Recent News

  • REGISTRATION IS NOW OPEN! Early Bird Discount EXTENDED thru APRIL 15th

    Click 'Registration' for more information

  • Keynote Speakers Announced - More Speakers Coming Soon!

    Click 'Speakers' for more information

  • Call for Sponsors Announced!

    Click 'Sponsors' for more information

  • 2-Day Trainings Announced!

    Click on 'Trainers' for more information.

  • Click ‘Social’ to add yourself to our mailing list to get the latest Shakacon VII news!!

Sun, Surf, and C Shells

People from all over the world are coming to Shakacon! You should too!


Shakacon, an Information Technology (IT) Security Conference, is back and ready to invite business executives, government and military officials, security professionals, and IT enthusiasts to participant in Hawaii's only Call for Paper based IT security conference.

We decided it was time to bring some top notch technical talent back to one of the most remote locations on earth.

Sitting around somewhere freezing your a$$ off? Dreaming about warm days, rainbows, decadent tropical drinks sipped out of coconuts? Sure you could drop your 0day in Vegas, bring down the Internet in Germany, or satisfy your dark desires in Asia; however, wouldn't you rather submit your research or topics to our CFP and maybe win yourself a paid trip to Hawaii?


Call For Papers

	Shakacon VII  - Honolulu, Hawaii
	"Sun, Surf, and C Shells"
Who: Shakacon Crew
What: Shakacon VII
When: July 6-7 (Training) & July 8-9 (Conference) 2015
Where: Honolulu, HI - Hawaii Prince Hotel Waikiki
Why: World Class Speakers, World Class Location, World Class People
How: By plane, boat, canoe, yacht, hydrofoil, stand-up paddle board, jet ski, long board, dolphin, whale sled, nuclear submarine, etc.


Going into our seventh year, Shakacon offers attendees a unique opportunity to really network with some of the world's top security professionals in casual and friendly setting. At its heart, the Shakacon security conference is a laid back conference where industry, government, academia and independent experts will get together to share knowledge and experience in one of the most beautiful places on Earth.

The conference committee strives to build a balanced schedule that appeals to all security practitioners with talks covering all different aspects of the information security landscape. There will be something for everyone and if sitting through talks isn't your cup of Hawaiian coffee you can step into one of the social areas and talk with our sponsors, staff, and attendees.

[Trainer Opportunities]

Don't want to speak at the Con but have an uncanny ability to teach and a proven track record for delivering quality courseware and want to come to Hawaii? We will be evaluating trainers for two days of training leading up to Shakacon (July 6-7). Submit a synopsis/class agenda, prior teaching experience, and maybe you'll get selected to teach in Hawaii. Revenue is split 50/50 between the trainer and conference. The conference will cover all venue related costs (A/V, Food, Drinks, etc.). The trainer is expected to cover their own travel costs (unless they are also selected as a speaker). All selected trainers will receive free admission to the conference.

[CFP Details]

We have up to sixteen (16) spots and typically receive 100+ submissions to speak. If you are serious about speaking please submit your abstract as soon as possible.

(1) Abstract for papers must be submitted to the review committee by March 6, 2015.
(2) Selection notification will occur by March 13, 2015 and abstracts posted to the site by March 20, 2015.
(3) Full Slides for your papers must be submitted by May 31, 2015.

As mentioned, there are a limited number of speaking sessions for which the conference organizers will provide travel and accommodations so please submit your abstract early if you are interested in speaking. Speaking slots will be 50 minutes long (45 minutes for your talk and 5 minutes for Q&A). See [Speaker Benefits] section below for financial details on speaker reimbursements.

The audience will be a broad mix of professional, academic, and enthusiast, so we welcome both technical and non-technical submissions on all aspects of security. The key criteria are practicality and timeliness. We want to provide our attendees with up to date materials they can take away and immediately gain benefit from, as well as new research or tools. Absolutely NO SALES presentations will be accepted.

Proposals should include:

Subject Line:
"Shakacon CFP Submission: <paper title>, <your name>"


1. Name, address, and contact info.
2. Employer and/or affiliations.
3. Brief biography.
4. Presentation experience.
5. Topic summary.
6. Reason this topic should be considered.
7. Other publications or conferences where this material has been or will be published/submitted.
8. Links to videos or slides showing previous presentations.

Please include plain text of all information provided in the body of your email, as well as any file attachments. The plain text information will be reviewed first to find the most suitable candidates.

Please forward the above information to cfp at in order to be considered.

[Speaker Benefits]

Besides a cool speaker badge and the brightest speaker shirt you'll ever lay your eyes on Shakacon will reimburse speakers for two (2) hotel nights and round trip coach airfare. If you choose to stay somewhere other than the official Shakacon hotel we will only be reimburse for hotel room nights at a less than or equal to cost. Reimbursable round trip coach airfare cannot exceed $1,200.00 US without prior approval from conference organizers.

Speakers also receive free admission to the conference, all conference related materials, and an invite to the private pre-conference dinner with the conference organizers, staff, and fellow speakers.

[Trainer Benefits]

Trainers are responsible for their own travel and lodging unless other arrangements have been made with the conference organizers. Trainers should evaluate the minimum attendee requirements for their course and plan for possible cancellation of their class if such minimums are not met. Shakacon will take care of all venue costs (A/V equipment, Internet, tables, chairs, food, beverages) for the training; however, trainers are responsible for providing materials necessary for conducting their class (hardcopy material, hardware, software, switches). Revenue from the training class is split 50/50 between the trainer and conference. Trainers receive free admission to the conference.

More conference information, registration details, and travel partner deals will be posted to:

Follow Status on:

[Media Partners]

We are media friendly. Please email info at for inquiries about press passes.

[CFP Review Team]

A big Mahalo to our CFP review committee:

Caleb Sima - BlueBox
Katie Mossouris - HackerOne
Cory Michal-
Alberto Garcia -
Colin Ames - Attack Research
Matthieu Suiche - MoonSols
Vincenzo Iozzo - TiQad
Kent Backman - Independent Researcher
Jonathan Brossard - Toucan Systems
Jeremiah Grossman - Whitehat Security
Daniel Hodson - Oxin Security & Ruxcon
Kris Harms - Cylance
Ryan Talabis - zVelo
Chris Potter - Attack Research
Jason Martin - FireEye
Darryl Higa - Independent Researcher
Patrick Wardle - SynAck
Tammie Kim - Oracle
Josh Schwartz -
Luis Santana -



General Admission: $350 (plus tax and fees)

Early Bird Discount (EXTENDED thru April 15, 2015): $280 (plus tax and fees)

*All Active Military, State & Federal Government Employees, Members of ISSA, ISACA & Infragard, and Students please contact for your discount promo code.

