Recent News

  • Conference Schedule is now available!

    Click 'Schedule' for more information

  • Shakacon will be held at a new venue this year, THE MODERN HONOLULU hotel in Waikiki!

    Click 'Registration' for more information

  • Speakers Announced!

    Click ‘Speakers’ for more information

  • Training Announced!

    Click ‘Trainers’ for more information

  • Click ‘Social’ to add yourself to our mailing list to get the latest Shakacon VI news!

  • CFP Released and Registration is Open!

    March 1, 2014

Sun, Surf, and C Shells

People from all over the world are coming to Shakacon! You should too!


Image

Shakacon, an Information Technology (IT) Security Conference, is back and ready to invite business executives, government and military officials, security professionals, and IT enthusiasts to participant in Hawaii's only Call for Paper based IT security conference.

We decided it was time to bring some top notch technical talent back to one of the most remote locations on earth.


Sitting around somewhere freezing your a$$ off? Dreaming about warm days, rainbows, decadent tropical drinks sipped out of coconuts? Sure you could drop your 0day in Vegas, bring down the Internet in Germany, or satisfy your dark desires in Asia; however, wouldn't you rather submit your research or topics to our CFP and maybe win yourself a paid trip to Hawaii?

Call For Papers

    ----++++++++++++++++++++++++++++++++++++----
	Shakacon VI  - Honolulu Hawaii
    
	"Sun, Surf, and C Shells"
    
    CALL FOR PAPERS
    
    www.shakacon.org/CFP2014.html
    ----++++++++++++++++++++++++++++++++++++----
Who: Shakacon Crew
What: Shakacon VI
When: June 23-25 2014
Where: Honolulu, HI
Why: World Class Speakers, World Class Location, World Class People
How: By plane, boat, canoe, yacht, hydrofoil, stand-up paddle board, jetski, long board, dolphin, whale sled, nuclear submarine...

[Overview]

Going into our sixth year, Shakacon offers attendees a unique opportunity to really network with some of the world's top security professionals in casual and friendly setting. At its heart the Shakacon security conference is a laid back conference where industry, government, academia and independent experts will get together to share knowledge and experience in one of the most beautiful places on Earth.

The conference committee strives to build a balanced schedule that appeals to all security practitioners with talks covering all different aspects of the information security landscape. There will be something for everyone and if sitting through talks isn't your cup of Hawaiian coffee you can step into one of the social areas and talk with our sponsors, staff, and attendees.

[Trainer Opportunities]

Don't want to speak at the Con but have an uncanny ability to teach and a proven track record for delivering quality courseware and want to come to Hawaii? We will be evaluating trainers for one day of training leading up to Shakacon (June 23rd). Submit a synopsis/class agenda, prior teaching experience, and maybe get selected to teach in Hawaii. Revenue is split 50/50 between the trainer and conference. The conference will cover all venue related costs (A/V, Food, Drinks, etc.). The trainer is expected to cover their own travel costs (unless they are also selected as a speaker). All selected trainers will receive free admission to the conference.

[CFP Details]

We have up to sixteen (16) spots and typically receive 100+ submissions to speak. If you are serious about speaking please submit your abstract as soon as possible.

(1) Abstract for papers must be submitted to the review committee by April 11, 2014
(2) Selection notification will occur by April 18 and abstracts posted to the site by April 23
(3) Full Slides for your papers must be submitted by May 31.

CFP Review Committee:

Caleb Sima - BlueBox
Katie Moussouris - Microsoft
Colin Ames - Attack Research
Matthieu Suiche - MoonSols
Vincenzo Iozzo - TiQad
Kent Backman - Independent Researcher
Jonathan Brossard - Toucan Systems
Jeremiah Grossman - Whitehat Security
Daniel Hodson - Oxin Security & Ruxcon
Kris Harms - Cylance
Mark Ryan Talabis - FireEye
Chris Potter - FireEye
Jason Martin - FireEye

As mentioned, there are a limited number of speaking sessions for which the conference organizers will provide travel and accommodations so please submit your abstract early if you are interested in speaking. Speaking slots will be 50 minutes long (45 minutes for your talk and 5 minutes for Q&A).

The audience will be a broad mix of professional, academic, and enthusiast, so we welcome both technical and non-technical submissions on all aspects of security. The key criteria are practicality and timeliness. We want to provide our attendees with up to date materials they can take away and immediately gain benefit from as well as new research or tools. Absolutely NO SALES presentations will be accepted.

