skip to main content

DEF CON 26 Hacking Conference

WORKSHOPS

WORKSHOPS

WORKSHOPS REGISTRATION IS NOW CLOSED!

Thursday


10:00 - 14:00

14:30 - 18:30



Friday


10:00 - 14:00

14:30 - 18:30



Saturday


10:00 - 14:00

14:30 - 18:30



Crypto Hero

Friday, 1000-1400 in Icon F

Sam Bowne Instructor, City College San Francisco

Dylan James Smith

Elizabeth Biddlecome Security Consultant

Protect data with strong cryptography (AES, RSA, SHA) and attack these systems (Existential Forgery, Padding Oracle, and more). Apply these techniques to blockchains including Bitcoin, Ethereum, and Multichain.

This is a hands-on workshop with a series of CTF-style challenges, beginning with simple data conversions and extending to advanced methods appropriate for experts. We will briefly explain and demonstrate the techniques, and trainers will help participants individually with the challenges.

Prerequisites: Prior experience with cryptography is helpful but not required.

Materials: A laptop capable of running VMware virtual machines

Max students: 84

Registration: -CLASS FULL- https://www.eventbrite.com/e/crypto-hero-icon-f-tickets-47194055691
(Opens July 8, 2018 at 15:00 PDT)

Sam Bowne
Sam Bowne is an instructor at City College San Francisco, and has been teaching hacking and security classes for ten years. He has presented talks and workshops at Defcon, HOPE, RSA, BSidesLV, BSidesSF, and many other conferences. He has a CISSP and a PhD and is like, really smart.

Dylan James Smith
Dylan James Smith has assisted Sam Bowne with classes as a tutor and TA and at hands-on workshops at DEF CON, RSA, B-Sides LV and other conferences. He has worked in and around the computer support and network administration industries since adolescence. Now he's old(er.) Currently tearing things apart and putting them back together and seeking opportunities to practice and teach "the cybers".

Elizabeth Biddlecome
Elizabeth Biddlecome is a consultant and instructor, delivering technical training and mentorship to students and professionals. She leverages her enthusiasm for architecture, security, and code to design and implement comprehensive information security solutions for business needs. Elizabeth enjoys wielding everything from soldering irons to scripting languages in cybersecurity competitions, hackathons, and CTFs.

Back to top



JWAT...Attacking JSON Web Tokens

Friday, 1430-1830 in Icon D

Louis Nyffenegger Security Engineer, Pentester Lab

Luke Jahnke Security Researcher, Elttam

Nowadays, JSON Web Tokens are everywhere. They are used as session tokens, Oauth tokens or just to pass information between applications or microservices. By design, JWT contains a high number of security and cryptography pitfalls that creates interesting vulnerabilities. In this workshop, we are going to learn how to exploit some of those issues: the none algorithm, guessing the hmac secret, using a public key as a hmac secret... and finally CVE-2018-0114: a bug in the Cisco's Node JOSE.

Prerequisites: The students should be able to use Burp and write some basic scripts in the language of their choice. They will also need to be familiar with VMWare or the virtualization software of their choice.

Materials: A laptop with 4Gb of RAM and the virtualization software of their choice. Internet access during the class.

Max students: 33

Registration: -CLASS FULL- https://www.eventbrite.com/e/jwatattacking-json-web-tokens-icon-d-tickets-47193664521
(Opens July 8, 2018 at 15:00 PDT)

Louis Nyffenegger
Louis Nyffenegger is a security engineer and entrepreneur based in Melbourne, Australia. He performs pentest, architecture and code review on a daily basis. Louis is the founder of PentesterLab, a learning platform for web penetration testing.

Luke Jahnke
Luke Jahnke is a Security Researcher at Elttam. He has extensive experience performing security assessments and running training. He enjoys working on interest vulnerabilities and runs the biennial BitcoinCTF competition.

Back to top

Reverse Engineering with OpenSCAD and 3D Printing

Friday, 1000-1400 in Icon B

Nick Tait

The main focus of this class is a software tool and programming language OpenSCAD. Through a specific example we will learn to reproduce physical objects. We'll cover the entire workflow from measurement, sketching, modeling, and manufacturing. Additional hints for optimizing your design for 3D printing will enable rapid product iteration. All modeling in OpenSCAD is through writing commands which brings many powerful properties of software such as parameterization, version control, and reusable components to CAD modeling. Ultimately with the combination of these skills you'll be equipped to repair and improve your stuff.

Prerequisites: No previous programming experience required, but it will help you get more out of this workshop.

Materials: A laptop with an up to date:
* Operating system (Linux/OS X/Win)
* OpenSCAD (free and open source) http://www.openscad.org/
* Cura (free and open source) https://ultimaker.com/en/products/ultimaker-cura-software

Max students: 30

Registration: -CLASS FULL- https://www.eventbrite.com/e/digital-manufacturing-using-reverse-engineering-open-source-3d-printers-and-software-icon-b-tickets-47194008550
(Opens July 8, 2018 at 15:00 PDT)

Nick Tait
nickthetait (government name Nicholas Tait) is a software engineer and fixer of things currently living in Fort Collins, Colorado. His most recent job focused on producing numbers to coax 3D printers to do the user's bidding. Before that he helped route packages for a multinational corporation that rhymes with annex.

Lately he's been in training for his next job - attending any cyber security event physically (and sometimes digitally) possible, contributing to a bunch of open source projects, learning to pick locks and talking about encryption to anyone that will listen. Rock climbing and mountain biking are long time passions that keep the blood pumping and ideas flowing.

Back to top



ARM eXploitation 101

Friday, 1000-1400 in Icon D

Sneha Rajguru Security Consultant, Payatu Software Labs LLP

ARM architecture based systems are on the rise and seen in almost every hand-held or embedded device. The increasing popularity and growth of the Internet of Things (IoT) have allowed widespread use of ARM architecture. As with any other thing in this world, increasing popularity and usage brings new security challenges and attacks. This workshop aims to provide an introduction to ARM architecture, assembly and explore intermediate level exploitation techniques on ARM along with hands-on examples and challenges.

This session is aimed at security professionals and personnel who possess general security knowledge and wish to enter the field of ARM exploitation.

The attendees will walk away with basic knowledge and skills of ARM Architecture, Assembly, and Exploitation techniques.

The workshop will provide a base for the attendees to develop exploit research expertise on the ARM based platforms

Topics Covered:

Introduction to ARM CPU Architecture
Registers
Modes of Operations
ARM Assembly Language Instruction Set
Introduction to ARM functions and working
Debugging on ARM
Stack Overflow on ARM
How to write a shellcode
How to reverse a shellcode

Prerequisites: The participants are not expected to have any prior knowledge about ARM architectures whereas familiarity with C and Linux Command line will be useful.

Materials: Hardware Requirements: Minimum 4GB RAM and more than 20 GB Free Hard Disk Space
Software Requirements:Windows 7/8, *Nix, Mac OS X 10.5, Administrative privileges on your machines, Virtualbox or VMPlayer, SSH Client

Max students: 33

Registration: -CLASS FULL- https://www.eventbrite.com/e/arm-exploitation-101-icon-d-tickets-47194115871
(Opens July 8, 2018 at 15:00 PDT)

Sneha Rajguru
Sneha works as Senior Security Consultant with Payatu Software Labs LLP. Her interests lies in web, mobile application security and fuzzing. She has discovered various security flaws within various open source applications such as PDFLite, Jobberbase, Lucidchart and more. She has spoken and provided trainings at various conferences such as DEFCON, BSides LV, BSidesVienna, OWASP AppSec USA, DeepSec, DefCamp, FUDCon, and Nullcon. Sneha is passionate about promoting and encouraging Women in Security and has founded an initiative called WINJA-CTF through which she hosts women-only CTFs and Workshops at conferences and other events. Sneha is also active in the local security community and hosts local security meet-ups in Pune. She leads the Pune chapter of null community.

Back to top



Buzzing Smart Devices: Smart Band Hacking

Friday, 1430-1830 in Icon B

Arun Magesh IoT Security Researcher, Payatu Software Labs, LLP

With the recent advancement in connected/smart device and availability of ready-made framework for both hardware and software development. Companies want to rapidly get into smart device market. it is necessary to look at the security feature of these smart device as our digital lives are connected with these devices.

Bluetooth has been around for almost a decade and with the need of low power wireless network and interoperability. Bluetooth has been used in vast majority of the device because of its low power footprint and interoperability as most of our smartphones have Bluetooth

In this workshop, we will be learning on how to fuzz the Bluetooth LE functionality of smart devices and exploit it. In the process, we will learn about how the Bluetooth low energy protocol works and various tools involved in reversing a smart band. We will also introduce a Bluetooth fuzzing framework called as Buzz and use it to crash or find other information in the smart band.

By the end of the class, we will also touch base on the hardware level exploits like accessing the serial port, debugging port and bypass Flash Read protection to extract the firmware from the smart band and demos on the same.

Prerequisites: Knowledge of Linux OS, Basic knowledge of programming (C, python) would be a plus

Materials: Laptop with at least 50 GB free space , 8+ GB minimum RAM (4+GB for the VM), External USB access (min. 2 USB ports)
Administrative privileges on the system
Virtualization software & Latest VirtualBox (5.2.X) (including Virtualbox extension pack)
Linux host machines should have exfat-utils and exfat-fuse installed (ex: sudo apt-get install exfat-utils exfat-fuse).
Virtualization (Vx-t) option enabled in the BIOS settings for VirtualBox to work
Tools will be provided by the instructor and to be returned.
You can also buy the hardware yourself.
SmartBand: https://www.banggood.com/No_1-F4-Blood-Pressure-Heart-Rate-Monitor-Pedometer-IP68-Waterproof-Smart-Wristband-For-iOS-Android-p-1182728.html
Bluetooth Dongle: https://www.amazon.com/DayKit-Bluetooth-Adapter-Windows-Raspberry/dp/B01IM8YKPW/

Max students: 30

Registration: -CLASS FULL- https://www.eventbrite.com/e/buzzing-smart-devices-smart-band-hacking-icon-b-tickets-47193534131
(Opens July 8, 2018 at 15:00 PDT)

Arun Magesh
Arun Magesh works as IoT Security Researcher at Payatu Software labs and has worked on numerous smart devices pentest in the past couple of years. With an electrical engineering academic background, he serves as a core committee member for several IoT local chapters and hackerspaces in India, where he regularly delivers talks and hands-on workshops. He has 5+ years hands-on experience in both building and breaking IoT devices and has been previously awarded for India's Top 25 under 25 technologists and Intel Software Innovator. He has delivered training to numerous governmental and private organizations around the world. He is also a speaker and trainer at several conferences like nullcon18, zer0con18, RISC17, Intel Devfest and EFY17 and His main focus area in IoT is embedded device and SDR security. He has also built and contributed to a number of projects such as Brain-Computer interfacing and Augment Reality solutions.