Shakacon Training and Conference dates: July 6-7, 2015 Trainings (8am-5pm)
July 8-9, 2015 2-Day Conference (8am-5pm)

Book your Room Reservations at Hawaii Prince Hotel Waikiki
Ask for the SHAKACON special group rate.

Run of Ocean $209.00
**The rates quoted above are based on single or double occupancy and are subject to hotel room tax of 9.25% and state tax of 4.712%, currently totaling 13.962%. (Taxes subject to change.)

Group rates based on space availability at the time of booking.

Third person charge $60.00 + tax per night. Maximum guestroom capacity is (3) adults and (2) children. Children 17 years and under are complimentary in the same room utilizing existing bedding, when sharing with an adult.

- Call toll free reservations line at 1-800-321-6248
- Call hotel directly at (808) 956-1111
- Email

NOTE: (1) night room and tax deposit will be required at the time of booking.

Register Here

2-Day Trainings (July 6-7, 2015)

Shakacon VII Conference (July 8-9, 2015)

Shakacon 2-Day Trainings

July 6-7, 2015

Location: Hawaii Prince Hotel - Haleakala-Kilauea Rooms
  • 7:30am-8:00amRegistration Opens
    8:00am-5:00pm Training
    *Continental Breakfast, Lunch & Afternoon Refreshments will be provided.

Shakacon Speaker Welcome Dinner

  • Details to be provided.

Shakacon 2-Day Conference

July 8-9, 2015

Location: Hawaii Prince Hotel – Mauna Kea Ballroom

  • 7:00amRegistration Opens
    8:00am-5:00pm General Conference

    *Continental Breakfast, Lunch & Afternoon Refreshments will be provided.

Shakacon End of Conference Networking Event

Thursday, July 9, 2015

Location: Hawaii Prince Hotel – Mauna Kea Ballroom

5:30pm-8:00pm Appetizers, Cocktails, and Raffle Prize Giveaways



**Conference Keynote – Day 1**

Name: Stephen Adegbite, Senior Vice President, Enterprise Information Security Program Oversight and Strategy, Wells Fargo & Co.

Bio: Steve Adegbite is the Senior Vice President in charge of the Enterprise Information Security Program Oversight and Strategy Organization at Wells Fargo & Co. Prior to joining Wells Fargo & Co., Mr. Adegbite was the Director, Cyber Security Strategies at Lockheed Martin Information Services and Global Services (IS&GS). Prior to joining Lockheed Martin, Mr. Adegbite was the Chief Security Strategist for Adobe Systems Inc. within the Adobe Secure Software Engineering, Steve has also worked with Operations (IO) positions at the National Security Agency (NSA), the National Geospatial-Intelligence Agency (NGA) and the Defense Intelligence Agency (DIA), both as a government employee and as an associate consultant for Booz Allen Hamilton, a strategy and technology consulting firm. Mr. Adegbite is a current member of President Obama’s Homeland Security Advisory Council.

Title: Slipping out the front door of the party: The challenges of detecting silent exits of your data

Synopsis: The security landscape is changing...I know…I know this is a much worn cliché. However, it’s something to note that for every landscape change, a resurgence of old attacks get repackaged and whitewashed as something new. Lucky us! The good thing is that with the resurgence of certain attacks our defenses are increasingly better almost to the point where the attack becomes a non-factor.

Except for one…Data Exfiltration/Data Exposure. Looking at recent cyber events hitting the financial and retail sectors such as the Home Depot, JP Morgan and even unimaginable places like the Dairy Queen breech. It’s no surprise that this will be a continued trend.

This Keynote talk will look at defining the problem...exploring the question "Is data exfiltration different than data exposure or are they one in the same? And going one step further, why the answer is important for present and future actions against this threat. We will look at the past and present for this threat in a hope that you will leave thinking the same bold statement I have..."the age of destructive cyber attacks are at an end...the days of "silent exits" of data has begun."

**Conference Keynote – Day 2**

Name: Chris Evans

Bio: At Google, Chris founded and built the Chrome Security Team. He is currently focused on doing the same for Google Project Zero. He has launched various progressive initiatives including the Chromium Vulnerability Reward Program and Pwnium competitions. He particularly enjoys driving wider community participation and is also a director for the Internet Bug Bounty charity.

As time permits, Chris is a vulnerability researcher, speaking at various worldwide conferences and serving on talk and paper selection panels. He has found vulnerabilities in most of the popular operating systems and web browsers.

Chris also enjoys contributing to open source and security design best practices, being the author of vsftpd and it's "privsep" concept, and having detected the "Diginotar incident" with contributions to the design of SSL in Chrome.

Chris' current focus is defending internet users from sophisticated targeted attacks.

Title: Project Zero: make 0day hard

Synopsis: We'll provide a frank assessment of the current attack landscape and how it has changed since the "mass malware" years. We will then explore what this means for effective defenses and vulnerability response. This will lead into a detailed description of where Project Zero fits it, with it's mission to make zero days hard and lower the incidence of targeted exploitation. We'll dive into some depth on the most significant Project Zero publications, policies and general observations to date.

Training Sessions

2-Day Training classes are now available. Please see below for detailed information on the various trainings we are offering this year, including the course outline and prerequisites. Click on the Registration tab to register and for pricing information.

Training: Powershell for Penetration Testers

Trainer: Nikhil Mittal

Description: PowerShell has changed the way how Windows is used, secured and also the way Windows is owned. It is an automation platform for everybody; developers, defenders and attackers. PowerShell provides easy access to almost everything in a Windows machine and network. It comes installed by default in modern version of Windows. During a penetration test, it could be really helpful to use this powerful shell and scripting language for further attacks.

This training would help anyone who wants to know more about PowerShell from a security perspective. If you are a defender, you could learn how this attack vector can be used against a corporate environment. If you are a pen tester you would learn how to use PowerShell for pen testing in a windows environment. You will learn various techniques like privilege escalation, backdoors, keylogging, data exfiltration, dumping system secrets in plain, persistence, pivoting, in-memory code execution, using top sites as C&C, web shells, bots...the list goes on.

