This was my first experience attending a cybersecurity conference, and I had an amazing time. From the blog title, you know I went to the HOPE (Hackers On Planet Earth) conference at St. John’s University in Queens.

H.O.P.E. is known for being one of the most creative and diverse hacker events in the world, happening since 1994. The event lasted three days, but I was able to attend only two. Nevertheless, it was still worthwhile.

I wish I could have attended every talk, but that would have been impossible. Instead, I’ll share some insights I gained from the talks I did attend!

Some Merch

Saturday (7/13/24)

The first talk I attended was “Love, Hackers, and Robots: A Reflection of My First Year in the Biohacking Community” presented by Karen Ng. This talk was fascinating—I didn’t even know there was a community of biohackers. Karen shared her experience with her RFID implant, the types of things she can do with it (like opening her door by waving her wrist), and her implant surgical experience. I’m looking forward to the future developments from this cool community; we might all be cyborgs one day.

The second talk was “Popping S(h)ells - Hunting for Vulns in the Stock Market,” where the speaker, Eric Bryce, explained how market manipulation works and certain vulnerabilities that bad actors can exploit. Most likely, these bad actors will get caught eventually if not immediately. I gained a better understanding of how markets work.

The third talk was “The Fundamentals of Veilid: cDc Breaks the Internet, and You Can Too!” Paul and Katelyn, both members of cDc (Cult of the Dead Cow), explained the whys and hows of the Veilid framework and how this technology can provide a more secure future. Veilid allows anyone to build a distributed, private app. The framework is similar to TOR but faster and designed from the ground up to provide all services over a privately routed network.

The next talk was “BADBOX: Behind the Scenes of an Android Supply-Chain Attack,” where the speaker Bill talked about malware that was coming pre-loaded on Android set-top TV boxes from places like Amazon. This malware allowed botnet controllers to establish a residential proxy using the infected devices’ Internet connections, making traffic originating remotely appear as though it came from the set-top box buyers.

“EOL… RLY? Ending The Epidemic of Bricked and Abandoned Stuff” covered the issue of end-of-life (EOL) devices and what happens when companies no longer provide services for those devices. These EOL devices are often used by cybercriminals to launch attacks such as botnets. The speakers discussed possible solutions and why the right to repair is crucial for the future of IoT devices.

The last talk I attended on Saturday was “Tales From the Crypt… Analyst: The Afterlife,” by speaker Jeff Man, who was the principal architect of the first NSA “Red Team.” He talked about the early days of internet security and the first-ever software-based cryptosystem. I particularly enjoyed this talk and had been looking forward to it since I watched Jeff’s episode on “The Team House.” I highly recommend it. Here is the link:NSA “RED TEAM” Hacker | Jeff Man

Sunday (7/14/24)

“Harvest: The Most Interesting Computer You Never Heard Of” Speaker Peter Capek talked about a one-of-a-kind machine that was built by IBM for NSA for cryptanalysis and text processing. Very few selected people were able to operate Harvest. The majority of staff members were not allowed to see this computer, so much information regarding it is still unknown. Harvest ran from 1962 until 1976, and its architecture has never been implemented since. After the event, doing my own research, I learned that the programmers who maintained Harvest were not allowed to see its output. The Harvest printer was kept covered with a black cloth, and only NSA staff were allowed to access it.

“Safeguarding Secrets: Homomorphic Encryption for the Curious Mind” Speaker Vikram Saraph talked about a new emerging technology called FHE, which enables computation on encrypted data without the need to decrypt it. The future of FHE involves performing complex tasks on encrypted client data without the data ever being revealed to the party providing the service. I learned something new about homomorphic encryption, the benefits, and the limitations we are currently facing with this technology.

“Enshittification: Why Everything Suddenly Got Worse and What to Do About It” was an insightful and very funny presentation. Speaker Cory Doctorow explained the cons of digital services and how we can reverse these decisions to make the internet more suitable for the future.

Besides presentations, there were also plenty of workshops to attend, such as Learning to Solder, Creative Problem Solving, How to Negotiate a New Job: Resume and Interview Techniques, An Introduction to Tmux, Physical Security Assessments for Internal Employees, and so much more that I am probably forgetting.

Overall, it was a great weekend. I wasn’t able to attend Friday because of work obligations, but next year I will definitely attend all three days and visit more workshops and villages!

Recommended books!