News / workshops
Packet Hacking Village Workshop Tickets at DEF CON 29 Still Available
Regular tickets: $30
Student/military: $10
Non-interactive: $20
To purchase tickets, go to https://www.eventbrite.com/e/packet-hacking-village-virtual-workshops-at-dc-29-ticket-sales-registration-164777220101
Packet Hacking Village Workshops at DEF CON 29 Announced
Schedules of workshops, talks, and events at the Packet Hacking Village are available at https://www.wallofsheep.com/pages/dc29.
Workshops Schedule
Friday, August 6, 2021 (all times PDT [GMT-7]) | |
---|---|
09:00 - 11:00 |
Web App Penetration Testing Workshop Dr. Sunny Wear |
12:00 - 14:00 |
Hunting Evil with Wireshark Michael Wylie |
Saturday, August 7, 2021 | |
09:00 - 11:00 |
APT Hunting with Splunk John Stoner |
12:00 - 14:00 |
Security Investigations with Splunk Robert Wagner |
Sunday, August 8, 2021 | |
09:00 - 11:00 |
Intrusion Analysis and Threat Hunting with Suricata Josh Stroschein, Peter Manev |
12:00 - 14:00 |
Hands-On TCP Deep Dive with Wireshark Chris Greer |
Workshops Abstracts and Bios
Web App Penetration Testing Workshop
Dr. Sunny Wear, Web Security Architect and Penetration Tester
Gain hands-on experience learning how to perform web application penetration testing in this two-hour workshop with the author of the Burp Suite Cookbook, Dr. Sunny Wear. Students will learn Injections attacks such as Cross-site Scripting and SQL Injection attacks, brute-forcing tactics, and optimization techniques for Burp Suite including configurations and macros.
Dr. Sunny Wear (Twitter: @SunnyWear) is a Web Security Architect and Penetration Tester. She provides secure coding classes, creates software, and performs penetration testing against web/API and mobile applications. Sunny has more than 25 years of hands-on software programming, architecture and security experience and holds a Doctor of Science in Cybersecurity. She is a published author, "Burp Suite Cookbook", a developer of mobile apps, such as the “Burp Tool Buddy,” and is a Pluralsight content creator, "Burp Suite for Beginners/Advanced/Writing Plugins". She regularly speaks and holds classes at security conferences such as Defcon, Hackfest, and BSides.
Hunting Evil with Wireshark
Michael Wylie, MBA, CISSP, Sr. Manager, Threat Hunting
This workshop will take attendees’ Wireshark skills to the next level with a heavy emphasis on incident response, threat hunting, and identifying anomalous network traffic. This workshop will begin with a brief introduction to Wireshark and other Network Security Monitoring (NSM) tools/concepts. Throughout the workshop, we’ll examine what different attacks and malware look like while using Wireshark. Attendees will then have hands-on time in the lab to search for Indicators of Compromise (IOCs) and TTPs utilizing staged packet capture files. Labs start out easy and quickly progress in difficulty. There will be plenty of take-home labs for additional practice.
Michael Wylie, MBA, CISSP (Twitter: @TheMikeWylie) is the Sr. Manager of a threat hunting team. In his role, Michael is responsible for managing a global team of analysts hunting for hands-on keyboards activity within customer environments. Michael has developed and taught numerous courses for the U.S. Department of Defense, DEFCON, Universities, and for clients around the world. Michael is the winner of numerous SANS challenge coins and holds the following credentials: CISSP, CCNA R&S, CCNA CyberOps, GMON, GPEN, GCFE, TPN, CEH, CEI, VCP-DCV, CHPA, PenTest+, Project+, and more.
APT Hunting with Splunk
John Stoner, Principal Security Strategist at Splunk
Interested in practicing your hunting skills? If so, this is the workshop for you. Using a real-worldish dataset, this workshop will teach you how to hunt the “fictional” APT group Violent Memmes. We discuss the Diamond model, building hypotheses, LM Kill Chain, and MITRE ATT&CK and how these concepts can frame your hunting. Using Splunk, we will hunt for APT activity riddling a small startup's environment. During the event, we will be presented with a "notable event" and pull on that string to conduct our own hunts based on indicators that we uncover or are identified. Depending on the hunt, we will uncover persistence, exfiltration, c2 and other adversary tactics. We may even find some PowerShell scripts. We will regroup and review the specific hunt conducted and discuss the timeline of events, a narrative that could be shared with others on your team, the artifacts that were uncovered to better identify potential future hunts, ATT&CK techniques referenced as well as what could be operationalized. At the end, we will highlight some additional datasets and content that you can take with you and try newly learned techniques yourself.
John Stoner (Twitter: @stonerpsu) is a Principal Security Strategist at Splunk where he enjoys writing, problem solving and building stuff, including APT Scenarios. When not doing cyber things, you can find him watching his boys play hockey, reading or binge-watching TV series that everyone else has already seen.