Learning how to use a target environment for your purpose is crucial in pen tests. Open source tools which help in achieving this would also be discussed including those written by the trainer. The training aims to bring PowerShell goodness to security professionals and includes hands-on in a lab environment and CTF like exercises. You would be able to write your own scripts for security testing after this training. This training aims to forever change how you pen test a Windows based environment.


  1. PowerShell Cheat Sheet, solutions to exercises, sample source code, updated tools and extra slides explaining things which could not be covered
  2. Attendees would learn a powerful attack method which could be applied from day one after the training
  3. The attendees would understand that it is not always required to use a third party tool or foreign code on the target machine for post exploitation
  4. The attendees would learn how PowerShell make things easier than previous scripting options like VB.

  • Introduction to PowerShell
  • Using ISE, help system, camlets and syntax of PowerShell
  • Writing simple PowerShell scripts
  • Functions, Objects, Pipeline, Jobs and Modules
  • Playing with the Windows Registry
  • .Net with PowerShell
  • COM with PowerShell
  • WMI with PowerShell
  • Recon, Information Gathering and the likes - Tools written/integrating in PowerShell
  • Vulnerability Scanning and Analysis - Tools written/integrated in PowerShell
  • Exploitation - Getting a foothold on a system
  • Writing shells in PowerShell
  • Post-Exploitation - What PowerShell is actually made for
  • Pivoting to other machines
  • Poshing the hazes
  • PowerShell with Human Interface Devices
  • Client Side Attacks with PowerShell
  • Achieving Persistence
  • Owning other MS products - SQL Server and AD
  • Attacking UNIX machines
  • Clearing Tracks
  • Quick System Audits with PowerShell
  • Detecting PowerShell attacks
  • Security controls available with PowerShell

  • Basic understanding of a programming or scripting language could be helpful but is not mandatory.
  • An open mind.
Bio: Nikhil Mittal is a hacker, infosec researcher, speaker and enthusiast. His area of interest includes penetration testing, attack research, defense strategies and post exploitation research. He has 5+ years of experience in Penetration Testing for his clients which include many global corporate giants.

He specializes in assessing security risks at secure environments which require novel attack vectors and "out of the box" approach. He has worked extensively on using Human Interface Device in Penetration Tests and PowerShell for post exploitation. He is created of Kautilya, a toolkit which makes it easy to use Teensy in penetration tests and Nishang, a post exploitation framework in PowerShell. In his spare time, Nikhil researches on new attack methodologies and updates his tools and frameworks.

Nikhil has held trainings and boot camps for various corporate (in US, Europe, SE Asia), for educational institutes like IITs and at the world's top information security conferences.

He has spoken at conferences like Defcon, BlackHat USA, BlackHat Europe, RSA China, Troopers, PHDays, BlackHat Abu Dhabi, Hackfest, ClubHack, EuSecWest and more.

Training: Offensive Techniques

Trainer: Colin Ames, Attack Research

Description: In the professional information security world, there has yet to be a course which provides the students the knowledge and skills required to carry out real world attacks. Traditional penetration testing courses impart only a limited view of the exposure and vulnerabilities companies suffer from. These classes are generally focused on standard scanner, frameworks, and tool usage as well as techniques for collecting "shells" on target systems. In contrasts, this course is designed to teach its students how to plan and execute a successful attack against a target, using the same techniques and mindsets that real attackers use.

Attack Research teaches a unique approach to penetration testing, using deep system knowledge and lesser-known techniques that will arm the student with true offensive capabilities. This class is designed to help students think past the need for known exploits. Alternating between hands-on exercises and lectures, the students will walk away having been given the chance to utilize the new skills that they will learn. A target network will be provided, along with all of the software needed to participate in the labs.

Students will leave with an understanding of:

  • How real attacks are planned and carried out
  • Unique exploitation techniques that aren't public
  • End to end attack methodologies
  • How to use and deploy true offensive techniques
  • Attacker opsec both on and off boxes
Students will spend a significant amount of time creating their own custom tools in a lab environment. The labs are designed around the students working through the following:

  • Software weaponization and custom payload creation
  • Web recon and how automation works for you
  • Initial exploitation vectors from basic to advanced
  • Command and Control
  • Lateral movement with custom tools
  • Stealth
  • Evading detection on all levels
  • Exploiting both Windows and *Unix networks
  • Abuse of PAM authentication for lateral movement
Students will test all of the skills they have gained in the course against a target network specially designed for the class. The labs will be interwoven into the lecture so that students will receive a significant amount of time to practically exercise these new skills as they learn them. By the end of the class students will have spent roughly 50% of the time in a lab environment.


  • Introduction
    • Class fundamentals
    • Mentality for Offensive Operations
  • Weaponization Software
    • The basics of MSF and why attackers don’t really use it
    • Attacker toolsets
    • Rapid malware prototyping with other languages and platforms
  • Initial Exploitation
    • Attacker recon
    • Web hacking techniques for Black Hats
    • Secure Java exploitation techniques
    • Customizing exploits for weaponization
  • Recon techniques on and off hosts
    • Recon is how you win
    • Uncommon recon techniques
    • Finding assets on a network like a true attacker
  • Getting root
    • Paths
    • Services
    • Injections
    • Unknown shells
  • Persistence
    • Enumerating best locations for persistence
    • In memory
    • On disk but then gone
    • Trojaning OS assets for persistence
  • Personal Security Products Evasion
    • Attack the PSP process
    • Defeating all PSP products
    • Attacker OPSEC
  • Lateral Movement
    • Playing with APT
    • Binary obfuscation techniques
    • Working through networks
  • Unix network exploitation
    • Non memory corruption root
    • Poormans rootkits
    • How to make kerberos kill
    • Trojaning home
    • SSH manipulation for shells
    • Hacking X like never seen before
Student laptops must be running OSX, Linux, or Windows and they must have the ability to disable all antivirus on the machine. You must have administrative access on your machine as well for sniffing traffic, adjusting firewalls, etc.


  • A concept of scripting languages such as Python/Perl/Ruby
  • A medium level of systems administration on a Windows or Linux machine (Windows preferable but not a must)
  • Students don’t have to have internet access, but it would be desired for all
Bio: Colin is a security researcher with Attack Research, LLC where he consults for both the private and public sectors. He's currently focused on Pen testing, Exploit Development, Reverse Engineering, and Malware Analysis.

