News

Packet Hacking Village Talks at DEF CON 28 Call for Presentations Now Open

Overview

The Wall of Sheep would like to announce a call for presentations at DEF CON 28 in Las Vegas, NV from Thursday, August 6th to Sunday, August 9th. Packet Hacking Village Talks goal is to deliver talks that increase security awareness and provide skills that can be immediately applied after the conference. Our audience ranges from those who are new to security to the most seasoned practitioners in the security industry. Introductory talks are welcome.

Topics of interest include:

  • Tools and techniques on network sniffing, intrusion detection, monitoring, forensics, log analysis
  • General Digital Forensics and Incident Response (DFIR) talks
  • Threat hunting
  • Incident response process and procedures and/or recovery
  • Hands-on spy level makup art (e.g., wigs, prosthetic noses, etc.)
  • How to do refresh your system without losing all your stuff and eliminate malware
  • Setting up cloud backups that withstand ransomware attacks
  • How to justify hacking / security tools in the corporate world
  • How to use regulatory compliance requirements in your favor to enhance your overall funding and security posture
  • Security awareness program success and failure stories
  • Tools for data collection and visualization
  • Purple and blue teaming
  • Business continuity planning for cyber war

The Wall of Sheep will not accept product or vendor related pitches. If your talk is a thinly-veiled advertisement for a product or service your company is offering, please do not apply!

All accepted talks will be announced, recorded, and published by Aries Security, LLC. Please see our YouTube channel for all talks from previous years: https://www.youtube.com/channel/UCnL9S5Wv_dNvO381slSA06w.

The Call for Presentations will close on Friday, June 12th at 11:59 PM PST. The list of talks will be finalized and published on Friday, June 28th.

Speaking Format

Each presentation slot is 1 hour maximum, including time for Q&A. If we have time and it is in line with our goals mentioned above, then there is a good chance you will be selected.

To submit a presentation, please provide the following information in the form below to cfp2020[at]wallofsheep[dot]com

Primary Speaker Name:

Primary Speaker Title and Company (if applicable):

Primary Speaker Email Address:

Primary Speaker Phone Number (to contact you if necessary during the conference):

Primary Speaker Twitter name (if you want it known if you are accepted):

Additional Speakers' name(s), titles, and social information:

Additional Email Addresses:

Is there a specific day or time you MUST speak by?

Name of Presentation:

Length of presentation: (20 minutes or 50 minutes)

Abstract (100 words MAXIMUM, absolutely necessary for printing purposes):

Your abstract will be used for the website and printed materials. Summarize what your presentation will cover. Attendees will read this to get an idea of what they should know before your presentation, and what they will learn after. Use this to inform about how technical your talk is. This abstract is the primary way people will be drawn to your session. CFP reviews like to see what tools will be used and what materials you suggest to read in advance to get the most out of your presentation.

Equipment Needs & Special Requests:

The Wall of Sheep will provide 1 projector feed, and microphones. If you need to use multiple outputs for a demo, please mention this below.

Speaker's Bio(s):

This text will be used for the website and printed materials and should be written in the third person. Cover any professional history that is relevant to the presentation, including past jobs, tools that you have written, etc. Let people know who you are and why you are qualified to speak on your topic. Presentations that are submitted without biographies will not be considered.

Detailed Outline:

You must provide a detailed outline containing the main points and navigation through your talk. Show how you intend to begin, where you intend to lead the audience and how you plan to get there. The outline may be provided in a separate attachment and may be as simple as a text file or as detailed as a "bare bones" presentation. The better your outline then the better we are able to best review your presentation against other submissions (and the higher chance you have of being accepted). SUBMISSION NOTE: Presentations that are submitted without abstracts, outlines, or speaker bios (e.g., that have only PDFs, PPTs, or white papers attached or only point to a URL) will not be considered.

Supporting File(s):

Additional supporting materials such as code, white papers, proof of concept, etc. must be sent along with this email to <strongcfp2020[at]wallofsheep[dot]com to be considered. Note that additional files that may help in the selection process should be included. We are not asking for a complete presentation for this initial submission. That will only be required if you are selected for presenting.

Terms and Conditions

By submitting you agree to the Terms and Conditions below. Please read and accept these terms by inserting your name in the appropriate area, otherwise your application will be considered incomplete and returned to you.

Grant of Copyright Use

I warrant that the above work has not been previously published elsewhere, or if it has, that I have obtained permission for its publication Aries Security, LLC. and that I will promptly supply Aries Security, LLC. with wording for crediting the original publication and copyright owner. If I am selected for presentation, I hereby give Aries Security, LLC. permission to duplicate, record and redistribute this presentation, which includes, but is not limited to, the conference proceedings, conference CD, video, audio, and hand-outs to the conference attendees for educational, on-line, and all other purposes.

