Speakers
The mc1322x project
History and motivation of the mc1322x project. Summary of the state-of-the-art and community projects. Summary of available hardware. Getting going with the mc1322x: an introduction to mc1322x-tests. Contiki flyby: what's what and what's where. Outstanding items and directions for the future.
Mar is the Chief Engineer of Redwire, LLC, a prototyping and consultancy firm based in Boston, MA. His main hobbies and interests are _not_ disassembling Freescale libraries (although that was kind of fun), but actually include: machining, welding, circuits, and anything else related to the fabrication of things. He holds a B.S and M.Eng degrees from MIT in Electrical Engineering and Computer Science.
The Little Microcontroller That Can: Awesome uses for the Atmel ATTiny45
An overview of the basics of the ATtiny45 microcontroller and its applications, including RFID tags, audio players, buttons, LEDs, etc
Noah Bedford and Peter Schmidt-Neilsen were home-schooled and are currently at the AS220 Fab Academy. Peter has a background in programming of various types and Noah has a background in breaking small things.
Art to Part - Using tech like 3d printing, rapid prototyping, cnc machining, and computational design to make digital plans into physical parts
You've heard about Makerbot which can print 3d parts in plastic filament, but how about PolyJet, which can print flexible rubber parts from nearly any 3d file? How about printing in steel, clear plastic, fully colored resin, and ceramic? In this talk I'm going to go over some of the developments that have been made in 3d printing and rapid prototyping over the past few years, how to design your projects to use them, and where to find the services to take your concepts and turn them into parts you can play with.
Matthew Borgatti is a hacker, builder and designer who specializes in mechanisms and manufacturing. He's built monsters for movies ranging from Snakes on a Plane to Aliens Vs. Predator II. He's built stop motion sets for the Simpsons. He's worked on giant metal slabs for Raygun Gothic Rocket and the DNA Lounge. He once ate a bear from the feet up so it could watch. His stuff is at http://sinbox.org and he speaks with great authority @gianteye
Windows File Pseudonyms - Strange filenames and haiku
In Windows systems, path and filename normalization routines have some interesting quirks. One file can be referred to with many different filepaths; some are well known, and some are not. The lesser known ways to refer to files are not often considered when designing security mechanisms. By referring to files in these strange ways one can, in many circumstances, cause unexpected behaviour in systems which do not account for alternate prefixes, aliases and mangled versions of filenames. In this presentation, I will show some of these quirks with a live demonstration on real products and how techniques based on these quirks can be used to bypass filters and access control mechanisms, evade IDS detection, alter the way that files are handled and processed, and make brute force attacks to enumerate files easier.
Dan is an independent researcher and lecturer, and also works for Core Security Technologies. Most of his free time is spent playing around with Web-based technologies or locks. Dan was the winner of the "Gringo Warrior" lock bypass competition at Shmoocon V and will be speaking at Shmoocon VI.
The making of a Maker TV show. A Scrapheap Tribute to Isembard Kingdom Brunel
Maker TV from the inside. Watch a never shown in the US episode of Scrapheap/Junkyard, with commentary by the captain of The NERDS, the team from the USA. After the show, I will talk about how the show is made, and answer questions. As for the show, it was a special tribute to the work of the great British engineer, Isembard Kingdom Brunel, made to celebrate his 200th birthday.
Jeff Del Papa is the founder of The New England Rubbish Deconstruction Society; The NERDS, the first and last US team to appear on the engineering series, Scrapheap Challenge/Junkyard Wars. Jeff is a builder of recumbent bicycles, modern editions of ancient siege engines, and other large metal objects. After a quarter century in the computing industry, he now leads team building exercises based on the Junkyard Wars format.
We found Carmen Sandiego!
We can't say what this talk is about yet, but rest assured, it's going to blow you away.
Nick DePetrillo is an independent security researcher with a focus on critical infrastructure. Most recently, Nick was a senior security consultant with Industrial Defender performing physical and electronic security assessments for utility companies and power plants. Nick also researched Smart Grid/AMI hardware and software security issues while at Industrial Defender. Previously, he worked as a research and development engineer for Aruba Networks, concentrating on wireless security threats and prototyping new products. Mr. DePetrillo has also consulted for U.S. government agencies, Fortune 500 companies, and worked as a network security engineer for an Internet2 giga-pop. Nick has presented new security threats and mitigation techniques at both national and international conferences.
