News / def con
Link to register for our hands-on workshops: https://www.eventbrite.com/e/packet-hacking-village-hands-on-workshops-2018-tickets-47710826366
There will be three waves of registration:
- Wave 1: 18:18 PST on Wednesday, July 18th
- Wave 2: 08:00 AM PDT / 4 PM UK time on Wednesday, July 25th
- Wave 3: 18:01:08 PDT on Wednesday, August 1st
- 11:00 - 12:30: Reverse Engineering Malware 101 by Malware Unicorn
- 13:00 - 15:00: Advanced APT Hunting with Splunk by Ryan Kovar and John Stoner
- 15:30 - 17:00: Finding and Attacking Undocumented APIs with Python by Ryan Mitchell
- 17:30 - 19:00: Serious Intro to Python for Admins by Davin Potts
- 09:30 - 13:30: Kali Dojo Workshop by Johnny Long
- 14:00 - 16:00: Intense Introduction to Modern Web Application Hacking by Omar Santos and Ron Taylor
- 16:30 - 18:00: Mallet, An Intercepting Proxy for Arbitrary Protocols by Rogan Dawes
- 11:00 - 13:00: Advanced APT Hunting with Splunk by Ryan Kovar and John Stoner
Advanced APT Hunting with Splunk
You wanna learn how to hunt the APTs? This is the workshop for you. Using a real-worldish dataset, this workshop will teach you how to hunt the "fictional" APT group Taedonggang. We discuss the Diamond model, hypothesis building, LM Kill Chain, and Mitre Att&ck framework and how these concepts can frame your hunting. Then we look deep in the data using Splunk and OSINT to find the APT activity riddling a small startup's network. We walk you through detecting lateral movement, the P of APT, and even PowerShell Empire. Then at the end, we give you a similar dataset and tools to take home and try newly learned techniques yourself.
Ryan Kovar fought in the cyberwars and has been doing cybery things for almost 20 years. Now he is a Principal Security Strategist at Splunk building cool stuff, talking about security thingies, and helping other people fight their battles. He hates printers.
John Stoner is a Principal Security Strategist at Splunk. During his career he has worked in operations, consulting and solutions engineering. In his current role, he leverages his many years of experience in log management, SIEM, security operations and threat intelligence to provide solutions that drive greater situational awareness for organizations.
Reverse Engineering Malware 101
This workshop provides the fundamentals of reversing engineering (RE) Windows malware using a hands-on experience with RE tools and techniques. Attendees will be introduced to RE terms and processes, followed by basic x86 assembly, and reviewing RE tools and malware techniques. It will conclude by attendees performing a hands-on malware analysis that consists of Triage, Static, and Dynamic analysis. Prerequisites: Basic understanding of programming C/C++, Python, or Java . Provided: A virtual machine and tools will be provided. Features: 5 Sections in 1.5 hours:
- ~15 min Fundamentals
- ~15 min Tools/Techniques
- ~30 min Triage Static Analysis + Lab
- ~30 min Dynamic Analysis + Lab
Amanda (Twitter: @malwareunicorn) absolutely loves malware. She works as a Senior Malware Researcher at Endgame who focuses on threat research focusing in dynamic behavior detection both on Windows and OSX platforms.
Serious Intro to Python for Admins
Intended for an audience of IT managers and admins who are either responsible for systems with deployed Python apps and/or interested in the security implications of developing their own tools/scripts/apps in Python. This will be a hands-on exercise from start to finish designed to leave you with a sense of the mentality of Python and an ability to quickly look up what you need when expanding your knowledge of Python in the future. Prior programming experience not required. However it would be helpful if you've seen lots of Monty Python skits before.
Davin Potts is a Python Core Developer and lead dev for the multiprocessing module in the Python standard library. For a day job, Davin is a scientific software consultant working primarily on data science projects. Also refer to https://www.crunchbase.com/person/davin-potts.
Mallet, an intercepting proxy for arbitrary protocols
Mallet is an intercepting proxy for arbitrary protocols. More accurately, it is a framework for building proxies for arbitrary protocols. Mallet provides the basics required of all proxies: A way to receive the data, a way to send the data, and a user interface to intercept and edit the data. It builds on the Netty project, and as such has access to a large, well-tested suite of protocol implementations that can be used to transform a stream of bytes into useful, high-level protocol objects.
This workshop will introduce attendees to Mallet, and show how to construct pipelines of arbitrary complexity, to successfully decode and intercept messages in various protocols, as well as automating modifications of the various messages.
