Technology Exhibition / CommSec Village

Access to the HITB CommSec Village Exhibition area is COMPLETELY FREE and OPEN TO ALL from 0900 – 1800 on the 12th and 13th

(Please register first before entering the CommSec area, unless you are also attending the main conference) 


What is the HITB CommSec Village

A free-for-public showcase area which features exhibits and workshops by the security communities, open source groups, enterprise bodies and technology companies. Come check out latest projects, gadgets and toys. Or get involved in some hands-on workshops, soldering and tinkering at the hardware, soldering, or lock picking villages. And of course, do be sure to check out the highly-popular HITB Capture The Flag competition which will run here across both exhibition days.

A laptop is required to participate in most of the on-site contests / challenges.

On-Site Activities

Badge Village by Qihoo360

All registered conference attendees will get their own HITBSecConf2018 – Amsterdam badge exclusively designed by the Qihoo360 Unicorn Team!

Come by the badge village to unlock secret badge features, mini games and more! We’ll also show you how to get started reprogramming the badge and hacking it to do more stuff!

For non-paying conference visitors, badges can be purchased on-site for EUR35, but supply is EXTREMELY LIMITED, so please come early!

What’s On the Badge?

  • IR and 433Mhz Packet Decoding Game
  • Mini Games
  • Hidden Challenges

The badge is fully open sourced (both the hardware and software will be provided along with the firmware for the badge).

Hardware Specs:

  • MCU: STM32F103
  • Flash: W25Q32
  • 1.3 inch OLED
  • 433Mhz RF Receiver
  • IR Receiver
  • 6 Buttons (Up, Down, Left, Right, OK, ESC)
  • 6 x RGB LED

In addition, limited quantities of the UnicornCUBE / HackCUBE will also be available for purchase and for pre-order. Copies of the newly released Inside Radio: An Attack and Defense Guide will also be available for you to pick up.


Hardware Capture the Flag by Quarkslab

Organized by the team of ninja’s at Quarkslab, this CTF will involve hardware-oriented challenges. Be prepared to deal with various tasks involving RF protocols, RFID, automotive, soldering, micro-soldering, side-channels, etc.

To register (as an individual or as a team), please come by our challenge area. We provide all the require tools to solve the challenges, you will just need a laptop to solve some of them. Note that Linux is typically easier to work with than Windows when it comes to compiling tools, dealing with drivers etc.

The CTF is jeopardy style: you’ll get points when you solve challenges. The first three winners will be rewarded with some nice tools sponsored by WhiteMotion.


BeVX Reverse Engineering Challenge by Beyond Security

Join this reverse engineering and exploitation contest and stand a chance to win a trip to Hong Kong to attend the beVX conference in September! Participants will need to reverse engineer and write an exploit a vulnerability in an ARM binary. The first person to submit a complete solution will get a round trip flight and accommodation and entrance to beVX conference in September in HK, second place gets flight and entrance, and the third place gets an entrance ticket to the event.

The link to the download page and game instructions will be provided on-site during the 12th and 13th. The challenge binary will be internet accessible and downloadable on-site – you do not need to sit at our booth to solve it.


SCADA Capture the Flag by Applied Risk

If you can hack it here, you can hack it everywhere! Developed by Applied Risk ICS/SCADA security experts, join our SCADA Capture the Flag challenge at the 9th annual HITB Security Conference to be in with the chance of winning prices. The winners of the challenge will have to successfully discover and report all known and unknown vulnerabilities within our test environments.

Do you think you have the expertise to spot a security flaw? Our SCADA Capture the Flag challenge will take plac eover two days at the event on 12th -13th April, providing those that take part with the knowledge and skills to successfully identify and report potential threats in real SCADA environments. We look forward to testing your SCADA security knowledge!


Chip-Off Village by VXRL

Come by the VXRL chip-off village and learn how to remove embedded eMMC chips for your own analysis. VXRL members will also teach you how to attack IoT/mobile devices to obtain privileges and gain access controls. In addition, some inexpensive JTAG/ISP and chip-off equipment will be made available for your testing and eMMC chips with circuit board kits will be made available for EUR10 for you to purchase if you wish.

Lock Picking Village by TOOOL Netherlands

Want to tinker with locks and tools the likes of which you’ve only seen in movies featuring police, spies, and secret agents? Then come on by the Lockpick Village, run by The Open Organisation Of Lockpickers, where you will have the opportunity to learn hands-on how the fundamental hardware of physical security operates and how it can be compromised.