Security Investigations with Splunk
Robert Wagner, Splunk and Co-Founder of Hak4Kidz
Investigating with Splunk is a hands-on workshop designed to familiarize participants with how to investigate incidents using Splunk and open source. This workshop provides users a way to gain experience searching in Splunk to answer specific questions related to an investigation. These questions are similar to what would be asked in their own organizations. The workshop leverages the popular Boss of the SOC (BOTS) dataset in a question-and-answer format. Users will leave with a better understanding of how Splunk can be used to investigate in their enterprise. The class includes access to download the free “Investigating with Splunk” app that can be used to review the exercises after the class.
Robert Wagner (Twitter: @mr_minion) is a security professional with 15+ years of InfoSec experience. He is a co-founder of the “Hak4Kidz” charity, a co-organizer of BurbSec and BurbSecCon in Chicago, and is on the Board of Directors of the ISSA Chicago Chapter.
Intrusion Analysis and Threat Hunting with Suricata
Josh Stroschein, Director of IT Training at Open Information Security Foundation (OISF)
Peter Manev, CSO of Stamus Networks
In today’s threat landscape, sophisticated adversaries have routinely demonstrated the ability to compromise enterprise networks and remain hidden for extended periods of time. In Intrusion Analysis and Threat Hunting with open-source Tools, you will learn how to dig deep into network traffic to identify key evidence that a compromise has occurred, learn how to deal with new forms of attack, and develop the skills necessary to proactively search for evidence of new breaches. We will explore key phases of adversary tactics and techniques - from delivery mechanisms to post-infection traffic to get hands-on analysis experience. Open-source tools such as Suricata and Moloch will be utilized to generate data, perform exhaustive traffic analysis, and develop comprehensive threat hunting strategies. By the end of this workshop, you will have the knowledge and skills necessary to discover new threats in your network.
Josh Stroschein (Twitter: @jstrosch) is an experienced malware analyst and reverse engineer and has a passion for sharing his knowledge with others. He is the Director of Training for OISF, where he leads all training activity for the foundation and is also responsible for academic outreach and developing research initiatives. Josh is also an Associate Professor of Cyber Security at Dakota State University where he teaches malware analysis and reverse engineering, an author on Pluralsight, and a threat researcher for Bromium.
Peter Manev (Twitter: @pevma) is a co-founder of Stamus Networks, where he acts as CSO. He has been an active OISF member for a decade and has a 15 year-long record of activity in the field of IT security. An adamant admirer and explorer of innovative open-source security software, Peter is also the lead developer of SELKS.
Hands-On TCP Deep Dive with Wireshark
Chris Greer, Network Analyst and Wireshark Instructor at Packet Pioneer
A solid understanding of how TCP works is critical for anyone interested in cybersecurity. Almost all enumeration, incident response, and traffic forensics require the analyst to dig into and interpret TCP flows. In this video we will take a look at how TCP is used to investigate and establish connections, how data is transmitted and acknowledged, how connections are torn down, and what problem indicators should catch our eye in Wireshark. This video welcomes all cybersecurity and Wireshark experience levels.
Chris Greer is a network analyst and Wireshark instructor for Packet Pioneer, a Wireshark University partner. He has focused much of his career at the transport layer, specifically TCP, specializing in how this core protocol works to deliver applications, services, and attacks between systems. Chris is a regular speaker at Sharkfest - the Wireshark Developer and User Conference, as well as an author for Pluralsight.
Call for Hands-On Virtual Workshops at Packet Hacking Village at DEF CON 29
Overview
The Wall of Sheep would like to announce a call for workshops at DEF CON 29, "You Can't Stop the Signal." This hybrid conference will take place from Thursday, August 5 to Sunday, August 8, 2021. The Packet Hacking Village Virtual Workshops' goal is to deliver hands-on virtual training sessions that increase security awareness and provide skills to help bridge the gap between existing knowledge and more advanced topics with the intent to allow for immediate application after the conference. Our audience ranges from those new to security to the most seasoned security practitioners. Introductory workshops are welcome! A nominal fee will be charged for advanced registration of these workshops. However, all proceeds will go directly to The National Upcycled Computing Collective. Here is your chance to give back to the community in multiple ways! Each student will have access to a Kali Virtual Machine (VM) and other VMs that the instructor requires. Teaching assistants will be available to provide students with essential support if necessary.
Potential topics could include:
- Fundamental networking skills (i.e. ports and protocols, OSI model, hardware, segmentation)
- Core routing skills (IPv4, IPv6)
- Web communication, and related protocols (i.e. TCP/IP, SMB, ARP, HTTP)
- Tools for network sniffing, intrusion detection, monitoring, reverse engineering, forensics, penetration testing, data collection, or visualization
- Purple teaming
- Secure Software Development
- Training in hacking/security tools and their usage in the corporate world
- Programming for security practitioners
- Tool/task automation and optimization
- File system fundamentals for forensics (i.e. NTFS, EXT3/4, HFS+, FAT, FAT32 ExFat)
- Incident response process and procedures
The Wall of Sheep will not accept product or vendor-related pitches. If your content is a thinly veiled advertisement for a product or service your company is offering, please do not apply!
The Call for Presentations will close on Friday, June 25, 2021, at 11:59 PM PDT. The list of talks will be finalized and published on Wednesday, July 21, 2021.
Speaking Format
Each teaching slot is 1, 1.5, or 2 hours maximum, including time for Q&A. If we have time and it is in line with our goals mentioned above, then there is a good chance you will be selected.
