First Videos From 44CON 2018 Up

For a long time we used to sell access to videos on Vimeo. Recently we moved back to making videos freely available on YouTube. Due to some last minute issues with 2018 we had to do a bit more work to get the 2018 videos to a point we were happy with. However, in 2019 the wonderful Ministraitor will be supporting our videos, and we’ll be able to provide them for free from now on. The first 5 videos from 2018’s 44CON are now ready to go, so read on for the vids and our thoughts. Continue reading “First Videos From 44CON 2018 Up”

Building an AWS and Azure security training platform

This is a guest post by one of our trainers, Paul Schwarzenberger. Paul is running the fantastic Cloud Security and Devops training course this June. He also has a blog where he talks about AWS, Cloud Security and DevOps. This is part of a series on how he’s built a platform to make things easier for those attending his training. Thanks, Paul!

Part 1 – Proof of Concept

The Cloud Security and DevSecOps training course I’m delivering for 44CON in June includes AWS, Azure and GitHub accounts which the students use so they don’t need to create their own.

Wouldn’t it be great if students could turn up with any laptop, or even an iPad, and do the course. And the time spent on the labs would be used to learn about cloud security and DevSecOps, not debugging software installation issues.

Continue reading “Building an AWS and Azure security training platform”

Hacking 44CON’s Pricing Model (5 Different Ways)

It seems like it was only two weeks ago when we announced the early bird tickets, but sadly all 50 have been snapped up. Still, being the great folks we are, we wanted to show you 5 different ways to hack the 44CON ticket pricing model because, well, basically we’re good guys like that. After all, we taught you how to game the 44CON CFP and that worked well. In the words of every security researcher everywhere, “What could possibly go wrong?” Continue reading “Hacking 44CON’s Pricing Model (5 Different Ways)”

44CON 2019 CFP Now Open

The Call For Papers for 44CON 2019 is now open. Submissions will be gratefully received on our CFP System. We’re interested in receiving submissions for workshops and talks.

The CFP covers our two dedicated talk tracks and our workshop track. There will also be an expo track in our village hall, as well as events in the mental health hackers village, and the village pub including the ManyHats club meetup on the Thursday evening, but these are not covered by the CFP process.

Talking slots are 45 minutes long, while workshops are 1 or 2 hours in length. Each submitter will receive individually collated and hand-typed artesanal feedback from Steve, our blackmailCFP admin via email.

As usual, speakers from outside of Fulham, Putney or Zone 1 will have their travel and accommodation covered by us. Our CFP notice below provides further details on how this all works, and what accepted speakers receive. If you’re interested in submitting, read the CFP notice below, and check out our 2017 guide to gaming the 44CON CFP.

44CON is the UK's premier annual technical security conference and training event. From the evening of the
11th of September till the 13th of September 2019, expect a top-tier international technical conference
with fast wifi, loose 0day, a village pub and of course, Gin O'Clock.

       __ __  __ __  __________  _   __   
      / // / / // / / ____/ __ \/ | / / | "You can hack us
     / // /_/ // /_/ /   / / / /  |/ /  |  You can breach us
    /__  __/__  __/ /___/ /_/ / /|  /   |  But you'll have to answer to
      /_/    /_/  \____/\____/_/ |_/    |  Oh, the pwns of Brompton"

-o-     Straight Outta Brompton     -o- | 11th - 13th September 2019
-o- As monitored by the famous GCHQ -o- | ILEC, 47 Lillie Rd, London SW6 1UD

]-- 44CON 2019 Call For Papers

Tickets *available now*:

This is the Call for Papers for the 9th Annual 44CON security conference, held from the 11th to 13th of
September, 2019. We invite jaded cynics, pessimists, optimists and opportunists to come together and join
our broad church where the latest research of the day will be discussed, debated and debased.

44CON has two main talk tracks, a workshop track and several breakout areas including a village hall expo
track, a mental health village and a village pub. Additionally, 44CON will host the ManyHats Club meetup
on the evening of Thursday 12th September, which will feature it's own talks. The CFP covers the two main
talks and workshop tracks only.

Submissions for technical and infosec professional presentations & workshops will be accepted. Presentations
are 45 minutes long with 5 minutes for Q&A. Workshops are 1-2 hours long including setup/breakdown time.

* A presentation on the main tracks is in front of a seated audience.
* A Workshop is like a mini training course - e.g. a 2 hour walk through Windows Kernel internals and local
privilege escalation opportunities.

Talks are filmed. Workshops are not.

