Kernelcon 2023

This is a week late, but April 14 and 15, Security Conference Kernelcon was hosted in Omaha, NE.  I was fortunate to be able to attend and greatly enjoyed my time at the conference.  

Kernelcon started a few years ago and I unfortunately had not been able to attend.  Shortly after, the pandemic hit and they went virtual for a few years like the rest of the world.  This year I heard about it late, but was able to get the day from work to go attend.

Omaha has a relatively small info sec community so it was nice see many former colleagues who I hadn't seen in a few years.  Outside of getting to see them again, I was able to participate in the capture the flag and catch some excellent talks.  

The CTF was more red team focused and definitely outside my usual wheelhouse but was still a great time.  It was all themed around Mario and one of the cool unique things they did was give each team a box with 3 balloons attached to it, similar to how the balloons were in Mario Kart. If you answered questions within one specific category on the CTF, the boxes would send an electric charge up some wires attached to the balloons causing them to pop.  It was cool to be in the room and hear balloons popping and knowing a team had just solved that puzzle!  I think it could be even neater in a versus style game where each team is trying to defend and protect their balloons from the other team.

The talk that stood out to me the most was the hackers vs the auto industry.  The hacker who presented, along with several other members who were not there, were able to compromise a large number of vehicles, mostly by focusing on the SIM cards and APIs being used by the vehicles to communicate. A large number of manufacturers utilize a same back end vendor and once they compromised that vendor they had access to over 100 million SIM cards that were in the vehicles.  It was definitely a very interesting talk with broad implications.  Even worse was that for such a big find, the bug bounty payoff hardly seemed worth it.  

Overall, I had a great time and I am definitely looking forward to attending again next year.