Schedule of Events
Friday
TLDR; Nifty Python tool to play music corresponding to network traffic that contains the potential for an accessibility function for the visually-impaired.
Originally conceived of as a cool idea to examine network traffic generated by penetration testing in lieu of reviewing tcpdump or Wireshark output, [email protected]@quet turned into a valid means of creating music from network traffic patterns. Also, by creating a sound-based representation of network traffic, the utility provides insight into normal traffic patterns as opposed to oddities such as ICMP ping or UDP/TCP port scans. Anyone, whether an analyst or tester, interested in keeping track of the network can listen to the sounds of the packets instead of scrolling through Wireshark or tcpdump packets.
As an example, if a port scan was observed by the monitoring interface, those packets would correspond to different sounds, thereby yielding an aural experience matching that traffic pattern. Visually-impaired individuals could be trained as to the notes and corresponding packets and be empowered to conduct hitherto inaccessible network analysis. The project consists of a Python script to demonstrate both live traffic examples and previously recorded packet captures.
Killian has been involved in the tech industry for about 10 years, and while dabbling in security throughout, he ventured into the realm of offensive techniques about halfway through. He works as a penetration tester for Coalfire, a company based in Denver, CO, where he attempts to relate the technical aspects presented by vulnerabilities in networks, applications, and people to actionable business risks that companies can address.
Learn why playing capture the flag is an awesome way to learn firehose style how to hack while meeting new friends, and abusing networks and systems.
Your presenter on this talk has competed in many CTF events and finished 1st out of 127 teams at DerbyCon in 2014, and was the highest scoring solo player in 2015. Come and learn why you should be playing the CTF right now.
Jeff Macko is a Director with Kroll’s Cyber Security and Investigations practice. With over 25 years of experience in information technology and security, he has designed, implemented, managed, and secured information systems and networks for a wide variety of industries, with substantial experience in financial services, biotechnology, software development, and e-commerce. Jeff partners with clients to identify risks to their information security programs and provides remediation guidance through penetration testing, code review, social engineering exercises and risk assessments.
This talk will provide a quick overview honeypots, an explanation of the cyber deception space, and the benefits of implementing deception as part of your cyber defense program. In addition, this talk will highlight the HoneyDB project, which enables anyone to get started with operating deception sensors and start collecting threat information. Finally, this presentation will describe how I built scalable honeypot sensor collection, employing a "Frankenstein Cloud Architecture", for minimal cost.
Note, I did present (30 mins) last year, however this talk will contain new material, and will provide an update on the projects I presented last year. A summary of how things have gone, and where they are going. I received a great response from last year’s talk, so I hope to keep the community talking, learning, and involved in the topics/projects on honeypots & cyber deception.
Phillip Maddux is a Senior Solutions Engineer at Signal Sciences and has over 10 years of experience in information security, with the majority of that time focused on application security in the financial services sector. In his spare moments he’s a honeypot enthusiast and enjoys converting ideas to code and committing them to Github.
Without exploit mitigations and with an insecure-by-default design, writing malware for FreeBSD is a fun task, taking us back to 1999-era Linux exploit authorship. Several members of FreeBSD's development team have claimed that Capsicum, a capabilities/sandboxing framework, prevents exploitation of applications. Our in-depth analysis of the topics below will show that in order to be effective, applying Capsicum to existing complex codebases lends itself to wrapper-style sandboxing. Wrapper-style sandbox is a technique whereby privileged operations get wrapped and passed to a segregated process, which performs the operation on behalf of the capsicumized process. With a new libhijack payload, we will demonstrate that wrapper-style sandboxing requires ASLR and CFI for effectiveness. FreeBSD supports neither ASLR nor CFI. Tying into the wrapper-style Capsicum defeat, we'll talk about advances being made with libhijack, a tool announced at Thotcon 0x4. The payload developed in the Capsicum discussion will be used with libhijack, thus making it easy to extend. We will also learn the Mandatory Access Control (MAC) framework in FreeBSD. The MAC framework places hooks into several key places in the kernel. We'll learn how to abuse the MAC framework for writing efficient rootkits. Attendees of this presentation should walk away with the knowledge to skillfully and artfully write offensive code targeting both the FreeBSD userland and the kernel.
