Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
Hack3rcon is West Virginia’s premier information security conference, bringing together leading information security researchers and practitioners from around the country and around the world. With a focus on methodology and information sharing, Hack3rcon seeks to energize the infosec community and provide an engaging and supportive environment to hone our attendees skill while fostering a sense of community and social responsibility.
View analytic

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Friday, October 19
 

8:00am

Registration - ALL DAY

Registration opens at 8am and closes at 7pm. Hack3rcon party tickets can be found at the event. Look here : http://schedule.hack3rcon.org/event/2df68f59e4bf6a845bea30fd0679b466


Sponsors
avatar for 304geeks *ORGANIZERS*

304geeks *ORGANIZERS*

we do stuff..


Friday October 19, 2012 8:00am - 9:00am
Ballroom 600 Kanawha Boulevard East, Charleston, WV, United States

9:00am

Keynote: Hacking Survival

So, you want to compute post-apocalypse?

Let's assume that the world as we know it has come to and end. How? EMP?
Financial Ruin? Mayans? Depending on how, it actually may make a
difference to us hackers. Once we are at the end of the world, how will
we get access to the 'tubez? Likely we won't, but we can apply the
hacker mentality to bringing it back. However, you'll need to practice,
be prepared and learn now in order to be the new Al Gore. Want to learn
about the technology and hacker perspective to communicate with the
world, when your "world" will end at the end of the block? If yes, this
talk is for you.


Speakers
avatar for Larry Pesce

Larry Pesce

Larry is a Security Evangelist and co-host for the PaulDotCom Security Weekly podcast (www.pauldotcom.com). In the last 15 years in the computer industry he has become a jack of many trades, including, of course, computer security. Larry is also gainfully employed as a Penetration Tester / Ethical Hacker with NWN Corporation's NProtect team (nwnit.com). Larry's interests include geo-location, metadata, recon and long walks on the beach. Larry is... Read More →



Friday October 19, 2012 9:00am - 10:00am
Main Stage 600 Kanawha Boulevard East, Charleston, WV, United States

10:00am

Next Generation Web Reconnaissance

It's no secret, black hats have been using open sources of information to conduct precise targeting for social engineering and network attacks for years. Penetration testers, often confronted with time constraints, overlook this all important step in the attack process, and fail to show the true, complete threat that their customers face. Even when an honest attempt at reconnaissance is made, the ever-changing nature of search engines and web technologies make automating the reconnaissance process painful to accomplish and maintain. In many cases, it just isn't done right, which leads to improper reconnaissance and bad intelligence. I have been working to create several quality tools that leverage the power of search engines, social networks, and cloud CRMs to automate the reconnaissance process and increase the integrity of the intelligence gathered before the attack occurs. I'll be releasing these tools during the talk, and will begin to explore a new reconnaissance concept; conducting physical reconnaissance of a target without ever setting foot on the ground. As a part of this new discussion, I'll also be releasing an updated version of Pushpin, a social networking proximity geolocation tool.


Speakers
avatar for Tim Tomes

Tim Tomes

Managing Consultant, nVisium
Tim is a Managing Consultant at nVisium with extensive experience in Application Security, Software Development, and Vulnerability Research. Tim currently manages open source software projects such as the Recon-ng Framework, writes technical articles at nvisium.com and lanmaster53.com, and frequently instructs and presents at major Information Security conferences such as DerbyCon, ShmooCon, Black Hat and SANS.


Friday October 19, 2012 10:00am - 10:50am
Main Stage 600 Kanawha Boulevard East, Charleston, WV, United States

10:00am

Vendor and Exhibition Hall Opens - Day 1
Vendors, students and attendees can lounge, compete and network in this area. This area is open for most of the conference.

Friday October 19, 2012 10:00am - 8:00pm
Ballroom 600 Kanawha Boulevard East, Charleston, WV, United States

10:00am

Hardware Hacking Village - Day 1

Join JP (Ronin) in the hardware hacking village, and build your own Glitch!

Check this out for details on the Glitch, by Glitch Ops:

http://www.kickstarter.com/projects/1186217328/the-glitch


Speakers
avatar for Ronin

Ronin

JP “.ronin” is a security researcher and consultant. His research interests focus primarily on wireless and portable security. He is the primary developer on Katana USB drive and various other open source projects. He maintains www.hackfromacave.com for publishing projects and research.



Friday October 19, 2012 10:00am - 10:00pm
Hardware Hacking Village

11:00am

Intro to Network Traffic Analysis - Part 1

This packet capture crash course will provide students with the foundations for performing packet capture, traffic analysis, and the implementation of a NMS (Network Monitoring [System|Sensor]). Students of all levels of skill can gain from this workshop. These potential gains include operating system concepts, practical command-line usage and tools, increased knowledge of Linux networking, and TCP/IP stacks. Libpcap packet capture files (pcaps) will be distributed and analyzed by students. We will peruse malicious traffic (exploits, botnets, virii), bad users, loud users etc. Full-content data, session data, and statistical data will be touch upon. Students who wish to follow along should bring a laptop with a Linux distribution. I recommend having the following tools installed: tcpdump, iftop, tcpstat, netsniff-ng (compile it), ntop, tcpdstat, hping, nmap, speedometer, tcpflow, tcpick, snort, httpry, passivedns, ngrep, nfex, foremost, arpwatch, argus, vnstat, sar, mpstat, htop We'll do as many things as we have time for. Or, just bring a VM of Security Onion.