A basic familiarity with Java will enhance the delegate's understanding of what they are taught, but is not a requirement.
Rogan Dawes is a senior researcher at SensePost and has been hacking since 1998, which, coincidentally, is also the time he settled on a final wardrobe. He used the time he saved on choosing outfits to live up to his colleague's frequent joke that he has an offline copy of the Internet in his head. Rogan spent many years building web application assessment tools, and is credited as having built one of the first and most widely used intercepting proxies, WebScarab.
Kali Dojo Workshop
Kali Linux can be deeply and uniquely customized to specific needs and tasks. In this workshop, we will customize Kali Linux into a very specific offensive tool, and walk you through the process of customization step by step. We will create a custom Kali ISO that will: load very specific toolsets; define a custom desktop environment and wallpaper; leverage customized features and functions; launch custom tools and scripts; install Kali automatically, without user intervention as a custom "OS backdoor". This workshop will guide you through all the aspects of Kali customization and give you the skills to create your own highly-customized Kali ISO, like the much feared Kali "ISO of Doom".
Kali Live USB With Persistence And LUKS (2.5hrs)
In this section we will show you how to deploy your customized Kali ISO to a secure, encrypted, USB device. ➤ We will show you how to add standard and encrypted USB persistence so you can save your data and we will walk you through a custom LUKS "nuke" deployment that will obliterate your encrypted data when presented with a specific kill phrase. We will also will discuss strategies to help you safely and legally cross international borders with your encrypted data without compromising it. When you complete this course, you will have the skills to create a completely customized, powerful, portable Kali ISO or USB with full encryption, persistence and the peace of mind of LUKS nuke. And, to sweeten the deal, we will provide super-cool custom Kali-branded USB drives.
Johnny Long spent his career as a professional hacker. He is the author of numerous security books including No-Tech Hacking and Google Hacking for Penetration Testers and is a contributor to Kali Linux Revealed. He is the founder of Hackers for Charity and currently works with the Offensive Security team.
Intense Introduction to Modern Web Application Hacking
This course starts with an introduction to modern web applications and immediately starts diving directly into the mapping and discovery phase of testing. In this course, you will learn new methodologies used and adopted by many penetration testers and ethical hackers. This is a hands-on training where will use various open source tools and learn how to exploit SQL injection, command injection, cross-site scripting (XSS), XML External Entity (XXE), and cross-site request forgery (CSRF). We will wrap up our two hour fast-paced course by unleashing students on a vulnerable web application with their newly found skills.
Omar Santos (Twitter: @santosomar) is a Principal Engineer in the Cisco Product Security Incident Response Team (PSIRT) within Cisco's Security Research and Operations. He mentors and leads engineers and incident managers during the investigation and resolution of security vulnerabilities in all Cisco products, including cloud services. Omar has been working with information technology and cyber security since the mid-1990s. Omar has designed, implemented, and supported numerous secure networks for Fortune 100 and 500 companies and the U.S. government. Prior to his current role, he was a Technical Leader within the World Wide Security Practice and the Cisco Technical Assistance Center (TAC), where he taught, led, and mentored many engineers within both organizations.
Ron Taylor (Twitter: @Gu5G0rman) has been in the Information Security field for almost 20 years. Ten of those years were spent in consulting. In 2008, he joined the Cisco Global Certification Team as an SME in Information Assurance. In 2012, he moved into a position with the Security Research & Operations group, where his focus was mostly on penetration testing of Cisco products and services. He was also involved in developing and presenting security training to internal development and test teams globally. Additionally, he provided consulting support to many product teams as an SME on product security testing. He then spent some time as a Consulting Systems Engineer specializing in Cisco's security product line. His current role is working within the Cisco Product Security Incident Response Team (PSIRT). He has held a number of industry certifications including GPEN, GWEB, GCIA, GCIH, GWAPT, RHCE, CCSP, CCNA, CISSP, and MCSE. Ron is also a Cisco Security Blackbelt, SANS mentor, Cofounder and President of the Raleigh BSides Security Conference, and an active member of the Packet Hacking Village team at DEF CON.
Finding and Attacking Undocumented APIs with Python
Write Python web bots using Selenium and BrowserMob Proxy to crawl the Internet looking for non-public APIs. We will look at several ways to identify vulnerabilities in discovered APIs as a means for penetration testing and large scale data gathering. Participants should have some Python experience, as well as a familiarity with HTTP requests.
