Excited for a workshop? Please do the following:

  1. Make sure you’re registered for the conference
  2. Register for the workshop ahead of time
  3. Cancel if your plans change so others can get the ticket
  4. If you don’t get a ticket, there will be a few spare seats for walk-ins and more if there are no-shows.
  5. Save room for others - please don’t register for more than 2 different workshops so everyone gets a chance

Announced Workshops:


Threat Hunting Permit

Ken Westin (@kwestin)

Your automated defenses will fail. Attackers will gain access to your network by exploiting software, or even your people. In order to deal with this reality organizations need to assume they have been breached and work backwards from there. But, how can you find adversaries in your infrastructure? Threat hunting is the practice of proactively seeking out evil in your network, finding needles in haystacks that link to other needles and unveiling how an organization was compromised and possibly even answering the “why?”. In this hands-on threat hunting workshop participants will go on a guided threat hunting expedition, pivoting across various data sources (threat intelligence, DNS, endpoint, web logs, email) to reveal a campaign targeting an organization. Participants will walk away with a basic understanding of threat hunting and the tools needed to develop a hunting practice in their own organization.


Ken Westin is currently Senior Security Specialist with Splunk where he helps customers improve their security posture using advanced analytics and machine learning. Prior to Splunk he worked in the Office of the CTO at Tripwire where he focused on applying endpoint and vulnerability management technology to help customers defend against increasingly sophisticated threats. He developed a technology company (GadgetTrak) to provide corporate clients the capability to track highly sensitive mobile devices to ensure they were not falling into the wrong hands. His passion has been the development of tools and techniques to aid law enforcement in tracking down criminals and has put bad people in jail using data.



Learning Symbolic Execution using an Angr-y CTF

Wu-chang Feng

Symbolic execution is a powerful tool for finding and exploiting vulnerabilities in binaries. In this workshop, we will introduce the concepts of symbolic execution and how it can be used in angr, a binary analysis framework. Throughout this workshop, attendees will use a scaffolded set of CTF levels at (https://malware.oregonctf.org) to develop programs that will automatically analyze binaries.

To participate in this workshop, attendees are encouraged to arrive with a working version of the latest angr release. Instructions for installing angr are here: (https://thefengs.com/wuchang/courses/cs492/angr_install.txt)


Wu-chang Feng is a professor of Computer Science at Portland State University in order to provide cover for his CTF habit. He’s also into kettlebells and meditation.



Applied Physical Attacks on Embedded Systems, Introductory Version

Joe Fitzpatrick (@securelyfitz)

This workshop introduces several different relatively accessible interfaces on embedded systems. Attendees will get hands-on experience with UART, SPI, and JTAG interfaces on a MIPS-based wifi router. After a brief architectural overview of each interface, hands-on labs will guide through the process understanding, observing, interacting with, and exploiting the interface to potentially access a root shell on the target.


Joe (@securelyfitz) is an Instructor and Researcher at SecuringHardware.com. Joe has spent over a decade working on low-level silicon debug, security validation, and penetration testing of CPUS, SOCs, and microcontrollers. He has spend the past 5 years developing and leading hardware security related training, instructing hundreds of security researchers, pen testers, hardware validators worldwide. When not teaching Applied Physical Attacks on x86 Systems, Joe is busy developing new course content or working on contributions to the NSA Playset and other misdirected hardware projects, which he regularly presents at all sorts of fun conferences.



Blacklisting Bad Guys With IPTables

Gary Smith

Anyone that has run a server on the Internet for any length of time quickly learns that the Internet is full of spammers, bots, and other characters you would prefer didn’t exist. One way to keep them at bay is to use blacklists with IPTables. In this talk we’ll look at several sources of blacklists and how to efficiently incorporate blacklists into Linux IPTables to effectively mass block IP addresses and protect systems.


Gary started out his professional career as a chemist/materials engineer. His start down the path to the Dark Side of Computing began when he wrote a program to design an optimal extruder screw rather than face thousands of calculations with a slide rule (yes, a slide rule.) Since then, he’s done a lot of different things in computing: microprocessor cross assemblers and simulators, disk device drivers, communication device drivers, TCP/IP hacking and multi-threaded printer spoolers. Always a glutton for punishment, he wrote his own sendmail.cf from scratch. Around 1993, Gary started doing computer security when the semiconductor company he was working for was forced to get on the Internet to send/receive Integrated Circuit designs faster and a firewall/Internet gateway was needed. Since then, Gary’s been involved in firewalls, intrusion detection and analysis, vulnerability assessments, system and application hardening, and anti-spam filters. Gary really does computer security to support his bicycling habit. He has more bikes than most other people have computers. And they’re a lot more expensive. Gary says “Bikes are like computers: both can crash, sometimes with disastrous results to the user.



Browser Fuzzing Tradecraft


All the cool kids are fuzzing these days. With efficient and simple to use fuzzers like AFL and a sound corpus just a Bing search away, why not get in the game? You’ll keep your apartment heated and you might even cash in on that sweet sweet WinRar bug bounty! But what if your sights are set a bit higher; you dream of a luxurious Master of Pwns cigar jacket or some of that NSA 0day money? This workshop will not be handing out free 0day, but will show you how to get started fuzzing browsers and the pitfalls to avoid. Students should come prepared with a laptop (at least an i5 processor recommended) and VMware player or equivalent.


Chris leads a product security team at HP, Inc.