CarolinaCon 9

presented by North Carolina 2600

March 15-17, 2013

  7pm to 11pm on Friday

  10am to 9pm on Saturday

  10am to 5pm on Sunday

Hotel Reservations

DISCOUNT HOTEL RESERVATIONS: If you would like to take advantage of our special group rate on hotel rooms (good till February 12th 2013), go to this Hilton.com link for direct booking:

Reserve a room!

ATTENTION! The special room rate will be available until February 12th or until the group block is sold-out, whichever comes first. Also if we don't meet our quota of rooms with the Hilton the hotel will jack up our rate on the conference rooms we reserved for the weekend, which may impact our ability to break even on the event. So if you plan on staying in a hotel that weekend we hope it will be the Hilton and we hope that you will book under the discount group rate prior to February 12th 2013.

CALL FOR PAPERS

The Call for Papers has ended. We received too many great abstracts to fit them all into the schedule, and we regret that we didn't have room for them all. Thanks to everyone who submitted something.

SPONSORS and/or VENDORS:

We don't accept any, so please don't bother asking. Capitalism and philanthropic knowledge-sharing don't mix in our opinion. We keep our admission price to the bare minimum to cover our venue and equipment expenses. All of our staff are volunteers who generously donate their time and energy. All of our presenters generously donate their time and talent. The only items sold at CarolinaCon are a limited quantity of single-design CarolinaCon t-shirts....and we only make and sell those because attendees and staff want them (and because they're cool).

ATTENDEES:

If you are interested in attending, watch this space for more details: www.carolinacon.org ...and don't forget to mark the March 2013 dates on your calendar.

If you have any important (as in not-dumb and not-spam) inquiries about the event you can send email to: infocarolinacon.org

We look forward to seeing you at our 2013 event.

Location

CarolinaCon 9 will be held at 35.830122,-78.620365.

Hilton North Raleigh/Midtown
3415 Wake Forest Road,
Raleigh, NC

Link to map

Want to attend CarolinaCon?

Admission to the conference is $20 at the door. There is no pre-registration. For your $20 you will receive admission to the conference and a cool CarolinaCon badge. In past years we've also given away magazines, bumper stickers, shot glasses, and free food with the cost of admission. There's no telling what we'll be giving away this year so you'll have to attend to find out.

We will also be selling t-shirts at the conference but a price for those shirts has not been determined yet. You can expect to pay similar prices to what other conferences charge for their shirts ($10~$20).

Topics & Speakers


Dancing With Dalvik - Thomas Richards

Digital Energy BPT - Paul Coggins

Exploit Development for Mere Mortals - Joe McCray

Jargon Jitsu: The Tao of Buzzwords - Craig Searle (kezef)

Intro to Lock Picking - smrk3r

Terminal Cornucopia - Evan "treefort" Booth

Getting Shells When Metasploit Fails - Ryan Linn (sussurro)

Burp Suite: Comprehensive Web Pen Testing - JoshInGeneral

Search Engine Hacking: Finding Credit Cards, Social Security Numbers, and Frightenly More - Stephen Chapman

iPhone Data Reconnaisance without Physical Access to the Device - Jarrick

The Evolution of Network Security: How Networks Are Still Getting Hacked - Omar Santos

msfpayload isn't dead yet: AV Avoidance in Payload Delivery - melvin2001


---------------------------------------------------------------------------------

Name:

Thomas Richards

Title:

Dancin' With Dalvik

Abstract:

So you've reversed you're first Android APK; now what? Java pseduocode is nice, but how do we modify the app? This is a crash course in reading and understanding Davlik opcodes. It will go through some basics then we will jump into a couple case studies to demonstrate some of the concepts. This talk should help testers who are interested in or do Android application assessments to better understand how to mess with the underlying code.

Bio:

Thomas Richards is an Application Security professional located in Rochester, NY. He has presented at AppsecDC, GrrCON, and DerbyCON. He also currently holds the OSCP, OSWP, GPEN, and Security+
---------------------------------------------------------------------------------

Name:

Paul Coggin

Title:

Digital Energy – BPT

Abstract:

There is a great deal of conversation today regarding APT and critical infrastructure networks for ICS/SCADA, smart grid networks and service providers. The basic persistent threat (BPT) issues are being ignored in many cases. How can the APT be mitigated when the BPT issues have not been resolved? Typically, the technical capability to mitigate BPT many of the APT risks already exist in the installed HW/SW but proper attention to trust relationships, integration and interdependencies are overlooked. Close attention should be given to the often overlooked network vulnerabilities in the network architecture and protocols that enable BPT. In this presentation common network BPT issues that are often discovered during security consulting engagements will be discussed. BPT network architecture mitigations including separation of services for control, management and data traffic as well as securing and monitoring trust relationships and interdependencies will be covered.

