NorthSec 2024 (FeetSec 2024?)

Let’s get this out of the way

NorthSec has nothing to do with feet, but somehow that became the theme this year thanks due to something getting lost in translation during an event. If you know, you know. If you don’t, then I guess you’ll have to come to the event in the future and find out!

gr33tz to team feetfeetfeetsec

I wish the NorthSec conference wasn’t only two days

The amount of outstanding content, workshops, and side quests that NorthSec offers is just too much for only two days. It’s unbelievable value, and I’m so glad they opted to increase their prices to keep their event to the level of quality they want.

If you show up to NorthSec, expect two full days of content from experts in their fields, a huge community room with tons of activities, tremendous workshops where you’ll get hands-on guidance from (again) experts in their fields, and some of the best vibes from any event I’ve ever been to. While NorthSec is (I believe) heavily financially driven by sponsors, beyond the occasional booth and shoutout in opening/closing ceremonies it is one of the least commercial events I’ve been to. BSides, DEFCON, etc… will all have logos plastered everywhere and the influence is obvious but NorthSec still feels like a hacker con and the organizers are very aware of the value of that.

But is it really only two days?

No! There’s the CTF, and I was able to participate in it this year!

Holy shit.

Those are the words to sum up the experience of the CTF. I touched on it briefly in my writeup of last year’s event but I really didn’t get an appreciation of it from only being there for a few hours. Taking part in the competition from start to finish really did feel just like LAN parties of old, though without (as much) warez swapping.

While I’ve participated in many other CTF events, they’ve almost always been somewhat narrowly focused by merit of being online. NorthSec’s CTF, by merit of being in-person, opens up so many other opportunities for amazing challenges. This year had everything from safe cracking, forging prescriptions, and cracking lottery algorithms to reverse engineering embedded systems, breaking crypto, and using security software against itself. If you’re coming and hoping to compete seriously, make sure you’ve got a team that can handle anything, and I mean anything that could be conceived of as a puzzle in meatspace or on a computer.

One of the other things I really appreciate about the CTF event being in-person is that it’s impossible to compete (or really participate at all) remotely. Since the event physically shuts down from 3-8AM you’re somewhat forced to take a step back and get some rest. While 5 hours of sleep (minus travel time) isn’t much, it’s far better than nothing.

Any complaints?

The chairs for the CTF were a bit uncomfortable to sit on for nearly 36 hours, but that’s pretty minor given the number of couches, bean bags, etc… that you could also go chill on.

What did I do at NorthSec 2024?

I delivered a talk about LLM vulnerabilities and how they’re basically the classic OWASP Top 10 in a trenchcoat and a fake mustache, and I also competed in the CTF!

The talk went well, but similar to my talk in 2023 I don’t think it’s quite the right audience. NorthSec tends to attract folks who expect a significant level of depth in presentations, and mine wasn’t quite there. Room for improvement for next year.

As for the CTF, well you can probably tell that I had an absolute blast. Out of ~80 teams (if memory serves) we came in 25th. Our goal was absolutely not to win but to learn and have fun. We absolutely did that.

Special shoutouts to my teammate padraignix who absolutely crushed the RE/crypto challenges related to the badge firmware. He did so well with the challenges that he has actually been invited to help craft the challenges for 2025! That sucks for our team, but is an amazing opportunity for him!

Should you go to NorthSec?

Yes.

There are no conditions for that recommendation, still. Go to NorthSec and support this great event.

If you can’t go to the conference, go to the CTF. It’s outstanding value for money with free beer/coffee/snacks and some of the best puzzles I’ve ever seen. The CTF is also priced to even be affordable for students, and is set up so that you can sign up solo and still land with a team.

I can’t say enough good things, so I’ll stop here. See you there in 2025!