Ryan Mitchell is a senior software engineer at HedgeServ in Boston, where she develops APIs and data analytics tools for hedge fund managers. She is a graduate of Olin College of Engineering and Harvard University Extension School with a master's in software engineering and certificate in data science. Since 2012 she has regularly consulted, lectured, and run workshops around the country on the topics of web scraping, Python automation tools, and data science.
Car Infotainment Hacking Methodology and Attack Surface Scenarios
Jay Turla, Application Security Engineer at Bugcrowd
The battle for supremacy for the control of the dashboard display or infotainment systems has always been a race. Most of these systems run on Linux, Android, Windows (customized dashboards - perhaps Windows ME or CE) and Blackberry's QNX. In-Vehicle Infotainment (IVI) or In-car entertainment (ICE) Systems are indeed fun consoles where you can play media, movies, or work with your car's navigational system. But somehow it also comes with a risk of being hacked or attacked because they have also been plagued with vulnerabilities. In this talk, join Jay as he presents his own Car Hacker's Methodology in finding security bugs in order to pwn a car's infotainment system without having to do a drive by wire or CANbus hacking tools but will simply point out the common attack surfaces e.g WiFi, Bluetooth, USB Ports, etc. and some scenarios on how to exploit it just like how he popped a shell or issue an arbitrary command in his car which he tweeted in Twitter before.
Jay Turla (Twitter: @shipcod3) is an application security engineer at Bugcrowd Inc., and one of the goons of ROOTCON. He has been acknowledged and rewarded by Facebook, Adobe, Yahoo, Microsoft, Mozilla, etc. for his responsible disclosures. He has also contributed auxiliary and exploit modules to the Metasploit Framework and presented at ROOTCON, Nullcon, and TCON. He used to work for HP Fortify where he performs Vulnerability Assessment, Remediation and Advance Testing.
IoT Data Exfiltration
Mike Raggo, CSO of 802 Secure, Inc.
Chet Hosmer, Owner of Python Forensics
IoT offers new protocols and frequencies over which communication travels. Due to lack of familiarity amongst most enterprises, most organizations are ill-equipped to monitor or detect these mysterious channels. This introduces a plethora of covert channels by which data could be exfiltrated, or malware to be infiltrated into the network. In this session we explore this new frontier by focusing on new methods of IoT protocol exploitation by revealing research conducted over the last 2 years. Detailed examples will be provided, as well as demo of a python tool for exploiting unused portions of protocol fields. From our research, we'll also reveal new methods of detecting aberrant behavior emanating to/from these devices gathered from our lab and real world testing.
Mike Raggo (Twitter: @DataHiding) is Chief Security Officer at 802 Secure and has over 20 years of security research experience. His current focus is wireless IoT threats impacting the enterprise. Michael is the author of "Mobile Data Loss: Threats & Countermeasures" and "Data Hiding" for Syngress Books, and contributing author for "Information Security the Complete Reference 2nd Edition". A former security trainer, Michael has briefed international defense agencies including the FBI and Pentagon, and is a frequent presenter at security conferences, including Black Hat, DEF CON, Gartner, DoD Cyber Crime, OWASP, HackCon, and SANS.
Chet Hosmer is an international author, educator & researcher, and founder of Python Forensics, Inc., a non-profit research institute focused on the collaborative development of open source investigative technologies using the Python programming language. Chet is also a Visiting Professor at Utica College in the Cybersecurity Graduate Program, where his research and teaching is focused on data hiding, active cyber defense and security of industrial control systems. Additionally, Chet is an Adjunct Professor at Champlain College in the Digital Forensics Graduate Program, where his research and teaching is focused on solving hard digital investigation problems using the Python programming language.
An OSINT Approach to Third Party Cloud Service Provider Evaluation
Lokesh Pidawekar, Senior Cloud and Application Security Engineer at Cisco
In the era of third party cloud service providers where enterprise critical data is hosted and shared with various vendors, third party security reviews have become essential part of Information Security. It has become a challenge for security teams to ensure parity is maintained between security controls that are available on premise, to those offered by the cloud provider. Typically, companies send a word document or excel sheet to get answers from cloud providers, however, this process is done only once and the review is point in time. In this talk, the attendees will learn about various methods of identifying security posture of the third-party cloud service using information available on Internet, how to use this information for performing cloud service review and improve their own cloud offerings. This can also supplement the tedious questionnaire process and provide an option to fast track the vendor reviews.
