StirTrek 2017 Review

I can’t believe another year has come and gone! This was my fifth year at StirTrek and it was a doozy. This year we had a new venue, a new bussing system, new food, new sponsors, a new ticket price, the list goes on! As always though, there’s some room for growth.

In my review this year I’m going to do things a little different. I’ll be focusing on two things. The sessions content, and my opinion on if what was given was worth the ticket price. I stress my opinion because everyone has different experiences. I can only report on what I saw and heard. With that, let’s get started!

Was the Conference Worth $100?

Well in short, yes. I struggled with this rating because there were some HUGE hangups on noise problems. Even considering that though, the food was abundant and awesome. You get a movie at the end, with seemingly endless popcorn and drinks. Oh and the sessions I attended were the best I’ve seen at Stir Trek.

The Cons…. I hope that Jeff Blakenburg takes it to heart when I say, the noise bleeding SUCKED. It was horrible. I made it a point to sit next to the audio speaker and there were still points where I couldn’t hear what the session speaker was saying. This was almost a deal breaker for me and I overheard a ton of people complaining about it. If you want to fix anything for 2018, fix this… also, I heard 4 out of the 6 speakers I saw mention their demo being handicapped because of wifi… We need to fix the wifi issue. It’s gone on too long.

I was also a little annoyed that they raised the ticket prices to $100. I go to a lot of conferences every year and there’s three day conferences that aren’t much more than this one day conference. If you want to charge that much for a ticket then please make sure that EVERY SINGLE SPEAKER is putting up cutting edge content. There’s no excuse at that ticket price to be sitting in a session that I could see 100 variations of on youtube.

Okay that’s all the gripes.

So based on my scoring, the conference is currently worth 80% of the ticket price.

Here’s how I broke it down

Each category got a max of 33% per session. At the end I summed each category and then averaged them at the end. As you can see there’s some room for growth on the noise and seating. The sessions I attended though were spectacular. Those speakers should believe it to because I have no filter. I would shred your session if it sucked haha. Really though, all of them were awesome.

So if the final conference score was an 80% how can I say it was worth the $100 ticket price? Well remember that table doesn’t include a score for lunch and a score for the movie experience. Including those, you’re getting way more bang for your buck.

So should you attend next year? If you haven’t gone, absolutely. If you have but are on the fence about the noise, I don’t blame you. Will I attend? Ehh It’s hard to say at this point. I’d like to see some real effort on fixing the noise bleeding.

Now onto the sessions!

Session #1:

Image Recognition API Cage Match – Jack Cox @_jack_cox

Let me start by apologizing to Jack, this was the best photo I could get of your session slides. That said, amazing session! I’ve been interested in image apis since I got started in software development. It was always a miracle to me how OCR worked. In fact my first job was at a company who’s entire backbone relied on OCR tech. So needless to say, I was interested.

Jack broke his session down into multiple sections. There were sections on OCR, face recognition, object recognition, identifying NSFW images and more. What I took away from this session was that when the software works, it works well. However, if you distort a face by flipping it upside down that it all comes crumbling down haha.  This seemed to be the case with all of the image recognition systems he described.

Jack also gave some great advice on how to train your own image recognition engine. There was a really great story he told about how some scientist were trying to train a weapons system to identify tanks. They made it so it could identify a tank with the photos they had but when they got out to the range it didn’t work. It turns out they trained it with images that had shadows from the tank but then went to the range on a cloudy day so there were none. This just goes to show that this is not an easy problem to solve and that we’re probably still safe from time traveling murderous robots.

Jack was well informed on this topic and I would totally go see him again.

Session #2

Using EEG & Mach. Learning to Perform Lie Detection – Jennifer Marsman @JenniferMarsman

This was a really fun session. Jennifer is a very animated speaker and was very easy to listen to. I’ve done a bit of public speaking and teaching in the CIS world and let me tell you, turning ANY CIS topic into an interesting presentation is a godly skill. Excellent work on her end.

Jennifer’s presentation was on this EEG machine from EMOTIV. I’ve actually been curious about this device for a while for a personal project I’ve been researching. So this session was a no brainer for me 😀 #Puns

This device reads 14 data points on your head (without having to shave it from what I can tell) and outputs that data in a usable format. She elluded to the fact that there wasn’t a good live data integration though :-/ For some reason she had to dump the data to a CSV file and then import it into her application for analysis. This would be a deal breaker for me if I actually decide to continue with my project. I tried to ask Jennifer near the end about the SDK but she was swept away by other attendees haha.

If I get a chance I will look into how their code is written. If it’s in a .NET format, I should be able to decompile it and see what proprietary deserialization they’re doing from the bluetooth device and replicate it in my own code.

Jennifer was able to, somehow, calm herself on stage to provide a base reading to the headset. Then she moved a cube with her brain! Most women would say that they’ve been able to control men for years with just merely their brain so this isn’t that impressive but it sure was awesome to me!

