Area 41: THE hacker event in Switzerland. Never heard of it? That could be because the conference was previously called “Hashdays”. New name, still just as cool. After two years, the IT security conference took place again on 15 and 16 June 2018 at the heart of Zürich. IT security experts and security enthusiasts travelled from all over Switzerland to focus on the newest security issues and latest hacks over two days. So, the perfect opportunity for the InfoGuard Red team to combine work with pleasure!
From the outset, the organisation of Area 41 was top notch. By the time we had grabbed possibly the coolest badge ever, we had already been plied with coffee, croissants and other sinful goodies. The start-up video – the 80’s live on! – was accompanied by a catchy 8-bit melody. After that, everyone was awake if they weren’t already! A short greeting later and the conference kicked off with the first keynote speaker, Costin Raiu, Director of the Global Research & Analysis Team at Kaspersky. Raiu demonstrated which new technologies can be used to identify malware and its origin. It was even possible to identify evolved forms of various malware generations amazingly accurately – very exciting! The utmost concentration was needed throughout the day but, naturally, we wanted to attend as many of the 22 Area 41 talks as possible. Our highlights? Here is a brief summary of our top 3 talks!
“Monitoring macOS for malware and intrusion”
Windows systems have long since had this feature. Now, finally, there is a counterpart on macOS: sysmon. Daniel Roethlisberger from Swisscom CSIRT has been concentrating on a long outstanding problem for years now: developing a high quality monitoring tool for macOS systems. His tool (github/xnumon) can be used to record system activity and can, where necessary, consolidate it in a centralised location – just like the feature Windows has provided for years.
“From DDoS to mining: Chinese cybercriminals set their sights on Monero”
The key message from the talks: While the malware on the black market may be offered “clean”, it could, in turn, contain backdoors.
All joking aside. At Area 41, David Liebenberg from Talos provided an overview of China’s DDoS and mining scene. His analysis of the tools and technologies used was particularly fascinating. Among other things, he explained the Monero mining tool sold on Chinese hacker forums together with malware samples collected via honeypots and Chinese social media platforms. An interesting and highly informative foray into the world of Chinese hackers.
“The day you got hacked”
Our last-but-not-least highlight was the presentation by Pascal Gloor, Principal Network & Systems Architect at Quickline AG. I had personally eagerly awaited this talk – and it didn't disappoint. Gloor gave an overview of something which is itself causing quite a stir in the media. The day a Swiss ISP was hacked. When else would you get the chance to learn about such an exciting day? Definitely not very often. I can tell you that the essence of the talk was this: Never fixate on a single problem but always keep an eye on the bigger picture. Otherwise, it can be easy to overlook vital clues to solving the problem.
Double thumbs up for Area 41
The other Area 41 talks were also well worth seeing (for example “The Story of Greendale” - available online in approx. three weeks). For us, however, what really should – no, must! – be mentioned is the catering. A truly extensive, first class service was included in the price. Club Mate was available by the litre along with delicious food. But of course, that’s not the only reason I can recommend that security enthusiasts attend this brilliant conference. We spent two fantastic days at Area 41 – probably one of the best-organised conferences in Switzerland.
PPS: Finally, a couple of random facts: There were a total of 375 attendees, 18 sponsors (including InfoGard) and 22 talks/keynotes as well as 4 workshops at Area 41. Also, 500 bottles of beer (excl. wine) were drunk at the BBQ and I walked some 11,000 steps over the conference days.
Cover Picture: Area41 Security Con, https://twitter.com/a41con/status/1000659243219988481
Picture 2 (GIF): Yolan Romailler, https://twitter.com/AnomalRoil/status/1007545909406785536
Picture 3: Chris John Riley, https://twitter.com/ChrisJohnRiley/status/1007988973455728640