Workshops

DEFCON LinkedIn Group DEFCON Facebook Page DEFCON Twitter DEFCON RSS Feed

New for Def Con 19, Workshops extends the experience of learning to the classroom. Take your time and get it right by getting some hands-on time with hardware, software, and picking the minds of some of the most interesting hackers in their fields. Bring your thinking cap and get ready to be schooled. Registration is on-site, cash-only, limited capacity, first-come, first-served, and opens 18:00 Thursday and continues Friday and Saturday opening at 08:00. Sessions start at 10:00 sharp, Friday and Saturday, and will go till 19:00.

Embedded System Design: From Electronics To Microkernel Development.

The workshop consists of a introduction on the embedded systems design. We'll start building a simple electronic embedded system design (microcontroller plus LCD) on the breadboard/protoboard. This will be used as target platform. Later I pretent to talk about the low level side of C language as bit-fields arrays and bit-wise operations, pointers to fixed memory addresses/registers, how to access the microcontroller peripherals etc. These will be the base to develop a full embedded micro-kernel using ISO-C without the standard libraries. Some of the standard libraries will be coded by the presents to suit the low memory requirements of the embedded system.

How you will spend the day in the workshop: The concepts will be gradually presented with practical labs between them. It is a really practical workshop. Maybe some board soldering in intervals. I'd encourage people experiment even with different peripherals apart the LCD hacking the most of the microcontroller.

What you will get out of this workshop: You will have a better understanding on the electronics-programming relationship and how these questions can impact on the kernel development. Aside you'll get a deep knowledge in the kernel basic functions (processes scheduling, i/o drivers controller etc.)

What to bring to get the most out of it: It is required that you bring a computer/laptop. All attendees will get a free kit containing:

- One breadboard/protoboard
- One text LCD display (2x16)
- One 5v DC source
- One 10kOhm potentiometer
- One programmer/debugger (PICkit3)
- One microcontroller (PIC18f4550)
- Few leds and lots of resistors

What you should do in advance to prepare: I'd be using MPLABX beta (easier to use, available in Linux, based in netbeans!) SDCC compiler, GPUtils assembler/linker and my plug-in to attach all these (maybe the plug-in will be released on the beta 6). About the gear is the 5v dc source, 16*2 LCD, the microcontroller, the protoboard and the programmer (maybe I can get some for those who could not afford).

return to top

Car Hacking

Understand the fundamentals of Vehicle Network topology, data, Vehicle Network Protocols, Diagnostic Protocols, Immobilizer and vehicle data security.

How you will spend the day in the workshop:
* Introduction
* What is Vehicle Network Communications (Demo)
* Compare Vehicle Comms vs. Ethernet
* Compare Vehicle Comms vs. TCP/IP
* Types of Vehicle Network Physical Layers
* J1850 PWM/VPW
* LIN/ISO 9141
* CAN Bus
* SWCAN
* LSFT CAN
* DW CAN
* Devices Used to Connect to CAN BUS
* Arduino (Demo)
* neoVI/ValueCAN (Demo)
* Generic ELM Tool
* DW CAN Bus Physical Network (Wires and Resistive Properties)
* CAN BUS Data Frame
* IPC or other Controller (Demo)
* Understanding the data on the Bus: Diagnostic Message vs. Normal Messages
* Reverse Engineering Normal Messages (Demo)
* Diagnostic Protocols
* OBDII
* ISO 14239
* ISO 14229
* GMLAN
* Commanding the Vehicle Controllers using CAN BUS
* Understanding Security Systems
* Controller Security Access (Possible Demo)
* Immobilizers (Possible Demo)
* Q&A
* The autoAPIa Project/Users/neil/Downloads/changes.txt

What you will get out of this workshop: A hunger to hack your own vehicle when you get home.

What to bring to get the most out of it: An open mind.

