This last weekend I took a trip up to Montreal for REcon.  If you’re unfamiliar with REcon, it’s a small security conference focused on topics most interesting to reverse engineers.  As such, the talks are more technical than you will find at other more mainstream conferences like BlackHat or DEFCON, and generally require a certain level of expertise as a baseline.  If you don’t understand assembly language, you’ll probably not get much out of at least half of the lectures.

Upon arrival at the conference hotel, it was immediately noticeable that the air conditioner was not working.  Had the conference not been in this hotel, and if I didn’t really like being extremely convenient to the conference, I probably would have not even checked in and gone somewhere else.  They assured me that the air conditioning would be fixed “tommorrow”, as they did every day, and it actually was fixed in parts of the hotel over the five days I was there, however it was never fixed in my room.  Luckily I didn’t spend much time in my room as I was attending the conference and going out to the various clubs and bars to socialize with other REcon folk.  Other than the heat issue the conference was excellent.  It’s definitely a contender for my favorite small conference, of which that title is currently held by ToorCon.

Montreal was nice, although predominantly French Canadian, so it was good to have so many friends around that could speak both French and English.  For the most part, in the nicer establishments such as hotels and nice restaurants the people there were usually fluent in both languages, however in the random bars or clubs, or fast food restaurants, it was fairly hit or miss if you would end up speaking to someone that spoke English.  Since I don’t speak French other than a few words that I picked up during my stay, having French speaking friends around was extremely useful.

The first two nights of my stay I overslept due to the alarm clock being set exactly twelve hours off.  The first time I overslept I chalked it up to user error with an unfamiliar alarm clock, but when I overslept a second time, I knew something was amiss.  Due to oversleeping the first two days of the conference I missed a few of the lectures that I had wanted to see in the mornings, however I did manage to catch some of the others.  Below are my notes and impressions from some of the more interesting ones that I did manage to attend.

Jonathan Stuart – DMS, 5ESS, and Datakit VCS II: interfaces and internals

This was a fairly interesting talk about interfacing with various telephone switches.  I used to dabble in this area way back in the day, so some of it was a bit familiar, but not since the mid-90’s have I done much telephony stuff until the past few years and my adventures in VoIP land.  While informative and interesting, the omissions of the “juicy bits” got a bit repetitive.  However understanding the speaker’s background it was understandable.

Dino Dai Zovi – Mac OS X return oriented exploitation

I really enjoyed this talk.  My last couple years at BreakingPoint I wasn’t doing much fully functional exploit development as the BreakingPoint system takes exploitation up to the point of triggering the vulnerability and no farther, so I hadn’t been keeping up with new developments in the exploitation field as much as I should have.  When ROP and borrowed instruction programming recently became all the rage, I gave it a passing glance and understood the concept, but didn’t really dig too much into the details.  This talk was an excellent overview and filled in most of the gaps for me.  Now I’m somewhat motivated to go write some ROP/BISC exploits (:

Travis Goodspeed – Building hardware for exploring deeply embedded systems

Another talk I really enjoyed, Travis covered a bit of time on his GoodFET JTAG interface as well as spoke about reversing some various hardware as well as a clicker device used in academia by students to answer questions, vote on things, etc.  Apparently there may be some legal issues surrounding the disclosure of some of the clicker information, so here’s to hoping that Travis stays out of the pokey (:  I’m also now motivated to finish assembling these two GoodFET boards that I have sitting here…

Ricky Lawshae – Picking Electronic Locks Using TCP Sequence Prediction

Although I’ve seen this talk before at AHA!, it was good to see a prior colleague getting out to speak.  Ricky covered sending unauthorized commands to physical access system door controllers via TCP packet injection.  For a turbo talk it was well organized and he paced it well.  Good job, Ricky (:

Overall I had a great experience at REcon and met a ton of awesome people.  I also had an opportunity to catch up with many of the usual suspects, including Richard Thieme who was keynoting this year.  Richard has a new book that was recently published entitled “Mind Games”, of which I picked up a copy that he graciously scribbled on for me.  So far it is an excellent read and I highly recommend picking it up.

As far as REcon goes, I completely intend to go back again next year as apparently Hugo plans to forgo the bi-annual schedule he’s been on and go annual!  So, I’ll see you all again next year at REcon (: