You missed Insomni'hack?
You shouldn't have: although there are now something like 700 attendees, it's still a friendly and well organized hacking conference with an interesting mix between wild hackers, CTOs, and CISOs (some being hackers and CISOs at the same time ;).
As usual when there are several tracks, you end up with the difficult dilemma of which talks to attend. That's what happened to me when I had to choose between a talk on connected medical devices (close to my own research topics, but probably not very technical) and an excellent talk on crypto.
Let me review a few of the talks I attended:
I finally attended the connected medical devices talk (I am the cavalry).
So what did I learn? I have usually seen medical devices from my point of view - security threats, including malware - and more generally speaking, from a technical point of view. However, this talk convinced me I am wrong, and that the first issue is politics, business and economics. Technology only comes after. Because of that, the work of I am the cavalry is absolutely commendable.
Yet now, enough talk. I'd love some 'action' and real research and/or hacking results on a connected medical device. If not, I'll have to add that to my own to-do list ;)
How disappointing. I'm sure the audience expected so much from this talk: cool hacks, retro-gaming, demos etc. True, Florian made a good effort to match great old school screenshots ... but unfortunately with commonplace security ideas :(
Mind you, the talk would have been perfect at college or high school, but in my opinion it didn't work at Insomni'hack where people are 'experts' on security.
That's my own talk, and the room was packed! Several CTF teams like dragon sector or mushd00m attended. I'm honored. Thanks!
My slides are available here
It was a good surprise to have another talk on Internet of Things: Candid Wueerst was replacing Sylvain Maret (sick) with a talk on ransomware on IoT. Had I known beforehand, we could probably have synchronized ourselves, but nevertheless, I feel that it was an excellent follow-up talk to my own.
Candid's point is that ransomware on IoT will come sooner or later, and I absolutely agree with the idea. There's inconvenience (impossible to use the device), mock apps (pay the attacker to delete an embarrassing video footage) etc.
He illustrated his ideas & predictions with several precursor cases:
By the way, I don't know if people noticed, but I loved the small quotes at the bottom of each slides, like:
"it is true hard work never killed anybody, but I figure, why take a chance?"
"money talks but all mine ever says is good bye" :))
Besides conference talks, conferences are a good place to meet fellow researchers and make new connections. At Insomni'hack, this is absolutely true, and here is a small sample of what I learned:
-- the Crypto Girl