Back to top



Attacking Active Directory and Advanced Defense Methods in 2018

Friday, 1000-1400 in Icon C

Adam Steed Security Consultant, Protiviti

James Albany Senior Consultant, Protiviti

This hands-on workshop teaches you how to both attack and defend Active Directory. We will start by deploying an Active Directory environment using the typical security settings found in most medium to large organizations. Participants will then learn current common methods and tools used to exploit Active Directory against a lab environment. Participants will create a hardened Active Directory environment using advanced methods to secure domain controllers from attack and then try to compromise their hardened environments.

Prerequisites: Some basic background in Active Directory

Materials: Need a laptop running a hypervisor that would support the import and running of multiple prebuilt virtual images.

Max students: 66

Registration: -CLASS FULL- https://www.eventbrite.com/e/attacking-active-directory-and-advanced-defense-methods-in-2018-icon-c-tickets-47194199120
(Opens July 8, 2018 at 15:00 PDT)

Adam Steed
Adam Steed prides himself in not just being an Information Security professional, but has been part of the culture that has defined Defcon for the last two decades. He has over 20 years of experience in working for Financial, Websites and Healthcare organizations. Currently Adam is a Associate Director at Protiviti as part of the Security and Privacy practice, leading Active Directory assessments and remediation work for Protiviti's clients. He has also spoken at Defcon, Bsides and other events across the United States.

James Albany
James is a Senior Consultant in the Security and Privacy practice at Protiviti. He received a B.S. in Security and Risk Analysis with a specialization in Cyber Security from Penn State University. He currently provides information security services for a wide range of clients in various industries to identify and communicate business risks.

Back to top



Penetration Testing Environments: Client & Test Security

Friday, 1430-1830 in Icon E

Wesley McGrew Director of Cyber Operations, HORNE Cyber Solutions

Kendall Blaylock Director of Cyber Intelligence, HORNE Cyber

Penetration testers can have the tables turned on them by attackers, to the detriment of client and tester security. Vulnerabilities exist in widely-used penetration testing tools and procedures. Testing often takes place in hostile environments: across the public Internet, over wireless, and on client networks where attackers may already have a foothold.

In these environments, common penetration testing practices can be targeted by third-party attackers. This can compromise testing teams in the style of "ihuntpineapples", or worse: quietly and over a long period of time. The confidentiality, integrity, and availability of client networks is also put at risk by "sloppy" testing techniques.

In this workshop, we present a comprehensive set of recommendations that can be used to build secure penetration testing operations. This includes technical recommendations, policies, procedures, and guidance on how to communicate and work with client organizations about the risks and mitigations. The goal is to develop testing practices that:

- ...are more professionally sound
- ...protect client organizations
- ...protect penetration testers' infrastructure, and
- ...avoid a negative impact on speed, agility, and creativity of testers

The recommendations are illustrated with entertaining and informative hands-on exercises. For the DEF CON 26 version of this class, the exercises have been updated to take place within Docker containers, and a portion of the class will involve introducing penetration testers to the use (and abuse) of containers.

Exercises include:
- Vulnerability analysis of a penetration testing device's firmware
- Quick and dirty code audits of high-risk testing tools
- Monitoring and hijacking post-exploitation command and control
- Layering security around otherwise insecure tools.

After this workshop, you will walk away with actionable recommendations for improving the maturity and security of your penetration testing operations, as well as an exposure to the technical aspects of protecting the confidentiality of sensitive client data. You will participate in hands-on exercises that illustrate the importance of analyzing your own tools for vulnerabilities, and learn how to think like an attacker that hunts attackers. You'll hear about the challenges that are inherent in performing penetration tests on sensitive client networks, and learn how to layer security around your practices to reduce the risks.

Prerequisites: To get the most out of this class, students should have the ability to read/follow code in many programming languages (C/C++, Python, PHP, etc.). Students should also be familiar with navigation and use of the Linux command line. Experience with penetration testing will be useful, but those new to penetration testing should not be discouraged. The entire point is to pick up good operational security habits.

Materials: Students who wish to participate in the hands-on exercises should bring a laptop with at least 8GB of RAM, and a working installation of Docker (to the point of being able to run "docker run hello-world"). The instructor will be teaching and demonstrating with Linux, and it is recommended as your host operating system, but a Docker installation on Windows should also be able to complete the exercises (16GB RAM recommended for Windows host operating systems). Materials will be provided on USB drives at the workshop.

Max students: 33

Registration: -CLASS FULL- https://www.eventbrite.com/e/penetration-testing-environments-client-test-security-icon-e-tickets-47193713668
(Opens July 8, 2018 at 15:00 PDT)

Wesley McGrew
Wesley McGrew oversees and participates in penetration testing in his role as Director of Cyber Operations for HORNE Cyber Solutions. He has presented on topics of penetration testing, vulnerabilities, and malware analysis at DEF CON and Black Hat USA. He teaches a self-designed course on reverse engineering to students at Mississippi State University, using real-world, high-profile malware samples. Wesley graduated from Mississippi State University's Department of Computer Science and Engineering and previously worked at the Distributed Analytics and Security Institute. He holds a Ph.D. in computer science for his research in vulnerability analysis of SCADA HMI systems.

Kendall Blaylock
Kendall serves as Director of Cyber Intelligence for HORNE Cyber, where his specialty is digital forensics and incident response. Prior to his role at HORNE Cyber, Kendall co-founded the National Forensics Training Center where he served as lead instructor providing training to law enforcement and U.S. military veterans in a wide range of digital forensic skills.

Back to top



Threat Hunting with ELK

Friday, 1430-1830 in Icon C

Ben Hughes

Fred Mastrippolito

Jeff Magloire

This hands-on training will walk attendees through leveraging the open source ELK (Elastic) stack to proactively identify malicious activity. The basic tools and techniques taught during this class can be used to investigate isolated security incidents or implemented at scale for continuous monitoring and hunting. Attendees will be provided with access to a preconfigured ELK cluster and extensive sample logs containing diverse malicious events waiting to be discovered. The training will conclude with a friendly CTF to give attendees an opportunity to collaborate on teams and put their learning into practice in a simulated network environment.

Prerequisites: Past blue team experience (SOC, NSM, threat hunting, IR, forensics, etc.) is helpful, but not required.

Materials: Students will need to bring their own Windows/Linux/macOS laptop with 8+ GB RAM, WiFi, and VirtualBox or VMware installed. A VM will be made available to attendees for download before class, as well as available on USB flash drives at the start of class.

Max students: 66

Registration: -CLASS FULL- https://www.eventbrite.com/e/threat-hunting-with-elk-icon-c-tickets-47193887187
(Opens July 8, 2018 at 15:00 PDT)

Ben Hughes
Ben (@CyberPraesidium) brings over 12 years of diverse experience in cyber security, IT, and law. He leads Polito's commercial services including vulnerability assessments, penetration testing, incident response, forensics, and threat hunting. Prior to joining Polito, Ben worked on APT hunt teams at federal and commercial clients, sharpening his skills in network security monitoring, IR, forensics, malware analysis, security configuration, and cyber threat intelligence. He holds CISSP, GCFA, GWAPT, and Splunk Power User certifications. Ben is also a member of the Maryland bar and volunteers at a pro bono legal clinic.

Fred Mastrippolito
With over 15 years of experience in cybersecurity, Fred (@politoinc) was a founding member of an elite group of computer forensics and intrusion analysts for a major defense contractor. He has performed numerous web application assessments and penetration tests for financial services, federal government, and retail clients. He has managed SOCs, responded to incidents, and analyzed malware. Jeff is a highly skilled cleared professional with extensive knowledge working with information security and incident response cases in both the corporate and federal sector.

Jeff Magloire
Jeff has 9 years of expertise in the field of Endpoint and Mobile based Intrusion Detection and Protection, Network security, e-Discovery, Mobile Application Security, and Information security. His experience includes providing Subject Matter Expertise in the area of forensics and cyber security for some of America's essential government entities such as the White House, FBI, DOJ, SEC to name a few. Jeffrey currently holds a Masters of Science in Digital Forensics from George Mason University along with a Bachelors in Business Information Technology from St Johns University. Jeffrey also has industry recognized certifications such as GIAC Certified Forensic Analyst, Encase Examiner and Encase E-Discovery, Xways, and Cellebrite Certifications.

Back to top



Attacking & Auditing Docker Containers Using Open Source

Friday, 1000-1400 in Icon E

Madhu Akula Security & DevOps Researcher, Appsecco

Developers and Operations teams (DevOps) have moved towards containers and modern technologies. Attackers are catching up with these technologies and finding security flaws in them. In this workshop, we will look at how we can test for security issues and vulnerabilities in Dockerised environments . Throughout the workshop we will learn how we can find security misconfigurations, insecure defaults and container escape techniques to gain access to host operating system (or) clusters. In the workshop, we will look at real world scenarios where attackers compromised containers to gain the access to applications, data and other assets.

By the end of workshop participants will be able to:

- Understand Docker security architecture
- Audit containerised environments
- Perform container escapes to get access to host environments

The participants will get the following:

- A Gitbook(pdf, epub, mobi) with complete workshop content
- Virtual machines to learn & practice
- Other references to learn more about topics covered in the workshop

Prerequisites: Basic familiarity with Linux and Docker

Materials: A laptop with administrator privileges
10 GB of free Hard Disk Space
Ideally 8 GB of RAM but minimum 4 GB
Laptop should support hardware-based virtualization
If your laptop can run a 64-bit virtual machine in Oracle VirtualBox it should work
Other virtualisation software might work but we will not be able to provide support for that.

Max students: 33

Registration: -CLASS FULL- https://www.eventbrite.com/e/attacking-auditing-docker-containers-using-open-source-icon-e-tickets-47194085781
(Opens July 8, 2018 at 15:00 PDT)

Madhu Akula
Madhu is a security ninja and published author, security and devops researcher with extensive experience in the industry ranging from client facing assignments building scalable and secure infrastructure, to publishing industry leading research to running training sessions for companies and governments alike.

