Getting Started With Your HIDIOT Badge

Warning: Unlike most software, hardware can permanently damage machines. While every effort has been made to ensure that the 44CON badge will not kill your computer, remember that you built it yourself. Consider using a USB Hub when connecting the HIDIOT. Electrical faults are more likely to kill the hub than your computer. 44CON and Sense/Net Ltd accept no responsibility, both in general and specifically to the use and abuse of your HIDIOT and any damage caused therein.

Thanks to Akos Rajtmar for the HIDIOT assembly video above

If you came to 44CON 2016, then congratulations, you are one of about 500 people who have a HIDIOT 0.7 board.

If you took part in the badge soldering workshop, then congratulations, you are one of <150 people who have a fully functioning HIDIOT 0.7 board.

But what is a HIDIOT 0.7? And how do you make it do something other than blink? Continue reading “Getting Started With Your HIDIOT Badge”

Jacob Torrey: Bootstrapping an Architectural Research Platform

Over the next few weeks we’re going to announce the 44CON talks and workshops. Don’t forget to get your tickets!

Our next announcement is Jacob Torrey – Bootstrapping an Architectural Research Platform

This talk aims to provide the fundamental architectural knowledge and resources for a security research interested in misuse of the x86 platform to conduct their own research with less “boiler-plate”. Covering the privileges and architectural events that different CPU rings can monitor, a few basic research hypervisors, and new technologies coming into the mainstream; this talk will aid researchers to rapidly focus on the research questions and not the setup.

Jacob Torrey is an Advising Research Engineer at Assured Information Security, Inc. where he leads the Computer Architectures group and acts as the site lead for the Colorado branch. Jacob has worked extensively with low-level x86 and MCU architectures, having written a BIOS, OS, hypervisor and SMM handler. His major interest is how to (mis)use an existing architecture to implement a capability currently beyond the limitations of the architecture. In addition to his research, Jacob volunteers his time organizing conferences in Denver (RMISC & BSidesDenver) and regular meet-ups across the front range.

You can follow Jacob on Twitter @JacobTorrey

Details of all of our talks, workshops and speakers are being announced daily. Don’t forget to book your tickets before they’re sold out!

Saumil Shah: ARM Shellcode Basics

Over the next few weeks we’re going to announce the 44CON talks and workshops. Don’t forget to get your tickets!

Our third announcement is Saumil Shah’s workshop: ARM Shellcode Basics

This is a 2 hour workshop on writing ARM Shellcode from scratch. I will cover some simple ARM assembly, and then we will work on two shellcode examples. A simple execve() shell and a fully working Reverse Shell. We will then test this with two ARM exploits. Attendees are required to bring in their laptops with a working copy of VMWare (Player/Workstation/Fusion). ARM images running on QEMU will be distributed to the participants.

Saumil Shah is the founder and CEO of Net-Square, providing cutting edge information security services to clients worldwide. Saumil is an internationally recognized conference speaker and instructor for over 15 years. He is also the co-developer of the wildly successful “Exploit Laboratory” courses and has authored two books titled “Web Hacking: Attacks and Defense” and “The Anti-Virus Book”.

Saumil holds an M.S. in Computer Science from Purdue University, USA and a B.E. in Computer Engineering from Gujarat University. He spends his leisure time playing Pacman, flying kites, travelling around the world and taking pictures.

You can follow him on twitter @therealsaumil

Details of all of our talks, workshops and speakers are being announced daily. Don’t forget to book your tickets before they’re sold out!

Keynote Talk: Robert Schifreen – Three Decades In Security. What’s Changed, And What Hasn’t.

Over the next few weeks we’re going to announce the 44CON talks and workshops. Don’t forget to get your tickets!

Our first announcement is for Robert Schifreen’s upcoming keynote – Three Decades In Security. What’s Changed, And What Hasn’t.

Cybercrime has changed greatly in the last 30 years.  People still hack, but for many different reasons.  The rewards available to hackers are much greater, as are the risks.  But many of the techniques that hackers employ, both technical and psychological, have not changed at all.  Victims still fall for the social engineering tricks and the fake emails.  They still write down passwords.  Compilers still fail to protect programmers from buffer overruns. Programmers still fail to protect themselves from being vulnerable to database injection attacks.

Have we learned anything in 32 years?  If so, how much, and is it enough?

In case you were wondering, yes this is that Robert Schifreen. 30 years after the trial that paved the way for the Computer Misuse Act, he has a lot to tell us, and we’re really looking forward to hearing about it.

Robert Schifreen is the founder of SecuritySmart.co.uk, which provides measurable IT security awareness training. He first became known in the security industry in 1985 when he was the first person in the world to be arrested and tried by a jury in connection with computer hacking. His ultimate acquittal in 1987 on all charges, by the House of Lords (the most supreme court at the time), led to the introduction of the Computer Misuse Act 1990.

Details of all of our talks, workshops and speakers are being announced daily. Don’t forget to book your tickets before they’re sold out!