skip to main content

DEF CON China 1.0 Hacking Conference

WORKSHOPS

WORKSHOPS

English | 中文


Friday


10:30-14:30

14:30-18:30



Saturday


10:00-14:00

14:30-18:30



Sunday


10:00-14:00



Exploit Development for Beginners

Sam Bowne
Elizabeth Biddlecome

Learn how to take control of Windows and Linux servers running vulnerable software, in a hands-on CTF-style workshop. We begin with easy command injections and SQL injections, and proceed through binary exploits including buffer overflows on the stack and the heap, format string vulnerabilities, and race conditions.

After this workshop, you will understand how memory is used by software, and why computers are so easily tricked into executing bytes as code that entered the system as data.

We will exploit 32-bit and 64-bit Intel systems, and also ARM-based systems. We will examine modern Windows defenses in detail and learn how to defeat them, including ASLR, DEP, stack cookies, and SEHOP.

Previous experience with C and assembly language is helpful but not required. Participants will need a laptop that can run VMware or VirtualBox virtual machines.

All materials and challenges are freely available at samsclass.info, and will remain available after the workshop ends.

Sam Bowne is an instructor at City College San Francisco, and has been teaching hacking and security classes for ten years. He has presented talks and workshops at Defcon, HOPE, RSA, BSidesLV, BSidesSF, and many other conferences. He has a CISSP and a PhD and is a DEF CON Black Badge co-winner.

Elizabeth Biddlecome is a consultant and a part-time instructor at City College San Francisco, delivering technical training and mentorship to students and professionals. She leverages her enthusiasm for architecture, security, and code to design and implement comprehensive information security solutions for business needs. Elizabeth enjoys wielding everything from soldering irons to scripting languages in cybersecurity competitions, hackathons, and CTFs.

Max Class Size: 45
Prerequisites for students: Familiarity with C programming and assembly language is helpful, but not essential.
Materials or Equipment students will need to bring to participate: A laptop capable of running a virtual machine in VMware or VirtualBox.

Reverse Engineering Mobile Apps

Sam Bowne
Elizabeth Biddlecome

Practice finding flaws in real Android and iOS apps in this fun, CTF-style hands-on workshop, and you will be ready to avoid making security errors in your own apps.

Android apps are very easy to unpack, analyze, modify, and repack; partly because of the open nature of the system, and partly because most companies neglect basic security measures. In this workshop, participants will hack apps from the Bank of America, IBM, Harvard, Home Depot, the Indian government, and other large organizations. We will find insecure network transmissions, broken cryptography, improper logging, and pervasive lack of binary protections. We will also analyze the way iOS apps use network transmissions, and observe serious vulnerabilities in iOS apps from major companies.

We will analyze Android internals in details, using the Drozer attack framework to inspect and manipulate intents to exploit insecure activities and content providers. We will perform a protection level downgrade attack on an Android 4.3 device,l removing security protections from the Twitter app.

All class materials are freely available on the Web, and will remain available after the workshop. All vulnerabilities were reported to the affected companies long ago, where appropriate.

Sam Bowne is an instructor at City College San Francisco, and has been teaching hacking and security classes for ten years. He has presented talks and workshops at Defcon, HOPE, RSA, BSidesLV, BSidesSF, and many other conferences. He has a CISSP and a PhD and is a DEF CON Black Badge co-winner.

Elizabeth Biddlecome is a consultant and a part-time instructor at City College San Francisco, delivering technical training and mentorship to students and professionals. She leverages her enthusiasm for architecture, security, and code to design and implement comprehensive information security solutions for business needs. Elizabeth enjoys wielding everything from soldering irons to scripting languages in cybersecurity competitions, hackathons, and CTFs.

Max Class Size: 45
Prerequisites for students: Participant should be familiar with basic C programming. Experience with developing Windows applications, assembly language, and debuggers is helpful but not necessary.
Materials or Equipment students will need to bring to participate: Participants must bring a laptop that can run VirtualBox machines. The host system can use Mac OS (best), Linux (OK) or Windows (usable but limited). We will use free Android emulators and a Kali virtual machine. They will be available as free downloads, and also locally on USB sticks.

Hack to Basics - x86 Windows Based Buffer Overflows, an introduction to buffer overflows

Dino Covotsos
Manuel Corregedor

Want to learn about exploit development but feeling overwhelmed at all the latest technologies and buzzwords?

