I attended the Ruxcon 2015 computer security conference this year in Melbourne Australia for my 6th consecutive year and thought I’d post an overview of the event. I’ll cover the awesome presentations that I saw as well as the capture the flag hacking game where I spent most of my time.
I have now attended Ruxcon for the past 6 years and can definitely say that it is continually improving. If you are at all interested in security and are in Australia I highly recommend going, check the website for further details. I’ve previously posted about Ruxcon 2012 here, unfortunately I got a little lazy posting the last couple of years events.
I didn’t manage to catch that many presentations this year, for the first time I spent the majority of my time playing the capture the flag (CTF) hacking game, which was interesting as I got to apply my skills to different challenges. In the past I have had quick attempts at the CTF but never really made much progress, this year I definitely accomplished more than I expected which I suppose shows that I’m actually improving.
In the past I have spent most of my time attending as many presentations as I possibly could, some times just for the hell of it because I thought that I’d be missing out if I didn’t take in as much as possible, even if this meant attending a presentation I had little interest in or did not very well understand. While I do feel like I would have missed some really great talks this year I was still happy with the progress I made on the CTF with my team, next year I’ll try to strike a better balance between the two in the off chance that human cloning still is not possible.
Presentations – Day 1
I only managed to catch one presentation on the first day, my team spent a bunch of time waiting for the CTF to start and in the end we decided to hit some presentations while waiting for it to get set up.
Windows 10: 2 Steps Forward, 1 Step Back
The title of the talk really speaks for itself, essentially it discussed various security improvements that Microsoft have included with the Windows 10 operating system but how doing so has resulted in additional issues and that there is still a long way to go to secure things better.
The presentation included some live demonstrations which showed us various vulnerabilities in Windows 10 that had been discovered.
Presentations – Day 2
Unfortunately I missed a 9am presentation I had been looking forward to, owing to excessive alcohol consumption the previous night at the first Ruxcon after party.
Advanced SOHO Router Exploitation
This presentation showed how simple it was to find critical bugs in home / office grade routers, some techniques were demonstrated on how to look for bugs and find 0day vulnerabilities on such devices which was quite interesting.
Hacked to Death
This presentation was put together very well and was actually quite funny given the topic. Essentially it outlined how easy it is to legally make anyone dead, the current systems in place make it ridiculously simple for anyone to register themselves as both a doctor and funeral director in order to sign someones death certificate.
You might already be legally dead right now and not even know it. By doing so it would be possible for someone to commit all types of fraud for instance life insurance collection. The presentation really made it clear that the current system is terrible and needs to be fixed.
DNS as a Defense Vector
This was a great talk by Paul Vixie that covered different methods of securing DNS and finding all sorts of useful information via DNS.
Capture The Flag (CTF)
As mentioned this is where I spent most of my time, my team ended up tying with another for first place which was great. I was able to solve 4 of the challenges which is the most I’ve ever done at Ruxcon so that was a nice personal improvement, however it’s obvious I need to keep working on my skills to get better, there’s a lot to learn. Admittedly the challenges that I was able to solve were in the easy to medium tier range so I definitely still need to improve more.
I’ve been practicing and learning recently with Net Force, an online CTF style website that provides you with challenges. Most of the challenges in the Ruxcon CTF I had picked up similar skills from here so I’ll also keep working on these in my spare time.
Overall Ruxcon 2015 was great, I met a few new people and had a great time with those I already knew and will definitely be back next year. I probably spent too much time working on the CTF so will try and balance that a bit better in future, however I still have a lot to learn so that I can do better next time.
I should be attending Kiwicon 9 in December which is held in New Zealand for the first time which will be interesting, I’ll be competing in the CTF there with the same team as well but hopefully I can make some time for some cool presentations as well.