Training: Web Application Exploitation

Trainer: Chris Potter, Attack Research

Description: This course combines a deep understanding of manual web application exploitation with the latest in vulnerability identification as well as how to use the latest automated tools to assist in web application vulnerability identification and exploitation. By tailoring the instruction to the rapid assessment of web applications as well as deep dive source code auditing techniques, we equip students with the skills required to keep up with the modern web application security landscape as well as provide new knowledge to use in their engagements. This Web Application Exploitation class includes considerable lab time utilizing external applications and attacks as observed in the wild.

Students will leave with an understanding of:

  • How web application vulnerabilities are identified
  • How web application vulnerabilities are exploited
  • How exploit chaining can lead to greater vulnerability risk classification
  • How to exploit the latest 'Exotic' vulnerabilities
  • End to End attack methodologies including attacker OPSEC
Students will spend a significant amount of time creating their own custom exploits in the lab environment. The labs are designed around the students working through the following:

  • Profiling External Web Applications
  • Vulnerability Classification
  • Identifying Vulnerable Web Applications
  • Exploiting Web Applications
  • End to End Attack Methodologies
  • Using the Latest Security Tools to Aid in Application Assessments

  • Web Application Profiling
  • Cross Site Scripting (XSS)
  • Click Jacking
  • Cross Site Request Forgery (CSRF)
  • Local File Inclusion (LFI)
  • Remote File Inclusion (RFI)
  • SQL Injection (SQLINJ)
  • Remote Code Execution (RCE)
  • XML External Entity Injection (XXE)
  • Object Serialization
  • Exploit Development and Automation (OPSEC, Log Analysis)
  • Security Tool Usage (Acunetix, Burp, Qualys WAS, sqlmap)
Student machines must be able to run and have Burp, SQLMAP, and Firefox installed as well as the LiveHTTP Headers FireFox extension and the Firebug Firefox extension. Free versions and professional versions are fine.

Student laptops must be running either OSX, Linux, or Windows and must have the ability to sniff traffic, adjust firewalls, etc.

Students are encouraged to have a local WAMP/LAMP stack installed and running on their machine for local exploitation development testing/homework, however the lab infrastructure will be sufficient for all labs.


  • A concept of scripting languages such as Python/Perl/Ruby/PHP
  • A familiarity with LAMP/WAMP architectures
  • A concept of Web Application architectures
Bio: Chris is a Professional Security Consultant and Developer with over ten years of experience working within the Information Technology (IT) and Information Security (INFOSEC) industry. He has participated in numerous research projects with leading INFOSEC and IT experts from around the world. He has performed security audits for companies in the United States including leading industry fortune 100 firms. He is proficient in numerous programming languages and application development strategies. He has developed numerous tools for network security penetration testing as well as spoken and trained at several prominent security conferences on topics ranging from deep technical attack strategies to the fundamental psychological differences of attackers.

Training: Rapid Reverse Engineering

Trainer: Russ Gideon, Attack Research

Description: This course combines deep understanding of reverse engineering with rapid triage techniques to provide students with a broad capability to analyze malicious artifacts uncovered during incident response. By tailoring the instruction to rapid assessment of binaries, we equip students with the skills required to keep up with modern malware and rapidly extract the most valuable and pertinent data to their investigations, including Indicators of Compromise (IOCs). Rapid RE includes considerable lab time utilizing replicated enterprise networks and attacks as observed in the wild.

Students will leave with an understanding of:

  • How real world attacks are carried out
  • File triage processes and techniques
  • Intelligence extraction techniques from malware
  • How to deal with binary obfuscation techniques
  • How to get indicators from a file in a hurry
Students will spend a significant amount of time creating their own custom tools in a lab environment. The labs are designed around the students working through the following:

  • Recognizing the file format infections from various sources
  • Advanced triage capabilities
  • Extract host and network indicators from file format exploits
  • Developing your own custom process trace capabilities for IOC extraction
  • Rapid shell code analysis using the not so common tools and techniques
  • Rapid binary de-obfuscation techniques with IDA Pro and Debuggers
  • Rapid unpacking techniques
The labs will be interwoven into the lecture so that students will receive a significant amount of time exercising these new skills as they learn. By the end of the class, students will have spent 50% of the time in a lab environment. A significant portion of the class will be dedicated to building new tools, on the fly, to solve the challenges posed by a difficult adversary.


  • Rapid inspection of various file formats
    • Metadata extraction from PE, PDF, and Office docs
    • Finding buried artifacts in files
    • Mobile malware metadata analysis
  • Assured Dynamic Analysis
    • Extracting Hose IOCs from file formats with dynamic analysis
    • Working DLLs
    • Splatter network IOC extraction and log file analysis
    • Memory Analysis
  • Android Auto Analysis
    • Android Internals
    • APK Reversing By Hand
    • Automated Bindings and Android
  • Assembly
    • X86 intro
    • Arm intro
  • Process Tracing for Rapid Field Assessments
    • Intro to Intel PIN
    • Code tracing with Pin
    • Shellcode analysis with Pin
  • IDA Efficiencies
    • Intro to IDA Scripting
    • X86 emulation
    • De-obfuscation techniques
  • Unpacking
    • Using IDA for unpacking assistance
    • Unpacking in-memory
Student machines must be able to run at least 2 virtual machines utilizing VMware Workstation 8.0 and above (which can be obtained through a demo license). To run multiple machines usually means at least 4G of memory is needed. Laptops must be running either OSX, Linux, or Windows and must have the ability to disable all antivirus, sniff traffic, adjust firewalls, etc.

Students are encouraged to have a copy of IDA Pro version 6.0 or greater. Students are responsible for bringing a XP or Windows 7 VMware virtual machine that can be instrumented and infected with malware.


  • A concept of scripting languages such as Python/Perl/Ruby
  • A familiarity with Windows administration
  • A concept of malware analysis and reverse engineering malware processes
  • Programming in C and previous knowledge of assembly will help student, but not a must
Bio: Russ has many years of experience in information security fulfilling many diverse roles from being a core component of an Incident Response operation to running effective Red Teams from across the United States government. Russ excels both at malware reverse engineering, which enables him to deeply understand how the attackers do what they do, as well as at high end Red Teaming where he has to penetrate sophisticated and well protected high value systems. Russ currently serves as the Director of Malware Research at Attack Research.

Training: Low-Power Hacking

Trainer: Dr. Phil Polstra

Description: In the first part of this course, students will construct their very own remote hacking drones based on the BeagleBone Black. These devices can be used as dropboxes, remotely-controlled hacking drones, or full pen-testing desktop systems. When used as a dropbox or remote hacking drone, the devices may be controlled from a Linux PC located up to a mile (1.6km) away. This distance can be extended using gateways and/or routers. Multiple devices connected via IEEE 802.15.4 or ZigBee mesh networks can be used to perform powerful coordinated attacks. These devices can be battery powered for several days if required.

