AppSec

Hackers Teaching Hackers 2024

Hackers Teaching Hackers (henceforth HTH) is a information security conference held in Columbus (Well, OK, Canal Winchester) Ohio.  It's at the BrewDog brewery and hotel, and features two days of trainings, a day of villages, and a day of talks.  All in all, I had an excellent time.

HTH started back pre-lockdown as 614con, which I could never go to because it overlaps with Origins.  Every year, they would ask me to run locksport, and every year I had to turn them down because Thing One and Thing Two needed to play their games (fair enough, I do too...). But last year, I timidly got started, and this year was full on in.

BrewDog is an excellent venue for a small community-led con.  Their staff takes care of you, there is copious space for stuff n things, and you get put together three legit tracks without a lot of sound overlap. The food is awesome, and the bar has NA beer - GOOD NA beer, too.  So all in all they are fantastic, and there should be a developer con there.

HTH was very well organized.  Last year there was no time between talks, and that created a real traffic problem.  This year had a more traditional schedule.  They had a main room and two smaller callout rooms, which worked out well for the number and type of talks we had. Meal times were well structured and the food was good and copious.  Remember when you come next year, it's a little more money than some cons, but they feed you dang well.

I attended the keynote by Stephen Sims from SANS on how vulnerability researchers can make use of AI for good, and he has some solid points.  I also heard Mick Douglas talk about AI vision systems, and woo, man that blew my mind. He had some solid examples and let us in on his plan for Defcon 2025 ... but I'll let him announce that.

My talk was on Veilid, and was well attended.  Everyone seemed to be entertained.  I pretty much covered the content of the developer book I am working on with the team, but with some demos, playing around with VeilidChat, and general tomfoolery.  I did unlock a new Speaker Achievement during my talk.  Twenty-four hours before I took the podium, my laptop was in small pieces on a FedEx truck.  In the span of time between then and introductions, I built the Framework PC, installed Ubuntu 24, set up the entire development stack for Veilid, synced my slides, and practiced.  It was a hell of a ride.  You know those speakers that say "I just finished this deck last night!!" - yeah, well, I got them beat.

The CTF was something else entirely. I don't think I have seem a CTF that complex outside of DefCon.  I didn't do it, but I sniffed around, and there was everything from OSINT to tamper evident bypass to malware reversing to badge hacking.  I don't know what system they used to manage it but based on the Discord it was incredibly smooth.  I only saw maybe three people have a problem getting flags posted.  It was very, very, very well run.

It was awesome to see everyone, and great to talk privacy, big tech, and getting angry.  I got to bring my daughter for setup, and she was enamored, so I am thinking a full pass for her next year. Certainly making plans in advance - Hackers Teaching Hackers is a conference not to be missed.

Mastodon