Madhu's research papers are frequently selected for major security industry conferences including Defcon 24, Blackhat USA 2018, All Day DevOps (2016, 2017), DevSecCon (London, Singapore, Boston), DevOpsDays India, c0c0n, Serverless Summit, ToorCon, DefCamp, SkydogCon, NolaCon and null, etc. Madhu was a keynote speaker for the National Cyber Security conference at Dayananda Sagar College in Feb 2016.

When he's not working with Appsecco's clients or speaking at events he's actively involved in researching vulnerabilities in open source products/platforms such as WordPress, Ntop, Opendocman etc. and is also a contributing bug hunter with Code Vigilant (a project to Secure Open Source Software). His research has identified many vulnerabilities in over 200 organisations including US Department of Homeland Security, Google, Microsoft, Yahoo, Adobe, LinkedIn, Ebay, At&t, Blackberry, Cisco, Barracuda etc. He is also an active member with Bugcrowd, Hackerone, Synack etc.

Madhu has trained over 5000 people in information security for companies and organisations including the Indian Navy and the Ministry of e-services in a leading Gulf state. He is co-author of Security Automation with Ansible2 book published by Packt Publishing in December 2017, which is listed as a resource by the RedHat Ansible itself.

Back to top



Deploying, Attacking, and Securing Software Defined Networks

Friday, 1430-1830 in Icon F

Jon Medina Security Architect, Protiviti
Megha Kalsi Security Manager, Protiviti

Let's get our hands dirty in Software Defined Networking! Whether you're a network engineer or just a netsec enthusiast, this workshop will provide you with tools and guidance to set up, attack, and secure a software defined network from scratch using open-source tools and cloud-based switching software. Each attendee will be given access to a lab environment where they can deploy, test, configure, break, and secure a software defined network. All scripts and deployment instructions will be provided at the end, so you can continue your testing and research back home, or use it to make friends and win bets at the pub.

Prerequisites: Basic networking, knowledge of the OSI model, and basic *nix shell familiarity.

Materials: Laptop with internet access, web browser with HTML5 capability

Max students: 84

Registration: -CLASS FULL- https://www.eventbrite.com/e/deploying-attacking-and-securing-software-defined-networks-icon-f-tickets-47193792905
(Opens July 8, 2018 at 15:00 PDT)

Jon Medina
Jon is a security nerd who has worked in networking and security capacities for everything from the Department of Defense, to the Fortune 500, to state and local government. He currently works for Protiviti providing security consulting for a wide variety of clients and industries. His interests outside of security include traveling, hockey, strange beers, and his bulldog. He's spoken at Shmoocon, BSides, and many other security events and conferences.

Megha Kelsi
Megha is an Orlando-based security geek who’s worked in consulting across a wide variety of industries and solutions. She works extensively in security architecture, network security, vulnerability assessments, social engineering (Ferris Bueller style), incident response, and security operations. She enjoys spending time with her family, dancing, boxing / kickboxing (beating the crap out of punching bags is a hobby right?), and keeping up with the latest security news.

Back to top



Joe Grand's Hardware Hacking Basics

Saturday, 1000-1400 in Icon A

Joe Grand Grand Idea Studio

Interested in hardware hacking, but don't know where to start? This workshop covers the basic skills you'll need for hacking modern embedded systems, including soldering/desoldering, circuit board modification, signal monitoring/analysis, and memory extraction. It is a subset of Joe Grand's Hands-on Hardware Hacking training class that he has been teaching since 2005.

Prerequisites: None. No prior electronics experience necessary.

Materials: Attendees must bring their own laptop (Windows, macOS, or Linux) with the following software pre-installed:

- Saleae Logic, https://www.saleae.com/downloads
- FTDI Virtual COM Port (VCP) drivers, http://www.ftdichip.com/Drivers/VCP.htm
- PuTTY (or other suitable terminal program), https://www.chiark.greenend.org.uk/~sgtatham/putty/
- libmpsse, https://github.com/l29ah/libmpsse

All other hardware and tools will be provided.

Max students: 24

Registration: -CLASS FULL- https://www.eventbrite.com/e/joe-grands-hardware-hacking-basics-icon-a-tickets-47194166021
(Opens July 8, 2018 at 15:00 PDT)

Joe Grand
Joe Grand (@joegrand), also known as Kingpin, is a computer engineer, hardware hacker, former DEFCON badge designer, teacher, advisor, runner, daddy, honorary doctor, TV host, member of legendary hacker group L0pht Heavy Industries, and the proprietor of Grand Idea Studio (grandideastudio.com). He has been creating, exploring, and manipulating electronic systems since the 1980s.

Back to top



Build Your Own OpticSpy Receiver Module

Saturday, 1430-1830 in Icon A

Joe Grand Grand Idea Studio

OpticSpy is an open source hardware module for experimenting with optical data transmissions. It captures, amplifies, and converts an optical signal from a visible or infrared light source into a digital form that can be analyzed or decoded with a computer. With OpticSpy, electronics hobbyists and hardware hackers can search for covert channels, which intentionally exfiltrate data in a way undetectable to the human eye, add data transfer functionality to a project, or explore signals from remote controls and other systems that send information through light waves.

In this workshop, creator Joe Grand will present a brief history of the project and then guide you through the process of building, calibrating, and testing your own kit version of OpticSpy.

Prerequisites: None. No prior soldering experience necessary.

Materials: None

Max students: 12

Registration: -CLASS FULL- https://www.eventbrite.com/e/build-your-own-opticspy-receiver-module-icon-a-tickets-47193834028
(Opens July 8, 2018 at 15:00 PDT)

Joe Grand
Joe Grand (@joegrand), also known as Kingpin, is a computer engineer, hardware hacker, former DEFCON badge designer, teacher, advisor, runner, daddy, honorary doctor, TV host, member of legendary hacker group L0pht Heavy Industries, and the proprietor of Grand Idea Studio (grandideastudio.com). He has been creating, exploring, and manipulating electronic systems since the 1980s.

Back to top



Attack & Defense in AWS Environments

Saturday, 1000-1400 in Icon E

Vaibhav Gupta Security Researcher, Adobe Systems

Sandeep Singh Security Managing Consultant, NotSoSecure

AWS is the most widely used cloud environments today and almost every security professional have to encounter this environment whether you are attacking an organization or defending it. In this fast-paced workshop we will teach participants with some neat tools, techniques and procedures to attack the most widely used AWS services as well as to defend them.

- Recon / Information Gathering on AWS Services
- Attacking S3 buckets
- Exploiting web application flaws to compromise AWS services (IAM/KMS)
- Attacking Serverless applications
- Disrupting AWS Logging
- Attacking Misconfigured Cloud SDN

Takeaways: Students will be able to understand and appreciate the delta in attack surface which gets added due to moving to cloud. And subsequently design architecture and develop applications to defend them.

What will participants be provided?
- PDF copy of slide deck
- Lab VM
- Workshop lab manual
- Bonus labs

Target Audience:
- Cloud Security Engineers
- DevOps engineers
- Security Analyst
- Penetration Testers
- Anyone else who is interested in Cloud Security
- If you are an Expert or Advanced user, you may join us as co-trainers! :-)

Prerequisites: - Need to have AWS account (Free-tier) - Basic understanding of AWS

Materials: - Machine with at least 8 GB RAM and 20 GB free HD space - VirtualBox [VMs will be provided]

Max students: 33

Registration: -CLASS FULL- https://www.eventbrite.com/e/attack-defense-in-aws-environments-icon-e-tickets-47194715665
(Opens July 8, 2018 at 15:00 PDT)

Vaibhav Gupta
Vaibhav is working as a Security Researcher with Adobe Systems. His expertise lies in infusing design and architecture level security in applications hosted in-house and on cloud environments. With ~9 years of diverse InfoSec exposure, he has strong experience in attacking and defending applications including the ones hosted on the cloud. He is co-leading the OWASP and Null community in Delhi region and has delivered multiple sessions at the local and global stage. Vaibhav is also co-organizer for BSides Delhi.

Sandeep Singh
Sandeep is a Security Managing Consultant with NotSoSecure. He has over 5 years of experience in delivering high end security consulting services to clients across the globe. Sandeep has also worked in Detection and Response teams in the past. He is the co-lead of OWASP Delhi chapter and Community Manager of null community and actively contributes to the local security community. He has conducted and delivered many talks and workshops for the local community in the past. Sandeep is also one of the organizers of BSides Delhi.

Back to top



Securing Big Data in Hadoop

Saturday, 1430-1830 in Icon F

Miguel Guirao

Big Data have been for quiet a good time the driving force for innovation in many markets around. Data is the current asset that companies from around the world look for to crunch and extract information and knowledge, get new insights in order to create new services and products to deliver to their customers and finally improve their profits.

Because of that, it is imperative to protect such an important asset. In this workshop we will look at Haddoop from the point of view of security. We will learn what the Hadoop ecosystem has to offer us to protect our data, starting with Kerberos, perimeter security with Apache Knox, Configuring authorization with Apache Ranger and enabling encryption of the HDFS (Hadoop File System).

1) Kerberos is used in Hadoop to provide an authentication system for users and other system interacting with the Hadoop cluster and it's services. Strongly authenticating and establishing a user's identity is the basis for secure access in Hadoop. Users need to be able to reliably "identify" themselves and then have that identity propagated throughout the Hadoop cluster. Hadoop uses Kerberos as the basis for strong authentication and identity propagation for both user and services. More info: https://web.mit.edu/kerberos/

2) The Apache Knox Gateway (Knox) is a system to extend the reach of Apache Hadoop services to users outside of a Hadoop cluster without reducing Hadoop Security. Knox also simplifies Hadoop security for users who access the cluster data and execute jobs. The Knox Gateway is designed as a reverse proxy. The Apache Knox Gateway is an Application Gateway for interacting with the REST APIs and UIs of Apache Hadoop deployments. The Knox Gateway provides a single access point for all REST and HTTP interactions with Apache Hadoop clusters. More info: https://knox.apache.org/

3) Apache Ranger is a framework to enable, monitor and manage comprehensive data security across the Hadoop platform. The vision with Ranger is to provide comprehensive security across the Apache Hadoop ecosystem

Prerequisites: In order to get out the most of this workshop, the student needs to be comfortable working in the command line, moving around the filesystem, editing files with vi or nano, visualizing and understanding processes and the top or htop command outputs. If you have been using the UNIX or UNIX-like command line for a time, you should be good and al set.

