The ACLU Presents: NSA Surveillance and More

From the NSA's PRISM and metadata programs to IMSI catchers, location tracking to surveillance drones, and warrantless wiretapping to the AP's emails – this has been the year of surveillance. Come join the American Civil Liberties Union as we unravel the thicket of new technologies and laws that allow the U.S. government to surveil Americans in more intrusive ways than ever before. We will explore the latest news and trends in surveillance, reasons to despair, grounds to be hopeful, and ways in which you can help the ACLU's fight against government overreaching.



Catherine Crump (@CatherineNCrump) s a Staff Attorney with the ACLU's Speech, Privacy and Technology Project. She specializes in free speech and privacy litigation, particularly regarding the impact of new technologies on First and Fourth Amendment rights. She is lead counsel in the ACLU's challenge to the government's suspicionless searches of laptops at the international border, and is litigating a series of cases challenging the government's claim it can track the location of people's cell phones without a warrant.



Christopher Soghoian (@csoghoian) is the Principal Technologist with the ACLU's Speech, Privacy and Technology Project. He completed his Ph.D. at Indiana University in 2012, which focused on the role that third party service providers play in facilitating law enforcement surveillance of their customers. In order to gather data, he has made extensive use of the Freedom of Information Act, sued the Department of Justice, and recorded phone company executives bragging about their surveillance practices.



Kade Crockford (@onekade) is director of the Technology for Liberty program at the ACLU of Massachusetts, where she quarterbacks the ACLU of Massachusetts' work challenging the growing surveillance state and defending core First and Fourth Amendment and due process rights. Kade is currently working on a long term project to document and challenge the militarization and federalization of state and local law enforcement, focusing on the procurement and deployment of advanced surveillance and weapons systems, towards the end of bringing local police back under local control. She built and maintains the dedicated privacy website www.PrivacySOS.org, which hosts the Privacy Matters blog.



Alex Abdo (@AlexanderAbdo) is a staff attorney in the ACLU's National Security Project, where he litigates cases concerning the expansive surveillance policies of the post-9/11 era. For example, he was counsel in the ACLU's recent Supreme Court challenge to the NSA's warrantless wiretapping program; he is currently challenging the NSA's collection of all Americans' telephony metadata; and he is suing for release of the government's secret interpretation of Section 215 of the Patriot Act.



Nicole Ozer is the Technology and Civil Liberties Policy Director at the ACLU of California. She works on the intersection of new technology, privacy, and free speech and developed the organization’s online privacy campaign, Demand Your dotRights (www.dotrights.org). Nicole graduated magna cum laude from Amherst College, studied comparative civil rights history at the University of Cape Town, South Africa, and earned her J.D. with a Certificate in Law and Technology from Boalt Hall School of Law, University of California Berkeley. Before joining the ACLU, Nicole was an intellectual property attorney at Morrison & Foerster LLP. Nicole was recognized by San Jose Magazine in 2001 for being one of 20 “Women Making a Mark” in Silicon Valley.



return to top

Ask the EFF: The Year in Digital Civil Liberties

Get the latest information about how the law is racing to catch up with technological change from staffers at the Electronic Frontier Foundation, the nation's premiere digital civil liberties group fighting for freedom and privacy in the computer age. This session will include updates on current EFF issues such as surveillance online and fighting efforts to use intellectual property claims to shut down free speech and halt innovation, discussion of our technology project to protect privacy and speech online, updates on cases and legislation affecting security research, and much more. Half the session will be given over to question-and-answer, so it's your chance to ask EFF questions about the law and technology issues that are important to you.



Kurt Opsahl (@kurtopsahl)(@eff) is a Senior Staff Attorney with the Electronic Frontier Foundation focusing on civil liberties, free speech and privacy law. Opsahl has counseled numerous computer security researchers on their rights to conduct and discuss research. Before joining EFF, Opsahl worked at Perkins Coie, where he represented technology clients with respect to intellectual property, privacy, defamation, and other online liability matters, including working on Kelly v. Arribasoft, MGM v. Grokster and CoStar v. LoopNet. Prior to Perkins, Opsahl was a research fellow to Professor Pamela Samuelson at the U.C. Berkeley School of Information Management & Systems. Opsahl received his law degree from Boalt Hall, and undergraduate degree from U.C. Santa Cruz. Opsahl co-authored "Electronic Media and Privacy Law Handbook". In 2007, Opsahl was named as one of the 'Attorneys of the Year' by California Lawyer magazine for his work on the O'Grady v. Superior Court appeal, which established the reporter's privilege for online journalists.



Marcia Hoffmann is an EFF Fellow. Now in private practice, Marcia was previously a senior staff attorney at the Electronic Frontier Foundation, where she focuses on computer crime and security, electronic privacy, free expression, and other digital civil liberties issues. Prior to joining EFF, Marcia was staff counsel and director of the Open Government Project at the Electronic Privacy Information Center (EPIC).



Dan Auerbach is a Staff Technologist who is passionate about defending civil liberties and encouraging government transparency. Coming to EFF with a background in mathematical logic and automated reasoning, as well as years of engineering experience at Google, Dan now works on EFF's various technical projects and helps lawyers, activists, and the public understand important technologies that might threaten the privacy or security of users.



Eva Galperin is EFF's Global Policy Analyst, and has been instrumental in highlighting government malware designed to spy upon activists around the world. A lifelong geek, Eva misspent her youth working as a Systems Administrator all over Silicon Valley. Since then, she has seen the error of her ways and earned degrees in Political Science and International Relations from SFSU. She comes to EFF from the US-China Policy Institute, where she researched Chinese energy policy, helped to organize conferences, and attempted to make use of her rudimentary Mandarin skills.



Mark Jaycox is a Policy Analyst and Legislative Assistant for EFF. His issues include user privacy, civil liberties, EULAs, and "cybersecurity" (online security). When not reading legal or legislative documents, Mark can be found reading non-legal and legislative documents, exploring the Bay Area, and riding his bike. He was educated at Reed College, spent a year abroad at the University of Oxford (Wadham College), and concentrated in History and Politics. The intersection of his concentration with advancing technologies and the law was prevalent throughout his education, and Mark's excited to apply these passions to EFF. Previous to joining EFF, Mark was a Contributor to ArsTechnica, and a Legislative Research Assistant for LexisNexis.



Mitch Stoltz is a Staff Attorney at the Electronic Frontier Foundation, focusing on intellectual property. Before joining EFF, Mitch worked on copyright and antitrust litigation for high-tech clients at Constantine Cannon LLP in Washington DC. Long ago, in an Internet far far away, Mitch was Chief Security Engineer at Netscape Communications and Mozilla.org, where he put out fires and cajoled hackers on three continents. He also interned at the Computer and Communications Industry Association and the office of Massachusetts State Senator Jack Hart. Mitch has a JD from Boston University and a BA in Public Policy and Computer Science from Pomona College, where he co-founded the student TV station Studio 47.



return to top

DEF CON Comedy Jam Part VI, Return of the Fail

You know you can't stay away! The most talked about panel at DEF CON! More FAIL than you can shake a stick at. Come hear some of the loudest mouths in the industry talk about the epic security failures of the last year. So much fail, you'll need waffles to make it through. Nothing is sacred not even each other. Over the last two years, we've raised over $2000 for the EFF, let's see how much we can raise this year.



David Mortman (@mortman.com) is the Chief Security Architect at Enstratius and is a Contributing Analyst at Securosis. Before enStratus, he ran operations and security for C3. Formerly the Chief Information Security Officer for Siebel Systems, Inc., Previously, Mr. Mortman was Manager of IT Security at Network Associates. Mr. Mortman has also been a regular panelist and speaker at RSA, Blackhat, Defcon and SSecure360 as well. Mr. Mortman sits on a variety of advisory boards including Qualys. He holds a BS in Chemistry from the University of Chicago. David writes for Securosis, Emergent Chaos and the New School blogs.



Rich Mogull (@rmogull) is a recovering Gartner analyst who is embarrassed at corporate events because he actually enjoys using technology and can even pop a shell in a pinch. He is a DEF CON Goon, former paramedic and ski patroller, and once drove a submarine for a few minutes without hitting anything. In previous Fail panels he has broken robots, hacked WiFi, impersonated a money mule, and launched rockets.



Chris Hoff is VP of Strategy & Planning at Juniper Networks' Security Business Unit, previously serving as chief security architect, responsible for worldwide security solutions architecture, customer advocacy, and field enablement.



He was previously director of cloud & virtualization solutions at Cisco Systems where he focused on virtualization and cloud computing security, spending most of his time interacting with global enterprises and service providers, governments, and the defense and intelligence communities.



Prior to Cisco, he was Unisys Corporation’s chief security architect, served as Crossbeam Systems' chief security strategist, was the CISO and director of enterprise security at a $25 billion financial services company and was founder/CTO of a national security consultancy amongst other startup endeavors.



Dave Maynor is a founder of Errata Security and serves as the Chief Technical Officer. Mr. Maynor is responsible for day-to-day technical decisions of Errata Security and also employs a strong background in reverse engineering and exploit development to produce Hacker Eye View reports. Mr. Maynor has previously been the Senior Researcher for Secureworks and a research engineer with the ISS Xforce R&D team where his primary responsibilities included reverse engineering high risk applications, researching new evasion techniques for security tools, and researching new threats before they become widespread. Before ISS, Maynor spent 3 years at Georgia Institute of Technology (GaTech), with the last two years as a part of the information security group as an application developer to help make the sheer size and magnitude of security incidents on campus manageable. Before that Maynor contracted with a variety of different companies in a widespread of industries ranging from digital TV development to protection of top 25 websites to security consulting and penetration testing to online banking and ISPs.



James Arlen (@myrcurial) is a senior consultant at Leviathan Security Group providing security consulting services to the utility and financial verticals. He has been involved with implementing a practical level of information security in Fortune 500, TSE 100, and major public-sector corporations for 19+ years. James is also a contributing analyst with Securosis and has a recurring column on Liquidmatrix Security Digest. Best described as: "Infosec geek, hacker, social activist, author, speaker, and parent." His areas of interest include organizational change, social engineering, blinky lights and shiny things.