What you should do in advance to prepare: Go to my blog: www.CanBusHack.com

return to top

The Art Of Exploiting SQL Injection

This is a full day hands on training course which will typically target penetration testers, security auditors/administrators and web developers to learn advanced exploitation techniques. SQL Injection, although now nearly 15 years old, still exists in over 30% of the web applications. This vulnerability could typically result in 3 scenarios:

     1. Authentication Bypass
     2. Extraction of arbitrary sensitive data from the database
     3. Access and compromise of the internal network.

To identify the true impact of this vulnerability it is essential that the vulnerability gets exploited to the full extent. While there is a reasonably good awareness when it comes to identify this problem, there are still a lot of grey areas when it comes to exploitation or even identifying complex vulnerabilities like a 2nd order injections. This training will target 3 databases:

     MS-SQL
     Mysql
     Oracle

and discuss a variety of exploitation techniques to exploit each scenario. The aim of the training course is to address the following:

1. Identify the most complicated sql injections which are beyond the scope of any automated tool?
2. Identify and Extract sensitive data from back-end database?
3. Privilege Escalation within the database and extracting data with database admin privilege?
4. OS code execution on these database server and use this as a pivot to attack internal network?


How you will spend the day in the workshop:

Introduction to SQL Injection

1. Identifying SQL Injections

2. Exploiting SQL Injections

      With Error Messages enabled
      With Error Messages disabled
      Blind Injection
      Union Queries
      Time delays
      Out of Band Channels
      Heavy Queries

3. Advanced Topics:

     1. Injection in Order by, group by, limit
     2. 2nd Order SQL Injections
     3. Exploiting Non Interactive SQL Injections
     4. SQL injection vs prepared statements and bind parameters
     5. Injection in stored procedures
     6. OS code execution under MS-SQL, Mysql and Oracle from web apps.
     7. Database password hashes

What you will get out of this workshop: The following are the objectives of the course:

1. In-depth understanding of the problem of SQL Injection
2. Learn a variety of advanced exploitation techniques which hackers use.
3. Learn how to fix the problem

What to bring to get the most out of it: One laptop, with vmware player installed

Pre-requisite: The official operating system for the course in Microsoft Windows

Aleksander Gorkowienko Senior Information Security Consultant and Penetration Tester at 7Safe Ltd. (UK). In the IT industry since 1997, always being happy to play with various high-tech toys. With wide area of interests and rich business experience (development, design and maintenance of software, dealing with various IT systems) now deeply involved into IT Security area. For everyday helping to strengthen the security of business applications and corporate infrastructure for enterprises across the UK:banks, e-commerce, production, public sector, etc. Specially interested in databases and applications security (web applications and windows apps). Also responsible for preparing and delivering training courses (i.e.:Certified Application Security Tester -CAST or Secure Coding for Web Developers) and creating a variety of hacking challenges.

return to top

Engineering Crash Course

The majority of hackers tend to be highly specialized and biased toward software and electronics. Unfortunately, in order to produce some of the more epic projects, physical hardware must often be designed and produced. The knowledge required to actually build projects like vehicles, weaponry, and giant mech suits to scare your friends is generally embedded somewhere within the curriculum of various university engineering degrees. Therefore, a commitment of four years of your life and/or a great deal of money is usually required, and the courses themselves are rather boring at times. However, a very strong base of various types of design-applicable knowledge can, in fact, be developed in one day. Anyone who has had basic math and physics classes can learn the handful of equations and methods that are most useful for making sure your tinkering and hacking type projects don't break or explode unexpectedly. Over the course of eight hours, the Engineering Crash Course will teach the basics of: Machine Design (frame parts/sheetmetal/nuts & bolts/bearings/shafts/etc), Solid mechanics (stress/strain/failure analysis/factor of safety), Control Systems (PIDs, tuning methods, block diagrams), Flight (rockets/airplanes/lift/drag/thrust), Machining (mills, drills, saws, lathes, grinders), Materials (metals, composites, plastics) Testing (test design/failure/sensors/instrumentation). Throughout the sections, a collection of free and helpful resources will be offered in the form of papers, web links, tutorials, etc. The final hour will be spent as an open evil genius Q&A/brainstorming session in order to share ideas and get specific information from the instructor.