Bio:

Paul Coggin is an Internetwork Consulting Solutions Architect with Dynetics in Huntsville, Alabama. Paul is responsible for designing and building broadband multi-service networks supporting Smart Grid, MPLS, VoIP, and IPTV for service providers, leading cyber security research efforts, in addition to performing network security architecture assessments and penetration tests for enterprises, utilities and service providers. Paul is a Cisco Systems Certified Instructor # 32230 and a Certified EC-Council Instructor. He has a BS in Mathematics, MS in Computer Information Systems. In addition he holds a wide array of certifications, including CEH, ECSA, CPTS, CISSP, CCNA SPOPS, CCNP, CCDP, CCIP, CCSP, and CCNP-Voice.
---------------------------------------------------------------------------------

Name:

Joe McCray

Title:

Exploit Development for Mere Mortals

Abstract:

Joe will walk through the basics of exploitation starting from basics of stack overflows, then SEH overwrites, egg hunters, heap spray, and ROP. For people interested in the subject of exploitation here is a chance to finally get an introduction to it from a guy that won’t put you to sleep.

Bio:

Joe McCray is an Air Force Veteran and has been in security for over 10 years. Joe has been involved in over 150 very high level pentesting assessments and has some major hacking accomplishments that he can share with his classes. His extensive experience and deep knowledge, mixed with his comedic style has lead Joe to be one of the most highly sought after speaking experts in the industry. Joe makes speaking appearances and gives seminars at major events in the security community such as Black Hat, DefCon, BruCon, Hacker Halted and more. Joe is the recipient of the 2009 EC-Council Instructor Circle of Excellence Award and the 2010 EC-Council Instructor of the Year Award. Joe is the founder and CEO of http://strategicsec.com an IT Security consulting firm that provides in-depth technical security assessments of your network, web application, and regulatory compliance gap analysis.
---------------------------------------------------------------------------------

Name:

Craig Searle (kezef)

Title:

Jargon Jitsu: The Tao of Buzzwords

Abstract:

Moore’s law states that IT systems will double in processing power every 18 months. However, security has not progressed at the same rate…seriously, it is 2012 and enterprise organisations are still arguing over whether or not 7 or 8 character passwords are stronger. ORLY? As a security industry what have we done about it? We’ve introduced standards like PCI DSS that further exacerbate the problem. Why? Because they prescribe the security controls required in order to meet some arbitrary compliance requirement. This is totally arse-about from how any well run enterprise project would be executed; define the objectives and then develop the controls/outcomes from there. Security is not unlike a tesseract; we cannot see what ‘secure’ looks like, but we can describe what the end results of security will look like. This presentation is a look at how buzzwords and poorly-constructed standards have actually hindered security in enterprise and what we as a security community can do about it.

Bio:

Craig is currently the Chief Operating Officer for BAE Systems Stratsec, the largest pure play security consultancy in the Asia-Pac region. He has extensive experience in the development, management & execution of IT security advice and assurance activities within large organisations, including banking and finance, critical infrastructure, ASX200 organisations and government (both state and federal).
---------------------------------------------------------------------------------

Name:

smrk3r

Title:

intro to lockpicking

Abstract:

You have locks on your network closet. Great. What if I can open them in 30 seconds or less? This talk will explore the basic-level concepts of various types of locks and how/why they can be picked. This information should be common knowledge by now, but given the need for free and open information sharing, it really can never be reviewed too often. Plus you're sure to get some seriously inappropriate humor alongside all of it.

Bio:

smrk3r is a penetration tester and co-founder of the FALE Association of Locksport Enthusiasts. He enjoys staying in his basement and not leaving the house before 9pm.
---------------------------------------------------------------------------------

Name:

Evan "treefort" Booth

Title:

Terminal Cornucopia

Abstract:

In this talk, I explore a seldom-discussed facet of airport security: what happens after the backscatter/millimeter wave scan or the friendly pat-down? A marginally resourceful and MacGyver-esque individual can breeze through terminal gift shops, restaurants, magazine stands and duty-free shops to find everything they need to wage war on an airplane. We'll take weapons — melee, projectile, and beyond — from concept to prototype in this serious (yet often humorous) talk, replete with photos and video.

