skip to main content

DEF CON China 1.0 Hacking Conference

WORKSHOPS

WORKSHOPS

English | 中文


Exploit Development for Beginners

Sam Bowne
Elizabeth Biddlecome

Schedule: TBA

Learn how to take control of Windows and Linux servers running vulnerable software, in a hands-on CTF-style workshop. We begin with easy command injections and SQL injections, and proceed through binary exploits including buffer overflows on the stack and the heap, format string vulnerabilities, and race conditions.

After this workshop, you will understand how memory is used by software, and why computers are so easily tricked into executing bytes as code that entered the system as data.

We will exploit 32-bit and 64-bit Intel systems, and also ARM-based systems. We will examine modern Windows defenses in detail and learn how to defeat them, including ASLR, DEP, stack cookies, and SEHOP.

Previous experience with C and assembly language is helpful but not required. Participants will need a laptop that can run VMware or VirtualBox virtual machines.

All materials and challenges are freely available at samsclass.info, and will remain available after the workshop ends.

Sam Bowne is an instructor at City College San Francisco, and has been teaching hacking and security classes for ten years. He has presented talks and workshops at Defcon, HOPE, RSA, BSidesLV, BSidesSF, and many other conferences. He has a CISSP and a PhD and is a DEF CON Black Badge co-winner.

Elizabeth Biddlecome is a consultant and a part-time instructor at City College San Francisco, delivering technical training and mentorship to students and professionals. She leverages her enthusiasm for architecture, security, and code to design and implement comprehensive information security solutions for business needs. Elizabeth enjoys wielding everything from soldering irons to scripting languages in cybersecurity competitions, hackathons, and CTFs.

Max Class Size: 80
Prerequisites for students: Familiarity with C programming and assembly language is helpful, but not essential.
Materials or Equipment students will need to bring to participate: A laptop capable of running a virtual machine in VMware or VirtualBox.

Reverse Engineering Mobile Apps

Sam Bowne
Elizabeth Biddlecome

Schedule: TBA

Practice finding flaws in real Android and iOS apps in this fun, CTF-style hands-on workshop, and you will be ready to avoid making security errors in your own apps.

Android apps are very easy to unpack, analyze, modify, and repack; partly because of the open nature of the system, and partly because most companies neglect basic security measures. In this workshop, participants will hack apps from the Bank of America, IBM, Harvard, Home Depot, the Indian government, and other large organizations. We will find insecure network transmissions, broken cryptography, improper logging, and pervasive lack of binary protections. We will also analyze the way iOS apps use network transmissions, and observe serious vulnerabilities in iOS apps from major companies.

We will analyze Android internals in details, using the Drozer attack framework to inspect and manipulate intents to exploit insecure activities and content providers. We will perform a protection level downgrade attack on an Android 4.3 device,l removing security protections from the Twitter app.

All class materials are freely available on the Web, and will remain available after the workshop. All vulnerabilities were reported to the affected companies long ago, where appropriate.

Sam Bowne is an instructor at City College San Francisco, and has been teaching hacking and security classes for ten years. He has presented talks and workshops at Defcon, HOPE, RSA, BSidesLV, BSidesSF, and many other conferences. He has a CISSP and a PhD and is a DEF CON Black Badge co-winner.

Elizabeth Biddlecome is a consultant and a part-time instructor at City College San Francisco, delivering technical training and mentorship to students and professionals. She leverages her enthusiasm for architecture, security, and code to design and implement comprehensive information security solutions for business needs. Elizabeth enjoys wielding everything from soldering irons to scripting languages in cybersecurity competitions, hackathons, and CTFs.

Max Class Size: TBA
Prerequisites for students: Participant should be familiar with basic C programming. Experience with developing Windows applications, assembly language, and debuggers is helpful but not necessary.
Materials or Equipment students will need to bring to participate: Participants must bring a laptop that can run VirtualBox machines. The host system can use Mac OS (best), Linux (OK) or Windows (usable but limited). We will use free Android emulators and a Kali virtual machine. They will be available as free downloads, and also locally on USB sticks.

Hacking Wifi

Philippe Delteil
Guillermo Pilleux

Schedule: TBA

Wireless Networks (Wifi) are the most used type of network nowadays and most people don't know really how vulnerable they are, even WPA/WPA2 Enterprise.

