44CON’s always been the kind of place where you turn up, hang out with friends old and new, get your head bent then go home and get on with your life. But we want to do more than that. We’re building a permanent community for everyone, whether you come to 44CON or not. We’re also mostly old(er Steve, damnit! – A) and riddled with nostalgia. Instead of using Snapbook, or Slickchat or whatever the cool kids use, we thought we’d build a traditional Bulletin Board System and drag it kicking and screaming into the modern age.
To say this was a bad idea was an understatement. Our first attempt used a hodge-podge of Docker, a piece of DOS-based software last updated before the average attendee was born and one instance of a DOS emulator per connection. It worked, but was telnet only (thanks to the joys of serial emulation) and was very, very unstable.
In the end we settled on a modern BBS implementation that has a learning curve almost as steep as Radare2, but allows us to do cool modern things, like provide access over SSH and HTTPS. Originally we worked on supporting older platforms like the BBC Micro, C64 and ZX Spectrum, but everything old struggled with newer software, and everything new struggled with older software.
Finally, we have something we think you’re going to love. Registration will open on the 12th of September. May we present the official 44CON rumour mill, Juicy HQ:
For those of you who’ve never used a BBS before, the first thing you need to know is that you apply for an account (register). Once you’ve filled in a form, you’ll be taken to the new scan screen. This is to check for updates since you last logged on. There are public and private message areas, file uploads (check out our collection of classic British hacking textfiles, or our PoC||GTFO archive) and you can play multiplayer old-school BBS games courtesy of our DoorParty setup. If things seem a little less interactive, remember that BBSes were typically built to serve very few, if any concurrent users, and most content was downloaded in batches for later offline use.
Most British people never really got to use dial-in BBSes back in the day due to BT’s monopoly and pricing, although Prestel and Micronet had some popularity. There was one information system that every British person had access to, which was Teletext. On the BBC, we had Ceefax. So we built our BBS around a Ceefax theme, although you might spot the odd reference to Teletext classics such as Bamboozle and even Digitiser. And yes, all of this is accessible in a web browser.
Although Juicy HQ is the official 44CON BBS, it’ll be open to everyone from the 12th of September. Whether you’ve been to 44CON or not, live in the UK or not, or if you’ve never been to a conference before, all are welcome providing Wheaton’s law is followed at all times.
We’re still refining Juicy HQ in preparation for launch, but we’re making sure there’s plenty of easter eggs for you to find. If you’re interested in beta testing the BBS, give Steve a shout on twitter or mastodon and he’ll hook you up.
44CON’s a bit different to some other cons in that we tend to run our own Thursday night entertainment instead of a traditional sponsor party. Sponsors and others are welcome to run their own events if they prefer, and indeed, this year some are. Last year was a little quiet, mostly due to Steve not being well enough to plan things.
If you’ve never been to a 44CON, or if last year was your first, you might not expect much, but this year we have a lot going on.
First of all, the biggest of big big shout outs go to our dear friends and Gold sponsors, HackerOne, without whom this night wouldn’t happen. HackerOne are sponsoring the entire evening, so make sure you thank them for helping out. We’ll have complementary food and drinks from Gin O’Clock onwards courtesy of our Gin O’Clock sponsors Crowdfense, up till 19:00, and at various points and places in the evening from 19:50 onwards courtesy of HackerOne. As well as a selection of Alcoholic drinks, we’ll also have a fantastic Mint and Elderflower Fizz mocktail and soft drinks for those who want to keep things light.
The evening session starts at 19:00 with Pwning the 44CON Nerf Gun, by Chris Wade and Dave Lodge of PenTest Partners. This is no ordinary stunt hack talk. The Nerf Terrascout is pretty well put together for a toy tank, and it took the PTP guys a heck of a lot of effort in reversing proprietary RF protocols, manipulating the SPI bus and all kinds of wacky techniques, all to hijack the controller in real-time so they can shoot Steve. This is rather odd, as it’s absolutely not going to happen. The crew won’t let Steve get shot…. honest!