Shawn Webb is a cofounder of HardenedBSD, a hardened downstream distribution of FreeBSD. With over a decade in infosec, he dabbles in both the offensive and defensive aspects of the industry. On the advisory board for Emerald Onion, Shawn believes in a more free and open Internet. His whole house is wired for Tor. Getting on the Tor network is only a network jack away!
This talk will discuss the benefits of data visualization when performing security analysis and also presenting analysis findings. Too often information security analysts try to solve complex security problems by looking at the output of a .txt document. Even worse they present their findings with the same dull output they used for analysis. The security community need to take some direction from the infographic age and display data in way their clients can easily digest. During this talk I will talk about a variety of techniques one could use to help identify malicious patterns in data sets and how to present them by visualizing the data in graphs like:
Time Series / Timelines
Distributions
Correlation Plots
Ranking
Maps
Flow
These visualizations (if used correctly) can serve as a tool for information security analysts to detect and present findings that show the threat.
TJ Nelson is a Research Analyst on Arbor’s ASERT Team. His duties include analyzing emerging threats to Internet security, reverse engineering malicious code and communications protocols, developing policies for attack mitigation, and contributing to the continual improvement and automation of Arbor's internal threat analysis software infrastructure. Prior to Arbor, TJ was a Senior Incident Response Consultant for SecureWorks where he investigated large scale targeted threat intrusions for their Special Operations Team. He organizes his local Security B-Sides conference and leads a local information security group. TJ has a B.S. in Network Security from Rochester Institute of Technology and a M.S. Computer Information Systems from Boston University.
Saturday
Interested in learning how to hack WiFi? The GHS Shoothouse for WiFi (GSW) is here! Pat Wylie & Shawn Brown ([email protected] Solutions) will host an all-morning Wireless presentation and training event and provide a safe environment with several (IEEE 802.11) wireless scenarios for participants to train on.
Wireless scenarios will include: WEP 64-bit, WEP 128-bit, Clientless WEP, multiple WPA2 cracking scenarios- grabbing handshakes, attacking shitty passwords, building and using dictionaries, and more! All of these scenarios will be running simultaneously to allow maximum time for participants to train on. Presentations on how to navigate through each target will be given throughout the day.
Pat Wylie & Shawn Brown are the co-founders of [email protected] Solutions, LLC, ([email protected] Solutions), an IT Security, training and consulting firm in West End, North Carolina. Both Pat & Shawn are US Army Special Forces (Green Berets) and are responsible for the creation and development of a United States Special Operations Command (USSOCOM) course that trains on tactical application of network defense and penetration testing techniques.
Both Pat & Shawn have extensive experience in computer network operations, conducting proof of concept demonstrations and specialize in wireless (802.11) attack & defense.
Spear phishing accounts for the vast majority of security breaches. Being able to perform spear phishing is vital for a penetration tester and integral to understanding how to mitigate it.
This presentation will focus on the entire process of a sophisticated spear phishing campaign, from recon to delivering the payload and bypassing modern defenses. Furthermore, stealth and anti-blue team techniques will be demonstrated. I will also demonstrate HunterGatherer.js, an email gathering and validation tool I wrote to assist in spear phishing."
Kevin is a network security analyst at MacAulay-Brown, a defense contractor. While Kevin enjoys network defense, he is passionate about offensive security.
He is particularly interested in network security and penetration testing, but also enjoys web exploitation, programming, and nature.
The talk that lives up to its name! Completely self-centered on how to work with your bait and tackle to jerk off the line of stories in your head and get back to reality. Avoid phishing by not falling for the hookers! Even yourself! Social engineering! Deep penetrating psychology mixed with blatant innuendo and enough buzzwords to make a CISO throw BitCoin at it...then make engineers figure out a POC for what this Purple Team Darknet vaporware actually does!
