Author: stevelord

In that place I put that thing that time.

The Integrity 8-Bit Arcade Tour Continues!

Thanks to our sponsors, Integrity, the 8-bit Arcade 2019 Tour will be making it’s way to BSides Manchester. With two Commodore 64s, high-end old-school CRT monitors and plenty of games, there’ll be mountains of low-res, SID-tastic fun for any joystick jugglers up for a game.

As well as general games we have an actual tournament complete with prizes. Win 44CON Tickets from Integrity, and books from No Starch Press! Drop on by, don’t be shy and have a wiggle with our joysticks! (careful now! Ed.) We’ll have the following games on, with some being championship rounds and some just for fun:

You might want to wear headphones when clicking the links above as they’re filled with gratuitous (and loud) SID-fuelled nostalgia.

If there are games you’d like to play that aren’t on the list, let us know on the day and we’ll try and dig out a copy.

The #44CON 8-bit Arcade Championship Tour Starts This Weekend

The wonderful Steelcon is back this weekend. Last year we ran a soldering area there. This year we’re back with an 8-bit arcade championship. Two skilled players will win 44CON tickets. We have a bunch of games for our joystick jugglers to try their hand at, as well as running non-championship games throughout the day.

Continue reading “The #44CON 8-bit Arcade Championship Tour Starts This Weekend”

Building a Safe Space for Security Research

We set up a YouTube channel back in 2011, but switched to Vimeo in 2012. Earlier this year we started to move videos from our paid Vimeo account to YouTube.
 
Back in April, YouTube changed their policies to describe the following as “Harmful or dangerous content
 
Instructional hacking and phishing: Showing users how to bypass secure computer systems or steal user credentials and personal data.
 
There’s a difference between malicious and instructional content. YouTube doesn’t seem to have made that distinction clear. Several security research channels have now experienced strikes and suspensions. As a security research conference, we want to upload all of our filmed content, including instructional workshops and talks. It’s not realistic to only upload defensive security videos, nor is it wise. The offensive research content is often instrumental for defenders as it shows them what they need to defend against. This leaves us in an awkward position with youtube, because of what we do.
 

Continue reading “Building a Safe Space for Security Research”

44CONnect June Week – What to expect

We have a fantastic week planned from June 4th – 7th with training, a 44CONnect evening and of course hanging out with our friends at BSides London. If you want to join in there’s still time, just book a seat on the Exploiting Insecurity course, or contact us from your early bird ticket e-mail address. Continue reading “44CONnect June Week – What to expect”

Building a cloud security training platform – Pt 5: Counting The Cost

My 44CON Cloud Security and DevSecOps training course this June includes AWS, Azure and GitHub accounts which the students use so they don’t need to create their own. As I described in Part 1, I also decided to build a training platform, so that students can connect to a virtual desktop in the cloud with all the software they need pre-installed.

That way they can come on to the course with any laptop or even tablet which supports the Amazon WorkSpaces client.

I built the supporting infrastructure in AWS using Terraform which you can read about in Part 2 of my blog, and then scripted user setup across all environments as described in Part 3. And as you might expect, I incorporated lots of security features, and wrote about them in Part 4.

In this last blog of the series, you’ll hear about a lost USB key, the bill, feedback to Amazon and their response. Continue reading “Building a cloud security training platform – Pt 5: Counting The Cost”

Building a cloud security training platform – Pt 4: Security Features

My 44CON Cloud Security and DevSecOps training course this June includes AWS, Azure and GitHub accounts which the students use so they don’t need to create their own. As I described in Part 1, I also decided to build a training platform, so that students can connect to a virtual desktop in the cloud with all the software they need pre-installed.
That way they can come on to the course with any laptop or even tablet which supports the Amazon WorkSpaces client.
I built the supporting infrastructure in AWS using Terraform which you can read about in Part 2 of my blog, and then scripted user setup across all environments as described in Part 3. Continue reading “Building a cloud security training platform – Pt 4: Security Features”

What Now For The 44CON CFP?

A couple of years ago we wrote a blog post about what happens once the CFP closes. Much has changed since then, so we thought we’d write something up to date.

What The CFP?

Most of what happens today is basically the same as back in 2017. We now have our own CFP platform (Gambit), handling submissions and reviews. Aidan and I run the CFP platform and process, with help from Marizel, Sam, Nathalie and our review panel.

We have 100-200 submissions a year, mostly in the last week and the last day. We expect a slight reduction in 2019 submissions due to Brexit-related uncertainty. Submission quality mostly follows a classical bell curve, with most talks being reasonable, some being outstanding and a few being a bit meh. Sadly, we don’t have 100-200 speaking slots. This means that we have to conduct some form of triage. We use a panel of former speakers, people involved in other events and longstanding attendees to select talks. Continue reading “What Now For The 44CON CFP?”

Building a cloud security training platform – Pt 3: Automated User Setup

This is a guest post by one of our trainers, Paul Schwarzenberger. Paul is running the fantastic Cloud Security and DevSecOps training course this June. He also has a blog where he talks about AWS, Cloud Security and DevSecOps. This is part of a series on how he’s built a platform to make things easier for those attending his training. If you enjoy this, don’t forget to check out parts 1, 2, and 4 in this series. Thanks, Paul!

My 44CON Cloud Security and DevSecOps training course this June includes AWS, Azure and GitHub accounts which the students use so they don’t need to create their own. As I described in Part 1, I also decided to build a training platform, so that students can connect to a virtual desktop in the cloud with all the software they need pre-installed.

That way they can come on to the course with any laptop or even tablet which supports the Amazon WorkSpaces client.

I built the supporting infrastructure in AWS using Terraform – a great tool for infrastructure as code – see Part 2 for more details and screenshots. Continue reading “Building a cloud security training platform – Pt 3: Automated User Setup”

4 New 44CON 2018 Videos

We’ve added another 4 videos from 44CON 2018 to 44CON TV. Our older conf talk videos are also moving over to the channel. If you want them in your YouTube stream, don’t forget to subscribe to 44CON TV and click the bell. Once all the videos are up, we’ll start work on other ways to access our content. Lets see what’s new! Continue reading “4 New 44CON 2018 Videos”

44CONnect June 2019

44CONnect is an invite-only event taking place on the 6th of June, somewhere in London. The purpose of the day is to bring together people attending 44CON training, so they can connect with trainers and people on different courses. It’s our way of giving people who’ve attended our courses the chance to get a taste of upcoming training, and the opportunity to get some extra credit to take back to the office.

This time, 44CONnect will be an evening event, with talks, food and drinks. Training attendees will have food provided and we’ll have a small bar tab. Continue reading “44CONnect June 2019”