Grab a drink of choice and strap in. The CarolinaCon crew will be kicking off the third Online CarolinaCon with a toast and the start of the CTF!
This year we stacked talks a bit closer together to help with flow. Please tune in on the youtube channel and on Discord! All times are EST. The CTF will run from 7:30 Friday, to noon Sunday.
Friday (April 21st)
Saturday April 22nd
In this intense keynote, Joshua brings the audience along for the ride on one of the most advanced social engineering attacks he's ever executed - robbing a bank over the phone. Audiences will be on the edge of their seats as they listen to real audio of Joshua convincing the Vice President of a bank to give up full access to his computer and eventually the entire facility.
Joshua will discuss why punitive approaches to cyber security awareness are counter-productive, how organizations can leverage AI tools to emphasize positive reinforcement techniques, and how data analysis and behavior analytics can be used to detect anomalies and create an engaging environment.
In this talk, Dylan will evaluate the security of communication between Implanted Medical Devices (IMDs) and Home Monitoring Devices (HMDs), identifying potential vulnerabilities and proposing solutions to ensure patient safety and privacy.We discuss the security vulnerabilities of wireless-enabled pacemakers, proposes solutions to mitigate these risks, and emphasizes the importance of enhancing the security of these devices for patient safety and privacy.
This talk is about my research related to software defined networking and dynamic network management. This talk will cover an overview of this research field and the current project I am working that allows for dynamically packet filtering on network switches. This solution provides a low cost distributed firewall solution that is able to scale with growing network demands.
Our research focuses on automating local and global rules in a distributed firewall network while leveraging the benefits of Software Defined Networking (SDN) and SMT solvers. This allows use to integrate our system into IDS systems like snort and filter alerts without degrading the network state and introducing network loops. The end results of this research will be an open source way to develop and deploy the next generation of security appliances.
Lunch
12:45 PM
Code for the Carolinas is currently working on two projects for the good of everyone. Open sidewalks, and zoning atlas. They will brief a brief shout-out and explain how you can help.
I will be speaking on a project to detect icy bridges and hope to recruit volunteers to assist in building a open source software using NCDOT cameras. The project uses two different cloud providers GCP and AWS. Each flavor runs web apps using micro services - ie not vm's. Each project uses a different ML framework for the respective platforms
This talk is about OSINT and protecting personal privacy. As a pentester, a component of my job is social engineering and I show how I locate and piece together publicly available information on work engagements to carry out successful campaigns. Then I also talk about how people and companies can take back control of this information and protect themselves by being more selective about what information is shared or available online.
In this talk, I will explain how 0days' are found through different Fuzzing techniques. I'll walk you through how you create a fuzzer, types of fuzzers, and types of targets. We will look into how you can find a Buffer Overflow, and how to leverage that to write your own exploit. 2 PoC demos included, of course!
The Internet of Things (IoT) and the rise of Operational Technology (OT) networks have brought about a significant increase in the number of connected devices in modern networks, creating new challenges for blue teams in terms of inventorying assets, identifying and mitigating vulnerabilities, and verifying security controls coverage. This presentation will explore the unique challenges that IoT and OT pose for network scanning and provide solutions for effectively addressing these challenges.
"Can you turn the cracking server off & on again..." Something I'd often request a co-worker to do in the office & talking with @netmux happens quite often w/password cracking rigs. Whether it’s an Nvidia driver update or the changes you did to optimize the OS for password cracking, it can turn your server into a fragile machine. We’ll show how you can automate the setup of a password cracking rigs & build resilience into that process (automating snapshots & rollbacks w/ansible + libvirt/QEMU).
In today's fast-paced business environment, organizations need to be able to access and manage their data quickly and easily. However, traditional methods of storing and managing database credentials can be time-consuming and insecure. To safeguard our data and our reputation we must shift our thinking from static long-lived accounts to this new methodology of minimizing the number of accounts in our databases and short-lived dynamic accounts.
Join us at Flying Saucer (328 W Morgan St, Raleigh, NC 27601) in Raleigh! There will be appetizers and most of the CarolinaCon Crew!
Sunday (April 23rd)
Organizations often disclose a wealth of information without realizing it. Attackers can use open source intelligence resources to recover information about their external and internal infrastructure as well as employees without sending a single packet to the target. In this talk, I will cover multiple resources that I use on penetration tests and red teams to quickly and thoroughly gather information about a target that often leads to successful compromises
This talk will provide an detailed walk through the motivation of the design of the CarolinaCon Online 3 badge and it's hidden features.
12:00 PM
Conference close. CTF winners announced
CC Crew