Techniques on how to observe and handle your own bait and tackle to avoid biting someone else’s hook. We get hooked in that moment of tightening when we reach for relief. To get unhooked, we begin by recognizing that moment of unease and learn to relax in that moment. Observe yourself to avoid the hooks. Discover your motivations and attachments so you can recognize them in that moment. Learn to work with yourself to relax so you can change how you react to bait and get unhooked when you eventually bite the hook. Don’t fall for hookers, become a master baiter!
BACE16 is a local (+1) human female (+1) who has never spoken at a con (+1) Co-Founder of DC919, RTP’s Def Con Group. Network security engineer. Studied psychology, spirituality, and self-help. Writer. Runner.
Still trying to make sense of deserialization flaws and how they became a "thing"? Deserialization flaws can be very complex and require deep knowledge of the target programming language, so it is no surprise that most hackers don't understand much beyond use of payload tools (e.g. ysoserial). Unlike most talks on this subject, Jason will break down the jargon to explain which elements of Object Oriented Methodologies (OOM) have brought on a plethora of deserialization flaws in Java and other OO languages. This talk will be accompanied with simplified demos and sample code to help understand deserialization flaws and how corresponding attack payloads are made.
I'm an ethical hacker, programmer, gamer, security consultant, and home brewer. With over 20 years of industry experience in software development, my focus is mostly application security. My contributions to the security community include multiple Burp Suite plugins and contributions to other opensource appsec projects such as SamuraiWTF and Mobisec.
With few exceptions companies have been collecting data about you and your families for decades. Whether it is "just" your name, address, and phone numbers or how often you visit a certain location and with whom, the information that circulates the public internet about us and our families grows every day. With some simple, free tools and easy to understand techniques, anyone can gain access to this data and examine their digital footprint.
In the presentation we will show OSINT and reconnaissance techniques to harvest information from the internet.
Micah Hoffman has been working in the information technology field since 1998 supporting federal government, commercial, and internal customers in their searches to discover and quantify information security weaknesses within their organizations. He leverages years of hands-on, real-world penetration testing and incident response experience to provide unique solutions to his customers. Micah holds GIAC's GAWN, GWAPT, and GPEN certifications as well as the CISSP. Micah is an active member in the NoVAHackers group, has written Recon-ng and Nmap testing tool modules and enjoys tackling issues with the Python scripting language. When not working, teaching, or learning, Micah can be found hiking or backpacking on Appalachian Trail or the many park trails in Maryland. Catch him on Twitter @WebBreacher.
Josh Huff is a Digital Forensics Analyst and licensed private investigator in Columbia, South Carolina. Joshís cases have spanned the gamut of computer and mobile forensics, audio forensics and open source investigation to support his firmís field investigators. Josh has invested much of his time networking with information security professionals in the area. As a result he has become a speaker and co-organizer of Columbiaís InfoSec meetup, ColaSec. During his time with ColaSec, Josh organized a study group on Open Source Intelligence and an exploration of encrypted communications. The studies in OSINT led to conference speaking engagements around the country and his casework has landed him in court as an expert witness in computer forensics. Josh blogs his OSINT research at www.learnallthethings.net" and he can be found on Twitter @baywolf88.
During this presentation we will be focusing on what is typically referred to as destructive methods for data acquisition. Which is the process of removing memory devices from circuit boards to gain access to their contents. But we will take it a step further by covering how to restore the device back to operation and methods and techniques on altering the devices firmware prior to rebuilding, to allow for full root level access to functional system after recovery. Topics covered will include firmware extraction and modification attacks. Followed by desolder, resoldering, hot air and IR reflow methods, BGA reballing manually and with reball kit.
Deral Heiland, serves as a Research Lead (IoT) for Rapid7. Deral has over 20 years of experience in the Information Technology field, and over the last 10+ years Deral’s career has focused on security research, security assessments, penetration testing, and consulting for corporations and government agencies. Deral also has conducted security research on numerous technical subjects, releasing white papers, security advisories, and has presented the information at numerous national and international security conferences including Blackhat, Defcon, Shmoocon, DerbyCon, RSAC, Hack In Paris. Deral has been interviewed and quoted by several media outlets and publications including ABC World News Tonight, BBC, Consumer Reports, MIT Technical Review, SC Magazine, and The Register.
