1/x

*** Update on my personal CyberSec journey

I haven‘t posted a lot recently, which doesn‘t mean I was lazy. The last weeks entertained several CTFs (PlatyPwn, Huntress, hack.lu, UniR) and also some fun professional events and great people with a focus on the EU Cyber Resilience Act (project networks, qSkills, and an event I hosted at my employer).

More in comments.

#ctf #cybersecurity #platypwn #huntress #hacklu #eucra #cra #arm64 #angr #tryhackme #thm #adventofcyber #39c3 #pwncollege

Misc story time:
tldr: I've been collecting security conference stickers for 20+ years and just now got around to using them ¯\_(ツ)_/¯

I'm not the kind of person to put stickers on my laptop. This means that for 23 years (apparently), when I got stickers from a conference, I kept them, put them in a bag, moved them from house-to-house, but never actually did anything with them. Until now.

I finally found a usage; which is decorating the otherwise-sketchy-looking metal ammo case which @VeronicaKovah & I are now using to carry phones with us to trainings. We watched some videos on youtube that make it seem like those LiPo fire-protection bags would do a whole lot of not-much in the event that a fire broke out on one of the batteries. But a simple metal box seemed to do a lot better in terms of containing the flames.

So we of course expect that airport security will always stop us when traveling with them (though at least this time our TSA pre-check status seemed to give us a pass on the way out). But the expectation is that contrary to what you might thing, adding hacking conference stickers will actually be disarming, rather than alarming, with security personnel - at least when compared to the alternative of seeing a raw ammo canister ;)

The oldest sticker seems to be from DEF CON 10 (X), circa 2002 (my first DEF CON was 8 FWIW). In general I don't seek out stickers, but I do think the BadBIOS and "I want to believe" ones are things I probably got from Joe Fitz as they were of-the-moment and relevant to my interests. (If you're not familiar with the latter, it's from a very FUDish cover article [1]). I could have completely filled them, but I left a little bit of space for the future. Check out the larger pics for a potential stroll down memory lane. (RIP Shmoocon, Hackademic.info, NoSuchCon. Memento mori conference organizers ;))

#DEFCON, #BlackHat, #ShmooCon, #BlueHat, #RingZer0, #HackLU, #HardwearIO, #DistrictCon, #HackFest, #NoSuchCon, #DeepSec, #HITB, #HackersOnTheHill

[1] https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies

Last week at hack.lu I gave a presentation about "How to better identify (weaponized) file formats":

- Why do we need to identify file formats accurately?
- Why can the current tools (libmagic, magika) sometimes be bypassed, or make mistakes?
- How can we do better?

You can now see it here: https://youtu.be/Qp5GDh2sj6A

#HackLu

https://www.radioara.org/
https://demozoo.org/sceners/2104/

#hacklu #atari #atarist #ym2149 #demoscene @gunstick @syn2cat @STMusicBot @Philsan

RE: https://infosec.exchange/@ministraitor/115430049959447776

This talk from @wr is a masterpiece if you want to dive into all the gory details of the X.509 certificate format.

#hacklu #cybersecurity #certificate #threatintel