As I dragged myself out of bed the first morning it was hard to wrap my head around the fact that I was in another city for another conference. I’m not complaining, more so I wasn’t sure where I was for the first few minutes.
Soon after I remembered that I was in Amsterdam I wandered out into the light of the daystar. I was off in search of waffles and coffee before making my way over to the venerable Grand Krasnapolsky hotel for day one of the sessions at the 2017 iteration of the HITB Amsterdam conference.
The first talk that I took in was one that tackled mainframe related security. The talk by Ayoub Elaassal called, “Breaking the fourth wall: Hacking Customer Information Control Systems” caught my attention. After having spent almost a decade in the power systems space I could not miss this presentation. I was not disappointed. I recall early on in my career a venerable grey beard looked me dead in the eye and said, “Never type $! on a mainframe.” This advice stuck with me ever since.
Elaassal talked about his experiences as a pentester dealing with engagements for clients. One phrase that he was met with, which I recall hearing many times, was “So what, it’s behind a firewall”. This was specifically regarding the fact that he was able to demonstrate to the clients that his team was able to read configuration files et cetera. The all to common “we have a firewall” retort is a troubling one. This is a myopic view of network security and often demonstrates a far deeper problem with the security posture of an organization.
During the course of Elaassal’s presentation he demonstrated how he was able to gain access to a system a showed a tool he wrote to help automating that sort of attack. The audience gave a polite round of applause and it gave me a moments pause as I thought of the defenders that will have to contend with the sort of issue. This really caused me to break into hives as I remembered being that person.
This talk started off the conference on a great tone for me as it continued on from that point with good talks by and large. This is a conference where I can tell that the review team did a great job of working though the submissions.
On the second day of the conference I found a seat in the back row and pulled out the laptop to start working on my own 2018 submission. It’s funny how inspiration can strike at the most curious of times.
The next iteration of the HITB conference series will be the GSEC HITB conference in Singapore this August. The CFP for this event closes on April 30th. This will be a
single dual track with 12 available speaking slots. The rather nice thing about this conference is that the attendees vote on the submissions.
The HITB organizers also mentioned during closing ceremonies in Amsterdam that there will be a new conference offering in China coming up. For those of you were not able to be attendance this year you can find the presentation materials here.
Congrats to the HITB for all their great work! I’m looking forward to the next Amsterdam installment.