Podcasts about hacker conference

Cherry Chan, Real Estate Accountant will be sharing how to retire faster with corporate structures so you can pay less tax and invest more. Cherry and her Accounting partners have been consolidating lessons from their experience working with 500+ real estate investor clients.  Since no one hides anything from their Accountant, they know the truth about real estate investing returns, losses, and most importantly the path forward. Cherry's on the show today to share about the burning questions she's getting from clients these days:  Tax implications of short term rentals & AirBNBs, especially when selling Where clients lost $$ by not understanding the risks Setting up businesses and corporations to invest in the US Please enjoy the show!   To follow Cherry: Phone: (416) 548-4228 Email: admin@cccpa.ca Web: https://realestatetaxtips.ca/ YouTube: https://www.youtube.com/c/RealEstateTaxTips  

On to this week's guest we have Danielle Unsworth who has simply caught fire since attending our 2019 Wealth Hacker Conference.  Danielle took the whole 10X'ing thing to heart, first she started converting basement apartments in her existing properties, then hired a coach in my old friend Susan White Livermore, she's since invested in vacation rentals in Turks and Caicos, six townhouses, in Edmonton, each with basement suites using cheap CMHC MLI Select. You probably want to write that down to google it later. To investing in two apartment buildings in New Brunswick and whatever else she's bought since this interview took place three weeks ago. Danielle has shot out of a cannon and she's built a large Instagram following and she shares how. If you're one of the quality investors or coaches out there looking to raise capital, I suggest you give Danielle a follow as there are bankrupt investors, both morally and financially doing the same and they can raise millions of dollars.  At least that's how I justify to myself in all the content we put out there with more to come in 2023. For Cherry and I, if nothing else it's a public service to share the truths about real estate investing. I give you Danielle Unsworth.   To Follow Danielle: Web: https://www.danielleunsworth.com/ Instagram: https://www.instagram.com/danielle.unsworth/?hl=en WINC: Women Investors Network Canada: https://www.instagram.com/winc.investors/?hl=en

Stay ahead of the censors - Join us warroom.org/joinNuclear Hoax Blown Up; The FBI Raid Was To Intimidate Trump, MAGA, And To Ransack Mar A Largo; Live From The Hacker Conference Aired On: 8/12/2022Watch:On the Web: http://www.warroom.orgOn Gettr: @WarRoomOn Podcast: http://warroom.ctcin.bioOn TV: PlutoTV Channel 240, Dish Channel 219, Roku, Apple TV, FireTV or on https://AmericasVoice.news. #news #politics #realnews

Anyone out there remember the Whole Earth Catalog?  We did too but didn't know who produced it. His name is Stewart Brand and not only did he create, along with his first wife Lois Jennings, this  counterculture magazine that started in 1968 and ran sporadically until 1998, he's credited in helping to be a co-founder of the environmental movement, as well as being one of the first adapters of computer technology as we know it (he was in the garage with Jobs and The Woz folks!), campaigning to see a photograph of the earth on the streets of San Francisco, and is now trying to bring back the woolly mammoth. Yep, you read that right. In the film We Are As Gods, we speak with  co-director Jason Sussberg about the man, the myth,  and the legend about his documentary about the real life Forrest Gump aka Stewart Brand and how does one capture this persons life and work in one film.  If you never heard of Stewart Brand before this podcast, it's totally ok, but now, he's going to be in your universe forever. You're welcome.You can follow Jason Sussberg on Twitter, and at his website Structure Films--Be well, stay safe, Black Lives Matter, AAPI Lives Matter, and thank you for wearing a mask. --Buy us a cup of coffee!Subscribe to our channel on YouTube for behind the scenes footage!Rate and review us wherever you listen to podcasts!Visit our website! www.bitchtalkpodcast.comFollow us on Instagram, Facebook, and Twitter.Listen every other Thursday 9:30 - 10 am on BFF.FMPOWERED BY GO-TO Productions 

There’s so much going through our heads in the last 48 hours. As excited as it was for us on Saturday at the Wealth Hacker Conference, we didn’t start out that way. Our journey started off around the time when Cherry’s grandma passed away. A small idea was planted by Maryanne Gillespie, Erwin’s coach, to host free classes to share the idea of building long-term wealth through real estate investment. We discussed and we brainstormed, nothing really firmed up and Cherry took off to Hong Kong to attend her grandma’s funeral. When Cherry arrived at Hong Kong after her 16-hour flight, Erwin already recruited a bunch of his friends, most of them are real estate experts, to join him on hosting an all-day educational event. Talking about taking action, I’ve never wasted time to take action! That was the beginning of Wealth Hacker Conference. In February, we attended 10X Growth Con at Marlins Park Miami, part of the 32,000 people who attended the event. We were completely blown away by the 10X philosophy, but we had little idea how much 10X Growth Con affected our own planning. We hired an event planner, Shauna Arnott, who’s also the host of the event Haste and Hustle. She brought up the idea of bringing Grant Cardone to Toronto.  Grant is a real estate mogul. His philosophy is about investing in himself and building long-term wealth. He’s all about taking responsibility of our own lives and 10X the goal and effort to achieve the 10X goal. Grant was a great fit, but … would his personality get along well with our humble Canadian crowd? When in doubt, Erwin turned to Facebook. He posted the question and asked, “would you like to see Grant Cardone or Robert Kiyosaki?” The rest is history. We had delay booking Grant, then we had competition. Then we had problems firming up a venue. We wanted to deliver the best value, instead of just another real estate educational event. Erwin reconnected with his friend Omar Khan, who has been tirelessly sharing his simple stock investment strategy with everyone around him. Omar has lived his life on his terms. He spends most of his days managing his properties and trading stocks. Almost no one has seen him speak in public before. We know that the world needs to hear him sharing his virtually unknown investment strategy, but we had our doubts about him early on. Can we put Omar on stage to speak to 1,500+ attendees? Our ticket sales weren’t exactly how we expected in the summer. Our marketing agency decided to leave us before end of summer. It was tough, but it was a blessing in disguise. This was the turning point for us. A light bulb went off in our heads. We realized that both of us needed to step up, take charge, take responsibility and promote. If this event is our version of 10X, we gotta 10X our effort to 10X our results! It wasn’t easy. From writing the emails that you see everyday, to posting on social media strategically, to driving for a few hours to present at different venues, to interviewing Grant Cardone in person in Miami, we spent a lot of time, effort, money and tears along the way. Is it worth it? Hell yes.  We have grown to become someone that we have never thought possible. We now come to appreciate the value of our network and our list 100X more. Thanks to Tom & Nick Karadza, who taught us about building and nurturing our list, before we even started having any businesses. Are we done yet? We hope not.  We still have a message to share. We still want to continue to help you to build your long-term wealth. We still want to make sure you can take control of your financial life, quit the job that you always want to quit, pay for your children’s education and travel around the world. You can continue to join us on our wealth hacking journey here. Thank you once again for joining us at Wealth Hacker Conference.   Until next time, Erwin

I recently attended the Wealth Hacker Conference 2019 in Toronto. It's a conference meant for real estate investors, freedom creators, and entrepreneurs.  I found it quite impressive and only wrote down a handful of ideas from the event. In this episode, I look to share my Top 3 lessons from the conference with you. Enjoy!!  Have a thought and/or feedback about the episode?  Want to get featured in the next upcoming episodes?  Go here and leave your thoughts: http://www.theinnerchangemaker.com/voice --- Apply To The Legacy Driven Entrepreneurs Community and the discussion here (it's FREE):  http://www.theinnerchangemaker.com/tribe Are you enjoying the podcast? Listen to the episode here, share with a friend, and leave us a review:  iTunes:  http://www.theinnerchangemaker.com/itunes Google Play: http://www.theinnerchangemaker.com/googleplay Spotify: http://www.theinnerchangemaker.com/spotify Soundcloud: http://www.theinnerchangemaker.com/soundcloud Google Podcasts: http://www.theinnerchangemaker.com/google   Want to grab my NEW audio training? Grab a FREE copy of "How To Be The Leader You Truly Are": http://www.theinnerchangemaker.com/leadership Launching a podcast? Grab my Podcast Creation Roadmap:  http://www.theinnerchangemaker.com/roadmap

I wanted to bring you a special episode with an offer for you at the end. My good friend Erwin and I had a great conversation about how he thinks about investing, his strategies, early investing stories, and everything that is going on at the Wealth Hacker Conference in Toronto. This conference is on November 9th so if you are listening to this after the 9th, you will still get a lot of value. If you are listening before and you are interested in going, tickets are selling out fast and I have a special discount code for you in the show notes.   Time Stamps:   (1:18) Who Erwin Is (5:35) Erwin's First Deal (8:23) Strategy (13:00) Early Investing Stories (16:42) Wealth Hacker (21:10) Truths (39:58) Wealth Hacker Conference (49:00) Promo Code: Shane   Go to Wealth Hacker Conference and use Promo Code: Shane Follow Erwin on Instagram ________________________________________________________   Visit my website for more information on my services, new book, and my blog.   Follow me on Facebook and Instagram.

In this episode, you’ll find out what you can expect at the Wealth Hacker Conference put on by Erwin Szeto and his wife Cherry Chan this November 9th, 2019. Erwin also talks about his newfound love for investing in stock options, and how simple it can be – even for the most conservative at heart. **If you want a discount for Tickets to the Wealth Hacker Conference November 9th Use This Promo Code: 911WEALTHNETWORK for your discount – just go to www.WealthHacker.ca Here is a sneak peak at the experts and the secrets they are sharing on November 9th:   Grant Cardone, a New York Times bestselling author, the #1 sales trainer in the world, and an internationally renowned speaker on leadership, real estate investor, entrepreneurship, social media, and finance An entrepreneur sharing how they started a business from zero to the Profit 500, the top 500 fastest growing companies in Canada and they made the list the last three consecutive years: Tom and Nick Karadza An investor who is sharing how he hacks stock option investing, earning six figures per year in only 30 mins/day that helped him buy 30+ properties: Omar Khan A tax hacker, the most in-demand Real Estate Accountant to share the government incentives and secret strategies employed by the rich, Cherry Chan CPA, CA An investor who was able to take three years off work by offering out private mortgages and collecting interest payments: Jay Gabrani An investor who left their high-level government job as the CMHC apartment building underwriter behind to buy 22 million worth of apartment buildings: Pierre-Paul Turgeon An elite business coach, she was selected as the 1st coach to represent Canada with the #1 international coaching organization, where she ranked as the top Business Coach out of 200 coaches all 4 years of her being there, coach MaryAnne Gillespie An investor who has acquired over 100 investment properties sharing how he used other people’s money. He even wrote the best selling book on the subject: JV Jedi Russell Westcott An investor who is the leading expert at the #1 value add strategy in residential real estate, Andy Tran A real estate entrepreneur, who has interviewed over 100 of the best investors in Canada, four-time real estate agent of the year to investors sharing the best practices of getting started as an entrepreneur and investor to become a wealth hacker

