0x3 Things We Liked About Disobey
We’re back after the weekend in Helsinki, and the office is resonating with Disobey-stories ranging from audit daemon to parties featuring Borat-swimsuits. Rumours about this event being great reached us long ago but a sincere bow to the organisers - it truly is one of the content-richest and crowd-vibrant infosec events in the Nordic region.
To get you in the mood, here's what happened before each main stage presentation. Video credits: @_kurimo_ (turn the bass up!):
So, what's to like about Disobey.
0x1 the CTF.
Binging the CTF seemed like the central goal for a lot of folks at Disobey, the tables and cables were indeed crowded. Their passion was contagious because after spending some time as the fanbase of team Clarified Security, our CEO Renee decided it’s time to dig in. Thanks for the USB -> ethernet adapter, friends. Though we were too late and too few to put us onto the pedestal, it was fascinating to stroll around in the CTF machines using SpectX and figuring out what the organisers had had in mind. For example:
1. Get the
-----ORTVA BCRAFFU CEVINGR XRL----- ….
2. Execute
SELECT ROT13('-----ORTVA BCRAFFU CEVINGR XRL-----...')
3. Use the key to configure a DataStore in SpectX.
4. Execute
Execute LIST('ssh://brutus/**************/*').....
5. List all the files changed manually before 11 January (the first day of Disobey):
6.
Look around. Scrolling through the result -> hm, these files in the bin-folder look interesting -> sudo -> bingo.
0x2 the presentations
“Ghost in the locks” by Tomi & of F-Secure is probably the talk resonating the most after the event across the audience. A hacker standup at its finest. If you missed it you can
a) impatiently wait for
Disobey’s Youtube channel to launch 2019 main stage presentation
b)
watch an earlier version of the show on the F-Secure website
On a related note, having talked to quite many people at the event, our observation is that if you’re at Disobey, there’s a 25% chance you’re from F-Secure :)
Meddling with car heaters by Tuuli Siiskonen has also triggered quite a bit of storytelling among Team-SpectX, not to mention tackling Linux Audit daemon records with the Elasticstack.
0x3 the crowdThe internet around Disobey is a bit FUDdy, like
Benjamin talking about interactions with the Finnish police when organising the event and this write-up from 2018
suggesting you leave all your devices at home not to be a walking target. In reality, there were a lot of friendly faces asking intelligent questions from the speakers, enjoying the beer (but not too much) and most of all - folks not taking the world too seriously (photo credits:
@RikuJuu)Suggestions for #Disobey20
- Vendors, thank you! Keep the beer and cocktails flowing, it was awesome. Pro-tip: the Nixu "cave", if found, had the shortest queue and many folks available for in-depth conversations.
- Please, let there be a moderator for the lightning talks. From what we saw - there seemed a couple of people ready to step up and a small crowd ready to cheer them but the situation quickly slid into awkwardness and could’ve used a moderator to set the stage.
Conclusion
We’ll be back in 2020, equipped with
SpectX, more team members, ethernet adapters and joy.
Back to articles