Rob Graham (@ErrataRob) is an American security consultant, best known as the father of network IPS and the creator of BlackICE. He's been in cybersec since before people started using the term "cybersec," starting as a child learning from his grandfather, who was a code breaker in WWII.







More Bios to Come Soon

return to top

Hardware Hacking with Microcontrollers: A Panel Discussion

Microcontrollers and embedded systems come in many shapes, sizes and flavors. From tiny 6-pin devices with only a few bytes of RAM (ala the DEF CON 14 Badge) to 32- bit, eight core multiprocessor systems (ala DEF CON 20 Badge), each has their own strengths and weaknesses. Engineers and designers tend to have their favorites, but how do they decide what part to work with? Join DEFCON Badge designers Joe Grand and LoSTBoY, master of embedded system design FirmWarez, devoted electronics hobbyist Smitty, and moderator extraordinaire RenderMan as they argue the virtues of their favorite microcontrollers and answer questions about hardware hacking. If you're just getting started with electronics and are trying to navigate the sea of available microcontrollers, microprocessors, and modules, this panel is for you.



Joe Grand (@joegrand) is an electrical engineer and hardware hacker. He runs Grand Idea Studio (www.grandideastudio.com) and specializes in the design of consumer and hobbyist embedded systems. He created the electronic badges for DEFCON 14 through 18 and was a co-host of Discovery Channel's Prototype This. Back in the day when he was known as Kingpin, he was a member of the infamous hacker group L0pht Heavy Industries.



Mark 'Smitty' Smith (@SmittyHalibut) is a network engineer and system administrator by day, relentless maker by night. (And by the weekend.) Electronics and computers have been a hobby of his since childhood with his first 50-In-1 and a TRS-80 at the age of 6. (And by lunch hour.) Microcontrollers have been a part of his repertoire since the 8051 in the mid 90s. His recent experience includes: Arduino, native Atmel, Propeller and BASIC Stamp. He is currently spending most of his Maker energies in the analog domain on Audiophile Electronics. (And by coffee break. In fact, it's safe to say he's always involved in some project or other.)



LosT (@1o57) With a background in mathematics and robotics LosT spends his free time between calculating how to take over the world and building the robots to accomplish it. Deciding to teach others how to create robot overlords, he created the Hardware Hacking Village for the DEF CON community with Russ in an effort to get more people involved with hardware. Fearing competition LosT devised the Mystery Challenge to confuse and confound those who would rise up against him- eventually becoming the creator of the badges to that same end. Really he just wants to juggle and read books these days, or watch MST3K with Tom.



RenderMan (@ihackedwhat) is a white hat by trade, blackhat by fashion. He spends his days fixing stuff that other people break and evenings finding new ways to break stuff once people fix it. A frequent speaker at conferences around the world, he tries to make the world a better place by educating people about security and the hacker ethic and stuffing random electronics into stuffed toys to make them creepier than ever imagined.



FirmWarez (@FirmWarez) is an embedded systems engineer with twenty years experience developing microcontroller based devices ranging from toys to military hardware. Having gone the MBA route to collect such titles as 'Director of Engineering' and 'VP of Engineering', he still stays directly active in designing and building electronics for fun and profit. Currently involved in a couple of start-ups as well as freelance jobs, he works from an obfuscated lab in a barn somewhere deep in flyover country.



return to top

Meet the VCs

Venture capital investments have reached the highest level since the dot-com days. Almost seven billion dollars was invested last quarter alone. While clean-tech deals hit a new low, security deals increased the most. Security is the new black. How should we spend the next billion? Meet the VCs and strategize on the future!

Deepak Jeevankumar, partner at General Catalyst, focuses on investments in cloud computing, big data, data center infrastructure and clean energy. He has been with General Catalyst Partners since 2010, first in Boston and later in the firm’s Palo Alto office and has been closely involved in our investments in DataGravity, Virtual Instruments and Sunglass. Prior to joining GC, Deepak worked at Sun Microsystems and was an intern at the Yale Investments Office. At Sun, he was involved in designing a few top 10 supercomputers in the industry and led the high performance computing architecture practice in the Asia-Pacific region. Deepak is a graduate of the National University of Singapore, earning a B.Eng. in Computer Engineering; the Singapore-MIT Alliance, earning a S.M. in Computer Science; and the Yale School of Management, earning an M.B.A.

John M. Jack actively consults startups and is a board partner at Andreessen Horowitz. Most recently, JJ was the CEO of Fortify Software, which was acquired by Hewlett-Packard in 2010 and was the market leader in protecting enterprises from the threats posed by security flaws in business-critical software applications. Prior to this, JJ was the CEO of Covalent (acquired by VMware), the COO of The Vantive Corporation (acquired by PeopleSoft) and held executive positions at Sybase Inc. JJ is on the boards of CipherCloud, ClearSlide, AlienVault and Cenzic.



return to top

The Policy Wonk Lounge

Can wonks hack it at DEF CON? Lean back and settle in for a stimulating evening of debate on Washington's most complex cybersecurity policy issues.



Join US Government insiders for an exclusive discussion session on domestic surveillance law, foreign computer criminals, law enforcement and criminal penalties, power grid regulation, user identity and privacy, and more. The debate rages in DC... and at DEF CON for one night only!



return to top

DEF CON 101

DC101 is the Alpha to the closing ceremonies' Omega. It's the place to go to learn about the many facets of Con and to begin your Defconian Adventure. Whether you're a n00b or a long time attendee, DC101 can start you on the path toward maximizing your DEF CON Experiences.



You don't need a badge to see the 101 Talks, though some of the content may make it an R Rated movie.



HighWiz █████ █████ ████████ ██ President Obama's ███ ███ ████ advanced persistent threat ███████████ █████████: █████ █ "Justin Bieber" ███ ███ Roswell, NM. █ ██████ ████████ ███ █████ █████████ ██ ███ Treaty of Versailles ███ ██ ███ ████████/███████ █████████ ██ ███ global peace & security ████ █████████ SPECTRE ███ █ █████ 1984 Olympic Games █████████ ███ ██████████ " the final solution" ██. ███████'█ █████ ████ ██ █████ ███████ ██ ███ ██ ███ NSA's PRISM program ████ ███ ███████ Council of Nicea ████████ ████ ██ Kremlin ██ ███ DPRK ██ ███████ ███ military industrial complex ████ █████ ███. █████ █████ ██ ████ ███████: ███████ ███ ████ ███ as the inspiration for ████ ██ ███ ████████ Full Metal Jacket ███ ██ ████ Gen Keith Alexander. ██ ███ ████ ██████ ██ top secret surveillance dirigible ██████ ███ ███████ ████ ██ the gay agenda ██ ███ █████ ██ ███ secret alliance of Opus Dei and the Jesuits ███ ████████ ███ truth, justice, and The American Way. [This biographical information has been redacted for your protection]



Pyr0 is the asshole who oversees the Contests and Events at DEF CON. He's been attending since DEF CON 6 and a goon since DEF CON 7. One of those 3 0 3 peoples and also rolls deep with Security Tribe. Loves good vodka, smart girls, explosives, and big black . . . guns. Has the ability to tell a man to go to hell so that he looks forward to the trip. ALSO:DONGS



Lockheed (@TheLockheed) was the Sr. Goon in charge of the DEF CON Network Operations Group since DEF CON 4. He retired last year - which means he's still involved and has a new role in DEF CON (because you never really retire!). Professionally, Lock has over 25 years of experience in the technology field. He's had jobs ranging from tech writer, mainframe operator, product engineer, product marketing manager, and is currently Sr Director in charge of the Global IT Group for Sony PlayStation Worldwide Studios. He's been in the video game industry for almost 10 years now & already has a PS4 (and thinks it's pretty kick-ass!).



Roamer (@shitroamersays) is the Senior Goon in charge of the Vendor Area. He has been on DEF CON staff since DEF CON 8. He was the founder of the DEF CON WarDriving contest the first 4 years of it's existence and has also run the slogan contest in the past. Roamer is one of the guitarists in the Goon Band, Recognize. Although having no actual skills his ability to drink virtually every Goon and attendee under the table has gained him massive prominence in the scene and elevated him to the lofty station you see him in today. When not "working" at DEF CON he is "working" as the Global Information Security Manager and Sr. Enterprise Architect for Sony PlayStation WorldWide Studios.



LosT mucks around with Defcon on occasion. He is the creator of the Hardware Hacking Village, the LosT@Defcon Mystery Challenge, and for the past few years the Defcon badges and badge challenges. Russ says he's the official Defcon Puzzlemaster, but LosT still doesn't believe him. In his other life LosT enjoys playing the bass and linguistics, among other things. He's also been known to study mathematics, electrical engineering and physics in his spare time.



return to top

Hacking Management: From Operations to Command

So you've been in IT for a while. You've done well. You like your job. When is it time to move on? We aren't talking about finding another job doing the same work. We are talking about making the decision that it's time to bite the bullet and make the dreaded transition into management. For most IT folks management is a dirty word, but should it be? In this talk a senior IT professional, a hybrid engineer/manager and a senior director will talk about the paths that brought them to their positions and why they have chosen to either stay in hands on roles or transition in management roles.



Lockheed (@TheLockheed) was the Sr. Goon in charge of the DEF CON Network Operations Group since DEF CON 4. He retired last year - which means he's still involved and has a new role in DEF CON (because you never really retire!). Professionally, Lock has over 25 years of experience in the technology field. He's had jobs ranging from tech writer, mainframe operator, product engineer, product marketing manager, and is currently Sr Director in charge of the Global IT Group for Sony PlayStation Worldwide Studios. He's been in the video game industry for almost 10 years now & already has a PS4 (and thinks it's pretty kick-ass!).



