News

	Friday, August 9th	Saturday, August 10th	Sunday, August 11th
10:00	some people playing music probably	TBD	CLOSED
11:00		phreakocious	kampf
12:00		Percent27	phreakocious
13:00	TBD	Tineh Nimjeh	TBD
14:00	Yesterday & Tomorrow		Closed for teardown.
15:00		tense future
16:00	Percent27
17:00	Icetre Normal	Icetre Normal
18:00	Yurk	Terrestrial Access Network

DJ Bios

phreakocious (@phreakocious, https://mixcloud.com/phreakocious)

phreakocious is just this guy, you know?

Yurk (@yurkmeister, https://soundcloud.com/yurkmeister)

DJ / Producer from San Juan, Puerto Rico. Now resides in Brooklyn, New York.

tense future (@tensefutur3, https://soundcloud.com/tensefuture)

Los Angeles, CA. The soundtrack to autonomous vehicle gridlock.

kampf (@nerd_show, https://www.mixcloud.com/NerdShow/)

Resident Chillout DJ with SomaFM on Fluid and DEF CON Radio. Vinyl hangover cure.

DJ %27 (@djpercent27, https://www.mixcloud.com/djpercent27)

DJing since the 80s, Performed at chill out and pool at DEFCON XX, XXI. DEFCON XXIII.

Tineh Nimjeh (@tinehnimjeh, https://soundcloud.com/tinehnimjeh)

With 20+ years djing, including residencies at various nightclubs, Tineh Nimjeh live sets will always get your body moving. Tineh is an active member of DC562, and works in Vulnerability Management.

Icetre Normal (https://www.facebook.com/icetre.normal/, https://soundcloud.com/icetre-normal)

Icetre has been dj'ing since defcon 13. One of Icetre's superpowers is rearranging space and time in the process of epic party creation. He isn't always available to chat, as he may be being smuggled past hotel security for his own safety. When not digging in the crate to field a request for Freebird, Icetre is usually being asked to turn down the volume on his house and electro beats.

Yesterday & Tomorrow (@wompapmow, https://soundcloud.com/tomorrow-yesterday)

DJ duo inspired by the masters, they seek to bring listeners on a journey ranging from the depths of techno to the expansive sounds of progressive house

Terrestrial Access Network (https://soundcloud.com/collinsullivan, https://soundcloud.com/shockedatmusic)

Classic Electro - "If network packets were to dance, they would surely dance to this..."

We’ve got some rules around here! The first run of 20 tickets for Reverse Engineering Malware 101 will start at 0900PDT on Saturday, July 13, 2019.  The next workshop’s ticket sales will start one hour later with each of the following workshop sales becoming available at the top of the next hour.  The second and the last run of 20 tickets will begin on Wednesday, July 17, 2019 at 1700PDT.

The Packet Hacking Village will be located at The Tower of Doom, 26th Floor at Bally's.