In this workshop we will cover most wifi encryptions being used today, how they work behind the scenes and the theory of the cracking process. Also, you will be able to apply this knowledge on the spot with some real-life-scenario wifi networks.

Some encryptions are mathematically difficult to crack, where the cracking process could take lifetimes. But not to worry, there still are ways to get around this with an attack called Man-in-the-middle (MITM). Be wary! You never know to whom's Internet Access Point you're connecting and who's eavesdropping on you.

Ever wondered how to get somebody's passwords of a website? After this workshop you will be able to supplant a website without the victim ever knowing it with Wifiphishing or DNS Spoofing the client's router.

What to know before

  • Linux commands (sed, awk, grep and the basic ones)
  • Basic shell scripting
  • Basic knowledge about WEP/WPA/WPA2/WPS

What you will learn

  • How wifi security works
  • How to audit a wireless network
  • How to perform and automate Wifi attacks (WEP/WPA/WPA2 (personal & enterprise)/WPS)
  • How to use the cloud to crack passwords (GpuHash.me, AWS EC2)
  • How to use your own GPU to crack passwords. (in case you have one)

How technical is the class

  • 40% theory and concepts
  • 60% writing and testing commands/scripts and attacking wifis.

What tools are we going to use

  • aircrack-ng (ifconfig, iwconfig, airmon-ng, airodump-ng, aireplay-ng, aircrack-ng, airbase-ng, airdecap-ng)
  • Reaver (reaver, wash)
  • Radius Servers (radiusd)
  • Pyrit
  • tshark/Wireshark/tcpdump
  • Ettercap

What to read in advance

  • Vivek Ramachandran & Cameron Buchanan, 2015, Kali Linux Wireless Penetration Testing Beginner’s Guide, Birmingham B3 2PB, United Kingdom.

Philippe Delteil is Computer Science Engineer from the University of Chile, he gave his first talk at Defcon 26 Skytalks, called "Macabre stories of a hacker in the public health sector", his country's government sent 3 officials to record the talk, over 3 Ministries shut down all their information systems afraid that Philippe would reveal some serious bugs and that Defcon attendees would hack the government, but the systems only were down from Friday to Monday, the only days hackers work. While living in Brazil he hacked over 3,000 wifi routers of the biggest ISP. Most of the time, he gives classes for free in various topics: CTF, pen testing, programming, Basic computer knowledge. He's been working with Wifi hacking during the last 3 months. He has a company with a very clever name: Info-sec.

Guillermo Pilleux has a B.CS. in Computer Science at University de Chile. Former student of "Introduction to CTF and Pentesting" workshop. Trainee in Info-Sec company doing Wifi hacking research. Founder and CEO of OneClick, an automation solution for real estate bill paying. Worked in Guatemala for Opticality doing HTR (Handwritten-text-recognition) research. Defcon 27 will be his first time at Defcon, he hopes to survive.

Max Class Size: TBA
Prerequisites for students: Shell scripting basic skills
Basic Linux Commands
Basic networks knowledge
Materials or Equipment students will need to bring to participate: Laptop with Kali Linux (native or virtual machine). Wireless network card adapter (ALFA models, AWUS036NHA or similar) that allows packet injection.

DEFCON China 1.0 Badge Hacking Workshop

Joe Grand

Schedule: TBA

Want to dive deeper into the DEFCON China 1.0 Badge and discover some of the secrets hidden within? In this workshop, badge designer Joe Grand will discuss low-level details of the badge and guide you through setting up the development environment, exploring and modifying the firmware, and more!

Joe Grand (@joegrand), also known as Kingpin, is a computer engineer, hardware hacker, DEFCON badge designer, teacher, advisor, runner, daddy, honorary doctor, TV host, member of legendary hacker group L0pht Heavy Industries, and the proprietor of Grand Idea Studio (grandideastudio.com). He has been creating, exploring, and manipulating electronic devices since the 1980s.

Max Class Size: TBA
Prerequisites for students: None. No prior electronics experience necessary.
Materials or Equipment students will need to bring to participate: Attendees must bring their badge(s) and laptop (Windows, macOS, or Linux) with the Arduino IDE (https://www.arduino.cc/en/Main/Software) pre-installed.

Capturing, Analyzing and Faking BLE Communication

Yimi Hu
Tao Guo

Schedule: TBA

In this workshop, we will talk about BLE communication security. As far as we know, BLE communication has been widely used in healthcare, beacons, and home entertainment industries. Thus, capturing BLE traffic and doing some security research on BLE communication seems to be interesting. During this workshop, all necessary equipment is provided, such as CC2540, CC Debugger and corresponding software. Besides, 3 kinds of BLE-based devices, which we can find in our daily lives, will be analyzed and attacked. We hope our participants are familiar with Android development/reverse-engineering or Embedded development/reverse-engineering. It’s also ok, if they don’t. And participants need to take his laptop with Win 7 or higher version. During our workshop, we will analyze BLE communication from different aspects, such as sniffing the transmission data between devices, or faking their communication.

The whole workshop can be divided into 3 parts. And some challenges are left for participants, which can be also added to DEFCON challenges list.

Yimi Hu, member of DC0086, senior security researcher at PwnMonkey Security Lab of Beijing xFutureSecurity Information Technology Co., Ltd., has working on IoT security for several years. During his career, he has committed many CVEs and CNNVDs on smart door locks, IP cameras and other devices from well-known manufacturer such as Samsung or Honeywell. He is also a public speaker. He has made many speeches at his country and is good at public speaking.

Tao Guo, security researcher of xFutureSecurity Information Technology Co., Ltd., member of PwnMonkey Security Lab and DC0086, has been working on development of embedded devices for many years, and now mainly focuses on security analysis of embedded devices. Since when his attention is drawn to smart door locks, many vulnerabilities on world-famous smart door locks have been committed to CVE and CNNVD.

Max Class Size: 50
Prerequisites for students: Junior experience on Android development/reverse-engineering or Embedded development/ reverse-engineering.
Materials or Equipment students will need to bring to participate: Laptop with Windows 7 or higher version. Android cellphone is also recommended.

Advanced Custom Network Protocol Fuzzing

Joshua Pereyda
Tim Clemans

Schedule: TBA

Get hands on experience writing custom network protocol fuzzers. This class will cover the basics of network protocol "smart fuzzing." Exercises will utilize the open source network protocol fuzzing framework, boofuzz. Attendees will gain practice reverse engineering a network protocol, implementing and iterating on a custom fuzzer, and identifying vulnerabilities.

After:

  • You will know the basics of fuzzing.
  • You will know how to write custom network protocol fuzzers using state of the art open source tools.
  • You will have hands on experience with this widely-discussed but still largely mysterious test method.

Before (Prerequisites): You should:

  • Be comfortable doing some basic programming in Python.
  • Understand basic network protocol concepts (e.g. what is a protocol and what is a network layer).
  • Be familiar with WireShark and how to use it.
  • Have a laptop with at least 8 GB of RAM.

What you won't learn:

  • Exploit development.
  • Python programming. Because you can already do that (see above). ;)

Fuzzing is a wide and deep field with a wide array of technologies. This class is a beginner-friendly deep dive into one niche of the fuzzing world.

Joshua is a software engineer specializing in information and network security. He has worked in the critical infrastructure and cloud computing industries with employers heavily invested in software and hardware security. Among his passions are hacking, teaching kids to program, attending orchestral concerts with his wife, and figuring out how he can get paid to do it all... legally.

Joshua is the maintainer of the boofuzz network protocol fuzzing framework.

Tim is a software engineer working in information security. He has worked for a startup and data analytics companies. He currently works in critical infrastructure with a focus on security and fuzzing. He cringes at the thought of insecure systems and therefore seeks to improve the security of anyone who will listen. Tim has experience deploying gratuitous amounts of fuzz over the network, and has taught others to do the same.

Max Class Size: 80
Prerequisites for students: - Some basic Python programming experience (some programming ability is REQUIRED).
- Basic understanding of network protocols.
- Basic familiarity with Wireshark.
- Optional: Fuzzing experience.
Materials or Equipment students will need to bring to participate:
- Laptop -- strongly recommended: configure for Defcon secure Wi-Fi access beforehand.
- Software requirements will be emailed to class ahead of time