You can find a lot of primers with some Google-fu on writing Linux rootkits. Unfortunately most of them are outdated and have techniques that just don't work anymore. This talk will be specifically focused on writing a kernel mod rootkit on a modern Linux Kernel (the latest version of Linux Mint to be exact). It will specifically focus on hooking syscalls and how to do so in a simple, reproducible way. For this talk I'll be releasing a simple, but effective kernel mod rootkit and instructions on how to modify it for your own needs.
Alejandro (Alex) Caceres is the founder and owner of Hyperion Gray, LLC, a small web security and software R&D company based in North Carolina. Alex attended Duke University, where he received a B.S. in both Physics and Mathematics and began working with distributed computing in the context of massive simulations of heavy ion collisions. A hacker and open source developer at heart, he worked as a computer network operations engineer and software developer at an information security consulting firm before starting Hyperion Gray in January 2013 with the release of his popular open source project PunkSPIDER (now punk.sh), which leverages distributed computing for mass-scale web vulnerability detection. Alex has extensive experience with web application hacking, penetration testing, and securing applications and systems against vulnerabilities. He has designed and taught several courses on these subjects, one of which has been published as an e-book and in print. He is currently the tech lead of Hyperion Gray's research team on the DARPA Memex project, and has been the tech lead on several other DARPA-funded projects as well. He has been a speaker and panel moderator at several major security conferences, including OWASP AppSec USA, ShmooCon, DEF CON, DerbyCon and CarolinaCon.
Last year, Deviant and friends brought you gustatory delights in “The Hotel Room Gourmet” and the audience was treated to cooking advice, hardware demonstrations, and free noms! This talk is the counterpoint to "The Hotel Room Gourmet."
"Liverstrong" is a motto coined by Infosec Crumudgeon, BSides founder, and all-around-wonderful soul Jack Daniel. Being Liverstrong is not simply about the alcohol quantity in your evening or the B.A.C. levels in your bloodstream. No, as you will learn in this presentation, the Liverstrong lifestyle comes from diligent training, sharp knowledge, and a discerning palate.
This talk will step people through some of the basics of booze, distinguishing good offerings from poor ones, discerning flavor notes, DIY liquor hacks, and of course demonstrating the creation of outstanding cocktails. Just like last year, audience participation will be encouraged!
Deviant Ollam has been on this earth for 40 years and has been enjoying alcohol for more than 50% of that time. As soon as he left college (after only 3 semesters) he turned away from the Natural Ice and Southern Comfort that were the staples of Pennsylvania frat houses and learned about fine liquor, mixed drinks, and the benefits of splendid red wine. Deviant is often seen at various hacker cons dispensing artful cocktails from his backpack or mixing drinks behind the bar at parties.
Sunday
Registration will open. Tickets will be $40 (cash only).
Artificial Neural Networks are a fascinating computational approach modeled to react similar to a biological brain to solve problems. Neural networks are a very powerful tool that enable machines to teach and evolve themselves. You can utilize this power in almost any application. Don't be intimidated by the equations and Greek symbols of this cutting-edge technology, I will guide you on how to slay this technology and make it bend to your will!
In this session, we are going to demystify the presumed complexity of Neural Networks. No need for a PhD or mathematical background, after this overview, you will be discussing these concepts around the water cooler. There will be very little math and lots of coding. The goal is for everyone to become acquainted with Neural Network from a pragmatic standpoint. In this session, we will take a closer look at artificial neural networks inspired by biological neurons. We will study how these neurons can be modeled in a digital counterpart. After a short introduction of the actor model, the commonalities between neurons and how Actors work by building an asynchronous and reactive neural network will be demonstrated.
Just when you think it couldn't get any better, I will show you how to employ the functional paradigm to leverage multicore machines and GPUs to make your neural network predictions infinitely faster through parallelism. By the end of this talk, you will learn the basic concepts of Neural Network and how to apply functional concurrency to estimate future stock prices at smoking fast speeds…and perhaps get rich while practicing!
