Hackers of CypherCon - Episode Guide

In a time when tinkering with technology was a guarantee for ridicule and torment, a small group of curious explorers were connecting to computer systems, traversing the telephone network, and occasionally causing mischief. Joe shares unheard stories of his early days as a hacker, phone phreak, and troublemaker, following a rebellious path towards the eventual redirection of his passion for good.

A self-taught hacker, modder and maker Benjamin Heckendorn - better known as Ben Heck is host of element14's The Ben Heck Show, a weekly web series in which Ben tackles fun and interesting projects across a wide range of topics. In this exclusive CypherCon 3.0 key note presentation, Ben discusses his beginnings, where he is today and how you can help hack a better tomorrow.

Exploring the forensic methodology and tasks using free open source software. We won't be focusing on what tools are available, the focus of the presentation is explaining the methodology and where these tools fit in to the process to get the job done.

This talk will be about hacking/phreaking in the late 1980's, early 1990's, and what the scene was like back then compared to today. What was considered cutting edge back then has either changed or disappeared entirely. The general attitude around hacking, and hacking 'groups' has matured and evolved over the years. Some of the origins of how we got to where we are today is covered.

Brice Williams will look at some common cryptography usage errors and why popular libraries often fall short. He will also discuss nuances such as backwards compatibility, FIPS 140-2 validation, and weak standards such as JOSE/JWT that contribute to the overall confusion. Advice is also provided to ensure more secure cryptographic implementations are used.

Anita will present some ideas about how three communities with different incentives, yet the same goals, can work together to shorten the time to discovery and overcome many of the obstacles that impeded progress in the sciences centuries earlier.

In this talk, we'll be exploring how wireless communication works. We'll capture digital data live (with Software-Defined Radio [SDR]), and see how the actual bits are transmitted. From here, we'll see how to view, listen to, manipulate, and replay wireless signals. We'll also look at interrupting wireless communication, and finally, we'll even generate new radio waves from scratch.

Security Orchestration, Automation and Response (SOAR) enables defenders to operate at attacker speed by codifying detection and response expertise into automation playbooks. We will examine the core components of SOAR, skills required to design and implement it, common use cases in detection and response, and potential opportunities for security control testing in a defense-in-depth environment.

David has found some pretty stupid security mistakes. Blatantly overlooked controls, or flat out lazy system admins. David will show real-world examples of misuse & abuse, and improper data handling of passwords inside application code. We must remember a breech in one security system, can lead to a breach on another system because of the implicit trust relationships we build to get the job done.

Learn how mushrooms are medicinal and doing some amazing things like fighting cancer, boosting immunity, improving cognition, etc. In this presentation learn which compounds mushrooms produce that are medicinal and how you can easily grow them at home. We'll review the latest research from clinical trials and unveil the low cost, high yield techniques gleaned from anonymous mushroom cultivators.

"Read between the lines" usually refers to one's ability to infer hidden meaning from text. This talk will look at the tools and efforts needed for "Text Mining". Using data mining techniques to infer meaning, misconceptions, or hidden agendas from common documents. Learn a general understanding of the process along with a list of tools & services to start text mining right away.

Espionage is the practice of secretly gathering information about a foreign government or a competing industry, with the objective of placing one's own government or corporation at a strategic or financial advantage. Presenting case examples of military and industrial espionage, Judy illustrates how tricks of the spy trade are parleyed against ordinary individuals every day.

United States military veteran Ken Grigas talks about his time in service during the "Cold War" between the Unites States and U.S.S.R.

The past decade has made it clear that threats of cyber attacks on Industrial Control Systems (ICS) is real, and poses a fundamental risk to our way of life. The demand of ICS security professionals far exceeds the supply. Mark and Lesley of Dragos Inc. will provide an overview of some great ways to learn about the operational and technical aspects of ICS networks without breaking the bank.

The human body is terrifyingly vulnerable. With the rise of novel gene-editing techniques and our increasing knowledge of genomics, we are forced to confront the idea of a microscopic enemy. This talk will explore the not-so-theoretical aftermath of an unchecked pandemic of unknown origin, the monsters we created in our own medical hubris, and the ever-present threat of bio-terrorism.

Sequestered, cordoned off, separated, even out of touch. These words have been used by plenty of non-infosec folks. From Dev teams to Admins, Sales people and more, we get looked at as these mystical people who say nO! The people who are stopping others from doing their job. Maybe it is time for our team to take a different approach...

New developments in Hashcat have brought some new WiFi attack techniques to light. We've taken concepts from classic WiFi attacks, added a little special sauce, and created a whole new attack vector for WiFi devices everywhere. All it takes is a friendly introduction and a little cracking time to gain access to protected networks. Come get some code and that uneasy feeling of being vulnerable.