TO SUBMIT A WORKSHOP, PLEASE PROVIDE THE FOLLOWING INFORMATION IN THE FORM BELOW TO CFW2021[AT]WALLOFSHEEP[DOT]COM
PRIMARY SPEAKER NAME:
PRIMARY SPEAKER TITLE AND COMPANY (IF APPLICABLE):
PRIMARY SPEAKER EMAIL ADDRESS:
PRIMARY SPEAKER PHONE NUMBER (TO CONTACT YOU IF NECESSARY DURING THE CONFERENCE):
PRIMARY SPEAKER TWITTER NAME (IF YOU WANT IT KNOWN IF YOU ARE ACCEPTED):
ADDITIONAL SPEAKERS' NAME(S), TITLES, AND SOCIAL INFORMATION:
ADDITIONAL EMAIL ADDRESSES:
IS THERE A SPECIFIC DAY OR TIME YOU MUST SPEAK BY?
NAME OF WORKSHOP:
LENGTH OF WORKSHOP:
(1, 1.5, or 2 hours)
ABSTRACT:
Your abstract will be used for the website and printed materials. Summarize what your workshop will cover. Attendees will read this to get an idea of what they should know before your presentation and what they will learn after. Use this to inform about how technical your talk is. This abstract is the primary way people will be drawn to your session. CFW reviewers like to see what tools will be used and what materials you suggest reading in advance to get the most out of your presentation.
SPEAKER'S BIO(S):
This text will be used for the website and printed materials and should be written in the third person. Cover any professional history that is relevant to the presentation, including past jobs, tools that you have written, etc. Let people know who you are and why you are qualified to speak on your topic. Presentations that are submitted without biographies will not be considered.
DETAILED OUTLINE:
You must provide a detailed outline containing the main points and navigation through your workshop. Show how you intend to begin, where you intend to lead the audience, and how you plan to get there. The outline may be provided in a separate attachment and may be as simple as a text file or as detailed as a "bare bones" presentation. The better your outline then, the better we can review your presentation against other submissions (and the higher chance you have of being accepted).
SUBMISSION NOTE: Presentations that are submitted without abstracts, outlines, or speaker bios (e.g., that have only PDFs, PPTs, or white papers attached or only point to a URL) will not be considered.
SUPPORTING FILE(S):
Additional supporting materials such as code, white papers, proof of concept, etc., should be sent along with this email to cfw2021[at]wallofsheep[dot]com. Note that additional files that may help in the selection process should be included. We are not asking for a complete presentation for this initial submission. That will only be required if you are selected for presenting.
NOTE:
Attendees will be allowed to pre-register for the workshop prior to DEF CON; there will be a small charge with the proceeds going to a charity of the Packet Hacking Village's choice.
Terms and Conditions
By submitting, you agree to the Terms and Conditions below. Please read and accept these terms by inserting your name in the appropriate area; otherwise, your application will be considered incomplete and returned to you.
GRANT OF COPYRIGHT USE
I warrant that the above work has not been previously published elsewhere, or if it has, that I have obtained permission for its publication by Aries Security, LLC. and that I will promptly supply Aries Security, LLC. with wording for crediting the original publication and copyright owner. If I am selected for presentation, I hereby give Aries Security, LLC. Permission to duplicate, record, and redistribute this presentation, which includes, but is not limited to, the conference proceedings, conference CD, video, audio, and hand-outs to the conference attendees for educational, online, and all other purposes.
TERMS OF SPEAKING REQUIREMENTS
1. I will submit a completed (and possibly updated) presentation and a reference to all the tool(s), law(s), Web sites and/or publications referenced at the end of my talk and as described in this CFW submission by noon PDT, July 21, 2021.
2. I will submit a final Abstract and Biography to the Wall of Sheep by noon PDT, July 21, 2021.
3. I will include a detailed bibliography as either a separate document or contained within the presentation of all resources cited and/or used in my presentation.
4. I will complete my presentation within the time allocated to me - not running over the time allocation.
YES, I (INSERT PRIMARY SPEAKER NAME) HAVE READ AND AGREE TO THE GRANT OF COPYRIGHT USE.
I, (INSERT YOUR NAME HERE), HAVE READ AND UNDERSTAND AND AGREE TO THE TERMS AS DETAILED IN THE AGREEMENT TO TERMS OF SPEAKING REQUIREMENTS.
IN THE CASE THAT A SPEAKER IS A CHILD UNDER THE AGE OF 13 YEARS OLD: IN COMPLIANCE WITH THE CHILDREN'S ONLINE PRIVACY PROTECTION ACT (COPPA) REGULATIONS, https://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/childrens-online-privacy-protection-rule, ANY CHILD UNDER AGE 13 MUST HAVE PARENTAL CONSENT FOR THE COLLECTION, USE, OR DISCLOSURE OF THAT CHILD'S PERSONAL INFORMATION BY A WEBSITE. PARENT/GUARDIAN CONSENT: I (INSERT PARENT/GUARDIAN'S NAME HERE) AM THE PARENT OR GUARDIAN OF THE MINOR/S NAMED ABOVE. I HAVE READ AND UNDERSTAND AND AGREE TO THE TERMS AS DETAILED IN THE AGREEMENT TO TERMS OF SPEAKING REQUIREMENTS.
