Here's a picture of Redpantz, one of the organizers, because I don't have a picture of myself.
Another successful year of Summercon in the books. This was the 2nd time we had Summercon at Littlefield in Brooklyn. I actually tried to take it a little easier this year, don't know how successful that was, but mainly because this year I won't be only 2 blocks away from the venue but a 30 minute walk. On Thursday when Redpantz and Jimbo arrived, we started drinking at lunch and had a rough time walking that far. Lots of cool talks this year, and 2 tools were released shortly after they were presented at the con (the IDA Toolbag and Vivisect version of Vtrace).
The schedule this year was a little more hangover friendly, doors didn't open until noon and talks not until 12:30 or so (though we were probably behind schedule on both counts). This meant that I didn't have to wake up super early and help run the registration tables, which was probably a bit more important this year than the last few years because there was a LOT of pre-registration and a surge was expected at the beginning. Fortunately, the registration desk ran pretty smoothly, thanks to the work of Michelle, Joann and Jimbo.
Fermin Serna had a talk about CVE-2012-0769 concerning info disclosure via Flash. Then Jon Oberheide and Dr. Charlie Miller gave a talk about Google's Bouncer and how to get around it. A pretty entertaining and informative talk that also featured an Android mascot Pinata filled with Colt-45. That was followed by a Collin Mulliner's talk about instrumentation on Android binaries. The first day was rounded out with a Busticati talk from Dr. Raid and Aaron Portnoy about their IDA Toolbag. I didn't get to sit in on a lot of the talks during the first day because registration was pretty hectic. There was a bit of a party afterwards with DJ Keith that was sponsored by IO Active, but I didn't end up going to that. Here's a G+ post with photos from Day 1.
Having not stayed out late, I got an early start for day 2 though Michelle was hurting a bit so we didn't get to Littlefield until after 11am. The day started with a talk about C/C++ static security checking using Microsoft's HAVOC by Julien Vanegue, was a pretty interesting talk, and the room was pretty quiet probably because people were hung over and haven't started saucing yet. Then Travis Goodspeed gave a talk about using radio noise to exploit the PHY layer. Really interesting talk about the flaws in something that's practically the backbone of networking. Then we had a highly anticipated talk about MD5 Collision and how it was used by the Flame virus by Alex Sotirov. Essentially, using MD5 collision, a fake cert can be signed using a valid certificate authority (Microsoft Update in the case of Flame, which still allowed MD5 signing). Invisigoth Kenshoto, godfather of Vtrace, talked about, well, Vtrace, and Vivisect. By this point, I was 3 glasses of whiskey into the night so things start getting fuzzy. Invisigoth doesn't give a lot of talks, so this was kind of a treat, plus Legs Malone got to spank his girlfriend on-stage. The night was rounded off with a talk by Gillis Jones about why security still isn't taken seriously by businesses. It was an interesting talk and was unfortunate that there were so many drunk people by this time because there was a lot of noise coming from the bar. This always happens by the evening, as I remember when I gave a Summercon talk, it was at 9pm and there was not a sober soul in the building. While my talk was also about single malt scotch, I didn't down the amount of booze Gillis managed to during his talk. Don't think I've ever seen someone drink a 5th of vodka that quickly, glad everything turned out ok. Reminded me of Jimmy Shah's talk last year, entertaining and a lot of alcohol. Not exactly sure what happened after that, at some point my girlfriend drove me home, and then at some point I wanted to make it back for the burlesque party. Here's my G+ post with pictures from Day 2.
Some feedback on twitter: