We’ve added another 4 videos from 44CON 2018 to 44CON TV. Our older conf talk videos are also moving over to the channel. If you want them in your YouTube stream, don’t forget to subscribe to 44CON TV and click the bell. Once all the videos are up, we’ll start work on other ways to access our content. Lets see what’s new! Continue reading “4 New 44CON 2018 Videos”
Category: 44CON 2018
More 2018 44CON Videos Added
This week we’ve added another 5 videos from 44CON 2018. We’re also starting to move our older conf talk videos over to the YouTube channel, so if you’d like them to show up in your stream, don’t forget to subscribe to the 44CONtv channel and click the bell to get notifications as new videos go up. From now on, all of our videos will be up on YouTube as soon as the 1s and 0s can carry them. Continue reading “More 2018 44CON Videos Added”
First Videos From 44CON 2018 Up
For a long time we used to sell access to videos on Vimeo. Recently we moved back to making videos freely available on YouTube. Due to some last minute issues with 2018 we had to do a bit more work to get the 2018 videos to a point we were happy with. However, in 2019 the wonderful Ministraitor will be supporting our videos, and we’ll be able to provide them for free from now on. The first 5 videos from 2018’s 44CON are now ready to go, so read on for the vids and our thoughts. Continue reading “First Videos From 44CON 2018 Up”
Advanced Wireless Attacks Against Enterprise Networks (Gabriel Ryan): Workshop Pre-Requisites
Lab Materials for Advanced Wireless Attacks Workshop
For those of you planning on attending the Advanced Wireless Attacks workshop tomorrow, we highly recommend downloading the course materials in advance. The workshop includes a course package that contains the following items:
- A pre-configured Kali VM loaded with each of the tools you’ll be using during the workshop
- A step-by-step lab setup guide
- A detailed course guide to supplement the material covered in the workshop
Most of the hands-on exercises will take place inside of an Active Directory lab running on your laptop. If you plan on following along with the lab material, please try to get the lab up and running before the start of the session by following the steps in the setup guide. The lab setup process is mostly automated, but some of the files may take a while to download.
If you run into any issues setting up your lab environment, please do not hesitate to get in contact with the instructor at training@digitalsilence.com — he will be available today as well as early tomorrow morning to sort out any issues you may encounter.
Making Britain a Better Place For The Most Vulnerable
“You measure the degree of civilization of a society by how it treats its weakest members.”
This quote has been attributed in various forms to historical figures from Pope John Paul to Dostoevsky, Churchill and even Gandhi. It is a commonly held British value that we should treat others how we’d wish to be treated.
The UK’s food poverty crisis has been getting worse for the best part of a decade. From austerity to universal credit, by that quote above our society’s score is dropping like a stone. This year we’ve come together to support the Trussell Trust and Hammersmith & Fulham Foodbank. It’s an initiative we’re calling Hacking For Foodbanks, that will continue beyond 44CON. While it’s been founded by 44CON crew, we want it to be bigger and separate to 44CON. Food poverty is a national problem and we need your help to help those that need it the most. Hacking For Foodbanks has a 4-point plan to make an impact on UK food poverty through cybersecurity and the tech industry, which you can read more about here.
Help us raise money at 44CON
We want you to bring your (working) retro, old and cool tech that you’re willing to part with as part of a bring and buy sale operated by Hammersmith & Fulham Foodbank and the Trussell Trust. We’ll provide tags so you can set a suggested price for your donated goods, and people can come along to the Trussell Trust table and put in an offer. Got a reasonable-sized retro-battlestation like a Rubber keyed spectrum? Fantastic! WPA injection wifi cards and Hayes serial modems? Super! We’re ideally looking for bric a brac others would want to buy at £5-£50 in suggested value.
Anything that doesn’t get sold can be picked up by the people that dropped it off, or alternatively we’ll donate the kit to similar activities at other UK events.
We’re also offering people the opportunity to make a donation to the initiative both at the event and when they buy a ticket, or register for the free open evening.
All funds raised will be split 50/50 between Hammersmith & Fulham Foodbank and the Trussell Trust, in order to support foodbank activity in Fulham and across the UK.
