44CON 2017 Schedule Available.

Here you go folks the 44CON 2017 schedule is now available here.

Go take a look at all the wonderful talks and workshops we have lined up for you! As with all things the schedule could be subject to some last minute changes so make sure you keep an eye out on the day so you don’t miss out.

If you have’t got your ticket yet there are some still available here.

We look forward to seeing you all in September.

CTF 2017

This year we are delighted to announce that Immersive Labs will be running the 44CON 2017 CTF and they have some great challenges in store for you! Make sure you stop by and see them. 

They will make their platform available to all 44CON participants, enabling you to take on over 150 cyber security challenges during the conference. Immersive Labs exercises combine both CTF style and sign-posted challenges ranging from Beginner to Advanced. 

A real-time leaderboard will keep track of participants including the individual labs they’ve completed. Immersive Labs will be providing opportunities for the top 10 users to become “Immersive Original” lab producers which attract a £1000 payment for each lab.



Network Forensics: A blog post by Erik Hjelmvik

I have learned a lot about how to track malware and attackers in network traffic while developing and improving the network forensics tool NetworkMiner throughout the past  10 years. The primary purpose of NetworkMiner has always been to help incident responders and forensic investigators to do their job more efficiently. Even though NetworkMiner is my favourite tool for analysing PCAP files I’m still a regular user of other tools such as  Wireshark, tshark, tcpdump, Argus, ngrep, tcpflow and of course CapLoader. However, incident response and forensic work is much more than just knowing what tools to use. It is more about knowing what data to analyze and why.

I will teach several of my favourite techniques for analysing intrusions, tracking criminals and doing threat hunting at the Network Forensics Training at 44CON. The participants will learn how to investigate intrusions and find forensic artefacts in a dataset of several gigabytes of captured network traffic. The training primarily focuses on practical analysis techniques for finding and tracing malicious actors, which involves a great deal of hands-on practice with finding evil in PCAP data.

The first day of training focuses on analysis using only open source tools. The second day primarily covers training on the commercial software from Netresec, i.e. NetworkMiner Professional and CapLoader. All students enrolling in the class will get a full 6 month license for both these commercial tools. This training is not only a unique opportunity to learn how to use NetworkMiner and CapLoader directly from the guy who develops them, it is also a great excuse to spend two full days playing around with PCAP files.

You can find more details about the training here.

CRESTCon & IISP Congress 2017

44CON is exhibiting at CRESTCon & IISP Congress on 19th April at the Royal College of Surgeons in London. Tickets are available now – www.crestandiisp.com

CRESTCon & IISP Congress 2017 focuses on cyber security threats, vulnerabilities and industry challenges.

Now in its 5th year, CRESTCon & IISP Congress is a unique event that brings together over 400 leading technical and business information security professionals with a choice of three conference streams along with an exhibition, demo area and research library. The event is run by not-for-profit organisations CREST, which represents the technical information security industry, and the Institute of Information Security Professionals, the leading accreditation body and industry authority.

CRESTCon & IISP Congress in April will feature keynote presentations from a senior NCSC spokesperson and Tarah Wheeler, website security czar at Symantec. Other presentations across the event’s three speaker tracks put the spotlight on topics ranging from how an organisation’s email can be turned against it, protecting wearable technology and cognitive security, through to detecting and bypassing sandboxes, blockchain, and the future of malware.

Stream 1 delivers presentations that are technical in nature and related to penetration testing, incident response or threat intelligence. Stream 2 will look at the cyber security landscape and attempt to predict changes over the next decade, while stream 3 is all about working together to build and enhance cyber skills.

If you’re attending, make sure you stop by and say hello to Emma & Steve.

44CON 2017 Sponsorship Opportunities Available

44CON 2017, now in its seventh successful year, is recognised as a “must-attend” conference for security professionals. Offering unparalleled networking, cutting-edge presentations and thought leadership across the information security arena, we aim to ensure attendees have a great time. This year we had over 400 people attend, that added with speakers from across the world delivering awesome talks on relevant and up to date topics makes 44CON one of the UK’s premier conferences.

44CON 2017 will take place from the 13th – 15th September 2017 at the ILEC Conference Centre, London. There will also be a number of training courses taking place before 44CON 2017. If you have a training proposal you wish us to consider, please email emma@44con.com for more information.

If you wish to become one of our awesome sponsors, then please take a look at our 44CON 2017 sponsor pack. If you have any questions or want to discuss any of the opportunities further please email sponsorops@44con.com


44CON at DeepSec 2016

DeepSecLogoWe are delighted to announce that we will once again be attending DeepSec this year! DeepSec will take place at The Imperial Riding School Vienna on the 10th & 11th November and, once again, they have some great talks – check them out for yourself.

This year we will be running an exclusive survey for DeepSec attendees. So for your chance to WIN a ticket to 44CON 2017 make sure you pick up a flyer or visit the crew in our blue t-shirts for more details.

We look forward to seeing many of you there.

44CON 2016 – Another year done!

Well that’s it for another year, our sixth 44CON has come to an end!

We here at 44CON would like to take the opportunity to thank all of our sponsors, speakers, attendees and crew for making this year’s 44CON the most mellow yet. If you didn’t manage to catch all of the talks the slides should be available soon so make sure you keep a look out for them. You can also still pre-order access to the videos in our shop.

We know many of you are fans of good coffee so Antipode sent us over some stats:

  • 13kgs Espresso
  • 24 litres Cold Brew!!!
  • 12 litres filter coffee
  • 40 litres of milk.