Speakers
JS

Jon Schipp

Touch of Class
For every hour spent with me twelve hedons will be earned.


Friday October 19, 2012 11:00am - 11:50am
Main Stage 600 Kanawha Boulevard East, Charleston, WV, United States

12:00pm

Ration Break

Possible drink and food reception. Details are being worked out.


Friday October 19, 2012 12:00pm - 1:00pm
Main Stage 600 Kanawha Boulevard East, Charleston, WV, United States

1:00pm

Intro to Network Traffic Analysis - Part 2

This packet capture crash course will provide students with the foundations for performing packet capture, traffic analysis, and the implementation of a NMS (Network Monitoring [System|Sensor]). Students of all levels of skill can gain from this workshop. These potential gains include operating system concepts, practical command-line usage and tools, increased knowledge of Linux networking, and TCP/IP stacks. Libpcap packet capture files (pcaps) will be distributed and analyzed by students. We will peruse malicious traffic (exploits, botnets, virii), bad users, loud users etc. Full-content data, session data, and statistical data will be touch upon. Students who wish to follow along should bring a laptop with a Linux distribution. I recommend having the following tools installed: tcpdump, iftop, tcpstat, netsniff-ng (compile it), ntop, tcpdstat, hping, nmap, speedometer, tcpflow, tcpick, snort, httpry, passivedns, ngrep, nfex, foremost, arpwatch, argus, vnstat, sar, mpstat, htop We'll do as many things as we have time for. Or, just bring a VM of Security Onion.


Speakers
JS

Jon Schipp

Touch of Class
For every hour spent with me twelve hedons will be earned.


Friday October 19, 2012 1:00pm - 1:50pm
Main Stage 600 Kanawha Boulevard East, Charleston, WV, United States

2:00pm

Automated Spear-twishing - It was only a matter of time

We've all heard of phishing and spear-phishing. We've even heard of twishing and spear-twishing to a limited extent. After all, Twitter is an excellent target for social engineering due to conditioned users, anonymous connections via pseudonyms, and a lack of content filtering. For example, shortened URLs are typically flagged by detection software in e-mail, but it's almost a necessity in Twitter with the 140 character length restriction. So we have a ripe target base of users clicking on shortened URLs, but let's be honest: developing targeted tweets can be annoying. Plus, to really target users and take advantage of trust relationships, you need to map out who's following who, and that is pretty arduous given existing tools. So, we built Hypertwish, a Twitter visualization and spear-twishing framework that uses small generative grammars and a hyberbolic tree. Yaay math! This tool is also a trial of some of our existing research into computer linguistics and automated content generation, so that when Doomsday arrives, at least Skynet will be able to use social media. You'll never trust people on Twitter again.

 

---------------------------------- Detailed Outline ----------------------------------

I: Targeting

a) Dynamically mapping twitter accounts with the Hyperbolic Browser (part of JavaScript InfoVis Toolkit)

b) Mapping following-follower paths between Twitter accounts and building a useful target list.

c) Creating bogus accounts for testing

i) Twitter locks account automatically because of certain email domains

ii) Microsoft Live works great though for hotmail accounts

iii) Common mistakes in bogus accounts

II: Generating Content

a) @ vs. #

i) @ for targeting specific accounts, ie. spear-twishing

ii) # for potentially getting users who are searching on popular tags, ie. normal twishing

b) Autobuild content:

i) Tool utilizes a small generative grammar to develop tweet contents using a variety of options:

1) Reference previous post and reply, or generate new

2) Parse out # references from previous tweets

3) Pick from various predefined schemes

c) Sending Tweet

i) Different platforms apparently support different default display/notification options

ii) Tie in twidge for sending via multiple accounts

d) Tracking

i) Public posts instantly get checked by various bots and spiders

ii) Bots don't do a deep dive, we can limit tracking to secondary resources like frame contents

 

III: Demo: Hypertwish


Speakers
SP

Sean Palka

Passions: Pentesting. Social-engineering. Rapid prototyping. Aikido. Puzzles. Riddles. Cryptography. Diet Mountain Dew. Anti-social gaming. Recursion. Making my daughter laugh. | | | | | | | | I'm a penetration tester by trade, but my current research at George Mason University focuses on social engineering, phishing and computer linguistics. I swear I have friends that are not being coerced though.


Friday October 19, 2012 2:00pm - 2:50pm
Main Stage 600 Kanawha Boulevard East, Charleston, WV, United States

3:00pm

In case of ZOMBIES break glass

One thing is for certain, surviving the inevitable Zombie Apocalypse will not be easy. Many of you will die, potentially creating a larger army of the undead to attack the rest of us. Not sure what to do when the zombie apocalypse hits? How do you and your loved ones survive an army of the undead with your brains (and sanity) intact? This presentation will cover some VERY real scenarios that may bring about the zombie apocalypse and provide you will invaluable information to make sure you are one of those left to retake the earth.