Terms of Speaking Requirements

1. I will submit a completed (and possibly updated) presentation and a reference to all of the tool(s), law(s), Web sites and/or publications referenced to at the end of my talk and as described in this CFP submission by noon PST, June 26th, 2020.

2. I will submit a final Abstract and Biography to the Wall of Sheep by noon PST, June 26th, 2020.

3. I will include a detailed bibliography as either a separate document or included within the presentation of all resources cited and/or used in my presentation.

4. I will complete my presentation within the time allocated to me - not running over the time allocation.

5. I understand that the Wall of Sheep will provide 1 LCD projector feed, 2 screens, and microphones. I understand that I am responsible for providing all other necessary equipment, including laptops and machines (with VGA output), to complete my presentation.

6. I understand that I will be responsible for my own hotel and travel expenses, and admissions to the DEF CON Conference.

Yes, I, (insert primary speaker name), have read and agree to the Grant of Copyright Use.

I, (insert your name here), have read and understand and agree to the terms as detailed in the Agreement to Terms of Speaking Requirements. In the case that a speaker is a child under the age of 13 years old: in compliance with the Children's Online Privacy Protection Act (COPPA) regulations, http://www.coppa.org, any child under age 13 must have parental consent for the collection, use, or disclosure of that child's personal information by a website. Parent/Guardian Consent: I (insert parent/guardian's name here) am the parent or guardian of the minor/s named above. I have read and understand and agree to the terms as detailed in the Agreement to Terms of Speaking Requirements.

Read more →

Our DJ Schedule at DEF CON 27

Friday, August 9th Saturday, August 10th Sunday, August 11th
10:00 some people playing music probably TBD CLOSED
11:00 phreakocious kampf
12:00 Percent27 phreakocious
13:00 TBD Tineh Nimjeh TBD
14:00 Yesterday & Tomorrow Closed for teardown.
15:00 tense future
16:00 Percent27
17:00 Icetre Normal Icetre Normal
18:00 Yurk Terrestrial Access Network

DJ Bios

phreakocious (@phreakocious, https://mixcloud.com/phreakocious)

phreakocious is just this guy, you know?

Yurk (@yurkmeister, https://soundcloud.com/yurkmeister)

DJ / Producer from San Juan, Puerto Rico. Now resides in Brooklyn, New York.

tense future (@tensefutur3, https://soundcloud.com/tensefuture)

Los Angeles, CA. The soundtrack to autonomous vehicle gridlock.

kampf (@nerd_show, https://www.mixcloud.com/NerdShow/)

Resident Chillout DJ with SomaFM on Fluid and DEF CON Radio. Vinyl hangover cure.

DJ %27 (@djpercent27, https://www.mixcloud.com/djpercent27)

DJing since the 80s, Performed at chill out and pool at DEFCON XX, XXI. DEFCON XXIII.

Tineh Nimjeh (@tinehnimjeh, https://soundcloud.com/tinehnimjeh)

With 20+ years djing, including residencies at various nightclubs, Tineh Nimjeh live sets will always get your body moving. Tineh is an active member of DC562, and works in Vulnerability Management.

Icetre Normal (https://www.facebook.com/icetre.normal/, https://soundcloud.com/icetre-normal)

Icetre has been dj'ing since defcon 13. One of Icetre's superpowers is rearranging space and time in the process of epic party creation. He isn't always available to chat, as he may be being smuggled past hotel security for his own safety. When not digging in the crate to field a request for Freebird, Icetre is usually being asked to turn down the volume on his house and electro beats.

Yesterday & Tomorrow (@wompapmow, https://soundcloud.com/tomorrow-yesterday)

DJ duo inspired by the masters, they seek to bring listeners on a journey ranging from the depths of techno to the expansive sounds of progressive house

Terrestrial Access Network (https://soundcloud.com/collinsullivan, https://soundcloud.com/shockedatmusic)

Classic Electro - "If network packets were to dance, they would surely dance to this..."