Materials: Since this is NOT a class of how to setup a Hadoop cluster, but instead on how to secure a Hadoop cluster, it is a must that students taking this workshop come with the Hortonworks Data Platform (HDP) Docker image (https://hortonworks.com/products/sandbox/) already installed! The Docker image image is very big and it will take you a considerable time to download it during the workshop. Warning!! DO NOT download Hortonworks Data Flow (HDF), it is NOT THE SAME!

Please read the Intall Guide for the the type of the HDP and OS you will be using!

The workshop is prepared using Ubuntu Linux 18.04 and Docker!

Max students: 84

Registration: -CLASS FULL- https://www.eventbrite.com/e/securing-big-data-in-hadoop-icon-f-tickets-47194514062
(Opens July 8, 2018 at 15:00 PDT)

Miguel Guirao
Miguel Guirao (aka Chicolinux), as been in the information security industry for around twelve years, he is a freelance consultant at Futura - Open Solutions, where he also has been training professionals about Linux Management, Information Security and Programming. He has been also a professor since 2009 for the Anahuac Mayab University where he teaches at the School of CS Engineering and at the School of Multimedia Design. He teaches Information Security in the Master of Information Technology Management. He is also VicePresident of Security & Internet for the National Chamber of the Electronics, Telecommunications and Information Technology in Mexico, where he helps to create awareness and infosec training in IT companies.

He is a Community Mentor for SANS Institute. He holds a GIAC GCIH Certification from the SANS Institute. Thechnical Reviewer for SANS Securing The Human Project, eForensics Magazine.

Since 2017 he got an interest in Big Data and DevOps, specially from the security perspective, and he currently runs the lab that test and research ways to to protect big data and devops systems, where he and his students have fun protecting and hacking this systems.

This is his second workshop at DEFCON!

Back to top



Bypassing Windows Driver Signature Enforcement

Friday, 1000-1400 in Icon A

Csaba Fitzl

Microsoft does a great effort to harden the Windows kernel and limit attackers to load their custom drivers (kernel rootkits) with the introduction of Driver Signature Enforcement in Win7x64. In this 4 hour workshop we will learn the limitation of this enforcement and practice how we can bypass it. We will explore 4 different methods (from very easy to difficult) on various versions of Windows, including Windows 10. We will see how and why they work, and which malware used them in the past. First we will see how we can use leaked certificates to overcome DSE as well as how we can turn it OFF by design, and what are its limitations. Then we will use WinDBG to look into the kernel and find the various flags used to control DSE and use the HackSysExtremeVulnerableDriver to do kernel exploitation for setting those to the value we require. We will use a simple dummy driver to demonstrate unsigned driver loading.

Prerequisites: Some experience with WinDBG, assembly or kernel exploitation can be helpful, but not required. Basic Python scripting knowledge will be needed.

Materials: For the full experience students will require 2 Windows virtual machines (Windows 7 and Windows 10) (optionally Windows 8) with WinDBG, Python installed on all of them, and one of them will require Visual Studio with Driver development tools. Guide for setting up VMs will be provided prior the workshop.

Max students: 24

Registration: -CLASS FULL- https://www.eventbrite.com/e/bypassing-windows-driver-signature-enforcement-icon-a-tickets-47194788884
(Opens July 8, 2018 at 15:00 PDT)

Csaba Fitzl
Csaba graduated in 2006 as a computer engineer. He worked for 6 years as a network engineer, troubleshooting and designing big Cisco networks. After that he started to work as a blue teamer, focusing on network forensics, malware analysis and kernel exploitation. Recently he joined a red team, where he spends most of his time simulating adversary techniques. He gave talks / workshops on various international IT security conferences, including Hacktivity, hack.lu, hek.si, SecurityFest and BSidesBUD. He currently holds OSWP / OSCP / OSCE / OSEE certifications. He is the author of the 'kex' kernel exploitation Python toolkit.

Back to top



Analyzing Malscripts: Return of the Exploits!

Saturday, 1430-1830 in Icon E

Sergei Frankoff Co-Founder, Open Analysis

Sean Wilson Co-Founder, Open Analysis

In recent years malscripts and file based exploits have become a main delivery method for malware. Malscripts are often heavily obfuscated and they can take many different forms including WScript, Javascript, macros, and PowerShell. There has also been been a rise in document based exploits used to deliver and execute these malscripts. As a result incident responders and malware analysts need to be comfortable analyzing different document formats, identifying potential exploits, and analyze malscripts.

In this workshop you will work through the triage of a live malware delivery chain that includes a malicious document, malicious scripts, and a final malware payload. During this process you will be exposed to different document based exploits, and you will practice the skills required to manually analyze malscripts. This workshop focuses on the fundamental analysis techniques used when identifying, deobfuscating, and analyzing maldocs and malscripts. However, we will also provide an introduction to automation tools and techniques that can be used to speed up the analysis process.

This workshop is aimed at junior incident responders, hobby malware analysts, and general security or IT practitioners who are interested in learning more about the malware triage process. If you have no experience with malware analysis but you have a good understanding of scripting languages like VBScript, and Javascript, and you are familiar with windows internals you should have no problem completing the workshop. You will be provided with a VirtualMachine to use during the workshop, please make sure to bring a laptop that meets the following requirements. Your laptop must have VirtualBox installed and working (VMWare is not supported). Your laptop must have at least 60GB of disk space free, preferably 100GB. Your laptop must be able to mount USB storage devices. Make sure you have the appropriate dongle if you need one.

Prerequisites: None

Materials: Students will be provided with a VirtualMachine to use during the workshop. They will need to bring a laptop that meets the following requirements:

- The laptop must have VirtualBox installed and working (VMWare is not supported).
- The laptop must have at least 60GB of disk space free, preferably 100GB.
- The laptop must be able to mount USB storage devices (ensure you have the appropriate dongle if you need one).

Max students: 33

Registration: -CLASS FULL- https://www.eventbrite.com/e/analyzing-malscripts-return-of-the-exploits-icon-e-tickets-47194482969
(Opens July 8, 2018 at 15:00 PDT)

Sergei Frankoff
Sergei is a co-founder of Open Analysis, and volunteers as a malware researcher. When he is not reverse engineering malware Sergei is focused on building automation tools for malware analysis. Sergei is a strong believer in taking an open, community approach to combating cyber crime. He actively contributes to open source tools and tries to publish as much analysis as possible. With over a decade of experience Sergei has held roles both as the manager of an incident response team, and as a malware researcher.

YouTube: https://www.youtube.com/oalabs

Sean Wilson
Sean is a co-founder of Open Analysis, and volunteers as a malware researcher. He splits his time between reverse engineering malware and building automation tools for incident response. He is an active contributor to open source security tools focused on incident response and analysis. Sean brings over a decade of experience working in a number of incident response and application security roles with a focus on security testing and threat modeling. In his free time Sean loves fly fishing.

YouTube: https://www.youtube.com/oalabs

Back to top



Advanced Custom Network Protocol Fuzzing

Saturday, 1000-1400 in Icon C

Joshua Pereyda Software Engineer

Timothy Clemans Software Engineer

Get hands on experience writing custom network protocol fuzzers. This class will cover the basics of network protocol "smart fuzzing." Exercises will utilize the open source network protocol fuzzing framework, boofuzz. Attendees will gain practice reverse engineering a network protocol, implementing and iterating on a custom fuzzer, and identifying vulnerabilities.

After:
1. You will know the basics of fuzzing.
2. You will know how to write custom network protocol fuzzers using state of the art open source tools.
3. You will have hands on experience with this widely-discussed but still largely mysterious test method.

Before:
1.You should be comfortable doing some programming in Python.
2. You should understand basic network protocol concepts.
3. You should be familiar with WireShark and how to use it.

What you won't learn:
1. Exploit development.
2. Python programming. Because you can already do that (see above).

Prerequisites:
- Some basic Python programming experience (some programming ability is REQUIRED).
- Basic understanding of network protocols.
- Basic familiarity with Wireshark.
- Optional: Fuzzing experience.

Materials:
- Laptop with physical Ethernet port -- strongly recommended: configure for secure Wi-Fi access beforehand.
- Python 2.7 and pip installed and updated.
- Linux recommended but Windows OK.

Max students: 66

Registration: -CLASS FULL- https://www.eventbrite.com/e/advanced-custom-network-protocol-fuzzing-icon-c-tickets-47194829004
(Opens July 8, 2018 at 15:00 PDT)

Joshua Pereyda
Joshua is a software engineer specializing in information and network security. He has worked in the critical infrastructure and cloud computing industries with employers heavily invested in software and hardware security. Among his passions are hacking, teaching kids to program, listening to upper-crust orchestral performances with his wife, and figuring out how he can get paid to do it all... legally. Joshua is the maintainer of the boofuzz network protocol fuzzing framework. He has written fuzzers for fun, and profit (literally).

Timothy Clemans
Tim is a software engineer working in information security. He has worked for a startup and data analytics companies. He currently works in critical infrastructure with a focus on security and fuzzing. He cringes at the thought of insecure systems and so he seeks to improve the security of anyone who will listen. He enjoys a good hike, ice cream, and long walks on the beach.

Back to top



Building Environmentally Responsive Implants with Gscript

Saturday, 1430-1830 in Icon C

Dan Borges

Alex Levinson Senior Security Engineer, Uber

Attendees to this workshop will experience a step by step walk through in setting up a Gscript build environment (which will include the Golang programing language as a requirement, along with the required libraries). Subsequently, attendees will obtain a basic overview of the Gscript capabilities in using conditional logic to navigate within, and deploy persistence mechanisms upon, target hosts.

Upon completion, each attendee will depart with a laptop (whichever one they brought _)containing a full Gscript build & testing environment, and at least 1 custom Gscript of their own design and purpose.