Bio:

Evan "treefort" Booth is an interactive developer with roots in advertising. His company, Recursive Squirrel Interactive, has serviced clients such as HP, 20th Century Fox, AARP, and Hess. Evan is also a founding member of the FALE Association of Locksport Enthusiasts (www.lockfale.com), where he regularly gets to teach fellow problem-solvers and generally attractive people the fundamentals of lock picking and physical security.
---------------------------------------------------------------------------------

Name:

Ryan Linn (sussurro)

Title:

Getting Shells When Metasploit Fails

Abstract:

Penetration Tests aren't new, and most companies have figured out how to eliminate the low hanging fruit. Some have even gone above and beyond and deployed technologies like Network AV, IPS, and egress filtering. In 50 minutes, this talk is going to go through different ways of getting access to systems on the network without exploits and working around common hardening. Leveraging configuration weaknesses, common hardening oversights, and more, we'll go through ways to get around difficult AV systems, network AV, using open source and commonly available tools to get access to boxes were the standard stuff fails. Join us for a adventure with few slides and lots of shells, just make sure to keep your hands and feet inside the ride at all times.

Bio:

Ryan Linn is a Senior Consultant with Trustwave’s SpiderLabs – the advanced security team focused on penetration testing, incident response, and application security. Ryan is a penetration tester, an author, a developer, and an educator. He comes from a systems administration and Web application development background, with many years of IT security experience. Ryan currently works as a full-time penetration tester and is a regular contributor to open source projects including Metasploit and BeEF, the Browser Exploitation Framework.
---------------------------------------------------------------------------------

Name:

JoshinGeneral

Title:

Burp Suite: A Comprehensive Web Pen Testing

Abstract:

I plan on showing some of the features of the Burp Suite and how it can be used to run Pen Tests on devices that have web authentication. I will walk through setup and use of the target window to store proxy requests, and then combine that with the repeater, intruder and sequencer to attack the site. My talk will explain how we can use each view to analyze and view responses as we modify packets on the fly. I plan to show how Burp helps you bypass site XSS and SQL injection checking, directory traversal, client side login checks, and find non-random sessions keys.
The last part of the demo I will show how I successfully used this in order to bypass the web authentication on an Iomega drive Network Access System. Without knowing the details of the CVE, upload a backdoor to the NAS and gain root so that I can use it as a pivot point and mount other attacks into the victims network... all with using Burp. All of this will be presented live, however instructions and PowerPoint will be provided so anyone can repeat this demo on their own.

Bio:

Josh currently works as a Linux Administrator in the Washington DC Area. He has a Masters degree from UNC Charlotte in Security and Privacy, were he was also the founder of the 49th Security Division and two time winner of the South East Collegiate Cyber Defense Competition. He has done work for the Military and Private Sector in the areas of web penetration testing, network security and defense R&D, as well as ran his own business doing web development and network setups. His other activities include playing FPS's, Swimming, Traveling, and Scripting.
---------------------------------------------------------------------------------

Name:

Stephen Chapman

Title:

Search Engine Hacking: Finding credit cards, Social Security numbers, and frighteningly more

Abstract:

Brief Topic Abstract: This presentation is for anyone interested in learning the true power of search. While the vast majority of people think of search engines as gateways to movie times, shopping deals, and a little fact-checking, the reality is that advanced search queries are being used via the most popular search engines every day to find unbelievable types of information. Search has proven time and again that even the most paranoid and cautious individuals can find themselves on the business end of identity theft, and they'd never know how it happened. If you don't know how to use a search engine to find credit card scans, Social Security numbers, usernames and passwords, VPN credentials, back-up images, virtual machine installs, software licenses, confidential documents, private image/video dumps, or similarly fascinating/frightening data, then I'm offering you the chance to take the red pill and see just how deep the search engine rabbit hole really goes...

Bio:

Stephen is a freelance writer and investigative researcher who is head-over-heels in love with search. Whether it's tirelessly refining advanced search queries, unearthing awesome niche search engines, Internet marketing (SEO, social media, etc.), or just about anything Web-related, Stephen is passionate about it. Such passion allows him to touch on various facets of competitive research, Web security, search-related "fun and profit," and much more. Currently, Stephen writes for CBS Interactive / ZDNet on topics related to search, security, hardware, software, gaming, and other tech-related subjects. He speaks at conferences regarding search engine hacking and is also in the process of writing a book regarding advanced search querying with Google. Connect with Stephen via his Web site, LinkedIn, Twitter, or Facebook!
---------------------------------------------------------------------------------

Name:

Jarrick

Title:

iPhone data reconnaissance without physical access to the device.

Abstract:

I'll explore methodologies for iOS data reconnaissance without physical access to the device. Using a non jailbroken iPhone, I'll show how to use a local network to use common settings on devices to remotely backup the device to its paired instance of iTunes (assuming network or physical access to the computer), find the backup on disk, and extract things like the TXT/iMessage raw sqlite database to the recent calls list.
These tactics can be used to automate backups of your own device for safekeeping of data or for more nefarious things like recovering text message logs from a spouse's phone to see what they've ben up to behind your back. I'll show example SQL queries to adjust date/timestamps and account for an Apple bug that made it into production with iMessage database records which will make it easier to work with the data. I'll also show a simple way to protect against this sort of data reconnaissance by others.