In Yeshiva - a system of advanced learning in the orthodox Jewish world, there’s a saying: “Shiv'im Panim laTorah” - which means “there are 70 faces of Torah”, but implies that there are many equally valid ways of getting to a certain point. That idea resonates with IT practitioners, because there are many paths that led us into our career in tech. In this episode, Leon speaks with guests Corey Adler, Rabbi Ben Greenberg, and returning guest Yechiel Kalmenson about how that made that literal pivot, from yeshiva into the world of IT, and what their experiences - both religious and technical taught them along the way. Listen or read the transcript below. Leon: 00:00 Hey everyone, it's Leon. Before we start this episode, I wanted to let you know about a book I wrote. It's called "The Four Questions Every Monitoring Engineer is Asked", and if you like this podcast, you're going to love this book. It combines 30 years of insight into the world of it with wisdom gleaned from Torah, Talmud, and Passover. You can read more about it including where you can get a digital or print copy over on https://adatosystems.com. Thanks! Josh: 00:24 Welcome to our podcast where we talk about the interesting, frustrating, and inspiring experiences we have as people with strongly held religious views working in corporate IT. We're not here to preach or teach you our religion. We're here to explore ways we make our career as IT professionals mesh - or at least not conflict - with our religious life. This is Technically Religious. Leon: 00:48 In yeshiva, a system of a dance learning in the orthodox Jewish world, there's a saying: "Shiviim paanim laTorah,", which means "there are 70 faces of Torah". But it implies that there are many equally valid ways of getting to a certain point. That idea resonates with it folks, because there are many paths that led us to our career in tech. Today I'm going to speak to people who made that literal pivot - from yeshiva into the world of IT - and what their experiences, both religious and technical, taught them along the way. I'm Leon Adato, and the other voices you're going to hear on this episode are returning guest Yechiel Kalmenson Yechiel: 01:20 Hey, thanks for having me back. Leon: 01:24 No problem. And also his partner in coding crime, Rabbi Ben Greenberg. Ben: 01:29 It's great to be here. Leon: 01:31 It is wonderful to have you. And sitting across from me, because he's also a Cleveland-based Orthodox Jewish Geek, is Corey Adler Corey: 01:39 Live long and prosper, Papu. New Speaker: 01:41 There we go. Okay. So before we dive into the actual topic at hand, I want to let you all do a little bit of shameless self promotion. Everyone, take a minute and tell the Technically Religious audience a little bit about who you are and how they can find you on the interwebs. Corey: 01:58 So, hi, I am Corey Adler. I am a team lead engineer at Autosoft. You can find me on Twitter @CoreyAdler and I am the constant pain and Leon side, Leon: 02:08 Literally and figuratively, yes! Yechiel: 02:10 Well, uh, my name is Yechiel. I'm a software engineer at Pivotal. Um, on Twitter you can find me @YechielK. My blog is at RabbiOnRails.io, and I also co-author a weekly newsletter called "Torah & Tech" with Ben Greenberg. Ben: 02:26 And I am that Ben Greenberg that Yechiel just mentioned. I'm a developer advocate at Nexmo, the Vonage API platform. And I also am that coauthor of "Torah & Tech" with Yechiel, and you can find me on the Twitter world @RabbiGreenberg, or on my website at BenGreenberg.dev. Leon: 02:44 Great. And for those people who are wondering, we're going to have all of those links and everything in the show notes. And finally I should just to round out the four, uh, Orthodox people of the apocalypse, I guess? I don't know. Corey: 02:56 You've been watching too much Good Omens. Leon: 02:58 Right? I just finished binge watching it. Anyway. I am Leon Adato and you can find me on the twitters @LeonAdato, I did not attend to Shiva, which is a point that my children who DID attend yeshiva are quick to mention whenever I try to share any sort of Torah knowledge. I started out in theater. I know that comes as a complete shock to folks who wonder why I could do that if I'm so shy. It's almost as weird a path to IT as Torah is. And one that's definitely informed my understanding along the way. But again, we're focusing on this yeshiva path and that's where I want to start. I want to hear from each of you, where you started out, what your sort of, growing up experience was. Ben: 03:41 Uh sure. So I guess I'll start. So I grew up in San Diego, California, a little far also from the center of what seems like the center of Orthodox Jewish life in America, in New York City. But I moved to New York for Yeshiva and college at the same time. And I went to a yeshiva college called in English, the Lander college for Men, and in Hebrew, or in a New York accented Hebrew, The Beis Medrash L'Talmud, which was and still is in Queens, in a little neighborhood in Queens called Q Gardens Hills. And so I was there for four years, right, that simultaneously yeshiva and college. And then after I graduated that I said, "I'm not done with yeshiva." So I went for another four years to another yeshiva, this time to study for a rabbinic ordination. And I did that at yeshiva called - and they only have a Hebrew names so I apologize for the three words in Hebrew here - Yeshivat Chovevei Torah, which at that time was based near Columbia University in the upper west side of Manhattan, and is now in Riverdale, which is a neighborhood in the Bronx, also in New York City. Corey: 04:55 So I guess I'll go next then. I grew up, born and raised in Chicago. I went to Skokie Yeshivah, and that's yeh-shivuh, not Yeshiva. Why? It's that way. Nobody knows. Leon: 05:07 But they beat you enough until you just stopped saying it the other way. Corey: 05:10 You get shamed if you say it the wrong way there. After high school I went to tlearn in yeshiva in the old city of Jerusalem for two years at a place called Nativ Ariyeh. Afterwards I came back to the United States and went to New York University. Not "YU" Leon: 05:30 Yeah, NYU, not YU. I went to NYU also, although we didn't know each other because I'm old and you're a baby. Okay. So that means Yechiel you're bringing up the rear on this one. Yechiel: 05:43 Yeah. I'll round off the lineup. So, I was born and raised in Brooklyn, New York, center of the world. But for yeshiva, I left town. I went to Detroit, I was there for five years after which I went to a yeshiva in a small village in Israel called Kfar Chabad. Then I came back to New York and I studied, for my Rabbinic ordination at the Central Chabad yeshiva in Crown Heights in New York. Leon: 06:10 Fantastic. Okay. So now we get to laugh at ourselves when we were young and idealistic and had no idea what the world was going to throw at us. What were your plans at that time? Like what did you think life was going to be like? You know, IT may not have been your ultimate life goal. So what did you think it was going to be? Yechiel we'll go backwards. We'll start with you this time. Yechiel: 06:32 I'm glad you can laugh because I actually look back to those days pretty fondly. So back then I was of course very idealistic. My plans were to be a Chabad rabbi. For those in the audience who don't know Chabad is a sect within Orthodox Judaism. And at least for the sake of simplicity all I'm going to say about them is that they're very strong into Jewish outreach and bringing Judaism to unaffiliated Jews, all Jews. So back then I had plans to be, to go out somewhere in the world and be a Chabad rabbi and that's what I was studying towards and what I was learning. And in fact after I got married, I even did live out part of that. I moved to Long Island for a few years and we helped a local Chabad house until eventually the bills caught up with us and we realized that it wasn't paying. Leon: 07:23 So Ben, how about you? Ben: 07:24 So I first of all, I do want to comment on the fact that only a Brooklynite would think "moving out of town" was moving to Long Island, New York. I do just want to make that comment as we're engaging in this conversation. Leon: 07:39 It is definitely the New York state of mind. Corey: 07:41 Yup. Ben: 07:42 And I also do want to say another wonderful thing about... well *a* wonderful thing about Chabad: In my role now is a developer advocate. I do a lot of traveling and I have encountered and have had the great fortune to spend, many Shabbatot and holidays - many Jewish Shabbats, Sabbaths - with Chabad houses around the world and have truly seen the diversity of both Jews and non Jews who attend Chabba for Shabbat meals, for Shabbat services. Just a couple weeks ago I was at Chabad in Venice in Italy and saw just really like every, every type of person. The whole spectrum of human life, it felt like, was present in the Jewish ghetto in the courtyard, celebrating Friday night services and dancing in the streets for Shabbat services with the Chabad. So it was really just quite beautiful. I had such a wonderful time in yeshiva for those eight years, I decided I actually wanted to be a rabbi and so I spent about 10 years of my life actually working as one. And I worked in Cambridge, Massachusetts as a campus Rabbi, A Hillel Rabbi, which is central for Jewish student life on campus. And then I went from there and I worked as a congregational rabbi in Colorado. And then I actually did some community organizing work after that in Chicago around gun violence and immigration reform. And so I kind of got to experience both nonprofit Jewish organizational life in the latter part of my career in the Jewish world. And then also in the beginning part, more traditional forms of being a rabbi, like a campus outreach and congregational rabbinate, the synagogue / pulpit rabbinate. So I actually did it for a bit and I feel fortunate that I've had that opportunity. Leon: 09:49 Wow. That was kind of the gamut. Okay. Corey top that! Corey: 09:54 For me, actually, I've known since fifth grade, pouring over old Tiger Direct catalogs Leon: 10:04 Oh that brings back..., Corey: 10:04 I've known for a long time that I wanted to get somewhere into the tech industry. But I always, I imagined myself originally going into programming video games. I loved playing Starcraft and Madden and all these fun games and I wanted to actually work for one of these companies and imagined it was going to be so much fun programming video games for a living. Speaker 1: 10:32 So, so you didn't, you didn't have visions of being a Chabad rabbi on Mars? Corey: 10:37 No. Leon: 10:38 Okay. All right. Okay, fine. So, um, along with that, along with what you thought was going to be, what was the part - because I know a lot of the folks who listen to Technically Religious don't have a window into this world. So what was the thing that you enjoyed the most; or the most impactful thing about that part of your life that, you know, the time that you were learning in yeshiva? What was it that that really just, you know, would have drawn you back? That you would've gone back again? That you look back most fondly. Ben: 11:05 So for me, I think there are very few spaces in life, or opportunities in life where you get to just sit and ask questions, meaningful questions, and engage in the pursuit of trying to figure out what... meaning: trying to figure out the intentionality behind why... why you do things, why you don't do things? And get engaged in just intense philosophical, theological questions ranging from sometimes the most pragmatic - like, "Is my dishwasher kosher?" And all the ramifications and permutations of that; To very theoretical questions around, "Well, who possesses greater reward for doing a good deed: somebody who is obligated to do that, or somebody who's not obligated?" And spending hours delving deeply into questions like that. Where else do you get the opportunity to do that, and just take the time? It was a precious gift to have that time and to have a carved out dedicated space for those kinds of ponderings and intellectual pursuits. Leon: 12:15 Nice. Nice. Corey, how about you? New Speaker: 12:19 For me it was the ability to stop thinking about the end result and focusing on those individual steps that lead to that end. Quite often we, as a society and as individual people, we end up trying to jump to the conclusion trying to find ... just go straight to the end, see what happens. But when you're learning, Talmud in particular, you may already know what the law is before you started learning a particular section. You may have read it in some law book else elsewhere before you even seen this discussion. But that doesn't mean you're going to know all the particulars. You don't know what all of the edge cases are, as we would say. Arguments for and against various positions. And even on something simple like, "hey, my animal just caused damage to your animal." Like, what do we do in this circumstance. Even that, just getting that ability to focus in and delve into the steps versus getting straight to the end. Leon: 13:25 Nice. Okay. Yechiel anything to add to that? Yechiel: 13:29 Yeah. For me it was actually, the fact that how yeshiva was a world where you're totally immersed in - like people I speak to are generally shocked to find out that a regular day for yeshiva boy, or yeshiva, bochur in our parlance, would start at 7:30 AM and go till 9:30 PM sometimes. And it's nonstop learning. You have a small break for eating, obviously for the three prayers every day. But other than that, it was just nonstop sitting and learning for over 12 hours a day. And that's something that you don't find anywhere else. It was, I think, a totally life transforming experience Leon: 14:07 You know, for those folks - and again, I didn't attend any of that, but I watch, I'm watching my kids go through it - and it's a very different thing than sort of the secular educational system where the goal of every school child is, "how do I get out of this as fast as possible? How do I skip as much as I can? How can I just memorize the questions for the test." This is a culture, this is a world that, as I like to tell folks, it's almost that nobody cares about the answer. The highest praise, the highest reward you can get from a teacher is "you asked a really good question." And that says something about the attitude that's there. That we enjoy this, we enjoy the playfulness with ideas. Yechiel: 14:51 And to add to that, that's actually a big difference between studying in a yeshiva for example, or studying for a degree or for a certification or whatever. Whereas in most cases you're studying, you're trying to gain a piece of knowledge. You want to... you're learning for your degree, so you want to know all that. Let's say you're learning for your law degree or for your computer science degree, wheatever it is - there's a certain piece of knowledge which you want to acquire. In yeshiva it's not about learning the subject, it's about, like I said, it's about the journey, not about the destination. It's about spending the time learning. It's not like if you can finish the tractate of Talmud quicker, then like, "okay, that's it. You can go back to you know, to your house and go to sleep." That's not what it was about. It wasn't about gaining a particular piece of knowledge. It was about the process of learning. Leon: 15:38 And the joyfulness of... taking joy in the process. Given that: Given how wonderful it was and how exciting and fun it was, what made you decide that you are going to pivot away from it? That you weren't going to become the Chabad rabbi, Yechiel. That after 10 years as a pulpit rabbi or organizational rabbi, you're going to make a move and specifically into IT What, what was it that got you to that direction? Yechiel: 16:04 Okay, so I'll take this one. So as I mentioned earlier, for various reasons we wont' get into, the rabbinate didn't work out at the time and got to a point, you know, a growing family, bills don't pay themselves., food doesn't put itself on the table. So I started looking outside of the rabbinate for other sources of income and tech was a pretty natural choice for me. When I was a kid I was that kid in the back of the classroom with the mechanical pens taking it apart, breaking and trying to figure out how the spring worked. Or anything. I don't know how many watches my parents bought me that ended up in like a mess all over my desk. So that was always something I enjoyed, figuring how things worked. And when computers, when I started getting access to computers, that was like a whole new world for me to take those things apart. I, I'm not one of those kids like wrote code at the age of 10, but I did enjoy figuring out like, you know, what tick, what made computers take, how they worked on what was going on under the hood. So when I was looking for something to do, my first job actually out of the rabbinate was doing tech support. Which was great for me because I was learning these different systems and how they worked and how to troubleshoot them and how to debug them. And it slowly progressed from there. Eventually programming was just the logical next step and haven't looked back since. Leon: 17:25 So Ben how about you? Ben: 17:26 So I've always been a bit of a geek and I've always loved tech. In fact, so this is my second career, but in many ways it's also my third career because when I was in high school, I founded a hacker conference with my friend and partner in crime at that time. And we actually just celebrated its 20th year of the Hacker Conference in San Diego, and it's one of the largest infosec conferences in southern California to this day. And we had our own little network penetration, security testing company back then as well. We didn't necessarily use those words back then because then the mid to late nineties, it was all kind of new and everything was evolving at that point. We were kind of right on the cusp at that point. And so it was actually a really exciting time to be in it. And so when I decided that it was time really to take a break from the rabbinate take a break from the clergy life - 10 years in the clergy is kind of like 40 years in another career. And I was ready for a bit of a break and it was also correlating with the desire of my family and I to think about a move out of the States into Israel. And to start thinking about ways in which we would support ourselves in Israel. And the idea of going back to a career in tech, which was something I was always interested in to begin with. And I had a bit of a history in it, albeit a very old history at that point because tech has moved and has continued to move to move really fast. So things that I was doing in the 90s like writing some code in Perl for example, would be like totally... Right? Leon: 19:11 Perl! Everyone else: 19:11 (general mocking of both Leon and Perl) Ben: 19:16 So one of the conference I was at a few months ago was at FOSDEM, which is one of the largest open source conferences in the world. Totally a free conference. Unbelievable amounts of people are there. It's in Brussels or, at least was that year. And literally every sector of the tech community is under that roof, including Perl associations and Perl groups. Leon: 19:39 Ahhhhh. It's my happy place! Ben: 19:39 And it was so beautiful to see that, it brought back so many memories of my childhood. And so tech felt like a good place to go back to. And it's a very good career and a good career path where I live now in Israel. So it just, it made a lot of sense, Corey: 20:00 Dear God, you guys are old. Everone: 20:01 (laughter) Leon: 20:05 OK Corey. All right. So what about you? Corey: 20:08 Well, I second the idea of being a total geek as you well know, Leon. But for me yeshiva was always just the first step in a journey. I knew I was going to end up in IT, but I knew that the whole yeshiva experience was something that I needed for myself in my life, it helped me become more independent. It helped me figure out a lot of things about myself along the way. So I knew I needed that. I knew what I wanted to get out of it and needed to get out of it, but it was not the permanent solution for me. I knew that eventually I was going to come back down to Earth as it were and... Leon: 20:48 Oh yes. Come down from on high, the Crystal Tower of Yeshiva and back down to down to the dust, in the gutter, Corey: 20:57 Which is better than the dark tower. Leon: 20:58 Well, okay. Corey: 20:59 Of Perl for example. Leon: 21:01 Oh See, okay. See we had to go there. Al right. So I'm curious about this because again, it was such a pivot. Were any of you resistant to the idea at first? You had this opportunity, you each had a predilection for technology, so you saw that it could work. But was anything in you saying, "Nah, that just... Oh, you know, what will the neighbors think? What will my mother think?" Was there anything that held you back? Yechiel, how about you? Yechiel: 21:27 So yeah, actually I was pretty resistant to the idea at first. Like I mentioned, I've always seen myself going into community service, going into adult education. Teaching is something that I really enjoy. I still enjoy it. I try to incorporate it into my tech career. Like the Torah & Tech newsletter and my blog and also at work mentoring, mentoring interns. Teaching is in my blood. And I always thought that I would be someone who taught, who led, who spoke. And in addition I was also, I was raised on the ideals of community service. So going off to the other direction was tough for me. Though what helped me come to terms was going again back to when I was a kid, a particular genre of stories that I really lovedwas stories from the old country, from the shtetl. There were the Jewish towns with a Jewish shoemaker and the Jewish tailor. And there's actually like a class of Great Torah scholars who could have easily gotten a position as a rabbi or in some yeshiva teaching. But they specifically did not want to use their Torah as a means to support themselves. And as a kid that was something that really touched me and I sort of romanticized it. So now when I started looking away from the rabbinate towards working for myself and I realized that actually technology nowadays is the blue collar work of today. Today's programmers and developers and sysadmins - those are today's shoemakers and blacksmiths. And you know those are the people that make the world run. And the idea of supporting myself through my own handiwork started appealing to be more and more. Leon: 23:11 It's an interesting thought. I have met one rabbi who is also an auto mechanic, but that's not the typical career path that you find for folks. So yeah, I like the idea that, IT is the next tradesman for, especially for itinerant scholars. Ben: 23:27 I will say though that now having lived in Israel for about a year, this is an area where there are, I do believe there is a cultural divide between American Orthodox Jewry and Israeli Orthodox Jewry. And the fact that in my own neighborhood, I know somebody, for example, who has a Ph.d in Academic Bible from Hebrew University and works with his hands all day as a craftsman. And it just brings back to mind stories of maybe some famous Jewish carpenter from 2000 years ago that some people might have been around... Leon: 24:03 Wow. We're just going to throw little shade. Yechiel: 24:07 Pretty sure this is your first all Jewish panel. So we had to, you know... Leon: 24:11 Yeah, we had to at least take one shot. Ben: 24:14 But I say that as a joke, but there's so many people like that in my neighborhood and my community who have ordination or I would advance degrees in Jewish studies or both and who are not working in that field, who are not working in Jewish communal service. And yet they volunteer. They give classes at night or on weekends on Shabbat. They teach they offer sermons. Our community is basically... Our personal community, where we go to synagogue, our community in Israel is essentially lay-led. And so people take turns signing up an offering words of Torah on Shabbat and holidays and a lot of those people who do that are, those possessing rabbinic ordination. Or, if not rabbinic ordination, having spent years of their life in yeshiva and who had decided to pursue a career as opposed to making the Torah or Jewish life their career. And a part of that is just the economics of the country, that it's just hard to sustain oneself in Jewish communal service in Israel. So people end up taking other jobs. But it's also, I think there's part of an ideal here of, we would call maybe "Torah v'Avodah" of Torah being combined with a job - of Torah and some kind of occupation going hand in hand. And that not being a less than ideal, but that actually being the ideal. So just an interesting reflection as I'm listening to this conversation and thinking about how I situate myself and sit where I sit now and can see both sides. And I've lived in both sides and the differences between those two. Leon: 26:02 Nice. Okay. So Ben as long as you're going, how about you? What was the challenge pivoting away from the rabbit into a career in coding? Ben: 26:10 I think it's a challenge that a lot of people who are going into a second career often face regardless of what their own particularities are, which is letting go of what others think; or what you think others are thinking. And for me that was a challenge. Leaving the rabbnic world was challenging because you - especially if you go to a hyper-focused mission driven rabbinical school, which I went to - there is, uh, a real sense of serving the community and that being the passion and drive of one's life. And switching to another career can feel like you're letting down your teachers, your mentors, your rabbis, your peers, your fellow alumni, you're a co collegial community. But recognizing that what helped me was the recognition that all of those people that I just mentioned, they also care about you and they wants what's best. They want what's best for you as well. And if they don't, they probably are not somebody you want to be invested in a friendship with to begin with and you shouldn't be necessarily taking their opinion to heart to that extent. That anyone who cares about you, who wants what's best for you, will recognize that maybe it's time. Will recognize along with you, and honor the fact that you expressed the idea that maybe it's time to switch careers and maybe it's time to move to something else. And I think getting to that point where recognizing that others value you and care for you and are not looking down upon you or critiquing you. And if they are, it's okay to say, "enough of you, you're out of my life." It's okay to do those things and to put your life first. And what's best for you and your family. Those were some major hurdles, but once I got over them became it became pretty straightforward. Leon: 28:18 Nice. Corey! Corey: 28:20 For me wasn't too difficult because, as I previously mentioned, I knew I was gonna go into IT all along. For me, the most difficult part - was because I had grown up and been in some religious schooling system for my entire life - It was the idea, of leaving the cocoon as it were. And you know, now not everybody I'm going to meet is orthodox. Not everybody that I'm going to have to deal with in school or in work is going to be, you know, a member of the tribe as it were. You know, so there was a little bit of trepidation, but I knew it was gonna happen. Leon: 29:12 Got It. Leon: 29:13 We know you can't listen to our podcasts all day. So out of respect for your time, we've broken this particular discussion up. Come back next week where we continue our conversations about "Pivoting Our Career On the Tip of a Torah Scroll." Roddie: 29:25 Thanks for making time for us this week. To hear more of Technically Religious, visit our website, https://technicallyreligious.com, where you can find our other episodes, leave us ideas for future discussions, and connect to us on social media. Leon: 29:38 So there's these three rabbis that walk into a bar. Ben: 29:40 Uh, that's not how it goes. Yechiel: 29:42 I think you totally ruined that joke. Corey: 29:44 This is how that joke goes.    

This is the first episode of our podcast, so we would love to get some feedback! Of course this time it got super long, that wasn't planned but I think it was worth it. Our experience of the 34th chaos communication congress from december 2017 in Leipzig Germany. This is the first episode of our podcast, so we would love to get some feedback! Of course this time it got super long, that wasn't planned but I think it was worth it. You can also tweet at us with #insecurespace: https://twitter.com/xdavidhu https://twitter.com/spacehuhn Discord Server: https://discord.gg/7Ay378G Patreon: https://patreon.com/spacehuhn Links to everyone: xdavidhu: http://xdavidhu.me/ seytonic: http://seytonic.com/ kama: http://nikolaskama.me/ dean: http://deantonious.es/ spacehuhn: https://spacehuhn.com/ Dave: https://hackaday.io/davedarko WiFi Satellite: https://hackaday.io/project/28831-wifi-satellite-34c3 BlinkenRocket: http://blinkenrocket.de/ VLOG Day 0: https://www.youtube.com/watch?v=me-cSv2X4Cw VLOG Day 1: https://www.youtube.com/watch?v=ST_J6VonVic VLOG Day 2+3: https://www.youtube.com/watch?v=XyHpufcgQ10

Materials Available here: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Evilrob-Xaphan-TLS-Canary-Keeping-Your-Dick-Pics-Safer.pdf Canary: Keeping Your Dick Pics Safe(r) Rob Bathurst (evilrob) Security Engineer and Penetration Tester Jeff Thomas (xaphan) Senior Cyber Security Penetration Testing Specialist The security of SSL/TLS is built on a rickety scaffolding of trust. At the core of this system is an ever growing number of Certificate Authorities that most people (and software) take for granted. Recent attacks have exploited this inherent trust to covertly intercept, monitor and manipulate supposedly secure communications. These types of attack endanger everyone, especially when they remain undetected. Unfortunately, there are few tools that non-technical humans can use to verify that their HTTPS traffic is actually secure. We will present our research into the technical and political problems underlying SSL/TLS. We will also demonstrate a tool, currently called “Canary”, that will allow all types users to validate the digital certificates presented by services on the Internet. Evilrob is a Security Engineer and Penetration Tester with over 14 years of experience with large network architecture and engineering. His current focus is on network security architecture, tool development, and high-assurance encryption devices. He currently spends his days contemplating new and exciting ways to do terrible things to all manner of healthcare related systems in the name of safety. Twitter: @knomes xaphan is a "Senior Cyber Security Penetration Testing Specialist" for a happy, non-threatening US government agency. He has been a penetration tester for 17 years, but maintains his sanity with a variety of distractions. He is the author of several ancient and obsolete security tools and the creator of DEFCOIN. Twitter: @slugbait

Investigating the Practicality and Cost of Abusing Memory Errors with DNS Luke Young Information Security Engineer, Hydrant Labs LLC In a world full of targeted attacks and complex exploits this talk explores an attack that can simplified so even the most non-technical person can understand, yet the potential impact is massive: Ever wonder what would happen if one of the millions of bits in memory flipped value from a 0 to a 1 or vice versa? This talk will explore abusing that specific memory error, called a bit flip, via DNS. The talk will cover the various hurdles involved in exploiting these errors, as well as the costs of such exploitation. It will take you through my path to 1.3 million mis-directed queries a day, purchasing hundreds of domain names, wildcard SSL certificates, getting banned from payment processors, getting banned from the entire Comcast network and much more. Luke Young (@innoying) - is a freshman undergraduate student pursuing a career in information security. As an independent researcher, he has investigated a variety of well-known products and network protocols for design and implementation flaws. His research at various companies has resulted in numerous CVE assignments and recognition in various security Hall of Fames. He currently works as an Information Security Intern at LinkedIn. Twitter: @innoying LinkedIn: www.linkedin.com/in/innoying

When IoT attacks: hacking a Linux-powered rifle Runa A. Sandvik Michael Auger TrackingPoint is an Austin startup known for making precision-guided firearms. These firearms ship with a tightly integrated system coupling a rifle, an ARM-powered scope running a modified version of Linux, and a linked trigger mechanism. The scope can follow targets, calculate ballistics and drastically increase its user's first shot accuracy. The scope can also record Audio and audio, as well as stream Audio to other devices using its own wireless network and mobile applications. In this talk, we will demonstrate how the TrackingPoint long range tactical rifle works. We will discuss how we reverse engineered the scope, the firmware, and three of TrackingPoint's mobile applications. We will discuss different use cases and attack surfaces. We will also discuss the security and privacy implications of network-connected firearms. Runa A. Sandvik is a privacy and security researcher, working at the intersection of technology, law and policy. She is a technical advisor to both the Freedom of the Press Foundation and the TrueCrypt Audit Project, and a member of the review board for Black Hat Europe. Twitter: @runasand Michael Auger is an experienced IT Security specialist with extensive experience in integrating and leveraging IT security tools. He has leveraged a wide range of IT security solutions, integrating them, to deliver leading edge incident response and security operations capabilities. His 15+ year career includes: · Supporting security incidents during the event and the subsequent remediation phases · Implementing and managing IT security infrastructures for public and private organizations. · Design and implement global SIEM infrastructure for F100 organizations · Delivering training on advanced SIEM solutions and network discovery tools · Presenting and publishing security articles on security vulnerabilities and best practices

Hacking the Human Body/brain: Identity Shift, the Shape of a New Self, and Humanity 2.0 Richard Thieme Author and Professional Speaker, ThiemeWorks This presentation is beyond fiction. Current research in neuroscience and the extension and augmentation of senses is proceeding in directions that might sound to a twentieth century mind like science fiction. Progress is rapid but unevenly distributed: Some is directed by military, intelligence and corporate interests but beyond their concerns, we can discern the future shape of human identity itself in nascent forms. The human body/brain is being hacked to explore radical applications for helping, healing, and harming this and future generations. Some can be done in garage-hacking style. The presenter, in fact, recently had lenses in both eyes removed and replaced with artificial ones engineered for the vision he wanted, a now-trivial surgery. The reach of new technologies promises an even more radical transformation in what it means to be human. One area of research is the recovery of memories, the deletion of emotional charges from memories, the removal of specific memories, the alteration of the content of memories, and the implantation of new memories. Another seeks to read the mind at a distance and extract information. Another explores the use of genomes to understand and replicate thinking, feeling, and behavior patterns. Another implements mind-to-mind communication, using neuroscience to understand brains best suited for remote viewing as well as implants and non-invasive technologies that control the electromagnetic energies of the brain to enable psychokinesis, clairvoyance and telepathy. Augmentation of human abilities is being achieved by splicing information from sensors integrated with existing neurological channels. To feel the magnetic field of the earth, see the infrared and ultraviolet parts of the electromagnetic spectrum, discern the yaw and pitch of airplanes, see and hear by going around our eyes and ears -- all this means we will experience the “self” in new ways. Thieme concludes with quotes from remote viewer Joe McMoneagle, astronaut Edgar Mitchell, and his new novel FOAM to suggest the shape of the mind of the future. If you're 20 years old, you have at least a century of productive life ahead of you, so you had better be on board with the shape of your future selves. :-) Richard Thieme is an author and professional speaker focused on the challenges posed by new technologies and the future, how to redesign ourselves to meet these challenges, and creativity in response to radical change and identify shift. He has explored issues raised in this DEF CON 23 presentation for 20 years but raises his game to outline the shape of the future self, defining it as a system open to modification and hacking, giving the term “biohacking” new and compelling meaning. His column, "Islands in the Clickstream," was distributed to subscribers in sixty countries before collection as a book in 2004. When a friend at the NSA said after they worked together on intelligence issues, "The only way you can tell the truth is through fiction," he returned to writing short stories, 19 of which are collected in “Mind Games.” He is co-author of the critically extolled “UFOs and Government: A Historical Inquiry,” a 5-year research project using material exclusively from government documents and other primary sources, now in 50 university libraries. A recently completed novel FOAM explores the existential challenges of what it means to be human in the 21st century. “The UFO History Group” is exploring a second volume and Thieme is selecting “the best of” his diverse writings for “A Richard Thieme Reader” and writing more fiction. Thieme's work has been taught at universities in Europe, Australia, Canada, and the United States, and he has guest lectured at numerous universities, including Purdue University (CERIAS), the Technology, Literacy and Culture Distinguished Speakers Series of the University of Texas, and the “Design Matters” lecture series at the University of Calgary. He keynoted a conference on metadata this spring for the U of Texas-San Antonio. He addressed the reinvention of “Europe” as a “cognitive artifact” for curators and artists at Museum Sztuki in Lodz, Poland and keynoted “The Real Truth: A World’s Fair” at Raven Row Gallery, London. He has spoken for the National Security Agency, the FBI, the Secret Service, the US Department of the Treasury, Los Alamos National Labs and has keynoted “hacker” and security conferences around the world. Twitter and skype: neuralcowboy: Facebook and LinkedIn: Richard Thieme

