8:00 AM
Friday
Reg Open |
9:15 AM
Friday |
Opening Remarks |
| Information about what all ya'll Jawn are about to experience! |
Russell Handorf |
10:00 AM
Friday |
Keynote |
| A moment of reflection. |
Heidi Potter |
11:00 AM
Friday |
Resurrecting COCOTs, or: How We Decided to Stop Worrying and Save Tons of Payphones |
Almost all payphones that are still installed today are COCOTs, Customer-owned coin-operated telephones, that are owned by private organizations not affiliated with "the phone company." COCOTs are the black sheep of the payphone world, often dismissed and discarded by enthusiasts because of their "outsider" status and difficulty to configure and program. As more COCOTs enter the second-hand market, those who buy a payphone of their very own often get saddled with hardware they ultimately can't or won't use... but not anymore.
Join us as we discuss the current state of COCOTs, both taking the pulse of COCOTs in North America via a home-grown tool that actively monitors activity/usage from the thousands of payphones we know about, and the two-year journey to not only figure out how to program our "Protel" COCOTs but also set up a free-to-use programming line that others can use to quickly make their payphones usable again or bootstrap their own telephone collectives. |
Mike Dank
Naveen Albert |
12:00 PM
Friday
Lunch Break |
1:00 PM
Friday |
Reviving AOL Instant Messenger |
AIM (AOL Instant Messenger) was shut down in 2017, after 20 years of service. At its peak, it served over 36,000,000. It was a cultural icon among teenagers and young adults.
Some "revival" services sprang up from the ashes of AIM's demise. They made the defunct AIM clients work again, allowing a small community of AIM enthusiasts to relive the glory days of instant messaging. Unfortunately, none of the operators were willing to open the source code for their reverse-engineered servers.
Flash forward several years. A software engineer and former teenager who used to live on AIM thought it would be fun to poke into AIM's internals. After stumbling on to a treasure trove of reverse engineered AIM protocol documentation from decades past, he decided to implement his own open source AIM server aptly named Retro AIM Server.
This talk discusses the origins and motivations of Retro AIM server, dives into the internals of the OSCAR protocol and server implementation, and talks about the challenges of building community around an open source project. |
Mike "mk6i" |
2:00 PM
Friday |
Women in Cybersecurity: Our Rise, Fall, and Return by the Numbers |
| Once upon a time, women were a rising force in tech. But now you look around, and there are few to be found. It wasn't always a KOTH CTF IRL. In this talk we explore the roots of the prevalent and important question, "What's it like being a woman in cybersecurity?" and how we can all work together to support more inclusive spaces. |
Moderator
Jellyphish
Panelists
Kelly Ohlert
Ayliffe Brown
muteki |
3:00 PM
Friday |
A Strange Tour of North Korea with Red Star OS |
Ever wonder what Linux is like outside of the normal distros?
in 2015, Chaos Computer Club did that at CCC32, where they demonstrated
and dove into a very unique distro: Red Star OS, the Linux distro made
in North Korea and tightly controlled by the government.
It's been a while, so now LambdaCalculus is going to dive into Red Star
OS and show us all what's under the hood, how it can be cracked, and while
he's at it, also demonstrate Red Star running on bare metal! There will be
packet sniffing, compiling of code, and of course, running DOOM on it! |
Robert "LambdaCalculus" Menes |
4:00 PM
Friday |
The Top 5 Defensive Measures of 2024 (according to the insurance industry) |
| In the past cyber insurance was a major driving factor in the adoption of multifactor authentication. Learn what defensive measures the insurance industry is focusing on today by looking at the models they use to assess risk. See what directions the insurance industry might take in the future. |
Amanda Draeger |
5:00 PM
Close for day |
8:00 AM
Saturday
Reg Open |
9:00 AM
Saturday |
Developing Highly Evasive Malware: Techniques for Bypassing Modern AV and EDR Solutions |
This talk will explore advanced malware development techniques, specifically designed for use in red team engagements. I will share my experience in creating a shellcode-loader that successfully evades detection from most modern antivirus (AV) and endpoint detection and response (EDR) systems. The presentation will cover several key techniques for developing tools such as API hashing, process injection, syscall manipulation, and payload encryption, offering several different methods for each technique to achieve operational stealth. Attendees will gain a thorough understanding of the implications of these techniques, along with strategies for detecting and mitigating these threats.