Don Bailey is a security consultant with iSEC Partners, Inc. Don has found and exploited unknown vulnerabilities in both userland and kernel code on many popular computing platforms including Mac OSX, Linux, FreeBSD, and OpenBSD. He also has a strong background in network protocol analysis and root-kit design and detection. Don's prior work includes threat assessment for a wide range of clients, including the financial sector, government sector, and Fortune 500 companies. Mr. Bailey has previously spoken at several national and international security conferences on various topics such as zero-day development, root-kit design, and NULL pointer dereferences.
Why you should be an Amateur
Lots of people think the Maker culture is a relatively new phenomenon. However, one group has been doing it for close to a hundred years: Amateur radio operators. While some dismiss amateur radio as an aging artifact from decades ago, today's radio amateurs are building wide area wireless networks, developing digital protocols that use the tiniest of bandwidth, and building radios from scratch. This presentation will review the basics of amateur radio, the advantages over unlicensed devices, and areas of interest you can apply to your existing projects.
Ben Jackson is just another geek from the Boston area. He spends his days doing InfoSec stuff and generally breaking things for a large public sector organization. In his spare time he messes around with computers, VoIP, analog telephones, amateur radio, and generally anything with a button on it. Ben has spoken at DEFCON, HOPE, SOURCE Boston, and various other conferences, and strongly dislikes writing about himself in the third person.
Wifi threats aren't dead, they just moved down the street
Wireless security isn't dead, it's just gotten dumber. We know how to defend APs, but what about the clients?
Dragorn is the author of various open source security tools, including Kismet and LORCON.
Hacking the Crisis: Disaster Prep and Mitigation
As displayed over and over throughout history disasters can and do happen. Three trends tend to be consistent:
- The disasters can and do happen when least expected.
- People and and government are never prepared to handle the situation.
- Government is usually ineffective in preventing the crisis or providing a solution.
Gadsden is an Information Security Engineer by day. By night he's a DC401 member, firearms advocate, home brewer and once a year he packs up and goes to Vegas to be a Goon for DefCon. He'll be our head Security Goon for QuahogCon as well as giving this excellent talk.
How Not to Get Pwnd by Your Clients: Legal Issues for the Information Security Professional
This talk will be a discussion of legal issues for the information security professional. It will discuss common provisions in service and employment contracts, including those you should never agree to and those you always need―to avoid betting your future, and the future of your company, on the hope that nothing will go wrong. Ever. In short, this talk will help you keep yourself out of trouble. Topics will include dealing with "standard" contracts and "standard" provisions; what it means to "indemnify" someone else; how to protect your intellectual property and confidential information; and other dangers, including warranties and audit-rights provisions. It will also cover some negotiation strategies.
Richard Goldberg, a software architect turned attorney, represents both companies and individuals, including private software companies, public OpenSource companies, information security consultancies, federal appointees, civil service employees, corporate officers, and non- profits. His practice ranges from general corporate work, including spin-offs, acquisitions, and privacy and information security issues, to litigation, including vendor and shareholder disputes and government investigations. Prior to joining the legal profession, Mr. Goldberg worked at Internet start-ups and commercial and government consultancies designing enterprise-level software systems for Fortune 500 companies, government agencies, and the U.S. military. Mr. Goldberg is a graduate of Duke University Law School.
Keynote - New Research TBA
Dan will be presenting new research at QuahogCon. He hasn't let us know what it is yet, but knowing him, it's bound to be something interesting
Dan Kaminsky is a security researcher and Director of Penetration Testing for IOActive. He formerly worked for Cisco and Avaya. He is known among computer security experts for his work on DNS cache poisoning, including showing that the Sony Rootkit had infected at least 568,200 computers and for his talks at the Black Hat Briefings.
Advanced SQL Injection
Advanced SQL Injection is a presentation geared toward showing security professionals advanced exploitation techniques for situations when you must prove to the customer the extent of compromise that is possible. The presentation also covers bypassing common security solutions.
Joe McCray has 8 years of experience in the security industry with a diverse background that includes network and web application penetration testing, forensics, training, and regulatory compliance. Joe is a frequent presenter at security conferences, and has taught Ethical Hackng and Web Application Security at Johns Hopkins University (JHU), University of Maryland Baltimore College (UMBC), and several other technical training centers across the country.