Let's Encrypt - Minting Free Certificates to Encrypt the Entire Web Peter Eckersley Electronic Frontier Foundation James Kasten Electronic Frontier Foundation Yan Zhu Electronic Frontier Foundation Let's Encrypt is a new certificate authority that is being launched by EFF in collaboration with Mozilla, Cisco, Akamai, IdenTrust, and a team at the University of Michigan. It will issue certificates for free, using a new automated protocol called ACME for verification of domain control and issuance. This talk will describe the features of the CA and available clients at launch; explore the security challenges inherent in building such a system; and its effect on the security of the CA marketplace as a whole. We will also update our place on the roadmap to a Web that uses HTTPS by default. Peter Eckersley is Chief Computer Scientist for the Electronic Frontier Foundation. He leads a team of technologists who watch for technologies that, by accident or design, pose a risk to computer users' freedoms—and then look for ways to fix them. They write code to make the Internet more secure, more open, and safer against surveillance and censorship. They explain gadgets to lawyers and policymakers, and law and policy to gadgets. Aside from Let's Encrypt, Peter's other work at EFF has included privacy and security projects such as Panopticlick, HTTPS Everywhere, SSDI, and the SSL Observatory; helping to launch a movement for open wireless networks; fighting to keep modern computing platforms open; and running the first controlled tests to confirm that Comcast was using forged reset packets to interfere with P2P protocols. Peter holds a PhD in computer science and law from the University of Melbourne. James Kasten is a PhD candidate in Computer Science and Engineering at the University of Michgan and a STIET fellow. James is also a contractor at the Electronic Frontier Foundation. His research focuses on practical network security and PKI. James has published on the state of TLS, its certificate ecosystem and its vulnerabilities. Most notably, James has helped design the protocol and launch the technology behind Let's Encrypt. Yan is a security engineer at Yahoo, mostly working on End-to-End email encryption and improving TLS usage. She is also a Technology Fellow at EFF and a core developer of Let's Encrypt, HTTPS Everywhere, Privacy Badger Firefox, and SecureDrop. Yan has held a variety of jobs in the past, ranging from hacking web apps to composing modern orchestra music. She got a B.S. from MIT in 2012 and is a proud PhD dropout from Stanford. Yan has been a speaker at HOPE, DEFCON 22, jQuerySF, Real World Crypto, SXSW, and various other human gatherings. She is @bcrypt on Twitter.

Materials Available here: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-DaKahuna-Satanlawz-Introduction-to-SDR-and-Wifi-Village.pdf Introduction to SDR and the Wireless Village DaKahuna satanklawz In many circumstances, we all have to wear different hats when pursuing hobbies, jobs and research. This session will discuss the exploration and use of software defined radio from two perspectives; that of a security researcher and Ham Radio operator. We will cover common uses and abuses of hardware to make them work like transceivers that the Ham crowed is use too, as well as extending the same hardware for other research applications. Additionally we will highlight some of the application of this knowledge for use at The Wireless Village! Come and join this interactive session; audience participation is encouraged. By day DaKahuna works for a small defense contractor as a consultant to large government agencies providing critical reviews of customer organizations compliance with Federal Information Systems information Security Act (FISMA) requirements, effectiveness of their implementation of National Institute for Science and Technology (NIST) Special Publication requirements, cyber security policies, cyber security program plans, and governmental standards and guidance. By night he enjoys roaming the airwaves , be it the amateur radio bands or wireless networks. He is a father of two, grandfather to three, 24 year Navy veteran communicator, holder of an amateur radio Extra Class license and a staunch supporter and exerciser of his 2nd Amendment rights who enjoys shooting targets out to 1200 yards. Satanklawz has been in the information security realm for 15 years. He built and sold a wireless ISP, worked info sec in the financial services industry and now is a public servant of sorts. His hobbies and interests have always involved radio in some sort of fashion. When he has spare time, he is completing his PhD, teaches, create mischief, and is working on his dad jokes. Flowers, red and blue, satanklawz loves *SDR*. This is a haiku.

Materials Available here:https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Damon-Small-Beyond-the-Scan.pdf Beyond the Scan: The Value Proposition of Vulnerability Assessment Damon Small Security Researcher Vulnerability Assessment is, by some, regarded as one of the least “sexy” capabilities in information security. However, it is the presenter’s view that it is also a key component of any successful infosec program, and one that is often overlooked. Doing so serves an injustice to the organization and results in many missed opportunities to help ensure success in protecting critical information assets. The presenter will explore how Vulnerability Assessment can be leveraged “Beyond the Scan” and provide tangible value to not only the security team, but the entire business that it supports. Damon Small began his career studying music at Louisiana State University. Pursuing his desire to actually make money, he took advantage of computer skills learned in the LSU recording studio to become a systems administrator in the mid 1990s. Following the dotcom bust in the early 2000s, Small began focusing on cyber security. This has remained his passion, and over the past 15 years as a security professional he has supported infosec initiatives in the healthcare, defense, and oil and gas industries. In addition to his Bachelor of Arts in Music, Small completed the Master of Science in Information Assurance degree from Norwich University in 2005. Twitter: @damonsmall

Materials Available here: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Tottenkoph-IrishMASMS-Hackers-Hiring-Hacker.pdf Hackers Hiring Hackers - How to Do Things Better Tottenkoph Security Consultant, Rapid7 IrishMASMS Hacker There are a lot of talks about how to be a better pen tester and workshops that show you how to use all of the cool new tools that are available to make our jobs easier, but there are only a few talks that address what some of us consider to be the hardest part of getting a job in security: the hiring process. The information security field is in desperate need of people with the technical skills hackers have to fill a myriad of roles within organizations across the world. However, both sides of the table are doing horribly when it comes to hiring and interviewing for work. Organizations are doing poorly trying to communicate expectations for a job, there are people going to interviews without knowing how to showcase their (limited or vast) experience, and some people posture themselves so poorly that the hiring managers don’t think the candidates are really interested in the job. This talk takes the experiences of the speakers as both interviewers and interviewees as well as from others within the scene in order to help better prepare hackers to enter (or move within) “the industry” as well as let the people making hiring decisions know what they can do to get the people and experience they need for their teams. Tottenkoph has been hacking for the past 10 years and is currently a security consultant for Rapid7. Tottie has spoken at several hacker cons and is currently pursuing her Master’s degree in Industrial and Organizational Psychology, planning to apply its practices to the hacker and infosec communities. Twitter: @Tottenkoph IrishMASMS is an old school hacker, fighting the good fight in Computer Network Defence (CND)/blue team efforts for over 16 years. Been lurking about since DEF CON 10, DJing the B&W ball at DEF CON 18 (with quite a few AP pool shindigs and private parties along the way). Panel member at HOPE 5, presenter at a couple of Notacon’s, and some other conferences that are hard to remember what really happened. Having progressed through the ranks to hiring manager and director level, he has experienced the pain from both sides of the hiring process and desires to improve the situation for the InfoSec community. Is this where we mention cyberderp? Twitter: @IrishMASMS

Responsible Incident: Covert Keys Against Subverted Technology Latencies, Especially Yubikey LosT We're no strangers to love You know the rules and so do I A full commitment's what I'm thinking of You wouldn't get this from any other guy I just wanna tell you how I'm feeling Gotta make you understand Never gonna give you up Never gonna let you down Never gonna run around and desert you Never gonna make you cry Never gonna say goodbye Never gonna tell a lie and hurt you LosT also runs the annual Mystery Box Challenge contest at DEF CON, which he launched at DEF CON 9. L0s7 says he likes to create the kind of challenges and puzzles that he wishes someone else would create for him to solve. 1057 has allegedly created the badges for DEF CON 23. Lo5t also appreciates jokes. Twitter: @1o57 Web: www.LostboY.net

Medical Devices: Pwnage and Honeypots Scott Erven Associate Director, Protiviti Mark Collao Security Consultant, Protiviti We know medical devices are exposed to the Internet both directly and indirectly, so just how hard is it to take it to the next step in an attack and gain remote administrative access to these critical life saving devices? We will discuss over 20 CVEís Scott has reported over the last year that will demonstrate how an attacker can gain remote administrative access to medical devices and supporting systems. Over 100 remote service and support credentials for medical devices will be presented. So is an attack against medical devices a reality or just a myth? Now that we know these devices have Internet facing exposure and are vulnerable to exploit, are they being targeted? We will release and present six months of medical device honeypot research showing the implications of these patient care devices increasing their connectivity. Scott Erven is an Associate Director at Protiviti. He has over 15 years of information security and information technology experience with subject matter expertise in medical device and healthcare security. Scott has consulted with the Department of Homeland Security, Food and Drug Administration and advised national policymakers. His research on medical device security has been featured in Wired and numerous media outlets worldwide. Mr. Erven has presented his research and expertise in the field internationally. Scott also has served as a subject matter expert and exam writer for numerous industry certifications. His current focus is on research that affects human life and public safety issues inside todayís healthcare landscape. Mark Collao is a Security Consultant at Protiviti. He has over 5 years of experience in information security consulting, primarily in network and application penetration tests, red team assessments, and social engineering exercises. Mark also researches botnet activity and maintains several custom protocol and application honeypots on the net. He holds an Offensive Security Certified Professional (OSCP) certification, is a member of the MWCCDC red team, and graduated from DePaul University.

And That's How I Lost My Other Eye: Further Explorations In Data Destruction Zoz Robotics Engineer and Security Researcher How much more paranoid are you now than you were four years ago? Warrantless surveillance and large-scale data confiscation have brought fear of the feds filching your files from black helicopter territory into the mainstream. Recent government snatch-and-grabs have run the gamut from remotely imaging foreign servers to straight up domestic coffeeshop muggings, so if you think you might need to discard a lot of data in hurry you're probably right. In their legendary DEF CON 19 presentation Shane Lawson, Bruce Potter and Deviant Ollam kicked off the discussion, and now it's time for another installment. While purging incriminating material residing on spinning disks remains the focus, the research has been expanded to encompass solid state storage and mobile solutions to your terabyte trashing needs. With best efforts to comply with the original constraints, the 2015 update features more analysis of the efficacy of kinetic projectiles, energetic materials and high voltages for saving your freedom at the potential cost of only a redundant body part... or two. Zoz is a robotics engineer, rapid prototyping specialist and lifelong enthusiast of the pyrotechnic arts. Once he learned you could use a flamethrower and a coffee creamer bomb to fake a crop circle for TV he realized there are really no limits to creative destruction.

Abusing native Shims for Post Exploitation Sean Pierce Technical Intelligence Analyst for iSIGHT Partners Shims offer a powerful rootkit-like framework that is natively implemented in most all modern Windows Operating Systems. This talk will focus on the wide array of post-exploitation options that a novice attacker could utilize to subvert the integrity of virtually any Windows application. I will demonstrate how Shim Database Files (sdb files / shims) are simple to create, easy to install, flexible, and stealthy. I will also show that there are other far more advanced applications such as in-memory patching, malware obfuscation, evasion, and system integrity subversion. For defenders, I am releasing 6 open source tools to prevent, detect, and block malicious shims. Sean Pierce is a Technical Intelligence Analyst for iSIGHT Partners. Sean currently specializes in reverse engineering malware & threat emulation and in the past has worked on incident response, botnet tracking, security research, automation, and quality control. Prior working at iSIGHT Partners, he was an academic researcher and part time lecturer at the University of Texas at Arlington where he earned a Bachelors of Computer Engineering with a minor in Math. Sean also does freelance consulting, penetration testing, forensics, and computer security education. He is an Eagle Scout and enjoys learning how things work. Twitter: @secure_sean