Hack to basics is a course which will provide you with foundational level exploit development skills with real world exploitation techniques. This will range from “Vanilla” EIP overwrites through to Structured Exception Handler(SEH) exploitation and how egg hunters work with practical examples.

By the end of the course, Students can expect to know the basics of x86 assembly, including some real world examples of exploiting vanilla EIP overwrites, SEH exploitation and using egg hunters. This will provide an entry to the world of exploit development and a strong foundation to work off in order to make it easier to transition to the newer, more advanced technologies which are in place today.

To get the most out of this training, the following should be studied beforehand:

FuzzySecurity:

http://www.fuzzysecurity.com/tutorials/expDev/1.html
http://www.fuzzysecurity.com/tutorials/expDev/2.html
http://www.fuzzysecurity.com/tutorials/expDev/3.html
http://www.fuzzysecurity.com/tutorials/expDev/4.html

Corelan:

https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/
https://www.corelan.be/index.php/2009/07/23/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-2/
https://www.corelan.be/index.php/2009/07/25/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-3-seh/

We will be using Python to construct our exploits, combined with a debugger such as Immunity or OllyDBG, it it is recommended to be familiar with both.

Dino Covotsos is the founder and CEO of Telspace Systems, a 100% South African-owned IT security firm, which started in 2002. Covotsos has many years of experience in the information security sector and has been involved in hundreds of information security projects worldwide. He is also a well-known presenter at international conferences, including Hack In the Box, Sector, H2HC, Defcon (Recon Village) and many more. Covotsos is also passionate about the information security community and is involved various community based projects. Covotsos is on the advisory board for the ITWeb Security Summit and has several industry certifications, such as the OSCE, OSCP, OSWP and CREST CRT.

Manuel is currently employed as the Chief Operating Officer at Telspace Systems. Manuel has a passion for information security and over the years has gained a significant amount of knowledge and experience in the both the technical (operational) and management areas of information security. Throughout his career he has been involved in information security-related research, training, awareness and advisory projects targeting industry sectors, large financial/government institutions, multinational organisations and SMEs. He has overseen a large number of projects, Manuel also facilitates and speaks at numerous conferences as well as taking part in radio interviews and forming part of specialist panels.

Max Class Size: 35
Prerequisites for students:
Basic experience in assembly and a debugger, preferably Immunity or Olly.
2-3 years of penetration testing experience would be beneficial.
Experience in Kali linux, as this will be used as the primary operating system.
Materials or Equipment students will need to bring to participate:
Laptops with the following specs or greater:
Intel(R) Core(TM) i7-7500U CPU @ 2.70GHz (or AMD equivalent)
8GB RAM
Kali Linux installed (x86 is fine)
Wireless Network Adapter + Ethernet Adapter

Hacking Wifi

Philippe Delteil
Guillermo Pilleux

Wireless Networks (Wifi) are the most used type of network nowadays and most people don't know really how vulnerable they are, even WPA/WPA2 Enterprise.

In this workshop we will cover most wifi encryptions being used today, how they work behind the scenes and the theory of the cracking process. Also, you will be able to apply this knowledge on the spot with some real-life-scenario wifi networks.

Some encryptions are mathematically difficult to crack, where the cracking process could take lifetimes. But not to worry, there still are ways to get around this with an attack called Man-in-the-middle (MITM). Be wary! You never know to whom's Internet Access Point you're connecting and who's eavesdropping on you.

Ever wondered how to get somebody's passwords of a website? After this workshop you will be able to supplant a website without the victim ever knowing it with Wifiphishing or DNS Spoofing the client's router.

What to know before

  • Linux commands (sed, awk, grep and the basic ones)
  • Basic shell scripting
  • Basic knowledge about WEP/WPA/WPA2/WPS

What you will learn

  • How wifi security works
  • How to audit a wireless network
  • How to perform and automate Wifi attacks (WEP/WPA/WPA2 (personal & enterprise)/WPS)
  • How to use the cloud to crack passwords (GpuHash.me, AWS EC2)
  • How to use your own GPU to crack passwords. (in case you have one)

How technical is the class

  • 40% theory and concepts
  • 60% writing and testing commands/scripts and attacking wifis.