Read more →

Packet Hacking Village Workshops Tickets Sales

We’ve got some rules around here! The first run of 20 tickets for Reverse Engineering Malware 101 will start at 0900PDT on Saturday, July 13, 2019.  The next workshop’s ticket sales will start one hour later with each of the following workshop sales becoming available at the top of the next hour.  The second and the last run of 20 tickets will begin on Wednesday, July 17, 2019 at 1700PDT.
Read more →

Packet Hacking Village Workshops at DEF CON 27 Finalized

The Packet Hacking Village will be located at The Tower of Doom, 26th Floor at Bally's.
Read more →

Packet Hacking Village Talks at DEF CON 27 Finalized

Friday, August 9th Saturday, August 10th Sunday, August 11th
10:00 4 years and 10,000+ Hours Later: Lessons Learned from Running a National Penetration Testing Competition
Tom Kopchak and Dan Borges
Hacking Corporate Org Socialization: One Day You Are Out and the Next Day You Pwn the Org!
D9
Wi-Fi Threat Modeling and Monitoring
Besim Altinok and Can Kurnaz
11:00 Hacking Kubernetes: Choose Your Own Adventure Style
Jay Beale
Solving Crimes with Wireless GeoFencing and Multi-Zone Correlation Analytics
Gleb Esman
Head in the Clouds
Matt Nash
12:00 StegoAugmented Malware
Mike Raggo and Chet Hosmer
"First-Try" DNS Cache Poisoning with IPv4 and IPv6 Fragmentation
Travis Palmer and Brian Somers
CIRCO: [Cisco Implant Raspberry Controlled Operations]
Emilio Couto
13:00 The Art of Detection
Jay Dimartino
Phishing Freakonomics
Russell Butturini
Augmenting the (Security) Onion: Facilitating Enhanced Detection and Response with Open Source Tools
Wes Lambert
14:00 Bestsellers in the Underground Economy: Measuring Malware Popularity by Forum
Winnona DeSombre
  CLOSED
14:30 Hunting Certificates and Servers
Sam Erb
Security to Make the CFO Happy
Adam
15:00 Old Tech vs New Adversaries. Round 1... Fight!
Joseph Muniz and Aamir Lakhani
Generating Personalized Wordlists With NLP by Analyzing Tweets
Utku Sen
15:30 Sandbox Creative Usage For Fun and Pro...Blems
Cesare Pizzi
16:00 Patching: It's Complicated
Cheryl Biswas
(Re)Thinking Security Given the Spectre of a Meltdown (hold my beer)
Jeff Man
17:00 Your Phone is Using Tor and Leaking Your PII
Milind Bhargava and Adam Podgorski
State Sponsored Hacking: How to Intercept/Decrypt TLS Traffic and How to Prevent TLS Interception Attacks
Chris Hanlon
18:00 Beyond Sandboxes. How to Execute IoT Malware and Analyze Its Evolution
María José Erquiaga, Sebastian Garcia
Leveraging Passive Network Mapping with Raspberry Pi and Python
Chet Hosmer
19:00 The Cyberlous Mrs. Maisel: A Comedic (and slightly terrifying) Introduction to Information Warfare
Jessica "Zhanna" Malekos Smith
Read more →

Few More Accepted Packet Hacking Village Talks At DEF CON 27 Announced

CIRCO - [Cisco Implant Raspberry Controlled Operations]

Emilio Couto, eKio Security

Designed under Raspberry Pi and aimed for Red Team Ops, we take advantage of “Sec/Net/Dev/Ops” enterprise tools to capture network credentials in a stealth mode. Using a low profile hardware & electronics camouflaged as simple network outlet box to be sitting under/over a desk. CIRCO include different techniques for network data exfiltration to avoid detection. This tool gather information and use a combination of honeypots to trick Automation Systems to give us their network credentials!

Emilio Couto (Twitter: @ekio_jp) is a Security Consultant with more than 20 years of experience in the network and security field. Born and raised in Argentina, he is currently located in Japan where multitasking between language, culture and technologies is a must. Over the last decade focusing mainly on Finance IT. In his spare time he enjoys playing with RFID, computers and home made IoT devices. Over the last 5 years presenting tools in conferences (Black Hat Asia, HITB, AV Tokyo and SECCON)

Generating Personalized Wordlists With NLP by Analyzing Tweets

Utku Sen, R&D Lead at Tear Security

Adversaries need to have a wordlist or combination-generation tool while conducting password guessing attacks. To narrow the combination pool, researchers developed a method named "mask attack" where the attacker needs to assume a password's structure. Even if it narrows the combination pool significantly, it can be still too large to use for online attacks or offline attacks with low hardware resources. Rhodiola tool is developed to narrow the combination pool by creating a personalized wordlist for target people. It finds interest areas of a given user by analyzing his/her tweets, and builds a personalized wordlist.

Utku Sen (Twitter: @utkusen) is a security researcher who is mostly focused on application security, network security and tool development. He presented his different tools and researches in Black Hat USA Arsenal, DEF CON Demo Labs and Packet Hacking Village in recent years. He's also nominated for Pwnie Awards on "Best Backdoor" category in 2016. He is currently working for Tear Security.