RFIDiggity: Pentester Guide to Hacking HF/NFC and UHF RFID Francis Brown Partner - Bishop Fox Shubham Shah Security Analyst at Bishop Fox Have you ever attended an RFID hacking presentation and walked away with more questions than answers? This talk will finally provide practical guidance for penetration testers on hacking High Frequency (HF - 13.56 MHz) and Ultra-High Frequency (UHF – 840-960 MHz). This includes Near Field Communication (NFC), which also operates at 13.56 MHz and can be found in things like mobile payment technologies, e.g., Apple Pay and Google Wallet. We'll also be releasing a slew of new and free RFID hacking tools using Arduino microcontrollers, Raspberry Pis, phone/tablet apps, and even 3D printing. This presentation will NOT weigh you down with theoretical details or discussions of radio frequencies and modulation schemes. It WILL serve as a practical guide for penetration testers to better understand the attack tools and techniques available to them for stealing and using RFID tag information, specifically for HF and UHF systems. We will showcase the best-of-breed in hardware and software that you'll need to build an RFID penetration toolkit. Our goal is to eliminate pervasive myths and accurately illustrate RFID risks via live attack DEMOS: High Frequency / NFC – Attack Demos: HF physical access control systems (e.g., iCLASS and MIFARE DESFire 'contactless smart card' product families) Credit cards, public transit cards, passports (book), mobile payment systems (e.g., Apple Pay, Google Wallet), NFC loyalty cards (e.g., MyCoke Rewards), new hotel room keys, smart home door locks, and more Ultra-High Frequency – Attack Demos: Ski passes, enhanced driver's licenses, passports (card), U.S. Permanent Resident Card ('green card'), trusted traveler cards Schematics and Arduino code will be released, and 100 lucky audience members will receive one of a handful of new flavors of our Tastic RFID Thief custom PCB, which they can insert into almost any commercial RFID reader to steal badge info or use as a MITM backdoor device capable of card replay attacks. New versions include extended control capabilities via Arduino add-on modules such as Bluetooth low energy (BLE) and GSM/GPRS (SMS messaging) modules. This DEMO-rich presentation will benefit both newcomers to RFID penetration testing as well as seasoned professionals. Francis Brown, CISA, CISSP, MCSE, is a Managing Partner at Bishop Fox (formerly Stach & Liu), a security consulting firm providing IT security services to the Fortune 1000 and global financial institutions as well as U.S. and foreign governments. Before joining Stach & Liu, Francis served as an IT Security Specialist with the Global Risk Assessment team of Honeywell International where he performed network and application penetration testing, product security evaluations, incident response, and risk assessments of critical infrastructure. Prior to that, Francis was a consultant with the Ernst & Young Advanced Security Centers and conducted network, application, wireless, and remote access penetration tests for Fortune 500 clients. Francis has presented his research at leading conferences such as Black Hat USA, DEF CON, RSA, InfoSec World, ToorCon, and HackCon and has been cited in numerous industry and academic publications. Francis holds a Bachelor of Science and Engineering from the University of Pennsylvania with a major in Computer Science and Engineering and a minor in Psychology. While at Penn, Francis taught operating system implementation, C programming, and participated in DARPA-funded research into advanced intrusion prevention system techniques. Shubham Shah is a Security Analyst at Bishop Fox (formerly Stach & Liu), a security consulting firm providing IT security services to the Fortune 500, global financial institutions, and high-tech startups. Shubham's primary areas of expertise are application security assessment, source code review, and mobile application security. Shubham is a former bug bounty hunter who has submitted medium-high risk bugs to the bug bounties of large corporations such as PayPal, Facebook, and Microsoft. He regularly conducts web application security research and frequently contributes to the security of open-source projects. He has presented at Ruxcon and is known in Australia for his identification of high-profile vulnerabilities in the infrastructures of major mobile telecommunication companies. Prior to joining Bishop Fox, Shubham worked at EY. At EY, he performed web application security assessments and application penetration tests. Additionally, Shubham has been a contractor for companies such as Atlassian. As a contractor, he conducted external web application security penetration tests. Shubham also develops and maintains open-source projects such as Websec Weekly that assist the web application security industry. Twitter: @bishopfox Facebook: https://www.facebook.com/BishopFoxConsulting LinkedIn: https://www.linkedin.com/company/bishop-fox

: Presenting the results and awards for the DEF CON 23 Contests and Events.

HamSammich – long distance proxying over radio Robert Graham Erratasec.com David Maynor Erratasec.com The ProxyHam talk was mysteriously canceled. However, it’s easy to replicate the talk from the press coverage. In this talk, we propose “HamSammich”, creating a point-to-point link in order to access WiFi from many miles away, as a means to avoid detection. We show how off-the-shelf devices can be configured to do this for less than $200. After demonstrating the working system, we’ll talk about radio signals. This includes both the FCC regulatory issues which may have caused the cancelation of the original talk, as well as signals-intelligence, and the practicalities of being detected and caught. Finally, we’ll talk about hiding signals with SDR, a more complicated and expensive technique, but one that hides better in the electromagnetic spectrum. We’ll demonstrate not only a working system, but what the 900MHz spectrum looks like, and how to track down a working system. Robert Graham is the CEO of Errata Security, a pentest/consulting firm. He's known for creating the first IPS, the BlackICE series of products, sidejacking, and masscan. In his spare time, he scans the Internet. He has been speaking at several conferences a year for the past decade. Twitter: @ErrataRob David Maynor is the CTO of Errata Security, and chief pentester. He’s a frequent speaker at conferences, most infamously in the Apple WiFi scandal. In his spare time, he builds weapons for Skynet’s domination of the planet. Twitter: @Dave_Maynor

Insteon' False Security And Deceptive Documentation Peter Shipley Security Researcher Ryan Gooler Insteon is a leading home automation solution for controlling lights, locks, alarms, and much more. More than forty percent of homes with automation installed use Insteon. For the last fifteen years, Insteon has published detailed documentation of their protocols—documentation that is purposely misleading, filled with errors, and at times deliberately obfuscated. As my research over the last year has revealed, this sad state of affairs is the direct result of Insteon papering over the fact that it is trivial to wirelessly take control, reprogram, and monitoring any Insteon installation. Worse still, the embedded nature of the Insteon protocol coupled with devices that do not support flash updates means that there are no current fixes or workarounds short of ripping out the Insteon products. I will be presenting my research, and releasing tools demonstrating the vulnerabilities throughout the Insteon home automation system. Peter Shipley has been working with security for over 30 years. In the late 80's he wrote one of the first network security scanners and maintained one of the first bug databases ( later used to seed similar lists at CERT and llnl.gov ). Around the same time Peter co-founded UC Berkeley's OCF (Open Computing Facility). In the mid 90's Peter Shipley became a founding member of cypherpunks & setup up one of the first official PGP distribution sites. In '98 (DEF CON 6) Peter Shipley did a independent security research on war-dialing, exposing a significant security problem that was being ignored in most corporate environments making phone security. At DEF CON 9 Peter Shipley introduced wardriving to the world. Recently Peter has written and released several APIs using python to link various networked automation appliances via REST and other interfaces. Peter Shipley currently manages for a dot-com by day, and helps raise two kids by night. Ryan Gooler (@jippen) is a cloud security guy, known for luck, sarcasm, and getting into things. Avid lockpicker, lover of cats, and disrespector of authority.

Who Will Rule the Sky? The Coming Drone Policy Wars Matt Cagle Technology and Civil Liberties Policy Attorney, ACLU of Northern California Eric Cheng General Manager, DJI SF and Director of Aerial Imaging, DJI Your private drone opens up limitless possibilities – how can manufacturers and policymakers ensure you are able to realize them? As private drone ownership becomes the norm, drone makers and lawmakers will need to make important policy decisions that account for the privacy and free speech issues raised by this new technology. What legal and technical rules are being considered right now, and how might they affect your ability to do things like record footage at a city park, monitor police at a protest, or fly near a government building? These decisions will dictate the technical limitations (or lack thereof) placed on drones, and the legal consequences of operating them. Join Eric Cheng, General Manager of DJI SF and DJI's Director of Aerial Imaging, and Matt Cagle, a Technology and Civil Liberties Policy Attorney with the ACLU of Northern California, to discuss the policy issues at this leading edge of law and consumer technologies. Matt Cagle is a Technology and Civil Liberties Policy Attorney at the ACLU of Northern California. At the ACLU-NC, Matt's work focuses on the privacy and free speech issues raised by new services and technologies, including surveillance equipment, social media services, and connected devices. Last fall, Matt co-authored Making Smart Decisions About Surveillance: A Guide for Communities, a paper that provides a framework for communities considering surveillance technology proposals. Matt has worked in private practice advising technology companies on the privacy issues related to new products and services. Matt has substantial experience responding to state and federal law enforcement requests for online user information, and he co-authored reddit's first ever transparency report. Matt regularly speaks at conferences ranging from SXSW to RightsCon, and he served on the privacy committee for Oakland's controversial surveillance complex, the Domain Awareness Center. He grew up in Southern Arizona, studied Latin American history in Guatemala, and holds a JD from Stanford Law School. Twitter: @matt_cagle Eric Cheng is an award-winning photographer and publisher, and is the Director of Aerial Imaging and General Manager of the San Francisco office at DJI, the creators of the popular Phantom aerial-imaging quadcopter. Throughout his career, Cheng has straddled passions for photography, entrepreneurship, technology and communication. He publishes Wetpixel.com, the leading underwater-photography community on the web, and writes about his aerial-imaging pursuits at skypixel.org. His work as a photographer has been featured at the Smithsonian's Natural History Museum and in many media outlets including Wired, Outdoor Photographer, Popular Photography, Washington Post, Wall Street Journal, Make, ABC, Good Morning America, CBS, CNN and others. His Audio work has been shown on the Discovery Channel, National Geographic Channel, and on virtually every news network around the world. Caught between technical and creative pursuits, Eric holds bachelor's and master's degrees in computer science from Stanford University, where he also studied classical cello performance. He leads regular photography expeditions and workshops around the world, and has given seminars and lectures internationally at events including TEDx, the Churchill Club, Photoshelter Luminance, CES, SXSW, AsiaD, DEMA, and others. Twitter: @echeng

Pivoting Without Rights – Introducing Pivoter Geoff Walton Senior Security Consultant for Cleveland-based TrustedSec Dave Kennedy (ReL1K/HackingDave), founder of TrustedSec and Binary Defense Systems One of the most challenging steps of a penetration test is popping something and not having full administrative level rights over the system. Companies are cutting back on administrative level rights for endpoints or how about those times where you popped an external web application and were running as Apache or Network Service? Privilege escalation or pillaging systems can be difficult and require extensive time if successful at all. One of the most challenging aspects around pentesting was the need to have administrative level rights, install your tools, and from there leverage the compromised machine as a pivot point for lateral movement in the network. Well, the time has changed. Introducing Pivoter – a reverse connection transparent proxy that supports the ability to pivot with ease. Pivoter is a full transparent proxy that supports the ability to use limited rights on a system to pivot to other systems and attack transparently from your system at home. Port scans, exploits, brute forcing, anything you could do like you were on that network is now available through Pivoter. As part of this talk, we’ll be releasing a new Metasploit module for shell DLL injection for AV evasion, a Linux version of Pivoter, a Windows version of Pivoter, and a PowerShell version of Pivoter. msf> run pivoter -> pentest as if you are on the internal network even if you don’t have admin rights. Also during this talk, we’ll be releasing a new major release of the Social-Engineer Toolkit (SET) which incorporates Pivoter into the payload delivery system. Geoff Walton is a Senior Security Consultant for Cleveland-based TrustedSec. He joined after years of working in information security. Geoff’s expertise in pen testing, network security, and software analysis comes form over ten years experience in a variety of information technology roles including software development, network operations and information security specific functions; Geoff brings broad vision to assessments and penetration test engagements. Geoff has been part of diverse IT teams at organizations both large and small. He has experience across several industries including retail, professional services, and manufacturing. Dave Kennedy is founder of TrustedSec and Binary Defense Systems. Both organizations focus on the betterment of the security industry from an offense and a defense perspective. David was the former Chief Security Officer (CSO) for a Fortune 1000 company where he ran the entire information security program. Kennedy is a co-author of the book "Metasploit: The Penetration Testers Guide," the creator of the Social-Engineer Toolkit (SET), and Artillery. Kennedy has been interviewed by several news organizations including CNN, Fox News, MSNBC, CNBC, Katie Couric, and BBC World News. Kennedy is the co-host of the social-engineer podcast and on a number of additional podcasts. Kennedy has testified in front of Congress on two occasions on the security around government websites. Kennedy is one of the co-authors of the Penetration Testing Execution Standard (PTES); a framework designed to fix the penetration testing industry. Kennedy is the co-founder of DerbyCon, a large-scale conference in Louisville Kentucky. Prior to Diebold, Kennedy was a VP of Consulting and Partner of a mid-size information security consulting company running the security consulting practice. Prior to the private sector, Kennedy worked for the United States Marine Corps and deployed to Iraq twice for intelligence related missions. Twitter: @HackingDave

Seeing through the Fog Zack Fasel Urbane Security Yes. "The Cloud" (drink). Even though many of us would much like to see use of public clouds decline, they're not going away any time soon. And with such, a plethora of companies now have revolutionary new solutions to solve your "cloud problems". From crypto to single sign on with two step auth, proxies to monitoring and DLP, every vendor has a solution, even cloud based for the cloud! What we haven't seen is much of an open source or community lead solution to these problems. So let's change that. Zack will review the laundry list of security problems with various cloud providers (and their pluthera of APIs), provide some easy fixes to the common issues seen, and introduce a few new open source tools to help monitor and defend the data and access in the wild. Zack Fasel is a Founding Partner at Urbane Security, a solutions-focused vendor-agnostic information security services firm focusing on providing innovative defense, sophisticated offense and refined compliance services. Heading up Urbane's Research and Security Services divisions, Zack brings his years of diverse internal and external experience to drive Urbane's technical solutions to organizations top pain points. His previous research and presentations at conferences have spread across numerous domains including Windows authentication flaws, femtocells, open source defensive security solutions and unique network and application attack vectors. When not selling out, he can be found lost in the untz unce wubs, dabbling in instagram food photography, or eating scotch and drinking gummy bears (that's right, right?). More information on him can be found at zfasel.com and on Urbane Security at UrbaneSecurity.com. Twitter: @zfasel

How to Hack Government: Technologists as Policy Makers Terrell McSweeny Commissioner, Federal Trade Commission Ashkan Soltani Chief Technologist, Federal Trade Commission As the leading federal agency responsible for protecting your privacy rights online, technology is at the core of the Federal Trade Commission's work. You may be familiar with the agency's enforcement actions against some of the world's biggest tech companies for privacy/data security violations - but you may not know how your research skills can inform its investigations and policy. Come hear about some of the Commission's recent tech-related actions, research and reports, plus how its work impacts both consumers and businesses. You'll also learn how you can directly or indirectly help the agency protect consumers, guide businesses to develop better/strong data security, and much more. Terrell McSweeny serves as a Commissioner of the Federal Trade Commission - sometimes referred to as the Federal Technology Commission. This year marks her second DEF CON adventure. When it comes to tech issues, Commissioner McSweeny wants companies to implement security by design, to be transparent about their data collection practices, and to give consumers as much control as possible. Twitter: @TMcSweenyFTC Ashkan Soltani serves as the FTC's fourth Chief Technologist. He is a privacy and security researcher whose work draws attention to privacy problems online, demystifies technology for the non-technically inclined, and provides data-driven insights to help inform policy. Ashkan was recognized as part of the 2014 Pulitzer winning team at the Washington Post and was the primary technical consultant on the Wall Street Journal's "What They Know" investigative series on online privacy. Twitter: @TechFTC