	Friday, August 9th	Saturday, August 10th	Sunday, August 11th
10:00	4 years and 10,000+ Hours Later: Lessons Learned from Running a National Penetration Testing Competition Tom Kopchak and Dan Borges	Hacking Corporate Org Socialization: One Day You Are Out and the Next Day You Pwn the Org! D9	Wi-Fi Threat Modeling and Monitoring Besim Altinok and Can Kurnaz
11:00	Hacking Kubernetes: Choose Your Own Adventure Style Jay Beale	Solving Crimes with Wireless GeoFencing and Multi-Zone Correlation Analytics Gleb Esman	Head in the Clouds Matt Nash
12:00	StegoAugmented Malware Mike Raggo and Chet Hosmer	"First-Try" DNS Cache Poisoning with IPv4 and IPv6 Fragmentation Travis Palmer and Brian Somers	CIRCO: [Cisco Implant Raspberry Controlled Operations] Emilio Couto
13:00	The Art of Detection Jay Dimartino	Phishing Freakonomics Russell Butturini	Augmenting the (Security) Onion: Facilitating Enhanced Detection and Response with Open Source Tools Wes Lambert
14:00	Bestsellers in the Underground Economy: Measuring Malware Popularity by Forum Winnona DeSombre		CLOSED
14:30	Hunting Certificates and Servers Sam Erb	Security to Make the CFO Happy Adam
15:00	Old Tech vs New Adversaries. Round 1... Fight! Joseph Muniz and Aamir Lakhani	Generating Personalized Wordlists With NLP by Analyzing Tweets Utku Sen
15:30		Sandbox Creative Usage For Fun and Pro...Blems Cesare Pizzi
16:00	Patching: It's Complicated Cheryl Biswas	(Re)Thinking Security Given the Spectre of a Meltdown (hold my beer) Jeff Man
17:00	Your Phone is Using Tor and Leaking Your PII Milind Bhargava and Adam Podgorski	State Sponsored Hacking: How to Intercept/Decrypt TLS Traffic and How to Prevent TLS Interception Attacks Chris Hanlon
18:00	Beyond Sandboxes. How to Execute IoT Malware and Analyze Its Evolution María José Erquiaga, Sebastian Garcia	Leveraging Passive Network Mapping with Raspberry Pi and Python Chet Hosmer
19:00		The Cyberlous Mrs. Maisel: A Comedic (and slightly terrifying) Introduction to Information Warfare Jessica "Zhanna" Malekos Smith

CIRCO - [Cisco Implant Raspberry Controlled Operations]

Emilio Couto, eKio Security

Designed under Raspberry Pi and aimed for Red Team Ops, we take advantage of “Sec/Net/Dev/Ops” enterprise tools to capture network credentials in a stealth mode. Using a low profile hardware & electronics camouflaged as simple network outlet box to be sitting under/over a desk. CIRCO include different techniques for network data exfiltration to avoid detection. This tool gather information and use a combination of honeypots to trick Automation Systems to give us their network credentials!

Emilio Couto (Twitter: @ekio_jp) is a Security Consultant with more than 20 years of experience in the network and security field. Born and raised in Argentina, he is currently located in Japan where multitasking between language, culture and technologies is a must. Over the last decade focusing mainly on Finance IT. In his spare time he enjoys playing with RFID, computers and home made IoT devices. Over the last 5 years presenting tools in conferences (Black Hat Asia, HITB, AV Tokyo and SECCON)

Generating Personalized Wordlists With NLP by Analyzing Tweets

Utku Sen, R&D Lead at Tear Security

Adversaries need to have a wordlist or combination-generation tool while conducting password guessing attacks. To narrow the combination pool, researchers developed a method named "mask attack" where the attacker needs to assume a password's structure. Even if it narrows the combination pool significantly, it can be still too large to use for online attacks or offline attacks with low hardware resources. Rhodiola tool is developed to narrow the combination pool by creating a personalized wordlist for target people. It finds interest areas of a given user by analyzing his/her tweets, and builds a personalized wordlist.

Utku Sen (Twitter: @utkusen) is a security researcher who is mostly focused on application security, network security and tool development. He presented his different tools and researches in Black Hat USA Arsenal, DEF CON Demo Labs and Packet Hacking Village in recent years. He's also nominated for Pwnie Awards on "Best Backdoor" category in 2016. He is currently working for Tear Security.

Leveraging Passive Network Mapping with Raspberry Pi and Python

Chet Hosmer, Owner of Python Forensics

Mapping of network assets and their behaviors is a vital step needed for the prevention and response to cyber-attacks. Today active tools like NMAP are used to discover network assets, however, these methods take a momentary snapshot of network devices. By passively monitoring network activity the discovery of rogue devices, aberrant behavior, and emerging threats is possible. This talk and demonstration will utilize a Raspberry Pi and a custom Python solution to map network assets and their behaviors and demonstration the identification of rogue devices and unauthorized behaviors.