The second part of the training will show attendees how to maximize the power of pen-testing with remote hacking drones by leveraging Python scripting. By the end of the second day, students should be comfortable performing highly scripted remote pen-tests with a single drone and be able to perform some truly amazing pen-tests by scaling up to use multiple drones. All tools used in this training, including the hardware, are open source. Students will leave this course with a fully functional remote controlled drone and the knowledge of how to add additional drones to their army for well under $200/each. In addition to their low cost and easy availability, these drones are easily reconfigured for a number of pen-testing scenarios.


A Linux laptop capable of reading a microSD and the following hardware:

  • BeagleBone Black
  • XBee Pro Series 1 radio
  • XBee Series 1 radio (this could also be a pro version)
  • USB XBee adapter
  • Alfa AWUS036H (or other aircrack-ng compatible) wireless adapter
For student convenience, these items and optional items, such as additional drones, are available from


  • Signed copy of Hacking and Penetration Testing with Low Power Devices by Dr. Phil Polstra
  • Full assembled XBee Cape
  • 32GB microSD card preloaded with the latest version of a custom pentesting Linux distro (The Deck)
Bio: Dr. Phil Polstra is a professor teaching Digital Forensics at Bloomsburg University of Pennsylvania. He has been programming since age 8 when he cleaned out his savings to buy a TI-99-4A computer. Two years later he learned 6502 Assembly and has been hacking hardware and causing trouble ever since. For the last few years Phil has been using microcontrollers and embedded computer systems to build penetration testing and forensics hardware. This work includes developing a penetration testing Linux distro for the BeagleBoard and BeagleBone family of devices and accompanying hardware. This work is described in detail in his book Hacking and Penetration Testing With Low Power Devices (Syngress, 2014).

Training: Windows Internals for Security Professionals

Trainer: T. Roy

Description: This course takes a deep dive into the internal workings of the Windows kernel from a security perspective. Attendees learn about behind the scenes working of various components of the windows kernel with emphasis on internal algorithms, data structures and debugger usage. The hands on labs consist of extensive use of the kernel debugger (WinDBG) with emphasis on interpreting the debugger output and using this information to understand the state and health of the system.


  • Kernel mode software developers, anti-malware developers, malware analysts, rootkit analysts, security researchers and forensic investigators.

  • Understand the major components of the Windows Kernel and the functionality they provide.
  • Understand the internal workings of the kernel and how to peek into it using the debugger.
  • Be able to investigate system data structures using kernel debugger extension commands.
  • Be able to interpret the output of debugger commands and correlate them to the state of the system.
  • Be able to navigate between different data structures in the kernel, using debugger commands.
  • Be able to locate indicators of compromise while hunting for kernel mode malware.
  • Understand how kernel mode rootkits interact with the system.

  • Attendees must have a solid understanding of operating system concepts and have a working knowledge of Windows. This course does not require you to have any programming knowledge.

  • Attendees must bring their own laptop powerful enough to run at least one virtual machine. It should have at least 8GB of RAM, 30 GB free disk space, working USB Port and Wireless LAN.

  • Laptop must be running 64-bit version of Windows 7 SP1 or higher. Virtualization software must be installed i.e. (VMWare, Hyper-V or Virtual Box). Guest OS must be a 64-bit version of Windows 8.1 Update 1. Bit-locker must be disabled on the guest. Attendees must have administrative access to both host and guest OSs. Debugging Tools for Windows and SysInternals Tools, both of which are publicly available, must be installed on both Host and VM guest. All other tools and software will be provided by the instructor.

  • Architectural Overview Privilege rings, HAL, kernel, executive, device drivers, Win32k.sys, NTDLL, system process, user and kernel threads.
  • Hardware Support CPU registers, segment registers, global descriptor table (GDT), interrupt descriptor table (IDT), model specific registers (MSR).
  • System Mechanisms Interrupt request levels (IRQL), traps, system calls, service descriptor tables, native API calls (Zw vs Nt), read/write probes, exception handling.
  • Execution Environment Interrupt service routines (ISR), deferred procedure calls (DPC), asynchronous procedure calls (APC), worker threads, custom driver threads.
  • Memory Management Kernel virtual address space, page table entries (PTE), virtual address descriptors (VAD), page frame number (PFN) database, kernel mode thread stacks, pools, memory mapping, memory descriptor lists (MDL).
  • Objects and Handles Object manager, object header, object types and procedures, object layout, object security checks, handle tables, handle table entries, kernel handles, object reference counting.
  • Device Drivers Driver architecture, I/O manager data structures (driver object, device object, file object, symbolic link), I/O requests (IRP and I/O stack location), I/O processing, data buffering mechanisms.
  • Kernel Security Mitigations Kernel mode code signing (KMCS), kernel patch protection (PatchGuard), supervisor mode execution prevention (SMEP), non-executable (NX) pools.
Bio: T. Roy, an author, instructor and consultant, is the founder and president of CodeMachine. He spends most of his time researching Windows internals and security, developing software and traveling around the world sharing this knowledge.

He holds a Master's Degree in Computer Engineering, has more than 20 years of experience and has taken more than a dozen projects from their infancy all the way through to commercial success. He works in the defense and intelligence community and is well versed with the offensive side of cyber-security. Additionally, T. Roy was involved with the development of some of the industry's leading endpoint security solutions like intrusion prevention systems, network firewalls, behavioral anti-malware, document security and data leak prevention system and has intimate knowledge of the limitations that these solutions have.

Over the last decade he has taught courses in more than 20 countries. He has taught Microsoft's own engineers and has received many instructor recognition awards. He is also an adjunct professor and teaches computer forensics to graduate students. He has an innate talent for taking complex concepts and explaining them in a lucid manner. Through his teaching, he shares the knowledge he has acquired through years of hands-on experience.

Training: Automotive Exploitation Techniques

Trainer: Craig Smith

Description: Hands-on car hacking course. No previous knowledge of mechanics required. Course walks you through the layout of modern car systems, including Infotainment attacks, ECUs, CAN bus and other embedded system attacks. This class will go over vehicle methodologies that can be applied to any vehicle. Tools will be provided as well as working on a functional car test bench to practice attacks on. You will learn the skills to analyze a car's security and create attacks that can be weaponized into further exploits.