Speakers
avatar for Chris Payne

Chris Payne

Christopher 'EggDropX' Payne has held numerous positions in the Information Technology and Information Security fields over the last decade. Christopher currently works as an Information Security Architect, Adjunct Professor, Co- founder of GrrCON, President of GR-ISSA, and holds a myriad of industry certifications. Christopher is a regular speaker on Information Security topics and has been featured by multiple | television, radio, internet... Read More →


Friday October 19, 2012 3:00pm - 3:50pm
Main Stage 600 Kanawha Boulevard East, Charleston, WV, United States

4:00pm

Building Dictionaries and Destroying Hashes Using Amazon EC2

Abstract: By aggregating and creating new dictionaries and manipulating them to guess plaintext and hashed passwords in high profile password exposures, we'll demonstrate which dictionary attacks are the most effective. Further research will allow for the building of passphrase dictionaries from commonly accessible sources and their effectiveness will be analyzed. Outline: 1. Overview of recent high profile passwords exposures and analysis of exposed passwords 2. Analysis of available dictionary files 3. Setup of Amazon EC2 for password cracking 4. Analysis of effectiveness of various dictionary files and cracking rulesets 5. Analysis of effectiveness of Amazon EC2 for password cracking 6. Building passphrase dictionaries 7. Analysis of effectiveness of passphrase dictionaries and cracking rulesets 8. Demonstration and release of passphrase dictionaries and tool for building passphrase dictionaries 9. Q&A (though this will be an interactive presentation and there will be audience engagement throughout)


Friday October 19, 2012 4:00pm - 4:50pm
Main Stage 600 Kanawha Boulevard East, Charleston, WV, United States

5:00pm

Ration Break
Possible drink and food reception. Details are being worked out.


Friday October 19, 2012 5:00pm - 6:50pm
Main Stage 600 Kanawha Boulevard East, Charleston, WV, United States

7:00pm

Secrets of Running a Consulting Business
Consulting, either on the side or full time, is a great way to pick up
cash and have a much better time than sitting in your cube leveling up
in El Diablo while avoiding staff meetings.  But how do you get into
it, and how do avoid failure?  Lots of intel is available on
consulting, but most of it is fluff put out by people just looking to
make a buck.  What's the real deal, and are there some key aspects of
it that make or break the opportunity?  In this education session,
Brian Martin goes over what's worked for him and why, what
specifically needs to be done to get the opportunities, how
meaningless your twitter feed is, and the hidden advantages that make
consulting so much more desirable than an office job.  He'll also talk
about the disadvantages, risks, and hazards so you can make the right
decisions about getting into consulting in INFOSEC.



Speakers
avatar for Brian Martin

Brian Martin

Brian Martin works for Digital Trust in Allentown, PA, a small INFOSEC | firm specializing in civil litigation eForensics and preservation, | OSINT, and the occasional penetration test and security assessment. | An avid prepper, Brian has taught dozens of people how to handle | firearms and emphasizes the 6P's in all things.  He thinks bio's are a | waste of time better spent minimizing tax profiles or practicing | locksport. | |


Friday October 19, 2012 7:00pm - 7:50pm
Main Stage 600 Kanawha Boulevard East, Charleston, WV, United States

8:00pm

CTF brought to you by the XRG [START]

Description:
Hack3rcon CTF will be brought to you this year by the XRG, a
relentless group of bloodthirsty savages from outer space. From deep
within their hive they have hatched multiple challenges to include
web, traffic analysis, reversing, and more.  Rigorous fun on all
levels from the newbist larva to the leetist overmind.


CTF Rules:
1. All flag submissions have to be received by 10 am Sunday in order
to be accepted.
2. Do not attack other participants.  Only attack computers which are
hosted at IP addresses we have specifically given you on the CTF
network. If you are in doubt, ask a CTF staff member.
3. Do not launch “denial of service” attacks against the CTF network
or systems. Please promptly report any system outages you notice.
4. Do not delete contest flags from systems
5. Event organizers will not be held responsible for any damages that
occur to your systems as a result of connecting to the CTF network;
remember that this is a hostile network.  Connect to it at your own
risk.
6. Double check the access point or switch you have connected to prior
to engaging in any attacks - ensure you are on the CTF network.
7. Teams are welcome.


Exhibitors
avatar for John deGruyter

John deGruyter

John grew up in Nitro, West Virginia, but is currently living in the Northern Virginia/DC area. Security has been his passion and his hobby for the past 14 years. He recently walked away from his job in IT management to pursue his career as a security researcher. This year he and a small team known as the XRG will be running the CTF here at hack3rcon. Lately, he has been spending his time reading, traveling, writing security tools, and studying... Read More →



Friday October 19, 2012 8:00pm - 8:30pm
Ballroom 600 Kanawha Boulevard East, Charleston, WV, United States

8:00pm

Bash Scripting 101 for Pen Testers
Intro to bash scripting

Speakers
avatar for Lee Baird

Lee Baird

Lee works works as a malware analyst in the DC area.  He has performed enterprise security assessments for Fortune 500 companies.  He holds a bachelor's degree in accounting from Marshall University and is a Offensive Security Certified Professional.



Friday October 19, 2012 8:00pm - 10:00pm
Main Stage 600 Kanawha Boulevard East, Charleston, WV, United States

10:00pm

Special Viewing of REBOOT

Set within a dystopian world that is a collision between technology and humanity, "Reboot" touches upon many of the current social and political concerns that arise from becoming more and more intertwined with the virtual.

In contemporary Los Angeles, a young female hacker (Stat) awakens from unconsciousness to find an iPhone glued to her hand and a mysterious countdown ticking away on the display. Suffering from head trauma, and with little recollection of who she is or what is happening, Stat races against time to figure out what the code means, and what unknown event the pending zero-hour will bring.




Friday October 19, 2012 10:00pm - 11:00pm
Main Stage 600 Kanawha Boulevard East, Charleston, WV, United States

10:00pm

Special Viewing of REBOOT

Set within a dystopian world that is a collision between technology and humanity, "Reboot" touches upon many of the current social and political concerns that arise from becoming more and more intertwined with the virtual.

