2016 Speakers

Keynote: Senator Ron Wyden

Sen. Ron Wyden is the senior senator for Oregon. He is the ranking member of the Senate Finance Committee and a senior member of the Senate Select Committee on Intelligence.

Wyden has spent his career pushing for smarter federal policy on technology, co-authoring pioneering tech laws, and standing up for Americans’ privacy in the face of government overreach. He holds a town hall in every county in Oregon every year and fights for policies that promote living wage jobs, provide economic security for Oregonians and protect America’s most vulnerable.

In 1998, Wyden authored the Internet Tax Freedom Act which prohibited multiple and discriminatory taxes on digital goods and services. He succeeded in making the law permanent this year. Wyden co-authored Section 230 of the Communications Decency Act, which provided the legal foundation for today’s social media, and led the fight against the PROTECT IP Act (PIPA) and its predecessor, the Combating Online Infringement and Counterfeit Act (COICA), put a spotlight on the problematic legislation being fast tracked through Congress and served as a rallying point for the historic Internet protests that ultimately toppled the bills.

Wyden has led the congressional fight against unnecessary and invasive government surveillance programs. He spent years warning of a secret interpretation of the Patriot Act, which was eventually revealed to be the mass surveillance of Americans and succeeded in passing major reforms of NSA surveillance in 2015.

The Keynote will be at 11:30 on Friday, October 14. Be sure to register if you’d like to attend, and check out the full schedule of events.

Announced Speakers:

We’re doing it a bit differently this year:
There’ll be one speaking track and one workshop at a time. All the talks will be 20 minutes each, grouped in ‘tracks’ of 3 talks followed by a round table discussion with all 3 speakers and a moderator.

Check out the ‘schedule’ tab to see where each of these talks fit in!


Using LangSec in Penetration Testing, Falcon Darkstar Momot
Falcon is a Leviathan Security Group security consultant, a M. Sc. student at Athabasca University, a Neg9 CTF team member, and a Shadytel tactical lineman. His prior work includes the Lotan crash analysis tool (formerly a DARPA-funded effort to find evidence of exploitation), and many private penetration tests.



Mad Data Science: Threat Hunting with Machine Learning, Ken Westin

Looking to learn how to apply fuzzy linear Bayesian regression entropy clustering to your security analyst toolbox? Then this talk is not for you. The goal of this presentation is to demystify and de-bullshit the world of data science for us mere security mortals. I will explain key concepts behind buzzwords such as machine learning, k-means, Bayesian Probability, Lambda Architecture and how they apply to real world security use cases. The presentation will cover how analysts can get started using data science concepts without a PhD and using data they are already collecting in their environment to gain insight into previously unseen threats.

Ken is a security professional with 16 years experience building and breaking things through the use/misuse of technology. His technology exploits and endeavors have been featured in Forbes, Good Morning America, Dateline, New York Times, The Economist and others. He has presented at DEF CON, RSA, Black Hat and BSides around the country and other conferences. In the past he developed forensic and data mining tools to aid in the unveiling of various crimes including organized crime rings, tracking stolen property and others.



Sending the Elevator Back Down: Getting Youth Interested in Security, Travis Smith

This session will share the lessons learned across multiple high school intern programs designed to get kids interested in information security. There were both failures and successes, including our most recent partnership with First Robotics, a nationwide organization that teaches kids about science and technology. Attendees will learn how to make security research fun while teaching high school students about the importance of security using concepts and devices they are familiar with.

Security researchers are well aware of responsible research and disclosure; our challenge was to teach students these concepts in a way that was interesting and engaging. After a few false starts, we decided to have our interns build – and then hack – a robot. We chose to use off-the-shelf parts to build an Internet-connected robot, which shares many characteristics with the millions of Internet of Things (IoT) and Industrial Control System (ICS) devices connected to the Internet. After exposing the robots’ controls, our plan was to show students how to take control of the robot using tactics and techniques leveraged by cybercriminals every day.