Proposals should include:

Subject Line: "Shakacon CFP Submission: <paper title>, <your name>"

Body:

1. Name, address, and contact info.
2. Employer and/or affiliations.
3. Brief biography.
4. Presentation experience.
5. Topic summary.
6. Reason this topic should be considered.
7. Other publications or conferences where this material has been or will be published/submitted.

Please include plain text of all information provided in the body of your email as well as any file attachments.
The plain text information will be reviewed first to find the most suitable candidates.

Please forward the above information to cfp at shakacon.org in order to be considered.

More conference information, registration details, and travel partner deals will be posted to:
http://www.shakacon.org

Follow Status on:
www.twitter.com/shakacon

[Media Partners]

We are media friendly. Please email info at shakacon.org for inquiries about press passes.

ALOHA FROM THE SHAKACON CREW!

Pricing

Cost*: $300

*ISSA, ISACA, Infragard, Active Military, Federal Government Employees, and Students please contact info@shakacon.org for discount information.

Shakacon Training and Conference dates: June 23, 2014 Training 8am-5pm
June 24-25, 2014 Conference 8am-5pm

Visit www.themodernhonolulu.com and enter Group Code: FIRE for the lowest discounted hotel rates!

ROOM TYPE GROUP RATE (Resort Fees Waived)
Partial Ocean View Room (King Bed) $219.00
Ocean View Room $249.00
Ocean View Studio Suite $299.00
Ocean Front One Bedroom Suite $399.00
**Group room rates are subject to applicable state and local taxes (currently 4.712% for General Excise Tax and the current 9.25% Transient Accommodation Tax. All taxes subject to change at any time. All rooms are based on single or double occupancy with maximum room occupancy of four (4) persons per room in existing bedding in applicable categories. Additional third and fourth person charge is $65.00 for any adult above the age of 18 years old.

Day 1 - Shakacon Trainings

Monday, June 23, 2014

  • 7:30am-8:00am Registration

    8:00am-5:00pm Training

    Location: The Modern Honolulu, Studios 1-4

Day 2 & Day 3 - Shakacon VI Conference

Tuesday, June 24, 2014


  • 7:00 AMRegistration Opens - Pre-Function Galleria
    8:00 AMOpening Remarks - Jason Martin
    8:15 AMKEYNOTE SPEAKER: David DeWalt, Chairman & CEO - FireEye, Inc.
    9:30 AMSafe Cracking: Deviant Ollam - The CORE Group
    10:20 AMBreak (10 minutes)
    10:30 AMResearching Android Device Security with the Help of a Droid Army: Joshua Drake - Accuvant
    11:30 PMMethods of Malware Persistence on OSX: Patrick Wardle - SynAck
    12:20 PMLUNCH
    1:30 PMAutonomous Remote Hacking Drones: Dr. Phil Polstra
    2:30 PMFuzzing and Patch Analysis: SAGEly Advice: Richard Johnson - Sourcefire
    3:20 PMBreak (10 minutes)
    3:30 PMTrapping Hacks With Ensnare: Scott Behrens & Andy Hoernecke - Netflix
    4:20 PMCLOSING REMARKS (Day 1)

    Location: The Modern Honolulu, Ballroom

Wednesday, June 25, 2014


  • 7:00 AMRegistration Opens - Pre-Function Galleria
    8:00 AMOpening Remarks - Jason Martin
    8:15 AMJust What the Doctor Ordered - Part II: Scott Evren
    9:15 AMPractical OpSec for Android Devices: The Grugq
    10:05 AMBreak (10 minutes)
    10:15 AM111 Years of Vulnerabilities: Brian Martin - Open Security Foundation
    11:15 AMF*ck you Hacking Team! From Portugal, with Love: fG!
    12:05 LUNCH
    1:15 PMWindows Kernel Fuzzing for Intermediate Learners: Ben Nagy - COSEINC
    2:15 PMSea, Fuzz, and Sun: Artificial Intelligence for Black-Box Interpreter Fuzzing: Dr. Fabien Duchene - LIG Lab
    3:05 PMBreak (10 minutes)
    3:15 PMCheat Codez: Level UP your SE Game: Eric Smith - LARES Consulting
    4:05 AMCLOSING REMARKS (Day 2) - END OF CONFERENCE
    4:15 PMNETWORKING EVENT - Pre-Function Galleria

    Location: The Modern Honolulu, Ballroom


    Please note that speakers and timeslots are subject to change without notice.

Speakers

Below you will find the selected speakers for ShakaCon VI



Conference Keynote

Name: David DeWalt – Chairman & CEO - FireEye, Inc.