Lokesh Pidawekar (Twitter: @MaverickRocky02) work as Senior Cloud and Application Security Engineer in Cisco InfoSec team where he is responsible for designing secure architecture for applications, evaluating third party cloud service providers, and providing training to enterprise architects. He has Master's in Information Assurance & Cyber Security from Northeastern University, Boston. Previously, he has spoken at BSides Las Vegas, DEFCON Packet Hacking Village talks, OWASP Boston chapter and CarolinaCon. He likes to read about application vulnerabilities in free time and has reported security bugs to vendors as part of their bug bounty program.
Protecting Crypto Exchanges from a New Wave of Man-in-the-Browser Attacks
Pedro Fortuna, CTO and Co-Founder of Jscrambler
In the last year or so, we have seen a massive increase in the value of cryptocurrencies and the emergence of hundreds of new coins and ICOs, getting millions of people into an investment frenzy. A lot of them being non-technical regular consumers that rushed to create new accounts in the most popular crypto exchanges like Coinbase or Bitstamp. Crypto exchanges are naturally appealing for attackers and have been targeted since as long as we can remember. However, since last year, they are also being targeted by Man-in-the-Browser (MITB) attacks. Malware families such as Zeus Panda, Ramnit and Trickbot are already aiming at websites such as Coinbase.com or Blockchain.info. In this talk, we will detail how these attacks work, from account takeover to moving out the coins to attacker-controlled wallets. We’ll discuss current defenses e.g. multi-factor authentication or strong SSL encryption and why they are failing to mitigate this type of attacks.
Pedro Fortuna (Twitter: @pedrofortuna) is CTO and Co-Founder of Jscrambler where he leads the technical vision for the product suite and contributes with his cybersecurity knowledge for R&D. Pedro holds a degree in Computing Engineering and a MSc in Computer Networks and Services, having more than a decade of experience researching and working in the application security area. He is a regular speaker at OWASP AppSec events and other cybersecurity conferences but also contributes to web development events. His research interests lie in the fields of Application Security, Reverse Engineering and Malware and Software Engineering. Author of several patents in application security.
The Wall of Sheep would like to announce a call for presentations at DEF CON 26 at the Caesars Palace in Las Vegas, NV from Thursday, August 9th to Sunday, August 12th. Speaker Workshops has been renamed Packet Hacking Village Talks as we now offer hands-on workshops. Packet Hacking Village Talks goal is to deliver talks that increase security awareness and provide skills that can be immediately applied after the conference. Our audience ranges from those who are new to security to the most seasoned practitioners in the security industry. Introductory talks are welcome.
Topics of interest include:
- Tools on network sniffing, intrusion detection, monitoring, forensics
- How to find and evict people harvesting cryptocurrency on your devices
- How to do refresh your PC without losing all your stuff and eliminate the malware
- Incident response recovery
- Justifying hacking / security tools in the corporate world
- Finding rootkits and malware
- General Digital Forensics and Incident Response (DFIR) talks
- How to use regulatory compliance requirements in your favor to enhance your overall funding and security posture
- Security awareness program success and failure stories
- Enterprise defense using open source tools (e.g., Yara, Cuckoo Sandbox)
- Tool / task automation and optimization
- New and innovative ways of using old tools
- Incident response process and procedures
- Tools for data collection and visualization
- Purple teaming
The Wall of Sheep will not accept product or vendor related pitches. If your talk is a thinly-veiled advertisement for a product or service your company is offering, please do not apply!
All accepted talks will be announced, recorded, and published by Aries Security, LLC. and DEF CON Communications, Inc. Please see our YouTube channel for all talks from previous years: https://www.youtube.com/channel/UCnL9S5Wv_dNvO381slSA06w.
The Call for Presentations will close on Friday, June 15th at 11:59 PM. The list of talks will be finalized and published on Saturday, June 30th.
Each presentation slot is 1 hour maximum, including time for Q&A. If we have time and it is in line with our goals mentioned above, then there is a good chance you will be selected.
To submit a presentation, please provide the following information in the form below to cfp2018[at]wallofsheep[dot]com
Primary Speaker Name:
Primary Speaker Title and Company (if applicable):
Primary Speaker Email Address:
Primary Speaker Phone Number (to contact you if necessary during the conference):
Primary Speaker Twitter name (if you want it known if you are accepted):
Primary Speaker Facebook page (if you want it known if you are accepted):
Additional Speakers' name(s), titles, and social information:
Additional Email Addresses:
Is there a specific day or time you MUST speak by?
Name of Presentation:
Length of presentation:
(20 minutes or 50 minutes)
Your abstract will be used for the website and printed materials. Summarize what your presentation will cover. Attendees will read this to get an idea of what they should know before your presentation, and what they will learn after. Use this to inform about how technical your talk is. This abstract is the primary way people will be drawn to your session. CFP reviews like to see what tools will be used and what materials you suggest to read in advance to get the most out of your presentation.
