Table of contents

Purpose of this document Codename Preamble Guidelines Time plan Before During Logistics Place Equipment Human resources Other facilities The CON Talk sessionns Challenges Special event Side events Aftermath Roles Affiliation Fund raising Extra links

Purpose of this document

This document should serve as an open agenda to help in organizing the first episode of a computer and network security-related convention in Egypt.

Codename

The codename for this project is CodeX
The final name is to be determined at a later stage.

Preamble

In today's world, as electronic transactions became an integral part of our life, it is no more a luxury to be aware of the possible threats and the way to counterfeit them. Awareness of the digital security basics is not optional anymore for the the common person to survive. Apparently only a small number of the user posses this awareness level, thus it would be of high importance to raise the awareness level of the computer users in Egypt to cope with today's world demands.

However, this wasn't exactly what I had in mind when I thought of CodeX.

CodeX is meant to be an event for those who are interested in topics related to computer and networking security to gather, exchange ideas, gain knowledge, meet up and above all chill out and have fun. As an immdiate byproduct to the atmosphere that should be created by such an event is an increase in the public's interest in the computer and network security and accordingly an increase in their security awareness level. Not only the public and the enthusiasts would benefit from the event, but also corporate and governmental bodies as it should expose the nature of the dangers they might run into.

Guidelines

Aims and goals:

• Have fun - For the technical and the non-technical, the expert and the novice, the black and the blue.
• Exchange knowledge - Through the talks or direct contact with others.
• Build relations - A chance for people of similar interests to meet up.
• Raise awareness - It is important to spread the security awareness among the public, clarify certain misconceptions and possibly more.
• Did I mention have fun?

Executive conceptions:

• Logistics - It should be self-contained with respect to the required resources and equipment. In case anythinig is outsourced, it should be
• Convenience - The event should be organized in way that is convenient both for the organizers, the host and the attendees.
• Fees - In case admission is not for free. (see Fund raising section)
• Theme - Should each episode have its own theme where the events would revolve around? (see Time plan: During section)

Processes:

• Registration - Should the attendees register? (see Time plan: Before section)
• Admission - There should be an efficient mechaism for admission. From my prsonal experience, admission is mostly messy in any organized event.

Events:

• Talk sessions - Invited experts or members should hols seminars about topics of interest which are related to the aims and goals.
• Challenges - A set of security challenging games where (registered?) attendees can take place.
• Special event - Some event that is related to the theme of the episode.
• Side events - Extra-curricular activity. Some social/intellectual event at the end of the con to winde up in a less technical and more relaxing way.

Time plan

The stimated duration of the con events is: 2-3 days.
It could be squeezed to a single-day event in case of resource shortage.

Before

Phase I: (brainstorming)
Estimated time: 1-2 months.

During this phase, a complete and thorough model of the event should be set including the aesthetics of the event. Things to be fixed include the resources, the structure of the event, the flow of the event and the back-ups and plan-b's.

Phase II: (web posting)
Estimated time: 2 weeks.

During this phase, the material discussed in phase I should be turned into web documents and posted on the official website of the event.

Phase III: (propaganda)
Estimated time: 3-5 months.

During this phase, the news is spread. A call for papers is announced (for those who would like to give talks) and online discussions regarding the fine stuff is put in the public domain. Also some small appetizers could be added during this phase (like small contests to design a logo for the event, a musical piece or a demo graphical animation).

At the end of this phase, the people who are giving talks should be notified and their appearance is confirmed.

Phase IV: (preparation)
Estimated time: 2 weeks.

During this phase, the physical preparation of the con arena is done, software test-runs should be performed and audio-visual equipment, network connections and power supplies are tested.

Believers are encouraged to pray for success.

During

Day plan:
Depending on the available resources and the rules of the place where the event is taking place, the daily hours should be determined.

The event will be very time consuming for the organizers.

In case of a 2-3 days event, the con should start around 09:00 - 11:00 and finish around 17:00 - 19:00. (~8 hours/day)

In case of a single-day event, the con should start around 08:00 - 10:00 and finish around 20:00 - 22:00. (~12 hours/day)

Talk session plan:
Each speaker will get the floor for a period of 20-30 mins, followed by a 10-15 mins period for questions or interaction with the audience.

After each talk, a small break of 5-10 mins is recommended with longer pauses (15-30 mins) every 3-4 talk sessions.