How you will spend the day in the workshop: Each sub-topic will last approximately an hour, and will be presented mostly via LCD projector. A 40 minute lecture will be given on each topic, followed by a Q&A period. Whiteboard will be used to explain relevant math/equations/etc.

What you will get out of this workshop: The basics of what's needed to produce more physical hacks.

What to bring to get the most out of it: Brain, basic math skills, laptop/tablet.

What you should do in advance to prepare: Make a list of the ideas you couldn't execute because you can't turn a wrench or make a custom case, etc… Identify your weaknesses and prepare to fill in the blanks.

Justin Karl is a PhD candidate at the University of Central Florida, but has been at work hacking and tinkering since he was setting dip switches on the 300bps modem on his Commodore 64. He has 2 degrees in aerospace engineering, and a degree in physics. His PhD will be in mechanical engineering. He has taught university-level engineering courses for about 5 years now to pay his way through the program, and is a walking database of theoretical and practical engineering knowledge. He doesn't have all the time he wishes he did to pursue the l337 stuff he used to, but would like to give an engineering primer to those who still can crank out railguns, rockets, and mechanized armor in their garages and basements.

return to top

Open Source Intelligence Gathering for pen-testing with FOCA PRO

In this training attendees will learn how to use FOCA PRO in a fingerprinting process within a pen-testing project. Attendees will obtain a copy of FOCA PRO 2.6 and will learn how to combine FOCA with other tools just as Evilgrade, Spider Tools, etc...

How you will spend the day in the workshop:
- Foot-printing
- Targeting domains and alternate domains
- Fingerprinting
     Service Fingerprinting
     OS fingerprinting
     Google/Bing/DNS fingerprinting
     FOCA & Burp Proxy spidering
     PTR Scanning
     Internal PTR Scanning
     DNS analysis
     Digital Certificates analysis
     Thrashing services
     Metadata fingerprinting
          Document exploration
          Document recognition
     Network mapping with FOCA
          Hand tuning
     DNS Cache Snooping
     Role Oriented Analysis
     FOCA & Evilgrade
     FOCA & AV bypass
     DLP Techniques

What you will get out of this workshop: How FOCA Pro can be used in pen-testing processes.

What to bring to get the most out of it: Laptop. FOCA Free Installed.

What you should do in advance to prepare: Install FOCA Free/FOCA Pro, Burp Suite

return to top

Mobile Hacking Workshop by HotWAN

Participants will be introduced to multiple smartphone technologies and development environments. They will have opportunity to inspect / audit mobile apps, circumvent operating systems, leverage mobile forensics and conduct / witness network based attacks.

This workshop is interactive and participants MUST prepare and speak 5 to 7 minutes on their knowledge /research in Mobile Hacking.

How you will spend the day in the workshop:

Attendees will be working with mobile technologies such as iphone, ipads, android and blackberry. They will have opportunity to inspect / audit mobile apps, jailbreak / root, leverage mobile forensics and perform multiple types of network-based attacks.

What you will get out of this workshop:

1. Establish a baseline and provide a better understanding of Today's Trends and Emerging Threats in the Mobile Space.
2. A thirst for more

What to bring to get the most out of it:

1. Preferably a Mac with VMFusion installed or Windows 7 laptop with VMWare installed
2. Around 35Gig of drive space needed for VM images distributed in Workshop
3. Participants are highly encouraged to bring their own lab smartphones / tablets and use at their own risk. Though unlikely, one such risk is that the device may get 'bricked' in a lab exercise and may not function ever again. (Caution will be given for some of the labs.)