Licensed to Pwn: The Weaponization and Regulation of Security Research Jim Denaro Dave Aitel Matt Blaze Nate Cardozo Mara Tam Catherine “Randy” Wheeler Security research is under attack. Updates to the Wassenaar Arrangement in 2013 established among its 41 member nations an agreement to place a variety of previously undesignated “cybersecurity items” under export control. After 18 months and a half-dozen open advisory meetings, the U.S. has taken the entire security research community by surprise with its proposed rule; we are confronted by a sweeping implementation with profound consequences for academia, independent research, commercial cybersecurity, human rights, and national security. While the outcome of this round of regulatory intervention is still uncertain, the fact that there will be more is not. This panel of experts will discuss the context, history, and general process of regulation, as well the related question of “weaponized” research in regulatory discourse. There is significant daylight between the relatively lax text of the Wassenaar Arrangement itself and the extraordinarily broad implementation proposed in the U.S. What will the practical effects of those differences be, and why did the U.S. diverge from the Wassenaar text? Regulators are, even now, still struggling to comprehend what the consequences of this new “cyber rule” might be. So, how are we to understand this regulatory process? What are its objectives? Its impacts? Its limits? How can we influence its outcomes? Eleventh-hour interventions are quickly becoming a hallmark of regulatory activities with implications for the wider world of information security; the fight here is almost exclusively a rearguard action. Without resorting to the usual polemics, what failures of analysis and advice are contributing to these missteps – on both sides? What interests might encourage them? How are security researchers being caught so off-balance? Come victory or despair in the present case, this panel aims to answer the question of whether there is a solution that prevents technology transfer to hostile nations while still enabling free markets, freedom of expression, and freedom of research. Dave Aitel (@daveaitel) is an offensive security expert whose company, Immunity, Inc., consults for major financial institutions, Fortune/Global 500s, etc. At the age of 18, he was recruited by the National Security Agency where he served six years as a “security scientist” at the agency’s headquarters at Fort Meade, Maryland. He then served as a security consultant for @stake before founding Immunity in 2002. Today, Dave’s firm is hired by major companies to try to hack their computer networks - in order to find and fix vulnerabilities that criminal hackers, organized crime and nation-state adversaries could use. Immunity is also a past contractor on DARPA’s cyber weapons project, known as Cyber Fast Track. The company is well-known for developing several advanced hacking tools used by the security industry, such as Swarm, Canvas, Silica, Stalker, Accomplice, Spike, Spike Proxy, Unmask - and, most recently Innuendo, the first US-made nation-grade cyber implant with Flame/Stuxnet-like malware capabilities. Immunity has offices in Florida, D.C., Canada, Italy and Argentina. eWeek Magazine named Dave one of “The 15 Most Influential People in Security.” He is a past keynote speaker at BlackHat and DEF CON. He is a co-author of “The Hacker’s Handbook,” The Shellcoder’s Handbook” and “Beginning Python.” He is also the founder of the prestigious Infiltrate offensive security conference (Businessweek article) and the widely read “Daily Dave Mailing List,” which covers the latest cybersecurity news, research and exploit developments. Twitter: @daveaitel Matt Blaze (@mattblaze) is a professor in the computer science department at the University of Pennsylvania. From 1992 until he joined Penn in 2004, he was a research scientist at AT&T Bell Laboratories. His research focuses on the architecture and design of secure systems based on cryptographic techniques, analysis of secure systems against practical attack models, and on finding new cryptographic primitives and techniques. In 1994, he discovered a serious flaw in the US Government's "Clipper" encryption system, which had been proposed as a mechanism for the public to encrypt their data in a way that would still allow access by law enforcement. He has testified before various committees of the US Congress and European Parliament several times, providing technical perspective on the problems surrounding law enforcement and intelligence access to communications traffic and computer data. He is especially interested in the use of encryption to protect insecure systems such as the Internet. Recently, he has applied cryptologic techniques to other areas, including the analysis of physical security systems; this work yielded a powerful and practical attack against virtually all commonly used master-keyed mechanical locks. Twitter: @mattblaze Nate Cardozo (@ncardozo) is a Staff Attorney with the Electronic Frontier Foundation. He focuses on the intersection of technology, privacy, and free expression. He has defended the rights of anonymous bloggers, sued the United States government for access to improperly classified documents, and lobbied Congress for sensible reform of American surveillance laws. In addition, he works on EFF's Coders’ Rights Project, counseling hackers, academics, and security professionals at all stages of their research. Additionally, Nate manages EFF’s Who Has Your Back? report, which evaluates service providers' protection of user data. Nate has projects involving automotive privacy, speech in schools, government transparency, hardware hacking rights, anonymous speech, public records litigation, and resisting the expansion of the surveillance state. Nate has a B.A. in Anthropology and Politics from the University of California, Santa Cruz and a J.D. from the University of California, Hastings where he has taught legal writing and moot court. Twitter: @ncardozo Jim Denaro (@CipherLaw; moderator) is the founder of CipherLaw, a Washington, D.C.-based intellectual property law firm and focuses his practice on legal and technical issues faced by innovators in information security. He is a frequent speaker and writer on the subject and works in a wide range of technologies, including cryptography, intrusion detection, botnet investigation, and incident response. Jim advises clients on legal issues of particular concern to the information security community, including active defense technologies, government-mandated access (backdoors), export control, exploit development and sales, bug bounty programs, and confidential vulnerability disclosure (Disclosure as a Service). He has a degree in computer engineering and has completed various professional and technical certifications in information security and is engaged in graduate studies in national security at Georgetown University. Before becoming an attorney, Jim spent obscene amounts of time looking at PPC assembly in MacsBug. Twitter: @CipherLaw Mara Tam (@marasawr) is a semi-feral researcher and historian of policy, justice, culture, and security. She has authored, co-authored, and contributed research for technical policy papers in the fields of international security and arms control. After earning a first class degree in art history, Mara’s work supported bilateral negotiations towards peaceful nuclear cooperation between the United States and India. She has been a participant, speaker, and panellist for academic conferences in cultural studies, languages, and history, as well as for strategic programmes like ‘The Intangibles of Security’ initiative convened by NATO and the European Science Foundation. She is currently a doctoral candidate and freelance thinkfluencer. Twitter: @marasawr Catherine “Randy” Wheeler has served as the Director of the Information Technology Controls Division in the Bureau of Industry and Security’s (BIS) Office of National Security and Technology Transfer Controls since June 2006. From July 2011 – July 2012, Ms. Wheeler was detailed to serve as the Acting Chair of the Operating Committee in the Office of the Assistant Secretary for Export Administration, the interagency body that resolves disagreements among reviewing agencies on export license applications. From 1995 through May 2006, Ms. Wheeler was an attorney with the Office of the Chief Counsel for Industry and Security, and served as Senior Counsel for Regulation from 2003 through 2005, advising BIS on regulatory and licensing issues. She previously served as a policy analyst with the Bureau of Export Administration’s Office of Foreign Availability from 1984-1991, and as a policy analyst with the National Telecommunications and Information Administration’s Office of International Affairs from 1981-1983. Ms. Wheeler received a B.A.in International Relations from Carleton College in 1979, an M.S. in Foreign Service from Georgetown University in 1981, and a J.D. from the Georgetown University Law Center in 1993.

ThunderStrike 2: Sith Strike Trammel Hudson Vice President, Two Sigma Investments Xeno Kovah Co-founder, LegbaCore, LLC Corey Kallenberg Co-Founder, LegbaCore, LLC The number of vulnerabilities in firmware disclosed as affecting Wintel PC vendors has been rising over the past few years. Although several attacks have been presented against Mac firmware, unlike their PC counterparts, all of them required physical presence to perform. Interestingly, when contacted with the details of previously disclosed PC firmware attacks, Apple systematically declared themselves not vulnerable. This talk will provide conclusive evidence that Mac's are in fact vulnerable to many of the software only firmware attacks that also affect PC systems. In addition, to emphasize the consequences of successful exploitation of these attack vectors, we will demonstrate the power of the dark side by showing what Mac firmware malware is capable of. Trammell Hudsonenjoys taking things apart and understanding how they work. He presented the Thunderstrike firmware vulnerability at 31C3, created the Magic Lantern firmware for Canon cameras, and teaches classes at the Brooklyn hackerspace NYC Resistor. Twitter: @qrs Web: https://trmm.net/ Xeno Kovah's speciality area is stealth malware and its ability to hide from security software and force security software to lie. To combat such attacks he researches trusted computing systems that can provide much stronger security guarantees than normal COTS. He co-founded LegbaCore in 2014 to help improve security at the foundation of computing systems. He is also the founder and lead contributor to OpenSecurityTraining.info. He has posted 9 full days of class material material on x86 assembly, architecture, binary formats (PE and ELF), and Windows rootkits to OpenSecurityTraining.info. Twitter: @XenoKovah Twitter: @legbacore Corey Kallenberg is a co-founder of LegbaCore, a consultancy focused on evaluating and improving host security at the lowest levels. His specialty areas are trusted computing, vulnerability research and low level development. In particular, Corey has spent several years using his vulnerability research expertise to evaluate limitations in current trusted computing implementations. In addition, he has used his development experience to create and improve upon trusted computing applications. Among these are a timing based attestation agent designed to improve firmware integrity reporting, and an open source Trusted Platform Module driver for Windows. Corey is also an experienced trainer, having created and delivered several technical courses. He is an internationally recognized speaker who has presented at BlackHat USA, DEF CON, CanSecWest, Hack in the Box, NoSuchCon, SyScan, EkoParty and Ruxcon. Twitter: @CoreyKal Twitter: @legbacore

How to Hack a Tesla Model S Marc Rogers Principle Security Researcher for CloudFlare Kevin Mahaffey CTO of Lookout Inc The Tesla Model S is the most connected car in the world. It might surprise you to hear that it is also one of the most secure. In this talk we will walk you through the architecture of a Tesla Model S noting things that Tesla got right as well as identifying those that they got wrong. From this talk you will get an intimate understanding of how the many interconnected systems in a Tesla model S work and most importantly how they can be hacked. You will also get a good understanding of the data that this connected car collects and what Tesla does with this telemetry. We will also be releasing a tool that will enable Tesla Model S owners to view and analyse that telemetry in real time. Finally we will also be releasing several 0day vulnerabilities that will allow you to hack a Tesla Model S yourself - both locally and remotely. Note - only one of the 6 vulnerabilities we will discuss and release has been fixed. Disclaimer: With great access comes great responsibility - In other words we are not responsible for any Tesla Model S bricked by over enthusiastic attendees of this talk :) Marc Rogers aka Cyberjunky has been a prominent member of the hacking scene since the 80’s. Some of his most notable achievements are co-founding the notorious British hacker group, “The Agents of a Hostile Power” and his role in creating and appearing in the award winning BBC TV series “The Real Hustle”. Marc’s professional career spans more than twenty years, including a decade managing security for the UK operator Vodafone. Marc is currently the principal security researcher for web optimization and security company “CloudFlare. As well as his work in the infosec and telecoms industries, Marc has also been a CISO in South Korea and co-founder of a disruptive Bay Area start-up. Some of Marc’s notable recent hacks include Google Glass, Apple TouchID and most recently the Tesla Model S. Kevin is an entrepreneur and technologist with a background in mobile and web technology, security, and privacy. He is the CTO of Lookout, a company dedicated making the world a safer place as it becomes more connected, starting with smartphones and tablets. He co-founded Lookout in 2007 and is responsible for driving Lookout’s technology to protect people from current and future threats while keeping the product simple and easy to use. He started building software when he was 8 years old and it has been a love affair ever since. Kevin is a frequent speaker on security, privacy, mobile, and other topics.

Materials Available Here:https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Topher-Timzen-Ryan-Allen-Hijacking-Arbitrary-NET-Application-Control-Flow-UPDATED.pdf Whitepaper here: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Topher-Timzen-Ryan-Allen-Hijacking-Arbitrary-NET-Application-Control-Flow-WP.pdf Additional Materials: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Topher-Timzen-Acquiring-NET-Objects-From-The-Managed-Heap.pdf Hijacking Arbitrary .NET Application Control Flow Topher Timzen Security Researcher - Intel White paper available here: https://media.defcon.org/DEF CON 23/DEF CON 23 presentations/Topher Timzen & Ryan Allen - UPDATED/DEFCON-23-Topher-Timzen-Ryan-Allen-Hijacking-Arbitrary-NET-Application-Control-Flow-WP.pdf This speech will demonstrate attacking .NET applications at runtime. I will show how to modify running applications with advanced .NET and assembly level attacks that alter the control flow of any .NET application. New attack techniques and tools will be released to allow penetration testers and attackers to carry out advanced post exploitation attacks. This presentation gives an overview of how to use these tools in a real attack sequence and gives a view into the .NET hacker space. Topher Timzen has had a research emphasis on reverse engineering malware, incident response and exploit development. He has instructed college courses in malware analysis and memory forensics while managing a cybersecurity research lab. Focusing on .NET memory hijacking, he has produced tools that allow for new post exploitation attack sequences. Topher is currently a Security Researcher at Intel. Twitter: @TTimzen

Materials Available here: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-John-Seymour-Quantum-Classification-of-Malware-UPDATED.pdf Whitepaper here: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-John-Seymour-Quantum-Classification-of-Malware-WP-UPDATED.pdf "Quantum" Classification of Malware John Seymour Ph.D. student, University of Maryland, Baltimore County Quantum computation has recently become an important area for security research, with its applications to factoring large numbers and secure communication. In practice, only one company (D-Wave) has claimed to create a quantum computer which can solve relatively hard problems, and that claim has been met with much skepticism. Regardless of whether it is using quantum effects for computation or not, the D-Wave architecture cannot run the standard quantum algorithms, such as Grover’s and Shor’s. The D-Wave architecture is instead purported to be useful for machine learning and for heuristically solving NP-Complete problems. We'll show why the D-Wave and the machine learning problem for malware classification seem especially suited for each other. We also explain how to translate the classification problem for malicious executables into an optimization problem which a D-Wave machine can solve. Specifically, using a 512-qubit D-Wave Two processor, we show that a minimalist malware classifier, with cross-validation accuracy comparable to standard machine learning algorithms, can be created. However, even such a minimalist classifier incurs a surprising level of overhead. John Seymour is a Ph.D. student at the University of Maryland, Baltimore County, where he performs research at the intersection of machine learning and information security. He's mostly interested in avoiding and helping others avoid some of the major pitfalls in machine learning, especially in dataset preparation (seriously, do people still use malware datasets from 1998?) In 2014, he completed his Master’s thesis on the subject of quantum computation applied to malware analysis. He currently works at CyberPoint International, a company which performs network and host-based machine learning, located in Baltimore, MD.

