DefCamp 2011, the first cyber-security conference in Romania, was held in Bran between 30 September - 2 October. Almost 70 hackers gathered to talk, share experience and have fun.
PrologueI learned about this conference first from Andrei Avadanei at GrepIT. He told me that he has secured 2 nights for about 60 persons, at a nice hotel in Bran. I was a little sceptical, but nevertheless, I waited for an online confirmation.
Then on 9 September, the website went on. Based upon a form, the participants were split up in 2 groups: VIP and non-VIP. The VIP ones had their accommodation paid, at Club Vila Bran.
First dayI took the bus from Valcea to Bran on 30 September. After a 5 hour travel on the potholed roads of Romania, I finally arrived near the hotel. There, I met Andrei and other guys from RST, a well known Romanian security forum which I often visit.
Also, I met Vlad Stoian. He is a CS student at University Al.I. Cuza in Iasi. We talked about computer science Olympiads at Yahoo! Open Hack, and he was in the jury at InfoEducatie (but not at my category). So we decided to stay in the same room.
After the keynotes, we went to the nearby restaurant to eat. Adrian Zainea was a guy who helped Andrei organise the event, and he was especially intrigued about us, hackers, as a community. So we tried to explain him the basic rules on how we live and work.
Second dayPresentations started at 9 o'clock with Tamper Data for Processes, by Ionut Popescu, where he presented methods of hijacking processes (this was the most exotic presentation for me). Then Andrei presented his pet project SYDO, a plugin which tries to secure data permissions between client and server, by adding another middle server (it's available on Github). Then, one of the most interesting presentations was by Ionut Maroi on SQL Injection, because he coded a demo website, where we could exploit the vulnerabilities. Then Andrei came yet again, and presented us his big project, Smart Fender, a defensive platform with lots of tools that help developers be prepared for attacks be malicious persons.
Last dayAt 9 m, we were sleeping at the first presentation: Injection in forms, by Dragos Gaftoneanu, and then we slowly woke up at "Bypass CSRF with Captcha". At the award ceremony we learned that we got 2nd place, and that Cristofor Ochinica owned us, finishing level 5. However, me and Vlad won Bitdefender licenses and an external hard drive.
Going home was not as easy as I planned, because I didn't know where the bus picked up people. So I managed to loose it for the first time. But the 2nd time, I wasn't alone, so successfully got it right