Roamer (@shitroamersays) is the Senior Goon in charge of the Vendor Area. He has been on DEF CON staff since DEF CON 8. He was the founder of the DEF CON WarDriving contest the first 4 years of its existence and has also run the slogan contest in the past. Roamer is one of the guitarists in the Goon Band, Recognize. Although having no actual skills his ability to drink virtually every Goon and attendee under the table has gained him massive prominence in the scene and elevated him to the lofty station you see him in today. When not "working" at DEF CON he is "working" as the Global Information Security Manager and Sr. Enterprise Architect for Sony PlayStation WorldWide Studios.



Naifx is a NOC Goon that has been with the DEF CON outfit for the last 7 CONs. He has been working in the Information Technology for a number of years in both the government and private sector. Naifx's ability to take a situation that has almost zero resources and innovative an elegant solution is inspiring. When not "working" at DEF CON he is "working" as a Staff Systems Engineer for Sony PlayStation WorldWide Studios.



return to top

The Ninjaneers: Getting started in Building Your Own Robots for World Domination.

So what’s your excuse for not building that robot idea you’ve been kicking around for months? Your excuse is invalid and we’re here to explain why. In this day in age ‘robots’ are in every corner of our lives. So why are you not hacking them? It’s time you take your computer skills and apply them to things that interact with the physical world. We will show you how easy it is to get started building your own robots to do your bidding or at a minimum make cool robot noises and impress the ladies*.



We will cover the various pitfalls we’ve run across building and operating various robots from advanced underwater gliders, beer delivery carts, CNC routers and 3D printers.



*Success with the ladies not guaranteed.



Beaker is a workshop dwelling, builder of killer robots and domesticated beer delivery devices. He’s spent his working life diddling computers for various organizations from early startups to three letter agencies and is still amazed this produces a paycheck. When he’s not molesting 1’s & 0’s for money he can be found building contraptions of questionable merit.



Flipper is a hardware hacker obsessed with lowering the cost of underwater robots. In his professional life Flipper is being employed by an EV manufacturer working to reduce the cost of high efficiency electric vehicles.



return to top

Decrypting DEFCON: Foundations Behind Some of the Games Hackers Play

Continuing on his 101 talk from last year (building a foundational knowledge, or at least where to start doing so), LostboY will discuss the crypto, puzzles, and tech that is seen all over Defcon each year. The floors, signs, program, lanyards, badges all have elements of mystery to them each year, and LosT will discuss the foundational knowledge/skills that were requisite in years past. The 4-bit processor that was drawn out on the floors last year will be discussed as a foundation on understanding how a processor works. (Everyone says they know a processor uses binary, but how many actually *know* what that means, or how to build one?) Fundamentals of digital logic design seem like a good next step from last year's talk. LosT will likely wax philosophical at some point as well.



LosT mucks around with DEF CON on occasion. He is the creator of the Hardware Hacking Village, the LosT@Defcon Mystery Challenge, and for the past few years the Defcon badges and badge challenges. Russ says he's the official Defcon Puzzlemaster, but LosT still doesn't believe him. In his other life LosT enjoys playing the bass and linguistics, among other things. He's also been known to study mathematics, electrical engineering and physics in his spare time.



return to top

Intro to Web Application Hacking

This talk will will cover web application attack basics to get any n00b started on the path of web app pentesting. Specifically we will cover cross site scripting attacks in javascript, sql injections with a mysql backend, and remote/local file inclusions within PHP. Others people that may join us through the presentation will be Alex Heid, Rod Soto, p33p33, chatters, and a few other special friends of the fish.



Terrence “Tuna” Gareau, Principal Research Scientist for Prolexic Technologies, began his IT security career more than 10 years ago. His experience encompasses enterprise security in addition to distributed denial of services (DDoS) expertise, and he has mitigated some of the Internet’s largest DDoS attacks for both government agencies and private enterprises. Tuna is a leader for architecture, engineering and research teams, creating solutions to protect client networks, establishing security testing policies, network and digital forensics, and serving as the subject matter expert for multiple private and government organizations. His past experience includes work at the Food and Drug Administration (FDA) and Chickasaw Nations Industries. A recognized expert in DDoS attack mitigation, Tuna has shared his knowledge at Defcon, NoVa Hackers, NIH, FDA, and other organizations.



return to top

Oil & Gas Infosec 101

Ever wonder what it's like to secure off-shore platforms, field operations, and aging SCADA systems? Take a ride through how Oil & Gas companies operate and what the pitfalls are in trying to fix technology that predates enterprise IT and make them more secure. SCADA, wifi/radio/satellite communication, and corporate IT all come together and it's up to YOU to figure out how to make sense of it all.



Aaron Bayles (@AlxRogan) was born and raised in the Oil and Gas industry, and has worked (off and on) there since 1995. He has gooned since DEF CON 12, and is a professional contest participant (CTF, Wardriving, ScavHunt). In his work experience, he has consulted for energy generating companies, health care providers, US and local government, and education/research institutions. He is currently the Information Security Architect for a mid-size oil and gas company in Houston.



return to top

Wireless Penetration Testing 101 & Wireless Contesting

Whether it’s war-driving or doing penetration testing of wireless networks there are tools, hardware and software, that have shown to stand the test of time.



Some of the biggest difficulties that users encounter are hardware related. This talk will cover the hardware and software that we as experienced wireless pentesters recommend for users just starting out. To provide some hands on experience with wireless penetration testing, we have developed a number of mini-contest that will be conducted in the Wireless Village. We will provide an over view of these contest designed to test your wireless skills whether you are new to wireless or an experienced wireless penetration tester.



DaKahuna works with large government agencies criticizing network and security architectures, wreaking havoc on information assurance and information security policies, standards and guidance. By night he enjoys snooping the Ether be it the amateur radio bands or his neighbors wireless networks. He is a father of two, 24 year Navy veteran, holder of an amateur radio Extra Class license and a staunch supporter and exerciser of his 2nd Amendment rights.



Rick Mellendick (@rmellendick) is a builder and breaker of RF things, defender of good and evil depending on your perspective, lots of time in the IT security space, and been involved with DefCon wireless as a competitor and visionary since 2002, and his last name is MELLENDICK



return to top

Pentesters Toolkit

You've been hired to perform a penetration test, you have one week to prepare. What goes in the bag? What is worth lugging through airport security and what do you leave home. I'll go through my assessment bag and show you what I think is important and not, talk about tools and livecd's, what comes in handy and what I've cut out of my normal pen-test rig.



Anch (@boneheadsanon) is a lead for the Chickasaw Nation Industries Red Team performing penetration tests, and accreditation's for the public and private sector.



Anch has 10 year’s experience in cyber security. He was the Network Security Architect at a major power administration. At Mentor Graphics he spent time as a network engineer providing enterprise networking, firewall and VPN support for a global network comprising of 72 connected sites worldwide. He has been involved in or lead over 75 penetration tests on over 200 networks.



Anch's background related to control systems is unrivaled in the bulk power generation and transmission areas. During this time he developed unique perspectives on the areas of compliance and regulation in the power industry.



return to top

Meet Pentoo, the Longest Running Pen-testing Linux Distro

Pentoo is the longest running Penetration Testing Linux distribution, pre-dating many of today's more popular distributions. We have sacked our non-existent marketing department and now, we're here to show what our experience and stability can do for you. Do you feel you must choose between a functional daily OS and a specialized pen-testing distro? Do you struggle to balance cutting edge tools and rock solid stability? Have other pen testing distributions left you between a rock and a hard place, with a new install as the only upgrade path? Come discover the hardened, cutting edge, rock solid linux distro of your daily use dreams. No compiling required.



ZeroChaos (@pentoo_linux)is the current lead developer for Pentoo Linux and a developer for Gentoo Linux as well as a general free and open source software zealot. When not developing for Pentoo Linux he is developing for Gentoo Linux, and in his spare time from that he enjoys developing for Pentoo Linux.



return to top

Business logic flaws in mobile operators services

GSM has been attacked in many different ways in the past years. But regardless of the protocol issues, there are also flaws in the logic of the mobile operators’ services. One may think that finding an issue which affects only one specific operator in some country couldn't affect other operators. However, this is not the case as most of the operators are using the same equipment and have the same implementation of their services in all of the countries as the operator's group prefers to have a uniform service.



This presentation examines different implementation flaws of mobile services which allows you to perform things like accessing someone else's online account, getting free Internet on your mobile device even when roaming, placing free mobile phone calls.



Bogdan Alecu (@msecnet) works as a System Administrator for an IT services company and, during his free time, he is an Independent Security Researcher. He received his BSc in Business Information Systems from the "Alexandru Ioan Cuza" University of Iasi. Bogdan has researched for many years in mobile security, starting with Voice over IP and continuing with GSM. One of his research in the GSM security could allow a potential attacker to perform a remote SMS attack which can force mobile phones to send premium-rate text messages. Bogdan is also a frequent speaker at security conferences like DeepSec, EUSecWest, and DefCamp. For more details about him check http://www.m-sec.net



return to top

Fear the Evil FOCA: IPv6 attacks in Internet connections

Windows boxes are running IPv6 by default so LANs are too. Internet is not yet ready for IPv6 worldwide, but... you can connect internal IPv6 networks to external IPv4 web sites with few packets. In this session you will see how using the new Evil FOCA tool, created to perform IPv6 networks attacks, it is possible to hack Internet IPv4 connections creating a man in the middle in IPv6 networks. And yes, it is only one point and click tool that does all for you. Evil FOCA does man in the middle IPv4, man in the middle IPv6, man in the middle IP4-IPv6, SSL strip, collects passwords, session cookies, and much more tricks. You will love this new Evil FOCA.



Chema Alonso (@chemaalonso) is a Security researcher with Eleven Paths , a Telefonica Digital company. Chema holds respective a PhD in Compter Security on top of Computer Science and System Engineering degrees from Rey Juan Carlos University and Universidad Politecnica de Madrid. During his more than 12 years as a security professional, he has consistently been recognized as a Microsoft Most Valuable Professional (MVP). Chema is a frequent speaker at industry events and has been invited to present at information security conferences worldwide including Black Hat Briefings, Defcon, ShmooCON, DeepSec, HackCON, Ekoparty and RootedCon - He is a frequent contributor on several technical magazines in Spain, where he is involved with state-of-the-art attack and defense mechanisms, web security, general ethical hacking techniques and FOCA tools.



return to top

Suicide Risk Assessment and Intervention Tactics

Suicide is the 10th leading cause of death in the United States, yet it persists as one of the few remaining taboo topics in modern society. Many characteristics linked to elevated suicide risk are prevalent in the technical community, and the effects of suicide within any community extend far beyond those directly involved. Prevention and intervention, however, are not a mystery. This workshop presents evidence based practices to assess suicide risk in others, and an introduction to the step-by-step practice of crisis intervention.