Students will receive a CAN bus sniffer and a copy of all course materials and software tools.


    Day 1
    • Course overview of scope
      • What is car hacking
      • Benefits / why hack cars
      • Focusing on remote and local attacks
      • Hands on to feel comfortable doing these hacks at home
    • Vehicle Attack Surface
      • Define what the attack surface is. Infotainment, IC, CANBus, TPMS, etc.
      • Intro to threat modeling
    • SocketCAN
      • Setting up virtual CAN devices
      • Getting the build environment ready for testing
      • Tool overview
    • Infotainment System overview
      • Connected to CAN
      • Bluetooth
      • WiFi
      • USB
      • CD
      • Map Updates
      • XM
    • Vehicle Communication Systems overview
      • OBD Connector
      • CAN
      • Overview of other Bus protocols: GMLAN, PWM, K-Line, Line
      • Ethernet
    • Diagnostic Communication
      • Overview of ISO-TP / UDS
      • Scan Tools and PIDs
      • DTCs and Military
      • Hands-on: Query and clear DTC codes
      • Pull VIN from ECU
    • Intro to CAN Bus
      • Packet Structure
      • CAN data is unique per make/model
      • Adding a GUI to SocketCAN
      • Overview of reversing methodologies
      • Hands-on ICSim
        • Reverse door unlock codes
        • Reverse Turn signals
        • Reverse Speedometer
    • Overview of Engine Control Units
      • The "brains" of a car
      • How to build an ECU test bench
      • ECU Wiring diagrams
      • Test Bench setup, simulating engine signals via HW
    • Open Garages
      • Overview of Open Garages
      • How to find or start your own Open Garages
      • Final bonus hands on: SuperTuxKart hacking
    Day 2
    • How to weaponized CAN findings
      • Botnet video demo
      • Determine Host
        • ISO-TP UDS Queries
        • Passive monitoring
    • Writing assembler to make any payload usable in shellcode
      • Quick Intro to assembler for the target arch
      • Assembler code to trigger a one-time CAN pocket
      • Cleanup code to eliminate NULLs
      • Assembler code to send a constant CAN signal
      • Busybox demo
    • Immobilizer hacking and “hotwiring”
      • Intro to immobilizer tech
      • Crypto attacks
      • Current trends in attacking keyless entry systems
      • Methods to start a vehicle without a key
Bio: Craig Smith is the founder of Open Garages and the author of the Car Hacker’s Handbook. Craig has performed security work with the auto-industry and published independent work for 6 years. He has worked in the security industry for over 15 years and currently runs his own independent security research company, Theia Labs.

Training: Physical Penetration Testing

Trainer: Deviant Ollam

Description: Physical security is an oft-overlooked component of data and system security in the technology world. While frequently forgotten, it is no less critical than timely patches, appropriate password policies, and proper user permissions. You can have the most hardened servers and network, but that doesn't make the slightest difference if someone can gain direct access to a keyboard or worse yet, march your hardware right out the door.

Those who attend this session will leave with a full awareness of how to best protect buildings and grounds from unauthorized access, as well as how to compromise most existing physical security in order to gain access themselves. Attendees will not only learn how to distinguish good locks and access control from poor ones, but will also become well-versed in picking and bypassing many of the most common locks used in North America in order to assess their own company's security posture or to augment their career as a penetration tester.

We provide a full kit of picks, bypassing tools, impressioning gear, and instructional practice locks. Retail value if sourced separately would be over $450. The CORE Student kit includes:

  • A twelve-piece lockpicking toolkit with a varied blend of hooks, rakes, diamonds, and turning tools
  • A set of eight training and practice locks
  • Wafer lock tools and a sample wafer lock
  • A tubular lock pick
  • Door latch bypassing tools
  • A locksmith's impressioning file
  • A pocket microscope & steel key gripper (also for impressioning)
  • A bypass tool for American Lock padlocks
  • A bypass tool for Adams Rite display cabinet locks
  • A multi-wheel combination lock decoder tool
  • Bump keys and a bump hammer
  • A polymer and steel lock mounting stand (for picking and impressioning)
  • A tactical pouch to contain it all when you leave the classroom and put your knowledge into action in the field, because students retain all of these materials after the course concludes
Bio: While paying the bills as a security auditor and penetration testing consultant with his firm, The CORE Group, Deviant Ollam is also a member of the Board of Directors of the US division of TOOOL, The Open Organisation of Lockpickers. Every year at DEFCON and ShmooCoon, Deviant runs the Lockpick Village, and he has conducted physical security training sessions for Black Hat, The SANS Institute, DeepSec, ToorCon, HackCon, Shakacon, HackInTheBox, ekoparty, AusCERT, GovCERT, CONfidence, the FBI, the NSA, DARPA, the National Defense University, the United States Naval Academy at Annapolis, and the United States Military Academy at West Point. His favorite Amendments to the US Constitution are, in no particular order, the 1st, 2nd, 9th and 10th.

Training: Diving Into Development of Microsoft Windows Kernel Exploits

Trainer: Nikita Tarakanov

Description: Security of Microsoft kernel is becoming a hot topic nowadays. With the rise of sandbox technologies compromising sandboxed applications via kernel vulnerabilities is a nice approach. Attendees will learn the various internals of the kernel exploit development, will face various problems and will learn how to solve them.


Day 1
  • Setting up the environment
  • Basics of Kernel Debugging with Windbg
  • Microsoft Kernel Vulnerabilities Overview
  • Null Pointer Dereference Exploitation
  • Arbitrary Memory Overwrite Exploitation
  • Stack-Based Buffer Overflow Exploitation
Day 2
  • Recent Exploit Mitigation Technologies Overview
  • Pool Overflow/Corruption Exploitation
  • Hardcore Pool Overflow/Corruption Exploitation
  • Race Condition Exploitation

  • People that are interested in development kernel exploits for Microsoft Windows, as well who is interested in development sandbox bypass exploits.

  • Training attendees should be familiar with basic operating system concepts and have hands-on experience using the Windows operating system. Attendees should be familiar with the Win32 API, C (or derived) programming language and have basic knowledge of x86/x86-64 assembly language.