Nicky Bloor will be running a two-hour workshop from 20:00 on Diving Deep into Deserialization, starting with an overview, then diving through exploit and gadget chains into a CTF-style VM for you to play along with (so don’t forget your laptop). Expect this to bend your head a little, but you’ll come out of the other side made of steel.
Looking for something more blue team than red? From 20:00, Phillipe Arteau will run a two-hour workshop on Machine Learning with the Orange data visualization, machine learning and data mining toolkit. His workshop, Orange is the new Hack is essential for anyone conducting triage and will take you through implementing vulnerability classification at scale. The same skillset can be applied to other contexts such as malware classification, system alert classification and vulnerability management.
While the workshops are going on, we’ll have Duckies Den in Track 1 from 20:00. Pitch your ideas to our panel of industry duckies, who’ll award beer tokens accordingly. Our sponsors will also get short pitch slots… but the audience get the beers. This year’s theme for our attendees is “Zany cybersecurity ideas that don’t exist, and probably shouldn’t”. Prizes will be awarded for:
Best billed idea
Most lame duck pitch
Most quackers concept
Could your idea be the nest big thing? Which pitches will fly, and which will sink without a trace? Waddle our panel of duckies take under their wing? Will our sponsors earn a feather in their cap, or will they cry fowl play? It’s not just an eggscuse for duck puns, but we’re sure avian will have a good time!
If it’s all a bit too much and you want to veg out in front of a film, we’ll be screening all-time classic The Big Lebowski in the coffee area from 20:00. Chill out on the sofas, grab some snacks and see what happens when you meet a stranger in the alps. If you don’t like The Big Lebowski, well, that’s just your opinion, man.
Last year we had Linux Kernel poetry and Yoga. This year we’re looking for lightning talks with a twist in our Lightning Talk Poetry Slam from 22:00 in Track 1. Slots are 5-15 minutes long, and should feature either in part or in hole, some form of poetry. Haikus, Limericks and epic Rap battles are most welcome. Sign up at the front desk, then come up, either take a shot of Sourz or try a British snack and SHOW US WHAT U GOT.
First and foremost, if you’re attending 44CON, please add this phone number to your contacts list, under “44CON”. It’s our at-event emergency crew contact number:
+44 (0)7955 376 729
Recent events in Las Vegas as a result of policy changes following the Mandalay Bay shooting seriously affected some of our attendees visiting the city for conferences in early August. We watched from a distance in abject horror as people routinely had their privacy and safety compromised by aggressive security teams demanding entry to rooms and confiscating soldering irons and lockpicks, some of which we understand haven’t been returned to their owners.
While we completely understand the need to beef up security in the shadow of yet another mass shooting in America, the horrific stories that unfolded on twitter made us ask ourselves what we were doing to ensure that such invasions of safety and privacy don’t happen here.
To that end, we’ve done two things:
We’ve asked the ILEC’s attached hotel under what terms they’ll enter rooms booked there.
We’ve set up an emergency contact number you can call to reach the crew at any time during the event.
In the UK there are reasons under which your hotel room can be forcefully entered, but generally it shouldn’t need to happen unless your stay is longer than a few days and you’ve left the Do Not Disturb tag on your door. This is partly to check that you’re still alive, and also to check you haven’t trashed the hotel room. From the ILEC:
We do not access guests rooms apart from cleaning. If the Do not disturb sign is displayed up to 3 days we do not enter but after that we have to check. Initially we would ring the room and if the guest answers we would ask to go and see the room if it is inacceptable[sic] conditions ( as in damages).
If there is a fire evacuation the fire marshals will go floor by floor and knock and open the rooms for people to evacuate as they can be asleep.
The only other reason for someone to enter the room by force would be if the police or fire service needed to enter in an emergency.
The author of this post is a man, but the 44CON crew are a mix of men and women. If you’re struggling to see why this is primarily a safety rather than privacy issue, I think Joe Fitz summed things up best in this twitter thread:
“I sympathize with @maddiestone and @k8em0 ‘s experiences but realize I can’t possibly know how terrified they probably felt.”