Prerequisites:
1. A general understanding of what an implant is, and how to use one.
2. Experience with Javascript
3. Experience with Metasploit and or meterpreter is a plus
4. Experience with the Golang programing language is also a plus

Materials: A laptop with an ethernet port

Max students: 66

Registration: -CLASS FULL- https://www.eventbrite.com/e/building-environmentally-responsive-implants-with-gscript-icon-c-tickets-47194616368
(Opens July 8, 2018 at 15:00 PDT)

Dan Borges
Dan Borges is an information security professional with over 15 years in computer science. Dan participates in a number of cyber security competitions each year, from being on the National CCDC Red Team, to leading a Blue Team in Pros Versus Joes, and helping run the Collegiate Penetration Testing Competition (CPTC). He has been publishing a blog on infosec education for more than 10 years.

Alex Levinson
Alex Levinson is a Senior Security Engineer at Uber with experience in red teaming, software engineering, and incident response. Outside of Uber, he is a core member of the red team for the National Collegiate Cyber Defense Competition (CCDC), as well as the Competition Director for the Collegiate Penetration Testing Competition (CPTC). Previously, Alex worked as a Senior Consultant and Development Manager at Lares Consulting.

Back to top



Fuzzing with AFL (American Fuzzy Lop)

Saturday, 1000-1400 in Icon B

Jakub Botwicz Primary Security Engineer, Samsun Poland R&D Center

Wojciech Rauner Security Engineer, Samsung Research

This workshop will give participants information how to use afl (American fuzzy lop) to identify vulnerabilities in different applications and modules. afl is a security-oriented fuzzer, that allows to efficiently and automatically test software components allowing to find interesting security issues. It is one of leading tools and essential component in the toolbox of security researcher and hacker (penetration tester). List of afl trophies (issues found using afl) can be read at: http://lcamtuf.coredump.cx/afl/ Participants will have possibility to learn how afl works and how to use it successfully based on real life cases - vulnerabilities found by trainers in different open source components. During the training multiple cases and tips will be presented (see detailed outline for more complete list).

Prerequisites: None

Materials: To participate in the hands-on sections, attendees need to bring a laptop with minimum 2 GB RAM which can run a virtual machine or a Docker container. Virtual machine and Docker container with all necessary tools will be provided before the workshop.

Max students: 30

Registration: -CLASS FULL- https://www.eventbrite.com/e/fuzzing-with-afl-american-fuzzy-lop-icon-b-tickets-47194653479
(Opens July 8, 2018 at 15:00 PDT)

Jakub Botwicz
Jakub works as Primary Security Engineer in Samsung Poland R&D Center leading a team of security researchers. He has more than 15 years of experience in information security and previously worked e.g. in: one of world leading payment card service providers, Big4 consulting company and vendor of network encryption devices. Jakub holds PhD degree of Warsaw University of Technology and security community certificates including: GWAPT, CISSP, ECSA. Currently he works providing security assessments (static and dynamic analysis) of different mobile and IoT components. afl helped him find numerous vulnerabilities, also in open source components.

Wojciech Rauner
Wojciech has background as a full-stack developer, currently works as a Security Engineer for Samsung Research Poland. His current area of research is IoT and mobile devices. Likes to talk about cryptography and higher level languages. Loves to take things apart, build new things (because old ones got irreversibly broken in the process) and make stuff work (again). Plays in CTF Samsung R&D PL team (crypto/net/programming).

Back to top



Lateral Movement 101: 2018 Update

Saturday, 1430-1830 in Icon D

Walter Cuestas Team Lead, Open-Sec

Mauricio Velazco Threat Management Team Lead

During a targeted penetration test or red team engagement, consultants will have clear engagement goals and targets such as a particular database or access to specific blueprints within the environment. During the engagement, obtaining shells on servers & workstations as standalone devices will not provide access to the target data. The pentesters will need to move from one host to another in order perform reconnaissance and eventually, get to the target. This workshop aims to provide the necessary background knowledge to understand and execute lateral movement techniques on both MS Windows and Linux. More than just showing which tools and parameters to use like Youtube video would, this workshop will dive deep and describe with detail, the specific services of each OS and how they can be abused to achieve lateral movement. This knowledge will allow the students to learn the actual techniques and not just a bunch of tools.

Prerequisites: Knowledge and experience with Microsoft Windows and Linux at network and admin level.

Materials: To participate in the hands-on sections, attendees need to bring a laptop with 2 GB RAM that must be dedicated to a virtual machine running lastest version of Kali Linux (installed and updated before the workshop). Both VirtualBox and VMware player will be okay.

Max students: 33

Registration: -CLASS FULL- https://www.eventbrite.com/e/lateral-movement-101-2018-update-icon-d-tickets-47194431816
(Opens July 8, 2018 at 15:00 PDT)

Walter Cuestas
Walter (@wcu35745) leads the team of pentesters at Open-Sec (Peruvian company dedicated solely to provide pentesting services) since 2006. His work is based on developing attack vectors and his main interest is in the development of scripts for pentesting. He has participated as speaker in events such as LimaHack, Campus Party Quito, CSI Pereira, events of OWASP Latam and as trainer at Ekoparty. He has also published articles in trade magazines such as Hakin9, PenTest Magazine and Hack-in-Sight. During 2016, he was part of the team of instructors approved by the US Northern Command (US Army) for training in cybersecurity (hacking techniques and breach of security controls). Currently holds OSCP certification.

Mauricio Velazco
Mauricio (@mvelazco) is a security geek and python scripter with more than 9 years of experience in computer security developing offensive evaluations and implementing solutions in Latin America and North America. He currently leads the Threat Management team at a financial services organization in New York performing tasks such as Penetration Testing, Incident Response, Vulnerability Management, Application Security, Threat Intelligence, etc. He holds certifications like OSCP and OSCE. Mauricio has presented at conferences like Derbycon and BSides.

Back to top



Weapons Training for the Empire

Saturday, 1430-1830 in Icon B

Jeremy Johnson

Dive into the world of using the PowerShell Empire Remote Access Tool (RAT). The students will learn to use Empire. They will build command & control, evade some defensive controls, and other red team tips and tricks. Additionally, students will gain insight on how to build more complex infrastructure for Red Team operations, automate common tasks, and extract engagement data for reporting.

Prerequisites: Students should have exposure to the PowerShell Empire framework. We will be working with the latest version of this tool and its features. Students should have some understanding or experience with penetration testing, though it's not strictly necessary.

Materials: Laptop, Kali Linux VM and one or two Windows Virtual Machines. Lab configuration specifics for the course will be broadcast prior to the class.

Max students: 30

Registration: -CLASS FULL- https://www.eventbrite.com/e/weapons-training-for-the-empire-icon-b-tickets-47194311456
(Opens July 8, 2018 at 15:00 PDT)

Jeremy Johnson
bneg has been hacking in one way or another for the past twenty years. He worked in IT operations, development, databases, and network administration before finally escaping to his true calling in offensive security. He now finds immense joy breaking into hospitals, governments, utilities, and corporations. bneg is a contributor to the Empire project, and member of the BloodHound Slack group where he helps to answer questions and hunt bugs in Empire. When he's not making admins cry, he's running, climbing, skiing, or biking on some mountain somewhere year-round. He also volunteers with Mountain Rescue and has two kids. Clearly, he's figured out how to slow space-time.

Back to top



Decentralized Hacker Net

Saturday, 1000-1400 in Icon F

Eijah Founder, Promether

As hackers, sometimes we need to send data without anybody knowing anything. We don't want anybody to know what we're sending, so we use encryption. That's the easy part. We also don't want anybody to know that we're sending any data. That's the hard part. The observation of our presence on the network could be enough to get us in trouble. And that's just not acceptable. We need to figure out a way to hide in plain sight.

Creating an environment where data can be sent securely and our presence on the network is hidden, is not an easy thing to do. We can't rely on centralized technologies, which means we need to build a decentralized network. The network should be adaptive and flexible enough to send any type of data to any number of users. But how do we inject anonymity into a network while still supporting the verification of identity between parties? Can we establish trust without having to trust?

This workshop takes you through the process of creating a decentralized network that allows you to circumvent detection by governments and corporations. You'll be able to securely communicate and share data while masking your online identity. You'll create an adaptive, node-based infrastructure where data is shared via Distributed Hash Tables (DHT) backed by real-time asymmetric Elliptic-curve cryptography (ECC). If you've ever wanted to punch a hole through a great (or not-so-great) firewall, this workshop is for you.

Please note that this is a medium-level, technical workshop and requires that attendees have prior experience in at least one programming language, preferably C or C++. Bring your laptop, a USB flash drive, and your favorite C/C++ 11 compiler (>= gcc/g++ 4.9.2 or msvc 2015).

Prerequisites: Previous experience in at least one programming language is required. Previous experience with C/C++ and cryptography is helpful, but not required.

Materials: Laptop with Windows, Linux, or OSX. USB flash drive for saving their progress.

Max students: 84

Registration: -CLASS FULL- https://www.eventbrite.com/e/decentralized-hacker-net-icon-f-tickets-47194682566
(Opens July 8, 2018 at 15:00 PDT)

Eijah
Eijah is the founder of Promether and has 20+ years of software development and security experience. He is also the creator of Demonsaw, an encrypted communications platform that allows you to chat, message, and transfer files without fear of data collection or surveillance. Before that Eijah was a Lead Programmer at Rockstar Games where he created games like Grand Theft Auto V. He has been a faculty member at multiple colleges, has spoken about security and development at DEFCON and other security conferences, and holds a master's degree in Computer Science. Eijah is an active member of the hacking community and is an avid proponent of Internet freedom.

Back to top



Hacking Thingz Powered By Machine Learning

Friday, 1430-1830 in Icon A

Clarence Chio Security Researcher

Anto Joseph Security Engineer, Tindr

"HACKING THINGZ POWERED BY MACHINE LEARNING" is a hands-on workshop that gives attendees a crash course in performing practical adversarial attacks on modern technology powered by machine learning. This will NOT be an intro to ML class - do that on your own time online before or after the class - deep ML knowledge is definitely *not* required. We will perform mischief on ML systems that most tech-savvy people interact with on a daily basis: face recognition, (smartphone authentication) speech recognition, (home assistants) and web application firewalls (need we say more?) ;) We won't just be explaining the theory and tomfoolery behind these attacks - we'll walk you through each step of each attack and show you how *absolutely anyone* can hack systems like these with just a little bit* of background in ML hacking.

* This is an intermediate technical class suitable for attendees with some ability to read and write basic Python code. To get the most out of this workshop, surface-level understanding of machine learning is good. (i.e. be able to give a one-line answer to the question "What is machine learning?")

