Programmet er ferdig, men offentliggjøres fortløpende...

Onsdag og torsdag
09.00 - 17.00 postHackCon#10 (trykk her for mer info)
1) Kurs I - red team
2) Kurs II - blue team


Mandag - dag 1
08.15
Dørene åpnes
08.15 - 10.00
Registrering HackCon#10
10.00 - 10.15 Administrativ informasjon
Gjennomgang av agenda for HackCon#10 og praktisk informasjon.

10.15 - 11.00 The art of war in cyberdomain
Professor Olav Lysne, Universitet i Oslo, leder av digitalt sårbarhetsutvalg (Lysneutvalget).

11.15 - 12.00 NetScope - your best friend in proactive defense - US/Norway
In 2015, HackCon celebrates its 10 years anniversary - in this occasion HackCon will release NetScope for free. It's very easy and strait forward to implement NetScope in your organization.

NetScope is a network analysis framework designed to seemlessly integrate with your enterprise boundary protection systems to better categorize traffic, correlate alerts, and provide situational awareness regarding the health of the network. In today's paradigm, if you were asked: "Is our network under attack?" How would you answer this question and what metrics would you use to derive your response? NetScope helps to answer these questions.

In short time, you will be up and running, and will have a good view of what's occurring on your network and systems. The research with NetScope will help you to better identify where attacks are originating from, which system are being attacked, the type of attacks, and much much more.

NetScope functions will amaze you, as this is also a tool for your CEO, CTO, and board directors to easily understand what's going on against your organization in real time. NetScope is a must in your organization, not only to understand the treats, but also how you best can protect your network and systems. And best of all - it's free for you to use!

The presentation will be held by Solomon and Suhail - both core developers of NetScope. Solomon and Suhail are both well known senior security researchers, and have created several innovative security systems in the past.

12.00 - 13.00 Lunsj


13.00 - 13.45 Are you sure you are not bugged?
Espionage at high tech level - UK

Most companies have their own trusted meeting rooms where you leave your phones and computers outside, but do you REALLY know who is still listening? Do you know it's take just couple of minutes to set up total surveillance of your company (including your critical personal), and monitor every step your company make.

No, we are not talking about 'cyber' threats and vulnerabilities; we are talking about the modern art of high tech surveillance. We will demonstrate with live stage demoes how your competitors', criminals, and others, with little effort can control every step your company takes, know your classified and critical information, and trace every move you make.

Yes, you are right, we are talking about high-level espionage to tap your critical information, and control your organization with the latest high tech devices. If you think, you are secure even when you leave all technical device behind you and close all doors, thing twice. We will show you how new and modern surveillance and espionage technology can tap your critical date behind closed doors, and leave you no place to hide. But don't worry, we will also show you, how to do some countermeasures to protect your critical data, your company and personal.

This presentation will be held by Gavin. Gavin currently, in his role as Operations Director for Verrimus Ltd, delivers all Government and commercial Technical Surveillance Counter Measures (TSCM) and Counter Espionage services worldwide.

Gavin has acted as the Senior Team Leader for many high profile TSCM operations, undertaking Government contracts, overseas and within the UK, and TSCM contracts for oil and gas companies, defence contractors, banking organisations, diplomatic staff and high risk individuals. Gavin also led the Verrimus Team that carried out the Technical Surveillance Counter Measures for the Olympic Delivery Authority (ODA) for the London 2012 Olympics.

14.00 - 14.45 Golden ticket to permanent domain admin privilege - Hungary
After compromising a Windows domain, an attacker is capable to create a Ticket Granting Ticket (TGT) by using the krbtgt domain user's password hash to impersonate ANY domain user including the Domain Administrator(s). This ticket is valid for arbitrary time and can be renewed for more. This means full control over the domain for unlimited time, a perfect backdoor for the attackers.

The audience can learn about Kerberos infrastructure, tickets and Windows privilege impersonation through this live demo presentation. It includes mitigations as well, how to defend our domain against these kind of attacks.