Bio: David has served as chief executive officer since November 2012 and as chairman of the board since May 2012, leading FireEye to one of the most highly valued cybersecurity IPOs of all time and defining the new approach to security with the acquisition of Mandiant. Prior to FireEye, David served as president, chief executive officer, and director of McAfee, Inc. from April 2007 until August 2011, during which he lead the company to one of the largest acquisitions in history when Intel Corporation acquired the company in February 2011. David held various executive positions at EMC Corporation from December 2003 to March 2007 after the company acquired Documentum, Inc., where he had served as president and chief executive officer from July 2001 to December 2003. He currently serves on the boards of Delta Air Lines, Inc., the University of San Francisco, the National Security Technology Advisory Council, and Five9. He served on the board of directors of Polycom, Inc. from November 2005 to May 2013 and as its chairman of the board from May 2010 to May 2013, as well as board of directors of Jive Software, Inc. from February 2011 to April 2013. David holds a B.S. in computer science from the University of Delaware.

Title: Reimagining Security to Combat Advanced Attackers

Synopsis: Despite substantial investments in traditional security technologies, the vast majority of advanced attacks go undetected and proliferate undefended. Determined attackers pick their targets for a reason and architect their attacks to easily bypass traditional security technology and defense models.

In this presentation Mr. DeWalt will share FireEye’s latest observations from front lines of the cyber battlefield on how threat actors are exploiting the security gap. Specific topics will include:
  • Who is the adversary and what are they after?
  • How do attackers circumvent traditional security technologies?
  • What are the latest tools, techniques and procedures attackers are using?
  • What are the best sources of threat intelligence?
  • What can security teams do to better defend themselves?




Name: Deviant Ollam – The CORE Group

Bio: While paying the bills as a security auditor and penetration testing consultant with The CORE Group, Deviant Ollam is also a member of the Board of Directors of the US division of TOOOL, The Open Organisation of Lockpickers. Every year at conferences around the world Deviant runs the Lockpick Village, and he has conducted physical security training sessions for Black Hat, DeepSec, ToorCon, HackCon, ShakaCon, HackInTheBox, ekoparty, AusCERT, GovCERT, CONFidence, the FBI, the NSA, DARPA, the United States Military Academy at West Point, and the United States Naval Academy at Annapolis. His favorite Amendments to the US Constitution are, in no particular order, the 1st, 2nd, 9th, & 10th.

Title: Safe Cracking

Synopsis: We trust safes to secure our documents, our backup media, and our most sensitive materials... not to mention countless precious or valuable or dangerous items. Whether you're protecting bearer bonds, firearms, prescription drugs, or a flash drive full of top secret data, a safe must provide two functions for you: it should resist unauthorized entry for a significant time and it should clearly reveal to you when unauthorized entry has been achieved. If an attacker knows the tactic of safe dial manipulation, however, these protections are no longer at your disposal. This talk will walk the audience through the basics of how safe mechanisms function and then explain quite clearly how it is that some attackers can foil them. Analysis and discussion of countermeasures will also be covered, along with a summary of the tools that both attackers and defenders have at their disposal when it comes to safes and secure containers.



Name: Scott Behrens & Andy Hoernecke – Netflix

Bio: Scott Behrens is currently employed as a senior application security engineer for Netflix. Prior to Netflix, Scott worked as a senior security consultant at Neohapsis and an adjunct professor at DePaul University. Scott's expertise lies in application security, mobile security, and network penetration testing. An avid coder and researcher, he has contributed to a number of open source tools for both attack and defense. Scott has presented security research at DEF CON, DerbyCon, Shakacon, SOURCE Boston, Security Forum Hagenberg, Hack Miami, Security B-sides Chicago, and the Rocky Mountain International Security Conference. Scott has also published security white papers for InformationWeek magazine, the Infosec Institute, and the Neohapsis blog.

Andy Hoernecke is a Senior Application Security Engineer on the Cloud Security Team at Netflix. Prior to working at Netflix, Andy built and ran the Application Security program for Sears Online Business Unit. Andy has also held positions as an Adjunct Professor at DePaul University teaching Master's level courses in Information Security. He earned a Master's Degree in Computer Engineering and Information Assurance at Iowa State University and is actively involved with Information Security efforts through multiple organizations. Andy's approach to security centers around finding practical solutions to long-standing, difficult problems. He couples his experience in Security with his interest in data visualization to provide unique insight into today's biggest security challenges.

Title: Trapping Hacks With Ensnare

Synopsis: Modern web applications are facing attacks of increasing frequency, complexity and sophistication. Typical defenses revolve around several techniques that have varying levels of success.