What tools are we going to use

  • aircrack-ng (ifconfig, iwconfig, airmon-ng, airodump-ng, aireplay-ng, aircrack-ng, airbase-ng, airdecap-ng)
  • Reaver (reaver, wash)
  • Radius Servers (radiusd)
  • Pyrit
  • tshark/Wireshark/tcpdump
  • Ettercap

What to read in advance

  • Vivek Ramachandran & Cameron Buchanan, 2015, Kali Linux Wireless Penetration Testing Beginner’s Guide, Birmingham B3 2PB, United Kingdom.

Philippe Delteil is Computer Science Engineer from the University of Chile, he gave his first talk at Defcon 26 Skytalks, called "Macabre stories of a hacker in the public health sector", his country's government sent 3 officials to record the talk, over 3 Ministries shut down all their information systems afraid that Philippe would reveal some serious bugs and that Defcon attendees would hack the government, but the systems only were down from friday to monday, the only days hackers work. While living in Brazil he hacked over 3,000 wifi routers of the biggest ISP. Most of the time, he gives classes for free in various topics: CTF, pentesting, programming, Basic computer knowledge. He's been working with Wifi hacking during the last 3 months. He has a company with a very clever name: Info-sec.

Guillermo Pilleux has a B.CS. in Computer Science at University de Chile. Trainee in Info-Sec company doing Wifi hacking research. Founder and CEO of OneClick, an automation solution for real estate bill paying. Worked in Guatemala for Opticality doing HTR (Handwritten-text-recognition) research. Defcon 27 will be his first time at Defcon, he hopes to survive.

Max Class Size: 30
Prerequisites for students: Shell scripting basic skills
Basic Linux Commands
Basic networks knowledge
Materials or Equipment students will need to bring to participate: Laptop with Kali Linux (native or virtual machine). Wireless network card adapter (ALFA models, AWUS036NHA or similar) that allows packet injection.

DEFCON China 1.0 Badge Hacking Workshop

Joe Grand

Want to dive deeper into the DEFCON China 1.0 Badge and discover some of the secrets hidden within? In this workshop, badge designer Joe Grand will discuss low-level details of the badge and guide you through setting up the development environment, exploring and modifying the firmware, and more!

Joe Grand (@joegrand), also known as Kingpin, is a computer engineer, hardware hacker, DEFCON badge designer, teacher, advisor, runner, daddy, honorary doctor, TV host, member of legendary hacker group L0pht Heavy Industries, and the proprietor of Grand Idea Studio (grandideastudio.com). He has been creating, exploring, and manipulating electronic devices since the 1980s.

Max Class Size: 45
Prerequisites for students: None. No prior electronics experience necessary.
Materials or Equipment students will need to bring to participate: Attendees must bring their badge(s) and laptop (Windows, macOS, or Linux) with the Arduino IDE (https://www.arduino.cc/en/Main/Software) pre-installed.

Capturing, Analyzing and Faking BLE Communication

Yimi Hu
Tao Guo

In this workshop, we will talk about BLE communication security. As far as we know, BLE communication has been widely used in healthcare, beacons, and home entertainment industries. Thus, capturing BLE communication and doing some security research on BLE communication seems to be interesting. During this workshop, all necessary equipment is provided, such as CC2540, CC Debugger and corresponding software. Besides, BLE-based devices, such as smart bulb, smart doorlock and smart bracelet which we can find in our daily lives, will be analyzed and attacked. We hope our participants are familiar with Android development/reverse-engineering or Embedded development/reverse-engineering. It's also ok, if they don't. And participants need to take his laptop with Win 7 or higher version. The whole workshop will be divided into 3 parts. And some challenges are left for participants in each part.

Taking part in our workshop, you will get the following skills:
1) Basic knowledge about BLE communication
2) Sniffing BLE communication on the air
3) Sending BLE packets to control devices unauthorized
4) Faking BLE packets to deceive the controller

Yimi Hu, member of DC0086, senior security researcher at PwnMonkey Security Lab of Beijing xFutureSecurity Information Technology Co., Ltd., has working on IoT security for several years. During his career, he has committed many CVEs and CNNVDs on smart door locks, IP cameras and other devices from well-known manufacturer such as Samsung or Honeywell. He is also a public speaker. He has made many speeches at his country and is good at public speaking.