We discussed the convenience of being able to control it over the Internet by comparing it with Internet-connected IoT and ICS devices. Once the robot’s controls were exposed, the students attacked the robot and were able to take complete control of it. Our students learned a lot about the risks associated with the Internet-connected devices they use everyday, as well as what it takes from a software engineering perspective to reduce the attack surface of your device.

We need to get bright kids interested in information security. This session will share how attendees can put together their own summer intern program. Through this initiative, we can teach more kids about how security affects their everyday lives and get them interested in information security as a career path.

Travis Smith is a Senior Security Research Engineer at Tripwire. He has over 10 years of experience in security, holds an MBA with a concentration in information security, and multiple certifications including CISSP and GPEN. He has previously spoken at conferences such as RSA, Black Hat, and DefCon Villages. Travis specializes in integrating various technologies and processes, with a passion for digital forensics and security analytics.


Privacy, Security and Crayons - Security Concepts for Kids, Tiberius Hefflin

While questions of digital security and privacy may seem to be out of the realm of children’s interest, the growing trends of mobile gaming and early access to social media have brought these concerns right into their sphere of knowledge. This talk will focus on how to scale these topics to their age group, what the key concerns are (and how to communicate them to children), and how to offer help to children in need of support with these issues.

Tibbs recently graduated from the University of West of Scotland with a degree in computer security. She has relocated to Portland, OR, where she evangelizes for privacy and security while doing security assurance work for Portland General Electric. She is passionate about encouraging small children to take the plunge into STEM and about laughing at cats on the internet.


Secret BFFs: Security and Usability, Morgan Miller

There’s a whole lot of talk about how security and usability are inversely related - meaning when one goes up the other goes down. I’d like to point out that although our respective communities struggle to collaborate, usability and security are inherently directly related - increasing one increases the other. In this talk, I will walk through why truly secure systems must be usable and also why usable systems are also secure.

I started out studying elliptic curve encryption, shifting to hash functions and bilinear pairings in graduate school. After becoming somewhat disillusioned by the fact that nearly no one used these amazing security tools, I began learning about usability. Since leaving graduate school in 2010 with a masters degree, I have been working as a user experience researcher and architect.


Selling the Brooklyn Bridge: Can historic scams, cons and flimflam teach us ways to stop social engineering and educate end-users on cybercrime?, Kevin Haley

It seems absurd that anyone could be fooled into buying the Brooklyn Bridge. But it happened. All sorts of cons and scams and flimflam from the past seem too outrageous to be able to fool anyone today, till you notice that they are still being run today, evolved for the internet.

Is selling the Brooklyn Bridge that much different than selling a car that doesn’t exist on an on-line auction site? People may think that advanced payment scams started with a Nigerian Price, but they actually started in 1588.

This presentation will review some classic cons from the past, and how the authorities tried to stop them. We’ll look at the current internet-based versions of this cons and examine what can be learned from the past. Are we doomed to repeat the past? Will Nigerian Prince, in one form or another always be with us? Or can we learn from the past and shut down these scams? Come to this session and find out.

Kevin Haley is a Director for Security Response at Symantec, where he is responsible for ensuring the security content gathered from Symantec’s Global Intelligence Network is actionable for its customers. He is the technical advisor and main spokesperson for Symantec Internet Security Threat Report. He served as a technical advisor for Anthony E. Zuiker’s digital crime thriller, “Cybergeddon” and appeared in the documentary “Most Dangerous Town”. He also frequently appears as a security expert for media including The Today Show, NBC Nightly News, Good Morning America, MSNBC, USA Today, New York Times, Forbes, Dow Jones and many others. During his sixteen years at Symantec, Haley has also acted as the Group Product Manager for Symantec Endpoint Protection and various mail security products.