Bio:

Jarrick is a software engineer by trade and manages the engineering department of a small custom web application development company. He also has a successful side business developing iOS apps for the masses. Jarrick is a member of the FALE Association of Locksport Enthusiasts.
---------------------------------------------------------------------------------

Name:

Omar Santos

Title:

The Evolution of Network Security: How Networks Are Still Getting Hacked

Abstract:

This presentation will cover how network and internet security is evolving. No matter how big your organization is, the possibility of having your network hacked is now higher than ever. This presentation will discuss how the attack landscape is changing and how large scale cyber-espionage campaigns have been pwning networks for years. People always think of nation-state hacks against large defense contractors, big government offices, and profile financial institutions, but anyone can be a victim. This presentation will also cover how organizations mature in their security strategy to try to maintain a good security posture, but in a lot of cases are unsuccessful.

Bio:

Omar Santos is an Incident Manager at Cisco's Product Security Incident Response Team (PSIRT). Omar has designed, implemented, and supported numerous secure networks for Fortune 500 companies and the U.S. government. Omar has delivered numerous technical presentations on several venues; as well as executive presentations to CEOs, CIOs, and CSOs of many organizations. He is also the author of 4 Cisco Press books and two more in the works.
---------------------------------------------------------------------------------

Name:

melvin2001

Title:

msfpayload isn't dead yet: AV avoidance in payload delivery

Abstract:

Most, if not all, executables generated by msfpayload/msfencode/msfvenom get destroyed by every antivirus available. Msfpayload is still fantastic, but it's inevitable that something this fantastic will get a lot of attention from AV providers. It is crucial for security professionals to have reliable payloads to provide quality deliverables to their clients. Rather than having a theoretical discussion regarding various avoidance techniques, this talk will demonstrate methods that these chaps use on a regular basis with ridiculous success rates. Of particular focus will be ghost-writing ASM, use of binary-level encryption for payloads, and remote command execution for shell generation.

Bio:

melvin2001 is a penetration tester that loves cinnabon, and is a founding member of the FALE Association of Locksport Enthusiasts.

About CarolinaCon9

CarolinaCon is an annual conference in North Carolina that is dedicated to sharing knowledge about technology, security and information rights. CarolinaCon also serves to enhance the local and international awareness of current technology related issues and developments. CarolinaCon also strives to mix in enough entertainment and side contests/challenges to make for a truly fun event.

CarolinaCon was started in 2005 and has been held every year since. With each passing year the conference continues to grow and attract more attendees and speakers. As has always been the case, CarolinaCon is put together and run by an all-volunteer staff. CarolinaCon is proudly brought to you by "The CarolinaCon Group". The CarolinaCon Group is a non-profit organization registered in the state of NC, dedicated to educating the local and global communities about technology, information/network/computer security, and information rights.

The CarolinaCon Group is also closely associated with various 2600 chapters across NC, SC, TN, VA, LA, DC, GA, PA and NY. Many of the volunteers who help develop and deliver CarolinaCon come from those chapters.

Contact the CarolinaCon Staff

For general information about the event, please contact info@carolinacon.org

For information about speaking at CarolinaCon, contact speakers@carolinacon.org

Frequently Asked Questions

Who develops and delivers CarolinaCon?

CarolinaCon is proudly brought to you by "The CarolinaCon Group". The CarolinaCon Group is a non-profit organization registered in the state of NC, dedicated to educating the local and global communities about technology, information/network/computer security, and information rights. The CarolinaCon Group is also closely associated with various "2600" chapters across NC, SC, TN, VA, LA, DC, and NY. Many of the volunteers who help develop and deliver CarolinaCon come from those chapters.

What events will be at CarolinaCon?

CarolinaCon is mainly about the educational talks, presentations, and demos. Alongside those we will have several other technology-related contests and challenges. Details on other events will be announced on our website as they are planned out.

Can my company sponsor CarolinaCon?

We don't accept any, so don't bother asking. Capitalism and philanthropic knowledge-sharing don't mix in our opinion. We keep our admission price to the bare minimum to cover our venue and equipment expenses. All of our staff are volunteers who generously donate their time and energy. All of our presenters generously donate their time and talent. The only items sold at CarolinaCon are a limited quantity of single-design CarolinaCon t-shirts....and we only make and sell those because attendees and staff want them.

What about donating to CarolinaCon?

Well that's a different story. We will gladly accept donations from anyone who wants to contribute. At CarolinaCon, we pride ourselves on not charging a lot for admission so we don't have a lot to spend on giveaways (we manage though). We can always use prizes for Hacker Trivia and various other contests that we run so if you want to donate an actual prize, rather than cash, just let us know by sending an email to info@carolinacon.org. We'll also take cash. :-)