Once again, that emergency crew number is:
+44 (0)7955 376 729
If you’re attending 44CON, please add this number to your contacts. It’ll only be active during the event, but someone will have the phone 24×7. Please don’t abuse this number, as it may block the line for someone who needs it.
Fundamentally, your safety is the most important thing to us. If we can’t get that right, nothing else matters. While we don’t expect problems, should anything happen that could compromise your safety:
If you’re in your room and something is happening outside, make sure the room is locked. Do not let anyone into your room if you don’t want to.
Dial reception on the in-room phone and tell them what’s happening, and what you need them to do.
Let us know something’s happened via email so we can track it, regardless of whether it’s been resolved.
If it’s unresolved, or you feel your safety is being threatened then call +44 (0)7955 376 729. We’ll sort things out from there.
In case you need it, please remember that the emergency services number is 999 in the UK, not 911. 112 will also work.
We don’t expect anyone to need this, but if you do, we’ll do our best to keep you safe.
We’re really excited to open our Call For Papers for 44CON 2018. We’re looking forward to seeing all of your submissions on our shiny new CFP system, which promises to be far less painful than the old one.
44CON consists of 2 dedicated speaking tracks, a dedicated workshop track and combined speaking/workshop track over the two days. Talks range from softer subjects in areas such as governance, law and policy through to reverse engineering, exploitation, tooling and abuse of weird machines. We also have an open evening freely accessible to all (but with pre-registration) on the Wednesday evening before the main event.
Talks are 45 minutes long, while workshops are 60-120 minutes in length. All submissions are welcome but some useful guidance on particular topics of interest can be found at the CFP submission system.
As usual, speakers from outside of Fulham, Putney or London Underground Zone 1 will have travel reimbursed. We’ll provide two nights accommodation for speakers or workshop presenters with more than an hour’s travel to a mainline London rail station. We’ll bump that to 3 nights accommodation for any accepted speaker providing a talk and a workshop.
If you’re interested in submitting something, we highly recommend reading last year’s How To Game The 44CON CFP blog post.
The CFP closes on Monday 30th April 2018 at 23:59pm UTC. We’ll start notifying speakers by the 4th of June and announce our first round of accepted speakers on the 6th of June at BSides London. Full details of dates can be found on the CFP system.
Every year 44CON has a Call For Papers (CFP). The CFP is run by a panel of about 10 people from various parts of the industry, predominantly based in the UK. The process and technologies used have changed over the years, most notably last year when we replaced our existing bespoke CFP system with HotCRP and implemented a weighted average scoring mechanism based on HotCRP voting results.
TL;DR – I want to speak at 44CON
Ok, then do these things to boost your chances:
Submit a workshop with your talk
Make it clear where else you’ve submitted and/or might/will submit
Include links to other talks you’ve done, video if you have it
Get your talk in early for a better chance of scoring higher
Be enthusiastic, tell us of any boundaries, problems or needs, and work with us, not against us
Understanding how the CFP works
The CFP is opened on a particular date for submissions. Everyone speaking in Track 1 or 2 must go through the CFP process. Track 3 (which is sometimes used for workshops) is a little more fluid, for reasons I’ll discuss later.
Scoring and voting
Scoring is as much an art as science, but you can improve your chances of speaking at 44CON.
Our panel votes on and scores talks out of 5, normally in several tranches. It varies by individual and not everyone votes on every talk. People provide comments and feedback, which we pass onto those submitting on request. On average we get between 200-400 submissions a year.
When the CFP is due to close, we push panel members along to review and score submissions, particularly if they haven’t yet been voted on.
Once voting is complete, we divide the sum of scores from each voter by the number of voters to get an average, with an option for discussion under certain circumstances that can weight a score by up to + or – 0.5.
UK submissions normally get up-voted (with some exceptions, see below), and in the selection rounds there’s a strong bias towards UK-based speakers over non-UK-based speakers with identical scores, unless the non-UK-based speaker’s talk is exceptional in other ways. This doesn’t mean that your talk will be rejected if you’re not based in or from the UK. Non-UK based speakers make up the majority of our speakers, but there is definitely a small “home bias” amongst the panel members based in the UK.