Rather than presenting a "depressing discussion of depression," attendees will learn the same threat modeling and crisis response best practices taught to first responders and mental health professionals, in a condensed format that answers many common questions people may be afraid to ask. Special attention will be paid to risk as it affects our particular community, and an overview of crisis network technical implementations / limitations (effects of digital anonymity & ethical concerns, etc.) will be presented.



Much like simple CPR training equips everyday people with the knowledge and confidence to help a heart attack victim that is likely a stranger, widespread dissemination of crisis intervention training aims to equip everyday people to prevent a suicide - most often, of a friend.



Amber Baldet (@AmberBaldet) performs product development and systems analysis at a top tier investment bank. Her work involves interesting capital markets applications and mundane infosec policy implementation, neither of which can she talk about. She enjoys teaching kids how to build blinky flashy things and presenting the “Digital Privacy and the Ethics of Development” portion of the Girls Who Code curriculum. As part of her volunteer work, Amber was certified as an Online Counseling and Suicide Intervention Specialist by the QPR Institute in 2011.



return to top

Combatting Mac OSX/iOS Malware with Data Visualization

Apple has successfully pushed both its mobile and desktop platforms into our homes, schools and work environments. With such a dominant push of its products into our everyday lives it comes as no surprise that both of Apple's operating systems, OSX and iOS should fall under attack by malware developers and network intruders. Numerous organizations and Enterprises who have implemented BYOD (bring your own device) company policies have seemingly neglected the security effort involved in protecting the network infrastructure from these potential insider threats. The complexity of analyzing Mach-O (Mach object file format) binaries and the rising prevalence of Mac-specific malware has created a real need for a new type of tool to assist in the analytic efforts required to rapidly identify malicious content. In this paper we will introduce Mach-O Viz, a Mach-O Interactive Data Visualization tool that lends itself to the role of aiding security engineers in quickly and efficiently identifying potentially malicious Mach-O files on the network, desktop and mobile devices of connected users.



Remy Baumgarten (@anrctraining) is a security developer and researcher for ANRC, a fast growing market leader in computer security training and consulting. He is highly skilled in reverse engineering and malware analysis on various platforms including Windows, OSX, Linux and iOS. He is also a low level programmer on various platforms. Before joining ANRC Mr. Baumgarten was a Technical Lead on the Malware Team and the mobile expert on iOS at Booz Allen Hamilton. In his spare time he enjoys delving into various architectures such as AVR, ARM and x86_64.

LinkedIn



return to top

MITM All The IPv6 Things

Back in 2011, Alec Waters demonstrated how to overlay a malicious IPv6 network on top of an IPv4-only network, so that an attacker can carry out man-in-the-middle attacks on IPv4 traffic and subvert the assumed end to end security model. This attack is potentially powerful but requires involves a complex series of manual system configuration and setup activities, including the use of experimental and since-deprecated techniques. In addition, technology updates rendered Waters' implementation of the attack ineffective on certain platforms, such as Windows 8.



We reviewed the attack and tried it against current operating systems. We found configuration updates were needed to make it work against Windows 8 hosts and have packaged our setup into a script called "Sudden Six" to make launching the attack quick and painless. This attack now works against a variety of different platforms and operating systems, which will allow you to man-in-the-middle IPv6 traffic in record time.



This talk will discuss how the attack works as well as discuss our automation strategy and some pitfalls we uncovered. The "Sudden Six" configuration utility will be released and a demonstration of the attack against Windows 8 will be provided.



Scott Behrens (@HelloArbit) is currently employed as a senior security consultant at Neohapsis and an adjunct professor at DePaul University. An avid coder and researcher, he has contributed to a number of open source tools for both attack and defense. Scott Behrens is the co-developer of NeoPI, a framework to aid in the detection of obfuscated malware. Scott also co-developed BBQSQL, a rapid blind sql injection exploitation framework. Scott has presented security research at DEF CON, DerbyCon, Security Forum Hagenberg, Security B-sides Chicago, and ISACA Milwaukee. Scott has also published security white papers for InformationWeek magazine, the Infosec Institute, and the Neohapsis blog.



Brent Bandelgar is an Associate Security Consultant at Neohapsis, focused on delivering network penetration testing, application security assessments, and security architecture. Prior to Neohapsis, Brent was a member of the Apple Consultants Network delivering managed IT services and custom solutions centered on the Apple Mac OS X and iOS platforms. Brent has extensive background in developing and supporting Web applications in PHP as well as tools in Bash and Python. Brent Bandelgar holds a Master's of Science in Network Security from DePaul University as well as the Apple Certified System Administrator and Mobile Technical Competency certifications from Apple, Inc.

return to top

PowerPwning: Post-Exploiting By Overpowering PowerShell

PowerShell is a scripting language included with all modern Windows operating systems, which, among other features, provides access to the Win32 API and the capability to run scripts on remote servers without writing to disk. PowerShell scripts bypass application white listing, application-signing requirements, and generally bypass anti-virus as well.



While all of these characteristics are very desirable to a penetration tester, rewriting penetration test tools in PowerShell would be time consuming. Instead, I will show how to combine PowerShell and assembly to reflectively load existing EXE’s and DLL’s without writing to disk, triggering anti-virus, or triggering application whitelisting. I’ll finish with several demonstrations of the Invoke-ReflectivePEInjection script in action.



Joe Bialek (@JosephBialek) is currently a Security Engineer on the Office 365 Red Team at Microsoft where he does security research, red teaming, penetration testing, tool development, and code review. Joe was a contributor to Microsoft's Pass the Hash guidance paper, and has been a contributor to other large security efforts within the company. Prior to his role at Microsoft, Joe graduated from Western Washington University with a Bachelors degree in Computer Science.



return to top

Transcending Cloud Limitations by Obtaining Inner Piece

With the abundance of cloud storage providers competing for your data, some have taken to offering services in addition to free storage. This presentation demonstrates the ability to gain unlimited cloud storage by abusing an overlooked feature of some of these services.



Zak Blacher is currently pursuing a Masters of Mathematics in Computer Science, and expects to be graduating at the end of August. He has previously completed a Bachelors of Computer Science, and a Masters of Science in Computer Science, having worked with the FIVES research group. He has held internships on the platform team at Sandvine Inc, and digital security team at Compuware Corp.



Social Media: IRC: chalk on #wolf @ espernet



return to top

Made Open: Hacking Capitalism

The game is Capitalism. The rule makers are the banks, corporations and governments. This presentation is about playing a game that is rigged by the rule makers, and winning in such fashion that the game is never the same. If you like breaking things and building them back up, or are a person, please at least watch this at a later time. I forgive you for not attending, but you will not forgive yourself for missing it.



Todd Bonnewell is a person with a message. Nothing Todd has done or said in his professional past in more important than the message. Todd works for the people at MadeOpen.com.



return to top

Data Evaporation from SSDs

Files on magnetic hard drives remain on the drive even after they are deleted, so they can be recovered later with forensic tools. Sometimes SSDs work the same way, but under other conditions they erase this latent data in a "garbage collection" process. Understanding when and how this happens is important to forensic investigators and people who handle confidential data.



I'll explain the purpose of garbage collection, and how it is affected by the operating system, SSD model, BIOS settings, TRIM, and drive format. I'll demonstrate SSD data evaporation on a MacBook Air and a Windows system, using my "evap" tool (available for everyone to use) that makes it easy to test SSDs for data evaporation.



Sam Bowne (@sambowne) has been teaching computer networking and security classes at CCSF since 2000. He has given talks at DEF CON, BayThreat, LayerOne, Toorcon, and lightning talks at HOPE on Ethical Hacking, and taught classes and seminars at many other schools and teaching conferences. He has a PhD and a lot of industry certifications, but still no CISSP.



return to top

Evil DoS Attacks and Strong Defenses

On the attack side, this talk will explain and demonstrate attacks which crash Mac OS X, Windows 8, Windows Server 2012, and Web servers; causing a BSOD or complete system freeze. The Mac and Windows systems fall to the new IPv6 Router Advertisement flood in thc-ipv6-2.1, but only after creating a vulnerable state with some "priming" router advertisements. Servers fail from Sockstress--a brutal TCP attack which was invented in 2008, but still remains effective today.



On the defense side: the inside story of the DDoS that almost Broke the Internet.



In March 2013, attackers launched an attack against Spamhaus that topped 300Gbps. Spamhaus gave us permission to talk about the details of the attack. While CloudFlare was able to fend off the attack, it exposed some vulnerabilities in the Internet's infrastructure that attackers will inevitably exploit. If an Internet-crippling attack happens, this is what it will look like. And here's what the network needs to do in order to protect itself.



Sam Bowne (@sambowne) has been teaching computer networking and security classes at CCSF since 2000. He has given talks at DEFCON, BayThreat, LayerOne, Toorcon, and lightning talks at HOPE on Ethical Hacking, and taught classes and seminars at many other schools and teaching conferences. He has a PhD & lot of industry certs but still no CISSP.



Matthew Prince (@eastdakota) is the co-founder & CEO of CloudFlare, the web performance and security company.



Matthew wrote his first computer program at age 7 when his mom would sneak him in to university computer science courses. After attending law school, he worked as an attorney for one day before jumping at the opportunity to be a founding member of a tech startup. He hasn't looked back. CloudFlare is Matthew's third entrepreneurial venture. CloudFlare was named a 2012 Technology Pioneer by the World Economic Forum and selected by the Wall Street Journal as the Most Innovative Internet Technology company for the last two years running. Today, CloudFlare accelerates and protects more than 120 billion page views for over a million customers and more than 1.5 billion web visitors every month.