In contemporary Los Angeles, a young female hacker (Stat) awakens from unconsciousness to find an iPhone glued to her hand and a mysterious countdown ticking away on the display. Suffering from head trauma, and with little recollection of who she is or what is happening, Stat races against time to figure out what the code means, and what unknown event the pending zero-hour will bring.




Friday October 19, 2012 10:00pm - 11:00pm
Ballroom 600 Kanawha Boulevard East, Charleston, WV, United States
 
Saturday, October 20
 

9:00am

Keynote: Finding the MacGyver in You

Overview: this brief presentation will explore a different view into the window of resilience, touching both a personal and professional perspective.  Using the June 29th Derecho storm that impacted 11 states and Washington, DC, the presenter gives an unusual insight into preparedness, planning and response initiatives that can provide insight into enhancing one’s personal skill set.  The attentive ear is afforded the opportunity to expand their personal collaborative web; gaining new knowledge, and if applied properly, can create new wisdom.


Speakers
avatar for William A. Minear

William A. Minear

William A. Minear II CPP PPS CMEC Director – WV Critical Infrastructure Protection Task Force (CIPTF) Deputy Director – JITEC CIP Programs West Virginia Intelligence Fusion Center Charleston, WV 25314   Mr. Minear is a member of the West Virginia National Guard - Military Authority, serving as Deputy Director – Critical Infrastructure Protection Programs for the Joint Interagency Training & Education Center... Read More →



Saturday October 20, 2012 9:00am - 9:50am
Main Stage 600 Kanawha Boulevard East, Charleston, WV, United States

9:00am

Registration Opens - Day2
Saturday October 20, 2012 9:00am - 10:00am
Ballroom 600 Kanawha Boulevard East, Charleston, WV, United States

10:00am

EMP, yeah you know me..

While I'm not an expert, I figured it would be an interesting idea to research and report on considering the theme of the conference. I plan to cover the basics of electronics, what an EMP is (and why some equipment gets fried), ideas for scrounging parts and other information to keep tech functional. I also plan to lightly cover useful tech to learn for a situation where society breaks down.


Speakers
avatar for Adrian Crenshaw

Adrian Crenshaw

Irongeek
Adrian Crenshaw has worked in the IT industry for the last fifteen years. He runs the information security website Irongeek.com, which specializes in videos and articles that illustrate how to use various pen-testing and security tools. He did the cert chase for awhile (MCSE NT 4, CNE, A+, Network+. i-Net+) but stopped once he had to start paying for the tests himself. He's currently working on a Masters in Security Informatics, and is interested... Read More →


Saturday October 20, 2012 10:00am - 10:50am
Main Stage 600 Kanawha Boulevard East, Charleston, WV, United States

10:00am

Vendor and Exhibition Hall Opens - Day 2
Vendors, students and attendees can lounge, compete and network in this area. This area is open for most of the conference.

Saturday October 20, 2012 10:00am - 8:00pm
Ballroom 600 Kanawha Boulevard East, Charleston, WV, United States

10:00am

Hardware Hacking Village - Day 2

Join JP (Ronin) in the hardware hacking village, and build your own Glitch!

Check this out for details on the Glitch, by Glitch Ops:

http://www.kickstarter.com/projects/1186217328/the-glitch


Speakers
avatar for Ronin

Ronin

JP “.ronin” is a security researcher and consultant. His research interests focus primarily on wireless and portable security. He is the primary developer on Katana USB drive and various other open source projects. He maintains www.hackfromacave.com for publishing projects and research.



Saturday October 20, 2012 10:00am - 10:00pm
Hardware Hacking Village

11:00am

Intro to Linux exploit development - Part 1

In this course we will be teaching basic exploit development on a linux os. If you haven't used gdb or done much reverse engineering, this class will be a good introduction. We will be looking at some old school attacks, showing you why they are a problem, and writing some basic exploits from scratch. This is not an advanced class so rop pirates and heap ninjas shouldn't attend unless you want a review of the basics. This course will consist of both lecture and hands on exercises, so please bring your laptop with your favorite VM player.


Speakers
avatar for John deGruyter

John deGruyter

John grew up in Nitro, West Virginia, but is currently living in the Northern Virginia/DC area. Security has been his passion and his hobby for the past 14 years. He recently walked away from his job in IT management to pursue his career as a security researcher. This year he and a small team known as the XRG will be running the CTF here at hack3rcon. Lately, he has been spending his time reading, traveling, writing security tools, and studying... Read More →


Saturday October 20, 2012 11:00am - 12:00pm
Main Stage 600 Kanawha Boulevard East, Charleston, WV, United States

11:00am

New Media Journalism 101 [Workshop][SOLDOUT]
THIS EVENT IS BY INVITATION ONLY
Speakers
avatar for Keri Potipcoe

Keri Potipcoe

KeriBlog
KeriBlog is a daily blogger, online media personality, and brand ambassador. She’s been sharing her life online since 2007, via both blog and video. You can sit down and watch her for eight edited hours. For three years she travelled around Canada celebrating the country she claims is the best in which to live, in The Canadian Explorer. She created the CBC’s inaugural-made-for-web-show and went on to become an accredited... Read More →

Sponsors
avatar for WVSU EDC

WVSU EDC

EDC has been a fixture on the West Side since 2005 offering business and entrepreneurship training, office space leasing, and other economic development functions. EDC will continue to offer these services, but the building has been extensively renovated to include a digital arts studio and media center labeled DigiSo, in reference to its digital and social media focus. “We’ve turned EDC into a co-working space where creative... Read More →
avatar for DigiSo

DigiSo

Introducing DigiSo.™ Part talent hub, part incubator, part new-media-new-business think-tank. DigiSo™ is a physical and virtual talent convener, designed exclusively to engage, develop, and support entrepreneurs, ideas, and opportunities in digital and creative industries. DigiSo™, short for digital and social media, is the result of collaborative brainstorming by the WVSU Economic Development Center (EDC), Create... Read More →



Saturday October 20, 2012 11:00am - 11:50pm
Press Room

12:00pm

Ration Break
Possible drink and food reception. Details are being worked out.

