This summer, a few of us at Portcullis went for a trip to Holland where the OHM 2013 event took place. This is a large gathering for hackers, geeks, scientists, engineers, artists and crafters from all over the world living in small themed camping villages for 4 days. To any frequent attendant of camping festivals like HAR or EMF Camp 2014, OHM environment was no surprise: a mix of the geeky, trendy and bizarre where a real alien space ship could easily go unnoticed.
So, what can you do in an event like this?
This is great place to discover what other people have been doing by the talks, find new ideas and perspectives which you can debate but also to get that skill you have been craving for a long time but never had the chance to grasp, through any of the workshops. Simply walking around and let your curiosity rule can bring you a very good time as well and let you find extraordinary people including some stars that only a privileged few of us, know. It’s all great but don’t take me too seriously, entertainment is a key element on it whether you fancy dancing to some techno music or to relax by beating kids at old games in the retro gaming area.
This year, OHM was particularly well packed with its very busy program going on over 20 tents holding lectures, meetings, workshops, demonstrations and other performances about everything from cooking to politics. Dominant topics were Government Surveillance, Computer Forensics, Cryptography, Lockpicking and Vulnerability Research. There was also a lot going on with 3D printers, Arduinos, Raspberry Pi and soldering of course.
When it comes to my favourite talks I would denote the grand work performed by the Netherlands Forensic Institute which brought at least 3 great presentations on fraud investigations and memory analysis. A special reference goes to Ruud Schramp on “RAM Memory acquisition using live-BIOS modification” who describes an alternative way to acquire the RAM when firewire or userspace tools are not available. This involves swapping a BIOS on a live system to prevent ECC memory from getting wiped on reboots as well as a way to bypass live plugging PCIe failures. Epic!
Another presentation that for sure deserves to be on my top 3 was “Hard disks: More than just block devices” where hacking these devices and its internal controllers brings a new meaning to the sentence “How to install Linux in your hard-drive” by Sprite_tm. Finally, together at the top comes the great vulnerability research on network devices with “Cisco in the sky with diamonds” by FX.
There were other highlights worth mentioning. Over video conference we had Julian Assange speaking about government surveillance, Google’s cooperation and, of course, the NSA case. Like it or not this was the moment that commanded the most attention and participation not to mention a few tears.
Another important event largely awaited was the “SIM card exploitation” by Karsten Nohl who has brought us the results of his 3 year research which exposed weaknesses on some of these cards namely regarding the supported encryption (DES).
There were more, many more, great talks for which I can only enumerate here but only after reminding you that this is a personal choice of someone who, unfortunately, could not attend all lectures and workshops talking place at the same time and had to make some tough decisions of which shall be the best to attend:
- “Returning signals for fun and profit” by Erik Bosman
- “Counter-cryptanalysis: fire retardant for the next Flame-like attack on MD5 & SHA-1” by Marc Stevens
- “Forensic hardware hacking” @NFI by Ronald van der Knijff
- “Low-cost vulnerability research: XSLT fuzzing as a case study” by Nicolas Grégoire
- “Tracy – system call injection and tracing” by Merlijn B.W. Wajer
- “Even more clipboard fun” by niekt0
- “The political and hacker origins of Twitter” by Rabble
- “Non-signature payload-based intrusion detection” by nemsis
I highly recommend you to have a look at these and other presentations even though at the time of writing, they were not available on the website. Stay tuned as they were all recorded and new contents are coming over all the time at on the OHM 2013 wiki.
I would like to leave a note of praise to the remarkable work by the organisation and all volunteers to bring this camping festival to life. It was quite impressive to see all the preparations down to the smallest details to make everything work and without them it would have never been possible.
It was a true privilege to attend OHM, I can only recommend it! A very healthy way to break out the daily routine for once and enjoy this non-stop party made of a great mix of technology & nature environment. Finally, I leave you with an invitation to another event that shall be pretty much like this due right next year on EMFcamp 2014. I hope to see you there!