OWASP Core Rule Set
In 2016, 22’000 people visited DEFCON in Las Vegas. The Chaos Communication Congress the CCC is putting on in Germany is approaching 15’000 attendees and will probably soon surpass this mark, too. Impressive numbers, considering we’re part of a scene that has its roots in kid’s bedrooms and hobby basements. Depressing numbers for those, who feel like the entire conference circuit is becoming a bit more of a circus every year, as impressively illustrated by last years Blackhat USA opening ceremony, which had more resemblance to a UFC event than a classic hacker con. Some people are longing for the old times. The more casual, familiar times.
As wish that doesn’t need to remain a wish. The Area41 in Zurich, that has been organized by the local DEFCON Groups chapter DC4131 for almost ten years, manages to put on small, yet sophisticated conferences. This year, for the third iteration of Area41 – the conference has before operated as “hashdays” in Lucerne, Area41 also labeled its event to be sold out. For the first time.
But no worries: In Area41 terms, “Sold out” simply means that no tickets are available anymore. The amount of tickets being sold matches the capacity of the location, the well-respected night club X-Tra, but also respect the amount of people the conference can cater to without having to compromise in quality. The organizers want to avoid that people cannot enjoy the specific perks of the con, such as the custom hardware badge or a seating spot in the talks being held. In addition: More people usually means that the atmosphere changes and networking becomes more cumbersome, which is somewhat paradox, but still an observable phenomenon.
Due to these circumstances, Area41 2018 was a very relaxed event that provided its attendees with one thing foremost: New ideas and fresh inspiration. Even though the weather outside was surprisingly nice for Swiss standards, the conference was crowded and active the entire two days. The talks, selected by a experienced CFP committee, generated conversations hooks left and right and whoever was still looking for other activities found them upstairs in workshops or just chatting with other attendees in the outside seating area.
The organizers of Area41 manage to achieve something that rarely another conference has managed to master nearly as well: To build a bridge between being a hacker convention and a security conference. Geeky enough to give techies a platform, but serious enough to also attract attendees from the business side of things. What this ultimately results in, is a platform that allows for new connections that might not happen somewhere else – and to refresh old ones.
Especially for a company like scip AG, this platform is very suitable. For years, we’ve been navigating both the industry and the community and have garnered some attention in both, as individuals as much as with our corporate identity. The decision to change the location from the previous location in Zurich Altstetten presented us with the opportunity to offer an entire workshop area. A chance that we gladly took: We were able to get the spacious room just opposite of track 1 to provide attendees with a chance to hang out and relax, to learn about our current research topics from Marc and Marisa, or to take a crack at our Active Directory Attack Challenge created by Mick. Despite a lot of interesting attack attempts, nobody ultimately managed to compromise the environment and gain the coveted domain admin or the other goal tokens provided.
The fact that Michael Schneider and myself had the privilege to speak on the main stage in one of the best timeslots on Friday was a privilege and an honour for us. We took this opportunity to talk about red team engagements and penetration in general and to share our experiences with the recent influx of newcomers to the industry as well as “the old boys” at the same time. That this was both necessary and appreciated was clearly shown by the various expressions of positive feedbacks as well as a boatload of follow-up questions provided to us in person, by e-mail, and via Twitter. Generally it’s notable how the quality of this year’s conference talks was consistently very high. High enough for us to point out at this point, that you can already watch all of them online right now.
And just like that they were over, the two days Area41 took place on. A conference that does not shine by its size, but by its quality. Which even goes to the point of how often it happens: The next one will only take place in 2020. And we’ll certainly be there again.
Our experts will get in contact with you!
Our experts will get in contact with you!
Further articles available here