• If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

  • Buried in cloud files? We can help with Spring cleaning!

    Whether you use Dropbox, Drive, G-Suite, OneDrive, Gmail, Slack, Notion, or all of the above, Dokkio will organize your files for you. Try Dokkio (from the makers of PBworks) for free today.

  • Dokkio (from the makers of PBworks) was #2 on Product Hunt! Check out what people are saying by clicking here.



Abstracts.pdf  - PDF Version



Identifying the Insider Threat

Duane Blanchard [@~ the Hun]


Some 97% of people are going to behave prosocially just because they're well adjusted, or paid attention through kindergarten, or don't have the skills to get away with something (and know they don't).

What about the remainder? How can one reliably determine who the inside threat is, or who is on the path to becoming a threat agent?

This short-format talk presents the different flavors of insider threats (self-motivated [acting out of perceived injustice, seeking adventure, impatient for promotion], externally motivated [recruited, coerced, ideological], and ), a few landmark case studies (Robert Hansen, ), and some recent ones (Ricky Joe Mitchell [Enervest, Home Depot], Timothy Lance Lai [school keylogging ring], Hieu Minh Ngo [Experian]), then describe the common patterns, potential tells, and possible interventions that might have obviated the threats in the case studies, and can mitigate the threats in our own environments.

These include, most importantly, deterrence, as well as heuristic behavior analysis, anomoly detection, the OODA loop, file integrity monitoring, permissions auditing, and mandatory time off.

The talk concludes with best practices in creating an insider threat program, and presents resources for implementation from Carnegie Melon University, the FBI, and other sources.

Note: this talk does not classify employees who are simply lazy, loose-lipped, technically inept, or otherwise act poorly without malicious intent as insider threats. There are compelling arguments against this; they will be presented, and refuted. Such "Trusted Unwitting Insiders" may cause great harm to an organization, but the strategies for identifying such employees are considerably different, and the potential harm is typically more tightly constrained.



How to Grow A Hacker

David Shaw @dshaw_


It’s hard to break into information security, but it can be even harder to improve your skills once you do. Despite being a competitive field, the infosec community is a very nurturing group -- if you know who to ask. This talk introduces the Information Security Growth Initiative (SecGrowth), a community-based effort to mentor new hackers, and to master more difficult topics from advanced colleagues. The talk will cover why a program like SecGrowth is necessary, how it’s being implemented, and how you can get involved.



Shoulda, Woulda, Coulda

Birgit Mullen


We read about breaches all the time in the news. They’re getting harder and harder to prevent. What does your organization need to do to prepare in case a breach happens? Incomplete preparation for security incident response can dramatically increase the impact to your business when trying to respond to an incident. Learn what are the key things you need to do in order to prepare for a timely response.



Council of Internet Wizards



Come discover what mysteries will be unfolded. The council convenes to discuss the important internet matters of the day.







It took months to years to discover BlackPoS/BackOff, Stuxnet, Duqu, Flamer and WinNTI. Why isn’t there anything that can detect advanced malware? Is there not a process to have caught Target, Neiman marcus and Home Depot? There is! This presentation will discuss the current state of malware, the problems with current detection, and provide a demonstration of the new free tool to show how the most advanced malware can now be detected with a simple scan. Detection of the Target and Home Depot malware will be shown.



ShellForth - Shell-code cross-compiler for Forth

Dave Weinstein (@dhw)


Forth. One of the oldest computer languages. Once a stalwart of the embedded software development world. Clearly the obvious choice for shellcode? Ok, probably not, but because a Forth virtual machine is so different from conventional code, compiled Forth code looks very foreign to reverse engineers familiar with conventional compilers or hand tuned assembly. This talk is a deep dive into what happens when you combine one of the oldest engineering principles (*) with a mis-spent youth as a Forth enthusiast. (**)

(*) "It seemed like a good idea at the time"
(**) Not necessarily the most exciting of mis-spent youth opportunities, admittedly



Attack ships on fire, C-beams glittering in the dark, and other things you people wouldn't believe


Andy Robbins @_wald0

We've... seen things... you people, may not believe. In this talk, we will share stories from the field based on a combined 6 years of pen-testing in the financial services industry. Our stories cover a wide range: funny, sad, mysterious, and even downright infuriating. Names, of course, will be changed to protect the ignorant.Depot malware will be shown.



Defensive talks NOT “sexy”? What’s sexier than catching an attack like Target, APT, SET or your Pen Tester? Let me show you some sexy logging



Lack of defensive talks at Cons and the misconception they are not “sexy” is why I believe our industry is failing and 5 or more years behind the hacker’s abilities. The hackers know what we know and capitalize on it. Isn’t it time to turn the tables? We need to improve our staff’s abilities and at Cons by doing more defensive talks that attendees can take back to their jobs and do, actionable take-aways, to keep their jobs.

This talk will focus on Windows systems and the Target breach by walking through the events generated by the BlackPoS/BackOff malware. It happens to mimic just about every attack we have seen as well, they don’t look much different when get to the logs of an attack. The take away; how an organization of any size can get started with Windows logging, what to monitor in order to alert and take action on a suspect breach. Even how to detect activity from Dave’s own SET Powershell execution will be discussed as well as a new logging feature in Windows 8.1.



Hands on Classes:




Joe FitzPatrick @securelyfitz

You can probably whip up to print “Hello World” or program a micro controller to flash an LED, but have you ever tried doing either by directly defining hardware logic?

This workshop is a series of exercises that will give you a basic understanding of what FPGAs are, how they work, and how to program them in Verilog. You will flash LEDs, display salutations, use switches and buttons as input, do some type conversion, and then implement a simple calculator.

All hardware and software is provided for use during the workshop. Understanding of basic binary algebra (AND, OR, NOT) is essential background.



Intro to Arduino


Matt DuHarte @Crypto_Monkey

Have you heard about Arduino and wondered if it is right for you maker and hacking needs? This course is a gentle introduction to using the Arduino in your own projects, it assumes no programming or electronics knowledge, just a curious mind and a love of blinking LEDs. We will introduce you to the Arduino IDA on Windows, Mac or Linux, take your choice. Each participant gets a kit of parts that contains all you need to get started on a variety of projects and the class has helpful TAs who can walk you through each project.



Getting Started Attacking USB

Matt DuHarte @Crypto_Monkey


Read about all the cools USB hacking going on and want to know how it is done? Getting started playing and fuzzing USB is not all that hard and we will show you how it is done. This course will get you started using inexpensive tools such as the facedancer21 board and open source code to fuzz any USB2 stack on your OS of choice. You don't even need to be able to write python to get started. This is a 3-4 hour class that will get you set up with -

1) an understanding of how USB works
2) a working setup using your own facedancer21 (Supplied with the course) to fuzz a USB software stack
3) some ideas about where to go next on a bug but not any hands on exploitation, we only fuzz for bugs



Comments (0)

You don't have permission to comment on this page.