Hackers of CypherCon

- Season 1

(2018)

In a time when tinkering with technology was a guarantee for ridicule and torment, a small group of curious explorers were connecting to computer systems, traversing the telephone network, and occasionally causing mischief. Speaking at CypherCon 3.0, Joe Grand talks about previously unheard stories of his early days as a hacker, phone phreak, and troublemaker, following a rebellious path towards the eventual redirection of his passion to serve the greater good.

With more than 20 million YouTube views and fans spanning the globe, Ben is a proponent of computer science education, the DIY movement and equipping his viewers with the tools and knowledge to overcome any obstacle - design-related or otherwise.

Exploring the forensic methodology and tasks using free open source software. We won't be focusing on what tools are available, the focus of the presentation is explaining the methodology and where these tools fit in to the process to get the job done.

This talk will be about hacking/phreaking in the late 1980's, early 1990's, and what the scene was like back then as compared to present times. Tips and tricks that were considered cutting edge back then, and some tricks that still work today. The general attitude around hacking, and hacking 'groups' has matured and evolved over the years, and this talk will give a snapshot into some of the origins of how we got to where we are at today. This will be a talk that touches not only on technical aspects, but also on social aspects of historical hacking.

Software developers often make mistakes when using cryptography in applications, which tends to result in code with dangerous and subtle weaknesses. Some of this can be addressed through training, but should we expect all developers to be cryptography experts? Many developers only know to avoid writing their own ciphers, and rely on one of the many incomplete or incorrect code examples that exist on the internet. To make things worse, most cryptographic libraries in use today are designed to be used by experts and often result in misunderstandings by the average ...

Disciplines such as genetics and chemistry have a long history of discoveries that were initially overlooked and not appreciated for their transformative implications until decades later. These findings were often made by researchers working on the fringes of the mainstream scientific community who published in obscure journals, if at all. Through sheer luck their work formed the basis for larger discoveries. The cybersecurity community has many parallels. If you look at the titles of talks at serious academic conferences, there's a surprising overlap of topics and ...

In this talk, we'll be exploring how wireless communication works. We'll capture digital data live (with Software-Defined Radio [SDR]), and see how the actual bits are transmitted. From here, we'll see how to view, listen to, manipulate, and replay wireless signals. We'll also look at interrupting wireless communication, and finally, we'll even generate new radio waves from scratch (which can be useful for fuzzing and brute force attacks). I'll also be demoing some brand new tools I've written to help in the interception, manipulation, and generation of digital ...

We face a shortage of qualified information security professionals, a high volume of security alerts, and a dynamic threat landscape rapidly evolving toward automated attacks. Security Orchestration, Automation and Response (SOAR) enables defenders to operate at attacker speed by codifying detection and response expertise into automation playbooks. This talk will examine the core components of SOAR, the skills required to design and implement it in your organization, common use cases in detection and response, and potential opportunities for security control testing ...

In the last year, David Bryan has found some pretty stupid security mistakes. Blatantly overlooked controls, or flat out lazy system admins. David will show real-world examples of misuse and abuse, and improper data handling of passwords inside application code. When talking about the security of a system as a whole, we must remember a breech in one system, can lead to a breach on another system because of the implicit trust relationships we build to get the job done. David will cover how he pulled down 1.2M hashes and cracked them and what controls were missed, and ...

Big time farmers are getting rich off fungi. Ripping off consumers and controlling the supply. Don't be cheated by all the claims that science would deny. Learn how mushrooms are medicinal from what the clinical trials imply. From Star Trek to Starbucks, mushrooms seem to be popping up everywhere lately, doing amazing things like fighting cancer, boosting immunity, improving cognition, making Mario SUPER BIG, and sending starships across the galaxy at faster than warp speeds! As our science catches up with our science fiction, marketers are getting away with murder ...