UPDATED Call for Hands-On Workshops at Packet Hacking (Virtual) Village Talks at DEF CON 28
Overview
The Wall of Sheep would like to announce a call for Workshops at DEF CON 28 “Safe Mode.” This virtual conference will take place from Thursday, August 6th to Sunday, August 9th. The Packet Hacking Village Workshops’ goal is to deliver hands-on training sessions that increase security awareness and provide skills that can be immediately applied after the conference. Our audience ranges from those who are new to security to the most seasoned practitioners in the security industry. Introductory workshops are welcome! A very nominal fee will be charged for advanced registration of these workshops. However, all proceeds will go directly to The National Upcycled Computing Initiative (NUCC). This is your chance to give back to the community in multiple ways!
Each student will have access to a Kali virtual machine (VM) and other VMs that are required by the instructor. Teaching assistants will be available to provide basic support if necessary.
Topics of interest include:
- Tools for Network sniffing, intrusion detection, monitoring, reverse engineering, forensics, penetration testing, data collection and visualization
- Purple teaming
- Secure Software Development
- Training in hacking/security tools and their usage in the corporate world
- Programming for security practitioners
- Tool/task automation and optimization
- Incident response process and procedures
The Wall of Sheep will not accept product or vendor related pitches. If your content is a thinly-veiled advertisement for a product or service your company is offering, please do not apply!
The Call for Presentations will close on Friday, June 26th at 11:59 PM PDT. The list of talks will be finalized and published on Wednesday, July 15th.
Speaking Format
Each teaching slot is 1, 1.5 or 2 hours maximum, including time for Q&A. If we have time and it is in line with our goals mentioned above, then there is a good chance you will be selected.
To submit a workshop, please provide the following information in the form below to cfw2020[at]wallofsheep[dot]com
Primary Speaker Name:
Primary Speaker Title and Company (if applicable):
Primary Speaker Email Address:
Primary Speaker Phone Number (to contact you if necessary during the conference):
Primary Speaker Twitter name (if you want it known if you are accepted):
Additional Speakers' name(s), titles, and social information:
Additional Email Addresses:
Is there a specific day or time you MUST speak by?
Name of Workshop:
Length of Workshop:
(1, 1.5, or 2 hours)
Abstract:
Your abstract will be used for the website and printed materials. Summarize what your workshop will cover. Attendees will read this to get an idea of what they should know before your presentation, and what they will learn after. Use this to inform about how technical your talk is. This abstract is the primary way people will be drawn to your session. CFW reviewers like to see what tools will be used and what materials you suggest to read in advance to get the most out of your presentation.
Speaker's Bio(s):
This text will be used for the website and printed materials and should be written in the third person. Cover any professional history that is relevant to the presentation, including past jobs, tools that you have written, etc. Let people know who you are and why you are qualified to speak on your topic. Presentations that are submitted without biographies will not be considered.
Detailed Outline:
You must provide a detailed outline containing the main points and navigation through your workshop. Show how you intend to begin, where you intend to lead the audience and how you plan to get there. The outline may be provided in a separate attachment and may be as simple as a text file or as detailed as a "bare bones" presentation. The better your outline then the better we are able to best review your presentation against other submissions (and the higher chance you have of being accepted). SUBMISSION NOTE: Presentations that are submitted without abstracts, outlines, or speaker bios (e.g., that have only PDFs, PPTs, or white papers attached or only point to a URL) will not be considered.
Supporting File(s):
Additional supporting materials such as code, white papers, proof of concept, etc. should be sent along with this email to cfw2020[at]wallofsheep[dot]com. Note that additional files that may help in the selection process should be included. We are not asking for a complete presentation for this initial submission. That will only be required if you are selected for presenting.
Note:
Attendees will be allowed to pre-register for the workshop prior to DEF CON; there will be a small charge with the proceeds going to a charity of the Packet Hacking Village's choice.
Terms and Conditions
By submitting you agree to the Terms and Conditions below. Please read and accept these terms by inserting your name in the appropriate area, otherwise your application will be considered incomplete and returned to you.
Grant of Copyright Use
I warrant that the above work has not been previously published elsewhere, or if it has, that I have obtained permission for its publication Aries Security, LLC. and that I will promptly supply Aries Security, LLC. with wording for crediting the original publication and copyright owner. If I am selected for presentation, I hereby give Aries Security, LLC. permission to duplicate, record and redistribute this presentation, which includes, but is not limited to, the conference proceedings, conference CD, video, audio, and hand-outs to the conference attendees for educational, on-line, and all other purposes.
Terms of Speaking Requirements
1. I will submit a completed (and possibly updated) presentation and a reference to all of the tool(s), law(s), Web sites and/or publications referenced to at the end of my talk and as described in this CFW submission by noon PST, July 15, 2020.
2. I will submit a final Abstract and Biography to the Wall of Sheep by noon PST, July 15, 2020.
3. I will include a detailed bibliography as either a separate document or included within the presentation of all resources cited and/or used in my presentation.
4. I will complete my presentation within the time allocated to me - not running over the time allocation.
Yes, I, (insert primary speaker name), have read and agree to the Grant of Copyright Use.
