The atHack conference in Saudi Arabia’s Riyadh, where I presented my Mobile Malware Mimicking framework (m3). The event lasted three days, from the 28th of November until and including the 30th. It was the second physical conference I attended since the pandemic started, the first being Black Hat Europe, which I wrote about previously. In this blog, I will reflect on similar topics, starting with my general overview of the conference, the taken COVID measures, the arsenal, the briefings, the CTF, and the business hall.
Table of contents
It was great to finally meet people who I only knew from chat groups. The 971sec community provided a very warm welcome. I met up with Rami Shaath, who showed me around and introduced me to other people who I only knew by name. This way, I also met-up with Mohammed ‘Voulnet’ Aldoub, with who I chatted before on several occasions, but had never met in real life either. It was a pleasure to meet everybody, and to learn more about the local culture.
Aside from meeting new people, it was my first time in the Middle-East. The hospitality is amazing, and I cannot express my gratitude for those who showed me around, suggested specific dishes to try, and took me to a shisha lounge with delicious food. The image below shows a group picture at the lounge on a rooftop, which is a memory I will cherish deeply.
The conference was very well organised. The travel to Saudi Arabia, as well as transport from and to the conference venue, was smooth sailing, even with the added COVID restrictions. The arranged hotel was beyond what I imagined. The breakfast was delightful, as was the room itself.
As a courtesy, atHack provided a PCR test to all speakers prior to leaving Saudi Arabia. The swab was taken at the hotel room, based on our own preference and schedule, and the result was shared within 24 hours.
The talks that were given at the briefings and the arsenal are discussed in more detail below, but overall I had a blast at the conference, and I hope to visit it again in 2022!
I would like to thank Faisal, Mike Champion, Rachid Harrando, Ayah, and the rest of the organisers for hosting such an incredible event. Additionally, I’d like to thank the 971sec community for the very warm welcome, especially Rami Shaath.
Masks were mandatory in quite some places, and the spacious lay-out of the venue, shops, and restaurants made social distancing very well possible. Additionally, one had to show proof of vaccination to enter Saudi Arabia when coming from abroad.
The conference venue was a large hall with plenty of ventilation to bring in the fresh air. Seats (and bean bags for the arsenal area) were placed with distance between them by default. As such, I felt that it was possible to safely attend the event, given the circumstances.
Originally set-up to allow three presenters to present simultaneous, the schedule had to shift a bit as it was reduced to a single presentation at once. Since several of the presentations I wanted to attend were put in the same time slot, this change was rather convenient for me.
As I was scheduled to present in the first batch of three, and since my set-up worked from the get-go, I was the first to present in the arsenal area. The crowd that formed was very engaged, and asked insightful questions afterwards. My second presentation, on the second day, was very similar to that. I really enjoyed presenting in front of people again, rather than in front of (and towards) a computer screen. The questions I got based on the presentation, both directly after, as well as later on, help me to more clearly shape and explain the concepts in the talk.
Upon my arrival at the airport, I saw Daniel, Simon, and Pete from Punk Security again, who I first met at Black Hat Europe 2021. Their presentations regarding SMBeagle and pwnspoof were as hilarious as the time I spent with them at breakfast in the hotel.
Additionally, I met-up with Patrick Wardle, who gave several presentations about his collection of tools. After both our presentations, we took a picture on-stage, together with Faisal (who co-organised the arsenal with Rachid), and the excited crowd.
I also enjoyed meeting Moritz Raabe, who presented about both CAPA and FLOSS. Seeing the face behind the tools I use regularly is always interesting, and we had a good chat from the conference to the airport.
At the end of the last day, prior to leaving to the airport for quite some of us, it was time for a group picture. One of them can be found at the very start of this blog, and the other group picture is given below.
The most interesting briefing I attended was regarding the
Extraction and Analysis of Fileless Malicious .NET Assemblies from Memory Dumps by Mohammed Almodawah. It covered the modus operandi actors use when infecting IIS servers, as well as a tool to obtain in-memory files from a dump.
Strange as these pandemic times may be, I met up with a friend in Saudi Arabia, even though he also lives in The Netherlands. It was the first time I saw Khaled in quite some time, given that COVID situation in The Netherlands has restricted in-person meetings and events quite a bit. It was great fun to have a chat and have a drink.
The CTF area was huge, one of the biggest physical game areas I have seen to date. New challenges were announced on the big screens in the middle of the area. Aside from quite the prize money, nearly 190 000 USD in total, split between the top five teams, there were giveaways of smart watches and laptops to lucky CTF players at several times during each day.
The business area was way bigger than I expected. The business hall split the Arsenal area from the briefing and CTF area. There were dozens of companies at the numerous booths, with spacious pathways between them. This provided the opportunity to chat with people for business that wasn’t related to any of the nearby booths without blocking the pathway, and while maintaining a safe social distance with regards to COVID. Scanning of the QR code on my badge was only done with explicit permission, which I very much appreciate.