5+1 Reasons Why You Need to Go to REcon

Ophir Harpaz
5 min readJun 21, 2018

Two months ago, my dear friend Carine-Belle sent me a tweet by Women In Tech Fund. The organization was giving five tickets to REcon — an annual reverse engineering conference held in Montreal — to five women whom they would find most suitable.

I decided to give it a shot and apply. So I sent the fund an email telling them about how I had started reverse engineering and why I thought this conference and I would make a good match.

About a month later I received a very exciting email. I was going to REcon.

This blog-post is not technical. It merely tries to motivate you to go to REcon if you ever think about it.

Some documentation of my trip (I should probably call it a diary) appears on Twitter and tagged #mytriptorecon. You are more than welcome to take a look.

1. There are great talks.

REcon is a three-day-conference where each day consists of about 8–10 talks. Well, I am not going to lie and say that all of them knocked my socks off, but many of them were truly worth the time.

There were talks about pure, hardcore reverse engineering. The opening talk by Alexei Bulazel was such, showing a detailed analysis of Windows Defender’s file emulation module.

A speaker may as well present some new tool, as Romain Thomas did with his neat-looking LIEF project. This Python library allows you to instrument executable formats: modify headers, add or remove sections, patch imported address tables etc.

K. Reid Wightman and Jimmy Wylie described a high-scale research project involving both hardware and software reverse engineering. This talk was very technical and was aimed at experienced reverse engineers. For me, however, it was mainly about how a reverse engineer should overcome obstacles along the way and not give up when things seem to be going the wrong way.

My favorite talk was without any doubt the one of Mark Lechtik and Michael Kajiloti from Checkpoint. The two presented their fascinating investigation of a North-Korean antivirus which illegally reused a Trend Micro file-scanner. It was literally impossible for me to stop listening to these guys.

All in all, the talks can give you a clue on what the RE landscape looks like nowadays or provide you some ideas for side projects. Personally, the talks inspired me to do cool stuff and use new tools to make my work more efficient.

2. The people are fantastic.

You’ve probably heard many times about the benefits of networking: You get to hear about jobs different than yours, meet reversers with different backgrounds and create connections for potential future cooperation. Attending REcon, you will surely find people with a common interest and only that by itself makes the event worth it.

However, putting the professional aspect aside, the people I met in REcon were just super smart, talented and nice to hang around with. I loved how I could both talk “work” with them — consult about RE, chat about malware, etc. — and at the same time share a great laugh, exchange life experiences and stories and have a drink together.

3. You are exposed to new technologies.

On the second day of the conference, I found myself in a meeting room watching a semi-private demo of REVEN — a product for dynamic analysis made by a French company named Tetrane. I found some of this software’s features and capabilities very exciting: the quality of the recorded data, how easy it is to time-travel through the trace or find interesting points for analysis, etc.

Familiarizing yourself with different products in the market makes you a better researcher, one who is aware and critical of tools that are designed to be integrated into your daily work and facilitate it.

4. You get opportunities.

Right outside the conference hall there was a booth of a company named Red Balloon Security. The guys were handing out cards with a sequence of hexadecimal characters on them. I decided to try to solve the challenge, namely, understand what this hex data meant.

Once the mission was accomplished I went back to the booth to submit my solution. The person, in response, asked me what my favorite hack was. Since I can count the number of hacks I know on one hand, I immediately told him about how I hacked Minesweeper 😉

As a reward I was handed a shiny new hard-disk which was yet another hacking challenge. By solving this one, you can get a job interview for Red Balloon Security in Manhattan.

Now I don’t know about you but I find it exciting.

5. Training will smash your brain. In a good way.

Apart from talks, REcon accommodates a variety of technical training sessions. These trainings are not considered part of the conference itself and require a separate ticket.

A training is typically a couple of days long and it covers a certain topic in depth: Malware reverse engineering, Vulnerability discovery, Windows rootkits and many more.

I was lucky to be able to attend one and a half days of Alex Ionescu’s training “Windows Internals for Reverse Engineers”. For me this was a total mind-blowing experience. The amount of material taught was (for me) tremendous, but it was taught so well that I would not change a single thing.

6. We need more women there.

Now for some numbers:

  • ~600 people attended REcon 2018. I don’t think I saw more than 20 women (4%) around. And I’m being generous here.
  • Out of 41 speakers, 6 were women.
  • 3 women took the Windows internals training.
  • In about half the hangouts, I was the only woman at the table.

We don’t have enough women in this industry and that’s a hell of a resource loss. Let me put once again the professional arguments aside and confess — I wish I had more females to talk to, to be inspired by, to learn from, to compliment for their extraordinary work. There just weren’t enough.

This year, Bruce Dang saved tickets to his training for women. Nicolas Brulez will give three free tickets to his next-year training to women who will solve his crack-me exercise (oh and start preparing now because I am in for the challenge). Women in Tech will probably once again give away free entrance to the conference.

There are no excuses anymore.
If you’re a woman, in security, doing reverse engineering — go to REcon 2019.
And if you’re a man, in security, doing reverse engineering — do exactly the same.

--

--

Ophir Harpaz

@ophirharpaz on Twitter. Security researcher at Guardicore. Reverse engineering enthusiast. Author of https://begin.re.