Matthew holds a degree in English and Computer Science from Trinity College. He graduated with highest honors from the Harvard Business School where he was a George F. Baker Scholar and was awarded the Dubliner Prize for Entrepreneurship. He earned a JD from the University of Chicago and is a member of the Illinois Bar. He teaches technology law as an adjunct professor at the John Marshall Law School where he serves on the Board of Advisors for the Center for Information Technology and Privacy Law. He is also the co-creator of Project Honey Pot, the largest community of webmasters tracking online fraud and abuse. On the side, Matthew is a certified ski instructor, a former mountain guide, and a regular attendee of the Sundance Film Festival.

return to top

RFID Hacking: Live Free or RFID Hard

Have you ever attended an RFID hacking presentation and walked away with more questions than answers? This talk will finally provide practical guidance on how RFID proximity badge systems work. We'll cover what you'll need to build out your own RFID physical penetration toolkit, and how to easily use an Arduino microcontroller to weaponize commercial RFID badge readers — turning them into custom, long-range RFID hacking tools.



This presentation will NOT weigh you down with theoretical details, discussions of radio frequencies and modulation schemes, or talk of inductive coupling. It WILL serve as a practical guide for penetration testers to understand the attack tools and techniques available to them for stealing and using RFID proximity badge information to gain unauthorized access to buildings and other secure areas. Schematics and Arduino code will be released, and 100 lucky audience members will receive a custom PCB they can insert into almost any commercial RFID reader to steal badge info and conveniently save it to a text file on a microSD card for later use (such as badge cloning). This solution will allow you to read cards from up to 3 feet away, a significant improvement over the few centimeter range of common RFID hacking tools.



Some of the topics we will explore are:

Overview of best RFID hacking tools available to get for your toolkit

Stealing RFID proximity badge info from unsuspecting passers-by

Replaying RFID badge info and creating fake cloned cards

Brute-forcing higher privileged badge numbers to gain data center access

Attacking badge readers and controllers directly

Planting PwnPlugs, Raspberry Pis, and similar devices as physical backdoors to maintain internal network access

Creating custom RFID hacking tools using the Arduino

Defending yourself from RFID hacking threats

This DEMO-rich presentation will benefit both newcomers and seasoned professionals of the physical penetration testing field.



Francis Brown (@security_snacks) CISA, CISSP, MCSE, is a Managing Partner at Bishop Fox (formerly Stach & Liu), a security consulting firm providing IT security services to the Fortune 1000 and global financial institutions as well as U.S. and foreign governments. Before joining Bishop Fox, Francis served as an IT Security Specialist with the Global Risk Assessment team of Honeywell International where he performed network and application penetration testing, product security evaluations, incident response, and risk assessments of critical infrastructure. Prior to that, Francis was a consultant with the Ernst & Young Advanced Security Centers and conducted network, application, wireless, and remote access penetration tests for Fortune 500 clients.



Francis has presented his research at leading conferences such as Black Hat USA, DEF CON, RSA, InfoSec World, ToorCon, and HackCon and has been cited in numerous industry and academic publications.



Francis holds a Bachelor of Science and Engineering from the University of Pennsylvania with a major in Computer Science and Engineering and a minor in Psychology. While at Penn, Francis taught operating system implementation, C programming, and participated in DARPA-funded research into advanced intrusion prevention system techniques.

https://www.facebook.com/BishopFoxConsulting

https://twitter.com/security_snacks

return to top

OTP, It won't save you from free rides!

RFID technologies are becoming more and more prevalent in our lives. This motivated us to study them, and in particular to study the MIFARE ULTRALIGHT chips, which are widely used in public/mass transport systems. We focused on multiple-ride tickets, and were surprised that MIFARE ULTRALIGHT chips do not seem to use any type of encryption. We were excited at the idea of simply cloning a new, unused ticket onto older ones to "refill" them. Our excitement was cut short by a security feature called OTP. OTP, in the context of MIFARE chips, is a sector of the data that can be edited (initialized) only one time. In this way, the ticket can store how many rides you still have, and this value cannot be changed back.



After much tinkering, we were able to completely bypass this security feature, by (ab)using a separate security feature, the so-called "lockbyte sector". Join us in this session to learn how we found out how to use security features of the chip against each other, and obtain endless free rides with a 5-ride ticket.



bughardy (@_bughardy_) In 2013 bughardy ended his high school studies in Italy and has been admitted at Politecnico of Torino ( Turin ) in Telecommunication Engineering. His interests are Network Security and Hacking, He loves WiFi networks, and wireless connectivity. Bughardy is currently working with Eagle1753 on a WiFi security book. In dark nights, he dreams of one day being a pentester.



Eagle1753 (@Eagle1753) is a student at Politecnico of Torino (Turin). Eagle1753 is currently working together with bughardy on a WiFi security book, and is interested in wireless networks of any kind. He likes to study how things work, is very fond of Physics, in particular he loves electricity and sparks. He started programming databases, and one day hopes to become a developer in Robotics. According to his opinion, everyday life is a challenge and we all need challenges in order to go further in life.



return to top

Open Public Sensors, Trend Monitoring and Data Fusion

Our world is instrumented with countless sensors. While many are outside of our direct control, there is an incredible amount of publicly available information being generated and gathered all the time. While much of this data goes by unnoticed or ignored it contains fascinating insight into the behavior and trends that we see throughout society. The trick is being able to identify and isolate the useful patterns in this data and separate it from all the noise.



Previously, we looked at using sites such as Craigslist to provide a wealth of wonderfully categorized information and then used that to answer questions such as "What job categories are trending upward?", "What cities show the most (or the least) promise for technology careers?", and "What relationship is there between the number of bikes for sale and the number of prostitution ads?" After achieving initial success looking at a single source of data, the challenge becomes to generate more meaningful results by combining separate data sources that each views the world in a different way. Now we look across multiple, disparate sources of such data and attempt to build models based on the trends and relationships found therein.



The initial inspiration for this work was a fantastic talk at DC13, "Meme Mining for Fun and Profit". It also builds upon a similar talk I presented at DC18. And once again seeks to inspire others to explore the exploitation of such publicly available sensor systems.



Daniel Burroughs first became interested in computer security shortly after getting a 300 baud modem to connect his C64 to the outside world. After getting kicked off his favorite BBS for "accidently" breaking into it, he decided that he needed to get smarter about such things. Since that time he has moved on to bigger and (somewhat) better things. These have included work in virtual reality systems at the Institute for Simulation and Training at the University of Central Florida, high speed hardware motion control software for laser engraving systems, parallel and distributed simulation research at Dartmouth College, distributed intrusion detection and analysis at the Institute for Security Technology Studies, and the development of a state-wide data sharing system for law enforcement agencies in Florida. Daniel was an associate professor of engineering at the University of Central Florida for 10 years prior to his current position as the Associate Technology Director for the Center for Law Enforcement Technology, Training, & Research. He also is a co-founder of Hoverfly Technologies, an aerial robotics company, and serves on the board of directors for Familab – a hackerspace located in Orlando. He is also the proud owner of two DefCon leather jackets won at Hacker Jeopardy at DEF CON 8 & 9 (as well as few hangovers from trying to win more).



return to top

Conducting massive attacks with open source distributed computing

Distributed computing is sexy. Don't believe us? In this talk we'll show you, on a deep, practical level and with lots of (mostly Python) code, how a highly automated and effective computer network attack could be crafted and enhanced with the help of distributed computing over 'Big Data' technologies. Our goal is to demystify the concept of using distributed computing for network attacks over an open source distributed computing cluster (Hadoop). By the end of this highly demo-focused talk you'll have an understanding of how an attacker could use three of our open source custom-written distributed computing attack tools, or easily build their own, to do whatever it is that they're into (we don't judge).



Alejandro Caceres (@DotSlashPunk) is a software developer, web application penetration tester, and security researcher. His main interest is in the nexus between distributed computing and network/application attacks. He is the founder of the PunkSPIDER project, presented at ShmooCon 2013, which is an open source project to fuzz the entire Internet’s web applications using a Hadoop cluster. He’s also the owner of Hyperion Gray, a software development company focused on open source projects in the area of distributed computing as it relates to security. He didn’t know how to work in shamelessly mentioning the DARPA Cyber Fast Track research project he is also working on (Web 3.0, also being presented at DEF CON 21), so he just wrote it in at the end of the bio. He is very classy.



return to top

Offensive Forensics: CSI for the Bad Guy

As a pentester, when was the last time you 'recovered' deleted files from the MFT of a pwned box? Ever used an index.dat parser for identifying your next target? Do you download browser remnants of your victims to gather their saved form data?



Despite the sensitive information uncovered through forensic techniques, the usage of such concepts have primarily been limited to investigations and incident response. In this talk, we will cover the basics of "Offensive Forensics", what information to look for, how to find it, and the use of old tools in a new way. After looking at the post-exploitation potential, we'll dive into real-world examples and release the first ever "Vulnerable [Forensics] by Design" machine!



Benjamin Caudill (@RhinoSecurity) is a principal consultant for Rhino Security Labs, an IS consulting and managed security firm. Prior to his years in consulting, Ben worked as a penetration tester and incident responder in the aerospace and finance industries.



When not hacking all the things, he enjoys long wardrives on the beach and drinking too much (not necessarily in that order).



return to top

Utilizing Popular Websites for Malicious Purposes Using RDI

Reflected DOM Injection is a new attack vector that will be unveiled for the first time in our talk! We will explain the technique and show a live demo where we use it to hide malicious code within popular and trusted websites.



Daniel Chechik is a veteran security researcher at Trustwave's SpiderLabs. Among other things, he specializes in malware analysis, web exploits detection, Trojan and botnet detection and neutralizing and defining security requirements for the Secure Web Gateway product. Prior to that, Daniel served in a technological unit as a security specialist in the IDF. During the service, Daniel specialized in CheckPoint Firewall equipment, AntiVirus products and other IT security products. Daniel, among other things, has spoken at the RSA conference, holds CEH and CCSE certificates and has a patent pending for 'Detecting Malware Communication on an Infected Computing Device'.