The presentation will be held by Balazs Bucsay. Balazs is an IT-Security expert and techie geek, who is mainly focusing on penetration testing. Currently he is working as an Ethical Hacking Engineer for the Vodafone Group Plc, helping to secure the network and services. He is also a well-known speaker in Hungary, he had several talks on various advanced topics (PayPass, XSS worms, distributed password cracking) at different conferences and released several tools and papers about the latest techniques. He has multiple certifications (OSCE, OSCP, GIAC GPEN) related to penetration testing, exploit writing and other low-level topics and degrees in Mathematics and Computer Science.

15.00 - 15.45 How your stolen company data are sold - USA
Over the last decade, data breaches of major retailers in the US have become common and lead to the loss of millions of pieces of personal information and sensitive financial data. In the last year alone, there have been massive breaches of nationwide chain stores which would potentially place consumers at high risk of economic loss due to on-line fraud.

Evidence increasingly demonstrates that data acquired through breaches are rapidly sold via on-line markets operating in forums and shops to prospective buyers around the world. There is, however, generally little research exploring the ways that actors within these markets operate or the extent to which buyers and sellers profit from the sale and use of data.

As a result, it is unclear how actors utilize risk reduction techniques in order to minimize the likelihood of financial losses and ensure successful transactions. This study attempts to explore these issues using qualitative and quantitative analyses of a sample of threads from 13 Russian and English language forums involved in the sale of stolen data. This talk will consider the various forms of data sold, the pricing and profits accrued by market actors, and the techniques employed in order to facilitate successful exchanges between buyers and sellers.

The policy implications of this study for consumers, law enforcement, and security personnel will be discussed in depth to provide improved mechanisms for the disruption and takedown of stolen data markets globally.

This presentation will be held by Dr. Thomas Holt. Dr. Thomas is an Associate Professor in the School of Criminal Justice at Michigan State University specializing in cybercrime, policing, and policy. He received his Ph. D. in Criminology and Criminal Justice from the University of Missouri-Saint Louis in 2005. He has published extensively on cybercrime and cyberterror with over 35 peer-reviewed articles in outlets such as Crime and Delinquency, Sexual Abuse, the Journal of Criminal Justice, Terrorism and Political Violence, and Deviant Behavior.

He has published multiple edited books, including Corporate Hacking and Technology-Driven Crime with coeditor Bernadette Schell (2011), Crime On-Line: Correlates, Causes and Context, now in its 2nd Edition, and a co-author of Digital Crime and Digital Terror, 2nd edition (2010). He has also received multiple grants from the National Institute of Justice and the National Science Foundation to examine the social and technical drivers of Russian malware writers, data thieves, and hackers using on-line data.

16.00 - 16.45 Internet underground, the darksides of Internet - US
Tor, Darknets, Darkmarkets, and Bitcoin are all words that can conjure up images of clandestine meetings in back alleys, whispers in the night, and shady characters buying black market wares.

That's not what these technologies are about, well, they are a bit about that, but this talk will discuss what these technologies are, what they?re used for, and why we need them. We'll discuss how you can use Tor to access Darknets and what to do and see once you're there. We'll talk about some of the seedier side of things, while ensuring we inform you about legitimate uses, and how to stay safe while you're looking around, or making purchases.

And by the time you're done, we'll arm you with all the tools you need to get started doing your own Darknet research, and at the very least, you'll be entertained.

The presentation will be held by Grifter. Grifter is an Information Security Engineer and Researcher located in Salt Lake City, Utah, USA. He has spent over 15 years as a security professional focusing on vulnerability assessment, penetration testing, physical security, and incident response.

He is also a staff member of the Black Hat Security Briefings and DEF CON hacker conference. Grifter has spoken at numerous security conferences around the world, and has been the subject of various online, print, film, and television interviews. He has authored several books on information security, is a member of the DEF CON CFP Review Board and Black Hat Training Review Board, and remains active in his local hacker community as the founder of DC801, and co-founder of the 801 Labs hackerspace.