Equipment Needs & Special Requests:
The Wall of Sheep will provide 1 projector feed, and microphones. If you need to use multiple outputs for a demo, please mention this below.
This text will be used for the website and printed materials and should be written in the third person. Cover any professional history that is relevant to the presentation, including past jobs, tools that you have written, etc. Let people know who you are and why you are qualified to speak on your topic. Presentations that are submitted without biographies will not be considered.
You must provide a detailed outline containing the main points and navigation through your talk. Show how you intend to begin, where you intend to lead the audience and how you plan to get there. The outline may be provided in a separate attachment and may be as simple as a text file or as detailed as a "bare bones" presentation. The better your outline then the better we are able to best review your presentation against other submissions (and the higher chance you have of being accepted). SUBMISSION NOTE: Presentations that are submitted without abstracts, outlines, or speaker bios (e.g., that have only PDFs, PPTs, or white papers attached or only point to a URL) will not be considered.
Additional supporting materials such as code, white papers, proof of concept, etc. should be sent along with this email to cfp2018[at]wallofsheep[dot]com. Note that additional files that may help in the selection process should be included. We are not asking for a complete presentation for this initial submission. That will only be required if you are selected for presenting.
Terms and Conditions
By submitting you agree to the Terms and Conditions below. Please read and accept these terms by inserting your name in the appropriate area, otherwise your application will be considered incomplete and returned to you.
Grant of Copyright Use
I warrant that the above work has not been previously published elsewhere, or if it has, that I have obtained permission for its publication by DEF CON Communications, Inc. and Aries Security, LLC. and that I will promptly supply DEF CON Communications, Inc. and Aries Security, LLC. with wording for crediting the original publication and copyright owner. If I am selected for presentation, I hereby give DEF CON Communications, Inc. and Aries Security, LLC. permission to duplicate, record and redistribute this presentation, which includes, but is not limited to, the conference proceedings, conference CD, video, audio, and hand-outs to the conference attendees for educational, on-line, and all other purposes.
Terms of Speaking Requirements
1. I will submit a completed (and possibly updated) presentation and a reference to all of the tool(s), law(s), Web sites and/or publications referenced to at the end of my talk and as described in this CFP submission by noon PST, June 30th, 2018.
2. I will submit a final Abstract and Biography to the Wall of Sheep by noon PST, June 30th, 2018.
3. I will include a detailed bibliography as either a separate document or included within the presentation of all resources cited and/or used in my presentation.
4. I will complete my presentation within the time allocated to me - not running over the time allocation.
5. I understand that the Wall of Sheep will provide 1 LCD projector feed, 2 screens, and microphones. I understand that I am responsible for providing all other necessary equipment, including laptops and machines (with VGA output), to complete my presentation.
6. I understand that I will be responsible for my own hotel and travel expenses, and admissions to the DEF CON Conference.
Yes, I, (insert primary speaker name), have read and agree to the Grant of Copyright Use.
I, (insert your name here), have read and understand and agree to the terms as detailed in the Agreement to Terms of Speaking Requirements.
In the case that a speaker is a child under the age of 13 years old: in compliance with the Children's Online Privacy Protection Act (COPPA) regulations, http://www.coppa.org, any child under age 13 must have parental consent for the collection, use, or disclosure of that child's personal information by a website. Parent/Guardian Consent: I (insert parent/guardian's name here) am the parent or guardian of the minor/s named above. I have read and understand and agree to the terms as detailed in the Agreement to Terms of Speaking Requirements.
Good morning and welcome to the Packet Hacking Village at DEF CON 25 in Las Vegas, Nevada! We cannot thank you enough for your support and for your continuing support for all these years. The Wall of Sheepʼs mission is and has always been security awareness. This year, the Packet Hacking Village have a number of events and learning opportunities including the venerable Packet Detective and Capture The Packets. We have a fantastic slate of DJs to entertain and keep this village lively. Sheep City and Honeypots have returned this year. We are also excited for something new this year: hands-on workshops as there is a tremendous demand for training and continuing education in this cyber security. We hope that you will take advantage of the many opportunities here at the Packet Hacking Village and ultimately at DEF CON to learn, to collaborate, and to be inspired.