Don’t forget to mark your diaries for next year, 44CON 2017 will be taking place on the 13th-15th September. We hope to see many of you there.

What to expect at 44CON

If you haven’t been to 44CON before then you are in for a treat! We have 2 and a half jam packed days of awesome talks, workshops & networking… don’t believe us?… see for yourself. Oh, and yes, the big red bus is back this year with the bar being sponsored by Amazon! So make sure you stop by to say hello and grab a drink.

44CON kicks off with a FREE community evening tomorrow night, from 6:30pm (Wednesday 14th, registration from 6pm). If you can’t make it to the full event but still want to be part of 44CON, the community evening is the perfect opportunity. If you have purchased your ticket for 44CON, it includes entry to Wednesday evening, all you need to do is turn up. If you can only attend the Wednesday evening then you will need to register here.

Following on from our community night we have two full days of talks and workshops including Pen Test Partners IOT Workshop presented by Ken Munro (psst they will have beer!):

Live car hacking – come and have a go at the Mitsubishi Outlander and see if you can find new vulnerabilities with their guidance. IoT hacking tuition is hands on – they will have a large quantity of IoT devices, testing equipment and a number of their team there to help you with extracting firmware.

This year’s list of IoT junk stuff includes:

  • Various smart thermostats, some of which have 0-days, others are untested
  • Even more smart talking toys, just waiting to be made sweary
  • More home webcams than you can shake a stick at, ready to leak creds
  • And more wi-fi kettles, ovens and coffee machines…

Ken is a regular speaker at the ISSA Dragon’s Den, (ISC)2 Chapter events and CREST events, where he sits on the board. He’s also an Executive Member of the Internet of Things Security Forum and spoke out on IoT security design flaws at the forum’s inaugural event. He’s also not averse to getting deeply techie either, regularly participating in hacking challenges and demos at Black Hat, 44CON, DefCon and Bsides amongst others.

Ken and his team at Pen Test Partners have hacked everything from keyless cars and a range of IoT devices, from wearable tech to children’s toys and smart home control systems. This has gained him notoriety among the national press, leading to regular appearances on BBC TV and BBC News online as well as the broadsheet press. He’s also a regular contributor to industry magazines, penning articles for the legal, security, insurance, oil and gas, and manufacturing press.

Read Ken’s blog here.

Tickets are expected to sell out, so get yours while you can.

See you at the ILEC!

Jerry Gamblin: Frictionless Security

Over the last few weeks we have been announcing the line up for 44CON2016. 44CON kicks off this week but it’s not too late to get your tickets!

Our final speaker announcement is Jerry Gamblin – Frictionless Security

“Frictionless Security” is the process of building your security program into your company’s infrastructure stack so that it is automated, non-intrusive, and non-negotiable.  Over the last year as I have implemented this program I have written custom API calls, CHEF scripts, slack bots and more in order to make my security program as frictionless as possible.

In this talk we will discuss:

What went well.
What went wrong. (Hint: A LOT)
What we will do differently to improve.

Jerry Gamblin’s passion for security was ignited in 1989 when he hacked Oregon Trail to give himself the highest score in history in the world on his 3rd grade teacher’s Apple IIe.

As a (mostly) grown up security evangelist and analyst, he has been featured on numerous blogs, podcasts and has spoken at security conferences around the world on keeping companies secure.

When he’s not helping companies be more secure, you can find him taking his son to swim lessons or learning how to solder.

You can read his latest thoughts at jerrygamblin.com.



Evan Booth: Jittery MacGyver: Lessons Learned from Building a Bionic Hand out of a Coffee Maker

Over the next few weeks we’re going to announce the 44CON talks and workshops. Don’t forget to get your tickets!

Our next announcement is Evan Booth – Jittery MacGyver: Lessons Learned from Building a Bionic Hand out of a Coffee Maker

In May of 2015, it was estimated that a pod-based coffee maker could be found in nearly one in three American homes. Despite the continued popularity of these single-cup coffee conjurers at home as well as in the workplace, it has become clear that these devices are not impervious to mechanical and/or electrical failure. It was this intersection of extremely prevalent hardware and relatively short lifespan that prompted me to begin exploring the upper limits of what could be created by repurposing one of the most popular pod-based machines: the Keurig.

In this session, we will walk through some real-world examples of “MacGyver”-style creative problem-solving, we’ll go hands on (yes, pun intended) with stuff made from repurposed Keurigs, and finally, I’ll reflect on lessons learned from looking for potential in things most people deem common and unremarkable.

Evan Booth loves to build stuff out of other stuff. As an engineer for Skookum, a full service software development company in Charlotte, North Carolina, he works to solve a variety of business problems through the creative use of technology. As a human for Earth, he tends to break things for curiosity’s sake.

Throughout 2013 and into 2014, in an effort to highlight hypocrisy and “security theater” brought about by the TSA, through a research project called “Terminal Cornucopia,” Evan created an arsenal ranging from simple, melee weapons to reloadable firearms to remotely-triggered incendiary suitcases—all solely comprised of items that anyone can purchase inside most airport terminals *after* the security checkpoint.

Given the right ingredients, a big cardboard box can be a time machine, spaceship, minecart, or a telephone booth that only calls people named “Steve” who live in the future.

Details of all of our talks, workshops and speakers are being announced daily. Don’t forget to book your tickets before they’re sold out!