44CON Proudly Presents
The 44CON 2019 Hootenanny
Friday December 6th
Novotel London West. 1 Shortlands, Hammersmith, London, W6 8DR
5 Talks. 3 Workshops. 1 Escape Room, and The Subatomic Souls.
With Support From
The Line Up
|Time||Talks||Workshops||Escape Room||Registration/ Sponsors|
|08:30||Registration, Coffee and Croissants|
|09:00||Mike Auty – Evolving memory analysis with Volatility 3|
|09:45||Matt Lewis – DeepFake Cyber Security threats and opportunities||Max Kamper – HeapLab taster: GLIBC Heap Exploitation||Escape Room First Session|
|10:30||Morning Break (in Registration/Sponsor area)||Max Kamper – HeapLab taster: GLIBC Heap Exploitation||Escape Room Challenges||Coffee and Snacks|
|11:00||Lawrence Munro – Why Security-as-a-Feature will never happen||Leigh-Anne Galloway and Timur Yunusov Proximity required: finding vulnerabilities in contactless payments (not filmed)||Fiendish Puzzles|
|12:00||Lunch (in restaurant)||Lunch (from 12:30 in restaurant)||Lunch (in restaurant, for those that escape!)|
|14:00||Florent Daigniere – Why are we still doing authentication wrong?||Steven Wierckx – From zero to hero threat modeling in 90 minutes||Brain-bending Challenges|
|14:45||Laura Kankaala – What do hackers see when they look at the clouds?||Steven Wierckx – From zero to hero threat modeling in 90 minutes||Final session starts at 15:00|
|15:30||Coffee Break (in Registration/Sponsor area)||Coffee Break (in Registration/Sponsor area)||Final session finishes at 16:00 (unless you escape in time for coffee)||Coffee and Snacks|
|16:00||Rhythm and Blues from the Subatomic Souls with a selection of beers, wine and soft drinks|
What do hackers see when they look at the clouds?
What is worth hacking in cloud services these days and how can we protect against such attacks? Laura Kankaala, an ex-pentester/ red teamer/incident responder, will show you what hackers see when they look into the clouds and help filter out the noise by identifying realistic threats and what should actually be protected in the cloud.
Why are we still doing authentication wrong?
Authentication is omnipresent in today’s society. We still do it wrong by both alienating our users and ignoring the obvious in our threat modeling. This talk explores a reasonable threat model for various use-cases where current protocols and their implementation both fall short of expectations and what could be done to fix them.
DeepFake Cyber Security threats and opportunities
AI poses a significant threat in the realms of social engineering and cyber-attack through AI-driven fake biometrics, imagery and text. This talk explores these threats and opportunities and to stimulate thought and discussion on the research challenges ahead in terms of detecting, mitigating or positively utilising AI-driven fakery in Cyber Security.
Evolving memory analysis with Volatility 3
The Volatility Framework provides cutting edge memory analysis technology. This talk compares the new Volatility 3 to previous versions and other Volatility based tools. It discusses many new features and our new contributor focused license. Finally, we’ll discuss ways the community can help contribute to the official launch of Volatility 3!
Why Security-as-a-Feature will never happen
In this highly optimistic talk, Lawrence asks why developers keep writing insecure code. He looks for the root cause of the security issues that appear again and again, with both surprising and not-so-surprising findings. Finally, Lawrence looks at different things we can all do to improve the state of code security from beginning to end.
From zero to hero threat modeling in 90 minutes – Steven Wierckx
Join Toreon’s Steven Wiercks for a 90 minute workshop based on his Whiteboard Hacking training course and go from system description to basic threat model in just 90 minutes.
Expect the Fast and the Furious of introductory threat modeling sessions with no prior threat knowledge required. Starting with threat model theory, most of the time will be spent doing a real-world threat model for an online booking system that wants to move components to ‘the cloud’.
HeapLab taster: GLIBC heap exploitation – Max Kamper
The GNU C Library (GLIBC) is a core part of most Linux desktop and many embedded distributions; its memory allocator is used in everything from starting threads to dealing with I/O.
Learn how to leverage this vast attack surface with 2 early techniques from the HeapLab training course: The House of Force and Fastbin Dup.
This Workshop is an ideal taster for Max’s 44CON HeapLab Training in March 2020.
Finding vulnerabilities in contactless payments – Leigh-Anne Galloway and Timur Yunusov
We interact with payments every day. Yet how many of us, know how they work? In this 90 minute workshop learn how payments work and how to spot vulnerabilities. As this is a hands-on workshop all participants are required to bring their own contactless cards and mobile wallets (GPAY and wearables). We have a no card, no seat policy.
Learn from the best in industry, and leave with your wallet a little lighter.
What Else Is On?
F-Secure Escape Room
As well as talks and workshops, the Hootenanny has an escape room, brought to you by our friends at F-Secure. The escape room features fiendish puzzles for teams to unlock, running every hour.
Fully Catered Lunch And Breaks
We’re laying on a full lunch at the Novotel’s Aroma restaurant. If you’ve trained with us you’ll know exactly what to expect. If you haven’t, prepare to have your taste buds blown with amazing food, including options for those with dietary requirements. We’ll also hold networking breaks with tea, coffee and a wide range of refreshments throughout the day.
The Subatomic Souls
No Hootenanny is complete without music, and we have The Subatomic Souls to play us out with an acoustic Rhythm and Blues set. Kick back with a beer, glass of wine or one of our non-alcoholic drinks and enjoy the music.
Do You Qualify For A Free Ticket?
Tickets to the Hootenanny are £35 each. If you’ve attended any 44CON Training in 2019, you’re on the Hootenanny guest list!. To claim your free ticket, just email Marizel using the address your ticket was registered with. If you haven’t attended any 44CON training in 2019, now’s the time to start!
Stay In Touch
Like the NSA, our newsletter will be in your inbox every Tuesday. Unlike the NSA, you can unsubscribe at any time.
Got Questions? Contact us via email at email@example.com.