44CON 2016 Workshops

Thank you to all of our awesome Speakers this year! Grab your ticket in our shop so you don’t miss out on attending these great workshops.

ARM Shellcode Basics

cPresented By: Saumil Shah

A 2 hour workshop on writing ARM Shellcode from scratch. The workshop will cover some simple ARM assembly, and hands-on work with two shellcode examples: a simple execve() shell and a fully working Reverse Shell. This will then be tested with with two ARM exploits.

Attendees are required to bring in their laptops with a working copy of VMWare (Player/Workstation/Fusion). ARM images running on QEMU will be distributed to the participants.

Advanced Java Application Code Review

Presented By:Philippe Arteau

Modern corporate environments use diverse technologies. Security analysts (code reviewers and pentesters) need to be able to understand how components work under the hoods. This workshop will cover various classes of vulnerabilities with a Java twist. The exercise will be on the code analysis of a custom sample application. The open-source tools Find Security Bugs and SonarQube will be used. This training will cover the following classes of vulnerabilities: XXE (XML eXternal Entity), expression injection, deserialization vulnerability, Path Traversal, HQL injections and XSS.

Hunting Linux Malware for Fun and $flags

Presented ByOlivier Bilodeau & Marc-Etienne M.Léveillé

Server-side Linux malware is a real threat now. Unfortunately, as for its Windows counterpart, most system administrators are inadequately trained or don’t have enough time allocated by their management to analyse and understand the threats that their infrastructures are facing. This tutorial aims at creating an environment where Linux professionals have the opportunity to study such threats safely and in a time-effective fashion.

In this introductory tutorial you will learn to fight real-world Linux malware that targets server environments. Attendees will have to find malicious processes and concealed backdoors in a compromised Web server.

In order to make the tutorial accessible for a range of skill levels several examples of malware will be used with increasing layers of complexity — from scripts to ELF binaries with varying degrees of obfuscation. Additionally, as is common in Capture-The-Flag information security competitions, flags will be hidden throughout the environment for attendees to find.


  • Good understanding of Linux server systems (userland)
  • Laptop with a Linux native system or a Linux virtual machine
  • Pre-installed tools: text-editor, OpenVPN client, gdb
  • Optional: ipython, IDA Pro (proprietary)

Skills to acquire:

  • Live system incident response and forensics using Linux’s standard tool
  • System hardening
  • Inroduction to reverse-engineering obfuscated scripts and binaries

Managing Incidents with CyberCPR

Presented By: Steve Armstrong 

CyberCPR provides a secure environment for incident responders to discuss incidents, exchange files, review incident progress, provide automated analysis of evidence items and a range of other time-saving features based on practical experience.

This will be a hands on workshop, with students participating actively, accessing the demo CyberCPR system, creating incidents and adding evidence. In the workshop we will show the various aspects of the tool and how to get the most from it.

During this workshop we will explain the background security of the system, the integrity monitoring of the database, the file encryption of all evidence in the file vault and how sensitive incidents (unauthorized internal data access or child pornography) can be processed on the same system.

At the end of the workshop the attendees will have a good understanding of the capability of CyberCPR and how to operate its key features. They will leave with a VM of the CyberCPR ready to run on a laptop of their choosing.