0x3 Things We Liked About Disobey

We’re back after the weekend in Helsinki, and the office is resonating with Disobey-stories ranging from audit daemon to parties featuring Borat-swimsuits. Rumours about this event being great reached us long ago but a sincere bow to the organisers - it truly is one of the content-richest and crowd-vibrant infosec events in the Nordic region.

To get you in the mood, here's what happened before each main stage presentation. Video credits: @_kurimo_ (turn the bass up!):



So, what's to like about Disobey.

0x1 the CTF.

Binging the CTF seemed like the central goal for a lot of folks at Disobey, the tables and cables were indeed crowded. Their passion was contagious because after spending some time as the fanbase of team Clarified Security, our CEO Renee decided it’s time to dig in. Thanks for the USB -> ethernet adapter, friends. Though we were too late and too few to put us onto the pedestal, it was fascinating to stroll around in the CTF machines using SpectX and figuring out what the organisers had had in mind. For example:

1. Get the

-----ORTVA BCRAFFU CEVINGR XRL----- ….

2. Execute

SELECT ROT13('-----ORTVA BCRAFFU CEVINGR XRL-----...')

3. Use the key to configure a DataStore in SpectX.
4. Execute

Execute LIST('ssh://brutus/**************/*').....

5. List all the files changed manually before 11 January (the first day of Disobey):


6. Look around. Scrolling through the result -> hm, these files in the bin-folder look interesting  -> sudo -> bingo.

0x2 the presentations 

“Ghost in the locks” by Tomi &  of F-Secure is probably the talk resonating the most after the event across the audience. A hacker standup at its finest. If you missed it you can
a) impatiently wait for Disobey’s Youtube channel to launch 2019 main stage presentation
b) watch an earlier version of the show on the F-Secure website  
On a related note, having talked to quite many people at the event, our observation is that if you’re at Disobey, there’s a 25% chance you’re from F-Secure :)
Meddling with car heaters by Tuuli Siiskonen has also triggered quite a bit of storytelling among Team-SpectX, not to mention tackling Linux Audit daemon records with the Elasticstack.

0x3 the crowd
The internet around Disobey is a bit FUDdy, like Benjamin talking about interactions with the Finnish police when organising the event and this write-up from 2018  suggesting you leave all your devices at home not to be a walking target. In reality, there were a lot of friendly faces asking intelligent questions from the speakers, enjoying the beer (but not too much) and most of all - folks not taking the world too seriously (photo credits: @RikuJuu)

Suggestions for #Disobey20

  • Vendors, thank you! Keep the beer and cocktails flowing, it was awesome. Pro-tip: the Nixu "cave", if found, had the shortest queue and many folks available for in-depth conversations.
  • Please, let there be a moderator for the lightning talks. From what we saw - there seemed a couple of people ready to step up and a small crowd ready to  cheer them but the situation quickly slid into awkwardness and could’ve used a moderator to set the stage.

Conclusion

We’ll be back in 2020, equipped with SpectX, more team members, ethernet adapters and joy. 

Back to articles