44CON 2013 Workshops

Some of the following workshops have specific requirements for items that attendees should bring along, full details can be found here on the requirements page.

Context Clues: How Today’s Security Leaders Leverage Event Metadata, Frequency & Relationships to Make Better Decisions

Presented By: Michael Viscuso

Digital activity happens faster than humans can process it. And with malicious actors evolving by the minute, even the most seasoned security leader may have a hard time identifying what’s “normal”. As a result, balancing the conflict between security and convenience can be extremely difficult.

When navigating this fine line, the most successful and sought after security leaders consistently achieve the desired balance because they have the right information at their fingertips to answer vital questions about their enterprises.

This workshop will use real-world examples to show how the combination of Metadata, Frequency, and Relationships gives security leaders the context and answers they need to make the right business AND security decisions, before and after a breach.

Colossus: The First Computer to Crack a Cipher

Presented By: Robert Weiss & Ben Gatti

This is a discussion of the technical details of both the Lorenz Cipher machine and the Colossus machine and the cryptanalysis effort to break the Lorenz cipher.


Hacking Tamagotchis for Fun and …. Well, That’s Pretty Much It

Presented By: Natalie Silvanovich

Have you always wanted to hack a Tamagotchi? Here is your chance! This workshop will teach you how to write custom games, items and code for the virtual pets. It will show you the tools you need for both script and assembly-based “Tama development”, and during the workshop you will work towards putting a photo on the screen of a Tamagotchi

Kits containing a Tamagotchi and compatible flash will be available at the door for about £15. Please bring a laptop and an Arduino or low-power SPI flash programmer if you have one.


Crypto for Hackers

Presented By: Robert Weiss & Ben Gatti

This is a detailed crypto training targeted to a hacker audience. This includes deep dives into various crypto algorithms, the details or the security reasoning around crypto and highlights of various weak crypto algorithms and their flaws.

Controlling a PC using Arduino

Presented By: Michael Boman

Arduino is a versatile platform for developing your own stand-alone software-controlled hardware projects. This workshop will do into depth with the hardware developed to control standard desktop PCs for the MART Project. It will teach you Arduino software development and some basic electronics engineering.


Malware Reverse Engineering Workshop

Presented By: Daniel Cuthbert

This workshop aims to cut through some of the ‘black magic’ artform often associated with reverse engineering and malware. As seen by recent attacks, malware use on advanced attacks is on the rise and having a basic understanding of how one approaches such analysis, is a key skill to have.

Using malware used in real attacks against large corporates, students will look at both behavioural analysis and code analysis, to determine what the malware does and also take evasive action.


Over the overflows: a journey beyond the explored world of buffer overflows

Presented By: Donato Capitella & Jahmel Harris

Much has been said on buffer overflows over the years. This workshop instead focuses on exploits for vulnerabilities that do not rely on a buffer overflow but rather on format strings, integer overflows and use-after-frees. A mix of exercises and recent case studies (CVE-2012-0809, CVE-2012-0864) will be presented with a coverage of various mitigation techniques and ways to bypass them.


Culture & CNA Behaviors

Presented By: Char Sample

Computer Network Attack (CNA) attribution presents an ongoing challenge for information security professionals. The distributed nature of the Internet combined with the use of anonymizing technologies contributes to making the problem worse. What is needed is a new way to approach this problem, one that is technology independent. Culture, “software of the mind” or “mental programming” offers a way to accomplish this goal of attribution and is technology independent. Both conscious and unconscious thoughts are culturally influenced, this influence is so pervasive in thought, that automatic thought has cultural traces. Technology usage varies by culture, so the logical extension would imply that culture influences CNAs.

This workshop discusses Hofstede’s cultural dimension framework and the operationalized data from that framework that made this study possible. Next the workshop discusses the quantitative research used to test the hypothesis that Culture influences CNA behaviors, followed by the results. Finally, a discussion of post-doc research topics in this area follows.

The research findings will be discussed in terms of what was found AND what was observed, along with what these findings mean in terms of CNA attribution, CNO activities and how this research can be applied to assist in understanding attackers beyond the IP address and into the automatic processes of the human mind.

Exploring the Portable Executable Format

Presented By: Ange Albertini

This workshop takes a deep dive into the Portable Executable Format, with a detailed look at history and structures within the PE format which is a critical topic for any Windows or Malware Researcher.


Real World Application Threat Modelling by Example

Presented By: Ollie Whitehouse

In this workshop we will be looking at how to approach several different aspects of a non-source code based approach to threat modelling through dynamic analysis and platform inspection. We’ll use a virtual appliance based product as an example but the approaches and techniques shown will be applicable to any situation be it web, cloud (ugh!), mobile or traditional OS (Windows/Linux etc.).

How to assess and secure iOS apps

Presented By: Bernardo Damele

The Apple’s App Store hosts over 700,000 third-party applications and the market share for iOS-based devices (commonly referred to as ‘iDevices’) is increasing over the years. Understanding the security implications of insecure iOS apps is of primary importance to organizations that provide access to their flagship online products and services via iOS apps. These apps share a number of APIs with Mac OSX, plus others specific for iDevices. As such, the attack surface is pretty extensive where skills and time are both required during black-box and white-box assessments of iOS apps.

In this workshop we will be looking at how to perform a comprehensive assessment of iOS applications following a structured methodology defined at NCC Group over the last years and adopted by our Security Testing division. The workshop follows a pragmatic examples-driven approach to illustrate development mistakes that lead to security vulnerabilities in iOS apps. For each vulnerability and insecure coding practices illustrated, a code-level security recommendation will be provided.

Cyber Defence or Defending the Business?

Presented By: Bruce Wynn OBE FBCS CITP

Cyber isn’t all technical! Technology versus Tactics? People versus Procedures? Defending versus Detecting? What about the trend towards Intelligence-based Cyber Defence, and some of the consequent legal implications. Business is about managing risk – cyber is no different

Beware – the workshop is intended to be non-techie, and barely mention metasploit, Hadoop, spanner, colossus, heap sprays or CSS, but it will stimulate debate on (and offer some tools for) making more appropriate balance of investment decisions in ‘Cyber‘