One approach, web application firewalls (WAFs), are often used to apply signature-based rules to requests and responses to attempt to identify attacks such as Cross Site Scripting or SQL Injection. However these devices generally function as web server modules or stand-alone devices and require extensive setup and tuning before providing significant value. Additionally, WAFs have long been plagued with huge numbers of false positives/negatives and require significant technical knowledge and time to setup and operate effectively.

Security features such as CAPTCHA and throttling can contribute to a defensive strategy by slowing down scanners and scripts. However, these features quickly become an annoyance to legitimate users if not implemented carefully, and they can be difficult to utilize in an intelligent and effective manner.

Another more unique but less used approach, Honey Traps, attempts to entice malicious users into attacking applications in benign ways, triggering preset traps that have been integrated into or built on top of the existing application functionality. However past projects have contained limited functionality, been difficult to implement or still required the addition of added devices or layers.

Ensnare takes the best of these defenses and moves them from the web server, middleware, and external devices into the application itself. This helps eliminate unnecessary hops and network latency while also increasing the intelligence that can be applied to the rulesets and responses. By residing in the application layer, Ensnare can take advantage of full knowledge of a user’s actions and history in order to detect malicious behavior, and produce a much wider range of potential responses in order to block, confuse, or redirect the attacker.

Ensnare is packaged as a gem plugin for Ruby on Rails and was developed with goal to allow configuring and deploying a basic malicious behavior detection and response scheme in less than five minutes. Of course, Ensnare is extensively customizable and allows the creation of traps and responses that are relevant to the specific application being protected. Ensnare can be configured to provide traps that are specifically designed to protect against automated scanners or sophisticated manual attackers.

In this talk we will walkthrough the concept and design of the Ensnare framework. We will also show a demonstration that show exactly how Ensnare can be used and customized to provide a unique protection against web application security threats.





Name: Joshua Drake – Accuvant LABS

Bio: Joshua J. Drake is a Director of Research Science at Accuvant LABS and lead author of the Android Hacker's Handbook. Joshua focuses on original research such as reverse engineering and the analysis, discovery, and exploitation of security vulnerabilities. He has over 10 years of experience auditing and exploiting a wide range of application and operating system software with a focus on Android since early 2012. In prior roles, he served at Metasploit and VeriSign’s iDefense Labs. Joshua previously spoke at BlackHat, RSA, CanSecWest, REcon, Ruxcon/Breakpoint, Toorcon, and DerbyCon. Other notable accomplishments include exploiting Oracle's JVM for a win at Pwn2Own 2013, successfully compromising the Android browser via NFC with Georg Wicherski at BlackHat USA 2012, and winning the DefCon 18 CTF with the ACME Pharm team in 2010.

Title: Researching Android Device Security with the Help of a Droid Army

Synopsis: In the last few years, Android has become the world's leading smart phone operating system. Unfortunately, the diversity and sheer number of devices in the ecosystem represent a significant challenge to security researchers. Primarily, auditing and exploit development efforts are less effective when focusing on a single device because each device is like a snowflake: unique.This presentation centers around the speaker's approach to dealing with the Android diversity problem, which is often called "fragmentation". To deal with the issue, Joshua created a heterogeneous cluster of Android devices. By examining and testing against multiple devices, you can discover similarities and differences between devices or families of devices. Such a cluster also enables quickly testing research findings or extracting specific information from each device.When you leave this presentation, you will understand why the diversity problem exists and how to tackle it by creating a cluster of your own. Joshua will show you how to build such a cluster, provide a set of tools to manage one, and show you all the ways to leverage it to be more successful in your auditing and exploit development tasks.



Name: Patrick Wardle - Synack

Bio: Patrick Wardle is the Director of Research at Synack, where he leads cyber R&D efforts. Currently, his focus is on the emerging threats of OSX and mobile malware. In addition, Patrick is an experienced vulnerability and exploitation analyst, and has found exploitable 0days in major operating systems and popular client applications. In his limited spare time he writes iOS apps for fun (and hopefully one day, for profit!).

Title: Methods of Malware Persistence on OSX

Synopsis: As Mac OS X continues to increase in popularity and permeate the enterprise, it is essential for forensic and malware analysts to possess an in-depth understanding of this operating system. Malware, on any OS, is generally designed to persist across reboots. With this in mind, this talk will explore OS X Mavericks and its boot process, with the goal of comprehensively identifying methods that may be used by malicious adversaries to ensure that their malware is automatically executed at boot time. Throughout the talk, real-world examples of OS X malware will be presented that target portions of the OS in order to gain reboot persistence. As a result of attending this talk, participants will gain a thorough understanding of the OS X boot process and components of the OS that are, or may be, targeted by persistent OS X malware.