Prerequisites: Basic familiarity with Linux Python scripting knowledge is a plus, but not essential

Materials:
No fee required
Latest version of virtualbox Installed
Administrative access on your laptop with external USB allowed
At least 20 GB free hard disk space
At least 4 GB RAM (the more the merrier)

Max students: 24

Registration: -CLASS FULL- https://www.eventbrite.com/e/hacking-thingz-powered-by-machine-learning-icon-a-tickets-47194541143
(Opens July 8, 2018 at 15:00 PDT)

Clarence Chio
Clarence Chio has shared his research on ML and security at hacking events around the world. He has taught dozens of training classes and workshops to conference attendees and security teams at large tech companies. He wrote the new O'Reilly Book "Machine Learning & Security: Protecting Systems with Data and Algorithms", and organizes the AI Village at DEF CON. Clarence has a B.S. and M.S. in Computer Science from Stanford, specializing in data mining and artificial intelligence.

Anto Joseph
Anto Joseph is a Security Engineer for Tinder. He is involved in developing and advocating security in Machine Learning Systems & Application Security Research. Previously, he has worked at Intel, Citrix, and E&Y in multiple information security roles. He is very passionate about exploring new ideas in these areas and has been a presenter and trainer at various security conferences including BH USA, Defcon, BruCon, HackInParis, HITB Amsterdam, HackLu, Hacktivity, PHdays, X33fCon, NullCon, c0c0n and more. He is an active contributor to many open-source projects and some of his work is available at https://github.com/antojoseph.

Back to top



Adventures in Radio Scanning: Advanced Scanning Techniques with SDR

Saturday, 1000-1400 in Icon D

Richard Henderson

Bryan Passifiume

Many cities around the world have implemented multi-million dollar "trunked" radio systems for their transit, municipal, public safety, police, fire and EMS radio networks. Large commercial organizations (like Caesar's) also use frequency sharing trunked radio systems due to the hundreds (if not thousands) of staff... all requiring radio access. This workshop will walk you through the basics of trunked radio systems, how they work, and how you can set up a listening post to decode these systems and listen in. This workshop will cover setting up and using the Trunk88 scanning software, and how to scan other conventional (non-trunked) radio systems such as MOTOTRBO, Tetra, EDACS, and other systems. Live interception and decoding of a trunked system and a DMR/TRBO system will be done by students. We will also quickly walk through scanning popular archaic pager systems like POCSAG.

Prerequisites: A basic understanding of SDR scanning would be incredibly helpful, but is not essential. We can walk students through it.

Materials: In this case, we will require each student to bring a Windows laptop (not a Surface tablet please) and *at least* 2 USB DVB-T RTL2832U+R820T sticks in order to properly intercept and decode trunked radio systems. The more sticks students bring, the more voice channels they will be able to simultaneously monitor and record. A very limited number of additional sticks will be available to borrow. Please make sure you have them!

Max students: 33

Registration: -CLASS FULL- https://www.eventbrite.com/e/adventures-in-radio-scanning-advanced-scanning-techniques-with-sdr-icon-d-tickets-47194754782
(Opens July 8, 2018 at 15:00 PDT)

Richard Henderson
Richard Henderson is a writer, researcher, and ham radio/electronics nerd who has worked in infosec and technology for well over a decade. Richard is currently co-authoring a book on cybersecurity for ICS/Scada systems.

Bryan Passifiume
Bryan Passifiume is a journalist, writer and photographer who writes for one of Toronto's largest newspapers. A National Newspaper Awards nominee, and a co-founder of the alt-amateur radio group Hamsexy, he's been involved in the monitoring and radio hacking scene for nearly twenty years.

Back to top



Guided Tour to IEEE 802.15.4 and BLE Exploitation

Thursday, 1000-1400 in Icon A

Arun Mane Principle Researcher, SecureLayer7

Rushikesh D. Nandedkar Security Analyst

The workshop aims at delivering hands on experience to pentest 802.15.4 and BLE commercial devices. By design and purpose, IoT was meant to serve the whims of human, taking human laziness to next level. Hence in this due effort, there was least || no attention paid towards the state of security of IoT. However, this doesn't mean, the motives of users are deterred to use insecure IoT devices/setups.

Due to high demand for automation in M2M communication, the IoT concept took a position in the industrial sector for better and fast work ignoring security aspect. Absence of this aspect in the production is making all IoT communications and wireless communications vulnerable largely.

On the other hand, BLE devices have been used everywhere. They are being used in home automation, healthcare, SensorTags and Bluetooth Password Manager etc. As a matter of fact, these BLE devices are equally vulnerable as that of IEEE 802.15.4 based devices. The impact is huge as these technologies are used in industrial applications like water dams and other ICS systems.

Prebuilt VM with lab manuals will be provided to attendees. The workshop is structured for beginner to intermediate level attendees who do not have any experience in IoT wireless communication.

Prerequisites:
1. Basic knowledge of web and mobile security
2. Basic knowledge of Linux OS
3. Basic knowledge of programming (C, python) would be a plus

Materials:
1. Laptop with at least 50 GB free space
2. 8+ GB minimum RAM (4+GB for the VM)
3. External USB access
4. Administrative privileges on the system
5. Virtualization software - VirtualBox 5.X (including Virtualbox extension pack)/VMware player/VMware workstation/VMware Fusion
6. Linux machines should have exfat-utils and exfat-fuse installed (ex: sudo apt-get install exfat-utils exfat-fuse).
7. Virtualization (Vx-t) option enabled in the BIOS settings for virtualbox to work
8. Latest OS on the host machines (For ex. Windows 7 is known to cause issues)

Max students: 24

Registration: -CLASS FULL- https://www.eventbrite.com/e/guided-tour-to-ieee-802154-and-ble-exploitation-icon-a-tickets-47085983444
(Opens July 8, 2018 at 15:00 PDT)

Arun Mane
Arun: is a Hardware, IOT and ICS Security Researcher. His areas of interest are Hardware Security, SCADA, Fault Injection, RF protocols and Firmware Reverse Engineering. He also has experience in performing Security Audits for both Government and private clients. He has presented a talk at the nullcon 2016,2017,2018 Goa, GNUnify 2017, Defcamp 2017,BsidesDelhi 2017, c0c0n x 2017,EFY 2018,X33fcon2018 Also Trainer for Practical Industrial Control Systems (ICS) hacking training, delivered in X33fcon2018 and was co-Trainer for Practical IoT hacking which was delivered in HITB 2017, HIP 2017, BlackHat Asia 2018 and private clients in London, Australia, Sweden, Netherlands etc. He is an active member of null - The open Security community and G4H community.

Rushikesh D. Nandedkar
Rushikesh: is a security analyst. Having more than six years of experience under his belt, his assignments have always been pointed towards reducing the state of insecurity for information. His research papers were accepted at NCACNS 2013, nullcon 2014, HITCON 2014, Defcamp 2014, BruCON 2015, DEFCON 24, BruCON 2016, x33fcon 2017, c0c0n-x 2017, BruCON 2017, BSides Delhi 2017, nullcon 2018, HITB Amsterdam 2018 and x33fcon 2018, as well he is a co-author of an intelligent evil twin tool "DECEPTICON". Being an avid CTF player, for him solace is messing up with packets, frames and shell codes.

Back to top



Forensic Investigation for the Non-Forensic Investigator

Thursday, 1430-1830 in Icon A

Gary Bates Technology Director

This workshop will provide a foundation to attendees on the basics of performing a forensic investigation on a corporate or SOHO network. The course will primarily discuss forensics on a Windows system and network, but, Linux and Mac systems will be briefly discusses during the workshop where applicable. Attendees will learn techniques on how to properly collect possible evidentiary data, how to store the collected data, how to analyze the information and evaluate the data. Topics that will be covered include: - Pre-incident.. Setting up your forensic analysis toolkit. - First contact with an incident. What should you do and not do. - Collecting volatile data. Tools and techniques - Collecting and storing non-volatile data. - Utilizing open source software to analyze the data - Making a determination and writing the report based on the analyzed data. - What to do with the collected and analyzed information. This workshop is intended to provide a basic overview of how to properly collect and handle data in a corporate or enterprise network. The course will cover several tools and provide labs for the students to complete to familiarize themselves with how the tools work and the proper procedures to use. However, this class will not make a deep dive into any of the tools. Nor is this class intended for the professional forensic investigator.

Prerequisites: Students need to have a knowledgeable background in IT Administration, basic knowledge of file structures and how the Windows OS works. Students should be knowledgeable in utilizing VirtualBox and how to setup VMs and attach virtual hard drives.

Materials: Students will need to bring a laptop capable of running no more than 3 VMs. The latest version of VirtualBox should be installed.

Max students: 24

Registration: -CLASS FULL- https://www.eventbrite.com/e/forensic-investigation-for-the-non-forensic-investigator-icon-a-tickets-47086683538
(Opens July 8, 2018 at 15:00 PDT)

Gary Bates
Gary works as the Technology Director for a medium size city in Texas. This job requires him to wear many hats to include performing forensic analysis on enterprise systems. In addition, he has helped the City's police department with several criminal cases that involved the collection of network and stored data from systems under investigation. Additionally, he teaches information security classes at the local junior college to include a forensic investigation course for IT security students. Besides 15 years of experience in the IT field, he has a BS in Network Administration and a Masters in Information Security Assurance. He, also, holds several industry certifications to include a Certified Ethical Forensic Investigator Certification. Since he is easily distracted and always curious, he has a wide-range of interest and off-hour projects that run the gambit from in-depth study about cyber security to data analysis programming to electronic projects that use the Raspberry Pi and Arduino chips.

Back to top



Finding Needles in Haystacks

Thursday, 1000-1400 in Icon D

Louis Nyffenegger Security Engineer, Pentester Lab

Luke Jahnke Security Researcher, Elttam

With more and more teams moving to Agile, security engineers need to be ready to find bugs by just looking at a diff in Stash or Github. This workshop will give you the basics to get started and know what to look for. Based on 3 exercises in 3 different languages (PHP, Golang and Ruby), we will cover simple to more advanced issues and show you where to look and what you can find. After this workshop, you will be ready to start doing code review for fun or as a way to get further as part of a post-exploitation.

Prerequisites: The students should be able to use a text editor and navigate source code. Basic knowledge of Git, PHP, Ruby and Go will definitely help but is not mandatory.