Steganography is the practice of hiding a message "in plain sight" inside an image, video, sound, text, or file. The practice goes back centuries, and in recent years has seen a rise in use for digital watermarking. It can be used for communication, leak prevention, or copyright protection. We'll look at techniques, analysis, and detection through the lens of digital watermarking.

In 2016, 791,820,040 data records were breached in the United States, which averages two breaches per American. France, Canada and Taiwan also encountered breaches above or near their population levels - or double it. This begs the question: are we doing and spending enough for security? This study of ethical risk considers how to calculate risk and engineer solutions for this new environment.

Tim Medin discuss the dumbest red team tricks and hacks encountered over the years. We are going to take the A out of APT, because so few attackers really need to use advanced techniques. We'll also discuss the simple defenses that make an attacker's life much more difficult.

Even when the right crypto primitives are chosen, subtle programming mistakes can lead to issues with the efficacy of the encryption. This presentation is aimed at helping developers avoid common cryptography pitfalls when encrypting sensitive data by giving guidance on what algorithms to choose and identifying common implementation issues observed in real-world applications.

Kinesthetic style, or tactile learning, means that some learn best by physically doing to fully learn and memorize a topic. Capture the flag competitions can be a way to understand security concepts with reading, understanding, applying and watching it in action. Creating a full multi-sensory learning experience to retain those concepts in memory for later.

When the terms Darknet or Dark Web are invoked, it is almost always in reference to the Tor network, but what about the other extant Darknet frameworks? In this talk Benjamin will expand the field of view to include frameworks such as Freenet, I2P, and OpenBazaar. He'll take a quick look at the origins and technical underpinnings of these Darknets as well as their actors and offerings.

Digital forensics expert Cindy Murphy, M.Sc. will use this session to unpack the myths of digital forensics she uncovered since her career pivot from law enforcement to private digital forensics work. She will discuss how to navigate common myths and most importantly, how to keep moving forward in an ever-changing industry.

In this very informative panel, Joe Cicero examines phishing bait for enterprise protection. Subjects covered are: the red flag concept, identifying phishing email basics, examining headers, examining attachments and links. Additional topics covered are: the differences between a legit email, spam, marketing and phishing.

Brad talk's about phone phreaking back in the late 1980's, until the mid 1990's. He will cover what phreaking was, why it worked, and why it was done. Devices used, the theory behind them, and some entertaining stories about those devices are covered. He will cover the slew of 'secret' numbers that existed in the phone system and discuss the decline in phreaking with the newer versions of ESS.

The shift to the cloud is making it more difficult for security teams to control what happens in their organizations and secure systems. The solution is more security tools, more security people, and ever-inventive ways to reign in your environment. We'll talk about how engineering automation to create a culture of empowerment, self-reliance and trust can result in better security outcomes.

Bug Bounties and Vulnerability Disclosure Program (VDP) are one of the fastest growing, most popular ways for companies to engage with the security research community and uncover unknown security vulnerabilities. This talk will explore how the law interacts with bug bounties, VDP, anti-hacking laws, bounty legalese myths, and contract standardization efforts widely adopted across the industry.

This talk will cover the basics of using the user-api to automate functions in Hashtopolis. Connecting to an HTP instance, creating hashlists, creating attacks, recovering plaintext, user creation and more will be covered.

Amazing new A.I. based services from Amazon, Google, and Microsoft let organizations rely on automated technology to crawl through their cloud-based data to identify sensitive info, security weaknesses, and hacking attempts. In this talk, Ed will analyze security implications, ethical, business, and privacy issues they raise as cloud-based A.I. intertwines itself in our lives deeper every day.

There are 2 camps of attackers: low skilled opportunists (script kiddies) and APT - Advanced Persistent Threats (funded organized crime, nation states). In between lurks a skilled persistent threat, capable of doing even more damage. These adversaries require human responders to identify, track, & oppose. Understand the constraints of the persistent threat, and you can learn to counter them.

Wireless pentesting typically requires physical proximity to a target which requires time, limited resources, and constant traveling. Eric & Matt have pioneered an inexpensive device to covertly perform wireless pentests anywhere on earth. In this talk, they'll discuss why they built it, how it works, and why they think it will revolutionize wireless pentesting.

The university security club had its ups and downs between boring meetings and inaccessibility to newcomers. It improved with a tighter meeting format, approachable 24-7 internal CTF, and internal documentation. There was better attendance, more people staying after meetings, and freshmen successfully completing projects with upperclassman mentorship. Interested? Learn more by watching this video.

Werewolves attack, we have silver bullets. Vampires attack, we have holy water. Criminal hackers attack, we have encryption. The villains come and the heroes fight back. But too often, encryption is like water without the holy or bullets without the silver. The configuration is wrong or the code is incomplete. This talk will cover how and where to architect for encryption to get real protection.