I wasn’t expecting to be able to go to the layerone conference in Los Angeles this weekend, but I was there and it was great! I’ve been to appsec, bsides, defcon, but layerone has all of them beat with one thing none of them provide that great. The amount of food and the quality of the food we had for dinner was insane, that’s not even mentioning breakfast! Also, if you like alcohol, then you would’ve loved it when alcohol was free for an hour during dinner. Did I forget to mention the food was built into the price of the ticket? I dislike it when cons don’t offer much food, but you paid through the nose to get in the door. I notice this because for a long time I was a vegetarian, but now I am a pescetarian and it was challenging to find food, yet I usually pay at least a hundred dollars to attend. Even if you are a normal meat eater you would’ve noticed the awesome selection of food at dinner including the desserts!
Now that I am done raving about how good the food was let me talk about the CTF, which stands for capture the flag. Surprisingly it was my first CTF, but I wasn’t in it for the prizes, since all they showed were my little pony prizes. I was in the CTF to have fun and I had a blast. Would it surprise you that a team consisting of two hackers was able to stay in the 2nd and third position on the leaderboards for the majority of the day against 35 other teams? It wasn’t till day two that we had more people on the team. Some of the challenges were easy including the XXE injection, but others which looked easy were down right baffling. What I really liked is that when we were stuck we could brainstorm and finish the puzzle. The ability to work together as a team was great and is a crucial feature that bug bounties are currently missing, but I’ll leave that topic for another rant. Anyways, I spent ten AM till whatever time the hacking village kicked everyone out working on the CTF. We were the last to leave, because we were so focused on the challenges and they had to tell us to leave because they were closing up.
The team I was on finished in fifth place, which is pretty good since there was 35 other teams! Layerone had enough people at the conference, so you didn’t feel bored and only 50 or so people showed up, but not so many that you were crashing into other people. They had no problem or didn’t notice my robot driving around the grand room where we ate while our table tested my robots response to different environments and what made it respond and react the way it did. I won’t post the outcome of those results, since I plan to use this bot in competitions but the findings were very interesting to me.
I did attend one talk by the machinist, which introduced me to a more user friendly open source 3d program that looks far better then blender. The program he used is called mesh lab and from a user interface perspective it looked great, as did the few built in features he used during the talk. See, that’s another nice thing that most security conferences don’t have and that’s talks on other subjects within the word hacking. Not all of hacking is defacing sites and finding vulnerabilities. Hacking is the art of finding unique ways to do things with computers whether you’re doing 3d modeling and have techniques to show people or you have a bunch of zero days to release. Of course, this is purely my personal interpretation of the word hacking. It’s odd that there is an entire industry that can’t even agree on what one of the main terms for their industry actually means. This shows problems in our community that I’ll probably discuss in another rant.
Anyways, if you got anything out of this post it’s that you should attend layer one next year and I hope they have food again next year!