Saturday October 20, 2012 12:00pm - 1:00pm
Main Stage 600 Kanawha Boulevard East, Charleston, WV, United States

12:00pm

New Media Journalism Fieldwork [Workshop][SOLDOUT]
Speakers
avatar for Keri Potipcoe

Keri Potipcoe

KeriBlog
KeriBlog is a daily blogger, online media personality, and brand ambassador. She’s been sharing her life online since 2007, via both blog and video. You can sit down and watch her for eight edited hours. For three years she travelled around Canada celebrating the country she claims is the best in which to live, in The Canadian Explorer. She created the CBC’s inaugural-made-for-web-show and went on to become an accredited... Read More →

Sponsors
avatar for WVSU EDC

WVSU EDC

EDC has been a fixture on the West Side since 2005 offering business and entrepreneurship training, office space leasing, and other economic development functions. EDC will continue to offer these services, but the building has been extensively renovated to include a digital arts studio and media center labeled DigiSo, in reference to its digital and social media focus. “We’ve turned EDC into a co-working space where creative... Read More →
avatar for DigiSo

DigiSo

Introducing DigiSo.™ Part talent hub, part incubator, part new-media-new-business think-tank. DigiSo™ is a physical and virtual talent convener, designed exclusively to engage, develop, and support entrepreneurs, ideas, and opportunities in digital and creative industries. DigiSo™, short for digital and social media, is the result of collaborative brainstorming by the WVSU Economic Development Center (EDC), Create... Read More →



Saturday October 20, 2012 12:00pm - 1:50pm
Press Room

12:00pm

WVSU-EDC and DigiSo - 24 Hour - Hack-A-Thon

DigiSo Hackathon  Noon, October 20 – Noon, October 21
Up to four local non-profits will stock up on coffee, Red Bull and munchies in preparation for the 304 Geeks-powered DigiSo all-nighter Hackathon. DigiSo Anchors, 304 Geeks and teams from WV State University’s communications, business and art departments will come together during this first ever branding blitz.
 
Teams consisting of at least one copy writer, graphic artist, business plan specialist, and Wordpress geek will work intensely with organizational leadership for 24 hours non-stop. The goal? A logo, a one page advertisement, and a Website powered by Wordpress for each non-profit.


Sponsors
avatar for WVSU EDC

WVSU EDC

EDC has been a fixture on the West Side since 2005 offering business and entrepreneurship training, office space leasing, and other economic development functions. EDC will continue to offer these services, but the building has been extensively renovated to include a digital arts studio and media center labeled DigiSo, in reference to its digital and social media focus. “We’ve turned EDC into a co-working space where creative... Read More →
avatar for 304geeks *ORGANIZERS*

304geeks *ORGANIZERS*

we do stuff..
avatar for DigiSo

DigiSo

Introducing DigiSo.™ Part talent hub, part incubator, part new-media-new-business think-tank. DigiSo™ is a physical and virtual talent convener, designed exclusively to engage, develop, and support entrepreneurs, ideas, and opportunities in digital and creative industries. DigiSo™, short for digital and social media, is the result of collaborative brainstorming by the WVSU Economic Development Center (EDC), Create... Read More →


Saturday October 20, 2012 12:00pm - Sunday October 21, 2012 2:00am
Hack3rcon Annex

1:00pm

Intro to Linux exploit development - Part 2

In this course we will be teaching basic exploit development on a linux os. If you haven't used gdb or done much reverse engineering, this class will be a good introduction. We will be looking at some old school attacks, showing you why they are a problem, and writing some basic exploits from scratch. This is not an advanced class so rop pirates and heap ninjas shouldn't attend unless you want a review of the basics. This course will consist of both lecture and hands on exercises, so please bring your laptop with your favorite VM player.


Speakers
avatar for John deGruyter

John deGruyter

John grew up in Nitro, West Virginia, but is currently living in the Northern Virginia/DC area. Security has been his passion and his hobby for the past 14 years. He recently walked away from his job in IT management to pursue his career as a security researcher. This year he and a small team known as the XRG will be running the CTF here at hack3rcon. Lately, he has been spending his time reading, traveling, writing security tools, and studying... Read More →


Saturday October 20, 2012 1:00pm - 1:50pm
Main Stage 600 Kanawha Boulevard East, Charleston, WV, United States

1:00pm

Build a Glitch [LIMITED: 10 SEATS]
THIS EVENT IS BY INVITATION ONLY

Exclusively at Hack3rCon's hardware hacking village, come and build the
prototype of The Glitch hardware hacking platform.  The Glitch is a
small reprogrammable Arduino compatible micro-processor development
platform.  Be part of a limited beta testing group to use the Glitch
before its official release.

