GOHack23: A first in the world of cyber security
From November 30 to December 2, 2023, GOhack23, a joint initiative of GObugfree and the Fernfachhochschule Schweiz (FFHS), took place in Zurich. This unique event combined a symposium, bug hunting and education track and brought together a diverse group of participants. Professionals, enthusiasts and newcomers alike came together on this comprehensive platform for sharing and learning about cybersecurity and ethical hacking.
GOhack23: A meeting place for diversity and expertise
The event aimed to bring together a broad spectrum of cybersecurity experts, newcomers and interested parties. Participants were given direct access to experienced professionals and practitioners in the field of cybersecurity. These experts offered insights into different aspects of cybersecurity from a range of perspectives, providing a valuable learning opportunity for participants. At a time when cyberattacks are commonplace, GOhack23 provided an opportunity to discuss and share strategies for improving digital security. While new talent learned more about entry paths and career opportunities in the industry, experienced ethical hackers were able to put their skills to the test with real-life bug bounty challenges in the Bug Hunting Track.
Symposium Cyber-Future: Skills for tomorrow
The first day of GOhack23 was dedicated to the symposium and focused on the topic "Cyber Future - Skills for Tomorrow". At the beginning, Michael Zurwerra, Rector and Tobias Häberlein, Head of the Department of Computer Science at FFHS as well as Divisional Officer Germaine J.F. Seewer and Major Gregor Hofer from the Swiss Armed Forces spoke about the importance of cybersecurity education and the Bachelor's degree program in Cyber Security launched by FFHS in autumn 2023. The 9-semester course, with individual semesters of 20 ECTS credits each, enables a flexible workload of up to 80 percent alongside the course. The FFHS deliberately offers a two-thirds pace compared to other universities, emphasized the FFHS representatives.
In addition, a passerelle for the bachelor's degree course in cyber security, which is aimed at cyber security specialists with a federal certificate or graduates of the army's cyber course and lasts 40 weeks, will start in February 2024. Major Gregor Hofer from the Swiss Armed Forces explained that the course includes 16 weeks of technical training in areas such as monitoring, cryptology and programming. After 4 weeks in the NCO school and a further 5 weeks of technical training, the 12-week practical service follows, during which the participants get to know the business in the command of the army "on the job". The practical service can also be completed outside the barracks walls, e.g. in the SecOps centers of Swiss Post or Swisscom.
A delicate balance between efficiency and resilience in cybersecurity
Raphael Reischuk, co-founder of the National Cybersecurity Test Institute NTC, opened the discussion with his keynote "Rethink Cybersecurity!" He emphasized the importance of resilience, especially in the global cyber ecosystem. Reischuk questioned the focus on efficiency in IT and illustrated how the constant drive for efficiency can compromise resilience.
Franz Grüter, National Councillor and Chairman of Green.ch, spoke about Switzerland's role in technology innovation and called for the country to ensure it remains at the forefront. Grüter emphasized the growing importance of artificial intelligence (AI) and expressed his concern about possible dependencies on foreign technologies. Overall, more innovation is needed instead of regulation.
Isabel Steiner, Lead Engineer at AlpineAI, discussed the future of artificial general intelligence (AGI) and emphasized its potential impact on various areas of life. Steiner emphasized both the positive and risky sides of AGI and expressed her belief that artificial intelligence will develop its own life with its own values and personalities.
In the panel discussion that followed, experts from different areas of cybersecurity shared their insights and experiences. The discussion was characterized by a number of key themes: the importance of commitment and continuous engagement with cybersecurity, the appreciation of non-technical leaders for their ability to effectively implement basic security principles, and the importance of a culture of error that promotes learning and development. In addition, the relevance of personal responsibility in handling data was emphasized, as well as the need to incorporate social aspects into cybersecurity strategies.
Bug bounty challenge: a practical approach
Friday morning saw the start of the Bug Bounty Challenge, a great opportunity for direct interaction between companies and security researchers. Over two days, some 340 ethical hackers and security experts of varying levels of experience worked together to uncover vulnerabilities in real systems, highlighting the importance of collaboration in cybersecurity. Representatives from partner companies BDO Switzerland, FFHS, IT Xpert, RaiseNow, SNSF, Swisslos and Threema were on hand to answer questions and discuss the results with the security researchers.
