A couple weekends ago was Cyphercon. This was not just the first(and not the last) year for this event, but was a few other firsts for me. A conference that was supposed to be one Saturday, with a special little party for VIPs the night before, blew up into a 2 venue, 2 day conference that went not just smooth, but very well in my opinion.
There were a lot of little nuances to this con, and I am sure I missed out on some. Still, if you looked at it in the simplest of ways, it was broken down into a few basic areas: the speakers, the contests and the villages. I could talk about the wonderful talks, but I really only saw the first evening talks, with a smattering of pieces of the talks at The Safehouse on Saturday. What I saw were awesome and can be watched at IronGeek’s Site. I do recommend Red Dragons talk on China, J0hnnyXm4s and Hacks4Pancakes, and Chris Robert’s talks on Friday. I am still going through the Saturday talk videos due to the contests, but we will get into that in a bit. The villages were pretty standard. lock picking, electronics, some vendors, and even the Wisconsin Hacker History group (who remembers the 414s).
Contests, you had the main overall Hack the Con contest which was broken down into different categories, from cyphers, to electronics, hacking, and even social. Here, points were gathered by scanning QR codes. The more interesting thing was the social portion of it, as each attendee had a QR code given to them, and once registered, you could scan each others QRs for points. It actually causes more interaction with each other and allowed people to meet who might not have talked otherwise. Basically an icebreaker for us, and considering how often I hear of the amount of introverts in infosec, a great idea. There was the old safe at the Safehouse that would give a lifetime badge if you could crack it, but no one was able to. There was a Wireless CTF that yielded a prize for winning that contest, along with QR codes for points. Then there was the cryptography challenge.
I would love to do a full write up of each challenge in the Crypto contest, but to be honest, I didn’t keep notes as I was over focused on helping my team solve the problems. What I can do is give a basic account of how my awesome partners David Schwartzberg and Steve McGrath and I went about solving all the puzzles. It was not easy, but a lot of fun.
When you are someone like me, you tend to wonder if you are looked at in your industry as a fake, I haven’t done a lot to have much notoriety, or as a value. My thoughts on that changed over the course of the Crypto Challenge at Cyphercon. Having been at only a few other cons, and never really having done challenges at them, I figured I would see if I could crack a code or two in the challenge. Where I sat though Steve and David, who I’ve both known for a while through Burbsec, were already sitting and David was work on the Crypto challenge. to be more precise, I was trying to figure out the initial challenge in the con book, and David, who had already gotten past that and gotten the crypto deck of cards, was working on trying to get Steve to help. I was sitting in between the two, so when I was looking at the cards, Steve got a chance to see them. I don’t know if it was this or David’s constant asking him, but Steve started working on the cards with David, as I tried to help a bit but mostly was watching and learning. It was after the first of many challenges that the deck had was solved, that I started to feel like I was pulling my weight, and it all started because of a clue.
I grew up listening to old time radio and fell in love with a character by the name of The Shadow. He is still one of my all time favorite detective/superhero type characters (pulp fiction her if you really want to get technical) . David and Steve had found the right pattern to put the picture cards (K,Q,J,A) to get the crypto straight for those challenges and the first one they were working on, David recognized the code, but it had extra characters in it. The clue though was about a specific Shadow story which used the bionicle code with a modifier character which turns the grid 90 degrees left or right or 180 degrees. Once I was able to remember that, Steve and I decoded that cipher while David started on the next one. This was the start of the pattern we used. We would work together on the same code at times, and at times split off to doing codes individually and then rotating who had which code when we would get stuck. The reason this worked was we kept an eye and ear on what each other was doing and were constantly talking about the different challenges. This ultimately allowed us to finish every code just as the day was nearing its end. I know there were other people who had been getting close, but as far as I know we were the only ones who cracked every single cipher and, at the Crypto master’s request, “assassinate” Korgo (the other founder of Cyphercon). As with the Wireless CTF as we got to the harder challenges we got QR codes to scan for point in the Hack the Con contest, which was key for me. See as the winners of the Crypto Contest, we got a Lifetime badge to share between the three of us. As we got to the end of the contest though, I was in second place overall for Hack the Con. The last QR code could only be scanned by one person at the conference, and while Steve was not doing the QR scanning, David was but was sitting a few spots lower. They allowed me the honor of scanning the last QR code, which put me over the top on the Hack the Con(I got a lot of social codes on Friday), which won me a lifetime badge of my own. I am grateful to them for the honor. It also shows what happens when we work together, putting our egos to the side.
When Cyphercon come back next year, I know I will be attending. I am curious to see what they have lined up for next year as they said the theme would be based around the TV show Fringe. For a smallish sized con, this one could become something special besides being a nice con between Shmoo and Thotcon.