Why does it take so long to find out if I’m accepted?
If you’re not sure what’s happening, contact us and we’ll give you an update.
Once we have the results we look to fill a specific number of slots, which varies each year. Acceptance messages are sent out in tranches, and when people return the speaker agreement, they’re confirmed. We normally send rejections for very low scoring talks, but there’s a glut of talks usually falling between 3.5-4.0, where they might be accepted if others scoring higher can’t make it.
If you’ve scored an average of 5.0, you’re pretty much guaranteed a slot and we’ll get in touch straight away. The bulk of submissions tend to hover around a score of 3-4, and 4.5 is normally the cut-off point for the first tranche of accepts. We then wait till the first tranche come back, or if we get no response, chase them up twice before moving on.
For the slots that free up, we move down the list, ensuring those who scored highest get picked first. Once we’ve filled up tracks 1 and 2, we move on to track 3.
After the first round of talk triage, cut-off tends to happen around average scores of 4.25 – 4.0/5.What this means is that there are a lot of good talks that just don’t get accepted at 44CON because we don’t have the space to support them, even with a third track. More often than not a talk or workshop rejection from 44CON does not mean it sucks. Ask for feedback and we’ll share what we can.
Wait, isn’t 44CON a two-track conference?
All speakers dress like this when preparing submissions.
Yes and no. For several years we’ve run a hidden track under various names. This is because we’ve wanted to give our backup speakers a chance to speak if someone drops out, but we don’t want to risk slots emptying on the main tracks. Inevitably people drop out along the way, people who are allocated to track 3 move onto the main tracks and this leaves gaps that we have the option to fill.
Sometimes we’ll look back at the talks list and look to offer a spot to someone on the list, however sometimes it’s easier to go to people we know are definitely coming and see if they have something. This is a completely arbitrary decision affecting two slots a year at most, and more often than not, 10-20 people want the slots. We generally operate on a first come, first serve basis.
Hacking the process
Now you know how the process works, let’s look at how you can subvert it to ensure your talk has the best chance of scoring high. Each voter on the panel is different, but there are certain things that, on average, will result in you being more favourably considered.
Submit both Talks and Workshops
We have 2-3 tracks to fill with talks, and get on average 200-400 submissions a year. We get less than 20 workshop submissions a year. Workshops are 2 hours long and come with an extra night’s accommodation when talks are also submitted.
If you want to maximise your chances of speaking at 44CON, submit a workshop.
Workshops are typically more intimate affairs with room for about 30-50 people sitting down, although we have had workshops with 100 people. If you’re not sure what to do in a workshop, imagine that if your main talk is about the theory, try a play-along walkthrough on how to do this in practice.
Every year we’ve run a formal CFP process, we’ve treated people who submit workshops far more favourably than people who submit talks alone. Even if your workshop is unrelated to your talk, both are likely to be up-voted considerably.
I cannot stress this enough. If you want to maximise your chances of speaking at 44CON, submit a workshop.
This only works if you submit your workshop separately to your talk. People submitting a talk and workshop in one don’t get the voting benefit separate talk and workshop submissions do. Finally, if you’re only prepared to come if your talk is accepted, please say so on both submissions.
Tell us where else your talk has been submitted
44CON is usually among the first events in the calendar after BlackHat and DefCon. Everyone wants to speak in Vegas, we understand that. Some people score BlackHat and DefCon talks slightly lower in order to give preference to newer talks, some don’t. It’s down to the panel. If you don’t tell us you’re talking at BlackHat or Defcon, and we find out by checking the site, panel members will remember next year and it may affect future submissions.
If you’re doing your reveal in Vegas, focus on your process at 44CON.
Not everyone in the UK can go to BlackHat or Defcon, so there’s not a massive deal in your talk being done in the UK afterwards. We do need to know what will be different. It takes a lot of effort to deliver a big Vegas talk, and making something different may seem like an awful lot of effort, but there’s an easy workaround that normally gets big bounces.