After her cube experiment she went into detail about how she conducted experiments on her husband and boss. I found these pretty interesting. I would have liked a little less hand waving on the algorithms used to calculate the the confidence scores though. That said, she’s a way better speaker than me so she probably left it out for a reason. Maybe post it?

Finally, I was happy to see a practical use of Azure in the wild. It seems like every single conference there’s some Microsoft drum thumper that tells you all the reasons you should use Azure without really giving any good examples.

I’M SICK OF IT MICROSOFT! STOP IT! 

Jennifer did an excellent job showing a practical use of Azure that MAKES ME WANT TO HAVE AN AZURE ACCOUNT… You see how that works Microsoft?

Anyhow, at this point I’m rambling. I would totally go see Jennifer speak again and I’ve already followed her on twitter. I’m very interested in seeing what other work she produces.

Meanwhile, in the halls of StirTrek…

Session #3

Containers for Windows Developers – Michael Collier @MichaelCollier

Okay so I’ll be honest about this. The only reason I went into this session was because I didn’t see others I wanted to attend in this time block. That said, Michael didn’t disappoint.

The thing I mainly wanted to get out of this session was, what the hell are dockers and containers… If I accomplished this I was going to be happy. In the past I had heard of these before but never really gotten a chance to use the privately or professionally.

Thankfully thankfully thankfully I went to this session. These things are cool! I would describe them as lightweight VMs. They start super quick and you can share them!

Michael did a great job showing practical (not boring) live examples. He gave me the tools I needed to go out and learn more on my own and I certainly will. I want to see if I can use these to build vulnhub style vms. I don’t know if it’s possible but it would be nice if I could spin a vulnerable vm up this fast and it be this portable.

I wish I could say more about this session but a lot of it was new to me so I spent more time listening and less time taking notes on the content. Great work though!

Session #4

Securing Data in Motion On The High Seas – Brett Whittington @BrettTheWhitt

So when I initially saw this session I (wrongly) assumed it was going to be another SUPER watered down, half baked infosec talk on why you should talk your company into using HTTPS.

Wow wow wow was I wrong. Brett is an AWESOME speaker and anyone in the infosec community that wants to learn how to present to non-infosec people should take a note from his book.

Brett did an excellent job conveying the different types of secure connections, what’s insecure and why, how to tell what’s insecure, how to use SSL labs to check if you’re server is configured properly, he even mentioned let’s encrypt! I was super impressed with all of this. The content was very consumable and informative.

The only thing I wish Brett would have focused a little more on is Let’s Encrypt. I use this service and it’s SUPER easy (and free) to configure a SSL cert for your site(s). This is absolutely the only critique I have though.

Keep up the great analogies and I’ll see you on the High Seas, Arrrggg

Micro Coding Competition Anyone?

Session #5

Learning to Learn From Disagreement – Tommy Graves @TAGraves

So every year, whenever I go to conferences, I always pick at least one session that’s totally out of my wheelhouse. Usually it’s something to do with design, because, you know, I’m an engineer and I suck at design. This year though I saw this session and I couldn’t pass it up.

Now I’d be lying if I said I didn’t partially want to go to this session in order to gain a strategic advantage over my girlfriend in arguments. That wasn’t my ONLY reason though. Disagreements in the workplace happen all the time. Trust me, having spent 6 years in the Army as a Police Officer, most of which I was a SGT, arguments happen in the workplace lol.

Tommy was very entertaining to listen to. I was able to take a lot away from this session. Shockingly, he didn’t say that one way to learn from a disagreement was to dig your feet into your position deeper and ignore all logic and reason :-/ hmmmmm

One take away from this talk is “Disagree and Commit” I think he said that if you’re having an argument with someone in the workplace and you can’t get around it, agree to disagree and commit to moving forward. Maybe it was disagree and commit to not punching each other in the face…. I don’t remember. Either way, great session. Tommy is very talented and I’d love to see more of his work.

Session #6

High-Speed Bug Discovery With Fuzzing – Craig Stuntz @CraigStuntz

Wow, talk about saving the best for last! This was an excellent session and if you missed it, hang your head in shame and disappointment. Being an engineer that’s breaking into the infosec field, I’m no stranger to fuzzing. This session was NOT your daddy’s fuzzing though…

Craig just opened my eyes to something I never even knew was possible. Like holy shit opened my eyes… When I think about fuzzing I think “Create a random string, stick it in some field, see if it breaks”  not, figure out where things are in running memory and apply bit masks to see if things break. Seriously, wow, what an awesome way to test.

I’m super intrigued by his work and I plan on looking into the .NET testing library he’s working on.

Craig was a great presenter and I would absolutely, with out a doubt, go see him again. Probably for this same exact session lol.

Summary

Well I can’t believe it’s over but it sadly is. #StirTrek 2017 was a great time. There’s some room for growth but there’s also been a ton of improvement done. Excellent work to all the people that put this on and a huge thanks to all the speakers. See you next year!