I recently have been to the Swiss Cyber Storm 2011 conference which is an ‘International IT security conference’ held in Rapperswil, Switzerland. The conference took place from 12 till 15 May 2011 and the conference consisted of both Briefings and Wargames. The Cyber Storm Briefings were on Thursday and Friday (12-13 May 2011). There were three tracks and a lot of interesting presentations. The Swiss Cyber Storm Wargames were on Saturday and Sunday (14-15 May 2011) and there were 3 leagues to play in. The challenges were very challenging and the split in three different levels of difficulty made it fun for everyone. The conference in total was very well organized (Swiss precision?).
Because one of the speakers dropped out, the Briefings had an empty time sloth in the schedule. I offered to fill that time sloth and the event organizers were happy with me doing so. I gave my presentation on Friday morning and it was about the Verizon Data Breach Investigations Report (DBIR). Some information on my presentation:
Reality check: 2011 Verizon Data Breach Investigations Report
What can be learned from the investigation into successful data breaches?
What are the latest trends and techniques used by attackers? Get a front row seat at the breach cases investigated by Verizon, the US Secret Service and the Dutch National High Tech Crime Unit. This session will focus on the latest version of the Data Breach Report and the underlying framework VERIS.
And of course a picture of me doing my presentation (or about to start it).
For the people interested in my presentation, the whole Data Breach Investigations Report (DBIR) which I talked about can be found here.
The two days of wargames at the conference on Saturday and Sunday was one of the biggest reasons for me to go to this conference. I am quite a big Wargame / CTF fan.
There were three leagues to play in the wargames:
- CarGame challenge
- Defcon challenge
- Hack & Learn
I only joined the CarGame pre-qualifications around level 4, which meant I could no longer score 3 out of 5 levels, which was the score you needed to participate in the CarGame league. The Defcon league could be played without any pre-qualifications and thus this was the league I joined.
From the picture below you can see it took quite some of my concentration and skills to play in this league 😉
At the end of day one I was quite proud that I was leading the Defcon Challenge with 40 points. However, this was just 5 points in front of the number 2, which was a team with multiple people (I played on my own) and another 5 points to number 3 (also a team).
The SCS3 Defcon Challenge Ranking at the end of day 1 can be seen below:
After a good night of sleep (or was it a party in the bar till late with quite some beer? 😉 ) I managed to keep the number 1 position on day 2. Around 15 minutes before the end I scored my last 25 points giving me enough slack to finally sit back and try to relax a bit. So, I won the Defcon challenge, the SCS3 Defcon Challenge Ranking at the end of day 2:
The website of the conference now also reflects my victory in the Defcon league:
The price I received was a trip + stay to Las Vegas and a ticket to the Defcon conference (hence the Defcon Challenge name 😉 ) sponsored by McAfee. The symbolic price I received on stage can be seen below:
The little airplane makes a taking off noise when you press the small button, which it kept doing in my suitcase. I can tell you that not everyone on the flight and the train could appreciate me winning the price. 😉
Of course there are also pictures of me proudly holding my price on stage:
I would like to say a big thanks to the Swiss Cyber Storm organization for organizing such a great event, I will for sure be back next year! In the following days I will (if time allows it) publish some of the write ups I made for the challenges.