And of course, here we are at the Speaker Workshops. This is a special year: this is the fifth anniversary of the Speaker Workshops at the Packet Hacking Village. We are going to kick it off right-off-the-bat with a very special keynote. Dan Geer said in his keynote at Black Hat 2014: "cyber security is now a riveting concern, a top issue in many venues more important than this one." Or as Matt Blaze said bluntly at The Eleventh HOPE: "we are in a national cybersecurity crisis." So what does this have to do with our keynote? There are many people now starting to study or entering the field of cyber security which is very welcoming to see. However, the body of knowledge is now too deep and intimidating to grasp and history is easily forgotten. So how did we get into the mess we are in now? In May of 1998, a group of hackers testified in front of a panel of US Senators. The hacker group was L0pht. One of the members of L0pht who testified was Weld Pond, Chris Wysopal. L0pht warned that the Internet, software, and hardware are not safe and security is an afterthought. Their warning was a disaster foretold and tragically ignored (please read the stellar Washington Post article "A Disaster Foretold --And Ignored"). Their warning and efforts also paved way for many of our careers and lifestyles in this field, and why most of us are here today at DEF CON. It is my fantastic honor to introduce you all to Chris Wysopal.
For nearly 20 years we have been sniffing traffic at conferences using 10/100 Ethernet HUBs. Although using a HUB is one of the easiest fastest setups you can do, this method has slowly become obsolete.
While 10/100MB shared was great back in the day, it’s considered extremely slow by today’s standards.
Frankly, as our fleet of HUBS started aging, we started experiencing more and more failures (port outages, loud/dead fans, more than normal slowness, etc.) Trying to replace the hubs was getting harder and harder and fleet age wasn’t the only problem we were experiencing. People would spew traffic back into the HUB tainting the data everyone was trying to capture. And… depending on the venue no names (DEF CON), we would have people intentionally saturate the HUB or attack others on the HUB intended for network forensics.
We knew we had to do something, the ideal alternative to using network HUBS is using a network TAP. This would also solve all the other issues mentioned above with just one catch. High port count Gigabit Network TAP technologies are freaking expensive!!! We didn't have 15-20 thousand dollars per device laying around.
So we looked into seeing if one of the manufactures would give us a discount or possibly sponsor our projects. When this didn’t pan out, we had this crazy idea…
Was it was possible to make our own?
Well, the answer is YES! We are proud to announce after several years of development and testing, we have released our first 48 Port high speed network device intended for network forensics that won’t require a luxury car loan to buy.
While it sounds insane, we are releasing the CTP410052T for the low cost of $2500.00 so labs everywhere can finally actually afford to upgrade!
If you’re interested and didn’t get a chance to swing by the Packet Hacking Village at DEF CON this year to see one in action check it out here:
Several amazing workshops also added:
- How Machine Learning Finds Malware Needles in an AppStore Haystack by Theodora Titonis
- Sniffing Scada by Karl Koscher
There will also be a very special workshop from 3 - 4 PM on Saturday, August 8th.
For complete schedule, abstracts and bios, see http://www.wallofsheep.com/pages/speaker-workshops-at-def-con-23
- Creating REAL Threat Intelligence With Evernote by Salvador Grec
- Fishing To Phishing: It's All About Slimy Creatures by Wayne Crowder
- From XSS to Root on Your NAS by Tony Martin
- Haking the Next Generation by David Schwartzberg
- Mobile Data Loss - Threats & Countermeasures by Mike Raggo
- Remaining Covert in an Overt World by Mike Raggo
- Violating Web Services by Ron Taylor
For abstract and bios, see http://www.wallofsheep.com/pages/speaker-workshops-at-def-con-23
- Is Your Android App Secure? by Sam Bowne
- The Packets Made Me Do It: Getting Started with Distributed Full Packet Capture Using OpenFPC by Leon Ward
For abstract and bios, see http://www.wallofsheep.com/pages/speaker-workshops-at-def-con-23
- 802.11 Monitoring with PCAP2XML/SQLITE by Vivek Ramachandran
- The Digital Cockroach Bait Station: How to Build Spam Honeypots by Robert Simmons
- dnstap - A Standard Interface to Real Time DNS Transaction Flows by Paul Vixie
- Global Honeypot Trends by Elliot Brink
- Hacker's Practice Ground by Lokesh Pidawekar
- I See You by Brian Wohlwinder and Andrew Beard
- MITM 101: Easy Traffic Interception Techniques Using Scapy by Bob Simpson
- PowerShell for Penetration Testers by Nikhil Mittal
For abstract and bios, see http://www.wallofsheep.com/pages/speaker-workshops-at-def-con-23