The presentation will also briefly touch on several topics necessary to demystify the complexities of creating highly-evasive programs such as Windows internals, and use of undocumented Native APIs (NTAPIs). |
Max Covey |
10:00 AM
Saturday |
Leveraging the Adversarial Mindset to Become a Better Cybersecurity Professional |
| The adversarial mindset is an approach to security characterized by a focus on potential adversaries and their capabilities. It involves actively considering the perspectives, strategies, and actions of others who may be working against our interests or objectives and leveraging them to better protect the networks and data we are responsible for protecting. |
Kai Pfiester |
11:00 AM
Saturday |
A Pebble Down the Well: Network Exploration |
|
This short presentation digs into the past, present, and future of network exploration; from the telephone system to virtual overlay IP networks and everything in between.
|
HD Moore |
11:30 AM
Saturday |
Exploring Entities within a Threat Detection System |
An entity is a jawn. If we know what entities are present in a system, we can use their behavior and interactions to describe the system. Each entity can perform actions, or have actions performed against it, and are distinct and independent things.
Codifying our knowledge about an entity within a technical system — such as a search engine, online workspace, or threat detection system — we can explore a number of knowledge groups:
- Properties of the entity
- Existence within the system
- Behavior or actions taken by the entity
- Relationships to other entities
- Aggregate or emergent characteristics of the entity as a whole.
While this contains a huge swath of possibilities, we can build our understanding of these characteristics from the ground up and help know what level of information you might actually need for understanding your system. |
Mike Moran |
12:00 PM
Saturday
Lunch Break |
1:00 PM
Saturday |
Industry Hot Takes: Audience Choice Edition |
| In our ever changing industry, there is always a new term, a new topic, or a new technology, and with it, comes opinions. See some of your opinionated faves draw your topic submissions at random and give their unadulterated, unmoderated, no holds barred thoughts and opinions, how spicy can we get? |
Moderator
GuardianCosmos
Panelists
Bruce Potter (gdead)
Matt Mahler
Josh Marpet (quadling) |
2:00 PM
Saturday |
WarDriving: A Brief History Through Today |
| A brief history of WarDriving; From its name giver through their effort of work into a West Coast and East Coast perspective into the beginning of the stats through gamification and the current state of who what and where. |
BusySignal |
3:00 PM
Saturday |
Tales From the Crypt...Analyst: The After Life |
| The speaker began his career in InfoSec at the National Security Agency first as a Cryptologist, designing and fielding the first software-based cryptosystem ever produced by NSA, and later becoming the primary architect of the first NSA Red Team. He has shared his NSA story in a series of talks, "Tales from the Crypt...Analyst" and "MORE Tales From the Crypt...Analyst". This talk is the third installment in his story and features the transition from NSA to the private sector in the early days of Information Security consulting. He will recount stories from the days of trying to convince companies that if they wanted to connect to the Internet they really needed a firewall; how penetration testing evolved to vulnerability assesments and then to security architecture advisory work; convincing clients that you didn't need a browser to talk to a web server; finding an open network jack really did mean you had access to the network; why it's not a good idea for your mainframe to be Internet reachable; rooting a mainframe; and ultimately trying to find ways to get organizations to think about Information Security from a strategic perspective rather than just selling them a bunch of blinky boxes and telling them where to place them. Of course, we've solved all these problems from the early days...or maybe, just maybe there are still lessons to be learned. |
Mr. Jeff Man |
4:00 PM
Saturday |
Closing Ceremony |
| Let's see how this went! |
Russ Handorf |
5:00 PM
Saturday
Closed |
