Kiwicon is a well respected New Zealand conference run by some of the most passionate security professionals around.The sheer effort put into the conference shows with pyrotechnics, CTFs and movie nights. This years conference, Kiwicon X was particularly special as it marked a decade for the Kiwicon crew.

Having never attended before, when the opportunity arose this year, I jumped at the chance.

I flew into Wellington, New Zealand the Sunday before the week of Kiwicon. That night a 6.3 magnitude earthquake struck. Having never experienced an earthquake before the situation was surreal, looking into store windows and seeing mannequins everywhere. The aftermath had the city scrambling to recover.

Mannequins after earthquake

The organisers of multiple meetings and conferences that week did a fantastic job of keeping everything running with only basic infrastructure unavailable. How they managed to pull it off I’ll never know.

The conference was superb, top notch talks and entertainment. My favourite had to be Out of the Browser into the Fire: Exploiting Native Web-based Applications where-by Moloch & Shubs took native applications which embed webkit and injected JavaScript to create proof of concept worms. Further details are in their Github repo: The Little Doctor.

Ryan and Jeremy took their talk Contactless Access Control to the next level. They pulled apart a capacitive touch to exit button and built an electromagnet gun to try and trigger the device. They managed to trigger the device from 15cms away with some terrifying electronics.

Metlstorm announcing no further conferences

Unfortunately the organisers made the tough decision to not continue with Kiwicon. The effort and financial burden became too much for themselves and their families. Disappointing but understandable as with most hacker conferences they grow to breaking point. Good to end on a high note I say.

So thank you Kiwicon, I may have only attended one but you went out with a bang and set the bar for security conferences around the world.