Get involved
We’re also looking for people to take part in our mentoring scheme, to be piloted in early 2019. In particular we want people from non-technical as well as technical fields, particularly where a university degree isn’t required. We want to raise awareness for foodbank users that there are career opportunities out there, from sales and recruiting to technical jobs. We want to bring these opportunities to interested and able foodbank users and help them when they need a hand the most. Most important of all, we want to eliminate UK food poverty, one family at a time. If you’d like to help, wherever you are just drop us an email.
Building A Permanent Community At 44CON
44CON’s always been the kind of place where you turn up, hang out with friends old and new, get your head bent then go home and get on with your life. But we want to do more than that. We’re building a permanent community for everyone, whether you come to 44CON or not. We’re also mostly old(er Steve, damnit! – A) and riddled with nostalgia. Instead of using Snapbook, or Slickchat or whatever the cool kids use, we thought we’d build a traditional Bulletin Board System and drag it kicking and screaming into the modern age.
To say this was a bad idea was an understatement. Our first attempt used a hodge-podge of Docker, a piece of DOS-based software last updated before the average attendee was born and one instance of a DOS emulator per connection. It worked, but was telnet only (thanks to the joys of serial emulation) and was very, very unstable.
In the end we settled on a modern BBS implementation that has a learning curve almost as steep as Radare2, but allows us to do cool modern things, like provide access over SSH and HTTPS. Originally we worked on supporting older platforms like the BBC Micro, C64 and ZX Spectrum, but everything old struggled with newer software, and everything new struggled with older software.
Finally, we have something we think you’re going to love. Registration will open on the 12th of September. May we present the official 44CON rumour mill, Juicy HQ:
For those of you who’ve never used a BBS before, the first thing you need to know is that you apply for an account (register). Once you’ve filled in a form, you’ll be taken to the new scan screen. This is to check for updates since you last logged on. There are public and private message areas, file uploads (check out our collection of classic British hacking textfiles, or our PoC||GTFO archive) and you can play multiplayer old-school BBS games courtesy of our DoorParty setup. If things seem a little less interactive, remember that BBSes were typically built to serve very few, if any concurrent users, and most content was downloaded in batches for later offline use.
Most British people never really got to use dial-in BBSes back in the day due to BT’s monopoly and pricing, although Prestel and Micronet had some popularity. There was one information system that every British person had access to, which was Teletext. On the BBC, we had Ceefax. So we built our BBS around a Ceefax theme, although you might spot the odd reference to Teletext classics such as Bamboozle and even Digitiser. And yes, all of this is accessible in a web browser.
Although Juicy HQ is the official 44CON BBS, it’ll be open to everyone from the 12th of September. Whether you’ve been to 44CON or not, live in the UK or not, or if you’ve never been to a conference before, all are welcome providing Wheaton’s law is followed at all times.
We’re still refining Juicy HQ in preparation for launch, but we’re making sure there’s plenty of easter eggs for you to find. If you’re interested in beta testing the BBS, give Steve a shout on twitter or mastodon and he’ll hook you up.
What To Expect On Thursday Night
44CON’s a bit different to some other cons in that we tend to run our own Thursday night entertainment instead of a traditional sponsor party. Sponsors and others are welcome to run their own events if they prefer, and indeed, this year some are. Last year was a little quiet, mostly due to Steve not being well enough to plan things.
If you’ve never been to a 44CON, or if last year was your first, you might not expect much, but this year we have a lot going on.
First of all, the biggest of big big shout outs go to our dear friends and Gold sponsors, HackerOne, without whom this night wouldn’t happen. HackerOne are sponsoring the entire evening, so make sure you thank them for helping out. We’ll have complementary food and drinks from Gin O’Clock onwards courtesy of our Gin O’Clock sponsors Crowdfense, up till 19:00, and at various points and places in the evening from 19:50 onwards courtesy of HackerOne. As well as a selection of Alcoholic drinks, we’ll also have a fantastic Mint and Elderflower Fizz mocktail and soft drinks for those who want to keep things light.
The evening session starts at 19:00 with Pwning the 44CON Nerf Gun, by Chris Wade and Dave Lodge of PenTest Partners. This is no ordinary stunt hack talk. The Nerf Terrascout is pretty well put together for a toy tank, and it took the PTP guys a heck of a lot of effort in reversing proprietary RF protocols, manipulating the SPI bus and all kinds of wacky techniques, all to hijack the controller in real-time so they can shoot Steve. This is rather odd, as it’s absolutely not going to happen. The crew won’t let Steve get shot…. honest!