If you’re doing your reveal in Vegas, focus on your process at 44CON. If you spent 6 months trying to reverse engineer and compile code for an arcane architecture, we want to know how you went about it. We also appreciate failures as much as successes. Some of our better talks have been talks about how people have failed and what they learned.
If your talk is 70% different to your Vegas talk, say so. If it’s 50%, say so. If it’s 30%, say so. If you say so, and it’s not, then reviewers will know next year.
Show us your other talks
A picture speaks a thousand words, but a video of your talk lets the panel look at the type of speaker you are, how you approach your talks, and gives us an idea of where we think you might fit in best.
Showing us your other talks helps us fit you in.
This is an especially powerful tool for speakers coming from countries where English is a second language. All of our talks are delivered in English. We have some great speakers from across Europe, India and even China, and we want to keep the focus on the content, not on the way it’s conveyed.
It can be pretty scary delivering a talk in a second or third language, and it’s useful to see you speak, both to reassure voters when you’re delivering a talk, and to determine what help we might be able to offer if your research is brilliant, but you struggle with the language.
Even if you’re a native English speaker, throwing us a link to earlier talks lets us work out where and when we can put you. We often put more energetic speakers on in the afternoon for example.
Submit your talks early in the process
Most of the panel vote in several stages. Almost everyone votes for the first submissions coming in, and slowly dribble off after a while. At several points while the CFP is open, more people will vote, but because there are fewer talks to vote on, we’ve noticed that early talks score higher on average than those submitted later.
The more votes you get, the better the chance of bringing your voting average up and the better the chance of your talk being accepted. Submitting early gets you more (and often higher) voting scores.
Remember It’s A Two-Way Street
We completely understand how much of an effort you put in to come to speak at 44CON. Many of the crew talk at conferences themselves, and understand that you’re giving your time for free to go and speak at an event. That’s why we try to make the talk as cost neutral as possible for you to come and present. When people interact more with the event, and try to get involved, they’re generally more likely to have more positive responses.
There are certain speakers who come back to 44CON regularly such as Jerry Gamblin, Saumil Shah and Joe Fitzpatrick amongst others, all of whom make really strong efforts to interact with the crew and those attending. If, in your submission, you come across like you’re treating 44CON as just another con to shop the same talk around and disappear, you’re probably going to score lower than someone who comes across as though they really want to be there.
Coping with rejection
Our scoring method is not without its faults. No scoring system is perfect, and we’ve had to break bad news to big names as well as people with talks some of us thought were brilliant fits for the event.
If your talk was rejected, it’s not an indictment of you or your talk.
To help you deal with the sting of rejection, remember this:
Your talk not being accepted at 44CON does not mean we thought it was bad.
You absolutely have the right to ask for feedback. It might take a while depending on when you ask, but Steve will personally write back to you with as much detail as he can provide.
We’re all here to learn. If you think that we’ve made a mistake, or have ideas on how we can improve (beyond “accepting my awesome talk next time, dumbasses”), then we want to know.
Most importantly, your talk not being accepted does not mean we don’t want you to come and enjoy 44CON. We absolutely do want you to come, and will happily offer you a discount on a ticket as a thank you for submitting.
We want everyone to have a good time at 44CON. If you have any special needs or requests, from assistance with disabilities to being able to bring your kid(s) along just let us know. Unless it’s something we absolutely cannot accommodate, it will have no bearing on your submission’s consideration.
Warning: Unlike most software, hardware can permanently damage machines. While every effort has been made to ensure that the 44CON badge will not kill your computer, remember that you built it yourself. Consider using a USB Hub when connecting the HIDIOT. Electrical faults are more likely to kill the hub than your computer. 44CON and Sense/Net Ltd accept no responsibility, both in general and specifically to the use and abuse of your HIDIOT and any damage caused therein.
Thanks to Akos Rajtmar for the HIDIOT assembly video above
If you came to 44CON 2016, then congratulations, you are one of about 500 people who have a HIDIOT 0.7 board.
