Introducing 44CON’s House Rules

44CON was born out of a private event that Adrian and I used to occasionally get involved in organising. It was a close-knit group of people featuring deeply opinionated and often spectacularly drunk people who somehow mostly got along.

As 44CON grew, more people outside that group attended. The new people didn’t know about our overton window. These people paid good money for a good time, but were new to our community and we hadn’t provided guidance on what was acceptable behaviour, or how we handle concerns.

An event with talks about exploiting human and computer trust relationships tends towards some attendees holding unusual views about acceptable behaviour. To make things easier for everyone, we introduced Wheaton’s Law. For those that don’t know, it’s fairly easy to take on board:

“Don’t be a dick.”

For a long time “Don’t be a dick” was the only rule we had. Every year we’d review it, and every year it would stay.

We have had people breach the rule. We’ve had and investigated complaints. We stand by Wheaton’s law as it’s stood by us. What we haven’t done is properly track complaint resolution, and we hadn’t told people how to raise concerns. That’s why we’ve launched our House Rules. They’re not going to be perfect, but it’s a start.

The House Rules are simply an expansion of Wheaton’s Law. They set expectations, a reporting process and circumstances under which we’ll eject someone, along with a reminder that the laws of England and Wales may not match your own at home.

We’ve integrated feedback from event organisers up and down the country, and we’re fully open to suggestions on how to improve them for next year. To be clear, there’s no change in our expectations from previous years, only in how we communicate them.

If you’re coming to 44CON you’ll see the house rules in your brochure or you can read them now. Please take a moment to read them, as they apply to everyone. If you have any questions, suggestions or comments, use the email address on the House rules page before the event, or follow the procedure to report a concern once you’re there.

We want everyone to have a good time, regardless of preferred text editor, open source licensing beliefs or i/o port configuration. We hope you’ll join us and keep making 44CON a great place for everyone.

SteelCon2018 Tickets up for Grabs!

Ey up, We’ve got two SteelCon 2018 Tickets to give away. Make like a whippet and you too could be at Sheffield’s finest hacker conference!

Nah then, 44CON will be exhibiting at SteelCon in July 2018. We’re also running a soldering area and have stickers and reyt good goodies to grab! Even better, we have two tickets to give away! As lovely as it is, Sheffield is uphill both ways in the snow. If you’re heading up from that London, make sure you wrap up warm.

How to enter:

For a chance to win one of two SteelCon 2018 tickets all you have to do is this before the 31st of May 2018:

  1. Purchase a 44CON 2018 ticket
  2. Make sure you’re signed up to the 44CON mailing list (you can do this by ticking the relevant box when purchasing your ticket or here).

Obligatory fine print:

Don’t stress love, if you’ve already bought a  ticket and are signed up to our mailing list using the same email address for both, you’re already in the draw.
Winners will be contacted around the 4th of June 2018. If you would rather someone else had your SteelCon 2018 ticket just let us know and we’ll make it happen.
Marizel is running the draw, and her decision is final. She cannot be bribed with crisps, breadcakes, nor flat caps, although you’re welcome to try.

We’d love to see you at SteelCon!

If you’re planning to attend SteelCon 2018 please come over and say hi. We’ll be the ones selling 44CON tickets, sticking things to people and soldering to our <3’s content. The SteelCon team have two 44CON 2018 tickets to give away, so look out for a chance to win these too.

CRESTCon & IISP Congress 2018

44CON is exhibiting at CRESTCon & IISP Congress on 3rd May at theRoyal College of Physicians in London. Tickets are available now – www.crestandiisp.com

Now in its sixth year, CRESTCon and IISP Congress is a unique event that brings together leading technical and business information security professionals and is a key date in the industry calendar, attracting an impressive line-up of speakers and senior delegates.

This year it also welcomes the BCS Security Conference in the third stream. 2017’s event welcomed over 450 delegates, had three conference streams, a bookshop/meeting area, as well as expanded exhibition and demo areas and 2018 is building further on the success of these features. The length of the day is being increased to incorporate further networking and entertainment in response to the feedback received from delegates and sponsors.

Delegates at the event include senior security, risk and compliance managers from a wide range of public and private sector organisations, along with security consultants and business directors working in the technical information assurance and response industry.

If you’re attending, please stop by and say hello to Steve and Marizel!

44CON 2018 CFP Is Open!

We’re really excited to open our Call For Papers for 44CON 2018. We’re looking forward to seeing all of your submissions on our shiny new CFP system, which promises to be far less painful than the old one.

44CON consists of 2 dedicated speaking tracks, a dedicated workshop track and combined speaking/workshop track over the two days. Talks range from softer subjects in areas such as governance, law and policy through to reverse engineering, exploitation, tooling and abuse of weird machines. We also have an open evening freely accessible to all (but with pre-registration) on the Wednesday evening before the main event.

Talks are 45 minutes long, while workshops are 60-120 minutes in length. All submissions are welcome but some useful guidance on particular topics of interest can be found at the CFP submission system.

As usual, speakers from outside of Fulham, Putney or London Underground Zone 1 will have travel reimbursed. We’ll provide two nights accommodation for speakers or workshop presenters with more than an hour’s travel to a mainline London rail station. We’ll bump that to 3 nights accommodation for any accepted speaker providing a talk and a workshop.

If you’re interested in submitting something, we highly recommend reading last year’s How To Game The 44CON CFP blog post.

The CFP closes on Monday 30th April 2018 at 23:59pm UTC. We’ll start notifying speakers by the 4th of June and announce our first round of accepted speakers on the 6th of June at BSides London. Full details of dates can be found on the CFP system.

44CON 2017 Schedule Available.

Here you go folks the 44CON 2017 schedule is now available here.

Go take a look at all the wonderful talks and workshops we have lined up for you! As with all things the schedule could be subject to some last minute changes so make sure you keep an eye out on the day so you don’t miss out.

If you have’t got your ticket yet there are some still available here.

We look forward to seeing you all in September.

CTF 2017

This year we are delighted to announce that Immersive Labs will be running the 44CON 2017 CTF and they have some great challenges in store for you! Make sure you stop by and see them. 

They will make their platform available to all 44CON participants, enabling you to take on over 150 cyber security challenges during the conference. Immersive Labs exercises combine both CTF style and sign-posted challenges ranging from Beginner to Advanced. 

A real-time leaderboard will keep track of participants including the individual labs they’ve completed. Immersive Labs will be providing opportunities for the top 10 users to become “Immersive Original” lab producers which attract a £1000 payment for each lab.

 

 

The 44CON CFP just closed. You won’t believe what happens next.

Each year 44CON attracts between 100-200 submissions. Some of these are excellent talks, some are average and some are, well, let’s just say that some are below average. In this blog post I’ll try to go through what happens when the CFP closes and to help you answer the immortal question, “Has my talk been accepted/rejected?”

Along the way I’ll announce our first accepts, and most importantly explain the why of our CFP process.

Continue reading “The 44CON CFP just closed. You won’t believe what happens next.”

Network Forensics: A blog post by Erik Hjelmvik

I have learned a lot about how to track malware and attackers in network traffic while developing and improving the network forensics tool NetworkMiner throughout the past  10 years. The primary purpose of NetworkMiner has always been to help incident responders and forensic investigators to do their job more efficiently. Even though NetworkMiner is my favourite tool for analysing PCAP files I’m still a regular user of other tools such as  Wireshark, tshark, tcpdump, Argus, ngrep, tcpflow and of course CapLoader. However, incident response and forensic work is much more than just knowing what tools to use. It is more about knowing what data to analyze and why.

I will teach several of my favourite techniques for analysing intrusions, tracking criminals and doing threat hunting at the Network Forensics Training at 44CON. The participants will learn how to investigate intrusions and find forensic artefacts in a dataset of several gigabytes of captured network traffic. The training primarily focuses on practical analysis techniques for finding and tracing malicious actors, which involves a great deal of hands-on practice with finding evil in PCAP data.

The first day of training focuses on analysis using only open source tools. The second day primarily covers training on the commercial software from Netresec, i.e. NetworkMiner Professional and CapLoader. All students enrolling in the class will get a full 6 month license for both these commercial tools. This training is not only a unique opportunity to learn how to use NetworkMiner and CapLoader directly from the guy who develops them, it is also a great excuse to spend two full days playing around with PCAP files.

You can find more details about the training here.