An ode to the tiny ones *sniff*
There are a number of happenings that crashed my life since the last blog post like.. oh lets say, like an elephant crashing a porcelain store. The malware clan, calling it clan as it is multiple families, so the clan I've been following since last year’s Hack.lu turned out to be most likely nation-statey, believed to be operated by French intelligence. Who would have thought.
Last week I presented on the most interesting furries out of the 'Animal Farm' or Cartoon Malware as I'd rather call it. This presentation was given at SyScan'15 in Singapore, which, for me personally, is something like the mothership of all cons.
I have done a hell lot of conferences the past two years. Now how that happened is a hell lot of stories, but let me tell you, I had a hell lot of fun. Hell.
Maybe we agree, more than anything else conferences are about the people you meet there. At a small event you get to meet everyone, at least twice, you have to, even if you try to avoid someone. Not that I ever tried that. Usually the conference is happier to have you than the other way round. I've been to big conferences, not naming any, but all of them left me kind of depressed because.. Welcome, hope you learned something, thanks for your money and take a drink on the way out. Sad. This, while most of the small ones only ever made me sad as they had to end at some point. But always with the note 'See you again next year'.
Not SyScan though, not this year. This year's SyScan was the last one, the organizers giving up concurring with an overload of security conferences flooding Singapore. This is a tragedy, for our industry is losing an event with high quality content and an almost scary density of security professionals gathering there. The magic of SyScan is a mix of having been around forever and being badass technical, not simply attracting but creating a crowd of industry rock stars.
But being selfish as ever it feels more like a personal tragedy for me. SyScan was the very first security conference I have been to two years ago, and it were the people I met there who were the support and inspiration that kept me going ever after. So this year I happened to meet again with the wizard who sparked my interest in reverse engineering, another wizard who kicked my ass to perform my very first conference submission and with the wizard who pushed me to jump over my shadow to research shit I had never heard of before.
So.. in case you missed it. Today I occasionally turn nation state malware inside out. The con I submitted to back then was Defcon, and guess what, they accepted; and so did lots of others I submitted to later. And if I am not mistaken I got something lying around here like an 0-.... oops I didn't say that. Imagine, how I felt wandering around the holy halls of Singapore’s Swissotel again?
Needless to say, being accepted as a speaker for SyScan'15 left me mindblown, unable for a while to actually believe this was happening. The last SyScan was the most exciting, funny, awesome, scary and challenging conference ever. I have never been so scared of screwing up as I have been trying to not miss out on a single minute of conference. And tell you what, it was awesome. Two days of no-bullshit talks, fruitful conversations and valuable insights, meeting folks who me and many others are looking up to. I _so_ hope this is not the end of an era, and I so know I’m not the only one with that wish.
On the way out I heard a whisper about SyScan’16 and, among us, doesn’t that sound like _so_ good?