Anat (Fox) Davidi is a security researcher at Trustwave's SpiderLabs. Her role includes vulnerability analysis, malware analysis and developing detection logic for the Secure Web Gateway product. Prior to that, Anat worked as a security consultant providing security reviews and penetration tests for organizations in various business sectors, ranging from banks and insurance companies to hi-tech corporations. Amongst other things, Anat has spoken at the RSA conference.



return to top

Abusing NoSQL Databases

The days of selecting from a few SQL database options for an application are over. There is now a plethora of NoSQL database options to choose from: some are better than others for certain jobs. There are good reasons why developers are choosing them over traditional SQL databases including performance, scalabiltiy, and ease-of-use. Unfortunately like for many hot techologies, security is largely an afterthought in NoSQL databases. This short but concise presentation will illustrate how poor the quality of security in many NoSQL database systems is. This presentation will not be confined to one particular NoSQL database system. Two sets of security issues will be discussed: those that affect all NoSQL database systems such as defaults, authentication, encryption; and those that affect specific NoSQL database systems such as MongoDB and CouchDB. The ideas that we now have a complicated heterogeneous problem and that defense-in-depth is even more necessary will be stressed. There is a common misconception that SQL injection attacks are eliminated by using a NoSQL database system. While specifically SQL injection is largely eliminated, injection attack vectors have increased thanks to JavaScript and the flexibility of NoSQL databases. This presentation will present and demo new classes of injection attacks. Attendees should be familiar with JavaScript and JSON.



Ming Chow (@tufts_cs_mchow) is a Lecturer at the Tufts University Department of Computer Science. His areas of work are in web and mobile engineering and web security. He teaches courses largely in the undergraduate curriculum including the second course in the major sequence, Web Programming, Music Apps on the iPad, and Introduction to Computer Security. He was also a web application developer for ten years at Harvard University. Ming has spoken at numerous organizations and conferences including the High Technology Crime Investigation Association - New England Chapter (HTCIA-NE), the Massachusetts Office of the Attorney General (AGO), John Hancock, OWASP, InfoSec World (2011 and 2012), DEF CON 19 (2011), the Design Automation Conference (2011), Intel, and the SOURCE Conference (Boston 2013). Ming's projects in information security include building numerous CTF challenges, Internet investigations, HTML5 and JavaScript security, and Android forensics.



return to top

Legal Aspects of Full Spectrum Computer Network (Active) Defense

Full spectrum computer network (active) defense mean more than simply "hacking back". We've seen a lot of this issue lately. Orin Kerr and Stewart Baker had a lengthy debate about it online. New companies with some high visibility players claim they are providing "active defense" services to their clients. But all-in-all, what does this really mean? And why is it that when you go to your attorneys, they say a flat out, "No".



This presentation examines the entire legal regime surrounding full spectrum computer network (active) defense. It delves into those areas that are easily legal and looks at the controversial issues surrounding others. As such we will discuss technology and sensors (ECPA and the service provider exception); information control and management (DRM); and, "active defense" focusing on honeypot, beacons, deception (say hello to my little friend the Security and Exchange Commission); open source business intelligence gathering (CFAA, economic espionage; theft of trade secrets); trace back and retrieval of stolen data (CFAA).



Past presentations have shown much of what is taken away is audience driven in response to their questions and the subsequent discussion. And, as always, I try to impress upon computer security professionals the importance of working closely with their legal counsel early and often, and of course "Clark's Law" - explain the technical aspects of computer security to your attorneys at a third grade level so they can understand it and then turn around and explain it to a judge or jury at a first grade level.



Robert Clark has enjoyed working numerous federal legal jobs for the past two decades. He is the former Cybersecurity Information Oversight & Compliance Officer for the Assistant Secretary of Cybersecurity and Communications, Department of Homeland Security and former legal advisor to the Navy CIO; United States Computer Emergency Readiness Team; and, the Army's Computer Emergency Response Team. In these positions he has provided advice on all aspect of computer network operations. He interacts regularly with many government agencies and is a past lecturer at Black Hat; DEF CON; Stanford Center for Internet and Society and the Berkman Center for Internet & Society at Harvard University -Four TED-TECH Talks 2011; SOURCE Boston 2010; the iapp; and, the DoD's Cybercrimes Conference. He is thrilled to be returning to DEF CON this year



return to top

Blucat: Netcat For Bluetooth

TCP/IP has tools such as nmap and netcat to explore devices and create socket connections. Bluetooth has sockets but doesn't have the same tools. Blucat fills this need for the Bluetooth realm. Blucat can be thought of as a:

debugging tool for bluetooth applications device exploration tool a component in building other applications

Joseph Paul Cohen is a Ph.D. student at the University of Massachusetts Boston. He has worked for large finance, IT consulting, and startup software companies. He now focuses on computer science research in areas of machine learning and cyber security education.

Blucat is designed to run on many different platforms (including Raspberry Pi) by abstracting core logic from native code using the Bluecove library to interact with a variety of Bluetooth stacks. This talk will go over the objectives, designs, and current results of the project. More information is at http://blucat.sourceforge.net/

return to top

Home Invasion 2.0 - Attacking Network-Controlled Consumer Devices

A growing trend in electronics is to have them integrate with your home network in order to provide potentially useful features like automatic updates or to extend the usefulness of existing technologies such as door locks you can open and close from anywhere in the world. What this means for us as security professionals or even just as people living in a world of network-connected devices is that being compromised poses greater risk than before.



Once upon a time, a compromise only meant your data was out of your control. Today, it can enable control over the physical world resulting in discomfort, covert audio/video surveillance, physical access or even personal harm. If your door lock or space heater are compromised, you're going to have a very bad day. This talk will discuss the potential risks posed by network-attached devices and even demonstrate new attacks against products on the market today.



Daniel (@dan_crowley) (aka "unicornFurnace") is a Managing Consultant for Trustwave's SpiderLabs team. Daniel denies all allegations regarding unicorn smuggling and questions your character for even suggesting it. Daniel has developed configurable testbeds such as SQLol and XMLmao for training and research regarding specific vulnerabilities. Daniel enjoys climbing large rocks. Daniel has been working in the information security industry since 2004 and is a frequent speaker at conferences including DEF CON, Shmoocon, and SOURCE. Daniel does his own charcuterie.



Jennifer (@savagejen) is a software engineer that cares about secure development. In her professional life, she has been tackling some of the harder questions surrounding security and privacy in the mobile payments industry. In her spare time, she has been hacking home electronics.



David has more then 10 years of computer security experience, including pentesting, consulting, engineering, and administration. As an active participant in the information security community, he volunteers at DEFCON, where he designs and implements the firewall and network for what is said to be the most hostile network environment in the world. In his spare time he runs the local DEFCON group, DC612, is the president of The Hack Factory, and helps to run Thotcon as an OPER.

return to top

Stepping P3wns: Adventures in full spectrum embedded exploitation (and defense!)

Our presentation focuses on two live demonstrations of exploitation and defense of a wide array of ubiquitous networked embedded devices like printers, phones and routers.



The first demonstration will feature a proof-of-concept embedded worm capable of stealthy, autonomous polyspecies propagation. This PoC worm will feature at least one 0-day vulnerability on Cisco IP phones as well as several embedded device vulnerabilities previously disclosed by the authors. We will demonstrate how an attacker can gain stealthy and persistent access to the victim network via multiple remote initial attack vectors against routers and printers. Once inside, we will show how the attacker can use other embedded devices as stepping stones to compromise significant portions of the victim network without ever needing to compromise the general purpose computers residing on the network. Our PoC worm is capable of network reconnaissance, manual full-mesh propagation between IP phones, network printers and common networking equipment. Finally, we will demonstrate fully autonomous reconnaissance and exploitation of all embedded devices on the demo network.



The second demonstration showcases host-based embedded defense techniques, called Symbiotes, developed by the authors at Columbia University under support from DARPA's Cyber Fast Track and CRASH programs, as well as IARPA's STONESOUP and DHS's S&T Research programs.



The Symbiote is an OS and vendor agnostic host-based defense designed specifically for proprietary embedded systems. We will demonstrate the automated injection of Software Symbiotes into each vulnerable embedded device presented during the first demonstration. We then repeat all attack scenarios presented in the first demo against Symbiote defended devices to demonstrate real-time detection, alerting and mitigation of all malicious embedded implants used by our PoC worm. Lastly, we demonstrate the scalability and integration of Symbiote detection and alerting mechanisms into existing enterprise endpoint protection systems like Symantec End Point.



Ang Cui is a fifth year Ph.D. candidate at Columbia University and Chief Scientist at Red Balloon Security. He has focused on developing new technologies to defend embedded systems against exploitation. During the course of his research, Ang has also uncovered a number of serious vulnerabilities within ubiquitous embedded devices like Cisco routers, HP printers and Cisco IP phones. Ang is also the author of FRAK and the inventor of Software Symbiote technology. Ang has received numerous awards on his research and is the recipient of the Symantec Graduate Fellowship.



Michael Costello is a Research Staff Associate at Columbia University and Scientist at Red Balloon Security. He was a network engineer at various ISPs and other organizations prior to his current work in offensive and defensive research and development of embedded systems.



return to top

Do-It-Yourself Cellular IDS

For less than $500, you can build your own cellular intrusion detection system to detect malicious activity through your own local femtocell. Our team will show how we leveraged root access on a femtocell, reverse engineered the activation process, and turned it into a proof-of-concept cellular network intrusion monitoring system.



We leveraged commercial Home Node-Bs (""femtocells"") to create a 3G cellular network sniffer without needing to reimplement the UMTS or CDMA2000 protocol stacks. Inside a Faraday cage, we connected smartphones to modified femtocells running Linux distributions and redirected traffic to a Snort instance. Then we captured traffic from infected phones and showed how Snort was able to detect and alert upon malicious traffic. We also wrote our own CDMA protocol dissector in order to better analyze CDMA traffic.