Ever hear the phrase, "Read between the lines?" This usually refers to one's ability to infer hidden meaning from text. This ability has always been reserved for humans (or those who appear human). That is, until now. This session will look at the tools and efforts needed for "Text Mining" or using Data Mining techniques to infer meaning, biases, misconceptions, and/or hidden agendas from common documents. Viewers will leave with a general understanding of the text mining process along with a list of free/inexpensive tools and services they can use to start text ...

"Frequently, people who go along a treasonous path do not know they are on a treasonous path until it is too late", as per testimony from former CIA Director John Brennan, May 2017. The definition of social engineering (SE) is: "any act that influences a person to take an action that may or may not be in their best interest". Using an old US Army acronym called SAEDA, Subversion and Espionage Directed Against the Army, will discuss how today's use of SE is essentially trade craft of espionage, commonly known as spying. "There is no patch for an untrained user or even ...

Military veteran Ken Grigas talks about his time in service during the "Cold War" between the Unites States and the U.S.S.R.

From Crash Override to TRISIS, the past decade has made it clear that the threat of cyber attacks on Industrial Control Systems (ICS) is real, and poses a fundamental risk to our way of life. The demand of ICS security professionals far exceeds the supply. But how does a information security professional learn to function in such a different environment? Mark Stacey and Lesley Carhart of Dragos Inc. (who both transitioned from traditional DFIR) will provide an overview of some great ways to learn about the operational and technical aspects of ICS networks and grow ...

SARS, H1N1, MRSA, Zika, Ebola. The human body is terrifyingly vulnerable. With the rise of novel gene-editing techniques and our increasing knowledge of genomics, we are forced to confront the idea of a microscopic enemy. This talk will explore the not-so-theoretical aftermath of an unchecked pandemic of unknown origin, the monsters we created in our own medical hubris, and the ever-present threat of bio-terrorism. The unpredictability of such weapons, and our inability to create safety brakes for the ones we do create will also be discussed.

Sequestered, Cordoned Off, Separated, even Out of Touch. These words have been used by plenty of non-infosec folks. From Dev teams to Admins, Sales people and more, we get looked at as these mystical people who say NO. The people who are stopping others from doing their job. Maybe it is time for our team to take a different approach.

New developments in Hashcat have brought some new WiFi attack techniques to light. We've taken concepts from classic WiFi attacks, added a little special sauce, and created a whole new attack vector for WiFi devices everywhere. All it takes is a friendly introduction and a little cracking time to gain access to protected networks. Also, Cynosure Prime will be releasing source for a new password cracking technique. Come get some code and that uneasy feeling of being vulnerable.

Steganography is the practice of hiding a message "in plain sight" inside an image, video, sound, text, or file. The practice goes back centuries, and in recent years has seen a rise in use for digital watermarking. Unlike cryptography, steganography seeks to hide even the presence of a message. Steganography can be used for communication, leak prevention, or copyright protection. We'll look at steganographic techniques, analysis, and detection through the lens of digital watermarking.

Risk is important to cybersecurity professionals to justify security controls, to engineers during the requirements phase of an engineering project and to management in project planning. In its Internet Security Threat Report, Symantec reports that in 2016, 791,820,040 data records were breached in the United States, which averages two breaches per American. France, Canada and Taiwan also encountered breaches above or near their population levels - or double it. This begs the question: are we doing and spending enough for security? Risk management states that an ...

Tim Medin discuss the dumbest red team tricks and hacks encountered over the years. We are going to take the A out of APT, because so few attackers really need to use advanced techniques. We'll also discuss the simple defenses that make an attacker's life much more difficult.

The security community hasn't done a great job at making it easy for developers to choose the right algorithms and ciphers for their applications. Even when the right crypto primitives are chosen, subtle programming mistakes can lead to issues with the efficacy of the encryption. This presentation is aimed at helping developers avoid common cryptography pitfalls when encrypting sensitive data by giving guidance on what algorithms to choose and identifying common implementation issues observed in real-world applications.