44CON LONDON 2015 Workshops

Most of these workshops are now available to view on vimeo.

Some of the following workshops have specific requirements for items that attendees should bring along, full details can be found here on the requirements page.

Indicators of Compromise: From malware analysis to eradication

Presented By: Michael Boman

This workshop takes you through the steps from locating a unknown malware inside the corporate network to analyzing the sample to identify the indicators of compromise and use those to eradicate the malware from the enterprise network using freely available tools – some that you might already have deployed.

Introduction to Reverse Engineering C++

Presented By: Angel M. Villegas

C++ and Object Oriented Programming (OOP) has been around for a while. Software (small to large scale projects) and malware are leveraging C++ and OOP more and more. Understanding how to program and reverse engineer C++ can aid in finding or exploiting vulnerabilities, performing in-depth analysis on malware, hacking games, etc.


Hands-on JTAG for fun and root shells

Presented By: Joe FitzPatrick

JTAG may be almost 30 years old with little change, but that doesn’t mean most people really understand what it does and how. This workshop will start with a brief introduction to what JTAG really is, then quickly dive into some hands-on practice with finding, wiring, and finally exploiting a system via JTAG.

For this UK-themed workshop, we’ll target a Raspberry Pi (Cambridge) with an ARM (also Cambridge) microprocessor. In order to interact with the system, we’ll use a JTAG interface cable from FTDI (Glasgow). We won’t do any hardware modifications, but we will hook up wires in weird and wonderful ways to make the Raspberry Pi do things it otherwise shouldn’t

Analyzing Malicious Office Documents

Presented By: Didier Stevens

In this workshop (2 hours), I explain how to use the tools (oledump, emldump, YARA rules, …) I developed to analyze (malicious) Microsoft Office documents.

I have around 20 exercises that explain step by step to the workshop participants how they can analyze malicious office documents with my Python tools. Microsoft Office is not required for the analysis.

Old Dog, New Tricks: Forensics With PowerShell

Presented By: Jared Atkinson

Recent intrusion into the networks of organizations like Office of Personnel Management, Sony, JPMorgan Chase, and British Airways have shown that the question isn’t “if” your organization will be targeted, but “when”. With these attacks and many others in recent years, incident response teams have had to rapidly change tactics from the “image-and-forget” methodology to live box forensics and containment. During these engagements, forensic analysts must actively track and monitor an adversary in their network while preventing the adversary from recognizing detection but most tools are not up to the job. PowerShell brings the flexibility and in-memory nature to defenders to tackle live threats.

In this workshop, I will cover how my project, PowerForensics, can provide the Digital Forensics/Incident Response community with an all in one toolset for attack response and investigation. By leveraging PowerShell’s access to the Windows API and .NET framework, PowerForensics provides investigators with a forensically sound “live” investigation platform without the need to image the hard drive. I’ll cover the background and overview of PowerForensics, including how its various capabilities can facilitate the investigation of advanced actors at scale. Finally, I’ll cap off with a complex demo, showing how PowerForensics can help blue teams investigate the real attacks they’re now facing. PowerShell isn’t just for the red team anymore.

Pen Test Partners IoT Workshop

Presented By: Dave Lodge

We are constantly expanding and sharing our understanding of the Internet of Things and generally discovering that it is really quite broken. It’s easy to put remote controlled chipsets into everyday appliances and gadgets and manage their data in the cloud, but where are the safeguards and security frameworks? We have researched many app enabled “things” from kids toys to sex toys and kettles and every single one was found wanting. While the findings are fun, the implications are not. We’ll show you how they can create serious security headaches, from giving up Wi-Fi PSKs to being used as network implants.

The workshop will start with a brief slot covering our research to date with Fitbit’s Aria scales; what we’ve found, what we’ve learned, where we’ve got stuck, and what we’ve guessed at. We will discuss a few vulnerabilities that we have discovered and help get you started on finding some more. Once we’ve set the scene the workshop can begin. This is really a 101 on logic probing and hardware analysis, so we’ll share some basic techniques for logic probing; UART, SPI, Flash etc.