Challenge plan:
Depending on the nature of the challenge, it could run in rounds or in a timed manner.

Special event plan:
Depending on the nature of the special event, its plan will be determined.

Meanwhile, the special events I can think of could run in parallel to the challenges.

Side events plan:
Dpending on the nature of the side event, its plan will be determined. But as it is suggested to have social events as side events, they could either be done on a separate day or after the official CON hours.

Logistics

Place

A moderately big conference/convention center would be adequate. It has to have two halls. In one of the halls, the talk sessions will take place, while in the other the games wil take place. The place should be equipped to accommodate the noise level (equivalent to a small concert).

If the place could provide the necessary equipment, it would certainly be a plus.

Suggestions:

• El-Sakia

Equipment

For the talks:
The standard equipment for seminars including a projector, power source, lighting system, audio system, board panel, enough seats for the audince, good protection from sun rays, good level of outer noise shielding.

For the challenges:
Enough computers (depending on the number of players per game), networking facility, enough power sources, enough room to accommodate for the audience, audio-visual equipment (to show running game scores, broadcast DJ's music, intermission shows).

For the special event:
This will depend on the nature of the special event.

For the side events:
This will depend on the nature of the side events.

Human resources

Anybody who has experience in organizing events is encouraged to help?

Other facilities

As the event will take place over extended periods of time, some facilities should be available for the convenience of the attendees and organizers as well. These facilities include food, beverages, restrooms, smoking area, prayer area, social lounge, (wireless) internet connection.

The CON

Talk sessions

If the concept of the theme is adapted (i.e., every episode of CodeX will have a central theme), then the talks should follow that theme. For instance, if the theme of the first episode is WiFi, then the talks should be related to the different aspects of that topic; WiFi concepts, WiFi attacks, flaws in wireless access protocols,... etc.

Other than this, the following is a list of the possible topics for the talk sessions:

• Security@home
• WiFi (in)security
• Topics in exploiting
  • platforms
  • Web Services
  • VOIP
  • ...
• (Anti-)forensics
• Tools
• Phreaking
• Exploit/product demonstration
• Social engineering
• Legal issues/Digital crime penalties
• The e-government
• Business and market studies
• DIY/happy hacking
• IPv6
• Cryptology
• Modeling threats

Challenges

I do have some worked-out possible gaming schemes (plots include: web authentication, simple cryptography, forensic analysis, securing running services and remote exploitation).

Many of these games need to be coded still!

The official challenges results should be posted on the web after the event is over.

Special event

In case the theme concept is adapted, the special event could related to the theme. For example, if the theme is WiFi, then the special event could be designing the coolest WiFi gadget.

In case no theme is adapted (or the special event won't be related to the theme), several ideas could be implemented:

• Best home-made coffee/juice blend (inspired by coffee wars)
• Oldest, but still working personal/home computer
• Coolest home-designed computer gadget
• Best hand-sewn/tricot computer cloth
• Home-made robots

In any case, there should be a jury committee who would decide on the best applicant at the special event and two runner-ups. The results should be posted on the web after the event is over.

Side events

A non-technical and more social event. The main goal to relax and get a btter chance to know the newly acquired frinds away from the keyboards and the power cords.

Possible suggestions could include:

• Trip to one of the local places (museum, monument, park, garden,... etc).
• A felouka ride.
• Eat-out.
• Desert trip.
• A ball.

Aftermath

In order to sustain the event, a proper method to record the progress and development in each stage should be implemented so that after the event is over, these data could be retrieved and analyzed. The analysis could be used to suggest enhancements/modification for the following event.

A feedback system should also be availbale for the event attendees to leave their comments.

Roles

As much as everybody should be encouraged to participate in all stages of the event, but committment is required to get things done properly. The following are the possible roles and participants who feel like taking the responsibility for a particular role, should write down their names next to it.

Affiliation

The event could be carried out with the support of several organizations, institutions, companies and individuals. Relevant affiliation should be seeked.

Fund raising

The event could be supported financially in different ways including: donations, advertizing and admission fees.

Extra links

DEF CON - Largest hacker convention in the US.
Black Hat - Another world-wide convention.
ShmooCon - A modern convention with focus on new technologies.
Info Security - A global IT security conference.
Coffee Wars - No cream, no sugar, straight up.