Hardening AWS Environments and Automating Incident Response for AWS Compromises, Andrew Krug

Incident Response procedures differ in the cloud versus when performed in traditional, on-premise, environments. The cloud offers the ability to respond to an incident by programmatically collecting evidence and quarantining instances but with this programmatic ability comes the risk of a compromised API key. The risk of a compromised key can be mitigated but proper configuration and monitoring must be in place.

The talk discusses the paradigm of Incident Response in the cloud and introduces tools to automate the collection of forensic evidence of a compromised host. It highlights the need to properly configure an AWS environment and provides a tool to aid the configuration process.

Andrew Krug is a Senior Software Engineer at a large cyber security company. Krug has been Consultant, Network Architect, Systems Administrator, Operations Manager, Technical Trainer, and Software Engineer. Currently Krug works to develop gamified security education through security simulation scenarios.


Margarita Shotgun - Automating Memory Capture, Joel Ferrier
Do you use AWS but don’t have a plan to capture volatile data in the case of an incident? Cloud platforms make infrastructure accessible to the masses but leave much to be desired when responding to incidents.

Joel Ferrier is a Systems Administrator working in Southern Oregon. In his spare time Joel contributes to an open source AWS Incident response toolkit.


Automating Attacks Against Office365, Karl Fosaaen

The move to Office365 has become increasingly popular in the last few years. As a penetration tester, I’m seeing more organizations shuttle their domain credentials up to the cloud for easier management of their Office365 environment. By federating with Microsoft, many organizations are exposing a larger attack surface area to the internet. During this talk, I will show you how to identify domains that are Microsoft managed, help you guess passwords for users on those domains, and show you how to pivot from the cloud environment into a company’s internal network. Since manually completing attacks against these endpoints can be tedious, I’ve created some PowerShell tools to help automate these attacks. We’ll go over how to use these tools from an external penetration test perspective and show how Office365 in the cloud can be a great target for attackers.

Karl is a Managing Consultant with NetSPI who specializes in network and web application penetration testing. With over eight years of consulting experience in the computer security industry, he has worked in a variety of industries and has made his way through many Active Directory domains. Karl also holds a BS in Computer Science from the University of Minnesota. This year, he has spent a fair amount of time digging into the Skype for Business/Lync SDK. Prior to that, Karl helped build out and maintain NetSPI’s GPU cracking boxes. Karl holds a couple of certifications, that is neat. Karl has previously spoken at THOTCON, BSidesMSP, Secure360, and AppSec California. In his spare time, you may see him trying to sell you a t-shirt as a swag goon at DEF CON.


DDoS Defense for a Community of Peers, Jem Berkes

Distributed Denial of Service (DDoS) attacks have grown dramatically in size over the last few years. Modern amplification attacks can easily generate over 500 Gbps of traffic, threatening companies, ISPs and cloud infrastructure. To help defend against these advanced threats, Galois is developing 3DCoP: a peer-to-peer system that uses collaboration between networks to detect and mitigate malicious traffic. 3DCoP analyzes traffic and shares information about suspicious patterns, allowing the community of peers to detect and respond to threats before they overwhelm networks. In this talk, we will provide background on current DDoS attacks, and then describe how 3DCoP can mitigate attacks and create new defense capabilities.

Mr. Berkes has 15 years of experience developing software to defend against Internet-based threats. At Galois, he is the Research Lead for DDoS Defense, and previously worked on experimental operating system defenses and probabilistic programming languages (PPAML). Mr. Berkes received a B.S. in Computer Engineering from the University of Manitoba in 2005 and a M.S. in Electrical Engineering from the University of Waterloo in 2008.


HORSEPILL: a New Kind of Linux Rootkit, Michael Leibowitz

What if we took the underlying technical elements of Linux containers and used them for evil? The result a new kind rootkit, which is even able to infect and persist in systems with UEFI secure boot enabled, thanks to the way almost every Linux system boots. This works without a malicious kernel module and therefore works when kernel module signing is used to prevent loading of unsigned kernel modules. The infected system has a nearly invisible backdoor that can be remote controlled via a covert network channel.