Winners on both sides
The winners of the various categories were announced at 6 p.m. on Saturday. A total of 31 vulnerabilities were discovered, 5 of them critical (see image below). Participants were rewarded with cash prizes for their outstanding achievements in the categories "Best Submission", "Most Submissions" and "Top 3 on the Leaderboard". Special recognition was given to the top 3 of the RaiseNow Challenge, who were awarded Flipper Zeros. Special thanks to Julius Bär, who sponsored the prizes.
The RaiseNow Hack for Good Challenge took place in parallel, with half of the bounties being donated to Caritas Switzerland.
GOhack23 Bug Bounty Challenge winners:
𝗕𝗲𝘀𝘁 𝗼𝘃𝗲𝗿𝗮𝗹𝗹 𝘀𝘂𝗯𝗺𝗶𝘀𝘀𝗶𝗼𝗻: xel
𝗠𝗼𝘀𝘁 𝘃𝗮𝗹𝗶𝗱 𝘀𝘂𝗯𝗺𝗶𝘀𝘀𝗶𝗼𝗻𝘀: simioni
𝗧𝗼𝗽 𝟯 𝗼𝗻 𝗟𝗲𝗮𝗱𝗲𝗿𝗯𝗼𝗮𝗿𝗱: 1: simioni, 2: hakupiku, 3: maurik
𝗥𝗮𝗶𝘀𝗲𝗡𝗼𝘄 𝗧𝗼𝗽 𝟯: 1: edoverflow, 2: hansluz, 3: xel
Michael Schläpfer, GObugfree CSO, thanked all the friendly hackers who had taken part in the event, making a decisive contribution to strengthening cybersecurity in Switzerland through their expertise and commitment.
EDU Track: Education is key
Parallel to the bug bounty challenge, the EDU track offered a diverse range of talks and workshops covering the many aspects of cybersecurity. Sessions ranged from discussions on ethical hacking and data protection to insights into the future of cybersecurity education and the changing role of artificial intelligence.
The topics were divided into several core areas:
Cybersecurity education and career paths: this presented perspectives on the development of security education and career opportunities in the cybersecurity sector.
Legal and Ethical Considerations: These sessions highlighted the challenges around data privacy, copyright and ethical issues surrounding AI.
Humans and Technology: Here the focus was on the interplay between the human factor and technological innovation, addressing both the impact of AI on everyday life and the importance of human skills in digital defense.
Practical workshops: In addition to the talks, there were also interactive workshops where attendees could learn practical skills in hacking and cybersecurity.
Each talk and workshop offered unique insights and helped to expand the depth and breadth of knowledge in the field of cybersecurity. The variety of topics and expertise of the speakers reflected the community's commitment and passion to address the challenges in the world of cybersecurity.
Networking and collaboration in a relaxed atmosphere
A key aspect of GOHack23 was the opportunity to network and exchange ideas in a relaxed atmosphere. Participants were able to have in-depth conversations and make new contacts over food and drinks. These moments of casual get-togethers provided an ideal platform to further explore the topics discussed, share insights and experiences from the bug bounty challenge and explore common interests.
This type of interaction is essential to strengthen and expand relationships within the cybersecurity community. Learning together, sharing experiences and growing in a friendly and open atmosphere contributed greatly to the overall experience of GOHack23 and emphasizes the importance of face-to-face encounters in the world of cybersecurity.
A foundation for the future
GOHack23 was more than just an event; it was an initiative that promoted knowledge, collaboration and innovation in the field of cybersecurity. The event not only inspired and informed experts, but also the public. It proved it: the combination of education, ethical hacking and open discussion is the key to a secure digital future. Stay tuned for GOHack24!
See more photos from the event here: GOHack23 photo gallery
GOHack is a unique cybersecurity event that combines bug bounty hunting, education and a symposium.