~$ JavaScript war crimes! At SteelCon.

Posted on Jul. 12th, 2023. Last edited on Sep. 3rd, 2023. | Est. reading time: 5 minutes

Tags:Information SecurityProgrammingDevelopmentReverse EngineeringConferenceTalksTravelCyber SecurityTechnical

I recently attended SteelCon, also known as "The North's Premier Hacker* Con" in Sheffield, to talk about my numerous war crimes (in JavaScript), as well as the beautiful esoterism of JSFuck.

This tale starts like so many others, with me landing in London, dealing with some work bits, travelling to the train station and praying that my train isn't cancelled, delayed or otherwise impaired.

Once I had arrived in Sheffield, I met up with Emily ( @nylixar) whom you might remember from my last blog post (which you can read here) and we headed over to the unofficial pre-sides event (which, as this is not a BSides, is probably not aptly named, oops) where we had a fun moment where we reconvened with the gang.

The next day, as is tradition, I woke up early and went to a coffee shop in order to actually finish writing the slidedeck for my talk, assisted by a quadruple shot espresso to get the brain juices flowing.

Once that was done, I joined the festivities at the Sheffield Hallam University's Owen building, where I met up with many of my conference friends and took stake of the premises.

I first attended Scott McGready's ( @ScottMcGready) talk, which was about a lot of fun fails by cyber criminals and was very entertaining.

I then went to see Alice McGready's ( @ach_fooey) talk, which brought to light that although we communicate using a same set of words and characters, that does not necessarily mean we are saying the same things, which was extremely enlightening.

And later on came the time for me to give my own talk, which was titled How being a JavaScript CTF challenge creator (/alleged “war criminal”) has helped me at reverse-engineering, wherein I delved the intricacies of CTF challenge creation and what I have created in the past - which people disaffectionately call my war crimes - before devolving into the territory of how I like to create challenges, namely the beautiful and esoteric language that is JSFuck. I then did a deep-dive into the actual semantics and function of this language before explaining how that knowledge has been relevant to me outside of CTF's, for example in the context of the aforementioned phishing expedition (which, once more, you can find here).

The video, emcee'd by my friend Emily ( @nylixar), can be found here:

After that, it was time to enjoy the rest of the conference, before going to the inevitable afterparty, where I met both Jade and May with whom I had several fascinating interactions throughout the evening, despite the cosmic downpour of rain that we were subject to.

The next day, I packed up my stuff, and took a train back down to London with Emily and Jade, which was delayed and the last leg of which we very excitedly were mapping the estimated time of arrival to see if we could benefit from LNER's delay-repay scheme (we fell short by about 10 seconds from the 30 minute mark).


A few weeks later, Alice ( @ach_fooey) wrote a post describing her BSides Leeds and SteelCon experiences, which you can read here.

She mentions my talk specifically, stating that I had "structured [my] talk carefully and in such a way that anyone, possibly even someone with no coding knowledge whatsoever, could follow [my] logic", which - given the nature of her own talk that preceded mine and which delved on the nature of communication - I consider to be very high praise.