Name: Dr. Phil Polstra

Bio: Dr. Phil Polstra is a professor and Hacker in Residence at a private Midwestern university. He has been programming since age 8 when he cleaned out his savings to buy a TI-99-4A computer. Two years later he learned 6502 Assembly and has been hacking hardware and causing trouble ever since. For the last few years Phil has been using microcontrollers and embedded computer systems to build penetration testing and forensics hardware. This work includes developing a penetration testing Linux distro for the BeagleBoard and BeagleBone family of devices and accompanying hardware. This work is described in detail in his book Hacking and Penetration Testing With Low Power Devices (Syngress, 2014).

Title: Autonomous Remote Hacking Drones

Synopsis: Are you tired of running pentests from a van outside your target? Working 24x7 hunched over your laptop got you down? Wouldn't you rather drop a few hacking devices outside/inside your target and monitor the test poolside at your hotel down the street? This talk will show you how to build inexpensive hacking drones that can be controlled from up to a mile away and can be run for days on batteries. Devices can be used as pentesting desktops, hacking drones, or dropboxes with no software changes. Drone costs range from $45-$85. All hardware and software used is open source.



Name: Brian Martin – Open Security Foundation

Bio: Brian Martin has been studying, collecting, and cataloging vulnerabilities for 19 years, personally and professionally. Starting with a personal collection organized in the FILES.BBS format and ultimately becoming the Content Manager of the Open Source Vulnerability Database (OSVDB), he has pushed for the evolution of VDBs for years. If his business card could read "Vulnerability Historian", it would. Brian has been involved in all aspects of the vulnerability disclosure process, including finding new vulnerabilities, exploiting software (legally and illegally), writing advisories, coordinating disclosure, and working with a variety of organizations to improve vulnerability handling and response. Additionally, Brian is known for his work on attrition.org, a hobby web-site that has provided critical commentary on the dismal state of the information security industry.

Title: 111 Years of Vulnerabilities

Synopsis: Computer security is in bad shape. No, that is putting it nicely. Our state of security is entirely dismal. Apologists will sometimes dismiss this as our industry being 'young'. Sure, compared to building pyramids or fire, it is. But compared to the modern car industry, circa Ford and their Model T in 1908? Our industry is arguably just as old. And to go with that age, vulnerabilities from back then are still plaguing us to this day. How did we get here, knowing what we know? This talk will give a brief but amusing overview of the history of vulnerabilities. With each crazy story we will see that the lessons buried in our history are just as important now as they were then. Yet, miraculously, we've somehow ignored that... This talk is not about painting a complete history, as that would take several books. This is about perspective.



Name: Richard Johnson – SourceFire

Bio: Richard Johnson is a computer security specialist in the area of software vulnerability analysis. Richard currently fills the role of Manager of Vulnerability Development in charge of vulnerability discovery, triage, and mitigation research within Cisco SourceFire VRT, offering 12 years of expertise and leadership in the software security industry. Current responsibilities include research on exploitation technologies and automation of the vulnerability triage and discovery process. Previous areas of security research and tool development include program execution tracing, taint analysis, fuzzing strategies, memory management hardening, compiler mitigations, disassembler and debugger design, and software visualization. Richard has released public code for binary integrity monitoring, program debugging, and reverse engineering and has presented annually at top-tier industry conferences worldwide for over a decade. Richard is also a co-founder of the Uninformed Journal.

Title: Fuzzing and Patch Analysis: SAGEly Advice

Synopsis: Last year, in “Taint Nobody Got Time for Crash Analysis,” we presented implementations of analyses performed on taint traces that included a tool to help determine input leading to a crash and an exploitability evaluation tool based on symbolic execution. This year we will expand on these topics with a study of our efforts towards improving the effectiveness of binary differential analysis (bindiff) and replicating Microsoft Research’s work on the “Scalable, Automated, Guided Execution” (SAGE) fuzzer. This talk will include a short review of the topics covered last year including: taint propagation design considerations, graph slicing algorithms, and an overview of symbolic execution. Once the audience has been exposed to a quick primer of the relevant concepts, we will move on to challenges that remain when determining root cause from differential analysis of patches. This segment will include discussion of a set of internally developed heuristics as well as application of symbolic execution for equivalency testing of patch sets. This will lead into our final topic, the design and implementation of our internal SAGE prototype. We have found bugs and proven the concept to work, and we will discuss the real-world difficulties in tackling the challenge of replicating one of the most advanced approaches towards vulnerability discovery.



