Intro Link to heading

I wanted to quickly share some thoughts about this Conferene I attended a few days ago. As you probably guessed from the title, it was the DefCamp conference which was held in Bucharest, Romania.

The good Link to heading

One thing is for certain, as far as venues for Cybersecurity Conferences go, this one really is something special. I’m not sure about previous installments, but this one was held in the Palace of the Parliament which is a truly monumental building no matter how you look at it. Standing in front of it or in one of its ginormous hallways, you truly feel small in way that pictures just cannot convene.

The history of the place is also super interesting and I spent about two to three days afterwards finding myself looking up all kinds of things about its Layout and Architecture and trying to dig up details of its construction. It also apparently houses a massive nuclear shelter below but I wasn’t able to find any actual construction blueprints or historical photos.

To be sure, one doesn’t go to Security Conferences only to admire the venue but also for the talks, the people and the random interactions you have.

I’m not going to do any reviews of talks that I have seen, mostly because I didn’t see most of them in full length and I think its way too subjective. I have been blown away by talks at other conferences that were barely on anyone elses radar. Likewise, I have seen keynotes that were basically meh but were hailed by journalists as groundbreaking.

Judging from the schedule, I think there was a good variety of breadth and depth, with (in my humble opinion) a little too much focus on AI. As I said, it’s probably best if you judge for yourself and check out the schedule or the recorded talks from last year (I’m not sure when this years recordings are going to be available).

The (not so) bad Link to heading

As with many other ‘business-adjacent’ conferences, you obviously had your booths with vendors peddling their wares and the Conference was obviously sponsored by them. I think it’s important to recognize that this is (in my opinion) the part that is definitely not what hacking is about. This is business, pure and simple. They are there because of the talent and would in general not think twice of using the hard labor of well meaning Hackers and Open-Source developers to further their business goals. I’m not anticapitalisitc per-se, so I don’t have a general problem with it. I just feel more at home at community-driven events.

The ugly Link to heading

QR Codes. We need to talk about it. It’s not an exaggeration to say that the they were plastered all over the place. Telling you “grab your merge here”, “afterparty details”, “talk schedule” or various other more or less enticing things. Sitting next to one and judging the people passing by, many people scanned it and were obviously faced with a webpage telling them that they have been phished and their device details collected. My thoughts about it are pretty simple.

  • This deters people wanting to genuinely participate in the Event, especially less tech-savy people.

  • IIRC this was done for advertisement purposed (although I didn’t confirm that) which would make it double stupid.

  • It has no technical merits and is a cheap trick.

  • In my opinion this goes against ethical guidelines.

  • Yes, phishing is a problem and people are going to click. Everybody knows and those who don’t are just going to feel stupid with that little stunt.

  • In every CTF there is a rule like “Don’t break the CTF network”, “don’t DOS other players” or something to that effect. This should apply here.

  • Some people might legitimately be lost or in need of assistance. Why potentially alienate them with stupid shit like that ?

Pictures Link to heading

building1

building2

building3

building4

con1

con2

con3

con4