Chet Hosmer (Twitter: @chethosmer) is an international author, educator & researcher, and founder of Python Forensics, Inc., a non-profit research institute focused on the collaborative development of open source investigative technologies using the Python programming language. Chet is also a Visiting Professor at Utica College in the Cybersecurity Graduate Program, where his research and teaching is focused on data hiding, active cyber defense and security of industrial control systems. Additionally, Chet is an Adjunct Professor at Champlain College in the Digital Forensics Graduate Program, where his research and teaching is focused on solving hard digital investigation problems using the Python programming language.

Bestsellers in the Underground Economy - Measuring Malware Popularity by Forum

Winnona DeSombre, Threat Intelligence Researcher at Recorded Future

While you can patch against malware infecting your tech stack or targeting your competitors, what about malware that hasn't been in the news? This presentation will cover what malware and tools are popular among underground forum members based on prevalence in forum ads, how malware presence differs between forums, and why understanding that difference matters.

Winnona DeSombre (Twitter: @__winn) is an Asia Pacific threat intelligence researcher at Recorded Future, focusing on Chinese underground hacking communities and East Asian cyber espionage campaigns. She was recently featured in Threatcare's "Tribe of Hackers" book, containing career advice from some of the world's best information security professionals.

Phishing Freakonomics

Russell Butturini

This presentation is the story of the success and failures of building a security awareness program at a Top 20 CPA firm, and finding "the hidden side" of why users fail phishing exercises (both simulated and not!). The presentation will cover how Elasticsearch was used to correlate awareness training, phishing test, and HR data together, examine real results from this work, and the improvements that were made to improve user awareness and reduce phishing related security incidents.

Russell Butturini (Twitter: @tcstoolhax0r) is head of information security for a top 20 CPA and financial services firm. He has authored tools for both red and blue teams with his C- and Python coding skills. His most popular tool, NoSQLMap, was featured in the Hacker Playbook 2.

Solving Crimes with Wireless GeoFencing and Multi-Zone Correlation Analytics

Gleb Esman, Senior Project Manager, Fraud Analytics and Research at Splunk Inc.

The presentation will introduce viewer to geofencing - the technique successfully used by law enforcement agencies to pinpoint suspects in an array of anonymous metadata coming from wireless devices. The presentation will teach viewer how to build such system from scratch using freely downloadable analytical tools. Different ways to visually define GeoFencing zones and investigation constraints will be explained. Samples of working scripts, search queries, data formats and working dashboard layouts will be provided.

Gleb Esman (Twitter: @gesman) helps to guide research, product planning and development efforts in the areas of fraud detection, data security analytics and investigations at Splunk Inc. Currently Gleb manages number of security projects in healthcare space such as drugs and opioids diversion platform and healthcare privacy monitoring platform. Before Splunk Gleb was engaged at Morgan Stanley overseeing fraud detection platform and enterprise wide data analytics systems within retail banking space. During his career, Gleb worked in a various positions at a number of enterprises involved in research and development of solutions against advanced malware and computer viruses as well as solutions for secure payments and data protection in e-commerce space. Gleb is an author of several patents in Deep Learning, Security, Behavior Biometrics and Healthcare Data Analytics.

StegoAugmented Malware

Mike Raggo, CSO at 802 Secure
Chet Hosmer, Owner of Python Forensics

As adversaries look for new methods of creating malware, steganography has seen a resurgence. In this session, we'll review this black art and uncover recent steganographic malware weaponizing techniques. We'll cover techniques that include file and image embedding techniques invisible to malware and intrusion detection systems, methods of exploiting weak networking protocols for covert communications, mischievous IoT devices, and cloud data hiding methods. But we don't stop there, our organic research has uncovered numerous other ways in which malware could be embedded in an effort to prepare threat researchers with the knowledge to improve their tools and fortify their networks.

Mike Raggo (Twitter: @DataHiding) is Chief Security Officer at 802 Secure and has over 20 years of security research experience. His current focus is wireless IoT threats impacting the enterprise. Michael is the author of "Mobile Data Loss: Threats & Countermeasures" and "Data Hiding" for Syngress Books, and contributing author for "Information Security the Complete Reference 2nd Edition". A former security trainer, Michael has briefed international defense agencies including the FBI and Pentagon, and is a frequent presenter at security conferences, including Black Hat, DEF CON, Gartner, DoD Cyber Crime, OWASP, HackCon, and SANS.

Chet Hosmer (Twitter: @chethosmer) is an international author, educator & researcher, and founder of Python Forensics, Inc., a non-profit research institute focused on the collaborative development of open source investigative technologies using the Python programming language. Chet is also a Visiting Professor at Utica College in the Cybersecurity Graduate Program, where his research and teaching is focused on data hiding, active cyber defense and security of industrial control systems. Additionally, Chet is an Adjunct Professor at Champlain College in the Digital Forensics Graduate Program, where his research and teaching is focused on solving hard digital investigation problems using the Python programming language.

Wi-Fi Threat Modelling and Monitoring (WiNT)

Besim Altinok, Barikat Internet Security
Can Kurnaz, Senior Cybersecurity Consultant at KPMG Netherlands

With the widespread use of wireless Internet access, we see that the use of portable technologies is rapidly increasing. Increasing public networks and facilitating access to these networks have attracted the attention of attackers. Due to easy availability of mature honeypot creation tools, this attack is a slam dunk for even the most novice of Wi-Fi attackers. Enterprise security products have tried but failed to solve this problem with rule and lockdown based approaches. In this talk, we are going to tell a story experienced about Wi-Fi network attackers. We will practically demonstrate how using new detection and deception techniques we can make Wi-Fi clients and environmentally secure.

Besim Altinok (Twitter: @AltnokBesim) has been researching Wi-Fi security for over a decade. He created WiPi-Hunter project against Wi-Fi hackers. He is the author of a book on Wi-Fi security. Besim's work on wireless security has been published in ArkaKapi Magazine and others. He has also spoken at top conferences including BlackHat Europe, ASIA, Defcon, and others. Besim ALTINOK works currently at BARIKAT Internet Security in Turkey. Besim also founded Pentester Training project.

Can Kurnaz (Twitter: @0x43414e) is conducting penetration tests from internet and internal networks to web-based applications, network infrastructures, wireless devices, IoT devices and operational technology infrastructures such as ICS/SCADA systems and components.

Warning for MetroPCS users! Identity thieves are targeting MetroPCS users by exploiting a poor security policy which is by default to use the users birth date as their 8 digit pin. With the string of recent data breaches, it is trivial for birthdays to be found on the internet making this a very weak authentication method.  The user is not required to change this & in some cases is not even aware that this is their password. The Thief then uses this information to perform a sim swap attack taking over the users phone service by having all communication sent to a sim card they control.

 

At this point the thief is able to use multiple financial institutions  (Paypal, Banks, Etc.) insecure password recovery mechanism to have a password rest link sent to the sim they now control. For Example, once Inside the users Paypal account they immediately change all account details, & transfer the entire account balance to a credit card they control.

 

MetroPCS users can defend themselves from this type of attack immediately by changing their 8 digit pin, or by contacting MetroPCS and having their account placed into high security mode. Doing the later will remove the 8 digit pin from the account, and in order to perform a sim swap the user will need to call in and provide a voice password. The caveat to enabling high security mode though, is that the user will no longer be able to use mymetropcs.com account as it only supports 8 digit pin passwords as a login credential.

 

The Wall of Sheep would like to announce a call for workshops at DEF CON 27 in Las Vegas, NV from Thursday, August 8th to Sunday, August 11th.. The Packet Hacking Village Workshop's goal is to deliver hands-on training sessions that increase security awareness and provide skills that can be immediately applied after the conference. Our audience ranges from those who are new to security to the most seasoned practitioners in the security industry. Introductory workshops are welcome! A very nominal fee will be charged for advanced registration of these workshops. However, all proceeds will go directly to Hackers for Charity. This is your chance to give back to the community in multiple ways!

The Wall of Sheep would like to announce a call for presentations at DEF CON 27 in Las Vegas, NV from Thursday, August 8th to Sunday, August 11th. Packet Hacking Village Talks goal is to deliver talks that increase security awareness and provide skills that can be immediately applied after the conference.