Name: Dr. Fabien Duchene – LIG Lab

Bio: Dr. Fabien Duchene is a Security Researcher at LIG Lab - IMAG, University of Grenoble, France. His current research focuses on combining artificial intelligence and evolutionary fuzzing techniques to improve the state-of-the-art of vulnerabilities detection in black-box and grey-box test contexts. He discovered vulnerabilities in widely used software: Evernote, SFR Box, Elgg, Mega.co.nz, VPN and Seebox providers...He created the GreHack hardcore security conference. Previously, he worked at Microsoft and Sogeti-ESEC. He holds a PhD from the University of Grenoble and an MSc from the "Grande Ecole" Ensimag, France, where he created the SecurIMAG CTF team, and is now lecturing basics in fuzzing, memory corruption exploit writing, pen-testing, web security, and network security. He has also been studying at University of Queensland, Australia and Universidad Politecnica de Madrid, Spain.

Title: Sea, Fuzz, and Sun: Artificial Intelligence for Black-Box Interpreter Fuzzing

Synopsis: Fuzzing is the automatic creation and evaluation of inputs for discovering vulnerabilities. Traditional undirected black-box fuzzing relies on predefined strategies for producing inputs and thus may not be efficient to find a broad range of local optima. In this work, we address the problem of black-box fuzzing of interpreters by adapting Artificial Intelligence (AI) techniques: inference, evolutionary algorithm and anti-random testing. Our work is an application of a genetic algorithm for black-box fuzzing when searching for vulnerabilities. Such algorithms are generally used in academia for search problems, often related to biology. We here apply them for vulnerability search, in black-box. We designed heuristics for fuzzing PDF interpreters searching for memory corruption vulnerabilities and for fuzzing websites for cross site scripting. Our evolutionary fuzzers ShiftMonkey and KameleonFuzz outperform traditional black-box fuzzers both in vulnerability detection capabilities and efficiency. We report on new results with those fuzzers, including new vulnerabilities that affect millions of users worldwide.



Name: Ben Nagy - COSEINC

Bio: Many years ago, Ben used to do some network security and reverse engineering, but then he fell into the field of fuzzing scalability, and started advocating 'proper' systems for offensive-side bug hunters, emphasising the weakest areas; delivery scale, instrumentation and triage. Despite trying to quit the SVC, he still pops up every couple of years to release some low-hype code that is, hopefully, useful to active practitioners.

@rantyben lives on a remote Pacific atoll and enjoys SyScan, trollcoding, drunktwitter and fine Islay whisky.

Title: Windows Kernel Fuzzing for Intermediate Learners

Synopsis: This talk will cover some approaches for kernel instrumentation, including the use of my scriptable dbgeng wrapper (rBuggery) to do local kernel debugging - previously only possible with windbg or cdb/kd themselves. rBuggery is handy for scripting up extraction of kernel structs, Object Directory traversal and such, WITHOUT slow and irritating serial connections. It can also be used to hack up a pretty awful kernel tracer, but one that at least works better than windbg or anything else I found. Next up I'll jump off from Alex Ionescu's SyScan talk this year where he talked about ALPC and some bugs he found. We'll go through how to build a delivery system to expose the ALPC Services to at least basic attack from a client fuzzer. Because there's a lot of internals and boilerplate code required and nobody else uses Go / Ruby, I'll probably also release a simple-to-use tool that exposes the services via REST and lets you deliver tests using any language.

This talk will include a great deal of Tutelary Fail.



Name: The Grugq

Bio: The Grugq is an Information Security Professional who has worked with digital forensic analysis, binary reverse engineering, rootkits, Voiceover IP, telecommunications and financial security.

Title: Practical OpSec for Android Devices

Synopsis: Denial and deception on Android mobile phones. Explores the risks to operational security posed by mobile phone usage and provides viable solution to some pressing problems.



Name: fG!

Bio: Professional troublemaker in the OS X scene, love rootkits, cracking software protections, and pissing off Hacking Team (until I find Gamma/FinFisher OS X malware/rootkit in the wild).

Title: F*ck you Hacking Team! From Portugal, with Love, fG!

Synopsis: This presentation will be dedicated to reversing of Hacking Team commercial spyware software, OS X version. The latest samples found in the wild have the backdoor module packed with MPRESS to “avoid” easy reverse engineering so my goal is to spend some time talking about the packer, how to unpack it, and how to build an automatic unpacker, and then dedicate some time to introduce the different pieces of this malware, its features and implementation, and how it is evolving from the first known samples.


