CarolinaCon 14 - Helping people remember birthdays, one password at a time.



Events


Lockpick Village



WHEN Saturday 9am - 5pm, Sunday 10am - 3pm WHERE Dogwood

This year's Lock Pick Village at CarolinaCon 14 is once again going to be run by Oak City Locksport. We will be hosting walk-in beginners lessons, a picking competition, and Jeremy's "Box" challenge. No prior knowledge or tools are required, and all skill levels are welcome. OCL staff will be on hand to teach you or answer any questions you might have. We look forward to meeting you and sharing our love of locksport. A limited number of special edition CarolinaCon 14 lockpick sets will be available for sale at the Shirt table.

"Connect Three" - Our picking competition is a take on the old "Connect Four" game you might have played, but with fewer spots. Instead of checkers we'll play with padlocks! You need to get three non-destructive "unlocks" in any direction to win the game while also trying to block your opponent. Competition will be open to "teams" of one to four people. Tools will be provided or you can use your own. This will be a tournament style competition with the full rules will be posted on site. Swing by the village Saturday to challenge others before competition starts and sign up!

"The Box" - The Box is a physical security challenge inspired by the DEF CON Box challenge, and created by Jeremy Manos. The difference with this challenge is that the box is made of acryllic so you can see what you're up against. Does that help? Maybe a little. Can you beat it? Come try!

OCL was founded back in 2012 and has been growing ever since. If you are interested attending our monthly meetings, join our Meetup or follow @oakcitylocks on Twitter.

Crypto Challenge



WHEN Friday 7pm - Sunday 12pm WHERE (see instructions on the back of the CarolinaCon program)

An announcement on how to play will be made at opening remarks. Contact a staff member if you have questions.


Capture the Flag



WHEN Friday 7pm - Sunday 12pm WHERE Boxwood

The CTF will again be ran by the Eversec team and features a scenario based competition. Contestants will assist a fictitious company in securing their borders by finding and reporting as many vulnerabilities (find and submit as many flags) as possible before the event ends.

The CTF will begin Friday evening at 7pm and run into Sunday at noon. To compete, contestants will need to join the CTF network (EversecCTF) located in Boxwood.

For up to date information, follow EversecCTF on twitter.


The GHS Shoot-house for WiFi



WHEN Saturday at 10am until 2pm WHERE Salon D

Interested in learning how to hack WiFi? The GHS Shoothouse for WiFi (GSW) is here! Pat Wylie & Shawn Brown ([email protected] Solutions) will host a half day Wireless presentation and training event and provide a safe environment with several (IEEE 802.11) wireless scenarios for participants to train on.

Wireless scenarios will include: WEP 64-bit, WEP 128-bit, Clientless WEP, multiple WPA2 cracking scenarios- grabbing handshakes, attacking shitty passwords, building and using dictionaries, and more! All of these scenarios will be running simultaneously to allow maximum time for participants to train on. Presentations on how to navigate through each target will be given throughout the day.

  • - Participants will need their own laptop. Regarding the OS and/or tools - recommend they have Kali, Pentoo, Parrot or whatever their preference is.

  • - Our demonstrations will be done via the aircrack-ng suite of tools - if participants use auto-crack tools (i.e. WiFite, Fern, Cain,etc.), they will be heckled but it's okay, they won't work for everything 😈

  • - They will also need to bring a wireless card that supports injection. My recommendation is the Alfa AWUS-051NH v.2 (Bronze-colored). Other Alfa cards are fine (silver, blue, orange, black) - however, most of these do not support 5GHz capability.

  • - Participants are recommended to bring their own VM. A copy of Kali will be available just in case.

  • - For those that want to try and run internal WiFi NICs or test the one they've got - they can test the cards capabilities by doing the following:

    • iw list | grep mode -A 8

      Look for the word monitor in the output - this will ensure you have monitor mode capability

      iw list | grep Frequencies -A 10

      Look for 2.4 and 5 Ghz to ensure you will be able to connect to all targets

      Your output should look similar to the following examples (iw list commands)

What's Planned

There's going to be one open access point that will host the web page that provides the Rules of Engagement and information required to engage the targets.