Hope is not lost, however! Come to the talk and see how the risk can be eliminated/mitigated. While this may poke a stick in the eye of the current state of boot security, we can fix it!

Michael Leibowitz (@r00tkillah) has done hard-time in real-time. An old-school computer engineer by education, he spends his days championing product security for a large semiconductor company. Previously, he developed and tested embedded hardware and software, dicked around with strap-on boot roms, mobile apps, office suites, and written some secure software. On nights and weekends he hacks on electronics, writes BSidesPDX CFPs, and contributes to the NSA Playset.


NumChecker: A System Approach for Kernel Rootkit Detection and Identification, Xiaofei (Rex) Guo and Xueyang Wang

Kernel rootkits are stealthy and can have unrestricted access to system resources. In our talk, we will present NumChecker, a new Virtual Machine Monitor (VMM) based framework to detect and identify control-flow modifying kernel rootkits in a guest Virtual Machine (VM). NumChecker detects and identifies malicious modifications to a system call in the guest VM by measuring low-level events that occur during the system call’s execution.

To efficiently measure these events, NumChecker leverages the Hardware Performance Counters (HPCs) in modern processors. HPCs today are able to measure a large number of low-level events that are related to program behavior. We implement NumChecker on Linux with the Kernel-based Virtual Machine. The results on a number of real-world kernel rootkits show that NumChecker is practical and effective.

Xiaofei Guo works as a security researcher at a Fortune 50 company. He is responsible for security assurance of mobile and IoT products. He also does research in analyzing the behaviors of systems. He has previously presented at Blackhat and various academic conferences. He received a PhD from New York University.

Xueyang Wang joined Security Center of Excellence, OR as a security researcher in 2015. His work mainly focuses on security validation of Atom-based SoC products. His has research experiences in secure computing architectures, virtualization and its application to cyber security, hardware support for software security, and hardware security. He received the Ph.D. degree in Electrical Engineering from New York University.


The Tao of Hardware, The Te of Implants, Joe FitzPatrick

Embedded, IOT, and ICS devices tend to be things we can pick up, see, and touch. They’re designed for nontechnical users who think of them as immutable hardware devices. Even software security experts, at some point, consider hardware attacks out of scope. Thankfully, even though a handful of hardware manufacturers are making some basic efforts to harden devices, there’s still plenty of cheap and easy ways to subvert hardware. The leaked ANT catalog validated that these cheap hardware attacks are worthwhile. The projects of the NSA Playset have explored what’s possible in terms of cheap and easy DIY hardware implants, so I’ve continued to apply those same techniques to more embedded devices and industrial control systems. I’ll show off a handful of simple hardware implants that can 1) Blindly escalate privilege using JTAG 2) Patch kernels via direct memory access on an embedded device without JTAG 3) Enable wireless control of the inputs and outputs of an off-the-shelf PLC 4) Hot-plug a malicious expansion module onto another PLC without even taking the system offline and 5) Subvert a system via a malicious display adapter. Some of these are new applications of previously published implants - others are brand new.

I’ll conclude with some potential design decisions that could reduce vulnerability to implants, as well as ways of protecting existing hardware systems from tampering.

Joe FitzPatrick (@securelyfitz) is an Instructor and Researcher at https://SecuringHardware.com. Joe has spent over a decade working on low-level silicon debug, security validation, and penetration testing of CPUS, SOCs, and microcontrollers. He has spend the past 5 years developing and leading hardware security related training, instructing hundreds of security researchers, pen testers, hardware validators worldwide. When not teaching Applied Physical Attacks on x86 Systems, Joe is busy developing new course content or working on contributions to the NSA Playset and other misdirected hardware projects, which he regularly presents at all sorts of fun conferences.