Leveraging Passive Network Mapping with Raspberry Pi and Python

Chet Hosmer, Owner of Python Forensics

Mapping of network assets and their behaviors is a vital step needed for the prevention and response to cyber-attacks. Today active tools like NMAP are used to discover network assets, however, these methods take a momentary snapshot of network devices. By passively monitoring network activity the discovery of rogue devices, aberrant behavior, and emerging threats is possible. This talk and demonstration will utilize a Raspberry Pi and a custom Python solution to map network assets and their behaviors and demonstration the identification of rogue devices and unauthorized behaviors.

Chet Hosmer (Twitter: @chethosmer) is an international author, educator & researcher, and founder of Python Forensics, Inc., a non-profit research institute focused on the collaborative development of open source investigative technologies using the Python programming language. Chet is also a Visiting Professor at Utica College in the Cybersecurity Graduate Program, where his research and teaching is focused on data hiding, active cyber defense and security of industrial control systems. Additionally, Chet is an Adjunct Professor at Champlain College in the Digital Forensics Graduate Program, where his research and teaching is focused on solving hard digital investigation problems using the Python programming language.

Read more →

First Batch of Accepted Packet Hacking Village Talks at DEF CON 27 Announced

Bestsellers in the Underground Economy - Measuring Malware Popularity by Forum

Winnona DeSombre, Threat Intelligence Researcher at Recorded Future

While you can patch against malware infecting your tech stack or targeting your competitors, what about malware that hasn't been in the news? This presentation will cover what malware and tools are popular among underground forum members based on prevalence in forum ads, how malware presence differs between forums, and why understanding that difference matters.

Winnona DeSombre (Twitter: @__winn) is an Asia Pacific threat intelligence researcher at Recorded Future, focusing on Chinese underground hacking communities and East Asian cyber espionage campaigns. She was recently featured in Threatcare's "Tribe of Hackers" book, containing career advice from some of the world's best information security professionals.

Phishing Freakonomics

Russell Butturini

This presentation is the story of the success and failures of building a security awareness program at a Top 20 CPA firm, and finding "the hidden side" of why users fail phishing exercises (both simulated and not!). The presentation will cover how Elasticsearch was used to correlate awareness training, phishing test, and HR data together, examine real results from this work, and the improvements that were made to improve user awareness and reduce phishing related security incidents.

Russell Butturini (Twitter: @tcstoolhax0r) is head of information security for a top 20 CPA and financial services firm. He has authored tools for both red and blue teams with his C- and Python coding skills. His most popular tool, NoSQLMap, was featured in the Hacker Playbook 2.

Solving Crimes with Wireless GeoFencing and Multi-Zone Correlation Analytics

Gleb Esman, Senior Project Manager, Fraud Analytics and Research at Splunk Inc.

The presentation will introduce viewer to geofencing - the technique successfully used by law enforcement agencies to pinpoint suspects in an array of anonymous metadata coming from wireless devices. The presentation will teach viewer how to build such system from scratch using freely downloadable analytical tools. Different ways to visually define GeoFencing zones and investigation constraints will be explained. Samples of working scripts, search queries, data formats and working dashboard layouts will be provided.

Gleb Esman (Twitter: @gesman) helps to guide research, product planning and development efforts in the areas of fraud detection, data security analytics and investigations at Splunk Inc. Currently Gleb manages number of security projects in healthcare space such as drugs and opioids diversion platform and healthcare privacy monitoring platform. Before Splunk Gleb was engaged at Morgan Stanley overseeing fraud detection platform and enterprise wide data analytics systems within retail banking space. During his career, Gleb worked in a various positions at a number of enterprises involved in research and development of solutions against advanced malware and computer viruses as well as solutions for secure payments and data protection in e-commerce space. Gleb is an author of several patents in Deep Learning, Security, Behavior Biometrics and Healthcare Data Analytics.

StegoAugmented Malware

Mike Raggo, CSO at 802 Secure
Chet Hosmer, Owner of Python Forensics

As adversaries look for new methods of creating malware, steganography has seen a resurgence. In this session, we'll review this black art and uncover recent steganographic malware weaponizing techniques. We'll cover techniques that include file and image embedding techniques invisible to malware and intrusion detection systems, methods of exploiting weak networking protocols for covert communications, mischievous IoT devices, and cloud data hiding methods. But we don't stop there, our organic research has uncovered numerous other ways in which malware could be embedded in an effort to prepare threat researchers with the knowledge to improve their tools and fortify their networks.