This same web page will have download links for two (locally stored) common password dictionaries that can be used to crack access points.

While cracking keys is cool, it doesn't stop there. Some of the targets will require additional knowledge that many either forget or don't know - demonstrations will be given on a non-range network throughout the day.

For those that do choose to participate, there will be a live scoring engine that will be on display. Participants will be able to register, and receive a unique token to ensure integrity upon submission. Once a participant submits a correct flag, the scoring engine will update the scoreboard and show live results of who's got what points.

Pat Wylie & Shawn Brown are the co-founders of [email protected] Solutions, LLC, an IT security, training and consulting firm in West End, North Carolina. Both Pat & Shawn have extensive military backgrounds with over 40 years combined tactical experience. Both have extensive experience in computer network operations, conducting proof of concept demonstrations and specialize in wireless (802.11) attack & defense. They have worked significantly with private, and government entities to determine, design, and implement a wide range of non-standard IT and training solutions. Their joint venture, [email protected] Solutions, is always striving to enhance the persistent tactical and strategic edge.

Threat Hunting with ELK



WHEN Saturday 2pm - 7pm WHERE Salon D
Sign Up Now (Limited Space)

Threat Hunting with ELK (training workshop - four hours) - Saturday Afternoon

This hands-on training will walk attendees through leveraging the open source ELK stack to analyze logs to proactively identify malicious activity. The basic tools and techniques taught during this class can be used to investigate isolated security incidents or implemented at scale for continuous monitoring. Attendees will be provided with access to a preconfigured ELK instance and extensive sample logs containing diverse malicious events waiting to be discovered.

Attendees will need to bring their own laptop capable of running VMs copied over from USB flash drives and accessing WiFi internet. Seats will be limited. Sign Up information coming soon. Watch this space and @CarolinaCon.

Ben Hughes


Ben (@CyberPraesidium) brings over 12 years of diverse experience in cyber security, IT, and law. He leads Polito's commercial services including vulnerability assessments, penetration testing, incident response, forensics, and threat hunting. Prior to joining Polito, Ben worked on APT hunt teams at federal and commercial clients, sharpening his skills in network security monitoring, IR, forensics, malware analysis, security configuration, and cyber threat intelligence. He holds CISSP, GCFA, GWAPT, and Splunk Power User certifications. Ben is also a member of the Maryland bar and volunteers at a pro bono legal clinic.

Jeffrey Magloire


Jeff is a highly skilled cleared professional with extensive knowledge working with information security and incident response cases in both the corporate and federal sector. Jeff has 9 years of expertise in the field of Endpoint and Mobile based Intrusion Detection and Protection, Network security, e-Discovery, Mobile Application Security, and Information security. His experience includes providing Subject Matter Expertise in the area of forensics and cyber security for some of America’s essential government entities such as the White House, FBI, DOJ, SEC to name a few. Jeffrey currently holds a Masters of Science in Digital Forensics from George Mason University along with a Bachelors in Business Information Technology from St Johns University. Jeffrey also has industry recognized certifications such as GIAC Certified Forensic Analyst, Encase Examiner and Encase E-Discovery, Xways and Cellebrite Certifications.

Liana Parakesyan



Liana brings to Polito a wide range of experience in cybersecurity. Liana has worked with policies from various industries, created tailored cybersecurity frameworks for companies and agencies. She has background in building cybersecurity laboratories for clients and conducting penetration testing, and threat intelligence activities. She holds Security+, CEH, and CISSP certifications. Liana also leads community workshops to educate people about cybersecurity and privacy.

Unofficial Carolinacon Shootout



WHEN Friday noon until 5pm (please RSVP in advance) WHERE Hotel Lobby 12pm, or go directly to the PSR Gun Club at 1pm

See hackers.withguns.com for more information.