The goal of this project was to develop a low-cost proof-of-concept method for capturing and analyzing cellular traffic using locally-deployed femtocells, which any security professional can build.



Sherri Davidoff (@sherridavidoff) is a principal and Senior Security Consultant at LMG Security. She has over a decade of experience as an information security professional, specializing in penetration testing, forensics, social engineering testing and web application assessments. Sherri is the co-author of "Network Forensics: Tracking Hackers Through Cyberspace" (Prentice Hall, 2012). She is a GIAC-certified forensic examiner (GCFA) and penetration tester (GPEN), and holds her degree in Computer Science and Electrical Engineering from MIT.br />Facebook



Scott Fretheim is an expert penetration tester and risk assessment consultant. His clients include Fortune 500 companies, financial institutions, insurance companies, health care organizations, and more. He is a GIAC Certified Web Application Penetration Tester (GWAPT) and is trained in smart grid and SCADA security. He is a founding member of the Montana HTCIA, and holds his B.S. in Management of Information Systems. Scott is an instructor at Black Hat.



David Harrison specializes in digital and mobile device forensics as well as information security research. He is a principal author of the DEFCON 2012 Network Forensics Contest. David holds a A.S. in Computer Science from FVCC and is pursuing a B.S. in Software Design from Western Governor's University.



Randi Price is a security consultant at LMG Security. She specializes in policy and procedure review and development, including ISO 27001 assessments and HIPAA risk analyses. Randi provides security management consulting for large enterprises such as financial and health care organizations. She is a certified digital forensic examiner and holds her GIAC forensic certification (GCFE). Randi holds two BS degrees in Management of Information Systems and Accounting from the University of Montana.



return to top

Revealing Embedded Fingerprints: Deriving intelligence from USB stack interactions

Embedded systems are everywhere, from TVs to aircraft, printers to weapon control systems. As a security researcher when you are faced with one of these 'black boxes' to test, sometime in-situ, it is difficult to know where to start. However, if there is a USB port on the device there is useful information that can be gained. This talk is about using techniques to analyze USB stack interactions to provide information such as the OS running on the embedded device, the USB drivers installed and devices supported. The talk will also cover some of the more significant challenges faced by researchers attempting to exploit USB vulnerabilities using a Windows 8 USB bug recently discovered by the presenter (MS13-027) as an example.



Andy Davis is Research Director at NCC Group. He has worked in the Information Security industry for over 20 years, performing a range of security functions throughout his career. Prior to joining NCC Group, Andy held the positions of Head of Security Research at KPMG, UK and Chief Research Officer at IRM Plc. Before working in the private sector he worked for ten years performing various roles in Government. Recently, Andy has been leading security research projects into technologies such as embedded systems and hardware interface technologies and developing new techniques for software vulnerability discovery. Andy regularly presents at conferences such as: Black Hat, CanSecWest, Infiltrate and EUSecWest.



return to top

How to Disclose or Sell an Exploit Without Getting in Trouble

You have identified a vulnerability and may have developed an exploit. What should you do with it? You might consider going to the vendor, blogging about it, or selling it. There are risks in each of these options. This 20-minute session will cover the legal risks to security researchers involved in publishing or selling information that details the operation of hacks, exploits, vulnerabilities and other techniques. This session will provide practical advice on how to reduce the risk of being on the wrong end of civil and criminal legal action as a result of a publication or sale.



James Denaro (@CipherLaw) is the founder of CipherLaw, a Washington, D.C.-based consultancy and focuses his practice on the legal, technical, and ethical issues faced by innovators in information security. Jim is a frequent speaker and writer on the subject of intellectual property issues in information security and has experience in a wide range of technologies, including intrusion detection and prevention, botnet investigation, malware discovery and remediation, and cryptography.



Jim has completed professional coursework at MIT and Stanford in computer security and cryptography. He also holds technical certifications from the Cloud Security Alliance (CCSK) and Cisco Systems (CCENT), and has passed the CISSP examination (pending certification). Before becoming an attorney, Jim spent obscene amounts of time looking at PPC assembly in MacsBug



Jim is a registered patent attorney and is admitted to practice in the District of Columbia, California, Maryland, and Virginia. Jim has undergraduate degrees in computer engineering and philosophy and is currently pursuing graduate legal studies in national security at Georgetown. Jim was formerly with the international law firms of Morrison & Foerster and Perkins Coie before founding CipherLaw.



return to top

I Can Hear You Now: Traffic Interception and Remote Mobile Phone Cloning with a Compromised CDMA Femtocell

I have a box on my desk that your CDMA cell phone will automatically connect to while you send and receive phone calls, text messages, emails, and browse the Internet. I own this box. I watch all the traffic that crosses it and you don't even know you're connected to me. Welcome to the New World, where I, not them, own the towers. Oh, and thanks for giving me the box... for free.



This box is a femtocell, a low-power cellular base station given or sold to subscribers by mobile network operators. It works just like a small cell tower, using a home Internet connection to interface with the provider network. When in range, a mobile phone will connect to a femtocell as if it were a standard cell tower and send all its traffic through it without any indication to the user.



The state-of-the-art authentication protecting cell phone networks can be an imposing target. However, with the rising popularity of femtocells there is more than one way to attack a cellular network. Inside, they run Linux, and they can be hacked.



During this talk, we will demonstrate how we've used a femtocell for traffic interception of voice/SMS/data, active network attacks and explain how we were able to clone a mobile device without physical access.



Doug DePerry (@dugdep) is a Senior Security Consultant at iSEC Partners in New York City. In addition to his day-to-day consultant duties, Doug is also responsible for helping manage employee/new hire training as well as the summer intern program. At iSEC Doug has recently taken a deeper interest in iOS and crypto assessments as well as architecture reviews and embedded systems. He has also written a whitepaper on HTML5 titled, 'HTML5 Security:The Modern Web Browser Perspective'. Prior to joining iSEC, Doug worked for various defense contractors and the US Army.



Tom Ritter (@TomRitterVG) is a Senior Security Consultant at iSEC Partners, a frequenter of @nysecsec, and has far more ideas than time. He is interested in nearly all aspects of cryptography, privacy, anonymity, and pseudonymity; security; and traveling. He is located corporeally in New York City, virtually at http://ritter.vg, and meta- physically has been lost for quite some time.

return to top

Proliferation

Abstract Coming Soon.



Ambassador Joseph DeTrani was named President of the Intelligence and National Security Alliance (INSA) on February 5, 2013. As President, he will lead INSA as its Chief Executive Officer on a day-to-day basis.



Ambassador DeTrani has dedicated his professional career to public service with more than three decades of work for the U.S. government. Most recently, he served as the Senior Advisor to the Director of National Intelligence (DNI), and before that he served as the Director of the National Counter Proliferation Center (NCPC) and the National Intelligence Manager for Counter proliferation (CP). Ambassador DeTrani also served as the North Korea Mission Manager for the ODNI.



Prior to his work at the ODNI, Ambassador DeTrani served at the Department of State as the Special Envoy for the Six-Party Talks with North Korea, with the rank of Ambassador, and as the U.S. Representative to the Korea Energy Development Organization.



Before his service at the State Department, Ambassador DeTrani served at the Central Intelligence Agency (CIA) as Director for East Asia, Director for Europe, Director of Technical Services, Director of Public Affairs, Director of the Crime and Narcotics Center, and Executive Assistant to the Director of Central Intelligence.



Some of the awards Ambassador DeTrani received include: the Distinguished Career Intelligence Medal, the Distinguished Intelligence Medal, the National Intelligence Distinguished Service Medal, the Donovan Award and the Commandant’s Award. Ambassador DeTrani speaks Chinese and French, and received his bachelor’s degree from New York University (NYU) and attended the NYU School of Law and Graduate School of Business Administration.



return to top

Privacy In DSRC Connected Vehicles

To date, remote vehicle communications such as OnStar have provided little in the way of privacy. The planned DSRC system will become the first large-scale nationwide direct public participation network outside of the internet. Much information and misinformation has been spread on what the upcoming DSRC system is and can do, especially in the information security community. The recent field trial in the US of a connected vehicle infrastructure raises the level of concern amongst all who are aware of existing privacy issues.



In this talk I will examine the current system high level design for North American vehicles, as set by international standards and used in a recent road test in Ann Arbor, Michigan, USA. I will consider privacy concerns for each portion of the system, identifying how they may be addressed by current approaches or otherwise considered solutions. I conclude with a discussion of the strategic value in engaging the privacy community during development efforts and the potential community role in raising privacy as a competitive advantage.



Christie Dudley (@longobord) started her career with a BSEE with an emphasis in digital communications from the University of Kansas. A 15 year enterprise network engineer career, largely in finance and manufacturing followed. Starting with a study in anthropology she decided to change fields, eventually pursuing an old interest in communications security and privacy and a brief internship in hardware security. Seeking to combine her interests in technology and society she began pursuing the field from a new perspective, enrolling as JD candidate at Santa Clara Law. She now consults on privacy issues related to communications technology while completing her law degree. She has also cofounded Fork the Law, an effort to bridge the gap between technologists and legislation.

return to top

Pwn'ing You(r) Cyber Offenders

It is commonly believed that Offensive Defense is just a theory that is difficult to be used effectively in practice, but that is not entirely true...



During my talk along with a new service emulation technique, that will render standard port scanner results nearly useless and leave your attackers with an arduous analysis, I will focus on practical (automated) exploitation of a hackers' offensive toolbox. A few interesting attack vectors against software taken from the Internet will be presented.



It turns out you can get pwn'ed even through your Nmap scripts if you are not careful enough.



Piotr Duszynski (@drk1wi) is a Senior Security Consultant at Trustwave Spiderlabs. With more than 6 years of official experience in the security field, his main interest were always around breaking stuff and finding its true purpose. Currently he is mostly focused on web application security and security research. Apart from that he enjoys crazy road trips around the world, free diving and good music.

return to top

From Nukes to Cyber – Alternative Approaches for Proactive Defense and Mission Assurance

In typical military operations, the advantage goes to the offense because the initiator controls the timing and is able to concentrate forces. A good defense is designed to undermine the advantage of the offense. Proactive defense approaches include: masking (obfuscation), maneuvering, and hardening of critical capabilities. The other alternative, which is often characterized as resiliency or mission assurance, is to employ methods which deny the objectives of the offense. The expertise resident in the hacker community can improve both proactive defense and mission assurance.