Cryptowarez: a survey of Open and Closed Hardware Crypto Devices, Josh Datko

This talk will provide a broad overview of the cryptographic devices available today. The focus will be on embedded hardware and especially those that are open source hardware or have open source drivers and don’t require a non-disclosure agreement. I’ll be answering that age-old question that everybody asks themselves, ““I want to add hardware crypto to my project but I don’t know where to start!””

I’ll provide an update on my Atmel ATSHA204A open source driver and discuss an ongoing project to port algorithms over to the Digilent Zybo Zynq-7000 board. This talk should be of interest to anybody interested in hardware, cryptography, or likes to listen to talks with corny technical jokes.

Josh Datko is the owner of Cryptotronix, an embedded security consultancy. As a submarine officer, he was sent to Afghanistan to ensure that the Tailiban did not develop a submarine force–mission accomplished! He wrote a book on BeagleBones and crypto hardware which not many people have read and presented a better way to make a hardware implant at DEF CON which hopefully helped the NSA improve their spying.


Why I hate the Raspberry Pi, Travis Paakki

Everybody seems to be building their security experiment on the raspberry pi platform, which is great…as a proof of concept. The raspberry excels at one thing: Being cheap.

I wanted to build a in-line device for packet capture but the pi fails miserably. Even at speeds the port can handle (100mbit), the bus can’t write to disk (SD) fast enough. So, time to go hunting for kick-ass single-board computer(SBC) hardware. What has a gig Ethernet port (or maybe two), decent bus speed, SATA or eMMC, USB 3, and still can run fan-less with minimal power? How many can actually still be kind-of cheap? Surprisingly few actually fit the bill.

I’ll explore where to look after you hit the limits of your pi, and hopefully save you the trouble of buying, experimenting, and debugging like I did, and demo a battery powered SBC doing gig capture.

Travis Paakki is a local CISSP and infosec enthusiast, and recent hardware hacker by necessity. Currently he is pursuing his doctorate in Information Assurance focusing on IoT, RF exfiltration, and rogue devices.


So, you want to build an application security practice?, Ian Melven

Building, growing, and maintaining an application security practice is a fairly challenging endeavour. There are many aspects to a successful application security practice ! These can include winning hearts and minds to create a security culture, navigating technical challenges such as managing a sea of vulnerabilities and findings from tools, and working to obtain true insight into what’s happening in your applications from a security perspective. This talk will cover lessons learned over 15 years of working in application security and in particular will describe the security philosophy resulting from my experiences and those of other fellow travellers. It will also cover how we’ve based our approach at New Relic on a similar overall security philosophy, which has resulted in overwhelmingly positive feedback and significant impact for our Security team.

Ian Melven leads the Product Security team at New Relic. Previously, he has worked in security related roles at Mozilla, Adobe, McAfee and @stake. He supports West Ham United.


A “Divergent”-themed CTF and Urban Race for Introducing Security and Cryptography, Wu-chang Feng

There is a recognized shortage of students who are interested in learning computer and network security. One of the underlying reasons for this is a lack of awareness and motivation to study the subject. In order to tackle this problem, we have developed an introductory cryptography and security curriculum that attempts to inspire students to pursue this career path.

Towards this end, the curriculum designed motivates the importance of the field and contains a variety of activities intended not only to teach students basic concepts, but also allow them to develop technical skills in a fun and engaging manner. In particular, we employ a novel set of capture-the-flag (CTF) exercises and a physical activity based on an urban race, both of which are tied into a fictional story that students act out. The storyline follows a book series that many young adults of this generation are familiar with: the Divergent books written by Veronica Roth. Using this curriculum, multiple teachers throughout Oregon have successfully introduced computer security to students early in their careers.

The talk will include all curricular material for attendees to offer at their local schools as well as a miniature urban race for attendees to try out.

Wu-chang Feng is a Professor in the Department of Computer Science at Portland State University where he works on security education and outreach using CTFs.