Materials Available here:https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Marina-Krotofil-Jason-Larsen-Rocking-the-Pocketbook-Hacking-Chemical-Plants-UPDATED.pdf Whitepaper here: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Marina-Krotofil-Jason-Larsen-Rocking-the-Pocketbook-Hacking-Chemical-Plants-WP-UPDATED.pdf Rocking the Pocket Book: Hacking Chemical Plant for Competition and Extortion Marina Krotofil Senior Security Consultant. European Network for Cyber Security Jason Larsen Principal Security Consultant, IOActive The appeal of hacking a physical process is dreaming about physical damage attacks lighting up the sky in a shower of goodness. Let’s face it, after such elite hacking action nobody is going to let one present it even at a conference like DEF CON. As a poor substitute, this presentation will get as close as using a simulated plant for Vinyl Acetate production for demonstrating a complete attack, from start to end, directed at persistent economic damage to a production site while avoiding attribution of production loss to a cyber-event. Such an attack scenario could be useful to a manufacturer aiming at putting competitors out of business or as a strong argument in an extortion attack. Picking up a paper these days it’s easy to find an article on all the “SCADA insecurity” out there associated with an unstoppable attacker with unsophisticated goal of kicking up another apocalypse. Sorry to disappoint excited crowd but formula “Your wish is my command” does not work for control systems. The target plant is not designed in a hacker friendly way. Hopefully by the end of the presentation, the audience will understand the difference between breaking into the system and breaking the system, obtaining control and being in control. An attacker targeting a remote process is not immediately gifted with complete knowledge of the process and the means to manipulate it. In general, an attacker follows a series of stages before getting to the final attack. Designing an attack scenario is a matter of art as much as economic consideration. The cost of attack can quickly exceed damage worth. Also, the attacker has to find the way to compare between competing attack scenarios. In traditional IT hacking, a goal is to go undetected. In OT (operational technologies) hacking this is not an option. An attack will change things in the real world that cannot be removed by simply erasing the log files. If a piece of equipment is damaged or if a plant suddenly becomes less profitable, it will be investigated. The attacker has to create forensic footprint for investigators by manipulating the process and the logs in such a way that the analysts draw the wrong conclusions. Exploiting physical process is an exotic and hard to develop skill which have so far kept a high barrier to entry. Therefore real-world control system exploitation has remained in the hands of a few. To help the community mastering new skills we have developed „Damn Vulnerable Chemical Process“ – first open source framework for cyber-physical experimentation based on two realistic models of chemical plants. Come to the session and take your first master class on complex physical hacking. Marina is Senior Security Consultant at European Network for Cyber Security. Through her life she has accumulated vast hands-on experience in several engineering fields. Most recently she completed her doctoral degree in ICS security at Hamburg University of Technology, Germany. Her research over the last few years has been focused on the bits and peac.hes of the design and implementation of cyber-physical attacks aiming at both physical and economic damage. Marina used her pioneering destructive knowledge for designing process-aware defensive solutions and risk assessment approaches. During her PhD she collaborated with several industrial partners, participated in EU projects and collaborated with cool dudes from the hacking community. She has written more than a dozen papers on the subject of cyber-physical exploitation. Marina gives workshops on cyber-physical exploitation and is a frequent speaker at the leading ICS security and hacking venues around the world. She holds MBA in Technology Management, MSc in Telecommunications and MSc in Information and Communication Systems. Jason Larsen is a professional hacker that specializes in critical infrastructure and process control systems. Over the last several years he has been doing focused research into remote physical damage. Jason graduated from Idaho State University where he worked doing Monte Carlo and pharmacokinetic modeling for Boron-Neutron Capture Therapy. He was one of the founding members of the Cyber-Security department at the Idaho National Labs, which hosts the ICS -CERT and the National SCADA Tested .Jason has audited most of the major process control and SCADA systems as well as having extensive experience doing penetration tests against live systems. His other activities include two years on the Window 7 penetration testing team, designing the anti-malware system for a very large auction site, and building anonymous relay networks. He is currently a Principle Security Consultant for IOActive in Seattle.

Materials Available here:https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Phil-Polstra-Hacker-in-the-Wires.pdf Extras here: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Phil-Polstra-Extras.rar Hacker in the Wires Dr. Phil Polstra Professor, Bloomsburg University Additional Materials available here: https://media.defcon.org/DEF CON 23/DEF CON 23 presentations/Phil Polstra/Extras/ This talk will show attendees how to use a small ARM-based computer that is connected inline to a wired network for penetration testing. The computer is running a full-featured penetration testing Linux distro. Data may be exfiltrated using the network or via a ZigBee mesh network or GSM modem. The device discussed in this talk is easily integrated into a powerful penetration test that is performed with an army of ARM-based small computer systems connected by XBee or ZigBee mesh networking. Some familiarity with Linux and penetration testing would be helpful, but not required. Phil was born at an early age. He cleaned out his savings at age 8 in order to buy a TI99-4A computer for the sum of $450. Two years later he learned 6502 assembly and has been hacking computers and electronics ever since. Dr. Phil currently works as a professor at Bloomsburg University of Pennsylvania. His research focus over the last few years has been on the use of microcontrollers and small embedded computers for forensics and pentesting. Phil has developed a custom pentesting Linux distro and related hardware to allow an inexpensive army of remote pentesting drones to be built using the BeagleBone Black computer boards. This work is described in detail in Phil's book "Hacking and Penetration Testing With Low Power Devices" (Syngress, 2015). Prior to entering academia, Phil held several high level positions at well-known US companies. He holds a couple of the usual certs one might expect for someone in his position. When not working, he likes to spend time with his family, fly, hack electronics, and has been known to build airplanes. Twitter: @ppolstra http://facebook.com/ppolstra

Remote Exploitation of an Unaltered Passenger Vehicle Charlie Miller Security engineer at Twitter Chris Valasek Director of Vehicle Security Research at IOActive Although the hacking of automobiles is a topic often discussed, details regarding successful attacks, if ever made public, are non-comprehensive at best. The ambiguous nature of automotive security leads to narratives that are polar opposites: either we’re all going to die or our cars are perfectly safe. In this talk, we will show the reality of car hacking by demonstrating exactly how a remote attack works against an unaltered, factory vehicle. Starting with remote exploitation, we will show how to pivot through different pieces of the vehicle’s hardware in order to be able to send messages on the CAN bus to critical electronic control units. We will conclude by showing several CAN messages that affect physical systems of the vehicle. By chaining these elements together, we will demonstrate the reality and limitations of remote car attacks. Charlie Miller is a security engineer at Twitter, a hacker, and a gentleman. Back when he still had time to research, he was the first with a public remote exploit for both the iPhone and the G1 Android phone. He is a four time winner of the CanSecWest Pwn2Own competition. He has authored three information security books and holds a PhD from the University of Notre Dame. He has hacked browsers, phones, cars, and batteries. Charlie spends his free time trying to get back together with Apple, but sadly they still list their relationship status as "It's complicated". Twitter: @0xcharlie Christopher Valasek is the Director of Vehicle Security Research at IOActive, an industry leader in comprehensive computer security services. Valasek specializes in offensive research methodologies with a focus in reverse engineering and exploitation. Valasek is known for his extensive research in the automotive field and his exploitation and reverse engineering of Windows. Valasek is also the Chairman of SummerCon, the nation's oldest hacker conference. He holds a B.S. in Computer Science from the University of Pittsburgh. Twitter: @nudehaberdasher

Materials Available Here; https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-ammonRA-How-to-hack-your-way-out-of-home-detention-UPDATED.pdf How to hack your way out of home detention AmmonRa Security Researcher Home detention and criminal tracking systems are used in hostile environments, and because of this, the designers of these trackers incorporate a range of anti-removal and tamper detection features. Software security, however, is an area on which less focus is placed. This talk will cover practical attacks against home detention tracking systems, with a focus on software security. Intercepting and modifying tracking information sent from the device in order to spoof the tracker’s location will be demonstrated. General information about how home detention tracking systems operate will be discussed, including the differences between older proximity based systems which used landlines, and newer models which use GPS and cellular networks. Topics will include how to (legally) get hold of and test a real world device, and how to use cheap software defined radios to spoof GSM cell towers. Focus will be on the details of how one particular device is constructed, how it operates and the vulnerabilities it was found to contain. How these vulnerabilities can be exploited and the challenges of doing so in the wild will also be covered. AmmonRa is a former dev who now works in infosec as a pentester. Both at work and in his spare time AmmonRa hacks things. As well as hacking computers, AmmonRa is a DIY cyborg, designing and implanting in himself a range of devices, including NFC/RFID chips, biometric sensors and subdermal lights. Twitter: @amm0nra

Materials Available here: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Joshua-Smith-High-Def-Fuzzing-Exploitation-Over-HDMI-CEC-UPDATED.pdf High-Def Fuzzing: Exploring Vulnerabilities in HDMI-CEC Joshua Smith Senior Security Researcher, HP Zero Day Initiative The HDMI (High Definition Multimedia Interface) standard has gained extensive market penetration. Nearly every piece of modern home theater equipment has HDMI support and most modern mobile devices actually have HDMI-capable outputs, though it may not be obvious. Lurking inside most modern HDMI-compatible devices is something called HDMI-CEC, or Consumer Electronics Control. This is the functionality that allows a media device to, for example, turn on your TV and change the TV’s input. That doesn’t sound interesting, but as we'll see in this presentation, there are some very surprising things an attacker can do by exploiting CEC software implementations. Then there's something called HEC or HDMI Ethernet Connection, which allows devices to establish an Ethernet connection of up to 100Mbit/s over their HDMI connections (newer HDMI standards raise the speed to 1Gbit/s). Don't think your mobile phone implements CEC? You might be wrong. Most modern Android-based phones and tablets have a Slimport(r) connection that supports HDMI-CEC. Ever heard of MHL (Mobile High-Definition Link)? Think Samsung and HTC (among other) mobile devices, and many JVC, Kenwood, Panasonic, and Sony car stereos – as many as 750 million devices in the world so far. Guess what? MHL supports HDMI-CEC as well. Let's explore, and own, this attack space. Kernelsmith is senior vulnerability researcher with Hewlett-Packard Security Research (HPSR). In this role, he analyzes and performs root-cause analysis on hundreds of vulnerabilities submitted to the Zero-Day Initiative (ZDI) program, which represents the world’s largest vendor-agnostic bug bounty program. His focus includes analyzing and performing root-cause analysis on hundreds of zero-day vulnerabilities submitted by ZDI researchers from around the world. Joshua is also a developer for the Metasploit Framework and has spoken at a few conferences and holds a few certifications. Prior to joining HP, Smith served in the U.S. Air Force in various roles including as an Intercontinental Ballistic Missile (ICBM) Crew Commander and Instructor, but more relevantly as a penetration tester for the 92d Information Warfare Aggressor Squadron. Post-military, he became a security engineer at the John Hopkins University Applied Physics Lab, where he began contributing to the Metasploit Framework. Smith performed research into weapons systems vulnerabilities as well as evasion and obfuscation techniques to add depth and realism to security device tests. Smith received a B.S. in Aeronautical Engineering from Rensselaer Polytechnic Institute and an M.A. in Management of Information Systems from the University of Great Falls. Smith was drawn to ZDI for the chance to work with a world-wide network of security researchers while continuing his own vulnerability research. When not researching software vulnerabilities, Josh enjoys raising his two young hackers-to-be and watching sci-fi since he can't play sports anymore (there's no tread left on his knees). Twitter: @kernelsmith, @thezdi

Materials Available here: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Colin-O%27Flynn-Dont-Whisper-My-Chips.pdf Don't Whisper my Chips: Sidechannel and Glitching for Fun and Profit Colin O'Flynn Dalhousie University If you thought the security practices of regular software was bad, just wait until you start learning about the security of embedded hardware systems. Recent open-source hardware tools have made this field accessible to a wider range of researchers, and this presentation will show you how to perform these attacks for equipment costing $200. Attacks against a variety of real systems will be presented: AES-256 bootloaders, internet of things devices, hardware crypto tokens, and more. All of the attacks can be replicated by the attendees, using either their own tools if such equipped (such as oscilloscopes and pulse generators), the open-hardware ChipWhisperer-Lite, or an FPGA board of their own design. The hands-on nature of this talk is designed to introduce you to the field, and give you the confidence to pick up some online tutorials or books and work through them. Even if you've never tried hardware hacking before, the availability of open-source hardware makes it possible to follow published tutorials and learn all about side-channel power analysis and glitching attacks for yourself. Colin O'Flynn has been working with security on embedded systems for several years. He has designed the open-source ChipWhisperer project which won 2nd place in the 2014 Hackaday Prize, and developed an even lower-cost version called the ChipWhisperer-Lite, which was the focus of a Kickstarter in 2015. Twitter: @colinoflynn

Materials Available here:https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-David-Mortman-Docker-UPDATED.pdf Docker, Docker, Give Me The News, I Got A Bad Case Of Securing You David Mortman Chief Security, Architect & Distinguished Engineer, Dell Software Docker is all the rage these days. Everyone is talking about it and investing in it, from startups to enterprises and everything in between. But is it secure? What are the costs and benefits of using it? Is this just a huge risk or a huge opportunity? There's a while lot of ranting and raving going on, but not nearly enough rational discourse. I'll cover the risks and rewards of using Docker and similar technologies such as AppC as well as discuss the larger implications of using orchestration systems like Mesos or Kubernetes. This talk will cover the deep technical issues to be concerned about as well as the pragmatic realities of the real world. David Mortman is the Chief Security Architect and Distinguished Engineer at Dell Software and is a Contributing Analyst at Securosis. Before Dell, he ran operations and security for C3. Formerly the Chief Information Security Officer for Siebel Systems, Inc., Previously, Mr. Mortman was Manager of IT Security at Network Associates. Mr. Mortman has also been a regular panelist and speaker at RSA, Blackhat, DEF CON and BruCon as well. Mr.Mortman sits on a variety of advisoryboards including Qualys, Lookout and Risk I/O. He holds a BS in Chemistry from the University of Chicago. David writes for Securosis, Emergent Chaos and the New School blogs.