17.00 - 17.45 Steeling your NFC/RFID data and your identity
How criminal can grab your NFC/RFID data in seconds, and steel you identity and manipulate your data to gain access to your life and money. And depend on your systems, access to your organization, and how you should procted your self. More information will come at end of December.

18.00 - 23.00 Sosialt arrangement
Her har du muligheten til å knytte kontakter og bli kjent med andre. Lett middag og underholdning med mer. Nettverket sørger for middag med mer.
23.00
Dørene låses.

Tirsdag - dag 2
08.15
Dørene åpnes

09.00 - 09.45 Hvordan bedriftsinformasjon lekker gjennom sosiale media selv om du gjør alle mulige sikkerhetstiltak.
Mer informasjon kommer i slutten av desember.

10.00 - 10.45 Hacking highly secured enterprise environments - Netherlands
In theory, post-exploitation after having remote access is easy. Also in theory, there is no difference between theory and practice. In practice, there is.

Imagine a scenario, where you have deployed a malware on a user?s workstation, but the target information is on a secure server accessed via two-factor authentication, with screen access only (e.g. RDP, Citrix, etc.). On top of that, the server runs application white-listing, and only the inbound port to the screen server (e.g. 3389) is allowed through the hardware firewall. But you also need persistent interactive C&C communication (e.g. Netcat, Meterpreter, RAT) to this server through the user's workstation.

I developed (and will publish) two tools that help you in these situations, for you to understand and secure your system better. The first tool can drop malware to the server through the screen while the user is logged in. The second tool can help you to circumvent the hardware firewall after you can execute code on the server with admin privileges (using a signed kernel driver).

My tools has been tested against Windows server 2012 and Windows 8, and they work with RDP or other remote desktops (e.g. Citrix). The number of problems you can solve with them are endless, e.g., communicating with bind-shell on webserver behind restricted DMZ. Beware, live demo and fun included!

The presenttion will be held by Zoltan. Zoltan (@zh4ck) is the Chief Technology Officer at MRG Effitas, a company focusing on AV testing. His main expertise areas are penetration testing, malware analysis, computer forensics and security monitoring. He released the Zombie browser tool, consisting of POC malicious browser extensions for Firefox, Chrome and Safari. He has been invited to present at information security conferences worldwide. He is a proud member of the gula.sh team, 2nd runner up at global Cyberlympics 2012 hacking competition.

11.00 - 11.45 How to remove your systems from Internett - US
Layer 7 DDoS attacks have been on the rise since at least 2010, especially attacks that take down websites via resource exhaustion. Using various tools and techniques - it is possible to defend against these attacks on even a shoestring budget. This talk will analyze and discuss the tools, techniques, and technology behind protecting your website from these types of attacks.

We will be covering attacks used against soldierx.com as well as attacks seen in Operation Ababil. Source code will be released for SOLDIERX's own DDoS monitoring system, RoboAmp.

The presentation will be held by Blake Self. Blake is most widely known for co-authoring the first commercial encrypted instant messenger with Dr. Cyrus Peikari while at VirusMD. He has also worked as a SIPRNET Administrator, Department of Defense Red Team Analyst, and R&D at various corporations. He has been attending Defcon since high school and has given several talks.

He currently works in the financial sector and was directly involved in defending against the DDoS attacks of Operation Ababil. Blake holds a M.S. in Computer Science from Purdue University.

11.45 - 12.30 Lunsj


12.30 - 12.50 Loddtrekning med mer


12.50 - 13.35 How Open-source intelligence (OSINT) are used to take down your organization
Presentation will be held by BBC. More information will come end of December.

13.50 - 14.35 Hvilken regler gjelder i skyen
Vi går gjennom hvilken regler som gjelder i skyen, og hva du spesielt må passe på for at sikkerheten er godt i varetatt når du flytter dine tjenester til skyen. Mer informasjon kommer i slutten av desember.

14.45
HackCon#10 slutt