Following a fantastic first year for SteelCon in 2014, I've just returned from an amazing weekend attending SteelCon 2015. With great speakers, networking, location, food and drink, there's nothing more you could ask for!


The story

SteelCon started in 2014 and sold all 120 tickets for their first ever conference. With crew and speakers the number of attendees was closer to 150 and for a first time event, they pulled it off without a hitch. Following on from such a huge success, SteelCon 2015 sold out all 250 attendee tickets, had to release another 50 overflow tickets and managed to sell out all of those too! Located in another great building this year, provided by Sheffield Hallam University again, the conference had a lot to offer and a great success from the previous year to build off.


The night before

On the Friday night before the conference there was a meetup arranged for everyone who had travelled down the day before to network and catch up. Even though it was a smaller and less official part of the conference, there were still a good 40-50 people in attendance. It was a great atmosphere and a great opportunity to catch up with people on what turned out to be the quieter night even though it ended up looking like this!

zombies


On the day

Registration was smooth with some great crew on hand to scan tickets and dish out our goody bags. To put people off grabbing tickets and then not showing up, SteelCon charge £20 for your conference ticket but then give you a goody bag filled up using that money. I think this is a great idea to stop wasted tickets and the goody bag, just like last year, had some cool items in it including a set of customised lock picks from MadBob to be added to my collection!

lock picks


lock picks close up


There was also another little surprise waiting for us at the registration desk.


After registration it was straight over to breakfast where we had bacon or sausage sandwiches with tea, coffee and a selection of fresh fruit juices. So far, the day was off to a good start!


The Keynote

welcome


Not wanting to end up with a bad seat for what was obviously going to be a jam packed intro and keynote, I headed into Track 1 a little early. After the introduction from Robin that gave us the basic plan for the day, we were onto the keynote about 'Getting started in SCADA testing' from Campbell Murray.


With no prior experience in this particular area the talk was really easy to get to grips with and well presented. There was a rather interesting section where some 'crowd sourced' slides were injected into the presentation and I think Campbell got stitched up by those involved! Nonetheless, it made for an interesting presentation with plenty of humour and, as with the rest of the talks, I will update this blog with links to the videos once they are live.


Owning the Internet of trash

Following on from the keynote I stayed in Track 1 for what was no doubt going to be a great talk from Darren Martyn, an ex-member of LulzSec, with a 'gentle intro to IoT ownage'.


Darren certainly didn't let us down and the talk was a gripping walk through of how to destroy embedded devices, tearing apart firmware and tales of shoddy work from vendors that don't seem to care (a sentiment that I share). Whilst the term 'gentle intro' may have been just a little misleading due to the level of technical content, the talk was well presented and certainly worth attending. The one big problem with a good conference and many great speakers is that you can't be in 2 places at once! Mo Amin was presenting 'Popping the Bubble' in Track 2 and I'm really looking forward to the video being made available as it sounds like I missed another great talk from Mo.


Wrong side of history

Next it was over to Track 2 to listen to Finux talk about the 'Wrong side of history'. This was a very insightful talk on the similarities between the magnitude of the Snowden revelations and how something so massive could go on in secret for so long and the Manhattan Project, something of a similar magnitude in our recent history. The talk was something a little different but made for fascinating viewing.


Lunch

Surpassing the high expectations set by the lunch at SteelCon 2014, there was a great spread of healthy food on offer with more than enough to go around. I took the opportunity to put names to twitter profile pictures and enjoyed meeting several attendees, former colleagues and fellow security enthusiasts. To round it off, we had a nice little treat again this year.


HAL can read malware lips

After lunch it was back to Track 2 to listen to Dr. David Day talking about how artificial intelligence is becoming a key component in detecting malicious activity on the Internet. Covering a recent discovery on how to identify shell code with the use of an Artificial Neural Network, the talk was an eye-opening glimpse into the future technologies we will come to depend on.


Can you really hack an airplane?

Back over to Track 1 now and I was looking forward to one of my 'must see' talks of the day, Dr. Grigorios Fragkos addressing the recent media hype about hacking planes with some truth and fact. I watched 'Greg' speak at SteelCon 2014 and at BSides Manchester 2014 about hacking POS terminals. He's very knowledgeable, can put together a slick slide deck but most of all, his passion for the security field shines through when he speaks which makes it really easy to connect with the subject. Needless to say he smashed expectations this year with a packed lecture theatre and put on a great show. Sadly, as with all of his talks I've attended so far, it wasn't recorded due to the nature of its content so I'd highly recommend looking out for your next opportunity to go and see him speak! In his talk we looked at the networks within a plane, avionics control systems, redundancy and a whole host of other stuff that I still need to digest and Google. I left with a new found scepticism of some of the recent news stories I've read and feel a little more able to differentiate the fact and fiction.

Dr. Grigorios Fragkos


Lock Picking

For the 4pm slot, after suffering from a little brain overload, I took a gap in the conference schedule to try my hand at the lock picking workshop and to get myself ready for probably the most anticipated talk of the day, the closing keynote. With a fresh coffee in hand, I was ready.

*(I forgot to get a pic so here is one from 2014)*

Get Hacked

The closing keynote this year featured Freaky Clown again, following on from his great keynote last year on 'How [he] robs banks!' and Dr Jessica Barker, who always brings an interesting break from the norm at tech conferences by looking at the human side of information security, something so often overlooked. Expected to be the perfect balance between Freaky's usual highly amusing grey hat antics and Jess's insightful views into the world of infosec, the talk was most certainly a huge success. Unfortunately, for those that weren't there, the talk wasn't recorded. If you ever get the chance to see it, you must! The first half of the talk was basically a step by step guide to how you can make big money in little time with a black hat on. Presented as a serious plan on how to go forth and become a millionaire overnight, it certainly had the audience interested. For the second half of the talk though that was flipped on its head to look at, what I suppose has become, quite a sad state of affairs in the information security world. Things like how companies respond to, and treat, security researchers and the piles of cash that are wasted being thrown away on tech that is underutilised or not implemented properly. I don't want to spoil things too much, but this is a must see talk next time they present it.


The SteelCon After-Party

The SteelCon after-party is a bit like a huge cherry on a cake that already had icing and every other decoration possible. Challenging the incredibly high bar set last year, we had a bigger venue, more activities, more food and, the best ingredient for any great party, a bigger bar tab! I think Nettitude deserve a massive hat tip for sponsoring the after-party again and everyone who put in so much effort in organising it. It was really a tremendous ending to a fantastic day! The doors opened right after the conference ended and the entire evening was spent enjoying the company of all of our fellow InfoSec enthusiasts. Moving around the various conversations taking place throughout the night I can say there were some very involved debates taking place, intriguing ideas were being thrashed out over small bar tables and I had counter arguments to some of my ideas that I'd quite frankly never even thought of. This is what a conference after-party is all about.


Next Year

Considering this was only the second year that SteelCon has taken place, the guys at the helm have done yet another fantastic job. Just like last year, I couldn't quite put my finger on what made SteelCon so great. It has all of the ingredients you could ask for, but there's something else in the mix, a secret ingredient that binds everything together to make it even greater. I can't quite put my finger on it, but there is one thing that I can tell you:

See you next year

 

You sure will!