Security, Stupidity and Employability
You do IT for a living, or you're just security curious. Maybe you read 2600 while you're on break or you find a vulnerability at work and report it to your boss. Instead of a pat on the head, you're fired and shown the door quickly. How do you protect your job while doing good?
I'll discuss a few case histories, relevant U.S. and state laws. I'll suggest what you can do to protect yourself and stay employable, then walk through a few hypotheticals. Audience participation is welcomed.
Alex is an IT pro and a lawyer. Normally he's protecting the interests of his corporate overlords. When he's not discussing the collision of law and technology, he teaches at Temple University, his alma mater. He's spoken at the usual venues: H.O.P.E., Defcon, ShmooCon.
Packing & The Friendly Skies - Why Transporting Firearms May Be The Best Way To Safeguard Your Tech When You Fly
Many of us attend cons and other events which involve the transportation of computers, photography equipment, or other expensive
tech in our bags. If our destination if far-flung, often air travel is involved... this almost always means being separated from our luggage for extended periods of time and entrusting its care to a litany of individuals with questionable ethics and training.
In this talk, I will summarize the relevant laws and policies concerning domestic and international travel with weapons. It's easier than you think, often adds little to no extra time to your schedule (indeed, it can EXPEDITE the check-in process sometimes), and is in my opinion the best way to prevent tampering and theft of bags during air travel.
As a Board Member of The Open Organization of Lockpickers and Co-Owner of his own security auditing company, Deviant Ollam has given numerous physical security presentations and trainings at events around the world. In addition to running the Lockpick Village at events like DEFCON and ShmooCon, He has spoken about locks, access controls, firearms, and security tactics at DEFCON, Black Hat, ShmooCon, HOPE, ToorCon, HackCon, HackInTheBox, LayerOne, Notacon, ShakaCon, DeepSec, ekoparty, and has even had the honor of lecturing the cadets at the United States Military Academy at West Point. His favorite Amendments to the US Constitution are, in no particular order, the 1st, 2nd, 9th, & 10th.
Gender Hacking
Gender (as opposed to physical sex) is a social construct and is therefore susceptible to manipulation and what hackers may call 'social engineering'. Speaking from personal experience, I will discuss various techniques that some members of the transgender community use to alter the perception of their gender. This talk will not focus on the "why", but rather the "how", and may have applications relevant to the broader hacker/social-engineering community.
Joan Pepin is a 15 year Information Security veteran with experience in a variety of industries, such as healthcare, manufacturing, defense, Internet and security service providers. Her experience spans technical, operational, and management levels of security. Her specialties include policy management, security metrics, incident response and security thought-leadership.
Information disclosure via P2P networks: Why stealing an identity via Gnutella is like clubbing baby seals.
In recent news stories. we've been presented with the arrests of several individuals whom have been arrested for stealing identities that they allegedly acquired over P2P networks. Combine this with corporate data leakage via P2P networks, we put on our thinking caps and tried to see how hard it really was. What we found was astounding. We'll share with you our methodologies for evil searches, tools and the results of our findings with real worked examples. We'll show you how to add P2P into your information gathering and reckon program, as well as a tool for detecting information leakage in your organizations.
Larry Pesce (Chief Research Officer, PaulDotCom Enterprises) - Larry is a Security Evangelist and co-host for the PaulDotCom Security Weekly podcast at www.pauldotcom.com. in addition to amateur Maker. Larry is also Co-Author of "Linksys WRT54G Ultimate Hacking" and Contributing author of "Using Wireshark and Ethereal" and "How to cheat at configuring Open Source Security Tools", all from Syngress publishing.
Building the 2010 ShmooBall Launcher
Its a series of tubes! Pneumatic tubes! This talk will describe the infamous 2010 ShmooBall Launcher built by Larry and Darren. This talk will include all of the steps behind the planning and building process for our launcher, as well as the history, and backgrounds for the design. We'll talk about the methods of building, safety considerations for the operator, target and environment, selection of building materials, design considerations and testing. We'll also discuss some of the construction issues, failures and reasons for what may be considered design flaws. Discussion will also be had about improvements made, and how we can improve for next year.
