Kiwicon X - the closing

10 December 2016

Kiwicon is a well respected New Zealand conference run by some of the most passionate security professionals around.The sheer effort put into the conference shows with pyrotechnics, CTFs and movie nights. This years conference, Kiwcon X was particularly special as it marked a decade for the Kiwicon crew.

Having never attended before, when the opportunity arose this year, I jumped at the chance.

I flew into Wellington, New Zealand the Sunday before the week of Kiwicon. That night a 6.3 magnitude earthquake struck. Having never experienced an earthquake before the situation was surreal. The aftermath however had the city scrambling to recover.

The organises of multiple meetings and conferences that week did a fantastic job of keeping everything running with basic infrastructure unavailable. How they managed to pull it off I’ll never know.

The conference was superb, top notch talks and entertainment. My favourite had to be Out of the Browser into the Fire: Exploiting Native Web-based Applications where-by Moloch & Shubs took native applications which embed webkit and injected JavaScript to create proof of concept worms. Further details can be found in their Github repo named The Little Doctor.

Ryan and Jeremy took their talk Contactless Access Control to serious extremes. They pulled apart a capacitive touch to exit button and built an electromagnet gun to try and trigger the device. Although they didn’t manage to achieve the distance they wanted they were able to get it to trigger from 15cms away with some terrifying electronics.

Metlstorm announcing no further conferences

Unfortunately the organisers made the tough decision to not continue with Kiwicon. The effort and financial burden became too much for themselves and their families. Disappointing but understandable as with most hacker conferences they eventually grow to breaking point. Good to end on a high note I say.

So thank you Kiwicon, I may have only attended one but you went out with a bang and set the bar for security conferences around the world.