I, (insert your name here), have read and understand and agree to the terms as detailed in the Agreement to Terms of Speaking Requirements.
In the case that a speaker is a child under the age of 13 years old: in compliance with the Children's Online Privacy Protection Act (COPPA) regulations, http://www.coppa.org, any child under age 13 must have parental consent for the collection, use, or disclosure of that child's personal information by a website. Parent/Guardian Consent: I (insert parent/guardian's name here) am the parent or guardian of the minor/s named above. I have read and understand and agree to the terms as detailed in the Agreement to Terms of Speaking Requirements.
Call for Hands-On Workshops at Packet Hacking Village at DEF CON 28 Now Open
Overview
The Wall of Sheep would like to announce a call for Workshops at DEF CON 28 in Las Vegas, NV from Thursday, August 6th to Sunday, August 9th. The Packet Hacking Village Workshop's goal is to deliver hands-on training sessions that increase security awareness and provide skills that can be immediately applied after the conference. Our audience ranges from those who are new to security to the most seasoned practitioners in the security industry. Introductory workshops are welcome! A very nominal fee will be charged for advanced registration of these workshops. However, all proceeds will go directly to Hackers for Charity. This is your chance to give back to the community in multiple ways!
The hands-on workshops area will have 40 computers pre-loaded with the necessary tools so attendees will not need to bring their own laptop. There will be one computer available for the presenter that is a mirror of the attendees. The mirror laptop will be displayed on one screen; a second projected display and hookups is available for you to present your material. We will be able to pre-load any software (within reason) including one virtual machine for your presentation. The computers will boot Kali Linux. While network access is available to all machines, it should not be relied upon for your presentation... this is DEF CON after all. :)
Topics of interest include:
- Tools for Network sniffing, intrusion detection, monitoring, reverse engineering, forensics, penetration testing, data collection and visualization
- Purple teaming
- Secure Software Development
- Training in hacking/security tools and their usage in the corporate world
- Programming for security practitioners
- Tool/task automation and optimization
- Incident response process and procedures
The Wall of Sheep will not accept product or vendor related pitches. If your content is a thinly-veiled advertisement for a product or service your company is offering, please do not apply!
The Call for Workshops will close on Friday, June 12th at 11:59 PM PDT. The list of talks will be finalized and published on Friday, June 26th.
Speaking Format
Each teaching slot is 1, 1.5 or 2 hours maximum, including time for Q&A. If we have time and it is in line with our goals mentioned above, then there is a good chance you will be selected.
To submit a workshop, please provide the following information in the form below to cfw2020[at]wallofsheep[dot]com
Primary Speaker Name:
Primary Speaker Title and Company (if applicable):
Primary Speaker Email Address:
Primary Speaker Phone Number (to contact you if necessary during the conference):
Primary Speaker Twitter name (if you want it known if you are accepted):
Additional Speakers' name(s), titles, and social information:
Additional Email Addresses:
Is there a specific day or time you MUST speak by?
Name of Workshop:
Length of Workshop:
(1, 1.5, or 2 hours)
How many VMs do you require on each student's laptop?
(0, 1, 2, 3+, unknown)
Abstract:
Your abstract will be used for the website and printed materials. Summarize what your workshop will cover. Attendees will read this to get an idea of what they should know before your presentation, and what they will learn after. Use this to inform about how technical your talk is. This abstract is the primary way people will be drawn to your session. CFW reviewers like to see what tools will be used and what materials you suggest to read in advance to get the most out of your presentation.
Equipment Needs & Special Requests:
The Wall of Sheep will provide laptops pre-loaded with software for the attendees, you will have 1 projected laptop setup the same as the attendees for demonstration, 1 projector feed for your laptop/material, and microphones. The laptops will boot Kali; please let us know if there is any software you will need pre-loaded on the workshop laptops. If you have a VM, please make sure it works with VirtualBox. One month before DEF CON, you will be asked to provide all software so it can be pre-loaded on the systems. Changes to your software configuration cannot be made after this time or during the conference. We cannot accept workshops that require multiple VMs to be running simultaneously.
Speaker's Bio(s):
This text will be used for the website and printed materials and should be written in the third person. Cover any professional history that is relevant to the presentation, including past jobs, tools that you have written, etc. Let people know who you are and why you are qualified to speak on your topic. Presentations that are submitted without biographies will not be considered.
Detailed Outline:
You must provide a detailed outline containing the main points and navigation through your workshop. Show how you intend to begin, where you intend to lead the audience and how you plan to get there. The outline may be provided in a separate attachment and may be as simple as a text file or as detailed as a "bare bones" presentation. The better your outline then the better we are able to best review your presentation against other submissions (and the higher chance you have of being accepted). SUBMISSION NOTE: Presentations that are submitted without abstracts, outlines, or speaker bios (e.g., that have only PDFs, PPTs, or white papers attached or only point to a URL) will not be considered.
Supporting File(s):
Additional supporting materials such as code, white papers, proof of concept, etc. should be sent along with this email to cfw2020[at]wallofsheep[dot]com. Note that additional files that may help in the selection process should be included. We are not asking for a complete presentation for this initial submission. That will only be required if you are selected for presenting.
Note:
Attendees will be allowed to pre-register for the workshop prior to DEF CON; there will be a small charge with the proceeds going to a charity of the Packet Hacking Village's choice.
Terms and Conditions
By submitting you agree to the Terms and Conditions below. Please read and accept these terms by inserting your name in the appropriate area, otherwise your application will be considered incomplete and returned to you.
Grant of Copyright Use
I warrant that the above work has not been previously published elsewhere, or if it has, that I have obtained permission for its publication Aries Security, LLC. and that I will promptly supply Aries Security, LLC. with wording for crediting the original publication and copyright owner. If I am selected for presentation, I hereby give Aries Security, LLC. permission to duplicate, record and redistribute this presentation, which includes, but is not limited to, the conference proceedings, conference CD, video, audio, and hand-outs to the conference attendees for educational, on-line, and all other purposes.
Terms of Speaking Requirements
1. I will submit a completed (and possibly updated) presentation and a reference to all of the tool(s), law(s), Web sites and/or publications referenced to at the end of my talk and as described in this CFW submission by noon PST, June 30th, 2020.
2. I will submit a final Abstract and Biography to the Wall of Sheep by noon PST, June 30th, 2020.
3. I will include a detailed bibliography as either a separate document or included within the presentation of all resources cited and/or used in my presentation.
4. I will complete my presentation within the time allocated to me - not running over the time allocation.
5. I understand that the Wall of Sheep will provide 1 Laptop pre-loaded with software with a projector feed, 1 LCD projector feed, and microphones. I understand that I am responsible for providing all other necessary equipment, including laptops and machines (with VGA output), to complete my presentation.
6. I understand that I will be responsible for my own hotel and travel expenses, and admissions to the DEF CON Conference.
Yes, I, (insert primary speaker name), have read and agree to the Grant of Copyright Use.
I, (insert your name here), have read and understand and agree to the terms as detailed in the Agreement to Terms of Speaking Requirements.
In the case that a speaker is a child under the age of 13 years old: in compliance with the Children's Online Privacy Protection Act (COPPA) regulations, http://www.coppa.org, any child under age 13 must have parental consent for the collection, use, or disclosure of that child's personal information by a website. Parent/Guardian Consent: I (insert parent/guardian's name here) am the parent or guardian of the minor/s named above. I have read and understand and agree to the terms as detailed in the Agreement to Terms of Speaking Requirements.
Packet Hacking Village Workshops Tickets Sales
Packet Hacking Village Workshops at DEF CON 27 Finalized
Call for Workshops at Packet Hacking Village at DEF CON 27
Preview of the Packet Hacking Village at DEF CON 26, All the Events
Capture The Packet (CTP)
The time for those of hardened mettle is drawing near; are you prepared to battle? Compete in the world’s most challenging cyber defense competition based on the Aries Security Cyber Range . In order to triumph over your competitors, contestants must be well rounded, like the samurai. Tear through the challenges, traverse a hostile enterprise class network, and diligently analyze what is found in order to make it out unscathed. Not only glory, but prizes await those that emerge victorious from this upgraded labyrinth.
The Dark Tangent has asked that we extend your time in the labyrinth and this has caused the difficulty of challenges to be amplified, so only the best prepared and battle hardened will escape the crucible. Follow us on Twitter or Facebook (links below) to get notifications for dates and times your team will compete, as well as what prizes will be awarded.
Wall Of Sheep
An interactive look at what could happen if you let your guard down when connecting to any public network, Wall of Sheep passively monitors the DEF CON network looking for traffic utilizing insecure protocols. Drop by, hang out, and see for yourself just how easy it can be! Most importantly, we strive to educate the “sheep” we catch, and anyone else interested in protecting themselves in the future. We will be hosting several ‘Network Sniffing 101’ training sessions using Wireshark, Ettercap, dsniff, and other traffic analyzers.
Wall of Sheep DJ Community - WoSDJCo
Come chill with us while we play all your favorite Deep, underground house, techno, breaks, and DnB beats mixed live all weekend by your fellow hacker DJs. We will provide the soundtrack for all your epic PHV hax, just like we do every year. Schedule of DJs available at: https://wallofsheep.com/pages/dc26
Packet Detective
Looking to upgrade your skills or see how you would fare in Capture The Packet? Come check out what Packet Detective has to offer! A step up in difficulty from Packet Investigator, Packet Detective will put your network hunting abilities to the test with real-world scenarios at the intermediate level. Take the next step in your journey towards network mastery in a friendly environment still focused on learning and take another step closer to preparing yourself for the competitive environment of Capture The Packet.
NEW FOR 2018: Packet Inspector
Taking the place of Packet Detective as your introduction to network analysis, sniffing, and forensics. Do you want to understand the techniques people use to tap into a network, steal passwords and listen to conversations? Packet Inspector is the place to develop these skills! For well over a decade, the Wall of Sheep has shown people how important it is to use end-to-end encryption to keep sensitive information like passwords private. Using a license of the world famous Capture The Packet engine from Aries Security, we have created a unique way to teach hands-on skills in a controlled real-time environment.
Join us in the Packet Hacking Village to start your quest towards getting a black belt in Packet-Fu.
NEW FOR 2018: Walkthrough Workshops - Learn to build Honey Pots
The Packet Hacking Village brings yet another Def Con premiere: Walkthrough Workshops, where you will go on a self-guided journey to building your own honey pot, taking it live and hopefully trapping some unsuspecting users. Fear not though, like with all our other training events, we will have helpful and knowledgeable staff on hand to assist you along the way!
PHV Talks
Back for a sixth year, we continue to accept presentations focusing on practice and process while emphasizing defense. Speakers will present talks and training on research, tools, techniques, and design, with a goal of providing skills that can be immediately applied during and after the conference. Our audience ranges from those who are new to security, to the most seasoned practitioners in the security industry. Expect talks on a wide variety of topics for all skill levels. Updated schedule available at: https://wallofsheep.com/pages/dc26
PHV Workshops
A returning favorite from last year, we have hands-on labs and training sessions from an amazing line-up of instructors covering beginner to advanced level material. See our website for updated schedules. Updated schedule available at: https://wallofsheep.com/pages/dc26
Packet Hacking Village Workshops at DEF CON 26 Finalized
Link to register for our hands-on workshops: https://www.eventbrite.com/e/packet-hacking-village-hands-on-workshops-2018-tickets-47710826366
There will be three waves of registration:
- Wave 1: 18:18 PST on Wednesday, July 18th
- Wave 2: 08:00 AM PDT / 4 PM UK time on Wednesday, July 25th
- Wave 3: 18:01:08 PDT on Wednesday, August 1st
Workshops Schedule
Friday
- 11:00 - 12:30: Reverse Engineering Malware 101 by Malware Unicorn
- 13:00 - 15:00: Advanced APT Hunting with Splunk by Ryan Kovar and John Stoner
- 15:30 - 17:00: Finding and Attacking Undocumented APIs with Python by Ryan Mitchell
- 17:30 - 19:00: Serious Intro to Python for Admins by Davin Potts
Saturday
- 09:30 - 13:30: Kali Dojo Workshop by Johnny Long
- 14:00 - 16:00: Intense Introduction to Modern Web Application Hacking by Omar Santos and Ron Taylor
- 16:30 - 18:00: Mallet, An Intercepting Proxy for Arbitrary Protocols by Rogan Dawes
Sunday
- 11:00 - 13:00: Advanced APT Hunting with Splunk by Ryan Kovar and John Stoner
Advanced APT Hunting with Splunk
You wanna learn how to hunt the APTs? This is the workshop for you. Using a real-worldish dataset, this workshop will teach you how to hunt the "fictional" APT group Taedonggang. We discuss the Diamond model, hypothesis building, LM Kill Chain, and Mitre Att&ck framework and how these concepts can frame your hunting. Then we look deep in the data using Splunk and OSINT to find the APT activity riddling a small startup's network. We walk you through detecting lateral movement, the P of APT, and even PowerShell Empire. Then at the end, we give you a similar dataset and tools to take home and try newly learned techniques yourself.
Ryan Kovar fought in the cyberwars and has been doing cybery things for almost 20 years. Now he is a Principal Security Strategist at Splunk building cool stuff, talking about security thingies, and helping other people fight their battles. He hates printers.
John Stoner is a Principal Security Strategist at Splunk. During his career he has worked in operations, consulting and solutions engineering. In his current role, he leverages his many years of experience in log management, SIEM, security operations and threat intelligence to provide solutions that drive greater situational awareness for organizations.
Reverse Engineering Malware 101
This workshop provides the fundamentals of reversing engineering (RE) Windows malware using a hands-on experience with RE tools and techniques. Attendees will be introduced to RE terms and processes, followed by basic x86 assembly, and reviewing RE tools and malware techniques. It will conclude by attendees performing a hands-on malware analysis that consists of Triage, Static, and Dynamic analysis. Prerequisites: Basic understanding of programming C/C++, Python, or Java . Provided: A virtual machine and tools will be provided. Features: 5 Sections in 1.5 hours:
- ~15 min Fundamentals
- ~15 min Tools/Techniques
- ~30 min Triage Static Analysis + Lab
- ~30 min Dynamic Analysis + Lab
Amanda (Twitter: @malwareunicorn) absolutely loves malware. She works as a Senior Malware Researcher at Endgame who focuses on threat research focusing in dynamic behavior detection both on Windows and OSX platforms.
Serious Intro to Python for Admins
Intended for an audience of IT managers and admins who are either responsible for systems with deployed Python apps and/or interested in the security implications of developing their own tools/scripts/apps in Python. This will be a hands-on exercise from start to finish designed to leave you with a sense of the mentality of Python and an ability to quickly look up what you need when expanding your knowledge of Python in the future. Prior programming experience not required. However it would be helpful if you've seen lots of Monty Python skits before.
Davin Potts is a Python Core Developer and lead dev for the multiprocessing module in the Python standard library. For a day job, Davin is a scientific software consultant working primarily on data science projects. Also refer to https://www.crunchbase.com/person/davin-potts.