Larry Pesce (Chief Research Officer, PaulDotCom Enterprises) - Larry is a Security Evangelist and co-host for the PaulDotCom Security Weekly podcast at www.pauldotcom.com. in addition to amateur Maker. Larry is also Co-Author of "Linksys WRT54G Ultimate Hacking" and Contributing author of "Using Wireshark and Ethereal" and "How to cheat at configuring Open Source Security Tools", all from Syngress publishing.
Darren Wigley (Intern, PaulDotCom Enterprises) - Darren, an amateur Maker and security evangelist for the PaulDotCom Security Weekly podcast has a passion for learning microcontrollers and firing things at high velocity with air.
Beginner Lock Picking
Introduction to lock picking. The basics and workings of pad locks.
How to successfully pick a lock with techniques such as raking, bumping, and single pin picking. Also, a quick glance at advanced picking such as false sets, and types of security pins.
Rob is a 20 year old CS student. He supports himself doing IT support work.
SHODAN for Penetration Testers
SHODAN is a computer search engine. But is is unlike any other search engine. While other search engines scour the web for content, SHODAN scans for information about the sites themselves. The result is a search engine that aggregates banners from well-known services. For penetration testers, SHODAN is a game-changer, and a goldmine of potential vulnerabilities.
Michael Schearer ("theprez98") is a government contractor who spent nearly nine years in the United States Navy as an EA-6B Prowler Electronic Countermeasures Officer. His military experience includes aerial combat missions over both Afghanistan and Iraq and nine months on the ground doing counter-IED work with the U.S. Army. He is a graduate of Georgetown University's National Security Studies Program and a speaker at ShmooCon, DEFCON, and other conferences. Michael is a licensed amateur radio operator and an active member of the Church of WiFi. He lives in Maryland with his wife and four children.
Great Hackers and Hacks of New England
Jason gave us a blank slate to work with. Seeing as this is a regional conference, we asked him to speak on great hackers and hacks of New England. Jason always gives a great talk, so don't miss this one.
Jason Scott is a full-time computer historian dedicated to saving the stories, data and artifacts of bygone technology. Besides TEXTFILES.COM, his collection of BBS-era data and software, he also has filmed documentaries and acquired thousands of magazines and writes an awful lot of stuff at ascii.textfiles.com. He is also popular on twitter, but is overshadowed by his cat Sockington, who has a million and a half followers. Poor Jason.
Hacking the Arcade: Basketball for Two
Based on the "Hoop Fever" arcade basketball game, our iteration fixes many shortcomings of the original, with modifications to allow for a new gameplay mode: teams. The original could not detect 'rapid-fire' shots entering the hoop, so we used an algorithm based on hill climbing, to detect the shape of objects entering the IR reflection area, and increment the score counter accordingly. Layout improvements were made to optimize the user's interactions with the machine, allowing for easy access to key information even during gameplay. EEPROM high-score storage allows for bragging rights to remain in the event of system failure or power loss. The aforementioned improvements allow for two players to play on one machine in teams, and improve reliability for more serious competition.
Jason Thibodeau received his B.S. Engineering in Computer Engineering from the University of Connecticut in 2007. He has been employed by the New York Stock Exchange in the computer architecture department, as well as OEM Controls Inc. as an embedded software engineer. He currently attends UConn full time, pursuing his Ph.D. in Electrical Engineering. In what little spare time he has, he enjoys programming interactivity on FPGAs and uC's. www.jayt.org
KillerBee: Practical ZigBee Exploitation
ZigBee is a vital component of several emerging technologies including smart grid systems, bridging the devices in your home with the electric utility. With the rush to deploy this technology, few organizations have examined the security threats in this suddenly "critical infrastructure" wireless protocol. Over the past 9 months, Josh has been assessing various implementations of ZigBee technology while building a tool suite designed to exploit these networks. In this talk, the author will present several findings regarding the vulnerabilities in ZigBee networks, demonstrating the KillerBee attack framework designed to exploit ZigBee networks.
Joshua Wright is the author of several tools designed to demonstrate vulnerabilities in wireless networks, an editor for the Wireless Vulnerabilities and Exploits (WVE) project, and a regular speaker at information security conferences. When not breaking wireless networks, Josh likes to work on his house, where he breaks things of a different sort.