Mike Raggo (Twitter: @DataHiding) is Chief Security Officer at 802 Secure and has over 20 years of security research experience. His current focus is wireless IoT threats impacting the enterprise. Michael is the author of "Mobile Data Loss: Threats & Countermeasures" and "Data Hiding" for Syngress Books, and contributing author for "Information Security the Complete Reference 2nd Edition". A former security trainer, Michael has briefed international defense agencies including the FBI and Pentagon, and is a frequent presenter at security conferences, including Black Hat, DEF CON, Gartner, DoD Cyber Crime, OWASP, HackCon, and SANS.

Chet Hosmer (Twitter: @chethosmer) is an international author, educator & researcher, and founder of Python Forensics, Inc., a non-profit research institute focused on the collaborative development of open source investigative technologies using the Python programming language. Chet is also a Visiting Professor at Utica College in the Cybersecurity Graduate Program, where his research and teaching is focused on data hiding, active cyber defense and security of industrial control systems. Additionally, Chet is an Adjunct Professor at Champlain College in the Digital Forensics Graduate Program, where his research and teaching is focused on solving hard digital investigation problems using the Python programming language.

Wi-Fi Threat Modelling and Monitoring (WiNT)

Besim Altinok, Barikat Internet Security
Can Kurnaz, Senior Cybersecurity Consultant at KPMG Netherlands

With the widespread use of wireless Internet access, we see that the use of portable technologies is rapidly increasing. Increasing public networks and facilitating access to these networks have attracted the attention of attackers. Due to easy availability of mature honeypot creation tools, this attack is a slam dunk for even the most novice of Wi-Fi attackers. Enterprise security products have tried but failed to solve this problem with rule and lockdown based approaches. In this talk, we are going to tell a story experienced about Wi-Fi network attackers. We will practically demonstrate how using new detection and deception techniques we can make Wi-Fi clients and environmentally secure.

Besim Altinok (Twitter: @AltnokBesim) has been researching Wi-Fi security for over a decade. He created WiPi-Hunter project against Wi-Fi hackers. He is the author of a book on Wi-Fi security. Besim's work on wireless security has been published in ArkaKapi Magazine and others. He has also spoken at top conferences including BlackHat Europe, ASIA, Defcon, and others. Besim ALTINOK works currently at BARIKAT Internet Security in Turkey. Besim also founded Pentester Training project.

Can Kurnaz (Twitter: @0x43414e) is conducting penetration tests from internet and internal networks to web-based applications, network infrastructures, wireless devices, IoT devices and operational technology infrastructures such as ICS/SCADA systems and components.

Read more →

Scammers emptying PayPal & Bank Accounts of MetroPCS customers!

Warning for MetroPCS users! Identity thieves are targeting MetroPCS users by exploiting a poor security policy which is by default to use the users birth date as their 8 digit pin. With the string of recent data breaches, it is trivial for birthdays to be found on the internet making this a very weak authentication method.  The user is not required to change this & in some cases is not even aware that this is their password. The Thief then uses this information to perform a sim swap attack taking over the users phone service by having all communication sent to a sim card they control.

 

At this point the thief is able to use multiple financial institutions  (Paypal, Banks, Etc.) insecure password recovery mechanism to have a password rest link sent to the sim they now control. For Example, once Inside the users Paypal account they immediately change all account details, & transfer the entire account balance to a credit card they control.

 

MetroPCS users can defend themselves from this type of attack immediately by changing their 8 digit pin, or by contacting MetroPCS and having their account placed into high security mode. Doing the later will remove the 8 digit pin from the account, and in order to perform a sim swap the user will need to call in and provide a voice password. The caveat to enabling high security mode though, is that the user will no longer be able to use mymetropcs.com account as it only supports 8 digit pin passwords as a login credential.

 

Read more →

Call for Workshops at Packet Hacking Village at DEF CON 27

The Wall of Sheep would like to announce a call for workshops at DEF CON 27 in Las Vegas, NV from Thursday, August 8th to Sunday, August 11th.. The Packet Hacking Village Workshop's goal is to deliver hands-on training sessions that increase security awareness and provide skills that can be immediately applied after the conference. Our audience ranges from those who are new to security to the most seasoned practitioners in the security industry. Introductory workshops are welcome! A very nominal fee will be charged for advanced registration of these workshops. However, all proceeds will go directly to Hackers for Charity. This is your chance to give back to the community in multiple ways!
Read more →

Packet Hacking Village Talks at DEF CON 27 Call for Presentations Now Open

The Wall of Sheep would like to announce a call for presentations at DEF CON 27 in Las Vegas, NV from Thursday, August 8th to Sunday, August 11th. Packet Hacking Village Talks goal is to deliver talks that increase security awareness and provide skills that can be immediately applied after the conference.
Read more →