  • Hardware
    • 64-bit machine with at least 4GB of RAM (8GB and more is better)
  • Software
    • IDA Pro
    • Visual Studio 2012 (at least Visual express C++)
    • Virtualization software
    • VMWare Player (at least version 5.0) or Workstation (at least version 9.0)
    • Ability to debug a virtual machine from Host O.S or from another virtual machine with Windbg
    • VM samples: Windows 7 32-bits, Windows 7 64-bits, Windows 8 64-bits, Windows 8.1 64-bits, Windows 10 64-bits

  • Slides/book of course and Kernel exploits
Bio: Nikita Tarakanov is a security researcher, works currently in Intel, who has worked as an IS researcher in Positive Technologies, VUPEN Security, CISS and independently. He likes writing exploits, especially for Windows NT Kernel and won the PHDays Hack2Own contest in 2011 and 2012. He also tried to hack Google Chrome during Pwnium 2 at HITB2012KUL but failed. He has published a few papers about kernel mode drivers and their exploitation and is currently engaged in reverse engineering research and vulnerability search automation.

Training: Threat Modeling

Trainer: Matt Jones

Description: Threat Modeling for Pragmatic Security Approaches - Threat Modeling is the process of assessing a target application or infrastructure and then building a model that represents the perceived threats it may be facing. This model can prove invaluable for understanding, tracking, and improving security postures and also feed into preparing security activities and security strategies.

While there’s been a couple of books and presentations on Threat Modeling, there is limited resources and guidance for applying the concepts in the real-world. It can be a daunting and overwhelming task trying to jump into a new Threat Model, so this training will spend a day sharing the theory, war-stories, and approaches from years of Threat Modeling work and will include hands-on exercises.


The training is designed to be accessible to a wide audience and works best with a broad range of attendees from different perspectives and backgrounds. Open discussion is encouraged throughout the day with a relaxed atmosphere where there’s no wrong questions or ideas.

The training has components that can delve into quite technical and intricate subjects, however it’s structured to at least promote the concepts and thought processes along the way.

The audience can be a mix of (but not limited to) the following backgrounds:

  • Security testers: individuals performing penetration testing, code reviews, red-teaming, etc.
  • Security consultants: individuals who perform risk assessments, products evaluation, incident response, security solution design.
  • Security managers: security operations managers, CISO’s/CTO’s looking at preparing pragmatic security roadmaps.
  • Software developers: individuals who work doing software architecture, software development, or QA testing.
  • Students/Enthusiasts: those keen to take a step back and look at security theories and concepts in a new light.

  • Introduction
    • An introduction to Threat Modeling and a look at previous work.
  • Concepts
    • The basics, approaches, terminology, and current methodologies.
  • Theory
    • A brief run-through on the history of vulnerabilities and security incidents while examining common software architectures and how security practices are often applied in organisations. A key aspect of this theory is to see how security activities and technologies have evolved over the years and seeing their strengths and weaknesses while considering the big picture.
  • Exercises
    • Preparing a threat model for a simple public web application
    • Preparing a threat model for a larger application with several components
    • Preparing a threat model for an entire organization
  • Application
    • A guide for how to grow and use a Threat Model over time, from tracking and collaborating with security activities (e.g. penetration testing) to designing and implementing smart security defenses.
  • Wrap Up
Threat Modeling for Offence and Defence

This second day of training delves into more specific concepts and activities that can be applied by technically minded security professionals from both an offensive and defensive background to help give fresh ideas and concepts that can be applied in practice.


The training is designed to be a more advanced course for applying Threat Modeling for Offence and Defence, and to help bring perspective and fresh approaches for carrying out more technical security activities.

The audience is specially designed for the following backgrounds:

  • Security testers: individuals performing penetration testing, code reviews, red-teaming, etc.
  • Security consultants: individuals who perform incident response, security solution design, blue-teaming, etc.

  • Introduction
    • An introduction and overview on the concepts, theory, and ways Threat Modeling can be applied in practice, recapping the key points from the Applying Threat Modeling for Pragmatic Security approaches day.
  • Offence
    • A run-through of methods that Threat Modeling can be used for penetration testers to help in the following ways:
      • Classify and triage target components of an application or infrastructure
      • Simulate different threat actors, running through attack trees while factoring in mindsets, capabilities, and objectives.
      • Testing and validating threat scenarios
  • Defence
    • A run-through of methods that Threat Modeling can be used for defence to help with the following:
      • Profiling different threat actors and understanding their associated coverage of your threat model
      • Designing and implementing mitigation methods into attack trees to quickly change the cost of attacks for adversaries.
      • Designing and implementing adversary-specific detection approaches that have low false-positive rates to aid in security monitoring.
  • Exercises
    • An offensive view of a target piece of technology and preparing, maintaining, and testing threat scenarios.
    • A defensive view of the target and designing and preparing mitigations and detections abilities for threat scenarios
    • A simulated red-team/blue-team exercise referencing the previous exercises and working as a group to test and expand the target threat model.
  • Wrap Up
Bio: Matt runs Volvent Security specializing in Threat Modeling. Low-level code review, and Custom Security Engineering for a mix of interesting clients. He spent several years in Swiss Finance as a SME and was responsible for the strategy and technical solutions of their global Threat and Vulnerability Management, developing bespoke security solutions. Since 2003, he has contributed to Ruxcon. Research interests include vulnerability analysis, data mining and machine learning, and security visualization.

Training: Penetration Testing with the Pi

Trainer: Bob Monroe

Description: This workshop will use the tiny, portable Raspberry Pi to cover many of the steps of an OSSTMM penetration test. The steps will be illustrated using different Pi functionality — starting with building out your own Pi for your testing needs and taking it right through exploitation analysis. Everything you learn will be wrapped up by challenges we prepared for you — including several real-world system that have to be hacked. If you want to take a deep dive into this new dimension of computing, this workshop will fit your needs!

Each registered student will get a Raspberry Pi 2 (or B+ depending on availability), a touch screen display, a portable keyboard with built in touchpad and a red laser pointer, a battery pack, and the microSD card with software pre-installed. And you will put it together yourself. So roll up your mental sleeves and bring your data work gloves because this 2-day class will have you going in hard.


  • Raspberry Pi construction and architecture, with focus on security usability and portability
  • Developing, documenting, and testing networks using the OSSTMM testing framework.
  • Reuse of RPi and software architectures for security testing, auditing and forensics.
  • Developing customized tool sets for the RPi based on user needs and future scalability.
These concepts and principles will enable you to construct reusable, extensible, efficient, and maintainable Raspberry Pi security testing systems.

