Author: stevelord

In that place I put that thing that time.

It’s the 44CONnect Hootenanny!

From the 2nd to the 5th of December we’re running 4 days of high-end training in London. 4 Days is a lot to spend learning red teaming, memory corruption, code injection, reverse engineering and Azure security. To make things a bit easier on the mind, we’re running a one-day event on the 6th of December for those on our training courses.

The 44CONnect Hootenanny has a single talk track, a workshop track and an escape room track. We’ll have workshops from our trainers so you can get a taste of their courses, and a bunch of invited talks at the level of quality you’d come to expect from a full 44CON. The event is fully catered, of course.

There are two ways to get an invite. People on our December training courses are automatically invited. Those who’ve attended training any time in 2019 can join our wait list. We’ll cross-reference the list with 2019 training attendees to keep things fair, and let you know 2 weeks before the event. The wait list is processed first come, first served so sign up sooner rather than later, or book 44CON training now.

Most talks and workshops will be filmed, so if you can’t make it, you’ll be able to watch the talks in the new year on 44CON TV.

The Hacking For Foodbanks Pre-Loved Tech Emporium

The UK’s food poverty crisis continues to get worse. Despite high house prices, food poverty in Hammersmith and Fulham is increasing. We’re continuing to support Hammersmith and Fulham Foodbank this year with our Pre-Loved Tech Emporium as part of our Hacking for Foodbanks initiative. We hope you’ll help raise money that will go directly towards feeding families and people who need your help the most. The work done by Hammersmith and Fulham Foodbank is immeasurable. You can read more about Hammersmith and Fulham Foodbank’s users here.

Help Raise Money To Feed The Vulnerable

We want you to bring your (working) retro, old and cool tech that you’re willing to part with as part of a bring and buy sale operated by Hammersmith & Fulham Foodbank. We’ll provide tags so you can set a suggested price for your donated goods, and people can come along to the table and put in an offer.

The table will be near the front desk, staffed by the wonderful people at Hammersmith and Fulham Foodbank. You won’t be able to miss it.

What We Want

Raid your tech drawers for interesting and obscure technologies others would want to tinker with. We’re ideally looking for bric a brac others would want to buy at between £10-£100 in suggested value.

Please remember this is a process to raise money to feed people, not a process to get rid of unwanted stuff from your junk drawer. Please don’t be upset if we refuse a donation. We don’t have a process for dealing with unsold stuff at the end of the conference, and would rather not contribute to landfill. Having said that, don’t be put off, especially if you have something that you think others would find value in using.

  • Do you have an OsmocomBB-compatible phone? Bring it!
  • Wifi Pineapple clogging up your drawer? Bring it!
  • Got an older Proxmark someone could use? Bring it!
  • A Cellebrite UFED gathering dust? Bring it!
  • That Sun Ultra 5 Workstation you’ve been meaning to play with? Bring it!

All funds raised go to Hammersmith & Fulham Foodbank to support their activities. Every item that’s sold will help feed Fulham families.

The Integrity 8-Bit Arcade Tour Continues!

Thanks to our sponsors, Integrity, the 8-bit Arcade 2019 Tour will be making it’s way to BSides Manchester. With two Commodore 64s, high-end old-school CRT monitors and plenty of games, there’ll be mountains of low-res, SID-tastic fun for any joystick jugglers up for a game.

As well as general games we have an actual tournament complete with prizes. Win 44CON Tickets from Integrity, and books from No Starch Press! Drop on by, don’t be shy and have a wiggle with our joysticks! (careful now! Ed.) We’ll have the following games on, with some being championship rounds and some just for fun:

You might want to wear headphones when clicking the links above as they’re filled with gratuitous (and loud) SID-fuelled nostalgia.

If there are games you’d like to play that aren’t on the list, let us know on the day and we’ll try and dig out a copy.