This is NOT a call for training. Training takes place separately, see here for details:
44CON Training
At the time of writing September's training slots are full, but we are accepting expressions of interest for our December and Spring 2020 training sessions. ]-- Submissions Submissions should be sent via the CFP website Submissions sent via email, post or RFC1149 compliant avian carrier will not be accepted. In particular, we are looking for original talks of the highest quality in the following (but not exclusive) areas: * Offensive security talks for the advanced Pentester or Red Teamer * Defensive talks for SOC analysts, threat hunters or enthusiastic amateur defenders * Talks on bugs, bug classes, finding and fixing security bugs * Incident Handling, Forensics and Anti-Forensics * Virtualisation, Container and Cloud Computing Security * Cryptography, Cryptocurrencies, Cryptozoology and other Crypto-fu * Hardware attacks and defence tools, techniques and practices * Application and Mobile Security * Networking, Comms, Critical National Infrastructure (CNI) * Cyberspace, Policing, Law, Interception and Human Rights Note: this is not an exhaustive list. If you have what you think is a good talk proposal, please submit it through the CFP system. Priority is generally given to new presentations over those presented elsewhere. If you have a presentation that you have given or will give elsewhere prior to 44CON London in September and wish to submit, please let us know in your submission, and inform us of any changes you intend to make for 44CON London. If your talk or workshop is new, please let us know the details of other conference(s) to which you have or intend to submit through the CFP system. ]-- Maximising your odds of getting selected Some information on how our CFP process works is here:
The 44CON CFP just closed. You won’t believe what happens next.
Some tips on how to game the process are available here:
How to game the 44CON CFP
Your submission will be up against over 200 others competing for about 20 talking slots. Our 20 reviewers from around the globe vote based on what they can see. After the CFP closes, Steve collates the feedback and individually emails each submitter personally. We expect accepted submissions to score an *average* of 4.25/5 or higher. This means that perfectly good talks don't get selected. If this happens to you, please don't be upset. Not getting into 44CON is a badge of honour, and comes with (hopefully) useful feedback for you to try again some other time. ]-- Speaker McPrivilegesFace All speakers at 44CON London will be entitled to the following: * 2-3 nights accommodation (see below) * Breakfast & Lunch during conference * Love and TLC from our awesome speaker ops team * Event access for both days, all nights and pre/post event drinks * This year we're running a Speaker's English Wine tasting (yes, you read that right) session * We also have a small event on the Tuesday evening that speakers are welcome to attend Accepted primary presentation speakers get the following: * Paid travel (for primary speaker outside of Fulham, Putney or Central London) * 2 nights of accommodation for the primary speaker (normally the Wednesday and Thursday nights) Accepted primary presentation speakers also presenting a workshop get the following: * Paid travel (for primary speaker outside of Fulham, Putney or Central London) * 3 nights of accommodation for the primary speaker (normally the Wednesday,Thursday and Friday nights) Accepted primary workshop presenters without an associated talk get the following: * 2 nights of accommodation for the primary speaker (normally the Wednesday and Thursday nights) * Travel is not covered We welcome speakers of all genders, origins and physical abilities. If you have any particular requirements please tell us so we can accommodate them. We are a non-alcoholic, Coeliac, Vegan, Kosher, Halal and Gluten-free friendly event. Talks are to be delivered in English, only. Partners are welcome to come along and we're happy to help arrange for tourist things for you and your partners to do while in London. Please let us know should you want to do this, so we can make your time memorable. In 2018 we had speakers from the UK, Australia, China, the USA, South Africa, Europe, The Middle East and more. ]-- Submissions process Submit your CFP response at the CFP Site Submissions must be in English only. Please ensure that your home country is specified in your submission, so we know where to fly you in from. Please do not email or message the crew with submissions - they will not be accepted. If you are submitting a workshop proposal, please provide details of attendee requirements such as minimum technical knowledge, hardware/software required etc. ]-- Important dates * CFP Opens Thursday 26th February * CFP Closes 23:59:59 BST 30th April * First round speaker announcements start Monday 3rd June * Final Speaker announcements: Tuesday 18th June * Speaker flight details to be submitted by 19th July * Papers/Tools/Presentation Submission Deadline: Friday 30th August * 44CON London Training: 9th/10th/11th September * 44Café evening event: 10th September * 44CON London Conference: 11th, 12th and 13th September ]-- Other Information To find out more about 44CON London visit, follow us on twitter @44CON, or use the #44CON hashtag and take part in the discussion on Twitter. Tickets are available now from the main web site at For an idea of what to expect, watch some videos from previous 44CON Events at By agreeing to speak at 44CON 2019 you are granting Sense/Net Ltd (owners of 44CON) the rights to reproduce and distribute your presentation and recording (unless otherwise agreed in writing in advance of the event) including but not limited to, advertisements in various mediums and through partner sites and mediums. If you are not comfortable with this arrangement then this must be agreed with us in writing prior to the event. It is imperative that, once you have agreed to speak at 44CON London, you regularly monitor your nominated e-mail account, so that we can complete the necessary supporting activities such as booking flights, accommodation etc. Failure to to take reasonable steps to support us in minimising costs in these areas may result in your talk being withdrawn. .------------------------------------------------------------------------------. | | | Software Failure. Press left mouse button to continue. | | Guru Meditation #00070000.48454C50 | | | '------------------------------------------------------------------------------'


Win CRESTCon 2019 Tickets!

We’ve teamed up with CREST to give everyone the opportunity to win one of 5 (count ’em) CRESTCon 2019 tickets, worth £175 each. If you’ve never been, now’s your chance. If you’ve been before but don’t have a ticket, now’s your chance too!

CRESTCon is a one-day event organised by CREST, the international certification body for the technical information security market. This year’s CRESTCon is on March 14th at the Royal College of Physicians. If you’re on our 44CON training courses in the same week and/or are coming to 44CONnect, then this is a competition worth taking part in.

To win a CRESTCon ticket, all you need to do is make sure you’re signed up to our mailing list, and email from the address you’ve registered. To shamelessly stack the cards in favour of training attendees and early bird ticket holders, we’ve sliced our 5 ticket allocation the following way:

Some of the talks we’re most looking forward to at this year’s CRESTCon include:

  • Matt Lorentzen – Sheepl – Automating people for Red and Blue Team Tradecraft
  • Thomas V. Fischer – Building a Personal Data Focused Incident Response Plan to Address Breach Notification
  • Martin Jordan – Austerbury: Iranian cyber threat briefing

Winners will be chosen at random over the course of February. Get your entry in quick because like our early bird tickets, once they’re gone, they’re gone!

44CON 2019 Early-Bird Tickets are now on sale

Our 2019 Early bird tickets are now on sale. There are 50 early bird tickets available until March 11th. Once they’re gone, they’re gone. As usual, the early-bird prices still start at £299 inc. VAT, but there are also accommodation and t-shirt options available.

We’re trialling a small selection of cheap expo tickets providing limited event access with certain groups, and there will be pre-registered free evening event tickets. Early bird tickets are the cheapest fully catered, full access tickets you can get. If you want to see the talks, you want one of these.

As well as full access to 44CON, Early bird ticket holders can also ask for an invite to our 44CONnect event in London on the 13th of March. This invite-only event will take place the day before CRESTCon, and will feature talks from some of the trainers taking part in our quarterly training programme. Please make sure you mention 44CONnect on your booking, or contact us after booking if you’d like to come.

Book your tickets in our shop. If you’d like to book in bulk or through your employer, contact us to arrange an invoice.

44CONnect – A 1-day invite-only event in March 2019

44CONnect is a 1-day invite-only event taking place on the 13th of March, somewhere in London. The purpose of the day is to bring together people doing 44CON training, so they can connect with trainers and people on different courses. It’s our way of giving people who’ve attended our courses the chance to get a taste of upcoming training, and the opportunity to get some extra credit to take back to the office.

To qualify for an invite, you need to have done one of the following:

There are 20 tickets available, so make sure you qualify!

Our trainers from the last two days of training will deliver talks, as well as some of those delivering courses later this year. All of our training course delegates are invited, for whom lunch will be included. Early bird ticket holders invited to the event will have to buy their own lunch, as we can’t book it for them in advance.

There’ll be a special round of lightning talks for training delegates to deliver a short talk about something they learned on their course. Those speaking will get a small certificate of thanks that they can take back to the office.

Drinks have been organised for the evening, but we need to be in bed early for CRESTCon the next day.

*Early-bird ticket holders will be chosen at random throughout February, although unsubstantiated rumours abound that asking for an invite on your ticket order may drastically improve your chances…

44CON Training Goes Quarterly

We’ve offered training courses around 44CON for a long time. We provide a mix of high-end focused course on everything from exploiting Windows Kernel bugs to broader, more generalist courses on web application security and security monitoring. From this year onwards, we’re expanding this to a quarterly schedule.

That’s right, you no longer have to wait a year to sit a high quality training course!

Our 12 month schedule is available here, and you can check out our first courses scheduled for the 11th and 12th of March 2019:

Mastering Container Security – Rory McCune, NCC Group
Malware Reverse Engineering – Joxean Koret

Both courses are two-days long and cost £1300 inc. VAT. When you book online remember to keep the 13th of March free for access to an exclusive, invite-only event.

If you’d like to offer a high-end course in London, get in touch.

Advanced Wireless Attacks Against Enterprise Networks (Gabriel Ryan): Workshop Pre-Requisites

Lab Materials for Advanced Wireless Attacks Workshop
For those of you planning on attending the Advanced Wireless Attacks workshop tomorrow, we highly recommend downloading the course materials in advance. The workshop includes a course package that contains the following items:
  • A pre-configured Kali VM loaded with each of the tools you’ll be using during the workshop
  • A step-by-step lab setup guide
  • A detailed course guide to supplement the material covered in the workshop
Most of the hands-on exercises will take place inside of an Active Directory lab running on your laptop. If you plan on following along with the lab material, please try to get the lab up and running before the start of the session by following the steps in the setup guide. The lab setup process is mostly automated, but some of the files may take a while to download.
If you run into any issues setting up your lab environment, please do not hesitate to get in contact with the instructor at — he will be available today as well as early tomorrow morning to sort out any issues you may encounter.