Materials: A laptop with 4Gb of RAM. Internet access during the class.

Max students: 33

Registration: -CLASS FULL- https://www.eventbrite.com/e/finding-needles-in-haystacks-icon-d-tickets-47086263281
(Opens July 8, 2018 at 15:00 PDT)

Louis Nyffenegger
Louis Nyffenegger is a security engineer and entrepreneur based in Melbourne, Australia. He performs pentest, architecture and code review on a daily basis. Louis is the founder of PentesterLab, a learning platform for web penetration testing.

Luke Jahnke
Luke Jahnke is a Security Researcher at Elttam. He has extensive experience performing security assessments and running training. He enjoys working on interest vulnerabilities and runs the biennial BitcoinCTF competition.

Back to top



Pentesting ICS 101

Thursday, 1000-1400 in Icon B

Alexandrine Torrents Security Consultant, Wavestone

Arnaud SOULLIÉ Manager, Wavestone

Many people talk about ICS & SCADA security nowadays, but only a few people actually have the opportunity to get their hands dirty and understand how these systems work. Have you ever wanted to know how to make a train derail, or stop a production line? Well, this workshop is made for you! The goal of this workshop is to give you the knowledge required to start attacking SCADA networks and PLCs, and give you hands-on experience on real devices by hacking our model train! In this workshop, we will cover the main components and the commonly associated security flaws of industrial control systems, aka SCADA systems. We will then focus on their key assets, Programmable Logic Controllers (PLCs), and discover how they work, how they communicate, how they can be programmed to learn the methods and tools you can use to p*wn them. Then we will move on to real-world by attacking real PLCs from two major manufacturers on a dedicated setup featuring robot arms and a model train! Let's capture the flag!

Prerequisites: A knowledge of penetration testing is a plus, but we try to make it work for newbies as well.

Materials: A computer with 4gb of RAM, 30GB disk space and Virtualbox. We will provide 2 Virtual Machines for attendees.

Max students: 30

Registration: -CLASS FULL- https://www.eventbrite.com/e/pentesting-ics-101-icon-b-tickets-47086318446
(Opens July 8, 2018 at 15:00 PDT)

Alexandrine Torrents
Alexandrine Torrents is a cybersecurity consultant at Wavestone, a French consulting company. She is specialized in penetration testing, and performed several security assessment on ICS. She worked on a few ICS models to demonstrate attacks on PLCs and she developed a particular tool to request Siemens PLCs. Moreover, she is also working at securing ICS, in the scope of the French military law, enforcing companies offering a vital service to the nation to comply to security rules.

Arnaud SOULLIÉ
Arnaud Soullié is a manager at Wavestone, performing security audits and leading R&D projects. He has a specific interest in Active Directory security as well as ICS, two subjects that tend to collide nowadays. He teaches ICS security and pentests workshops at security conferences (BlackHat Europe 2014, BSides Las Vegas 2015/2016, Brucon 2015/2017, DEFCON 24) as well as full trainings (Hack In Paris 2015).

Back to top



Where's My Browser? Learn Hacking iOS and Android WebViews

Thursday, 1000-1400 in Icon C

David Turco Senior Security Consultant, Context Information Security

Jon Overgaard Christiansen Principal Security Consultant, Context Information Security

WebViews allow developers to embed HTML pages into mobile applications and their use is widespread, from merely displaying a simple help page to wrapping an entire website inside a mobile app. Developers now "control the browser" and things can go very wrong: a cross site scripting vulnerability can be catastrophic for a mobile application and result in the exfiltration of user's data stored on the device or in someone listening to user conversations. The "Where's My Browser?" vulnerable-by-design mobile applications for Android and iOS have been written by the presenter as a teaching tool for hacking WebViews. The workshop covers the attack surface of Android and iOS WebViews and presents techniques and tools for identifying and exploiting those vulnerabilities. Attendees will practice their skills against the "Where's My Browser?" mobile apps. The source code of the applications will help students in recognizing common coding mistakes.

Prerequisites: The workshop is aimed at an audience with an intermediate skill level. It is expected a basic knowledge of mobile and web application security testing (can you tell the difference between XSS and CSRF?) and a basic understanding of JavaScript and common programming concepts.

Materials: The best setup to cover all exercises is a Mac OS X laptop with Android Studio, Apple Xcode and Google Chrome installed. All exercises can be done using the Android and iOS simulators. A physical mobile device is not necessary. Alternatively a Linux or Windows laptop with Android Studio and Google Chrome installed plus an iPhone (preferably jailbroken) are sufficient. An Apple ID is required to deploy the iOS application to a physical device.

Max students: 66

Registration: -CLASS FULL- https://www.eventbrite.com/e/wheres-my-browser-learn-hacking-ios-and-android-webviews-icon-c-tickets-47086190062
(Opens July 8, 2018 at 15:00 PDT)

David Turco
David (endless) works as a Senior Security Consultant at Context Information Security. He started his professional career as a Linux administrator and then moved to information security about 5 years ago. He has a wide skill set but has developed a specific interest in web and mobile technologies. In the past he provided training on a variety of topics, including advanced web application training to developers and pentesters. Recently he's done some research work on XSLT injection attacks. He also developed BHFS, a write-only filesystem based on PGP.

Personal site: https://www.authenticationfailure.com/

Jon Overgaard Christiansen
Jon is a Principal Security Consultant at Context Information Security. After working as an enterprise dev for a few years he moved into security, spending the last 7 years breaking code instead of writing it. Mobile security has been a key topic for him since back when there was still something called the Windows Phone and he has delivered training on this topic, and others like web app hacking and scripting attacks, over the last 5 years. Most of his time these days are spent on random red teams or reverse engineer mobile applications, but other interests do include the writing of rootkits and remote access tools... just for fun... as well as the occasional dabble in game design!

Back to top



Introduction to Cryptographic Attacks

Thursday, 1430-1830 in Icon B

Matt Cheung

Using cryptography is often a subtle practice and mistakes can result in significant vulnerabilities. This workshop will cover many of these vulnerabilities which have shown up in the real world. This will be a hands-on workshop where you will implement the attacks after each one is explained. I will provide a VM with Python dependencies and skeleton code included so you can focus on implementing the attack. A good way to determine if this workshop is for you is to look at the challenges at cryptopals.com and see if those look interesting, but you could use in person help understanding the attacks. While not a strict subset of those challenges, there is significant overlap.

Prerequisites: Students should have experience with Python development and comfortable with mathematics such as modular arithmetic.

Materials: A laptop with VMWare or VirtualBox installed and capable of running a VM.

Max students: 30

Registration: -CLASS FULL- https://www.eventbrite.com/e/introduction-to-cryptographic-attacks-icon-b-tickets-47086369599
(Opens July 8, 2018 at 15:00 PDT)

Matt Cheung
Matt Cheung started developing his interest in cryptography during an internship in 2011. He worked on implementation of a secure multi-party protocol by adding elliptic curve support to an existing secure text pattern matching protocol. Implementation weaknesses were not a priority and this concerned Matt. This concern prompted him to learn about cryptographic attacks from Dan Boneh's crypto 1 course offered on Coursera and the Matasano/cryptopals challenges. From this experience he has given talks and workshops at the Boston Application Security Conference and the DEF CON Crypto and Privacy Village.

Back to top



Advanced Wireless Attacks Against Enterprise Networks

Thursday, 1430-1830 in Icon C

Gabriel Ryan Co-Founder & Principle Security Consultant, Digital Silence

Justin Whitehead CEO & Co-Founder, Digital Silence

This workshop will instruct attendees on how to carry out sophisticated wireless attacks against corporate infrastructure. Attendees will learn how to attack and gain access to WPA2-Enterprise networks, bypass network access controls, and perform replay attacks to gain administrative control over an Active Directory environment. External wireless adapters and additional required equipment will be provided to all workshop attendees, and material learned in the lectures will be practiced within a realistic lab environment.

Areas of focus include:

* Wireless reconnaissance and target identification within a red team environment
* Attacking and gaining entry to WPA2-EAP wireless networks
* LLMNR/NBT-NS Poisoning
* Firewall and NAC Evasion Using Indirect Wireless Pivots
* MITM and SMB Relay Attacks
* Downgrading modern SSL/TLS implementations using partial HSTS bypasses

Prerequisites: None

Materials: Students will need to bring a laptop with at least 8 gigs of RAM, a 64-bit operating system, at least 100 gigs of hard drive space (external drives are fine), and at least one free USB port. Students will also be required to download and install a virtual lab environment prior to participating in the workshop. Everything else will be provided by the instructor team.

Max students: 66

Registration: -CLASS FULL- https://www.eventbrite.com/e/advanced-wireless-attacks-against-enterprise-networks-icon-c-tickets-47086648433
(Opens July 8, 2018 at 15:00 PDT)

Gabriel Ryan
Gabriel Ryan is a penetration tester and researcher with a passion for wireless and infrastructure testing. He currently serves a co-founder and principle security consultant for Digital Silence, a Denver based consulting firm that specializes in impact driven penetration testing and red team engagements.

Prior to joining Digital Silence, Gabriel worked as a penetration tester and researcher for Gotham Digital Silence, contributing heavily to their wireless security practice and regularly performing large scale infrastructure assessments and red teams for Fortune 500 companies. Some of Gabriel's most recent work includes the development of EAPHammer, an 802.11ac focused tool for breaching WPA2-EAP networks. On the side, he serves as a member of the BSides Las Vegas senior staff, coordinating wireless security for the event. In his spare time, he enjoys producing music, exploring the outdoors, and riding motorcycles.

Justin Whitehead
Justin is an Army infantry veteran with over a decade of service. After retiring from the military, he went on to have a successful 7 year career in computer forensics and incident response. In 2015, he became a penetration tester at One World Labs, working under renowned security researcher Chris Roberts. He now serves as CEO and Co-Founder of Digital Silence, bringing a unique attention to detail and blend of blue and red team experience to the company. When he's not focused on his role as a security professional, Justin happily pursues his hobby of synchronized figure skating.

Back to top



Fuzzing FTW

Thursday, 1430-1830 in Icon D

Bryce Kunz President, Stage 2 Security

Kevin Lustic Information Security Researcher

Join us in this hands-on introduction to fuzzing workshop, where we will explore how common fuzzing tools (e.g. AFL, libFuzzer, BooFuzz, etc..) are used to discover previously unknown bugs within applications.