Materials Available here: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Ken-Westin-Confessions-of-a-Cyberstalker.pdf Confessions of a Professional Cyber Stalker Ken Westin Sr. Security Analyst with Tripwire Inc. For several years I developed and utilized various technologies and methods to track criminals leading to at least two dozen convictions. In the process of recovering stolen devices, larger crimes would be uncovered including drugs, theft rings, stolen cars, even a violent car jacking. Much of the evidence in these cases would be collected by stolen devices themselves, such as network information, photos captured from laptops and cell phones, but often times there was additional data that would need to be gathered for a conviction. In this presentation I will walk through actual real cases and discuss in depth the technologies used and additional processes I went through utilizing open source data and other methods to target criminals. I will also discuss how these same tools and methods can be used against the innocent and steps users and developers can take to better protect privacy. In this presentation here are a few examples of cases I worked on which I will reveal details of: How a theft ring targeting Portland, Oregon schools was unveiled leading to multiple convictions How I tracked and recovered $9K worth of stolen camera equipment sold multiple times a year after it was stolen based on data extracted from images online How mobile phones stolen from a wireless store were tracked leading to the arrest of a theft ring, leading to the conviction of six people and the recovery of a stolen car Embedding of custom designed trojan for thermal imaging devices for theft tracking and export controls Tracking of a stolen flash drive to a university computer lab and correlation of security camera and student access ID cards Tracking a stolen laptop across state lines and how I gathered mountains of evidence in another theft ring case Several other cases…. Ken is a security analyst and "creative technologist" with 15 years experience building and breaking things through the use/misuse of technology. His technology exploits and endeavors have been featured in Forbes, Good Morning America, Dateline, the New York Times and others. He has worked with law enforcement and journalists utilizing various technologies to unveil organized crime rings, recover stolen cars, even a car jacking amongst other crimes.

Materials Available here:https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Ballenthin-Graeber-Teodorescu-WMI-Attacks-Defense-Forensics.pdf WhyMI so Sexy? WMI Attacks, Real-Time Defense, and Advanced Forensic Analysis Matt Graeber Reverse Engineer, FireEye Inc. Willi Ballenthin Reverse Engineer, FireEye Inc. Claudiu Teodorescu Reverse Engineer, FireEye Inc. Windows Management Instrumentation (WMI) is a remote management framework that enables the collection of host information, execution of code, and provides an eventing system that can respond to operating system events in real time. FireEye has recently seen a surge in attacker use of WMI to carry out objectives such as system reconnaissance, remote code execution, persistence, lateral movement, covert data storage, and VM detection. Defenders and forensic analysts have largely remained unaware of the value of WMI due to its relative obscurity and completely undocumented file format. After extensive reverse engineering, our team has documented the WMI repository file format in detail, developed libraries to parse it, and formed a methodology for finding evil in the repository. In this talk, we will take a deep dive into the architecture of WMI, reveal a case study in attacker use of WMI in the wild, describe WMI attack mitigation strategies, show how to mine its repository for forensic artifacts, and demonstrate how to detect attacker activity in real-time by tapping into the WMI eventing system. By the end of this talk, we will have convinced the audience that WMI is a valuable asset not just for system administrators and attackers, but equally so for defenders and forensic analysts. Matt Graeber is a reverse engineer in the FireEye Labs Advanced Reverse Engineering (FLARE) team with a varied background in reverse engineering, red teaming, and offensive tool development. Since joining FireEye, Matt has reversed a vast quantity of targeted and commodity malware samples and served as an instructor of Mandiant's Advanced Malware Analysis course. Matt is the author of various PowerShell modules used for pentesting and reverse engineering including PowerSploit and PowerShellArsenal. He has also been designated a Microsoft "Most Valuable Professional" in PowerShell. Twitter: @mattifestation Willi Ballenthin is a reverse engineer in the FLARE team who specializes in incident response and computer forensics. He can typically be found investigating intrusions at Fortune 500 companies and enjoys reverse engineering malware, developing forensic techniques, and exploring the cutting edge. Willi is the author of a number of cross-platform Python libraries including python-registry, python-evtx, and INDXParse.py. Twitter: @williballenthin Claudiu Teodorescu is a reverse engineer in the FLARE team. Prior to joining FireEye, Claudiu worked for Guidance Software, writing forensic parsers for different file formats to support the EnCase forensic tool. Also, as the Cryptographic Officer of the company, he supported EnCase integration with different disk/volume/file based encryption products including Bitlocker, McAfee EEPC, Checkpoint FDE, Symantec EEPC, etc.

Materials Available here: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Weston-Hecker-Goodbye-Memory-Scraping-Malware.pdf Goodbye Memory Scraping Malware: Hold Out Till "Chip And Pin” Weston Hecker SR Pentester, Sr Systems Security Analyst at "KLJ Security” Proof of concept for stopping credit card theft in memory skimming operations . Alternative methods of stopping credit card skimming I am leading project on Free Open Source software that attacks POS skimming malware. Launching platform and concept for stores to not be low hanging fruit In effect making it no longer possible to sell credit card numbers from skim breaches. Better collection of forensic data with cannery features (such as putting flagged card into memory so if it is skimmed it will be flagged at processor and catch the breaches much faster)Injects 1-500 false random CC numbers for every one legitimate CC number that is entered. In effect making stolen credit card batches harder to sell. I will go in detail of how criminals Steal and sell credit cards at this time. This is a software for making credit cards numbers harder to steal in the methods that have been happening in larger breaches Target, Home Depot. 10 Years Pen-testing, 11 years security research and programming experience. Working for a security Company in the Midwest, Weston has recently Spoken at DEF CON 22 and over 40 other speaking engagements from telecom regional events to Universitys on security subject matter. Working with A major University's research project with Department of Homeland Security on 911 emergency systems and attack mitigation. Attended school in Minneapolis Minnesota. Computer Science and Geophysics. Co-Author of "SkimBad" Anti-malware framework Found several vulnerability's in very popular software and firmware. Including Microsoft, Qualcomm, Samsung, HTC, Verizon.

Materials Available here: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Marte-L0ge-I-will-Tell-you-your-Lock-Pattern-UPDATED.pdf Tell me who you are and I will tell you your lock pattern Marte Løge Security Researcher You are predictable. Your passwords are predictable, and so are your PINs. This fact is being used by the hackers, as well as the agencies watching you. But what about your Android lock patterns? Can who you are reveal what patterns you create? This presentation will present the result from an analysis of 3400 user-selected patterns. The interesting part is that we collected additional information about the respondents, not just the patterns themselves. Will being left-handed and having experience with security affect the way you create your lock patterns? There are 389,112 possible patterns. Your full device encryption won't save you if your lock pattern is L - as in "looser". Marte has just finished her master degree in computer science at the Norwegian University of Technology and Science (...NUTS

Materials Available here:https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Bart-Kulach-Hack-the-Legacy-IBMi-revealed.pdf Hack the Legacy! IBM i (aka AS/400) Revealed. Bart Kulach (Bartlomiej Jakub Kulach) Security Researcher Have you ever heard about the famous "green screen"? No, it's not a screensaver... Believe me, it still does exist! In many industries, although the front-end systems are all new and shiny, in the back-end they still rely on well-known, proven IBM i (aka AS/400) technology for their back-office, core systems. Surprisingly, nobody truly seems to care about the security. Even if these nice IBM heavy black boxes are directly connected to the Internet... The aim of the talk is to give you more insight in a number of techniques for performing a security test of / securing an IBM i system from perspective of an external and internal intruder. Methods like privilege escalation by nested user switching, getting full system access via JDBC or bypassing the "green screen" (5250) limitations will be presented. Last but not least: I will also show a undocumented output format of the built-in password transfer API, giving you direct access to all password hashes. Even IBM engineers may wonder... Bart Kulach: Aged 31, with 14 years of work experience within IT security, risk management and IT operations. Security specialist and experienced supervisor for IT audits, CISA, CISM. Working currently for NN Group in the Netherlands as coordinator for IT audits within Investment and Insurance business units in Europe and Asia. The past 7 years he held various security and risk management related positions. Focused on security of IBM i (aka AS/400, iSeries), website security as well as lean IT processes and architecture. Facebook: (bart.kulach)

Materials Available here:https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Daniel-Crowley-Damon-Smith-Bugged-Files.pdf Bugged Files: Is Your Document Telling on You? Daniel “unicornFurnace” Crowley Security Consultant, NCC Group Damon Smith Associate Security Consultant, NCC Group Certain file formats, like Microsoft Word and PDF, are known to have features that allow for outbound requests to be made when the file opens. Other file formats allow for similar interactions but are not well-known for allowing such functionality. In this talk, we explore various file formats and their ability to make outbound requests, as well as what that means from a security and privacy perspective. Most interestingly, these techniques are not built on mistakes, but intentional design decisions, meaning that they will not be fixed as bugs. From data loss prevention to de-anonymization to request forgery to NTLM credential capture, this presentation will explore what it means to have files that communicate to various endpoints when opened. Daniel (aka "unicornFurnace") is a Security Consultant for NCC Group. Daniel denies all allegations regarding unicorn smuggling and questions your character for even suggesting it. Daniel has developed configurable testbeds such as SQLol and XMLmao for training and research regarding specific vulnerabilities. Daniel enjoys climbing large rocks. Daniel has been working in the information security industry since 2004 and is a frequent speaker at conferences including Black Hat, DEF CON, Shmoocon, and SOURCE. Daniel does his own charcuterie. Daniel also holds the title of Baron in the micronation of Sealand. Damon Smith is an Associate Security Engineer with NCC Group, an information security firm specializing in application, network, and mobile security. Damon specializes in web application assessments, embedded device/point of sale assessments, network penetration testing, and mobile testing. Damon graduated with a BS is Computer Science from the University of Texas, with a focus on Information Security. He has experience working as an IT consultant in the legal and retail industries and further as a security consultant focusing on application assessments.

Materials Available here: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Wesley-McGrew-I-Hunt-Penetration-Testers.pdf I Hunt Penetration Testers: More Weaknesses in Tools and Procedures Wesley McGrew Assistant Research Professor Distributed Analytics and Security Institute, Mississippi State University When we lack the capability to understand our tools, we operate at the mercy of those that do. Penetration testers make excellent targets for bad actors, as the average tester’s awareness and understanding of the potential risks and vulnerabilities in their tools and processes is low, and the value of the information they gather and gain access to among their client base is very high. As demonstrated by Wesley’s DEF CON 21 talk on vulnerabilities in penetration testing devices, and last year’s compromise of WiFi Pineapple devices, the tools of offensive security professionals often represent a soft target. In this talk, operational security issues facing penetration testers will be discussed, including communication and data security (not just “bugs”), which impact both testers and clients. A classification system for illustrating the risks of various tools is presented, and vulnerabilities in specific hardware and software use cases are presented. Recommendations are made for improving penetration testing practices and training. This talk is intended to be valuable to penetration testers wanting to protect themselves and their clients, and for those who are interesting in profiling weaknesses of opposing forces that may use similar tools and techniques. Wesley McGrew (@McGrewSecurity) is an assistant research professor at Mississippi State University's Distributed Analytics and Security Institute. At DASI, he is involved in malware and vulnerability research. In the spring 2013 semester, he began teaching a self-designed course on reverse engineering to students at MSU, using real-world, high-profile malware samples, as part of gaining NSA CAE Cyber Ops certification for MSU. Wesley has presented at Black Hat USA and DEF CON on forensics, malware, and penetration testing topics, and is the author of security and forensics tools that he publishes through his personal/consultancy website, McGrewSecurity.com. Twitter: @mcgrewsecurity

Hardware and Trust Security: Explain it like I’m 5 Teddy Reed Security Engineer Facebook Nick Anderson Research Scientist There are a lot of presentations and suggestions that indicate HSMs, TrustZone, AMT, TrEE, SecureBoot, Attestation, TPMs, IOMMU, DRTM, etc. are silver bullets. What does it all mean, should we be afraid, excited, hopeful? Hardware-based security features are not the end of the world, nor its savior, but they can be fun and useful. Although these technologies are vulnerability research targets, their trust concepts can be used to build secure software and devices. This primer covers practical defensive uses of existing and upcoming hardware security and mobile trust technologies. We will overview the strengths, pitfalls, gotchas of these esoteric acronyms; and explain the capabilities of related features built into consumer and enterprise laptops, mobile, and embedded devices. Let’s take a tour around the wild world of hardware and trust security! Teddy is a Security Engineer at Facebook developing production security tools. He is very passionate about trustworthy, safe, and secure code development. He loves open source and collaborative engineering when scale, resiliency, and performance enable defensive and protective software design. Teddy has published at security conferences on trusted computing, hardware trusted systems, UAVs, botnet development, human performance engineering, competition game theory, biometric vulnerabilities, and PaaS API vulnerabilities. Nick Anderson is a research scientist at a US super serious secret laboratory. When Nick is not fighting cyber warriors in the cyber threatscape in his cyber career, he is actively engaged in malware research and enjoys failing at web development. Nick received his masters degree from NYU Polytechnic School of Engineering after completing his bachelors degree in Mathematics from the University of Wyoming.