The Lockpick Village is a physical security demonstration and participation area. Visitors can learn about the vulnerabilities of various locking devices, techniques used to exploit these vulnerabilities, and practice on locks of various levels of difficultly to try it themselves.

Experts will be on hand to demonstrate and plenty of trial locks, pick tools, and other devices will be available for you to handle. By exploring the faults and flaws in many popular lock designs, you can not only learn about the fun hobby of sportpicking, but also gain a much stronger knowledge about the best methods and practices for protecting your own property.


Soldering Village with Mitch Altman

Mitch is a hacker and inventor, most well known for inventing TV-B-Gone, he’s been a speaker at numerous hacker conferences, is an international expert on the hackerspace movement and teaches introductory electronics workshops. He has already taught over 50.000 people how to solder – from 3 year olds to grandmothers! Here’s your chance to learn how to solder one of Mitch’s electronic kits including the TV-B-Gone, Trippy RGB Waves, The Brain Machine but also all types of Arduinos and accessories!


 

Exhibitors

  • Hack In The Box
    • Get your HITB swag and other merchandise here! Come get some!
  • Beyond Security
    • Beyond Security’s SecuriTeam Secure Disclosure (SSD) can help you turn your experience uncovering security vulnerabilities into a highly paid career. SSD was designed by researchers for researchers and will give you the fast response and great support you need to make top dollar for your discoveries. We work with some of the brightest and most highly compensated people in the security industry and can help you advance your game – regardless of whether you are a beginner or have been discovering security issues for years.

  • The S-Unit
    • The S-Unit is uw offensieve partner op het gebied van Security. Wij kunnen u vertellen waar u kwetsbaar bent en doen dit graag vóórdat u er last van heeft.
  • Dark Matter
    • DarkMatter is transforming the cyber security landscape. Headquartered in the United Arab Emirates and operating globally, it is the region’s first and only fully integrated digital defence and cyber security entity developing, delivering and implementing next-generation cyber security capabilities.

      Our elite team of global experts deliver advanced, next-generation solutions to governments, enterprise, and other entities with the highest cyber security requirements. Innovation and Research underpin everything we do, and our vision is to “protect the future by securing its technologies.

  • Applied Risk
    • Applied Risk is focussed on critical infrastructure security and combating security breaches that pose a significant threat. Operating on a global scale, we work with a wealth of large organisations that rely on our expertise to safeguard their critical assets. Our proven experience of identifying vulnerabilities and security risks is based on methodologies honed over years of conducting assessments in industrial environments.Our engineering experience and cyber security knowledge proves invaluable in securing the critical infrastructures and industrial assets of companies across the globe. We understand the need to maintain secure and reliable control environments, working across a range of industries we deliver solutions tailored to asset owners’ and manufacturers’ security requirements.Industrial Control Systems (ICS) security is an engineering-based problem that requires an engineering-focused solution. Our offerings includes a wealth of engineering and technical assurance services, combined with comprehensive security assessments that cover the full spectrum of our client’s critical asset requirements while meeting industry standards.
  • Quarkslab
    • Quarkslab is a high-end cybersecurity company, highly skilled in vulnerability research and design of security solutions for a tailored level of defense.
  • Secura
    • Established in 2000 in the Netherlands, Secura is an independent, specialised security expert with offices in Eindhoven and Amsterdam. Our service lines are: Advisory & Audit, Security Testing (including penetration testing, Red Teaming and source code reviews), Certification Services and Training & Awareness.We help our clients take control of their digital security and are fully privately owned and not a reseller of any products or services, giving us the independence we require to provide our customers with high-value recommendations and knowledge transfer.
  • Facebook
    • Facebook’s mission is to give people the power to build community and bring the world closer together. Our journey is only 1% done.Our security team are focused on making Facebook a safe and secure place for the 2 billion people on our service to connect and share with each other. We’re fortunate to have some of the brightest security minds at Facebook, and they are working around the clock to help protect people’s Facebook accounts.
  • NIXU
    • Nixu provides cybersecurity consultancy and –services to help organizations identify and mitigate the risks of digitally connecting people, information, production, business and devices whilst complying with the applicable regulations.