Tao Guo, security researcher of xFutureSecurity Information Technology Co., Ltd., member of PwnMonkey Security Lab and DC0086, has been working on development of embedded devices for many years, and now mainly focuses on security analysis of embedded devices. Since when his attention is drawn to smart door locks, many vulnerabilities on world-famous smart door locks have been committed to CVE and CNNVD.

Max Class Size: 45
Prerequisites for students: Junior experience on Android development/reverse-engineering or Embedded development/ reverse-engineering.
Materials or Equipment students will need to bring to participate: Laptop with Windows 7 or higher version. Android cellphone is also recommended.

Advanced Custom Network Protocol Fuzzing

Joshua Pereyda

Get hands on experience writing custom network protocol fuzzers. This class will cover the basics of network protocol "smart fuzzing." Exercises will utilize the open source network protocol fuzzing framework, boofuzz. Attendees will gain practice reverse engineering a network protocol, implementing and iterating on a custom fuzzer, and identifying vulnerabilities.

After:

  • You will know the basics of fuzzing.
  • You will know how to write custom network protocol fuzzers using state of the art open source tools.
  • You will have hands on experience with this widely-discussed but still largely mysterious test method.

Before (Prerequisites): You should:

  • Be comfortable doing some basic programming in Python.
  • Understand basic network protocol concepts (e.g. what is a protocol and what is a network layer).
  • Be familiar with WireShark and how to use it.
  • Have a laptop with at least 8 GB of RAM.

What you won't learn:

  • Exploit development.
  • Python programming. Because you can already do that (see above). ;)

Fuzzing is a wide and deep field with a wide array of technologies. This class is a beginner-friendly deep dive into one niche of the fuzzing world.

Joshua is a software engineer specializing in information and network security. He has worked in the critical infrastructure and cloud computing industries with employers heavily invested in software and hardware security. Among his passions are hacking, teaching kids to program, attending orchestral concerts with his wife, and figuring out how he can get paid to do it all... legally.

Joshua is the maintainer of the boofuzz network protocol fuzzing framework.

Tim is a software engineer working in information security. He has worked for a startup and data analytics companies. He currently works in critical infrastructure with a focus on security and fuzzing. He cringes at the thought of insecure systems and therefore seeks to improve the security of anyone who will listen. Tim has experience deploying gratuitous amounts of fuzz over the network, and has taught others to do the same.

Max Class Size: 45
Prerequisites for students: - Some basic Python programming experience (some programming ability is REQUIRED).
- Basic understanding of network protocols.
- Basic familiarity with Wireshark.
- Optional: Fuzzing experience.
Materials or Equipment students will need to bring to participate:
- Laptop -- strongly recommended: configure for Defcon secure Wi-Fi access beforehand.
- Software requirements will be emailed to class ahead of time

Introduction To Physical Access Controls

Valerie Thomas

Physical Access can be controlled by a variety of intelligent and simple devices. If you are wanting an overview of what these controls are and how they work, then this workshop is for you. In this class, we will discuss the fundamentals of physical security, current and upcoming technologies, and how to put them all together in order to perform a red team style assessment.

Basics

  • Facility access overview
  • Credential and identity concepts
  • Physical Access Control System (PACS) fundamentals
  • What is RFID and why does it matter?

Attacks

  • RFID hacking
  • Control system attacks
  • Defeating physical controls (fences, gates, cameras)
  • The human element of physical security

Putting it all together

  • Offsite/onsite reconnaissance
  • Attack planning and execution
  • Post-attack strategies
  • Reporting physical access finding
  • Remediation approaches and reference material

Valerie Thomas is a technical director for Securicon that specializes in social engineering and physical penetration testing. After obtaining her bachelor’s degree in electronic engineering, Thomas led information security assessments for the Defense Information Systems Agency (DISA) before joining private industry. Throughout her career, Thomas has conducted penetration tests, vulnerability assessments, compliance audits and technical security training for executives, developers and other security professionals.

Max Class Size: 30
Prerequisites for students: None
Materials or Equipment students will need to bring to participate: Laptops are not required for this course. Students will rotate through various "stations" with pre-configured equipment and tools in order to gain hands-on experience. A list of tools and other resources will be provided to students in class.