I was lucky enough while visiting family up in NY that Summercon was going to be happening. I went down to the city early on Saturday and walked my way down to Delancy Street from Grand Central. I found out that every little shop on the side of the street carries my brand of cigarettes, which was win. The bar the con was held in was called ‘The Delancy’, it was a small little hole in the wall, which had they not had the signs up, I would have missed it completely. I went with no expectations and I was very pleased with the smaller con. The price was reasonable, $30 for entry, and it included entry to a burlesque show after the con.
The first talk was about hacking Adobe Flex environments . It covererd AMF envelopes and a way to send a bunch of requests through one HTTP request, causing all sorts of havok. The presenter, Marcin Wielgoszewski even showed us how to use a poorly configured Blaze proxy server as an open proxy relay to anonymously browse the internet. The talk was a little over my head, but it was a good look at how Flex works. Flex is slowly becoming more and more popular and easily exploited. I know of at least 5 people who are working in Flex.
The next talk, Runtime Tracing with Dynamic Binary Instrumentation, presented by Alex Soritov, was ridiculously over my head, but I was able to understand quite a bit. I’m going over assembly in Grey Hat Hacking, so it was still fresh in my mind. He presented a tool that injects itself into a program while it runs and logs ALL of the memory instructions. I’m just learning the basics, so it was interesting to see something so complex.
Then, Dan Guido, gave a presentation about starting a career in infosec. Good advice for folks JUST starting out, but I was frustrated because I’ve followed everything he talked about and here I am, unemployed. Nothing against Dan or his talk, it was really good! My frustration comes from my location and current hiring practices due to the economy. Check out his page for a big list of really good resources.
There was an Android phone talk, which was interesting, but I’m an iPhone guy. I did perk up when the author John Oberheide basically was able to post an Android botnet framework. He also showed how it was possible to post an app on the market anonymously. The really cool part was that he had made a Twilight: Eclipse app that included code from his Android botnet app. In 24 hours, he had 200+ downloads.
After that, there was supposed to be a reader’s choice talk, but everyone decided to head upstairs and start drinking. Started talking to a bunch of people, met a really cool guy named Phiz, who showed me this most amazing Cuban restaurant that had AMAZING Cuban sandwiches.
The cool part about the whole con, is that I had sent out an email to a guy named Slow (sorry man, I forgot your real name, I had a little to drink at that point D:) and I randomly ran into him there. He had given me some really good advice over email, and he had given me really good advice in person. He knew some of the people I hung with in Florida and he is going to introduce me to some folks here in NY.
I stayed for the first part of the burlesque, but left in the second act. I had to get back to Tarrytown and I was running short on time. Ended up getting lost in the subway system and BARELY made it back to Grand Central in time for the last train back.
Overall, I had an amazing time. Please check out the Summercon site. I would love to attend this con again, wherever it is being held next year.
note: I plan on linking URLs for some of the people I listed, but I’m in a hurry, so I apologize. All the guys I talked about, have links on the Summercon page if you are desperate.