Jacob Torrey: Bootstrapping an Architectural Research Platform

Over the next few weeks we’re going to announce the 44CON talks and workshops. Don’t forget to get your tickets!

Our next announcement is Jacob Torrey – Bootstrapping an Architectural Research Platform

This talk aims to provide the fundamental architectural knowledge and resources for a security research interested in misuse of the x86 platform to conduct their own research with less “boiler-plate”. Covering the privileges and architectural events that different CPU rings can monitor, a few basic research hypervisors, and new technologies coming into the mainstream; this talk will aid researchers to rapidly focus on the research questions and not the setup.

Jacob Torrey is an Advising Research Engineer at Assured Information Security, Inc. where he leads the Computer Architectures group and acts as the site lead for the Colorado branch. Jacob has worked extensively with low-level x86 and MCU architectures, having written a BIOS, OS, hypervisor and SMM handler. His major interest is how to (mis)use an existing architecture to implement a capability currently beyond the limitations of the architecture. In addition to his research, Jacob volunteers his time organizing conferences in Denver (RMISC & BSidesDenver) and regular meet-ups across the front range.

You can follow Jacob on Twitter @JacobTorrey

Details of all of our talks, workshops and speakers are being announced daily. Don’t forget to book your tickets before they’re sold out!

Saumil Shah: ARM Shellcode Basics

Over the next few weeks we’re going to announce the 44CON talks and workshops. Don’t forget to get your tickets!

Our third announcement is Saumil Shah’s workshop: ARM Shellcode Basics

This is a 2 hour workshop on writing ARM Shellcode from scratch. I will cover some simple ARM assembly, and then we will work on two shellcode examples. A simple execve() shell and a fully working Reverse Shell. We will then test this with two ARM exploits. Attendees are required to bring in their laptops with a working copy of VMWare (Player/Workstation/Fusion). ARM images running on QEMU will be distributed to the participants.

Saumil Shah is the founder and CEO of Net-Square, providing cutting edge information security services to clients worldwide. Saumil is an internationally recognized conference speaker and instructor for over 15 years. He is also the co-developer of the wildly successful “Exploit Laboratory” courses and has authored two books titled “Web Hacking: Attacks and Defense” and “The Anti-Virus Book”.

Saumil holds an M.S. in Computer Science from Purdue University, USA and a B.E. in Computer Engineering from Gujarat University. He spends his leisure time playing Pacman, flying kites, travelling around the world and taking pictures.

You can follow him on twitter @therealsaumil

Details of all of our talks, workshops and speakers are being announced daily. Don’t forget to book your tickets before they’re sold out!

Keynote Talk: Robert Schifreen – Three Decades In Security. What’s Changed, And What Hasn’t.

Over the next few weeks we’re going to announce the 44CON talks and workshops. Don’t forget to get your tickets!

Our first announcement is for Robert Schifreen’s upcoming keynote – Three Decades In Security. What’s Changed, And What Hasn’t.

Cybercrime has changed greatly in the last 30 years. People still hack, but for many different reasons. The rewards available to hackers are much greater, as are the risks. But many of the techniques that hackers employ, both technical and psychological, have not changed at all. Victims still fall for the social engineering tricks and the fake emails. They still write down passwords. Compilers still fail to protect programmers from buffer overruns. Programmers still fail to protect themselves from being vulnerable to database injection attacks.

Have we learned anything in 32 years? If so, how much, and is it enough?

In case you were wondering, yes this is that Robert Schifreen. 30 years after the trial that paved the way for the Computer Misuse Act, he has a lot to tell us, and we’re really looking forward to hearing about it.

Robert Schifreen is the founder of SecuritySmart.co.uk, which provides measurable IT security awareness training. He first became known in the security industry in 1985 when he was the first person in the world to be arrested and tried by a jury in connection with computer hacking. His ultimate acquittal in 1987 on all charges, by the House of Lords (the most supreme court at the time), led to the introduction of the Computer Misuse Act 1990.

Details of all of our talks, workshops and speakers are being announced daily. Don’t forget to book your tickets before they’re sold out!