Riccardo is an information systems and technology professional and architect specializing in software & systems development. He has over 20 years’ experience delivering cost-effective technology solutions in the competitive business environment. Riccardo is passionate about integrating advanced technology tools to increase internal efficiency, enhance work productivity, and reduce operating costs. He's currently a Senior Consultant with Excella Consulting, and a MVP who is active in the .Net, functional programming, and F# communities. Riccardo believes in multi-paradigm programming to maximize the power of code and is the author of "Functional Concurrency in .NET”; which, features how to develop highly-scalable systems in F# & C#
Tired of carrying heavy backpacks? Wondering why wireless assessments can be such a drag? Script kiddies making fun of you for your outdated tools and techniques? If so, then the WiFiPi is for you!
In this talk, I'll discuss using Raspberry Pis to assess wireless networks. Your Pi can be a valuable tool in pentesting, remote monitoring, managing networks, signal testing, and more.
If you're new to Raspberry Pis, this talk will give you general methodolgy for wireless assessments as well as tips for making your gear more portable. If you're not into wireless testing, then hopefully you'll come away with some other half-baked ideas for all of those Pis that we all have Pi-ling up!
The man, the myth, the legend; Ray currently works as a Senior Penetration Testing Consultant at Secureworks, and has been there for over a year now.
When he's not hacking for work he's, well, hacking for fun as well...Ray has attended various security conferences for the past few years now, and has even spoken at CarolinaCon 13, BSides Manchester 2017, and Raleigh BSides 2017. He has competed in numerous hacking competitions and CTFs over the years, most recently with Team Eversec, and managed to place 7th in the DEFCON Open CTF, 1st in the Raleigh BSides CTF, 2nd in the DerbyCon CTF, 1st in the DEF CON 24 SOHOpelessly Broken CTF (winning a DEF CON 'black badge'), and 1st in the DEF CON 25 Wireless CTF (helping to win another black badge).
Other than security, you can always hit him up for a game of Overwatch (doyler#1799 in the Diamond rank) or a Super Smash Brothers Melee money match.
HideNSneak evolved as a tool to expand evasive penetration testing capabilities. It allows users to rapidly deploy, manage, and quickly take down a distributed cloud attack infrastructure by leveraging features of large Cloud Providers and their content delivery networks. Techniques include domain fronting with multiple providers, distributed scanning, and source of attack obfuscation. Leaning on the reputation of these networks allows traffic to more easily blend in to network traffic and create difficulty in blocking attack infrastructure. Furthermore, the ephemeral nature of the tool itself provides a realistic threat simulation, which also simulates the realistic headache this type of attack causes defenders, when they try to attribute actions to certain sets of hosts.
The overview of the toolsets features will contain an explanation of the tactics and techniques in order to provide both red teamers and blue teamers alike with more insight into why this works in "modern" networks, as well as real world scenarios. Finally, information will be provided to blue teamers in an effort to provide knowledge that can be brought back and leveraged to increase security posture.
Mike Hodges is a Senior Security Consultant for the Optiv Attack and Penetration Practice. His current focus is on expanding evasive penetration testing methodologies while similtaneously impostering as a developer. When is not wrist-deep in technical work he is on the BJJ mats, hopefully not in an armbar.
Blockchain as a technology has been proposed as a solution to everything from frictionless currency transfer to tracking cargo on ships. With over one billion dollars in venture funds invested and several hundred patents filed, every security professional must know the impact on organizations in terms of risk, volatility, and competitiveness.
This talk will explore alternative uses for blockchain technology other than cryptocurrency, and provide a framework for utilizing and securing a technology considered as disruptive as the Internet was in the 1990s.
G. Mark Hardy is founder and CEO of National Security Corporation, and has provided cyber security expertise to government, military, and commercial clients for over 35 years. He is a retired U.S. Navy Captain, having been entrusted with nine command tours throughout his career. Mr. Hardy has presented at over 300 events world-wide and continues to provide thought leadership over a range of security fields. A graduate of Northwestern University, he holds a BS in computer science, a BA in mathematics, a master's in business administration, a master's in strategic studies, and holds the CISSP, CISM, GSLC, and CISA certifications.