Name: Scott Erven

Bio: Scott Erven is a healthcare security visionary and thought leader; with over 15 years’ experience in Information Technology & Security. His research on medical device security has been featured in Wired and numerous media outlets worldwide. Mr. Erven has presented his research and expertise in the field across the country. He has been involved in numerous IT certification development efforts as a subject matter expert in Information Security. His current focus is research affecting human life and public safety issues inside today’s healthcare landscape.

Title: Just What The Doctor Ordered? Part II

Synopsis: You have now heard the stories of delivering lethal doses of insulin to a pump, or delivering a lethal shock to a vulnerable defibrillator. But what is the reality of medical device security inside the world’s healthcare systems? Join Scott for the first unveiling of Part II of his collaborative research project with Shawn Merdinger, which focuses on public safety and human life. We will present our latest findings and previously unknown attack vectors regarding Internet facing systems at large healthcare systems across the world. It should be no surprise now, but what we found in 1 hour will amaze you!

This discussion will also highlight the fallout from security standards not being a requirement for medical device manufacturers, and our work in identifying and reporting vulnerabilities. We are working towards a future where cyber security issues in medical devices are a thing of the past. We will discuss the recent success and traction we have gained with the FDA and DHS in addressing these security issues. The train is now moving, so please join us to find out how you can get involved and make a difference in patient safety for our future.


Name: Eric Smith - LARES Consulting

Bio: Eric Smith (@InfoSecMafia) is a Senior Partner and Principal Security Consultant at LARES. Eric is a well-respected, qualified, trained, and certified Ethical Hacker with over 17 years of experience in the IT/IS industry. Eric is experienced in network and application penetration testing, social engineering, Red Team/physical security, wireless, architecture, system hardening, risk/compliance assessments, and policy/procedural development. Eric holds a BS in Information Security Systems along with active CISSP and CISA certifications. When Eric isn’t compromising large scale, heavily protected fortresses, he goes on retreats in search of unicorns, horseshoes and hidden treasures that many claim to be “suicide missions”. Eric was also born with invisible gills and is referred to by close friends and closer enemies as the “phish whisperer”.

Title: Cheat Codez: Level UP Your SE Game

Synopsis: Everyone knows what phishing is. Everyone realizes Java applets lead to massive storms of shells. Everyone accepts tailgating is the easiest way into your building. Everyone knows smoking (areas) are bad for you AND your business. Admit it, you paid for that EXACT assessment last year. I could write your report for you without even doing the job. So what’s the problem you ask? That’s EXACTLY the problem, I say. So how do we fix these issues that plague our industry and misalign business expectations? This talk will discuss the value of Social Engineering exercises when conducted with realistic goals yielding actionable results. Of course, that means putting in REAL work throughout the engagement, not “point, click, report, rinse and repeat”. We’ll discuss tips, techniques and secrets that the PROS don’t always blog about. *PRO TIP* – This won’t be a talk on how to use a particular framework or release of a tool (there are plenty of those already). So bring your work boots, it’s time to get dirty and UP your game.




Training Sessions

Training 1: Introduction To Disassembly And Reverse Engineering, Gary Golomb



Description: You're technical, but have never had the opportunity to make the leap to static executable analysis. You understand a lot about malware, but nothing about executable structures and following disassembly (or using tools focusing on those things to make decisions about if executables are good or evil). What will be covered: the basics of executable structures, disassembly, and the machine-level instructions that matter most often to malware analysts, using the demo version of IDA to dissect unknown binaries, taking an unknown binary and determining if it’s good or malicious (frequently required, given the abysmal accuracy of existing infosec products on the market), impressing your friends by having open IDA windows on your screen - that have obviously moved beyond the entry point of the executable. While the topic sounds fun, this is actually a very serious subject and a skill desperately needed in organizations. The terrible efficacy of products across the entire industry is no secret. With at least 250,000 new malware samples discovered every day, organizations can no longer depend on vendors to keep up with identifying and creating indicators of malware for them. (Keep in mind, these samples are mostly discovered by your organizations and not vendors in the first place!) Organizations now require the ability to reverse engineer malware themselves to generate indicators and intelligence they can take action on. The goal of this training is to teach you the basics of taking sample binaries and determining (from a static analysis perspective) if they are good or malicious, even when other mainstream tools give you inconclusive results. We’ll first learn the basics of executable structures and disassembly, then apply that knowledge to examining various samples to identify when they’re malicious, then extract actionable indicators from the malicious binaries. Of course I can only teach the basics in a single day, but we'll focus on the building blocks you can utilize to move forward with this subject outside the classroom. Some subjects just take a little "kick-start" to get you going on your own. This is one of those subjects, and the class will be delivered with that goal in mind.