You'll learn techniques to build good role models for structuring your own designs, as well as to clearly articulate the tradeoffs of alternative methods for designing your customized testing systems. OSSTMM testing techniques will show you how to build highly effective security testing software platforms and hardware architectures based on microcomputers. Example uses will include vehicle tracking, WiFi network security analysis, and Man in the Middle attacks with the RPi.

You are expected to be familiar with Linux . Guidance will be available.

Bio: Bob has been working as a writer, researcher, and trainer for ISECOM since May 2012. He maintains updates for our OSSTMM Professional Security Tester certification materials and creates video-based security training with the Raspberry Pi device. He is one of the primary writers for Hacker Highschool, which is an ISECOM project aimed to teaching teens about security awareness and the profession. Bob's specialty is public teaching and security awareness training. Along with work for the U.S. Army, he has provided security classes for the VA, Military District of Washington, Commandant of the Marine Corp and staff, as well as countless others across the world. He holds a U.S. Patent for airport security automation technology that combines radar and thermal imaging to protect aircraft movement areas and the surrounding airspace. With well over two decades of experience in cyber security, Bob is always learning something new. His current projects include using microcomputers as a security and forensic tool, reviewing technology books for Microsoft Press, Cisco, VMware and Person, and working with eForensic , Hackin9 and Pen Test magazines as a writer and video presenter.

Bob is a retired US Army Ranger Officer living in Mililani, HI.

Training: Mobile App Hacking - Internet Banking Edition

Trainer: Aditya Modha

Description: Mobile App Hacking is a two-day course on learning how to perform Android and iOS application security assessment based on the “OWASP Top 10 Mobile Risks”. This hands-on training is designed around the dummy internet banking application which contains vulnerabilities that were observed by the trainer during his daily application security assessments. This dummy internet banking application has features such as adding a beneficiary account, fund transfer, view statements, OTP, Pin and pattern sign-in, etc. to provide attendees a real world application scenario.


Day 1 (Android)
  • Crash course on – Android application permission model, APK file architecture and setting up the emulator
  • Reversing the APK file package
  • Investigating app permissions through manifest file
  • Understanding, patching and runtime debugging smali code
  • Importing SSL certificates and bypassing SSL pinning
  • Intercepting traffic and network activity monitoring
  • Exploring local data store
  • Analyzing system logs
  • Understanding components such as content provider, broadcast receiver and activity
  • Classification of vulnerabilities based on "OWASP Top 10 Mobile Risks"
Day 2 (iOS)
  • Crash course on – process of jailbreaking, IPA file architecture and setting up the iOS device for security assessment
  • Decrypting App Store application and dump class headers
  • Local datastore inspection (plist, SQLite, keychain, XML files, etc.)
  • Investigate platform provided security API usage
  • Bypass client-side validations
  • Import SSL certificates and bypass SSL pinning
  • Traffic interception and runtime manipulation
  • Binary patching
Bio: Aditya Modha is a Senior Security Analyst at Lucideus Tech focused on web and mobile applications security assessment. Prior to joining Lucideus, he was a Principal Security Analyst at Net-Square Solutions. He is a computer science graduate and a Microsoft Certified Technology Specialist. He has carried out security assessment of more than 200 web and mobile applications including core banking solutions and middleware applications. He blogs at

Aditya was a trainer at the following international conferences:

  • HITB, KL – Extreme Web Hacking Oct. 2013
  • HackCon, Oslo – Advanced Burp Suite March 2014
  • OWASP AppSec Eu, Amsterdam – Android App Hacking – Internet Banking Edition

Training: Hacking Web Applications – Case studies of award-winning bugs in Google, Yahoo, Mozilla and more

Trainer: Dawid Czagan

Description: Have you ever thought of hacking web applications for fun and profit? How about playing with authentic, award-winning security bugs identified in some of the greatest companies? If that sounds interesting, join this two-day hands-on training!

I will discuss security bugs that I have found together with Michał Bentkowski in a number of bug bounty programs (including Google, Yahoo, Mozilla, Twitter and others). You will learn how bug hunters think and how to hunt for security bugs effectively.

To be successful in bug hunting, you need to go beyond automated scanners. If you are not afraid of going into detail and doing manual/semi-automated analysis, then this hands-on training is for you.

After completing this training, you will have learned about:

  • Tools/techniques for effective hacking of web applications
  • Non-standard XSS, SQLi, CSRF
  • RCE via serialization/deserialization
  • Bypassing password verification
  • Remote cookie tampering
  • Tricky user impersonation
  • Serious information leaks
  • Browser/environment dependent attacks
  • XXE attack
  • Insecure cookie processing
  • Session related vulnerabilities
  • Mixed content vulnerability
  • SSL strip attack
  • Path traversal
  • Response splitting
  • Bypassing authorization
  • File upload vulnerabilities
  • Caching problems
  • Clickjacking attacks
  • Logical flaws
  • And more...

  • Students will be handed in a VMware image with a specially prepared testing environment to play with the bugs. What's more, this environment is self-contained and when the training is over, students can take it home (after signing a non-disclosure agreement) to hack again at their own pace.

  • To get the most of this training basic knowledge of web application security is needed. Students should have some experience in using a proxy, such as Burp, or similar, to analyze or modify the traffic.

  • Students will need a laptop with 64-bit operating system, at least 4 GB RAM (8 GB preferred), 35 GB free hard drive space, USB and Ethernet ports, administrative access, ability to turn off AV/firewall and VMware Player installed (64-bit version).

  • Pentesters, bug hunters, security researchers/consultants.
Bio: Dawid Czagan (@dawidczagan) has found security vulnerabilities in Google, Yahoo, Mozilla, Microsoft, Twitter, BlackBerry and other companies. Due to the severity of many bugs, he received numerous awards for his findings.

Dawid is founder and CEO at Silesia Security Lab, which delivers specialized security auditing and training services. He also works as Security Architect at Future Processing.
Dawid shares his security bug hunting experience in his hands-on training "Hacking web applications - case studies of award-winning bugs in Google, Yahoo, Mozilla and more". He delivered security trainings/workshops at CanSecWest (Canada), DeepSec (Austria), IAESTE CaseWeek (Silesian University of Technology, Poland) and for many private companies. Dawid also published over 20 security articles (InfoSec Institute, USA).
To find out about the latest in Dawid's work, you are invited to visit his blog ( and follow him on Twitter (@dawidczagan).


Please click here to download the Shakacon Sponsorship Packet.



Subscribe to our mailing list

* indicates required

Watch, Add, Like, Follow Us!