What you should do in advance to prepare:

1. Working Knowledge of Web Hacking Techniques
2. Mac, Linux and Windows experience helpful

return to top

Wi-Fi Security Megaprimer (Beginner to Advanced)

This workshop will provide a highly technical and in-depth treatment of Wi-Fi security. The emphasis will be to provide the participants with a deep understanding of the principles behind various attacks and not just a quick how-to guide on publicly available tools. We will start our journey with the very basics by dissecting WLAN packet headers with Wireshark, then graduate to the next level by cracking WEP, WPA/WPA2 and then move on to real life challenges like orchestrating Man-in-the-Middle attacks, creating Wi-Fi Backdoors and solving some live CTF style challenges together!

A non-exhaustive list of topics to be covered include:

• Understanding WLAN Protocol Basics and Header Structure using Wireshark
• Bypassing WLAN Authentication - Shared Key, MAC Filtering, Hidden SSIDs
• Cracking WLAN Encryption - WEP, WPA/WPA2 Personal and Enterprise, Understanding encryption based flaws (WEP,TKIP,CCMP)
• Attacking the WLAN Infrastructure - Rogues Devices, Evil Twins, DoS Attacks, MITM
• Advanced Enterprise Attacks - 802.1x, EAP, LEAP, PEAP, IPSec over WLAN, SSL MITM, Evading Wireless Intrusion Prevention and Detection systems
• Attacking the Wireless Client - Honeypots and Hotspot attacks, Caffe-Latte, Hirte, Ad-Hoc Networks and Viral SSIDs, WiFishing
• Breaking into the Client - Metasploit, SET, Social Engineering
• Enterprise Wi-Fi Worms, Backdoors and Botnets
• Wireshark as a Wireless Forensics Tool
• Secure Wi-Fi network architecture and design
• Programming and Scripting Wireless packet sniffers and Injectors for fun and profit

Participants will do dozens of hands-on lab sessions and participate in Wi-Fi CTF style challenges of varying difficulty at various stages of the training. Participants will receive 8 hours of video lectures on Wi-Fi Security free of charge along with this training.

What will your get out of this workshop? After this training, participants should be comfortably able to conduct Wi-Fi penetrating tests and audits, as well as propose best practices for securing Wi-Fi networks.

What to bring to get the most out of it?
An eagerness to learn quickly! We are covering a LOT of technical matter in 1 day (typically I cover this in a 2 Day training)
Participants will need to bring along their laptops with a Backtrack 5 instance installed dedicatedly or as a virtual machine in
VirtualBox. A Wi-Fi card which is capable of packet sniffing and injection (ALFA Networks AWUS036H would be a good choice)

What you should do in advance to prepare? Get comfortable using BackTrack 5 and at least have some basic knowledge of WLANs.

Vivek Ramachandran started working on Wi-Fi Security since 2003. He has spoken at conferences such as Defcon and Toorcon on Wireless Security and is the discoverer of the Caffe Latte attack. He also broke WEP Cloaking, a WEP protection schema in 2007 publically at Defcon. Vivek is the author of the book "Wireless Penetration Testing using BackTrack 5" due for release in August 2011. He was one of the programmers of the 802.1x protocol and Port Security in Cisco's 6500 Catalyst series of switches. He was one of the winners of Microsoft Security Shootout contest held in India among a reported 65,000 participants. He is best known in the hacker community as the founder of SecurityTube.net where he routinely posts videos on Wi-Fi Security, Assembly Language, Exploitation Techniques etc. SecurityTube.net gets over 100,000 unique visitors a month. Vivek's work on wireless security has been quoted in BBC online, InfoWorld, MacWorld, The Register, IT World Canada etc. places. This year he is either speaking or training at Blackhat, Defcon, 44con, Hacktivity, HITB-ML, Brucon, Derbycon, HashDays, SecurityByte and MIT, Boston.

return to top

How To Present With Impact

You are a great person - a unique and special snowflake - you have brilliant ideas and you are completely ineffective at getting those ideas out of your head and to an audience. If you have used more than 4 fonts in a powerpoint deck or a font size less than 24pts - you need to be here. If you have ever read your talk from speakers notes (or worse, read aloud only the words on the screen) - you need to be here. Join this *highly interactive* workshop during which there will be some instruction and a whole lot of "working together to improve" with the aim of getting from *Idea* to *Delivery* with two practice sessions in workshop format with your fellow attendees. Stop producing presentations that look like crap and fail to get your point across. **NOTE** There will be a tool released at this talk - not a 'sploits make me leet' tool, but a tool that will make you not look like crap as often. **NOTE** Laptop w/ presentation software (Keynote, Powerpoint, (Open|Libre)Office.org Present) is absolutely required.

