Early this month, I attended the 10th edition of Hackfest. It was my 4th presence at the event and I absolutely had a blast! Here are some thoughts on the event.

Talks

I watched many interesting talks on a wide range of subjects. Some were more oriented toward soft skill like Justin Ryder whom talked about becoming a consultant and the challenges associated to this career path. My key takeaway is that the road is pretty tough but perseverance will eventually get you there. Invest in your training, develop a strong network in the industry and stay humble: keep learning. Another talk that grabbed my attention was Haydn Johnson presenting about communication in the workplace. Our relationships with others are more important than we might think. Organizations are definitely political and small talk with genuine interest is always a good investment for you.

I attended technical talks as well. I learned a lot about Industrial Control System in Liam Graves. This environment holds many challenges such as maintenance, handling legacy systems, complexity and scale. Security must not be seen as an afterthought, systems should be secure by design. Over the years going to Hackfest, I learned that one should absolutely go to Johnny Xmas talks. This year, he talked about scraping Venmo’s public feed. He made some interesting discovery when looking for correlation between transactions identifiers(emojis) and vendors. Venmo is most certainly used for illicit transactions and the emojis are pretty clear about it: ❄️ = cocaine, 🌳 = marijuana, etc. Some interesting tactics were necessary to be able to bypass Venmo’s bot detection and be able to fetch a lot of data efficiently.

CTFs

For the past years, I learned a lot about cyber security(especially application security), but I was mostly passive. I attended conferences, watched videos and read documentation online. This year, I decided to take action. I want to get into bug bounty, so I put in the effort to practice what I learn instead of just absorbing information. I began doing online CTFs and exploring vulnerable virtual machines from VulnHub.

Thus, I spent a lot of time on the various CTF during Hackfest. I had a lot of fun solving almost all challenges of the beginner CTF which was available during all the event. On the other hand, the official Hackfest CTF was pretty hard. I managed to score a few points but most of the challenges stayed unsolved. Finally, there was an OWASP Mini-CTF offering standard web vulnerabilities which I managed to complete all challenges but one.

Networking

Finally, since it was the 10th anniversary of the organization, the founding team made a talk presenting the history and some behind-the-scenes anecdotes. It was a very inspiring talk for me because I’m currently building an infosec community in my city. It’s reassuring to see their journey from a pretty small group of friends passionate about security to a full-fledged conference.

Between the talks and trying to solve the CTFs, I took some time to meet new people from the Hackfest community. I loved to learn about how it is to work in infosec or simply chat about our interests in IT/cyber security.

Once again, I greatly enjoyed my time in Quebec city for Hackfest and can’t wait for next year! :)