I was at Brucon 2010 last week, and it was a blast!

The ambiance at the con was very much reminiscent of Defcon’s: people talking passionately about security in a relaxed, geek-and-caffeine-rich environment.

In the past, when attending infosec cons I tend to go to all the talks – this time, I decided to go to as many workshops as possible. I must say, I was not disappointed at all – while talks are often absolutely fascinating and wildly entertaining,  workshops provide a chance to understand something at a much deeper level and allow you to test your knowledge of the topic; it also allows the speaker to tune her content to the audience in a much more interactive manner, providing more, or less, background information according to the crowd’s grasp of the subject. For instance, during the malicious PDF analysis workshop, Didier Stevens provided an overview of the PDF structure and started working through his samples, but quickly started skipping through examples he thought were obvious and allotting more time to the ‘juicy bits’.

The best part of a workshop, I’ve found, is that it provides you with an environment in which it’s OK to try something new – and it’s alright to mess up. I walked out of the hardware hacking village with a profound sense of accomplishment, having learned how to solder with Mitch Altman and how to program Arduinos with Fish. I’ve always been a fan of all things electronic, but up to the day I actually learned how to solder, my grasp of what was truly involved was somewhat fuzzy – you look at things very differently once you know what goes into making them.

I’m not going to cover the talks in detail; Peter did a fantastic job of that, so here's his post <http://www.corelan.be:8800/index.php/2010/09/23/brucon-2010-day-0x1/>__. You should definitely read about the following talks:

  • Mikko Hypponen’s recount of the last 25 years of malware – which was just amazing
  • Joe McCray’s “You spent all that money and you still got 0wned” presentation; better yet, wait until the video’s out – the guy’s hilarious
  • Stephan Chenette’s presentation of Fireshark was really good, because he not only goes over what his tool does but covers the concept behind what he calls “malicious ecosystems”
  • Dale Pearson’s head hacking presentation gave me a fresh perspective on just how far social engineering could go – spooky, really. Check out his site <http://www.headhacking.com/>__, it’s extremely cool!