Hacker Summer Camp 2019

Fear and Loathing in the Air-conditioned Nightmare

… So I've finally recovered from Hacker Summer Camp and the resulting Con Flu.

Mandalay Bay

I've long been interested in what happens at Black Hat and DEF CON, watching every video from the conventions that I could find over the years. And this year I was lucky enough to go to both (on the company dime), as a consequence of being head of the security competency group at Bouvet East.


It was such a great experience; From talking to a CTO of a Cambridge hardware security company in our upgraded seats across the Atlantic ocean, to experiencing the madness that is the Las Vegas strip on the weekend!

Ian Coldwater and Duffie CooleySome of my personal highlights of Black Hat include Ian Coldwater and Duffie Cooley's talk about abusing Kubernetes defaults, the one about Pre-auth RCEs on SSL VPNs, Apple's expanding their bug bounty program, and learning about Microsoft messing up their jwt authentication, allowing anyone access to everybody else's inboxes on "new UI" Outlook. The NOC report was pretty funny too.

Apple bug bounty expansion

… oh, and the Time AI stuff!

I mean:

"Using the infinite variations within music composed real-time by artificial intelligence, TIME AI generates encryption keys as unique as your own iris"

Talk about crypto snake oil!

Charlie Day

DEF CON was also great; The badge, the first ever AppSec village, Patrick Wardle's presentation about Mac malware, Bruce Schneier's "Information Security in the Public Interest"-talk, Hacker Jeopardy, Whose Slide Is It Anyway – and of course "Adventures In Smart Buttplug Penetration (testing)"!

Whose Slide Is It Anyway

I just wish I hadn't missed Azuki's (Yan Zhu) DJ set.


Sure hope I'm able to go back next year!

Vegas Fountain

Edit: Since returning from Vegas, I've written about both Black Hat (original Norwegian, English Google Translation) and DEF CON (original Norwegian, English Google Translation) for the Norwegian site Kode24.


Newer post
Some alternatives to Electron
Older post
Introducing Cleave