For $100 you'll get all the parts for building the prototype of The
Glitch at the hardware village.  The build workshop will walk you
through step-by-step building the hardware.  Attendees do not need any
previous soldering skills to assemble the hardware and will walk away
with a working (Proto)Glitch.  (NOTE: For those not comfortable with
assembling the hardware themselves, they can be assembled for you.)

BONUS: Since it is self serving to have individuals beta testing the
hardware and software, participants will also get a factory built Glitch
plus adapters in the mail once they are available.

Find out more about the project at theglitch.sourceforge.net


Speakers
avatar for Ronin

Ronin

JP “.ronin” is a security researcher and consultant. His research interests focus primarily on wireless and portable security. He is the primary developer on Katana USB drive and various other open source projects. He maintains www.hackfromacave.com for publishing projects and research.



Saturday October 20, 2012 1:00pm - 3:00pm
Hardware Hacking Village

2:00pm

Advanced Phishing Tactics – Beyond User Awareness

Over the past 10 years, organizations have spent time, resources and considerable financial investments to protect their external perimeter from potential information security threats. Most advanced threat agents know if and when they bypass the hardened perimeter, successfully compromising assets within the internal environment is trivial, with very few controls in place to stop a focused and motivated intruder.

This talk will discuss why spear phishing penetration testing is a necessary exercise for all organizations. We will walkthrough and demonstrate live our methodology that has proven extremely effective on numerous engagements. We will also focus on why advanced techniques should be used to assess internal user environments as a whole and that approaching a social engineering exercise as a user awareness exercise is not beneficial for an enterprise. 

 


Speakers
avatar for Martin Bos

Martin Bos

Martin “Pure Hate” Bos Martin (purehate) Bos works as a penetration tester for Accuvant Inc.. He resides in Louisville, KY with his wife, Kim and their daughter. Martin is also one of the core developers for Backtrack-Linux and has been with the project since its early days. Martin also is a Co-Founder of Question-Defense.com, a website dedicated to answering technical questions daily and also has the largest online WPA Cracking... Read More →
avatar for Eric Milam

Eric Milam

Senior Security Assessor – Accuvant LABS – Accuvant, Inc.  | Eric is a security consultant on the Accuvant assessment team with over 14 years of experience in information technology. Eric performs ongoing enterprise security assessments, perimeter penetration testing, and application vulnerability assessments.  | | Experience:  | Eric has performed innumerable consultative engagements including enterprise security... Read More →


Saturday October 20, 2012 2:00pm - 2:50pm
Main Stage 600 Kanawha Boulevard East, Charleston, WV, United States

2:00pm

New Media Journalism Publishing [Workshop][SOLDOUT]
Speakers
avatar for Keri Potipcoe

Keri Potipcoe

KeriBlog
KeriBlog is a daily blogger, online media personality, and brand ambassador. She’s been sharing her life online since 2007, via both blog and video. You can sit down and watch her for eight edited hours. For three years she travelled around Canada celebrating the country she claims is the best in which to live, in The Canadian Explorer. She created the CBC’s inaugural-made-for-web-show and went on to become an accredited... Read More →

Sponsors
avatar for WVSU EDC

WVSU EDC

EDC has been a fixture on the West Side since 2005 offering business and entrepreneurship training, office space leasing, and other economic development functions. EDC will continue to offer these services, but the building has been extensively renovated to include a digital arts studio and media center labeled DigiSo, in reference to its digital and social media focus. “We’ve turned EDC into a co-working space where creative... Read More →
avatar for DigiSo

DigiSo

Introducing DigiSo.™ Part talent hub, part incubator, part new-media-new-business think-tank. DigiSo™ is a physical and virtual talent convener, designed exclusively to engage, develop, and support entrepreneurs, ideas, and opportunities in digital and creative industries. DigiSo™, short for digital and social media, is the result of collaborative brainstorming by the WVSU Economic Development Center (EDC), Create... Read More →



Saturday October 20, 2012 2:00pm - 3:00pm
Press Room

3:00pm

DNS Reconnaissance

DNS Reconnaissance

Carlos will be covering the basics of DNS Reconnaissance using the normal types of methods used by penetration testers and several new ones not so frequently use using real world results to show how it is still a very viable way for enumeration and information gathering using his DNSRecon  set of tools. The presentation will also cover how to parse and use the data generated and why it is important the management of the information collected.

 


Speakers
avatar for Carlos Perez

Carlos Perez

I’m a Director of Reverse Engineering for a security vendor, I have also worked as an IT Consultant working for a large IT Integrator in the areas of Security, Networking and Virtualization where I covered the region of Central America, Caribbean and Puerto Rico. I used to be a tactical instructor and still train in areas of interest in that realm. Above all I’m a father , a husband  and proud to be an American. I currently... Read More →

Sponsors
avatar for Tenable Network Security *SILVER*

Tenable Network Security *SILVER*

Tenable Network Security is relied on by a million security professionals at many of the world’s largest companies and governments, including the entire U.S. Department of Defense, to stay ahead of emerging vulnerabilities, threats and compliance-related risks. Its Nessus and SecurityCenter solutions continue to set the standard for identifying vulnerabilities, preventing attacks and complying with a multitude of regulatory requirements... Read More →



Saturday October 20, 2012 3:00pm - 3:50pm
Main Stage 600 Kanawha Boulevard East, Charleston, WV, United States

4:00pm

The Secret Sauce

I'mmmmmmm back. So I've moved from crazy technical hacker to a CSO, and now back to a crazy technical hacker. The times couldn't be better and the fun just beginning. This talk is going to dive down in a number of penetration tests that I've been on and new and innovative ways into compromising organizations in unique ways. Learn the tricks of the trade, and some really wicked ways to pop some boxes.