The #44CON 8-bit Arcade Championship Tour Starts This Weekend

The wonderful Steelcon is back this weekend. Last year we ran a soldering area there. This year we’re back with an 8-bit arcade championship. Two skilled players will win 44CON tickets. We have a bunch of games for our joystick jugglers to try their hand at, as well as running non-championship games throughout the day.

Continue reading “The #44CON 8-bit Arcade Championship Tour Starts This Weekend”

Building a Safe Space for Security Research

We set up a YouTube channel back in 2011, but switched to Vimeo in 2012. Earlier this year we started to move videos from our paid Vimeo account to YouTube.
 
Back in April, YouTube changed their policies to describe the following as “Harmful or dangerous content
 
Instructional hacking and phishing: Showing users how to bypass secure computer systems or steal user credentials and personal data.
 
There’s a difference between malicious and instructional content. YouTube doesn’t seem to have made that distinction clear. Several security research channels have now experienced strikes and suspensions. As a security research conference, we want to upload all of our filmed content, including instructional workshops and talks. It’s not realistic to only upload defensive security videos, nor is it wise. The offensive research content is often instrumental for defenders as it shows them what they need to defend against. This leaves us in an awkward position with youtube, because of what we do.
 

Continue reading “Building a Safe Space for Security Research”

44CONnect June Week – What to expect

We have a fantastic week planned from June 4th – 7th with training, a 44CONnect evening and of course hanging out with our friends at BSides London. If you want to join in there’s still time, just book a seat on the Exploiting Insecurity course, or contact us from your early bird ticket e-mail address. Continue reading “44CONnect June Week – What to expect”

Building a cloud security training platform – Pt 5: Counting The Cost

My 44CON Cloud Security and DevSecOps training course this June includes AWS, Azure and GitHub accounts which the students use so they don’t need to create their own. As I described in Part 1, I also decided to build a training platform, so that students can connect to a virtual desktop in the cloud with all the software they need pre-installed.

That way they can come on to the course with any laptop or even tablet which supports the Amazon WorkSpaces client.

I built the supporting infrastructure in AWS using Terraform which you can read about in Part 2 of my blog, and then scripted user setup across all environments as described in Part 3. And as you might expect, I incorporated lots of security features, and wrote about them in Part 4.

In this last blog of the series, you’ll hear about a lost USB key, the bill, feedback to Amazon and their response. Continue reading “Building a cloud security training platform – Pt 5: Counting The Cost”

Building a cloud security training platform – Pt 4: Security Features

My 44CON Cloud Security and DevSecOps training course this June includes AWS, Azure and GitHub accounts which the students use so they don’t need to create their own. As I described in Part 1, I also decided to build a training platform, so that students can connect to a virtual desktop in the cloud with all the software they need pre-installed.
That way they can come on to the course with any laptop or even tablet which supports the Amazon WorkSpaces client.
I built the supporting infrastructure in AWS using Terraform which you can read about in Part 2 of my blog, and then scripted user setup across all environments as described in Part 3. Continue reading “Building a cloud security training platform – Pt 4: Security Features”

What Now For The 44CON CFP?

A couple of years ago we wrote a blog post about what happens once the CFP closes. Much has changed since then, so we thought we’d write something up to date.

What The CFP?

Most of what happens today is basically the same as back in 2017. We now have our own CFP platform (Gambit), handling submissions and reviews. Aidan and I run the CFP platform and process, with help from Marizel, Sam, Nathalie and our review panel.

We have 100-200 submissions a year, mostly in the last week and the last day. We expect a slight reduction in 2019 submissions due to Brexit-related uncertainty. Submission quality mostly follows a classical bell curve, with most talks being reasonable, some being outstanding and a few being a bit meh. Sadly, we don’t have 100-200 speaking slots. This means that we have to conduct some form of triage. We use a panel of former speakers, people involved in other events and longstanding attendees to select talks. Continue reading “What Now For The 44CON CFP?”