If you took part in the badge soldering workshop, then congratulations, you are one of <150 people who have a fully functioning HIDIOT 0.7 board.
Over the next few weeks we’re going to announce the 44CON talks and workshops. Don’t forget to get your tickets!
Our next announcement is Jacob Torrey – Bootstrapping an Architectural Research Platform
This talk aims to provide the fundamental architectural knowledge and resources for a security research interested in misuse of the x86 platform to conduct their own research with less “boiler-plate”. Covering the privileges and architectural events that different CPU rings can monitor, a few basic research hypervisors, and new technologies coming into the mainstream; this talk will aid researchers to rapidly focus on the research questions and not the setup.
Jacob Torrey is an Advising Research Engineer at Assured Information Security, Inc. where he leads the Computer Architectures group and acts as the site lead for the Colorado branch. Jacob has worked extensively with low-level x86 and MCU architectures, having written a BIOS, OS, hypervisor and SMM handler. His major interest is how to (mis)use an existing architecture to implement a capability currently beyond the limitations of the architecture. In addition to his research, Jacob volunteers his time organizing conferences in Denver (RMISC & BSidesDenver) and regular meet-ups across the front range.
Over the next few weeks we’re going to announce the 44CON talks and workshops. Don’t forget to get your tickets!
Our third announcement is Saumil Shah’s workshop: ARM Shellcode Basics
This is a 2 hour workshop on writing ARMShellcode from scratch. I will cover some simple ARM assembly, and then we will work on two shellcode examples. A simple execve() shell and a fully working Reverse Shell. We will then test this with two ARM exploits. Attendees are required to bring in their laptops with a working copy of VMWare (Player/Workstation/Fusion). ARM images running on QEMU will be distributed to the participants.
Saumil Shah is the founder and CEO of Net-Square, providing cutting edge information security services to clients worldwide. Saumil is an internationally recognized conference speaker and instructor for over 15 years. He is also the co-developer of the wildly successful “Exploit Laboratory” courses and has authored two books titled “Web Hacking: Attacks and Defense” and “The Anti-Virus Book”.
Saumil holds an M.S. in Computer Science from Purdue University, USA and a B.E. in Computer Engineering from Gujarat University. He spends his leisure time playing Pacman, flying kites, travelling around the world and taking pictures.
Over the next few weeks we’re going to announce the 44CON talks and workshops. Don’t forget to get your tickets!
Our first announcement is for Robert Schifreen’s upcoming keynote – Three Decades In Security. What’s Changed, And What Hasn’t.
Cybercrime has changed greatly in the last 30 years. People still hack, but for many different reasons. The rewards available to hackers are much greater, as are the risks. But many of the techniques that hackers employ, both technical and psychological, have not changed at all. Victims still fall for the social engineering tricks and the fake emails. They still write down passwords. Compilers still fail to protect programmers from buffer overruns. Programmers still fail to protect themselves from being vulnerable to database injection attacks.
Have we learned anything in 32 years? If so, how much, and is it enough?
In case you were wondering, yes this is that Robert Schifreen. 30 years after the trial that paved the way for the Computer Misuse Act, he has a lot to tell us, and we’re really looking forward to hearing about it.
Robert Schifreen is the founder of SecuritySmart.co.uk, which provides measurable IT security awareness training. He first became known in the security industry in 1985 when he was the first person in the world to be arrested and tried by a jury in connection with computer hacking. His ultimate acquittal in 1987 on all charges, by the House of Lords (the most supreme court at the time), led to the introduction of the Computer Misuse Act 1990.
Most British people never really got to use dial-in BBSes back in the day due to BT’s monopoly and pricing, although Prestel and Micronet had some popularity. There was one information system that every British person had access to, which was Teletext. On the BBC, we had Ceefax. So we built our BBS around a Ceefax theme, although you might spot the odd reference to Teletext classics such as Bamboozle and even Digitiser. And yes, all of this is accessible in a web browser.