We will first cover a general process to follow when fuzzing a targeted application and then provide hands-on labs where students will be able to apply this fuzzing process to quickly discover bugs within applications.

Several different fuzzing techniques will be covered including fuzzing file inputs via blind mutations (e.g. radamsa), fuzzing specific functions within an application via in-process evolutionary fuzzing (e.g. libFuzzer), compile-time instrumentation based fuzzing (e.g. AFL), and fuzzing of network services via generation based fuzzing (e.g. BooFuzz aka Sulley).

Prerequisites: Students need to be comfortable in Kali Linux which includes navigating the OS via the terminal. An understanding of basic networking concepts (i.e TCP/IP) and the HTTP protocol is highly recommended. Some knowledge of the Python scripting language is highly recommended.R26

Materials:

  • A laptop with the ability to copy a Virtual Machine (VM) off a USB drive and run the VM within VMware Workstation / Fusion or VirtualBox.
  • Students are required to bring their own laptops
  • A minimum of 8 GB RAM installed
  • At least 60 GB HD free
  • USB 2 or higher support
  • VMware Workstation / Fusion / VirtualBox installed
    • Tested on Windows 10 with VMware Workstation or VirtualBox.
    • Tested on macOS High Sierra with VMware Fusion or VirtualBox.

Max students: 33

Registration: -CLASS FULL- https://www.eventbrite.com/e/fuzzing-ftw-icon-d-tickets-47086572205
(Opens July 8, 2018 at 15:00 PDT)

Bryce Kunz
Bryce Kunz (@TweekFawkes) craves righteous red team hacks. Currently, the President of Stage 2 Security. Previously he supported the NSA (network exploitation & vulnerability research), Adobe (built red teaming program for cloud services), and DHS (incident response). Bryce holds numerous certifications (e.g. OSCP, etc...), and has spoken at various security conferences (i.e. BlackHat, DerbyCon, etc...).

Kevin Lustic
Kevin Lustic is an InfoSec researcher located just outside Salt Lake City, Utah. He is currently a red-teamer for Adobe in Lehi, performing offensive security testing against the various Adobe Digital Experience solutions. Prior to joining Adobe, Kevin spent five years in the Intelligence Community as a global network vulnerability analyst, cryptanalyst, and developer in various positions. He earned his Bachelor's degree in Mathematics from Ohio University, then his Master's degree in Cyberspace Operations from the Air Force Institute of Technology under a full NSF-funded CyberCorps scholarship.

Back to top



Playing with RFID

Thursday, 1430-1830 in Icon E

Vinnie Vanhoecke Penetration Tester, Ernst & Young Belgium

Lorenzo Bernardi Cyber Security Consultant, Ernst & Young Belgium

This is a workshop about Radio-frequency Identification (RFID), including a basic introduction and a set of practical hands-on challenges. We will start with explaining the theory behind RFID, including the different types and protocols (e.g. HID, Mifare, �) and how to perform an RFID assessment. Afterwards, the participants can take on several challenges (of increasing difficulty) with RFID readers that we will provide. Our objective is to make this workshop fun and accessible to a wide audience.

Prerequisites: Basic Linux knowledge

Materials: Laptop (preferably Linux based OS)

Max students: 33

Registration: -CLASS FULL- https://www.eventbrite.com/e/playing-with-rfid-icon-e-tickets-47086519046
(Opens July 8, 2018 at 15:00 PDT)

Vinnie Vanhoecke
Vinnie is a penetration tester of web application & mobile application working for EY. During college he wrote a thesis about RFID and now he using his experience to provide a RFID workshop and make people aware of the vulnerabilities within RFID. In his spare time he strengthen his IT security skills by playing CTF's, reading blogs, going to conferences and develop a variety of side projects.

Lorenzo Bernardi
Lorenzo is a cyber security consultant at EY. He mainly focusses on penetration testing and red team exercises. Because of the different physical intrusion he had to perform in the scope of the red teaming activities, he extended his wireless knowledge to the RFID field, where he gained experience over the years. In his spare time Lorenzo likes to learn new topics related to cyber security. He has basic knowledge of wireless signal hacking, in addition of RFID.

Back to top



Packet Mining for Privacy Leakage

Thursday, 1000-1400 in Icon F

Dave Porcello Founder, Pwnie Express

Sean Gallagher IT & National Security Editor, Ars Technica

Join the packet hunters behind NPR's Project Eavesdrop for an interactive, hands-on workshop where we'll hunt for juicy bits of personal & corporate data on the wire. Using Wireshark, ngrep, tcpflow, xplico and other Linux packet digging tools, you'll learn how to extract PII from a packet capture or live stream, including passwords, emails, photos/images, cookies, session IDs, credit card numbers, SSNs, GPS coordinates, mobile device details, cell carrier info, vulnerable client software, weak SSL sessions, and much more. Useful for detecting privacy/data leakage, passive pentesting, & network forensics, these techniques expose what an intermediary can discern about an individual or organization through passive monitoring of network traffic.

Prerequisites: Students must be comfortable with Linux command line & Wireshark.

Materials: Students wishing to participate in the exercises should bring a laptop running Kali Linux (or a Kali virtual machine).

Max students: 84

Registration: -CLASS FULL- https://www.eventbrite.com/e/packet-mining-for-privacy-leakage-icon-f-tickets-47086301395
(Opens July 8, 2018 at 15:00 PDT)

Dave Porcello
Dave Porcello is the Founder of Pwnie Express and creator of the original Pwn Plug, Power Pwn, and other covert pentesting gadgets featured on NPR, Wired, Ars Technica, Slashdot, and "Mr. Robot". Dave is currently a freelance pentester, packet hunter, researcher, & adjunct professor at Norwich University.

Sean Gallagher
Sean Gallagher is Ars Technica's IT and National Security Editor. He evaluates security tools and conducts privacy and security testing for Ars' Technology Lab.

Back to top



The Truth is in the Network: Reverse Engineering Application-Layer Protocols Via PCAP

Thursday, 1430-1830 in Icon F

David Pearson Principal Threat Researcher, Awake Security

Reverse engineering has become an increasingly important element of network security. The ability to break a system down in order to understand its base components and how they interact is critical to understanding not just how the system works, but the ways it can leave your network vulnerable. This is especially true at the application level, where insecure or poorly managed applications can leak sensitive data. In this hands-on workshop, attendees will learn how to reverse engineer real application-layer protocols. During our time together, we'll start at the surface and do a deep technical dive into the network traffic of a common remote access application. Along the way, we'll:

1. Introduce protocol reverse engineering and explain its importance
2. Learn how to discover structured data
3. Determine if data is encoded or encrypted
4. Understand how various protocols interact
5. Uncover secondary communications and information leaks in a hands-on fashion

All materials and content are freely available at https://dl.awakesecurity.com/defcon/nw_re_tools/resources.html and will remain so.

Prerequisites: Familiarity with a network packet capture and analysis tool -such as Wireshark - will provide a solid foundation on which to build. In addition, a basic understanding of lua scripts will be beneficial.

Materials: Students will need a laptop with Wireshark installed and access to the Internet. An IDE of choice is also recommended.

Max students: 84

Registration: -CLASS FULL- https://www.eventbrite.com/e/the-truth-is-in-the-network-reverse-engineering-application-layer-protocols-via-pcap-icon-f-tickets-47086494974
(Opens July 8, 2018 at 15:00 PDT)

David Pearson
Having used Wireshark ever since it was Ethereal, David has been analyzing network traffic for well over a decade. He has spent the majority of his professional career understanding how networks and applications work, currently as Principal Threat Researcher for Awake Security. David holds computer security degrees from the Rochester Institute of Technology (BS) and Carnegie Mellon University (MS).

Back to top



Building Autonomous AppSec Test Pipelines with the Robot Framework

Thursday, 1000-1400 in Icon E

Abhay Bhargav CTO, we45

Sharath Kumar Ramadas Senior Solutions Engineer, we45

It is common knowledge that automating security testing, especially for rapid-release applications is an essential requirement from multiple perspectives. One perspective is that of security testing in a Continuous Delivery Pipeline (as part of CI/CD) and the other is the perspective of a Penetration Tester. In a CI/CD Pipeline, one would like security tests to be triggered in an automated manner. These tests should provide information related to application vulnerabilities to engineering teams, early in the SDL (Software Development Lifecycle), preferably before these apps are deployed to production. From the perspective of the Pentester, there is the obvious shortage of time and resources. Pentesters spend a lot of time repeating standard manual processes, thereby losing out on time to perform more deep, insightful analysis of the target application to uncover serious security flaws. Targeted Automation, can be very useful for a Pentester as well.

Prerequisites: Basic Knowledge of Application Security Testing Techniques

Materials: Laptop with Virtualbox loaded - VM will be provided

Max students: 33

Registration: -CLASS FULL- https://www.eventbrite.com/e/building-autonomous-appsec-test-pipelines-with-the-robot-framework-icon-e-tickets-47086284344
(Opens July 8, 2018 at 15:00 PDT)

Abhay Bhargav
Abhay Bhargav is the CTO of we45, a focused Application Security company. Abhay is the author of two international publications. "Secure Java for Web Application Development" and "PCI Compliance: A Definitive Guide". Abhay is a builder and breaker of applications, and has authored multiple applications in Django and NodeJS. He is the Chief Architect of "Orchestron", a leading Application Vulnerability Correlation and Orchestration Framework. He is a passionate Pythonista and loves the idea of automation in security. This passion prompted him to author the world's first hands-on Security in DevOps training that has been delivered in multiple locations, and recently as a highly successful training programs at the OWASP AppSecUSA 2016, OWASP AppSec EU and USA 2017. Abhay recently delivered a workshop on SecDevOps at DEFCON 25. In addition , Abhay speaks regularly at industry events including OWASP, ISACA, Oracle OpenWorld, JavaOne, and others.

Sharath Kumar Ramadas
Sharath is a Senior Solutions Engineer at we45. As part of his role, Sharath has architected and developed multiple solutions around security engineering, including an Application Vulnerability Correlation tool called Orchestron. As part of his experience with Application Security, Sharath has developed integrations for multiple security products including DAST, SAST, SCA and Cloud environments, In addition, Sharath has extensive experience with Cloud Deployments and Container Native Deployments. As part of his role in a security organization, Sharath has led teams that have created intentionally vulnerable apps for CTF competitions both inside and outside the organization.

Back to top