End of August I travelled from Germany to far away Kathmandu in Nepal for visiting threatcon and the browser security workshop by Mario Heiderich and the beautiful country. Here is a short review.
Browser Security Workshop
With the conference I booked the 2 days workshop Offensive HTML, SVG, CSS & Other Browser-Evil. The covered topics:
- History of browser security and the browser market
- Defense 101
- XSS
- URL obfuscation
- Unicode, character sets
- Breaking Filters (WAF)
- IE/Edge compatibility modes
- mXSS
The presentation includes 255 slides, so in 2 days it was not possible to cover everything, also there was no time for the hands-on parts. XSS is not the big topic anymore, but I was happy I can fresh up my knowlege and also learned some new stuff.
The Conference
The conference was one day with a single track, so contrary to Blackhat & Defcon everything was clearly arranged. On the speaker list were Mario Heiderich, Jim Manico, Georgia Weidman, Vignesh, Yogesh Ojha, Aniruddha Dolas and Prashant Tilekar, you may see some familiar names here.
Between the presentations there was lot of time for networking and discussions, with the business pass I also joint the evening event which came with great drinks & food.
For me the best at conferences, of course, is the networking part. It was a great pleasure to meet and connect with new people and friends.
When you are new to IT security I highly recommend to visit smaller and local conferences if possible, it is much easier to connect and to visit.
Thanks to the organizers of threatcon for a great event.
Visiting Nepal
After the conference I took four days for traveling and sightseeing, this is just a very small impression (I made >1000 shots). I travel a lot, and this was one of the most impressive experiences I’ve had.
We learn Security! 