101 ways to brick your hardware in 10100 minutes, Joe & Joe

Spend some time hacking hardware and you’ll eventually render a piece of equipment unusable either by accident or intentionally. Between us, we’ve got decades of bricking experience that we’d like to share. We’ll document the most common ways of temporarily or permanently damaging your hardware and ways to recover, if possible. We’ll also talk about tips on how to avoid bricking your projects in the first place. If you’re getting into hardware hacking and worried about messing something up, our stories will hopefully prevent you from experiencing the same horrors we did. If you’re worried about an uprising of intelligent machines, the techniques discussed will help you disable their functionality and keep them down.

Joe FitzPatrick is an Instructor and Researcher at https://SecuringHardware.com. Joe has spent over a decade working on low-level silicon debug, security validation, and hardware penetration testing, and hardware security training. In between training and bricking hardware, Joe is busy developing new course content or working on contributions to the NSA Playset and other misdirected hardware projects.

Joe Grand also known as Kingpin, is a computer engineer, hardware hacker, former DEF CON badge designer, runner, daddy, honorary doctor, TV host, member of L0pht Heavy Industries, and the proprietor of Grand Idea Studio.


Securing the Software Engineering Process, Jeff Costlow

This lessons learned talk is about building secure software. It covers the phases of the Secure Development Lifecycle and will discuss each phase with practical recommendations for implementations.

Design: Threat modeling, common security design mistakes

Construction: Vulnerability tracking, peer review, static code analyzers, compiler warnings, security unit tests

Test: Security testing, fuzz testing, test cases from threat models, external pen testing, internal pen testing, security build verification test

Vulnerability Response: Responding to vulns, tracking upstream vulnerabilities, setting severity policy, using crowdsourcing

Participants will leave armed with some practical recommendations to implement in their own development shop.

Intended Audience: Software engineers of all levels.

As a software security specialist and engineer, Jeff has designed and implemented secure software and has successfully led engineering teams specializing in host and network security. With a deep understanding of a secure development lifecycle and many years of successful program design and execution, Jeff’s work has positively impacted the software engineering market across the areas of design-time threat modeling, peer based software review, security code scanning, and vulnerability response.


Vulnerability Hunting in Access Control Systems, Bobby Kuzma

Join the presenter as he recounts the process of reverse engineering a common access control system to hunt for vulnerabilities both on the hardware itself, the communications protocol, and the client software. He’ll go into the methodology, both hardware and software, the techniques, and the design of the device and its countermeasures, trips to the ER, and the impact of the vulnerabilities discovered. The talk will conclude with a discussion of more effective controls that could be implemented to make a reverse engineer’s job more frustrating.

Bobby Kuzma is a CISSP, security geek,and retired IT consultant. If it processes data, he’s probably tried to make it do bad things. He teaches, mentors, and explores (and occasionally explodes).. things. When not spelunking through the infosec underworld, Bobby is a systems engineer with Core Security Technologies.


Experiments with Optical Covert Channels, Joe Grand

Data exfiltration from a device is usually achieved over the network, through a hardware implant, or by manipulating the characteristics of an internal electronic component. In this presentation, Joe will share his research into, tribulations of, and successes with using LEDs as optical covert channels. He will also release some open source circuitry to help identify data streams transmitted by visible light, yet undetectable to the human eye.

Joe Grand, also known as Kingpin, is a computer engineer, hardware hacker, runner, daddy, honorary doctor, TV host, member of L0pht Heavy Industries, and the proprietor of Grand Idea Studio (grandideastudio.com).


TPM: trojan horse or boat anchor, Vim

The Trusted Platform (TPM) hardware chip has been portrayed as “treacherous” by Richard Stallman, a critical piece of computer infrastructure by the NSA, and praised by it’s inventors the Trusted Computing Group (TCG). But what is it really? Is it evil? Is it useful? Or is it neither–just a boat anchor that consumes electricity and hardware and software development resources to provide an “illusion” of security?

