Building an AWS and Azure security training platform

This is a guest post by one of our trainers, Paul Schwarzenberger. Paul is running the fantastic Cloud Security and Devops training course this June. He also has a blog where he talks about AWS, Cloud Security and DevOps. This is part of a series on how he’s built a platform to make things easier for those attending his training. If you enjoy this, check out Parts 2, 3 and 4. Thanks, Paul!

Part 1 – Proof of Concept

The Cloud Security and DevSecOps training course I’m delivering for 44CON in June includes AWS, Azure and GitHub accounts which the students use so they don’t need to create their own.

Wouldn’t it be great if students could turn up with any laptop, or even an iPad, and do the course. And the time spent on the labs would be used to learn about cloud security and DevSecOps, not debugging software installation issues.

Continue reading “Building an AWS and Azure security training platform”

Hacking 44CON’s Pricing Model (5 Different Ways)

It seems like it was only two weeks ago when we announced the early bird tickets, but sadly all 50 have been snapped up. Still, being the great folks we are, we wanted to show you 5 different ways to hack the 44CON ticket pricing model because, well, basically we’re good guys like that. After all, we taught you how to game the 44CON CFP and that worked well. In the words of every security researcher everywhere, “What could possibly go wrong?” Continue reading “Hacking 44CON’s Pricing Model (5 Different Ways)”

44CON 2019 Early-Bird Tickets are now on sale

Our 2019 Early bird tickets are now on sale. There are 50 early bird tickets available until March 11th. Once they’re gone, they’re gone. As usual, the early-bird prices still start at £299 inc. VAT, but there are also accommodation and t-shirt options available.

We’re trialling a small selection of cheap expo tickets providing limited event access with certain groups, and there will be pre-registered free evening event tickets. Early bird tickets are the cheapest fully catered, full access tickets you can get. If you want to see the talks, you want one of these.

As well as full access to 44CON, Early bird ticket holders can also ask for an invite to our 44CONnect event in London on the 13th of March. This invite-only event will take place the day before CRESTCon, and will feature talks from some of the trainers taking part in our quarterly training programme. Please make sure you mention 44CONnect on your booking, or contact us after booking if you’d like to come.

Book your tickets in our shop. If you’d like to book in bulk or through your employer, contact us to arrange an invoice.

44CON Training Goes Quarterly

We’ve offered training courses around 44CON for a long time. We provide a mix of high-end focused course on everything from exploiting Windows Kernel bugs to broader, more generalist courses on web application security and security monitoring. From this year onwards, we’re expanding this to a quarterly schedule.

That’s right, you no longer have to wait a year to sit a high quality training course!

Our 12 month schedule is available here, and you can check out our first courses scheduled for the 11th and 12th of March 2019:

Mastering Container Security – Rory McCune, NCC Group
Malware Reverse Engineering – Joxean Koret

Both courses are two-days long and cost £1300 inc. VAT. When you book online remember to keep the 13th of March free for access to an exclusive, invite-only event.

If you’d like to offer a high-end course in London, get in touch.

Advanced Wireless Attacks Against Enterprise Networks (Gabriel Ryan): Workshop Pre-Requisites

Lab Materials for Advanced Wireless Attacks Workshop
For those of you planning on attending the Advanced Wireless Attacks workshop tomorrow, we highly recommend downloading the course materials in advance. The workshop includes a course package that contains the following items:
  • A pre-configured Kali VM loaded with each of the tools you’ll be using during the workshop
  • A step-by-step lab setup guide
  • A detailed course guide to supplement the material covered in the workshop
Most of the hands-on exercises will take place inside of an Active Directory lab running on your laptop. If you plan on following along with the lab material, please try to get the lab up and running before the start of the session by following the steps in the setup guide. The lab setup process is mostly automated, but some of the files may take a while to download.
If you run into any issues setting up your lab environment, please do not hesitate to get in contact with the instructor at training@digitalsilence.com — he will be available today as well as early tomorrow morning to sort out any issues you may encounter.

Making Britain a Better Place For The Most Vulnerable

“You measure the degree of civilization of a society by how it treats its weakest members.”

This quote has been attributed in various forms to historical figures from Pope John Paul to Dostoevsky, Churchill and even Gandhi. It is a commonly held British value that we should treat others how we’d wish to be treated.