Speakers
avatar for David Kennedy

David Kennedy

Dave Kennedy is founder and principal security consultant of TrustedSec, LLC - An information security consulting firm located in Cleveland Ohio. David was the former Chief Security Officer (CSO) for a Fortune 1000 where he ran the entire information security program. Kennedy is a co-author of the book “Metasploit: The Penetration Testers Guide,” the creator of the Social-Engineer Toolkit (SET), and the creator of Artillery... Read More →


Saturday October 20, 2012 4:00pm - 4:50pm
Main Stage 600 Kanawha Boulevard East, Charleston, WV, United States

5:00pm

Ration Break

Possible drink and food reception. Details are being worked out.



Saturday October 20, 2012 5:00pm - 6:00pm
Main Stage 600 Kanawha Boulevard East, Charleston, WV, United States

6:00pm

You can't Buy Security

 It seems everywhere you look there are analysts and product/service providers promising you the magic bullet when it comes to securing your environment and lowering you risk. While some products might be better than others, nothing will help you with the basics which seem to be where most of us are still failing. The presentation will focus on the concept of keep it simple stupid. It will dive into learning your environment and more importantly correlating that to maintaining the profitability of your organization. It will show you how to bypass all the blinking lights and build cost effective security program that will inherently lower your risk.

 


Speakers
avatar for Boris Sverdlik

Boris Sverdlik

Boris Sverdlik is a Senior Partner at Jaded Security Consulting. He is a Solutions-oriented Information security consultant with a proven record of directing a range of security initiatives; adhering to best practices and regulatory requirements. He have been at the forefront of information security spanning more than a decade. Boris has been on both sides of the fence, protecting assets as head of security within the financials as well... Read More →


Saturday October 20, 2012 6:00pm - 6:50pm
Main Stage 600 Kanawha Boulevard East, Charleston, WV, United States

7:00pm

Social Engineering Applied: Exploit the Target

While we all love being able to just roll in, pop some boxes and walk
away with the hashes then call it a day; This type of mindset doesn't
bring return customers. In this presentation we'll be discussing some
of the common issues with managing technical assessments to ensure
that the customers we hack today will call us back again in the future
to hack them again.


Speakers
avatar for Keith Pachulski

Keith Pachulski

Keith Pachulski is a Security Consultant based out of Northeast Pennsylvania with over 16 years of experience in the Information Security and Physical Security industries specializing in Penetration Testing, Vulnerability Assessment, Risk Assessments & Compliance for the private and public sectors. Prior to consulting, he was the CSO for a medium sized company in Pennsylvania as well as creating and managing a... Read More →


Saturday October 20, 2012 7:00pm - 7:50pm
Main Stage 600 Kanawha Boulevard East, Charleston, WV, United States

8:00pm

Key Impression Contest
Brian Martin will be teaching the basic theory and practice of key impressioning. The core of key impressioning is the use of a key blank to pick up the small marks/scratches left by the pin stacks when inserted into a lock and then using a small file to cut the appropriate bittings into the blank.  With enough practice and a good eye (and plenty of trial and error!), you can learn where and how deep to file the blank to open a particular lock based solely on the scratches left on the blank.  This technique takes a bit more work than the usual picking or bumping, but can result in persistent access to an otherwise secured location. 

 

Equipment Required (provided, or bring your own):  File, Key Blank, Pliers/Hand Vise

 

Speakers
avatar for Brian Martin

Brian Martin

Brian Martin works for Digital Trust in Allentown, PA, a small INFOSEC | firm specializing in civil litigation eForensics and preservation, | OSINT, and the occasional penetration test and security assessment. | An avid prepper, Brian has taught dozens of people how to handle | firearms and emphasizes the 6P's in all things.  He thinks bio's are a | waste of time better spent minimizing tax profiles or practicing | locksport. | |

Sponsors
avatar for Digital Trust LLC *GOLD*

Digital Trust LLC *GOLD*

Specializing in regulatory security compliance, we work to build, support, and enhance your new or existing information security and data assurance efforts. Regulatory Areas: HIPAA/HITECH Security & Privacy GLBA/SEC S&P (17 CFR 248) 21 CFR 11 Testing Systems Security Validation eDiscovery Support and/or Response Assistance Experienced in: Corporate access controls Risk Management using real figures, not... Read More →



Saturday October 20, 2012 8:00pm - 9:50pm
Main Stage 600 Kanawha Boulevard East, Charleston, WV, United States

8:00pm

Leveraging The Glitch Attack Platform

As a follow up to building The Glitch, come and learn how to use it.
This workshop will teach attendees how to use some of The Glitchs'
capabilities; including keystroke injection, embedding in hardware,
Bluetooth command and control, and more.  Attendees will be able to
create their own attacks and payloads during the workshop.


Speakers
avatar for Ronin

Ronin

JP “.ronin” is a security researcher and consultant. His research interests focus primarily on wireless and portable security. He is the primary developer on Katana USB drive and various other open source projects. He maintains www.hackfromacave.com for publishing projects and research.



Saturday October 20, 2012 8:00pm - 10:00pm
Hardware Hacking Village

10:00pm

Hack3rcon's Zombie Neighborhood Watch Party

304Geeks and Rapid 7 Presents:

Hack3rCon Neighborhood Watch Block Party!!