Vim is a software engineer working on cryptographic and security technologies. He has 15 years security experience with 30 years experience working on UNIX systems. He recently moved to Oregon to escape the drought, heat, and fires in California. Vim favors Oxford commas.


Latest evasion techniques in fileless malware, Virginia Robbins

This talk will dive into latest file-less malware, how such types of malware can hide via new evasion techniques, their application in latest attacks then discuss what other possible ways file-less malware of the future could hide to evade detection.

In the past, malware developers have implemented different techniques to circumvent detection of their malicious code. For instance, memory resident malware load their code into the memory of legitimate processes, even operating system files, while rootkit malware cloak themselves in the kernel.

Unlike their predecessors, the main difference in the new types of file-less malware are that they no longer drop small compiled binaries on the compromised system during their malicious activities. They instead proceed with their attack directly from the windows registry in a real, file-less manner by self-destroying any temporary traces of themselves on the file system prior to executing the malicious code. These techniques have made such types of malware better at evading detection. To understand these new techniques further, different file-less malware examples such as Kovyer, Poweliks, XseKit, kovter, corBOT etc., will be examined.

In the modern computing world, achieving average persistency without much effort from a malware perspective has gotten easier as devices remain online for longer periods, likely to go to sleep more often with fewer reboots in between making it possible to keep malicious code running for days. In such context, the fact that file-less malware might need to trade off persistence for stealth is not so much an issue anymore and makes these types of malware most ideal for attacks where implementation of a long-term persistency is not really required for its success. For instance, in ransomware attacks family, file-less malware need to only remain alive long enough to encrypt and remove original files then ask for a ransom. In contrast, attacks where malware would need to remain undetected for months or even years -as in information gathering purpose for example -relying solely on file-less malware evading techniques might not be as effective.

Virginia Robbins is a senior security engineer with interest in malware research and cryptography. She has been working at Intel Security and McAfee for over eleven years developing security solutions for anti-malware, host intrusion and exploit prevention products. Prior to that she worked at Intel and Microsoft on the trusted platform module ( TPM ) and its application on Bitlocker. She also worked on adding elliptic curve cryptography ( ECC) support over TLS for the Cryptographic Next Generation ( CNG) She holds an MS in Computer Science and BS in Computer Engineering. She is also co-founder of TiaraCon to help more women getting in the information security industry.


Blacklisting Badguys With IPTables, Gary Smith

Anyone that has run a server for any length of time quickly learns that the Internet is full of spammers, bots and other characters you would prefer didn’t exist. One way to keep them at bay is to use IP blacklists. In this talk, we’ll look at several sources of blacklists and how to efficiently incorporate blacklists into Linux IPTables to effectively mass block IP addresses and protect systems.

Gary started out his professional career as a chemist/materials engineer. His start down the path to the Dark Side of Computing began when he wrote a program to design an optimal extruder screw rather than face thousands of calculations with a slide rule (yes, a slide rule.) Since then, he’s done a lot of different things in computing: microprocessor cross assemblers and simulators, disk device drivers, communication device drivers, TCP/IP hacking and multi-threaded printer spoolers. Always a glutton for punishment, he wrote his own sendmail.cf from scratch. Around 1993, Gary started doing computer security when the semiconductor company he was working for was forced to get on the Internet to send/receive Integrated Circuit designs faster and a firewall/Internet gateway was needed. Since then, Gary’s been involved in forensic analysis, firewalls, intrusion detection and analysis, vulnerability assessments, system and application hardening, and anti-Spam filters. Gary really does computer security to support his bicycling habit. He has more bikes than most other people have computers. And they’re a lot more expensive. Gary says “Bikes are like computers: both can crash, sometimes with disastrous results to the user.”