Nicky Bloor will be running a two-hour workshop from 20:00 on Diving Deep into Deserialization, starting with an overview, then diving through exploit and gadget chains into a CTF-style VM for you to play along with (so don’t forget your laptop). Expect this to bend your head a little, but you’ll come out of the other side made of steel.
Looking for something more blue team than red? From 20:00, Phillipe Arteau will run a two-hour workshop on Machine Learning with the Orange data visualization, machine learning and data mining toolkit. His workshop, Orange is the new Hack is essential for anyone conducting triage and will take you through implementing vulnerability classification at scale. The same skillset can be applied to other contexts such as malware classification, system alert classification and vulnerability management.
While the workshops are going on, we’ll have Duckies Den in Track 1 from 20:00. Pitch your ideas to our panel of industry duckies, who’ll award beer tokens accordingly. Our sponsors will also get short pitch slots… but the audience get the beers. This year’s theme for our attendees is “Zany cybersecurity ideas that don’t exist, and probably shouldn’t”. Prizes will be awarded for:
- Best billed idea
- Most lame duck pitch
- Most quackers concept
Could your idea be the nest big thing? Which pitches will fly, and which will sink without a trace? Waddle our panel of duckies take under their wing? Will our sponsors earn a feather in their cap, or will they cry fowl play? It’s not just an eggscuse for duck puns, but we’re sure avian will have a good time!
If it’s all a bit too much and you want to veg out in front of a film, we’ll be screening all-time classic The Big Lebowski in the coffee area from 20:00. Chill out on the sofas, grab some snacks and see what happens when you meet a stranger in the alps. If you don’t like The Big Lebowski, well, that’s just your opinion, man.
Last year we had Linux Kernel poetry and Yoga. This year we’re looking for lightning talks with a twist in our Lightning Talk Poetry Slam from 22:00 in Track 1. Slots are 5-15 minutes long, and should feature either in part or in hole, some form of poetry. Haikus, Limericks and epic Rap battles are most welcome. Sign up at the front desk, then come up, either take a shot of Sourz or try a British snack and SHOW US WHAT U GOT.
TNMOC Guided Tour Giveaway
Proudly sponsored by F-secure
Following the recent prize draw for Steelcon tickets, it’s time for the next opportunity to win with 44CON.
F-Secure are sponsoring a guided tour of The National Museum of Computing (TNMOC) which will take place on Saturday 1st September from 12:30.
The tour will last around 2 hours and cover the full museum collection from the Colossus, war code breaking machines and the history of computing from 1940 to the start of smart phone. Much of what is on display actually works, and the guide will describe how the computers were used, tell anecdotes on their design and operation, and operate some of the equipment.
After the tour you will be able to stay in the museum if you’d like to go back and look at certain computers. TNMOC also has a few old gaming consoles which you’ll be able to play on.
How to enter:
- Sign up to our newsletter
- Send an email to marizel@44con.com letting us know you’re interested in the TNMOC tour. Please either use the email you used to sign up to the mailing list or mention it in your email.
- Keep an eye on your emails in mid August to see if you’re a winner
Winners will be contacted around the 15th of August and the tour will take place on the 1st of September 2018. Instructions/directions will be sent to the winners prior to the tour taking place.
Detailed information about getting to TNMOC situated in Bletchley Park can be found here.
Steelcon Ticket winners
44CON Soldering Area at Steelcon
Steelcon is coming up soon, Steve and Marizel are looking forward to running the soldering area on the 7th of July. We’ll be offering hands on help for those new to soldering or who haven’t had a chance to solder in a while. So come over, say hi and have a go!
We’ll also have some new sticker designs and a Steelcon exclusive discount code for 44CON tickets!
And the winners are…
After being generously provided with two Steelcon tickets to give away to 44CON supporters, last week we did a random draw. If you bought a 44CON2018 ticket and are signed up for our newsletter you had a chance to win.
We are very happy to announce that Will Deane and Mick Vaites are the winners of the two tickets and were contacted last week.
44CON Talks and Workshops announced
Our CFP process has completed and we’re now putting talks and workshops up. We still have a few more to add, but there’s enough up to start checking out. So, what are we covering this year? Continue reading “44CON Talks and Workshops announced”