How you will spend the day in the workshop:
1/ Introduction
     + The many ways of screwing up
      + Critical self-evaluation

2/ Better Presentations
     + Introduce "the tool"
     + Planning
     + Outlining
     + Writing
     + Revising
     + Noting
     + Storyboard
     + Slide Development
     + How to use the tools to your advantage
          - Templates and "Look"
          - Transitions
          - Presentation Mode
          - Technical Fail Prevention

3/ Better Presenter
     + Look the Part
     + Body Language
     + Hands and Arms
     + Expression
     + Voice
     + The "um's and ah's"
     + Questions & Answers
     + Handling Feedback

4/ Hands-on Exercise - Conference Talk
     + In single or small groups, work through the process of developing a talk (5 minute finished length) and building out the presentation and selected "join the stage" presentations

5/ Hands-on Exercise - Business Talk
     + In single or small groups, work through the process of developing a talk (5 minute finished length) and building out the presentation and selected "join the stage" presentations

(Numbers 4 and 5 are of variable length depending on how much time is allocated by DEF CON)

6/ Summary and Wrap-up
     + Reiterate main points
     + Q&A

What you will get out of this workshop: In a manner similar to my previously accepted DEF CON talks, I'm attempting to teach. A lot of conference content is completely ruined by *BAD* speaker habits - and the same problem exists for many DEF CON attendees in their own work lives - great ideas hit the floor with a thud because the presenter is so awful. Rather than point fingers and laugh derisively (save that for other people's talks!) why not attempt to get a group of people together to learn together. I am not an expert, but I'm told that I'm pretty good - can we bring other people up in capability? I think so. I'm going to release (creative commons) a bunch of templates that I use to put talks together - having a framework to get you from "aha" to "done" is not widely available and certainly not free. With 8hours to spend and a small group, it's possible to actually focus on specific issues - we can record presentations and do a "post action report" and hopefully get people moved up from muttering nervously or reading to the point where they stand tall, smile, keep their tics under control and deliver presentations that don't suck.

What to bring to get the most out of it: Laptop with presentation software (Keynote, Powerpoint, (Open|Libre)Office Present)

What you should do in advance to prepare: Just make sure the software is installed.

return to top

Hosting Sites as I2P eepSites and Tor Hidden Services

Part 1: Getting up and running with sites as I2P and Tor

Most of you have probably used Tor before, but I2P may be unfamiliar. This workshop will cover installing both in Windows and Linux, as well as how to find resources on the darknets and common pitfalls that may reveal your identity.

Outline of how people will spend the day in your workshop: Setting up Tor and I2P, as well darknet hosted websites and services to visit.

What people will get out of this workshop: Knowledge of how to get around in I2P and Tor.

What people will need to bring to this workshop to get the most out of it: A laptop, Linux or Windows. The will be a slight leaning towards Windows in the demos.

Part 2: Hosting services as I2P eepSites and Tor hidden services

Ever wanted to host something but not have it tied back to you? Don't know what VPS to trust? How about hosting it in I2P or Tor? This workshop will cover how, along with some of the pitfalls that may give your identity away.

Outline of how people will spend the day in your workshop: Setting up an I2P eepSite and a Tor hidden service on their laptop of virtual machine. They will then have the knowledge to set it up on a more permanent basis at home.

What people will get out of this workshop: Knowledge of how to host I2P eepSites and Tor hidden services.