Mallet, an intercepting proxy for arbitrary protocols
Mallet is an intercepting proxy for arbitrary protocols. More accurately, it is a framework for building proxies for arbitrary protocols. Mallet provides the basics required of all proxies: A way to receive the data, a way to send the data, and a user interface to intercept and edit the data. It builds on the Netty project, and as such has access to a large, well-tested suite of protocol implementations that can be used to transform a stream of bytes into useful, high-level protocol objects.
This workshop will introduce attendees to Mallet, and show how to construct pipelines of arbitrary complexity, to successfully decode and intercept messages in various protocols, as well as automating modifications of the various messages.
A basic familiarity with Java will enhance the delegate's understanding of what they are taught, but is not a requirement.
Rogan Dawes is a senior researcher at SensePost and has been hacking since 1998, which, coincidentally, is also the time he settled on a final wardrobe. He used the time he saved on choosing outfits to live up to his colleague's frequent joke that he has an offline copy of the Internet in his head. Rogan spent many years building web application assessment tools, and is credited as having built one of the first and most widely used intercepting proxies, WebScarab.
Kali Dojo Workshop
Kali Linux can be deeply and uniquely customized to specific needs and tasks. In this workshop, we will customize Kali Linux into a very specific offensive tool, and walk you through the process of customization step by step. We will create a custom Kali ISO that will: load very specific toolsets; define a custom desktop environment and wallpaper; leverage customized features and functions; launch custom tools and scripts; install Kali automatically, without user intervention as a custom "OS backdoor". This workshop will guide you through all the aspects of Kali customization and give you the skills to create your own highly-customized Kali ISO, like the much feared Kali "ISO of Doom".
Kali Live USB With Persistence And LUKS (2.5hrs)
In this section we will show you how to deploy your customized Kali ISO to a secure, encrypted, USB device. ➤ We will show you how to add standard and encrypted USB persistence so you can save your data and we will walk you through a custom LUKS "nuke" deployment that will obliterate your encrypted data when presented with a specific kill phrase. We will also will discuss strategies to help you safely and legally cross international borders with your encrypted data without compromising it. When you complete this course, you will have the skills to create a completely customized, powerful, portable Kali ISO or USB with full encryption, persistence and the peace of mind of LUKS nuke. And, to sweeten the deal, we will provide super-cool custom Kali-branded USB drives.
Johnny Long spent his career as a professional hacker. He is the author of numerous security books including No-Tech Hacking and Google Hacking for Penetration Testers and is a contributor to Kali Linux Revealed. He is the founder of Hackers for Charity and currently works with the Offensive Security team.
Intense Introduction to Modern Web Application Hacking
This course starts with an introduction to modern web applications and immediately starts diving directly into the mapping and discovery phase of testing. In this course, you will learn new methodologies used and adopted by many penetration testers and ethical hackers. This is a hands-on training where will use various open source tools and learn how to exploit SQL injection, command injection, cross-site scripting (XSS), XML External Entity (XXE), and cross-site request forgery (CSRF). We will wrap up our two hour fast-paced course by unleashing students on a vulnerable web application with their newly found skills.
Omar Santos (Twitter: @santosomar) is a Principal Engineer in the Cisco Product Security Incident Response Team (PSIRT) within Cisco's Security Research and Operations. He mentors and leads engineers and incident managers during the investigation and resolution of security vulnerabilities in all Cisco products, including cloud services. Omar has been working with information technology and cyber security since the mid-1990s. Omar has designed, implemented, and supported numerous secure networks for Fortune 100 and 500 companies and the U.S. government. Prior to his current role, he was a Technical Leader within the World Wide Security Practice and the Cisco Technical Assistance Center (TAC), where he taught, led, and mentored many engineers within both organizations.
Ron Taylor (Twitter: @Gu5G0rman) has been in the Information Security field for almost 20 years. Ten of those years were spent in consulting. In 2008, he joined the Cisco Global Certification Team as an SME in Information Assurance. In 2012, he moved into a position with the Security Research & Operations group, where his focus was mostly on penetration testing of Cisco products and services. He was also involved in developing and presenting security training to internal development and test teams globally. Additionally, he provided consulting support to many product teams as an SME on product security testing. He then spent some time as a Consulting Systems Engineer specializing in Cisco's security product line. His current role is working within the Cisco Product Security Incident Response Team (PSIRT). He has held a number of industry certifications including GPEN, GWEB, GCIA, GCIH, GWAPT, RHCE, CCSP, CCNA, CISSP, and MCSE. Ron is also a Cisco Security Blackbelt, SANS mentor, Cofounder and President of the Raleigh BSides Security Conference, and an active member of the Packet Hacking Village team at DEF CON.
Finding and Attacking Undocumented APIs with Python
Write Python web bots using Selenium and BrowserMob Proxy to crawl the Internet looking for non-public APIs. We will look at several ways to identify vulnerabilities in discovered APIs as a means for penetration testing and large scale data gathering. Participants should have some Python experience, as well as a familiarity with HTTP requests.
Ryan Mitchell is a senior software engineer at HedgeServ in Boston, where she develops APIs and data analytics tools for hedge fund managers. She is a graduate of Olin College of Engineering and Harvard University Extension School with a master's in software engineering and certificate in data science. Since 2012 she has regularly consulted, lectured, and run workshops around the country on the topics of web scraping, Python automation tools, and data science.