Securing the End User - Patching the End User, Isaac Robinson

The easiest way into a secured network is through the weakest link, the end user. In this talk I will share how to conduct phishing awareness training campaigns through mock phishing attacks, which train end users how to spot phishing emails and fake websites. I will cover how to avoid potential legal issues, avoid end user resentment, and the collection of data/metrics to evaluate the effectiveness of the training. I will demo a phishing attack from sending the email, to a fake website, to training, to seeing the metrics. For those interested I will be working with the Phishing Frenzy framework.

This talk is for individuals who want to learn how to conduct phishing attacks to promote end user awareness and training. It will not cover how to actually exploit end user systems.

Isaac Robinson I started my penetration testing career as a contractor for the United States Army where I was tasked with performing penetration test on military instillations and websites. I now work in the private sector doing penetration testing. I performed phishing awareness training for both the Army and within the private sector. When I am not hacking I like to play Call of Duty, shoot in HDR photography, camp, hike, swim and do pretty much anything outdoors.


Firmware Tools for Security Researchers, Lee Fisher

This presentation gives a summary of the currently-available public tools for security researchers and forensic examiners to work with UEFI firmware. The emphasis is mostly UEFI-based system firmware, with a bit on BIOS and PCIe and Thunderbolt. The emphasis is not on coreboot, U-Boot, or the more loose definition of ‘firmware’ meaning ‘all software on the file systems of an embedded device’. This short presentation gives a quick overview of some of the tools that will a security researcher can use to understand UEFI-based malware/attacks. Tools such as UEFITool, CHIPSEC, UEFI Firmware Parser, and about a dozen others will be discussed, a few slides per tool, hopefully with a Linux-based demo or two. No new exploits or new tools, just an overview of existing tools. It is presumed you already know basics of UEFI and OS/app-level malware analysis; it would help to know development skills and the C and Python languages.

Lee Fisher is CTO of PreOS Security Inc., a new Seattle-based startup providing firmware security solutions to enterprises. He blogs at FirmwareSecurity.com, and founder of the ‘Pacific Northwest Firmware Hackers’ (PNWFWH). In a former life, he worked at Microsoft on multiple systems products, including releasing ‘Debugging Tools for Windows’ and the ‘NT IFS Kit’.


Making embedded programming fun with Black Magic, Piotr Esden-Tempski

If you develop firmware for microcontrollers using proprietary tools, you are used to having sophisticated programming and debugging tools. In the hobby and open source world most popular platforms are easy to program for, but if you make a mistake they rarely provide debugging tools beyond an LED and maybe a serial port.

As low cost hobby platforms move from 8 bit microcontrollers to ARM we can start using ARM’s JTAG interface to debug embedded firmware in style. Gareth McMullin from Black Sphere Technologies has developed a robust open source solution called Black Magic Probe. Together with Gareth, we have developed the third generation hardware, Black Magic Probe Mini V2. In this talk, I will introduce Black Magic Probe and how powerful it is together with the GNU Debugger.

In the companion Workshop “Hands-on embedded programming with the lights on and Black Magic” you can experience for yourself how easy it is to debug embedded firmware with the lights on.”

Piotr Esden-Tempski develops Open-Source hardware and software for personal micro UAS as well as tools for Embedded hardware development. Founder and maintainer of libopencm3, Open-BLDC and 1BitSy embedded hardware development platform. Core developer of Paparazzi UAS and Black Magic JTAG probe project contributor. Founder of 1BitSquared.

Today Piotr is running 1 Bit Squared a company providing services and hardware to universities and innovators all around the world. Pushing the boundaries of what is possible with Micro Unmanned Aerial Systems as well as embedded systems development and hardware security.


High Assurance Cryptography Joey Dodds

I will summarize Galois’s recent work on verifying existing crypto code, and automatically synthesizing new high performance crypto code.

Joey Dodds is a researcher at Galois, where he will verify anything that needs verifying, and occasionally some things that don’t. He has some computer science degrees, but you don’t need to know what they are to enjoy his talk.