Lt. Gen. Robert Elder (USAF, retired) joined the George Mason University faculty as a research professor with the Volgenau School of Engineering following his retirement from the Air Force as the Commander of 8th Air Force and U.S. Strategic Command’s Global Strike Component. He currently conducts research in the areas of integrated command and control, operational resiliency in degraded environments, strategic deterrence, and the use of modeling to support national security decision-making. He also serves as a senior advisor to the Cyber Innovation Center in Louisiana. General Elder was the first commander of Air Force Network Operations and led the development of the cyberspace mission for the Air Force. General Elder also served as Commandant of the Air War College, and holds a doctorate in engineering from the University of Detroit.



return to top

Noise Floor: Exploring the world of unintentional radio emissions

If it's electronic, it makes noise. Not necessarily noise that you and I can hear, of course – unless you know how to tune in. The air around us is filled with bloops, bleeps, and bzzts of machines going about their business, betraying their existence through walls or even from across the street. The unintentional noise lurking among intentional signals can even reveal what the machine is currently doing when it thinks it's keeping that information to itself. Attacks exploiting electromagnetic radiation, such as TEMPEST, have long been known, but government-sized budgets are no longer needed to procure the radio equipment. USB television receiver dongles can be used as software-defined radios (SDR) that cost less than a slice of Raspberry Pi. The goal of this talk is to show you that anyone with twenty bucks and some curiosity can learn a great deal about your computers and other equipment without ever leaving a trace, and you shouldn't neglect this risk when managing your organization's security.



Melissa Elliott (better known as 0xabad1dea) is a professional security bug finder who has seen unspeakable horrors in corporate codebases from around the world. Her very name causes systems to crash, especially ones that use jQuery. Her hobbies include programming the Nintendo Entertainment System, criticizing other people's C code, and an interest in radio emissions that resulted from a trip to the National Radio Astronomy Observatory in Green Bank, West Virginia.



return to top

Electromechanical PIN Cracking with Robotic Reconfigurable Button Basher (and C3BO)

Password and PIN systems are often encountered on mobile devices. A software approach to cracking these systems is often the simplest, but in some cases there may be no better option than to start pushing buttons. This talk will cover automated PIN cracking techniques using two new tools and discuss the practicality of these attacks against various PIN-secured systems.



Robotic Reconfigurable Button Basher (R2B2) is a ~$200 robot designed to manually brute force PINs or other passwords via manual entry. R2B2 can operate on touch screens or physical buttons. R2B2 can also handle more esoteric lockscreen types such as pattern tracing.



Capacitive Cartesian Coordinate Bruteforceing Overlay (C3BO) is a combination of electronics designed to electrically simulate touches on a capacitive touch screen device. C3BO has no moving parts and can work faster than R2B2 in some circumstances.



Both tools are built with open source software. Parts lists, detailed build instructions, and STL files for 3d printed parts will be available for download.



A lucky volunteer will get to have their PIN cracked live on stage!.



Justin Engler (@justinengler) is a Senior Security Engineer for iSEC Partners. Justin specializes in mobile and application security. Justin has previously spoken at DEF CON and BlackHat. Justin is not a roboticist, but will play one on DEF CON TV.



Paul Vines is a student at University of Washington and an iSEC Security Engineering Intern.



return to top

Google TV or: How I Learned to Stop Worrying and Exploit Secure Boot

Google TV is intended to bring the Android operating system out of the mobile environment and into consumers' living rooms. Unfortunately, content providers began to block streaming access to popular content from the Google TV platform which hindered its reach. Furthermore, the first generation of Google TV hardware used an Intel powered x86 chipset that fractured Google TV from that of the traditional ARM based Android ecosystem, preventing most Android applications with native code from functioning properly.



In our previous presentation at DEFCON 20, we discussed exploits found in the first generation of Google TV hardware and software. This presentation will be geared towards the newly released second generation of devices which includes models from a wider variety of OEM's such as Asus, Sony, LG, Vizio, Hisense, and Netgear.



Our demonstration will include newly discovered and undisclosed hardware exploits, software exploits, and manufacturer mistakes as well as discuss in detail how to exploit the new Secure Boot environment on the Marvell chipset.



In order to bypass Secure Boot on the Google TV we will release two separate exploits which will allow users to run an unsigned bootloader on Google TV devices. One of which affects specific configurations of the Linux kernel that can also be used for priviledge escalation against a multitude of other embedded devices.



Finally, after our talk make sure to stop by the Q&A room and ask us a question. We have a limited number of USB TTL adapters to give away for free to aid the community in bootloader and kernel development.



Amir Etemadieh (@Zenofex) founded the GTVHacker group and has been working on the GTVHacker project from its initial start in November 2010. Amir is on the research and development team at Accuvant LABS and prior to his employment conducted independent research in consumer devices including the Logitech Revue, Ooma Telo, Samsung Galaxy S2, Boxee Box as well as services such as the 4G Clear Network.



CJ Heres (@cj_000) is an IT consultant by day who enjoys breaking devices ranging from washing machines to Blu-Ray players. His philosophy is to use a simple approach for complex problems. CJ's recent work includes independent research on Hospira and Alaris IV infusion pumps, as well as consumer electronics such as the Roku, Google TV, Boxee Box, and Vizio Smart TV's.



Mike Baker (@gtvhacker) (aka [mbm]) is a firmware developer, better known as the Co-Founder behind OpenWrt. He hacks stuff.



Hans Nielsen (@n0nst1ck) is a security wizard at Matasano Security. When he isn't busy protecting your in-house and external applications from evil, he enjoys hacking apart consumer electronics and designing prototype boards. Hans is a tinkerer at heart with an ability to quickly reverse hardware and software through whatever means necessary.

return to top

gitDigger: Creating useful wordlists from public GitHub repositories

This presentation intends to cover the thought process and logistics behind building a better wordlist using github public repositories as its source. With an estimated 2,000,000 github projects to date, how would one store that amount of data? Would you even want or need to? After downloading approximately 500,000 repositories, storing 6TB on multiple usb drives; this will be a story of one computer, bandwidth, basic python and how a small idea quickly got out of hand.



Jaime Filson (WiK) ell, WiK's just zis guy. He enjoys long walks on the beach while his computer equipment is busy fuzzing software, cracking passwords, or spidering the internet.

Rob Fuller (Mubix) is a Senior Red Teamer. His professional experience start from his time on active duty as United States Marine. He has worked with devices and software that run gambit in the security realm. He has a few certifications that haven't expired yet, but the titles that he holds above the rest is father, husband, and United States Marine.



return to top

10000 Yen into the Sea

The use of a pressure housing in an underwater vehicle can be difficult to implement without becoming a cost-center. Flipper will walk the audience through a new design for an Autonomous Underwater Glider which challenges assumptions about what is required or necessary to deploy sensors, transmitters, and payloads across long distances in the ocean. The speaker assumes no priory knowledge of subject matter & hopes the audience can help him to find new applications for this Open Source Hardware project.



Flipper (@NickFLipper) is a hardware hacker obsessed with lowering the cost of underwater robots. Flipper spent 2 years as a member of his College's ROV team practicing waterproofing of CoTs components such as cameras, IMUs, and motors. These experiences inspired him to form the "Mesa College" team that participated in the 2011 & '12 AUVSI Robosub competition. During the first year of competition, the Mesa team took home a judges award for 'Innovation on a Budget'. Since that time Flipper has been employed by an EV manufacturer working to reduce the cost of high efficiency electric vehicles.



return to top

Defeating SEAndroid

Security Enhancements for Android (SEAndroid) enables the use of SELinux in Android in order to limit the damage that can be done by malicious apps, trying to make exploitation harder. Some OEMs are trying hard to implement extra mitigations in their devices, especially those aiming to reach the enterprise market. We will present some issues that are found in devices currently implementing SEAndroid, and demonstrate how vendors FAIL in properly implementing SEAndroid protection.



Pau Oliva (@pof) is a Mobile Security Engineer with viaForensics. He has previously worked as R+D Engineer in a Wireless Provider. His passion for smartphones started back in 2004 when he had his first PocketPC phone with the Windows Mobile operating system and started reverse engineering and hacking HTC devices. He has been actively researching security aspects on the Android operating system since its debut with the T-Mobile G1 on October 2008. Pau is co-author of Wiley's Android Hacker's Handbook.

return to top

The Politics of Privacy and Technology: Fighting an Uphill Battle

In the past few decades the world has been dramatically transformed by technology. People have significantly evolved in how they interact with each other and the world; a side effect of this evolution is the drastic change in personal privacy. Private citizens, corporations, and governments all have different ideas on what privacy means and what information should be respected as private. Typically citizens don't realize their expectations of privacy are falsely held, or more accurately that they have very little privacy left. Regarding privacy, decades have gone by without any action to protect an individual's privacy against entities buying, selling, storing, and using your private data. Policy can take years to enact, and the minimal legislative action happening leans toward protecting special interest groups who have great political sway.



Action needs to be taken. Policy needs to be created allowing businesses to operate while allowing individuals to keep their information private. In the 2013 Montana Legislative Session Daniel Zolnikov, with the support of Eric Fulton, worked to introduce comprehensive legislation to protect the privacy of the citizens of Montana. Daniel Zolnikov and Eric Fulton will talk about the ideas behind the bill, the process of drafting and introducing legislation, presenting the bill before committee and the public testimony process, and the politics of why the bill ultimately died. The speakers will end the talk with lessons learned and thoughts on how to effectively pass future privacy legislation.



Eric Fulton (@Trisk3t) is a specialist in information security research and network penetration testing who regularly speaks on his research and work. In his spare time, Eric works with local students to provide hands-on security training, conducts independent security research on interesting projects, and occasionally works on legislation affecting privacy and techn