Learning from the best: Attending AllStars 2019


This year's AllStars took place in Amsterdam in September, alongside the two-day Global AppSec conference. The event offers a full day of the best hand-picked lectures from top speakers and researchers in the field of information security. G DATA virus analyst Karsten Hahn was there and presented tips and tricks on ransomware identification. He summarises his impressions for the blog here.

The Global AppSec conference is aimed at developers, with the objective of increasing security on the World Wide Web. The conference is organised by non-profit organisation the Open Web Application Security Project (OWASP). An extensive programme of lectures with slots running in parallel was offered to the guests in Amsterdam on the 26th and 27th of September 2019. Around the hall, various sponsors and organisations presented their current product offerings. A small highlight for me was the Retrospiel (Retrogame) Station, where I found an old game from my childhood: “Gods” from 1991. It was as hard as I remembered it being. As is usual at most conferences, we were kept well fed and watered: At lunchtime there were several buffets to choose from. Drinks were also available, but only for lunch and coffee breaks.

It was a great honour for me to be a speaker at AllStars 2019, which took place at the same time. Unlike regular conferences, you don't apply through a call-for-papers - the organisers choose the speakers instead. I attracted attention with my article “Ransomware identification for the judicious analyst” and was invited by Dr Mario Heiderich, organiser of OWASP and head of Cure53. I spoke at AllStars about methods of identifying ransomware. As this was my first conference lecture, I was noticeably nervous. The questions afterwards showed that the topic met with interest. Mario Heiderich also praised my presentation.

Overall, the AppSec conference is very much focused on the WebSecurity area. Visitors who are interested in XSS, JavaScript and browser bugs will get their money's worth. The lecture topics at AllStars were more of a mixture. Topics that belong to the low-level range, such as the very good lecture “Fun with KMS” about Linux Kernel Samepage Merging, are few and far between and unfortunately get too little attention.

Expertentreff für Web-Security

The final talk at AppSec was given by Mario Heiderich. This was an extremely amusing talk about the history and future of IT security. Some of the ludicrous visions of the future came to the speaker in a dream. This talk was brought to life by things such as audience participation. Each table in the hall had a number of foam rockets to fire. There were also tickets for a boat party for the funniest comments and most creative audience questions. The hail of foam rockets at the end was an appropriate conclusion for IT security enthusiasts.

The AllStars speakers event was exceptionally good. It startet off with a 7-course menu and bar visits and culminated in the aforementioned boat party with a drag queen show, which attracted several AppSec attendees as well. Thanks to the programme, it was easy to mingle with other experts. For example, I spoke to Aron Wussler and Daniel Huigens about Protonmail security and encryption.

All in all it was a very good experience. As a speaker, the conference is highly recommended. As a guest, it’s of particular interest to web security enthusiasts.

from Karsten Hahn
Principal Malware Researcher