Tuesday, October 2, 2012

GrrCON 2012 - 2 Days of Info Sec and Hacking in MICHIGAN!?

Living in the metropolitan Detroit area can lead to a somewhat jaded outlook. Detroit gets kicked around, and not undeservedly, often enough that it’s become somewhat of a running joke. Don’t get me wrong, I’m proud of my home and I’m one of the first to defend the good things in Detroit, but living in or near a city in decline makes me tend to look for places that are as bad or worse when I travel. Yes, unfortunately, there are places that are as bad or worse than Detroit. Grand Rapids doesn't appear to be one of them.

From the outside, Grand Rapids seemed like an unlikely place for an Information Security conference until I actually attended GrrCON. I missed GrrCON last year and it’s been a long long time since I’ve done anything in Grand Rapids but drive through. Now that I’m home and the conference is over it seems like a great place to hold a hacker conference and I can’t wait for next year.

The city of Grand Rapids is beautiful, the convention center, Devos Place, is spacious and staffed with great people, the hotel was mediocre but cheap, blah blah blah. What about the conference? GrrCON 2012 exceeded my expectations in every way. We attended some great talks.
  • Tactical SecOps: A Guide to Precision Security Operation - by Kevin Johnson and presented with aplomb by atlas 0f d00m
  • < GHz or Bust by atlas 0f d00m
  • XSS Session Fixation and SQLi Oh My! - by Jack Wink
  • Security Intelligence - by Mark Her
  • I’m Going To Take Something From You, But You’ll Like It - by James Palazzolo
  • Infosec Flameout: If you can’t take the heat…  - by Scott ‘secureholio’ Thomas
  • Psychological Tricks of the Social Engineer: Demystifying Human Behavior  - by William Tarkington
  • Battery-Powered Pentesting and Forensics  - by Philip Polstra
All were excellent. Of course, there were a few talks we attended that didn't really do anything for us and there were plenty we missed due to timing, but I guess that’s to be expected.

The biggest “celebrity” at the conference was Kevin Mitnick.  The self-proclaimed “…greatest hacker of all time” and ex-con gave an interesting and well-presented talk about his experiences in running afoul of the law via computer and telephone networks. It’s the same old story… a bright, unchallenged, kid with too much time on their hands and lacking parental supervision ends up getting into trouble. In this case prison type trouble. Fortunately for Mitnick he was lucky and seems to be doing well for himself. I’m not sure 1 in 100 similar stories like this end well. It was an interesting and entertaining talk and there just might be a thickly veiled lesson in there somewhere. Whether or not I'm going to read the book he was promoting, Ghost in the Wires, is still up for debate.

We got a lot out of GrrCON 2012 and we’re looking forward to next year. It's well worth the price of admission.

I apologize for the crumby camera phone pictures but I was initially unsure of the photo policy and didn't pack a decent camera.

No comments: