News

We still have a small number of #workshop tickets available for the Packet Hacking Village at DEF CON 29! There are some great speakers lined up, so don't miss your chance 🐏❤️🐏

Regular tickets: $30
Student/military: $10
Non-interactive: $20

To purchase tickets, go to https://www.eventbrite.com/e/packet-hacking-village-virtual-workshops-at-dc-29-ticket-sales-registration-164777220101

Schedules of workshops, talks, and events at the Packet Hacking Village are available at https://www.wallofsheep.com/pages/dc29.

Workshops Schedule

Friday, August 6, 2021 (all times PDT [GMT-7])
09:00 - 11:00	Web App Penetration Testing Workshop Dr. Sunny Wear
12:00 - 14:00	Hunting Evil with Wireshark Michael Wylie
Saturday, August 7, 2021
09:00 - 11:00	APT Hunting with Splunk John Stoner
12:00 - 14:00	Security Investigations with Splunk Robert Wagner
Sunday, August 8, 2021
09:00 - 11:00	Intrusion Analysis and Threat Hunting with Suricata Josh Stroschein, Peter Manev
12:00 - 14:00	Hands-On TCP Deep Dive with Wireshark Chris Greer

Workshops Abstracts and Bios

Web App Penetration Testing Workshop

Dr. Sunny Wear, Web Security Architect and Penetration Tester

Gain hands-on experience learning how to perform web application penetration testing in this two-hour workshop with the author of the Burp Suite Cookbook, Dr. Sunny Wear. Students will learn Injections attacks such as Cross-site Scripting and SQL Injection attacks, brute-forcing tactics, and optimization techniques for Burp Suite including configurations and macros.

Dr. Sunny Wear (Twitter: @SunnyWear) is a Web Security Architect and Penetration Tester. She provides secure coding classes, creates software, and performs penetration testing against web/API and mobile applications. Sunny has more than 25 years of hands-on software programming, architecture and security experience and holds a Doctor of Science in Cybersecurity. She is a published author, "Burp Suite Cookbook", a developer of mobile apps, such as the “Burp Tool Buddy,” and is a Pluralsight content creator, "Burp Suite for Beginners/Advanced/Writing Plugins". She regularly speaks and holds classes at security conferences such as Defcon, Hackfest, and BSides.

Hunting Evil with Wireshark

Michael Wylie, MBA, CISSP, Sr. Manager, Threat Hunting

This workshop will take attendees’ Wireshark skills to the next level with a heavy emphasis on incident response, threat hunting, and identifying anomalous network traffic. This workshop will begin with a brief introduction to Wireshark and other Network Security Monitoring (NSM) tools/concepts. Throughout the workshop, we’ll examine what different attacks and malware look like while using Wireshark. Attendees will then have hands-on time in the lab to search for Indicators of Compromise (IOCs) and TTPs utilizing staged packet capture files. Labs start out easy and quickly progress in difficulty. There will be plenty of take-home labs for additional practice.

Michael Wylie, MBA, CISSP (Twitter: @TheMikeWylie) is the Sr. Manager of a threat hunting team. In his role, Michael is responsible for managing a global team of analysts hunting for hands-on keyboards activity within customer environments. Michael has developed and taught numerous courses for the U.S. Department of Defense, DEFCON, Universities, and for clients around the world. Michael is the winner of numerous SANS challenge coins and holds the following credentials: CISSP, CCNA R&S, CCNA CyberOps, GMON, GPEN, GCFE, TPN, CEH, CEI, VCP-DCV, CHPA, PenTest+, Project+, and more.

APT Hunting with Splunk

John Stoner, Principal Security Strategist at Splunk

Interested in practicing your hunting skills? If so, this is the workshop for you. Using a real-worldish dataset, this workshop will teach you how to hunt the “fictional” APT group Violent Memmes. We discuss the Diamond model, building hypotheses, LM Kill Chain, and MITRE ATT&CK and how these concepts can frame your hunting. Using Splunk, we will hunt for APT activity riddling a small startup's environment. During the event, we will be presented with a "notable event" and pull on that string to conduct our own hunts based on indicators that we uncover or are identified. Depending on the hunt, we will uncover persistence, exfiltration, c2 and other adversary tactics. We may even find some PowerShell scripts. We will regroup and review the specific hunt conducted and discuss the timeline of events, a narrative that could be shared with others on your team, the artifacts that were uncovered to better identify potential future hunts, ATT&CK techniques referenced as well as what could be operationalized. At the end, we will highlight some additional datasets and content that you can take with you and try newly learned techniques yourself.

John Stoner (Twitter: @stonerpsu) is a Principal Security Strategist at Splunk where he enjoys writing, problem solving and building stuff, including APT Scenarios. When not doing cyber things, you can find him watching his boys play hockey, reading or binge-watching TV series that everyone else has already seen.

Security Investigations with Splunk

Robert Wagner, Splunk and Co-Founder of Hak4Kidz

Investigating with Splunk is a hands-on workshop designed to familiarize participants with how to investigate incidents using Splunk and open source. This workshop provides users a way to gain experience searching in Splunk to answer specific questions related to an investigation. These questions are similar to what would be asked in their own organizations. The workshop leverages the popular Boss of the SOC (BOTS) dataset in a question-and-answer format. Users will leave with a better understanding of how Splunk can be used to investigate in their enterprise. The class includes access to download the free “Investigating with Splunk” app that can be used to review the exercises after the class.

Robert Wagner (Twitter: @mr_minion) is a security professional with 15+ years of InfoSec experience. He is a co-founder of the “Hak4Kidz” charity, a co-organizer of BurbSec and BurbSecCon in Chicago, and is on the Board of Directors of the ISSA Chicago Chapter.

Intrusion Analysis and Threat Hunting with Suricata

Josh Stroschein, Director of IT Training at Open Information Security Foundation (OISF)
Peter Manev, CSO of Stamus Networks

In today’s threat landscape, sophisticated adversaries have routinely demonstrated the ability to compromise enterprise networks and remain hidden for extended periods of time. In Intrusion Analysis and Threat Hunting with open-source Tools, you will learn how to dig deep into network traffic to identify key evidence that a compromise has occurred, learn how to deal with new forms of attack, and develop the skills necessary to proactively search for evidence of new breaches. We will explore key phases of adversary tactics and techniques - from delivery mechanisms to post-infection traffic to get hands-on analysis experience. Open-source tools such as Suricata and Moloch will be utilized to generate data, perform exhaustive traffic analysis, and develop comprehensive threat hunting strategies. By the end of this workshop, you will have the knowledge and skills necessary to discover new threats in your network.

Josh Stroschein (Twitter: @jstrosch) is an experienced malware analyst and reverse engineer and has a passion for sharing his knowledge with others. He is the Director of Training for OISF, where he leads all training activity for the foundation and is also responsible for academic outreach and developing research initiatives. Josh is also an Associate Professor of Cyber Security at Dakota State University where he teaches malware analysis and reverse engineering, an author on Pluralsight, and a threat researcher for Bromium.

Peter Manev (Twitter: @pevma) is a co-founder of Stamus Networks, where he acts as CSO. He has been an active OISF member for a decade and has a 15 year-long record of activity in the field of IT security. An adamant admirer and explorer of innovative open-source security software, Peter is also the lead developer of SELKS.

Hands-On TCP Deep Dive with Wireshark

Chris Greer, Network Analyst and Wireshark Instructor at Packet Pioneer

A solid understanding of how TCP works is critical for anyone interested in cybersecurity. Almost all enumeration, incident response, and traffic forensics require the analyst to dig into and interpret TCP flows. In this video we will take a look at how TCP is used to investigate and establish connections, how data is transmitted and acknowledged, how connections are torn down, and what problem indicators should catch our eye in Wireshark. This video welcomes all cybersecurity and Wireshark experience levels.

Chris Greer is a network analyst and Wireshark instructor for Packet Pioneer, a Wireshark University partner. He has focused much of his career at the transport layer, specifically TCP, specializing in how this core protocol works to deliver applications, services, and attacks between systems. Chris is a regular speaker at Sharkfest - the Wireshark Developer and User Conference, as well as an author for Pluralsight.

Schedules of talks and events at the Packet Hacking Village are available at https://www.wallofsheep.com/pages/dc29. More talks will be added soon. All talks will be streamed on YouTube, Twitch, Facebook, and Periscope.

*nix Processes. Starting, Stopping, and Everything In Between

Nick Roy

Core Topic: Operating Systems: *nix

Recording discusses Linux and Unix processes, starting with a high level overview of what a process is and what the key components are. We then take a look at how the operating system manages multiple processes, what are the main components of a running process, and finally some common syscalls used in Linux when creating processes. Finally, we look at a few code samples to show how these calls are used with a simple shell. All code can be found here to compliment the video: https://github.com/superducktoes/syscall_processes

Nick Roy (Twitter: @superducktoes) currently works for a global security vendor creating training content and researching new attacker patterns and techniques. Previously he worked at an automation platform startup teaching people about the joys and benefits of automation. While not working he lives in Boston with his wife and two cats hunting out the best dive bars in Boston and solving math problems on college chalkboards overnight.

Internet Protocol (IP)

Roy Feng

Core Topic: Core Networking

The Internet Protocol is one of the foundational protocols of the Internet, and is what keeps devices connected. This video talks about the fundamentals of the Internet Protocol.

Roy Feng (Twitter: @LPF613) is a networking and cybersecurity enthusiast. He has six years of experience working as a network engineer and one year working in threat intelligence. His latest role is at a managed security service provider, where he leads a team of incident responders and threat hunters to help investigate and respond to incidents as well as hunt for threats in customer environments. In his spare time, Roy can be seen building and maintaining his home lab, and learning about and tinkering with the latest and greatest technologies.

Linux Binary Analysis w/ Strace

Jared Stroud, Lacework

Core Topic: File Analysis

The strace utility allows for deep insight into what an application is doing on a nix host. While the amount of data produced can be overwhelming, in this video I'll demonstrate how to filter, log and obtain relevant information for a wide variety of use cases around file analysis. From diagnosing a bisheaving application, to revealing a malware's secrets. This video will give a practical introduction in using strace to spy on *nix applications at the syscall level. All resources can be found here: https://www.github.com/lacework-dev/strace_lab_PUBLIC

Jared Stroud (Twitter: @DLL_Cool_J) is a Cloud Security Researcher at Lacework where he focuses on emerging Linux and Cloud platform threats. Previously, he worked at The MITRE Corporation where he contributed Unix and Windows tooling for the ATT&CK Fin7/CARBANAK Evaluation and the Open Source adversary emulation utility CALDERA.

MITRE Engage: A Framework for Adversary Engagement Operations

Stan Bar, Capability Area Lead, Cyber Denial, Deception, and Adversary Engagement, The MITRE Corporation
Gabby Raymond, Co-Capability Area Lead, Cyber Denial, Deception, and Adversary Engagement, The MITRE Corporation
Maretta Morovitz, Senior Cyber Security Engineer, The MITRE Corporation

Core Topic: File/Network Monitoring

For 10+ years MITRE has been engaged in denial, deception, and adversary engagement operations for internal defense and research purposes. We have created MITRE Engage as a framework for planning and communicating about adversary engagement operations. In our talk we include:

• A brief overview of what we mean when we say denial, deception, and adversary engagement
• Our vision for the future and why we think this technology matters
• A brief history of our past experiences (and failures) in this space and how that shaped where we are today
• The official release of MITRE Engage 0.9 Beta and ask for community feedback
• A fictional walkthrough of how you can use Engage to get started in adversary engagement operations

Dr. Stanley Barr is a three-time graduate of University of Massachusetts Lowell. He has a BS in Information Sciences, an MS in Mathematics, and a PhD in Computer Science. He has coauthored papers in malware analysis, barrier coverage problems, expert systems for network security, and robotic manufacturing. He has spoken at MILCOM and been a panelist for several conferences. Additionally, he has appeared on several podcasts on adversary engagement and presented at TEDx. Currently, he is a Principal Scientist at The MITRE Corporation. He currently is the Capability Area Leader for Cyber Denial, Deception, and Adversary Engagement. Stan lives with his wife, 5 rescue dogs, and 15 chickens.

Gabby Raymond is a two-time graduate from Tufts University. She holds a B.S. in Mathematics and Computer Science and a M.S. in Computer Science. Her research has spanned topics in intrusion detection, cyber-physical systems, and machine learning applications for security. Gabby recently co-authored a Choose Your Own Adventure style book called "The Toolbox of Innovation" with members of MITRE's Innovation Toolkit team. Outside of work, Gabby enjoys knitting and judging science fairs. Gabby is the Co-Capability Area Lead for Cyber Deception and Adversary Engagement at The MITRE Corporation.

Maretta Morovitz is a graduate of Tufts University School of Engineering, where she graduated with a degree in Computer Science. She is a Senior Cyber Security Engineer at the MITRE Corporation where she works in the areas of adversary engagement, malware analysis, and reverse engineering. She is a founding member of MITRE's Cyber Deterrence and Adversary Management (CDAM) team and has helped shape MITRE's adversary engagement work for the last two years. She was recently named as one fo the AFCEA 40 Under 40 Awardees for 2021. Outside of work you can find her nerding out about the latest Brandon Sanderson novel, still anxiously awaiting her letter from Hogwarts, or snuggling with her dog and hedgehog.

RCE via Meow Variant along with an Example 0day

Özkan Mustafa AKKUŞ, Senior Cyber Security Consultant and Vulnerability Researcher at Turk Telekom

Core Topic: Operating Systems: *nix

I will touch Some Alternative Bypass Restriction Techniques. Then I will present a vulnerability of Ericsson Network Location that provides the infrastructure of the research and we are going to touch on the meow variant with details through this vulnerability Towards the end we are going to prepare a Metasploit module and exploit the vulnerability.

Ozkan (Twitter: @ehakkus) is a vulnerability researcher and senior cyber security consultant in Turkey. Ozkan publishes security vulnerabilities on international platforms that he has discovered. He shares his experiences and works on his personal blog (https://www.pentest.com.tr). He gave training and presentations in many universities and institutions in his country. In addition to these studies, He gave the presentation of "The Vulnerability That Gmail Overlooked and Enabling Threat Hunting" in Packet Hacking Village at DEF CON 28 and "0day Hunting and RCE Exploitation in Web Applications" in AppSec Village at DEF CON 27.

Seeing the Forest Through the Trees – Foundations of Event Log Analysis

Jake Williams, CTO of BreachQuest

Core Topic: System Forensics

During an incident, everyone knows you need to review the logs – but what are they actually telling you? There's a wealth of information to be had in your logs event logs, but most analysts miss the forest because they don't understand the trees. In this talk, Jake will walk you through some of the most impactful event logs to focus on in your analysis. We'll target some old favorites covering login events, service creation, and process execution. We'll also examine task scheduler logs, useful in uncovering lateral movement and privilege escalation. Finally, we'll discuss some of the new event logs available in Windows 10 (if only you enable them first). If you don't want to be barking up the wrong tree during your next insider investigation or getting axed because you failed to identify the lateral movement attempts, make sure to watch this video.

Jake Williams (Twitter: @malwarejake) is an incident responder, red teamer, occasional vCISO, and prolific infosec shitposter. He has traveled the world, but isn't welcome in China or Russia (and avoids most countries they have extradition treaties with). When not speaking at a conference like this one, it's a good bet that Jake is engaged in hand to hand combat with an adversary rooted deep in a network or engineering ways to keep them out. Jake's career in infosec started in the intelligence community, but has taken around the world securing networks of all shapes and sizes, from utilities to hospitals to manufacturing plants.

Seeing Through The Windows: Centralizing Windows Logs For Greater Visibility

Matthew Gracie, Senior Engineer at Security Onion Solutions

Core Topic: Operating Systems: Windows

This talk is a brief summary of how to collect and centralize Windows Event Logs for analysis and free tools that can be used to do so. There is also a demonstration of how to use Elastic Stack to investigate an incident using these collected logs.

Matthew Gracie (Twitter: @InfosecGoon) has over a decade of experience in information security, working to defend networks in higher education, manufacturing, and financial services. He is currently a Senior Engineer at Security Onion Solutions and the founder of the Infosec 716 monthly meetup. Matt enjoys good beer, mountain bikes, Debian-based Linux distributions, and college hockey.

The War for Control of DNS Encryption

Dr. Paul Vixie, Chairman and CEO and Cofounder of Farsight Security, Inc.

Core Topic: Core Networking

Pervasive monitoring of the Internet by both government, corporate, and criminal actors has triggered an encryption wavefront as wide as the Internet itself. DNS, as the map of the Internet's territory, is seen as especially sensitive and there are now several competing encryption standards waiting to be deployed. In this short talk, Dr. Vixie will explain the original problem, describe the protocol-level solutions, and then show how vendors like Google, Mozilla Corporation, Microsoft, and Apple are deploying these technologies across their product lines. Opinions may also be offered.

Dr. Paul Vixie (Twitter: @PaulVixie) is an Internet pioneer. Currently, he is the Chairman, Chief Executive Officer and Cofounder of Farsight Security, Inc. He was inducted into the Internet Hall of Fame in 2014 for work related to DNS and DNSSEC. Dr. Vixie is a prolific author of open-source Internet software including BIND, and of many Internet standards documents concerning DNS and DNSSEC. In addition, he founded the first anti-spam company (MAPS, 1996), the first non-profit Internet infrastructure software company (ISC, 1994), and the first neutral and commercial Internet exchange (PAIX, 1991). He earned his Ph.D. from Keio University.

Security education is the mission of the Packet Hacking Village and the Wall of Sheep. We also take great pride in being a welcoming village for newcomers to DEF CON and to the Cyber Security field. We aim to act as a bridge between our visitors' existing knowledge and a better understanding of security topics by providing both knowledge of core fundamental concepts as well as advanced topics. Each year, there are thousands of newcomers into the Cyber Security field --technical or non-technical. We want to make sure that everyone has a solid foundation in Cyber Security. To that end, we're looking for pre-recorded talks in a 10-12 minute, 25-30 minute, OR 45-50 minute length, to teach our viewers something about one of these fundamental topics:

• Disk structures
• File systems
• Core networking concepts
• Operating Systems: *nix
• Operating Systems: Windows
• Operating Systems: macOS
• Code/cipher/hash fundamentals
• File analysis
• Web traffic fundamentals
• Network capture fundamentals
• Email fundamentals
• File/network/system forensics
• File/network monitoring

We have identified these topics as the fundamental pillars of knowledge in Cyber Security. Our Packet Detective, Packet Inspector, and Capture The Packet events each provide attendees a way to apply knowledge from these topics and more in an engaging learning environment. Our goal is to build a glossary of fundamentals for Cyber Security people of all kinds: students, practitioners, teachers, lawmakers, government officials, and professionals.

Product or vendor related pitches are not welcomed.

To submit a talk, please provide the following information and link to presentation video in the form below to cfp2021[at]wallofsheep[dot]com. The Call for Presentations will close on Friday, July 30th, at 11:59 PM PDT. The list of talks will be finalized and published on Sunday, August 1st.

SPEAKER NAME:

SPEAKER TITLE AND COMPANY (IF APPLICABLE):

SPEAKER EMAIL ADDRESS:

SPEAKER TWITTER NAME (IF YOU WANT IT KNOWN IF YOU ARE ACCEPTED):

NAME OF PRESENTATION:

WHICH ONE OF THE CORE TOPICS DOES YOUR VIDEO FIT INTO (CHECK ONE ONLY):

• Disk structures
• File systems
• Core networking concepts
• Operating Systems: *nix
• Operating Systems: Windows
• Operating Systems: macOS
• Code/cipher/hash fundamentals
• File analysis
• Web traffic fundamentals
• Network capture fundamentals
• Email fundamentals
• File/network/system forensics
• File/network monitoring

BRIEF DESCRIPTION OF YOUR VIDEO:

SPEAKER'S BIO:

This text will be used for the website and printed materials and should be written in the third person. Cover any professional history that is relevant to the presentation, including past jobs, tools that you have written, etc. Let people know who you are and why you are qualified to speak on your topic. Presentations that are submitted without biographies will not be considered.

WHERE TO DOWNLOAD YOUR VIDEO (e.g., Box, Dropbox, Google Drive, YouTube --unlisted), PROVIDE LINK:

As for video format, please use MP4.

TERMS AND CONDITIONS

By submitting you agree to the Terms and Conditions below. Please read and accept these terms by inserting your name in the appropriate area, otherwise your application will be considered incomplete and returned to you.

GRANT OF COPYRIGHT USE

I warrant that the above work has not been previously published elsewhere, or if it has, that I have obtained permission for its publication Aries Security, LLC. and that I will promptly supply Aries Security, LLC. with wording for crediting the original publication and copyright owner. If I am selected for presentation, I hereby give Aries Security, LLC. permission to duplicate, record and redistribute this presentation, which includes, but is not limited to, the conference proceedings, conference CD, video, audio, and hand-outs to the conference attendees for educational, on-line, and all other purposes.

Overview

The Wall of Sheep would like to announce a call for workshops at DEF CON 29, "You Can't Stop the Signal." This hybrid conference will take place from Thursday, August 5 to Sunday, August 8, 2021. The Packet Hacking Village Virtual Workshops' goal is to deliver hands-on virtual training sessions that increase security awareness and provide skills to help bridge the gap between existing knowledge and more advanced topics with the intent to allow for immediate application after the conference. Our audience ranges from those new to security to the most seasoned security practitioners. Introductory workshops are welcome! A nominal fee will be charged for advanced registration of these workshops. However, all proceeds will go directly to The National Upcycled Computing Collective. Here is your chance to give back to the community in multiple ways! Each student will have access to a Kali Virtual Machine (VM) and other VMs that the instructor requires. Teaching assistants will be available to provide students with essential support if necessary.

Potential topics could include:

• Fundamental networking skills (i.e. ports and protocols, OSI model, hardware, segmentation)
• Core routing skills (IPv4, IPv6)
• Web communication, and related protocols (i.e. TCP/IP, SMB, ARP, HTTP)
• Tools for network sniffing, intrusion detection, monitoring, reverse engineering, forensics, penetration testing, data collection, or visualization
• Purple teaming
• Secure Software Development
• Training in hacking/security tools and their usage in the corporate world
• Programming for security practitioners
• Tool/task automation and optimization
• File system fundamentals for forensics (i.e. NTFS, EXT3/4, HFS+, FAT, FAT32 ExFat)
• Incident response process and procedures

The Wall of Sheep will not accept product or vendor-related pitches. If your content is a thinly veiled advertisement for a product or service your company is offering, please do not apply!

The Call for Presentations will close on Friday, June 25, 2021, at 11:59 PM PDT. The list of talks will be finalized and published on Wednesday, July 21, 2021.

Speaking Format

Each teaching slot is 1, 1.5, or 2 hours maximum, including time for Q&A. If we have time and it is in line with our goals mentioned above, then there is a good chance you will be selected.

TO SUBMIT A WORKSHOP, PLEASE PROVIDE THE FOLLOWING INFORMATION IN THE FORM BELOW TO CFW2021[AT]WALLOFSHEEP[DOT]COM

PRIMARY SPEAKER NAME:

PRIMARY SPEAKER TITLE AND COMPANY (IF APPLICABLE):

PRIMARY SPEAKER EMAIL ADDRESS:

PRIMARY SPEAKER PHONE NUMBER (TO CONTACT YOU IF NECESSARY DURING THE CONFERENCE):

PRIMARY SPEAKER TWITTER NAME (IF YOU WANT IT KNOWN IF YOU ARE ACCEPTED):

ADDITIONAL SPEAKERS' NAME(S), TITLES, AND SOCIAL INFORMATION:

ADDITIONAL EMAIL ADDRESSES:

IS THERE A SPECIFIC DAY OR TIME YOU MUST SPEAK BY?

NAME OF WORKSHOP:

LENGTH OF WORKSHOP:

(1, 1.5, or 2 hours)

ABSTRACT:

Your abstract will be used for the website and printed materials. Summarize what your workshop will cover. Attendees will read this to get an idea of what they should know before your presentation and what they will learn after. Use this to inform about how technical your talk is. This abstract is the primary way people will be drawn to your session. CFW reviewers like to see what tools will be used and what materials you suggest reading in advance to get the most out of your presentation.

SPEAKER'S BIO(S):

This text will be used for the website and printed materials and should be written in the third person. Cover any professional history that is relevant to the presentation, including past jobs, tools that you have written, etc. Let people know who you are and why you are qualified to speak on your topic. Presentations that are submitted without biographies will not be considered.

DETAILED OUTLINE:

You must provide a detailed outline containing the main points and navigation through your workshop. Show how you intend to begin, where you intend to lead the audience, and how you plan to get there. The outline may be provided in a separate attachment and may be as simple as a text file or as detailed as a "bare bones" presentation. The better your outline then, the better we can review your presentation against other submissions (and the higher chance you have of being accepted).

SUBMISSION NOTE: Presentations that are submitted without abstracts, outlines, or speaker bios (e.g., that have only PDFs, PPTs, or white papers attached or only point to a URL) will not be considered.

SUPPORTING FILE(S):

Additional supporting materials such as code, white papers, proof of concept, etc., should be sent along with this email to cfw2021[at]wallofsheep[dot]com. Note that additional files that may help in the selection process should be included. We are not asking for a complete presentation for this initial submission. That will only be required if you are selected for presenting.

NOTE:

Attendees will be allowed to pre-register for the workshop prior to DEF CON; there will be a small charge with the proceeds going to a charity of the Packet Hacking Village's choice.

Terms and Conditions

By submitting, you agree to the Terms and Conditions below. Please read and accept these terms by inserting your name in the appropriate area; otherwise, your application will be considered incomplete and returned to you.

GRANT OF COPYRIGHT USE

I warrant that the above work has not been previously published elsewhere, or if it has, that I have obtained permission for its publication by Aries Security, LLC. and that I will promptly supply Aries Security, LLC. with wording for crediting the original publication and copyright owner. If I am selected for presentation, I hereby give Aries Security, LLC. Permission to duplicate, record, and redistribute this presentation, which includes, but is not limited to, the conference proceedings, conference CD, video, audio, and hand-outs to the conference attendees for educational, online, and all other purposes.

TERMS OF SPEAKING REQUIREMENTS

1. I will submit a completed (and possibly updated) presentation and a reference to all the tool(s), law(s), Web sites and/or publications referenced at the end of my talk and as described in this CFW submission by noon PDT, July 21, 2021.

2. I will submit a final Abstract and Biography to the Wall of Sheep by noon PDT, July 21, 2021.

3. I will include a detailed bibliography as either a separate document or contained within the presentation of all resources cited and/or used in my presentation.

4. I will complete my presentation within the time allocated to me - not running over the time allocation.

YES, I (INSERT PRIMARY SPEAKER NAME) HAVE READ AND AGREE TO THE GRANT OF COPYRIGHT USE.

I, (INSERT YOUR NAME HERE), HAVE READ AND UNDERSTAND AND AGREE TO THE TERMS AS DETAILED IN THE AGREEMENT TO TERMS OF SPEAKING REQUIREMENTS.

IN THE CASE THAT A SPEAKER IS A CHILD UNDER THE AGE OF 13 YEARS OLD: IN COMPLIANCE WITH THE CHILDREN'S ONLINE PRIVACY PROTECTION ACT (COPPA) REGULATIONS, https://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/childrens-online-privacy-protection-rule, ANY CHILD UNDER AGE 13 MUST HAVE PARENTAL CONSENT FOR THE COLLECTION, USE, OR DISCLOSURE OF THAT CHILD'S PERSONAL INFORMATION BY A WEBSITE. PARENT/GUARDIAN CONSENT: I (INSERT PARENT/GUARDIAN'S NAME HERE) AM THE PARENT OR GUARDIAN OF THE MINOR/S NAMED ABOVE. I HAVE READ AND UNDERSTAND AND AGREE TO THE TERMS AS DETAILED IN THE AGREEMENT TO TERMS OF SPEAKING REQUIREMENTS.

We hope this finds you and your loved ones well. We thank you for your continuing support after all these years. We miss you all, and look forward to seeing each other in-person soon. The format of DEF CON 29 hasn’t been officially announced yet, but regardless of format (in-person, virtual, combination of the two), Packet Hacking Village will be ON for DEF CON 29. At the very least, we will be having the following events:

• Capture The Packet (CTP)
• Packet Detective (PD)
• Packet Inspector (PI)

More events, including new ones, will be announced soon. We look forward to seeing you all in some capacity.

Packet Inspector

The perfect introduction to network analysis, sniffing, and forensics. Do you want to understand the techniques people use to tap into a network, steal passwords and listen to conversations? Packet Inspector is the place to develop these skills! For well over a decade, the Wall of Sheep has shown people how important it is to use end-to-end encryption to keep sensitive information like passwords private. Using a license of the world famous Capture The Packet engine from Aries Security, we have created a unique way to teach hands-on skills in a controlled real-time environment.

Packet Detective

Looking to upgrade your skills or see how you would fare in Capture The Packet? Come check out what Packet Detective has to offer! A step up in difficulty from Packet Investigator, Packet Detective will put your network hunting abilities to the test with real-world scenarios at the intermediate level. Take the next step in your journey towards network mastery in a friendly environment still focused on learning and take another step closer to preparing yourself for the competitive environment of Capture The Packet.

Capture The Packet

Come compete in the world's most challenging cyber defense competition based on the Aries Security Cyber Range. Tear through the challenges, traverse a hostile enterprise class network, and diligently analyze what is found in order to make it out unscathed. Not only glory, but prizes await those that emerge victorious from this upgraded labyrinth, so only the best prepared and battle hardened will escape the crucible.

Overview

The Wall of Sheep would like to announce a call for Workshops at DEF CON 28 “Safe Mode.” This virtual conference will take place from Thursday, August 6th to Sunday, August 9th. The Packet Hacking Village Workshops’ goal is to deliver hands-on training sessions that increase security awareness and provide skills that can be immediately applied after the conference. Our audience ranges from those who are new to security to the most seasoned practitioners in the security industry. Introductory workshops are welcome! A very nominal fee will be charged for advanced registration of these workshops. However, all proceeds will go directly to The National Upcycled Computing Initiative (NUCC). This is your chance to give back to the community in multiple ways!

Each student will have access to a Kali virtual machine (VM) and other VMs that are required by the instructor. Teaching assistants will be available to provide basic support if necessary.

Topics of interest include:

• Tools for Network sniffing, intrusion detection, monitoring, reverse engineering, forensics, penetration testing, data collection and visualization
• Purple teaming
• Secure Software Development
• Training in hacking/security tools and their usage in the corporate world
• Programming for security practitioners
• Tool/task automation and optimization
• Incident response process and procedures

The Wall of Sheep will not accept product or vendor related pitches. If your content is a thinly-veiled advertisement for a product or service your company is offering, please do not apply!

The Call for Presentations will close on Friday, June 26th at 11:59 PM PDT. The list of talks will be finalized and published on Wednesday, July 15th.

Speaking Format

Each teaching slot is 1, 1.5 or 2 hours maximum, including time for Q&A. If we have time and it is in line with our goals mentioned above, then there is a good chance you will be selected.

To submit a workshop, please provide the following information in the form below to cfw2020[at]wallofsheep[dot]com

Primary Speaker Name:

Primary Speaker Title and Company (if applicable):

Primary Speaker Email Address:

Primary Speaker Phone Number (to contact you if necessary during the conference):

Primary Speaker Twitter name (if you want it known if you are accepted):

Additional Speakers' name(s), titles, and social information:

Additional Email Addresses:

Is there a specific day or time you MUST speak by?

Name of Workshop:

Length of Workshop:

(1, 1.5, or 2 hours)

Abstract:

Your abstract will be used for the website and printed materials. Summarize what your workshop will cover. Attendees will read this to get an idea of what they should know before your presentation, and what they will learn after. Use this to inform about how technical your talk is. This abstract is the primary way people will be drawn to your session. CFW reviewers like to see what tools will be used and what materials you suggest to read in advance to get the most out of your presentation.

Speaker's Bio(s):

This text will be used for the website and printed materials and should be written in the third person. Cover any professional history that is relevant to the presentation, including past jobs, tools that you have written, etc. Let people know who you are and why you are qualified to speak on your topic. Presentations that are submitted without biographies will not be considered.

Detailed Outline:

You must provide a detailed outline containing the main points and navigation through your workshop. Show how you intend to begin, where you intend to lead the audience and how you plan to get there. The outline may be provided in a separate attachment and may be as simple as a text file or as detailed as a "bare bones" presentation. The better your outline then the better we are able to best review your presentation against other submissions (and the higher chance you have of being accepted). SUBMISSION NOTE: Presentations that are submitted without abstracts, outlines, or speaker bios (e.g., that have only PDFs, PPTs, or white papers attached or only point to a URL) will not be considered.

Supporting File(s):

Additional supporting materials such as code, white papers, proof of concept, etc. should be sent along with this email to cfw2020[at]wallofsheep[dot]com. Note that additional files that may help in the selection process should be included. We are not asking for a complete presentation for this initial submission. That will only be required if you are selected for presenting.

Note:

Attendees will be allowed to pre-register for the workshop prior to DEF CON; there will be a small charge with the proceeds going to a charity of the Packet Hacking Village's choice.

Terms and Conditions

By submitting you agree to the Terms and Conditions below. Please read and accept these terms by inserting your name in the appropriate area, otherwise your application will be considered incomplete and returned to you.

Grant of Copyright Use

I warrant that the above work has not been previously published elsewhere, or if it has, that I have obtained permission for its publication Aries Security, LLC. and that I will promptly supply Aries Security, LLC. with wording for crediting the original publication and copyright owner. If I am selected for presentation, I hereby give Aries Security, LLC. permission to duplicate, record and redistribute this presentation, which includes, but is not limited to, the conference proceedings, conference CD, video, audio, and hand-outs to the conference attendees for educational, on-line, and all other purposes.

Terms of Speaking Requirements

1. I will submit a completed (and possibly updated) presentation and a reference to all of the tool(s), law(s), Web sites and/or publications referenced to at the end of my talk and as described in this CFW submission by noon PST, July 15, 2020.

2. I will submit a final Abstract and Biography to the Wall of Sheep by noon PST, July 15, 2020.

3. I will include a detailed bibliography as either a separate document or included within the presentation of all resources cited and/or used in my presentation.

4. I will complete my presentation within the time allocated to me - not running over the time allocation.

Yes, I, (insert primary speaker name), have read and agree to the Grant of Copyright Use.

I, (insert your name here), have read and understand and agree to the terms as detailed in the Agreement to Terms of Speaking Requirements.

In the case that a speaker is a child under the age of 13 years old: in compliance with the Children's Online Privacy Protection Act (COPPA) regulations, http://www.coppa.org, any child under age 13 must have parental consent for the collection, use, or disclosure of that child's personal information by a website. Parent/Guardian Consent: I (insert parent/guardian's name here) am the parent or guardian of the minor/s named above. I have read and understand and agree to the terms as detailed in the Agreement to Terms of Speaking Requirements.

Overview

The Wall of Sheep would like to announce a call for virtual presentations from Thursday, August 6th to Sunday, August 9th. Packet Hacking (Virtual) Village Talks goal is to deliver talks that increase security awareness and provide skills that can be immediately applied after the conference. Our audience ranges from those who are new to security to the most seasoned practitioners in the security industry. Introductory talks are welcome.