      Our consultants offer their unique knowledge and international experience to customers in nearly every industry, and share their newly acquired knowledge and insights –as far as confidentiality permits- with the global community of cyber security professionals that Nixu is a part of.

  • Google
    • Information Security Engineering is a global organization responsible for Product Security and all-around hacking: breaking and fixing Google’s code, providing security reviews and advice to engineers working on thousands of different projects, working with third-party vendors to help Google outsource business functions securely, and carrying out cutting-edge security research. Our mission is to keep Google’s millions of users safe and secure.

      We work on a stunning array of different technologies: everything from hardware up through the software stack, including numerous different languages and frameworks.  The organization is made up of various sub teams or focus areas: API and framework Hardening, Red Team, Security Education, Security Test Engineering, Third Party Security, and Security Reviews.

      We are part of the broader software engineering organization at Google, and work closely with other engineers to help them produce more secure code. We perform security reviews for thousands of product launches every year. In addition, the ISE Red Team handles a large volume of Third Party Vendor and Acquisition reviews annually.  We also work on diverse software engineering projects, from creating robust sandboxes for untrusted code, Web application scanning and testing tools, through fuzzers, or tools for detecting attacks.

      AI / Blockchain Village

  • PolySwarm
    • PolySwarm is the first decentralized marketplace allowing security experts to build anti-malware engines that compete to protect consumers. PolySwarm incentivizes a global community of information security experts to disrupt the $8.5 billion cyber threat intelligence industry, providing enterprises and consumers with unprecedented speed and accuracy in threat detection. The PolySwarm market runs on Nectar (NCT), an ERC 20-compatible utility token. For more information, please visit https://polyswarm.io.
  • CloudSek
    • CloudSek is an artificial intelligence technology-based threat intelligence enterprise, which focuses on customized, intelligent threat monitors.

  • Wallarm
    • Founded in 2013, Wallarm provides its award-winning application security solution to hundreds of enterprises and SaaS providers worldwide. Wallarm’s hybrid architecture makes it uniquely suited for cloud applications and micro-services. Unlike legacy WAF solutions which require signatures and manual configuration of security rules, Wallarm uses machine learning to analyzes traffic and creates adaptive security rules to protect both applications and APIs. To help make security more manageable, Wallarm supplements passive protection with active verification of vulnerabilities to distinguish exploitable incidents from noise.  Wallarm is a privately held company head-quartered in Menlo Park, California and backed by Y-combinator, Partech Ventures and other prominent investors.

Communities / Hackerspaces

  • OWASP
    • OWASP is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software.
  • Peerlyst
    • Peerlyst is the place where information security pros go to share knowledge and build their professional reputations. With an audience of more than half a million, Peerlyst is the preeminent platform for spreading InfoSec news, asking a question, finding an expert, or offering product insight.

  • Random Data
    • Randomdata is group of people who want to do “technical” stuff. Randomdata is a hackerspace in Utrecht.
  • NULL Community
    • null – the open security community is a registered non-profit society in India. The objective of null is to spread security awareness, knowledge and assist government, private organizations with cyber security issues. We are an active community of information security professionals in Asia consisting of 11 chapters throughout India – Delhi, Chandigarh, Kolkata, Mumbai, Bangalore, Hyderabad, Pune, Chennai, Dharamsala, Ahmedabad and Bhopal and Three abroad – Amsterdam, Dubai and Singapore where we organize free monthly meets and workshops to share technical knowledge on security.

      null community is open, professional, inclusive, responsible and most importantly completely vounteer driven. We also run the most sought after security jobs portal – null Jobs (https://jobs.null.co.in), which is a free service for both job seekers and recruiters. We are a fun community to hangout with, come visit us to:

      1. Tickle your grey cells and solve hardware puzzles
      2. Volunteer to speak/present at our monthly null Chapters meets
      3. Join us for our Human Code Scanner challenges and WIN Goodies

      These challenges will consist of PHP and Java code snippets for testing your code review skills. There will be different security vulnerabilities hidden inside the code snippets. The challenges will be based on real life scenarios and that include vulnerabilities. Your mission will be to find out the vulnerable lines in the code snippets provided.
  • Bitlair / HITB NOC
    • Bitlair is the Hackerspace of Amersfoort Netherlands, some of the NOC (Network of HITB) crew will also be present to tell you about the local network with all it’s ins and outs.