Sponsors
avatar for Rapid7 *Party Sponsors*

Rapid7 *Party Sponsors*

Rapid7 provides world-class professional services with extensive expertise in training, deployment and security assessments such as network and application penetration tests as well as security and compliance audits. We help you define security best practices to ensure that your environment is protected from the malicious threats and help your organization effectively achieve its vulnerability management, risk assessment, and policy... Read More →



Saturday October 20, 2012 10:00pm - Sunday October 21, 2012 2:00am
Ballroom 600 Kanawha Boulevard East, Charleston, WV, United States
 
Sunday, October 21
 

10:00am

Capture the Flag by the XRG - Closed

Description:
Hack3rcon CTF will be brought to you this year by the XRG, a
relentless group of bloodthirsty savages from outer space. From deep
within their hive they have hatched multiple challenges to include
web, traffic analysis, reversing, and more.  Rigorous fun on all
levels from the newbist larva to the leetist overmind.


CTF Rules:
1. All flag submissions have to be received by 10 am Sunday in order
to be accepted.
2. Do not attack other participants.  Only attack computers which are
hosted at IP addresses we have specifically given you on the CTF
network. If you are in doubt, ask a CTF staff member.
3. Do not launch “denial of service” attacks against the CTF network
or systems. Please promptly report any system outages you notice.
4. Do not delete contest flags from systems
5. Event organizers will not be held responsible for any damages that
occur to your systems as a result of connecting to the CTF network;
remember that this is a hostile network.  Connect to it at your own
risk.
6. Double check the access point or switch you have connected to prior
to engaging in any attacks - ensure you are on the CTF network.
7. Teams are welcome.


Sunday October 21, 2012 10:00am - 10:30am
Ballroom 600 Kanawha Boulevard East, Charleston, WV, United States

10:00am

From Patch to Pwnd

"Exploiting faulty firmware patch services to compromise MFP Devices" An in depth examination of the patch/upgrade process on Xerox Multifunction devices, for the purpose of exploitation. By taking advantage of faulty patch/upgrade design we will show how an attacker can gain root level access privileges on MFP devices. We will start our discussion by examining historical research, and methods used in the past to compromise MFP devices in relationship to our attack method. Following from there we will discuss the steps I took during my research. This will include the evaluation of patch and firmware packages built using Xerox Downloadable modules (DLM) format. Examining Xerox patch process, including how they are obtained and deployed. We will Also discuss the structure and extraction of data from DLMs. Leveraging this information we will demonstrate how an attacker could easily create their own rogue DLMs and deploy them to take aver a Xerox MFP device with root level privileges without needing to authenticate. In conclusion we will discuss methods that could be used to reduce or mitigate the risk caused by these issues.


Speakers
avatar for Deral Heiland

Deral Heiland

Deral Heiland CISSP, serves as a Senior Security Engineer where he is responsible for security assessments, and consulting for corporations and government agencies. In addition, Deral is the founder of Ohio Information Security Forum a not for profit organization that focuses on information security training and education. Deral Is also a member of the foofus.net security team.Deral has presented at... Read More →


Sunday October 21, 2012 10:00am - 10:50am
Main Stage 600 Kanawha Boulevard East, Charleston, WV, United States

10:00am

Hardware Hacking Village - Day 3

Join JP (Ronin) in the hardware hacking village, and build your own Glitch!

Check this out for details on the Glitch, by Glitch Ops:

http://www.kickstarter.com/projects/1186217328/the-glitch


Speakers
avatar for Ronin

Ronin

JP “.ronin” is a security researcher and consultant. His research interests focus primarily on wireless and portable security. He is the primary developer on Katana USB drive and various other open source projects. He maintains www.hackfromacave.com for publishing projects and research.



Sunday October 21, 2012 10:00am - 2:00pm
Hardware Hacking Village

10:30am

Vendor and Exhibition Hall Opens - Day 3
Sunday October 21, 2012 10:30am - 2:00pm
Ballroom 600 Kanawha Boulevard East, Charleston, WV, United States

11:00am

Building a pad that will survive the times

What do you do if you are not a prepper but have been handed virtually unlimited funds to protect your family? Well you spend the money and have fun doing it! This presentation will cover the plans, process, and fun of prepping on a budget that would but some small countries GDP to shame.

 


Speakers
avatar for Branden Miller

Branden Miller

Branden Miller is responsible for the Awareness and Training program for a health care entity that has over 10,000 employees. He retired from the US Navy in 2011 after 20 years of service. He has held many positions such as system administrator, network engineer, digital network exploitation analyst, and finally, adjunct faculty for the National Cryptologic School. In his spare time, he assists his extended family with prepping. Even if he does... Read More →


Sunday October 21, 2012 11:00am - 11:50am
Main Stage 600 Kanawha Boulevard East, Charleston, WV, United States

12:00pm

Ration Break
Possible drink and food reception. Details are being worked out.


Sunday October 21, 2012 12:00pm - 1:00pm
Main Stage 600 Kanawha Boulevard East, Charleston, WV, United States

1:00pm

Wielding Katana: A Pentesters Portable Pal

Wielding Katana: A Pentesters Portable Pal


Speakers
avatar for Ronin

Ronin

JP “.ronin” is a security researcher and consultant. His research interests focus primarily on wireless and portable security. He is the primary developer on Katana USB drive and various other open source projects. He maintains www.hackfromacave.com for publishing projects and research.


Sunday October 21, 2012 1:00pm - 1:50pm
Main Stage 600 Kanawha Boulevard East, Charleston, WV, United States