Off-by-one conf. 2024 & Singapore.

2024-07-28

The conference

I went to the inaugural Off-by-one cybersecurity conference around July of 2024. It was a really fun experience, gave a great perspective about the international security industry and introduced me to some really cool individuals. A lot of high quality talks on Browser, Windows (Win32k, clfs) and Android (Samsung pre-boot compromise) exploitation with some Chinese EDR perspectives for in-the-wild exploit monitoring and detection, Web, IoT and meta-cybersec sprinkled in. Every other person was from a company that provided 'VR/N-Day as a service'.

Including what I would consider the buzzword-packed AI talk by Alfredo Ortega which has to be the most unintentionally funny thing I have ever seen, whos existence has unfortunately since been completely scrubbed from their Agenda, Speakers, Slides, and Recordings archive—something I would have considered a shitpost if I hadn’t been there in person. Probably the first instance where AI has contributed towards making me happy.

The conference organizers were kind enough to include the unlimited post-lunch beer/wine session on both of the days. I had no complains about the meals and snacks that were arranged by venue either.

The conference badge was a pretty kawaii, octopus-shaped board running ESP32 along with an Arduino(?) co-processor.

The badge contained six CTF challenges of which we solved one (a hardware RNG manipulation challenge; which we (mis)interpreted as a firmware reverse engineering challenge and solved it by going through micropython stack machine/bytecode spec and then understanding the flag construction via the disassembly). The intended solution to that challenge as well as challenge 6 would have been un-approachable regardless due to copper theft being illegal in Singapore. We spent about an hour solving that challenge and subsequently decided to take it easy as we had not yet discovered the python repl or the guess-tier flags.

There was plenty to do during the breaks thanks to the several 'Villages' set up right outside the conference hall- including a stall from Amateur Radio Society of Singapore, a locksport corner, a table that sold tiny soldering irons and allowed you to practice your soldering.

The lock pick set I bought:

Very cool radio that has a surprisingly large custom firmware community:

Food and drinks

• Noodles with fish & coconut curry at our hotel
  
• Ramen with pork dumplings at Din Tai Fung
  
• A pretty good highball
• TODO: Muji soup

Tourism

View from the ferris wheel that overlooks the Formula-1 race track:

Other:

Misc

Me resisting the urge the buy an overpriced Hatsune Miku figurine:

Here is a kiosk(?)-on-a-wall I found outide the restroom at Changi Airport that I glitched into giving access to the Ubuntu desktop. The hardest part was getting it to register my hovering finger while trying to avoid touching the (probably) piss covered screen.