Topics of interest include:

• Tools and techniques on network sniffing, intrusion detection, monitoring, forensics, log analysis
• General Digital Forensics and Incident Response (DFIR) talks
• Threat hunting
• Incident response process and procedures and/or recovery
• Hands-on spy level makup art (e.g., wigs, prosthetic noses, etc.)
• How to do refresh your system without losing all your stuff and eliminate malware
• Setting up cloud backups that withstand ransomware attacks
• How to justify hacking / security tools in the corporate world
• How to use regulatory compliance requirements in your favor to enhance your overall funding and security posture
• Security awareness program success and failure stories
• Tools for data collection and visualization
• Purple and blue teaming
• Business continuity planning for cyber war

The Wall of Sheep will not accept product or vendor related pitches. If your talk is a thinly-veiled advertisement for a product or service your company is offering, please do not apply!

All accepted talks will be announced, recorded, and published by Aries Security, LLC. Please see our YouTube channel for all talks from previous years: https://www.youtube.com/channel/UCnL9S5Wv_dNvO381slSA06w.

The Call for Presentations will close on Friday, June 26th at 11:59 PM PDT. The list of talks will be finalized and published on Wednesday, July 15th.

Speaking Format

Each presentation slot is 1 hour maximum, including time for Q&A. If we have time and it is in line with our goals mentioned above, then there is a good chance you will be selected.

To submit a presentation, please provide the following information in the form below to cfp2020[at]wallofsheep[dot]com

Primary Speaker Name:

Primary Speaker Title and Company (if applicable):

Primary Speaker Email Address:

Primary Speaker Phone Number (to contact you if necessary during the conference):

Primary Speaker Twitter name (if you want it known if you are accepted):

Additional Speakers' name(s), titles, and social information:

Additional Email Addresses:

Is there a specific day or time you MUST speak by?

Name of Presentation:

Length of presentation: (20 minutes or 50 minutes)

Abstract (100 words MAXIMUM, absolutely necessary):

Your abstract will be used for the website. Summarize what your presentation will cover. Attendees will read this to get an idea of what they should know before your presentation, and what they will learn after. Use this to inform about how technical your talk is. This abstract is the primary way people will be drawn to your session. CFP reviews like to see what tools will be used and what materials you suggest to read in advance to get the most out of your presentation.

Speaker's Bio(s):

This text will be used for the website and printed materials and should be written in the third person. Cover any professional history that is relevant to the presentation, including past jobs, tools that you have written, etc. Let people know who you are and why you are qualified to speak on your topic. Presentations that are submitted without biographies will not be considered.

Detailed Outline:

You must provide a detailed outline containing the main points and navigation through your talk. Show how you intend to begin, where you intend to lead the audience and how you plan to get there. The outline may be provided in a separate attachment and may be as simple as a text file or as detailed as a "bare bones" presentation. The better your outline then the better we are able to best review your presentation against other submissions (and the higher chance you have of being accepted). SUBMISSION NOTE: Presentations that are submitted without abstracts, outlines, or speaker bios (e.g., that have only PDFs, PPTs, or white papers attached or only point to a URL) will not be considered.

Supporting File(s):

Additional supporting materials such as code, white papers, proof of concept, etc. must be sent along with this email to cfp2020[at]wallofsheep[dot]com to be considered. Note that additional files that may help in the selection process should be included. We are not asking for a complete presentation for this initial submission. That will only be required if you are selected for presenting.

Terms and Conditions

By submitting you agree to the Terms and Conditions below. Please read and accept these terms by inserting your name in the appropriate area, otherwise your application will be considered incomplete and returned to you.

Grant of Copyright Use

I warrant that the above work has not been previously published elsewhere, or if it has, that I have obtained permission for its publication Aries Security, LLC. and that I will promptly supply Aries Security, LLC. with wording for crediting the original publication and copyright owner. If I am selected for presentation, I hereby give Aries Security, LLC. permission to duplicate, record and redistribute this presentation, which includes, but is not limited to, the conference proceedings, conference CD, video, audio, and hand-outs to the conference attendees for educational, on-line, and all other purposes.

Terms of Speaking Requirements

1. I will submit a completed (and possibly updated) presentation and a reference to all of the tool(s), law(s), Web sites and/or publications referenced to at the end of my talk and as described in this CFP submission by noon PST, Wednesday, July 15th, 2020.

2. I will submit a final Abstract and Biography to the Wall of Sheep by noon PST, Wednesday, July 15th, 2020.

3. I will include a detailed bibliography as either a separate document or included within the presentation of all resources cited and/or used in my presentation.

4. I will complete my presentation within the time allocated to me - not running over the time allocation.

I, (insert your name here), have read and understand and agree to the terms as detailed in the Agreement to Terms of Speaking Requirements. In the case that a speaker is a child under the age of 13 years old: in compliance with the Children's Online Privacy Protection Act (COPPA) regulations, http://www.coppa.org, any child under age 13 must have parental consent for the collection, use, or disclosure of that child's personal information by a website. Parent/Guardian Consent: I (insert parent/guardian's name here) am the parent or guardian of the minor/s named above. I have read and understand and agree to the terms as detailed in the Agreement to Terms of Speaking Requirements.

Overview

The Wall of Sheep would like to announce a call for Workshops at DEF CON 28 in Las Vegas, NV from Thursday, August 6th to Sunday, August 9th. The Packet Hacking Village Workshop's goal is to deliver hands-on training sessions that increase security awareness and provide skills that can be immediately applied after the conference. Our audience ranges from those who are new to security to the most seasoned practitioners in the security industry. Introductory workshops are welcome! A very nominal fee will be charged for advanced registration of these workshops. However, all proceeds will go directly to Hackers for Charity. This is your chance to give back to the community in multiple ways!

The hands-on workshops area will have 40 computers pre-loaded with the necessary tools so attendees will not need to bring their own laptop. There will be one computer available for the presenter that is a mirror of the attendees. The mirror laptop will be displayed on one screen; a second projected display and hookups is available for you to present your material. We will be able to pre-load any software (within reason) including one virtual machine for your presentation. The computers will boot Kali Linux. While network access is available to all machines, it should not be relied upon for your presentation... this is DEF CON after all. :)

Topics of interest include:

• Tools for Network sniffing, intrusion detection, monitoring, reverse engineering, forensics, penetration testing, data collection and visualization
• Purple teaming
• Secure Software Development
• Training in hacking/security tools and their usage in the corporate world
• Programming for security practitioners
• Tool/task automation and optimization
• Incident response process and procedures

The Wall of Sheep will not accept product or vendor related pitches. If your content is a thinly-veiled advertisement for a product or service your company is offering, please do not apply!

The Call for Workshops will close on Friday, June 12th at 11:59 PM PDT. The list of talks will be finalized and published on Friday, June 26th.

Speaking Format

Each teaching slot is 1, 1.5 or 2 hours maximum, including time for Q&A. If we have time and it is in line with our goals mentioned above, then there is a good chance you will be selected.

To submit a workshop, please provide the following information in the form below to cfw2020[at]wallofsheep[dot]com

Primary Speaker Name:

Primary Speaker Title and Company (if applicable):

Primary Speaker Email Address:

Primary Speaker Phone Number (to contact you if necessary during the conference):

Primary Speaker Twitter name (if you want it known if you are accepted):

Additional Speakers' name(s), titles, and social information:

Additional Email Addresses:

Is there a specific day or time you MUST speak by?

Name of Workshop:

Length of Workshop:

(1, 1.5, or 2 hours)

How many VMs do you require on each student's laptop?

(0, 1, 2, 3+, unknown)

Abstract:

Your abstract will be used for the website and printed materials. Summarize what your workshop will cover. Attendees will read this to get an idea of what they should know before your presentation, and what they will learn after. Use this to inform about how technical your talk is. This abstract is the primary way people will be drawn to your session. CFW reviewers like to see what tools will be used and what materials you suggest to read in advance to get the most out of your presentation.

Equipment Needs & Special Requests:

The Wall of Sheep will provide laptops pre-loaded with software for the attendees, you will have 1 projected laptop setup the same as the attendees for demonstration, 1 projector feed for your laptop/material, and microphones. The laptops will boot Kali; please let us know if there is any software you will need pre-loaded on the workshop laptops. If you have a VM, please make sure it works with VirtualBox. One month before DEF CON, you will be asked to provide all software so it can be pre-loaded on the systems. Changes to your software configuration cannot be made after this time or during the conference.  We cannot accept workshops that require multiple VMs to be running simultaneously.

Speaker's Bio(s):

This text will be used for the website and printed materials and should be written in the third person. Cover any professional history that is relevant to the presentation, including past jobs, tools that you have written, etc. Let people know who you are and why you are qualified to speak on your topic. Presentations that are submitted without biographies will not be considered.

Detailed Outline:

You must provide a detailed outline containing the main points and navigation through your workshop. Show how you intend to begin, where you intend to lead the audience and how you plan to get there. The outline may be provided in a separate attachment and may be as simple as a text file or as detailed as a "bare bones" presentation. The better your outline then the better we are able to best review your presentation against other submissions (and the higher chance you have of being accepted). SUBMISSION NOTE: Presentations that are submitted without abstracts, outlines, or speaker bios (e.g., that have only PDFs, PPTs, or white papers attached or only point to a URL) will not be considered.

Supporting File(s):

Additional supporting materials such as code, white papers, proof of concept, etc. should be sent along with this email to cfw2020[at]wallofsheep[dot]com. Note that additional files that may help in the selection process should be included. We are not asking for a complete presentation for this initial submission. That will only be required if you are selected for presenting.

Note:

Attendees will be allowed to pre-register for the workshop prior to DEF CON; there will be a small charge with the proceeds going to a charity of the Packet Hacking Village's choice.

Terms and Conditions

By submitting you agree to the Terms and Conditions below. Please read and accept these terms by inserting your name in the appropriate area, otherwise your application will be considered incomplete and returned to you.

Grant of Copyright Use

I warrant that the above work has not been previously published elsewhere, or if it has, that I have obtained permission for its publication Aries Security, LLC. and that I will promptly supply Aries Security, LLC. with wording for crediting the original publication and copyright owner. If I am selected for presentation, I hereby give Aries Security, LLC. permission to duplicate, record and redistribute this presentation, which includes, but is not limited to, the conference proceedings, conference CD, video, audio, and hand-outs to the conference attendees for educational, on-line, and all other purposes.

Terms of Speaking Requirements

1. I will submit a completed (and possibly updated) presentation and a reference to all of the tool(s), law(s), Web sites and/or publications referenced to at the end of my talk and as described in this CFW submission by noon PST, June 30th, 2020.

2. I will submit a final Abstract and Biography to the Wall of Sheep by noon PST, June 30th, 2020.

3. I will include a detailed bibliography as either a separate document or included within the presentation of all resources cited and/or used in my presentation.

4. I will complete my presentation within the time allocated to me - not running over the time allocation.

5. I understand that the Wall of Sheep will provide 1 Laptop pre-loaded with software with a projector feed, 1 LCD projector feed, and microphones. I understand that I am responsible for providing all other necessary equipment, including laptops and machines (with VGA output), to complete my presentation.

6. I understand that I will be responsible for my own hotel and travel expenses, and admissions to the DEF CON Conference.

Yes, I, (insert primary speaker name), have read and agree to the Grant of Copyright Use.

I, (insert your name here), have read and understand and agree to the terms as detailed in the Agreement to Terms of Speaking Requirements.

In the case that a speaker is a child under the age of 13 years old: in compliance with the Children's Online Privacy Protection Act (COPPA) regulations, http://www.coppa.org, any child under age 13 must have parental consent for the collection, use, or disclosure of that child's personal information by a website. Parent/Guardian Consent: I (insert parent/guardian's name here) am the parent or guardian of the minor/s named above. I have read and understand and agree to the terms as detailed in the Agreement to Terms of Speaking Requirements.