The UK’s food poverty crisis has been getting worse for the best part of a decade. From austerity to universal credit, by that quote above our society’s score is dropping like a stone. This year we’ve come together to support the Trussell Trust and Hammersmith & Fulham Foodbank. It’s an initiative we’re calling Hacking For Foodbanks, that will continue beyond 44CON. While it’s been founded by 44CON crew, we want it to be bigger and separate to 44CON. Food poverty is a national problem and we need your help to help those that need it the most. Hacking For Foodbanks has a 4-point plan to make an impact on UK food poverty through cybersecurity and the tech industry, which you can read more about here.

Help us raise money at 44CON

We want you to bring your (working) retro, old and cool tech that you’re willing to part with as part of a bring and buy sale operated by Hammersmith & Fulham Foodbank and the Trussell Trust. We’ll provide tags so you can set a suggested price for your donated goods, and people can come along to the Trussell Trust table and put in an offer. Got a reasonable-sized retro-battlestation like a Rubber keyed spectrum? Fantastic! WPA injection wifi cards and Hayes serial modems? Super! We’re ideally looking for bric a brac others would want to buy at £5-£50 in suggested value.

Anything that doesn’t get sold can be picked up by the people that dropped it off, or alternatively we’ll donate the kit to similar activities at other UK events.

We’re also offering people the opportunity to make a donation to the initiative both at the event and when they buy a ticket, or register for the free open evening.

All funds raised will be split 50/50 between Hammersmith & Fulham Foodbank and the Trussell Trust, in order to support foodbank activity in Fulham and across the UK.

Get involved

We’re also looking for people to take part in our mentoring scheme, to be piloted in early 2019. In particular we want people from non-technical as well as technical fields, particularly where a university degree isn’t required. We want to raise awareness for foodbank users that there are career opportunities out there, from sales and recruiting to technical jobs. We want to bring these opportunities to interested and able foodbank users and help them when they need a hand the most. Most important of all, we want to eliminate UK food poverty, one family at a time. If you’d like to help, wherever you are just drop us an email.

Building A Permanent Community At 44CON

44CON’s always been the kind of place where you turn up, hang out with friends old and new, get your head bent then go home and get on with your life. But we want to do more than that. We’re building a permanent community for everyone, whether you come to 44CON or not. We’re also mostly old(er Steve, damnit! – A) and riddled with nostalgia. Instead of using Snapbook, or Slickchat or whatever the cool kids use, we thought we’d build a traditional Bulletin Board System and drag it kicking and screaming into the modern age.

To say this was a bad idea was an understatement. Our first attempt used a hodge-podge of Docker, a piece of DOS-based software last updated before the average attendee was born and one instance of a DOS emulator per connection. It worked, but was telnet only (thanks to the joys of serial emulation) and was very, very unstable.

In the end we settled on a modern BBS implementation that has a learning curve almost as steep as Radare2, but allows us to do cool modern things, like provide access over SSH and HTTPS. Originally we worked on supporting older platforms like the BBC Micro, C64 and ZX Spectrum, but everything old struggled with newer software, and everything new struggled with older software.

Finally, we have something we think you’re going to love. Registration will open on the 12th of September. May we present the official 44CON rumour mill, Juicy HQ:

Screen Shot 2018-08-29 at 20.37.05

For those of you who’ve never used a BBS before, the first thing you need to know is that you apply for an account (register). Once you’ve filled in a form, you’ll be taken to the new scan screen. This is to check for updates since you last logged on. There are public and private message areas, file uploads (check out our collection of classic British hacking textfiles, or our PoC||GTFO archive) and you can play multiplayer old-school BBS games courtesy of our DoorParty setup. If things seem a little less interactive, remember that BBSes were typically built to serve very few, if any concurrent users, and most content was downloaded in batches for later offline use.

Screen Shot 2018-08-30 at 11.24.12

Screen Shot 2018-08-30 at 11.14.03Most British people never really got to use dial-in BBSes back in the day due to BT’s monopoly and pricing, although Prestel and Micronet had some popularity. There was one information system that every British person had access to, which was Teletext. On the BBC, we had Ceefax. So we built our BBS around a Ceefax theme, although you might spot the odd reference to Teletext classics such as Bamboozle and even Digitiser. And yes, all of this is accessible in a web browser.

Screen Shot 2018-08-29 at 20.37.41

Although Juicy HQ is the official 44CON BBS, it’ll be open to everyone from the 12th of September. Whether you’ve been to 44CON or not, live in the UK or not, or if you’ve never been to a conference before, all are welcome providing Wheaton’s law is followed at all times.

 

 

Screen Shot 2018-08-29 at 20.38.33

We’re still refining Juicy HQ in preparation for launch, but we’re making sure there’s plenty of easter eggs for you to find. If you’re interested in beta testing the BBS, give Steve a shout on twitter or mastodon and he’ll hook you up.