What people will need to bring to this workshop to get the most out of it: A laptop, Linux or Windows. The will be a slight leaning towards Windows in the demos.

return to top

Binary Instrumentation for Hackers

Binary instrumentation, in particular Dynamic Binary Instrumentation (DBI), is a valuable tool for hackers. Recently more and more people in the hacker / information security community are starting to pay attention to it (see recent works by ZDI for example) but it is still relatively unknown. This is a huge miss because this is a valuable tool for every hacker / security researcher. The aim of this workshop is to introduce people to the basic concepts of DBI and get them started on using it for hacking using the Pin binary instrumentation engine (pintool.org). For those unfamiliar DBI can be used for vulnerability detection, pre-patching vulnerabilities, de-obfuscation, forensics, taint-analysis and much more.

Being able to develop C/C++ code is a must for this workshop. You don't have to be a super programmer but you have to be able to write C/C++ code.

How you will spend the day in the workshop:
1.An introduction to DBI and the various usages it has for hacking and information security will be given.
2.The Pin DBI engine will be presented: We will cover the basics of how it works internally and how to use it.
3.We will start implementing various DBI tools for hacking / InfoSec usages, for each tool:
·The concept will be presented and potentially some capability of Pin required to implement it
·You will be given time to implement the tool on your own and test it on target programs that will be provided
·An example solution will be provided and reviewed

I'm still deciding on the particular tools but ideas include tools to automatically detect certain security vulnerabilities in binary code, a simple taint analyzer, a tool to patch a vulnerable server in real time, transparent debugging techniques (e.g. for forensics), anti-obfuscation and more...
Wherever possible I will try to use real-life examples in the practical exercises but only if it won't hinder the workshop progress.

What you will get out of this workshop:
·A working knowledge on how to write an instrumentation program and how to learn more on the subject.
·An understanding of how to apply the knowledge gained for hacking purposes.
·A working environment for developing binary instrumentation tools.
·Several examples of DBI tools for hacking and some practical experience in writing and using such tools.

What to bring to get the most out of it:
·A laptop with the required software pre-installed (don't forget your power cables!)
·Make sure you have internet access (WiFi, 3G or however) or be ready to share a USB stick with others.

What you should do in advance to prepare:
·Learn C/C++ if you don't already know – C/C++ programming knowledge is a must
·Prepare a working development environment on Linux with GCC. You will need to get a Linux VM if you're running Windows. I recommend using BackTrack5 with VMware Player.
·Install Pin – download it from www.pintool.org and compile the examples (run "make" in the root of the unpacked zip) to make sure your development environment works
·Optional – have a Windows development environment with MSVC and Pin for Windows installed on it (we will not be focusing on Windows due to time and complexity limitations but you can still use it and I will try to help if it doesn't hinder the workshop)

return to top

MITM workshop: The League of Extraordinary Middlemen

Got Layer 2 access? Make local networking "all about you" just by helping to send packets along on their happy way. This workshop is all about man-in-the-middle attacks and how they can be useful for everything from snooping to session takeover. Covering techniques from the "tried-and-true" ARP Poisoning attack to the latest SLAAC attack, this workshop will arm attendees with powerful inside knowledge about technology implemented on virtually every Local Area Network. Attendees are encouraged to bring a laptop that is compatible with Backtrack 4 ‹ a copy including additional necessary tools will be provided.

How you will spend the day in the workshop:
1. Overview of Layers 2-4 (30 minutes)
     1. IPs and MACs
     2. Bridging vs Routing
     3. TCP, UDP basics
     4. Activity: Get connected to network, sniff network traffic and discuss
     5. Find a partner for next exercises

2. Man-in-the-middle overview (30 minutes)
     1. Goals of the attack
          1. Sniffing / recording / data stealing
          2. Modification
          3. Injection
          4. Takeover / impersonation
     2. Common techniques overview
          1. ARP poisoning
          2. Rogue DHCP
          3. Wireless karma attacks
          4. Dynamic DNS modification
     3. Activity: arpspoof + ip forwarding MITM your partner

