RockyCon '05 - a report - reloaded

[<antoheri () hushmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Due to Hushmail's lack of newline support..we bring you..RockyCon
'05 -- the formatted edition.

RockyCon '05
============

What follows is an eyewitness account of a con that has
set new standards for every other con out there. The
largest underground party ever thrown on the face of
this planet. RockyCon 2005.

On July 1st a massive contingent of blackhats, sellouts
and ex-cons landed in an undisclosed location in the
deep woodlands of Michigan. Meaning, American flags,
Jesus is Lord t-shirts, and promises of hell on
bumperstickers for various activities ranging from
coathanger gymnastics to sodomy. Friday's pre-con
activities included stealing microwaves from renowned
martial arts experts, the unveiling of nachOS..an
injectable mini-OS that looks like it'll raise the bar
on backdooring standards, and a handson  sigint workshop
involving a rather impressive display of
boys-will-be-boys mentality within the global intelligence
community.

Allthough the specifics of the main event are still
somewhat clouded in a haze of pigfat and alcohol, I'll
try my best to recapture the essentials. After being
transported from the pick up point to said undisclosed
location, we were introduced to Marty the Pig. Marty the
pig was originally intended to alert the con
organisation of any intrusion attempts. But due to it's
high rate of false positives we got sick of Marty fairly
quickly, so we decided Marty'd serve better as the main
focus for the con's 'deep auditing' track, at the end of
which we were left with 150 pounds of pig, stuffed with
chicken and brattwurst, and plenty of bugs. Also, vegans suck.

It took about 7 hours for Marty to cook, during which
everyone chipped in to set the stage for the main event.
Tent pitching techniques were pioneered and implemented,
tables set up , and presentations prepared. Then we
peeled garlic for 4 hours. Which, I have to say, was
very zen. As dusk set in, the firepit was lit and it
was time for RockyCon to go into full swing.

One of the main tracks focused on 'secure by default cap
settings in trusted computing environments', and
introduced something that was described as the 'bottle
lever' technique. After everyone had a go, the true
potential of these advances in cap abuse became quite
apparent and it didn't take long before a bunch of
people applied it in the wild with an overwhelming
successrate. The presenter of this track was later
credited with advancing the art of default anti-bush
tirades, egged on by a Kevin Smith look and act-alike
dubbed 'Silent Rob'. He also got shot down by the chick
with the nipple bling, even after hooking her up with
a personal demo of blever.c. Poor guy.

There were several sidetracks, presented on a massive
projection screen which provided a nice contrast with
the surrounding woodland. Highlights here involved a
variety of zombie-flicks and listening to Eric Hines
explain how he had a patch and that it wasn't the crypto
over a trance soundtrack. Followed by the chick with the
nipple bling busting into a "USA, USA.." chant combined
with a slow-clap. Advances right there.

Then of course there was the axe-throwing track (aimed
at showing how robust the firedoor implementation was in
preparation for Sunday's demonstration). The
getting-abso-fucking-shitfaced track was the most
popular track of the evening, which resulted in a lot of
drunken gorging involving smores and pigmeat.  Someone even
got pregnant apparently.

After mixing it up with the local research community the
firepit was fired up some more, and there was a massive
cumbayah-vibe felt by all. Even by the emo-kid with the
checkered shoes. Hours of massive drunkeness, ethics
roundtables, various interesting phonecalls to pillars
of the hacker community, toad appreciation, and lugging
a 5000 pound cooler back to the hotel for no apparent reason,
later, it was time to turn in and put out.

The mornings at RockyCon consistently featured a massive
display of farting, swearing, and cognac bottle holding
by AcidReflux. His strong teeth and jaws were also impressive.

Thus came the 3rd day of RockyCon. Sunday. This day was
more focused on demos and got kicked off by sitting
around severly hungover for a few hours wishing death
would come quickly. But as our brains slowly re-hydrated
it was time for a panel discussion involving an attack
dog and Marty the Pig's head. It was concluded that
attack dogs and pigheads go well together.

As dusk set in, the last set of talks and demos got
underway. Highlight of the evening was the FireDoor
demo, which was presented with an utter disregard for
the law. From the slides: 'the firedoor is a privately
developed technique credited to GOBBLES Security, aimed
at reaching high hanging fruit.' Very fruitful indeed.
Followed by a demonstration by the con's organiser in log
maintenance and corn-shell techniques. Then there was more
drinking rounded out with an aluminium smelting class.

Also demonstrated was the reliable exploitation of a new
bugclass dubbed 'malloting'. Many bugs were squashed in
the process and penetration was tested succesfully. Then
followed the extreme sports demo where again it seemed
as the guy was lacking any reverence for the law, and burned
it up on a skateboard.

RockyCon was officially closed by a ritual burning and
the looping of an inhouse musical production leaked from
a large security company. There was dancing and
firewalking. Ultimately resulting in a fire that only
got more pissed off when you threw water on it. Luckily
we had a pitmaster who wielded a pitchfork with complete
disregard for the law to keep the inferno at bay.

Many thanks to Rocky for throwing one fuck of a party.

Here's some quotes:
===================

"(-after throwing up violently-) Anyone wanna kiss me? :D"

"String is like..loads of fun" ... "*ouch* Strings are
dangerous!"

"It's too bad your dog is a souless killer, otherwise we
might be able to touch it"

"Down Cujo, down"

"Damn, this smells like aluminium hydroxide mixed with
magnesium hydroxide and some simethicone."

"(-2 attendees who shared a room-) Did you ever play spoons?"
... "Yeah, just last night, ya fuck."

"o m g"

"w t f"

"(-to chick with nipple bling-) Dude you're totally wearing
that to draw attention to your tits" ... "am not."

"Yeah I founded that bonfire."

"(-to local inhabitant of Dawson's creek like Town-) You do
realise you're the Pacey to her Dawson, right?" .. "What
did you call me!?"

"If it's burning blue it means it's over 1500 degrees" ...
"Hehe, look, it's blue :)"

"You just called me gay didn't you?" ... "and retarded :D :D"

"Oh no this isn't *****'s Microwave, I stole it from the
martial arts place next door... :D"

"(-between two people discussing how to drain blood from
Marty-) I guess we could siphon the blood out." ... "or! if
we elevated the pig I think we can use a tube and suck on it
until the blood starts to come out, on like..an elevation"
... "dude..."

Lessons learnt:
===============

Throwing an axe at a firewall implementation is harder than
it looks.

Trying to make hippies in tie-dye shirts become aware of their
surroundings is harder than it looks.

Breaking a pig's backbone is harder than it looks.

Shoving garlic into a pig's eyeball is harder than it looks.

Trying to get rid of the enormous birds of prey attracted by
burning pigfat on a +1500 degrees fire, is harder than it looks.

Lifting 150 pounds of dead pig is harder than it looks.

Trying to entice an attack dog to furiously attack a pig's
head is harder than it looks.

Writing demos that don't bluescreen Windows XP is harder than
it looks.

Trying to keep a drunk whitehat from cuddling up to you in
the shared hotelroom is harder than it looks.

Tricking the chick with the nipple bling to take you home is
harder than it looks.

Trying to piss off the local police force is harder than it
looks.

Trying to build fire with nothing but some chocolate and a
soda can is harder than it looks.
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.4

wkYEARECAAYFAkLLRooACgkQeHRnt5iEABwHewCfauvNIU+nbuWWY0YVv4uk3L3/NxsA
n2fk+AXxCyhwddPOioyHWr+1KO3q
=1l1H
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/services-messenger?l=434

Promote security and make money with the Hushmail Affiliate Program: 
http://www.hushmail.com/about-affiliate?l=427

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave