44CON Proudly Presents

The 44CON 2019 Hootenanny

Friday December 6th

Novotel London West. 1 Shortlands, Hammersmith, London, W6 8DR

5 Talks. 3 Workshops. 1 Escape Room, and The Subatomic Souls.

With Support From

The Line Up

Time Talks Workshops Escape Room Registration/ Sponsors
08:30
Registration, Coffee and Croissants
09:00
Mike Auty - Evolving memory analysis with Volatility 3
09:45
Matt Lewis - DeepFake Cyber Security threats and opportunities
Max Kamper - HeapLab taster: GLIBC Heap Exploitation
Escape Room First Session
10:30
Morning Break (in Registration/Sponsor area)
Max Kamper - HeapLab taster: GLIBC Heap Exploitation
Escape Room Challenges
Coffee and Snacks
11:00
Lawrence Munro - Why Security-as-a-Feature will never happen
Leigh-Anne Galloway and Timur Yunusov Proximity required: finding vulnerabilities in contactless payments (not filmed)
Fiendish Puzzles
12:00
Lunch (in restaurant)
Lunch (from 12:30 in restaurant)
Lunch (in restaurant, for those that escape!)
14:00
Florent Daigniere - Why are we still doing authentication wrong?
Steven Wierckx - From zero to hero threat modeling in 90 minutes
Brain-bending Challenges
14:45
Laura Kankaala - What do hackers see when they look at the clouds?
Steven Wierckx - From zero to hero threat modeling in 90 minutes
Final session starts at 15:00
15:30
Coffee Break (in Registration/Sponsor area)
Coffee Break (in Registration/Sponsor area)
Final session finishes at 16:00 (unless you escape in time for coffee)
Coffee and Snacks
16:00
Rhythm and Blues from the Subatomic Souls with a selection of beers, wine and soft drinks

Hootenanny Speakers

Laura Kankaala

What do hackers see when they look at the clouds?

What is worth hacking in cloud services these days and how can we protect against such attacks? Laura Kankaala, an ex-pentester/ red teamer/incident responder, will show you what hackers see when they look into the clouds and help filter out the noise by identifying realistic threats and what should actually be protected in the cloud.

Florent Daigniere

Why are we still doing authentication wrong?

Authentication is omnipresent in today’s society. We still do it wrong by both alienating our users and ignoring the obvious in our threat modeling. This talk explores a reasonable threat model for various use-cases where current protocols and their implementation both fall short of expectations and what could be done to fix them.

Matt Lewis

DeepFake Cyber Security threats and opportunities

AI poses a significant threat in the realms of social engineering and cyber-attack through AI-driven fake biometrics, imagery and text. This talk explores these threats and opportunities and to stimulate thought and discussion on the research challenges ahead in terms of detecting, mitigating or positively utilising AI-driven fakery in Cyber Security.

Mike Auty

Evolving memory analysis with Volatility 3

The Volatility Framework provides cutting edge memory analysis technology. This talk compares the new Volatility 3 to previous versions and other Volatility based tools. It discusses many new features and our new contributor focused license. Finally, we’ll discuss ways the community can help contribute to the official launch of Volatility 3!

Lawrence Munro

Why Security-as-a-Feature will never happen

In this highly optimistic talk, Lawrence asks why developers keep writing insecure code. He looks for the root cause of the security issues that appear again and again, with both surprising and not-so-surprising findings. Finally, Lawrence looks at different things we can all do to improve the state of code security from beginning to end.

Hootenanny Workshops

Steven Wierckx

From zero to hero threat modeling in 90 minutes - Steven Wierckx

Join Toreon’s Steven Wiercks for a 90 minute workshop based on his Whiteboard Hacking training course and go from system description to basic threat model in just 90 minutes.

Expect the Fast and the Furious of introductory threat modeling sessions with no prior threat knowledge required. Starting with threat model theory, most of the time will be spent doing a real-world threat model for an online booking system that wants to move components to ‘the cloud’.

HeapLab taster: GLIBC heap exploitation - Max Kamper

The GNU C Library (GLIBC) is a core part of most Linux desktop and many embedded distributions; its memory allocator is used in everything from starting threads to dealing with I/O.

Learn how to leverage this vast attack surface with 2 early techniques from the HeapLab training course: The House of Force and Fastbin Dup.

This Workshop is an ideal taster for Max’s 44CON HeapLab Training in March 2020.

Leigh-Anne Galloway and Timur Yunusov

Finding vulnerabilities in contactless payments - Leigh-Anne Galloway and Timur Yunusov

We interact with payments every day. Yet how many of us, know how they work? In this 90 minute workshop learn how payments work and how to spot vulnerabilities. As this is a hands-on workshop all participants are required to bring their own contactless cards and mobile wallets (GPAY and wearables). We have a no card, no seat policy.

Learn from the best in industry, and leave with your wallet a little lighter.

What Else Is On?

F-Secure Escape Room

As well as talks and workshops, the Hootenanny has an escape room, brought to you by our friends at F-Secure. The escape room features fiendish puzzles for teams to unlock, running every hour.

Fully Catered Lunch And Breaks

We’re laying on a full lunch at the Novotel’s Aroma restaurant. If you’ve trained with us you’ll know exactly what to expect. If you haven’t, prepare to have your taste buds blown with amazing food, including options for those with dietary requirements. We’ll also hold networking breaks with tea, coffee and a wide range of refreshments throughout the day.

The Subatomic Souls

No Hootenanny is complete without music, and we have The Subatomic Souls to play us out with an acoustic Rhythm and Blues set. Kick back with a beer, glass of wine or one of our non-alcoholic drinks and enjoy the music.

Do You Qualify For A Free Ticket?

Tickets to the Hootenanny are £35 each. If you’ve attended any 44CON Training in 2019, you’re on the Hootenanny guest list!. To claim your free ticket, just email Marizel using the address your ticket was registered with. If you haven’t attended any 44CON training in 2019, now’s the time to start!

Stay In Touch

Like the NSA, our newsletter will be in your inbox every Tuesday. Unlike the NSA, you can unsubscribe at any time.

Got Questions? Contact us via email at help@44con.com.