3. ARP Poisoning with ettercap (1 hour)
     1. Focus on ettercap features and usage
          1. Easiest usage patterns - real world pentesting examples
          2. Etterfilter explained
          3. UNC injection attack explained
     2. Activity: Make your own SSL strip

4. DHCP Starvation (30 minutes)
     1. Overview of attack scenario
          1. Starving the lease pool
          2. Becoming your own DHCP server
          3. Advantages of offering your own DNS
     2. Activity: Using metasploit for DHCP exhaustion and DNS spoofing

5. Karma attacks (1 hour)
     1. Overview of attack
          1. "Remember this network" behavior
          2. Answering for every request
          3. Getting clients by spoofing deauthentication
     2. Activity: Karma + deauthentication trainer machine plus anyone
with compatible wireless cards

6. Dynamic DNS (30 minutes)
     1. Overview of attack
          1. Bad config on Windows Servers / ISC DHCP
          2. Unauthenticated changes to DNS records
          3. Great WAN-friendly man-in-the-middle L2 not required
     2. Activity: Attack misconfigured ISC Bind9 and change IP

7. Session takeover with thicknet (1 hour, 30 minutes)
     1. Differences between session manipulation and takeover
     2. Overview of attack
          1. ARP MITM using vamp
          2. Gathering a sled how it works
          3. Taking over the session / interactive access
     3. Activity: Takeover your partner's SQL session

8. SLAAC Attack (1 hour, 30 minutes)
     1. IPv6 basics
     2. Availability in modern OS's
          1. Preferential treatment
          2. Activated by default
     3. Attack in detail
          1. Offering RA's, encouraging SLAAC to set network prefix
          2. DHCP6 DNS specification
          3. NAT-PT, broken but useful standard
     4. Activity: Perform SLAAC attack against partner
     5. Reference to Alec Waters' article

9. Review and Q&A

What you will get out of this workshop: In-depth knowledge of many types of man-in-the-middle attacks.

What to bring to get the most out of it: Laptop compatible with Backtrack 5, network cable, wireless card that supports injection, 2GB USB stick.

What you should do in advance to prepare: Familiarity with Backtrack 5 is a plus. Also, many of the MITM concepts are covered in our whitepaper, "Oracle Interrupted, Stealing Sessions and Credentials" https://www.trustwave.com/downloads/spiderlabs/Trustwave-SpiderLabs-Oracle-Interrupted-Henrique-and-Ocepek.pdf

return to top

Hacking the Male and Female OS (Men are from Windows, Women are from Linux)

You wouldn't use the same attacks for different operating systems so why would you use the same social engineering attacks for men and women? The male and female brains are as different as Linux and Windows. This principle applies to male and female targets as well as attackers. Social engineering attacks are not one size fits all. As a female social engineer the majority of traditional social engineering attacks didn't work for me so I had to get creative.

Throughout the day we'll cover the basics then dive into non-traditional topics such as spycraft, acting, pressure sales, the psychology behind them, and how it all applies to the social engineering that we know and love. We'll then build on these fundamentals to explore mechanics of the male and female brain and how to attack vectors for each. Once we've covered the in-class material we'll take it to the streets to put it to the test. This session will be especially useful for aspiring social engineers, those who provide social engineering training, and anyone who wants to learn new twists on some old tricks.

How you will spend the day in the workshop: The first few hours of the workshop will consist of material overview (mostly slides and video clips). Then we'll hit the streets to test some of the material covered and will regroup to discuss results of the exercise, real world experiences of class attendees, and have a quick review of available resources for additional information.

What you will get out of this workshop:
-An understanding of female-based attack vectors and how they can be utilized alone or in conjunction with traditional methods
-How to "play the part" of a social engineer
-Female/Male brain mechanics and specific attack methods
-The psychology behind spycraft and pressure sales and how to apply it to social engineering

What to bring to get the most out of it: An open mind and something to take notes with.

What you should do in advance to prepare: Nothing. Just show up and be ready to learn and participate. This material is suitable for beginner and experienced social engineers.

return to top