Biography: There comes a point in some people's careers where they have forgotten more of their accomplishments than they remember. Whether that is because of a wonderfully fortunate and eclectic career, or because of old age, Gary is approaching that point. Having spent the past 15 years mostly focused on productizable Research and Development for award winning products, doing forensics and reverse engineering in some of the world's most notorious cases, co-founding a new technology product-focused company from scratch and successfully carrying it through acquisition, doing formal competitive intelligence, and creating product architectures and tactical long-term product planning - Gary has many rich experiences to share in the classroom and on the lecture stage (which he's done at some of the most elite security conferences, including: RSA, SANS, Shakacon, CanSecWest, THOTCON, You Sh0t the Shriff, ekoparty, BlackHat, and others). With a love for both teaching and developing new solutions to difficult problems, Gary's goal is to "teach or automate himself out of a job." Fortunately (for his family), the creativity, ingenuity, and persistence of our advisories have ensured that hasn't come to fruition, yet.


Training 2:Breaking Into Embedded Devices by Fault Injection with a Hands-On lab, Peter Ateshian & Jasper vanWoudenberg



Description:Secure boot, trusted execution environments and many other security mechanisms depend on the security of the underlying hardware. What if we can break the actual hardware? And what if that's EASIER than breaking the software?

*Fault injection* is a technique to break various security mechanisms, allowing an attack to load arbitrary firmware code and discover secrets such as cryptographic keys from hardware and embedded software. Fault injection is accomplished by forcing hardware into operating conditions outside of spec; causing a circuit to introduce errors in its computation. These attacks were first (publicly) discovered on smart cards in response to the major platforms becoming highly resistant against ‘software’ attacks. Now that this type of security is becoming more widely understood and implemented on most embedded systems, attackers are also moving into the field of hardware attacks.

This one day course provides an understanding of the possibilities and impact of these techniques and explains how you can protect against them through a hands-on approach. Besides the necessary theory in the morning, there will be demos and students will perform exercises *themselves in breaking a small embedded system* with glitching attacks.

Biographies: Jasper (@jzvw) currently is CTO for Riscure North America. As CTO of Riscure North America, Jasper is principal security analyst and ultimately responsible for Riscure North America's technical and commercial activities. Jasper's interest in security matters was first sparked in his mid-teens by reverse engineering software. During his studies for a master's degree in both CS and AI, he worked for a penetration testing firm, where he performed source code review, binary reverse engineering and tested application and network security. At Riscure, Jasper's expertise has grown to include various aspects of hardware security; from design review and logical testing, to side channel analysis and perturbation attacks. He leads Riscure North America's pentesting teams and has a special interest in combining AI with security research. Jasper's eagerness to share knowledge is reflected by regular speaking appearances, specialized client training sessions, student supervision and academic publications. Jasper has spoken at many security conferences including BlackHat trainings, Intel Security Conference, RSA, EDSC, BSides, ICMC, Infiltrate, has presented scientific research at SAC, WISSEC, CT-RSA, FDTC, ESC Design {West,East}, ARM TechCon, and has given invited talks at Stanford, GMU and the University of Amsterdam.

Specialties: Side channel analysis, fault injection, binary code analysis, security evaluations of {mobile phones, smart cards, set-top-boxes}, network penetration testing, code reviews.

Peter Ateshian Faculty Adjunct Lecturer & Research Associate at NPS, Monterey California, Business Development Manager Riscure North America. San Francisco California Formed and built Xtrm DESIGNS LLC, a successful Technical Engineering Support, Business Development, Sales & Services Company that has been in operation for 20 years with as many as 50 people. Provided the leadership and technical direction for VLSI Full custom & ASIC design and complex EDA/CAD flows; including new technology implementation applications for IC design. FPGA prototyping of ARM based SoCs and multiprocessor devices. ‘Xtr'm' Designs LLC, was initially funded by Mentor Graphics, TeraSystems, Conexant Oracle/ SUN Micro Systems and the US Navy. 2013-4 DARPA APAC Android malware PI NPS CCW; 2014 Clearance level: TS/SCI. Master of Engineering University of California Berkeley EECS & Business Administration.

Discount:10% discount for Military/Govt Fed/State/Academic and all local Hawaii businesses with identification/credentials/local biz license.

Sponsors

Check out our sponsorship packet here: Sponsorships

Diamond:

Platinum:

Gold:

Silver:

Bronze:






Media:

Subscribe to our mailing list

* indicates required
Shakacon

Watch, Add, Like, Follow Us!