreover, if that was not enough, Stefano Zanero aka raistolo, got me my dream job, as Penetration Tester and Security Engineer/Researcher.
At DEFCON21 I also met some really nice guys like: tprophet, raistolo, dabeave, r0d3nt, jfalcon among the others.
30th Chaos Computer Club
The guys who run this conference are completly crazy.
I really liked this conference, the organization, the place, everything was really well set up.
You can do pretty much everything you expect from a security conf: lock picking, wifi challenges, hardware hacking, soldering, etc.
One of the best thing of 30C3 is its NoC, just to let you know, they ran a 100Gbps connection. Yes: 100Gbps.
I bought like 50m of Ethernet cable and a couple of USB3.0 to Eth adapter to run a massive scan of the whole internet, as suggested by Robert Graham, but we had some issues with planning the days and one of the guy who should have ran the scan with me, FiloSottile, was sick, so I scanned just around 20-25% of the whole Internet at ports: 80,8080,443,8443,21,22.
There are just a couple of things I didn't like too much, first of all both you if are a speaker or an attendee you won't have a badge but just a bracelet, moreover I think they lack of a real vendor area.
This year I really enjoyed DEFCON, I was speaking at Skytalks, which is a very intimate place, inside DEFCON, run by awesome guys; if you have the opportunity go to them, say thanks, listen some awesome talks and donate something. They really deserve it.
I also enjoy the amazing company of FiloSottile and his fiancé AnnaOpss, and with my friend Eagle1753 we ran the awesome Scavenger Hunt contest. We did some really crazy stuff, but it was a lot of fun. Which means thank you Scavenger Hunt staff.
I actually found a problem with this DEFCON that I didn't notice in the past one, probably because I was too excited in 2013's version. The Rio's Conferece center is getting too small for the thousands of hackers of this year. I think also the staff noticed that and I think something will change in the following year(s).
This year I didn't have the chance to see any talks due the Scavanger Hunt but I really enjoyed the vendor area and the WiFi and SE'ing village, they are really awesome, like every year.
BlackHat Europe 2014
While I'm writing this I'm just in the airport waiting for my flight back home from the BH Europe, so every memory is pretty fresh.
I liked it. More than US version, but it still have some flaws.
I'm giving it the same rank of DEFCON22 mostly because the amazing guys I met. I'd like to take a moment to say thanks to ToolsWatch for organizing every time one of the best part of the BlackHat, the Arsenal. I really think every conferences should have an arsenal section.
Also the talks were pretty interesting in this version, I really loved the one about SDR and Hacking wireless world by Balint Seeber.
The main flaw of this BlackHat is the location: everything is so much dispersive and there is not a real place to have lunch or to have breakfast, if you are used to the Vegas version you will be surprised, and not in the good way.
But having a smaller conference let you meet more awesome people and have time to speak more with speakers. And this is actually very awesome.
So, to recap, this conferece has get this rank mainly thanks to Arsenal's guys and to the more intimate atmosphere.
BlackHat US 2014
Why I ranked it as last one? Mainly because it was so big, with so many talks and a vendor area really enourmous that I've actually lost too many things, moreover one of the best thing of BlackHat in US are the parties, and since I'm still underage ( 19 actually ), I couldn't get the whole package.
I also didn't have the chance to speak with Arsenal staff as much as I did here in Europe, and this was a pity.
One of the amazing thing about BlackHat in US is the insane amount of swag you will get. Me and Eagle had around 35 different t-shirts, I alone had 9 new car usb charger, and I can't count the number of pens, notes, and other stuff. Actually I could not bring everything back with me since my suitecase was not big enough, so I left almost all my t-shirts to FiloSottile and AnnaOpss which brough them back to Italy for me.
The whole conference is very buisness releated and I missed a bit the atmosphere of DEFCON but talks are great and party too, at least is what some friends of mine said.
Okay, now that I made this little and non-complete comparision between those conferences I would love to speak a bit about my take away from this European version of BlackHat.
I met a lot of interesting people which do some really awesome works in the field of Radio, Hardware security, etc.
I also had the chance to know better the Arsenal staff, and they are all amazing. I had a really lovable dinner with them yeasterday of which I won't be able to forget the so called Godzilla's Balls, but this is an other story.
We had also the chance to speak about the Italian situation of security, and we all agree that it is a very pity that there is not a nation security conferences and that all italian guys involved in security ( and there are a lot, just have a look at latest HiTB conference, or check the BackBox project, just to make a couple of examples ) won't and can't speak in Italy about their reasearches.
I will try to change this things as I can, trying to see if there is the possibility to help the italian community to grow and to create a real security conference.
Thanks again to all the guys who helped me in those last 18 months.