SOTB will have multiple talks from a wide range of speakers, across many topics, and suitable for beginners to advanced!
A few of them will include workshops where you'll get to have "hands on" approach to the talk.
Our tech talks are happening December 29th 2023. Not participating in the CTF? You can still come out and listen to the tech talks and take part in the workshops for free. Register Now!
- Wi-Fun Hacks 101DJ Stack
- Welcome to the "Wi-Fun Hacks 101" class, where we'll turn your wireless woes into Wi-Fi wows!
Have you ever felt like your Wi-Fi connection is more mysterious than a magician's disappearing act? Well, fear not, because we're here to unlock the secrets of the cyberwaves and make Wi-Fi your best friend (or frenemy, if you prefer)!
In this class, we're diving headfirst into the wild world of Wi-Fi hacking. We'll teach you how to crack open the vaults of WEP like a digital safecracker on steroids, and make WPA/WPA2 look like a Sudoku puzzle for toddlers. Evil twins? They're not just a plot point in a spy movie; they're your ticket to Wi-Fi world domination (kidding, don't do that). And the grand finale? We'll introduce you to WPA3, the Fort Knox of Wi-Fi security, and show you how to at least wave hello to it from a distance.
But remember, folks, with great power comes great responsibility! We're not training an army of Wi-Fi bandits here; we're just having a bit of Wi-Fun. So put on your hacker hoodie, grab your energy drinks, and join us for a hilarious journey into the wild world of wireless wizardry. Just don't blame us when your neighbors start asking for your secret Wi-Fi sauce!
LABS WILL BE PROVIDED ON A
LIMIT 25 participants. FIRST COME FIRST SERVE
- Social Engineering the InterviewAndy Lewis
- An interviewing technique including a handful of questions helped me get from laid off to a verbal offer in 8 days in Oct 22. I'm willing to share.
- Windows Kernal Vuln HuntingRobert Haws
- The goal is to provide a beginner friendly workshop targeting the Windows Kernel regarding vulnerability research. We will have to cover some general concepts within the windows kernel such as user mode <-> kernel mode communication, kernel objects/structures and their purpose.
People will follow along, building a user mode application to communicate with a kernel driver directly through IOCTL codes and indirectly through the Windows UM API (as intended by Microsoft).
We will also cover setting up a kernel debugger (people will need to bring a laptop that can run 2 windows VM's at a time).
Hands on walk through of a windows kernel bug discovered by VerSprite VS-Labs, building a proof of concept, performing static and dynamic analysis along with triggering the bug by bypassing checks and providing proper input.
- Introduction to IoT device exploitationChris Williams
- Intro to exploit writing for 64 bit ARM, RISCv5, and other IoT device architectures
- Memory Forensics with volatilityChris Williams
- Hands on workshop analyzing memory images with volatility of malware on windows and linux
- Hail NOPE-Non-http proxy exploitationJosh Summit
- I've developed the NOPE proxy for intercepting and manipulating non-HTTP traffic commonly used in mobile and IoT devices. During this presentation, i'll show how to use the NOPE proxy to intercept non-HTTP traffic in a black box mobile application and decode non-human readable packets, like protobufs, into something human-readable. Once we have decoded traffic we can update the packets in realtime with NOPE's Python mangler before sending the packets to the client or server.
- Mastering the art of Cybersecurity talksFrom Topical selection to Technical TriumphsJames Honeycutt
- Unlock the secrets of delivering captivating and successful cybersecurity presentations in our informative session. We'll guide you through the essential elements of a compelling cybersecurity talk.
Topic Selection: Choosing the right topic is paramount. Learn how to pick subjects that are both relevant and captivating, ensuring your message resonates with your audience.
Building Self-Confidence: Confidence is key to a powerful presentation. Discover techniques for boosting your self-assurance, from thorough preparation to practicing until you're at ease on stage.
Handling Audience Questions: Interacting with your audience is vital. Explore strategies for addressing questions gracefully, demonstrating your expertise and enhancing the presentation.
Tackling Technical Difficulties: Technical glitches can disrupt any presentation. Be prepared with tips and backup plans to navigate these challenges seamlessly.
Don't miss this chance to enhance your cybersecurity presentation skills. Whether you're a seasoned speaker or just starting, this session equips you with the tools to captivate your audience and deliver memorable cybersecurity talks. Join us on the path to becoming a cybersecurity presentation pro!
- Introduction to ARTIC outreach foundationChris Marra
- A short brief on a foundation that is making milestones to fill the void in the Cyber career field.
- A Phoray into PhreakingAaron Ruckan
- Hacker history! An overview of the origins of phone phreaking and a few of the most popular "boxes". This presentation will explore the Blue Box, Red Box, Beige Box while also touching on notable phreaks and their contributions to the hacking community.
- Active Directory WorkshopBlake Towsend
- Title: Advanced Active Directory Pentesting Workshop
Join us for an intensive and hands-on workshop designed for cybersecurity professionals and enthusiasts seeking to master the art of penetration testing in today's modern Active Directory environments. In this workshop, you will delve into the world of Red Teaming and learn cutting-edge tactics to exploit Active Directory systems, starting from an unprivileged user and ultimately gaining Domain Admin access.
Understanding Modern Active Directory: Begin with a deep dive into the latest Active Directory architectures, security features, and vulnerabilities, gaining insights into the core of modern enterprise networks.
Reconnaissance and Enumeration: Learn how to efficiently gather information about your target, discover open ports, identify services, and map the network to create a solid foundation for your penetration test.
Exploitation Techniques: Explore advanced exploitation methods, including privilege escalation, Kerberos attacks, and exploiting known vulnerabilities in Windows environments.
Credential Harvesting: Understand how to steal and manipulate credentials through various techniques like credential dumping, pass-the-hash, and pass-the-ticket attacks.
Lateral Movement: Master the art of moving laterally within the network, using tools and techniques to pivot from one compromised system to another while evading detection.
Persistence and Evasion: Discover ways to maintain access and evade security controls, ensuring that your presence in the network remains undetected.
Post-Exploitation: Explore post-exploitation activities, such as data exfiltration, lateral privilege escalation, and planting backdoors.
Domain Domination: The ultimate goal of this workshop is to guide participants through the process of gaining Domain Admin privileges, showcasing the power of an effective Red Team operation.
Defense and Detection Bypass: Gain insights into how Red Teamers bypass modern security controls and learn how to defend against such attacks.
Real-World Scenarios: Work through practical, real-world scenarios to put your skills to the test, facing challenges that mimic the complexity of today's enterprise environments.
Legal and Ethical Considerations: Understand the importance of conducting penetration testing within legal and ethical boundaries, and the implications of unauthorized access.
Toolset and Resources: Get familiar with a curated toolset and resources used by professional Red Teamers to ensure you're equipped for success.
Who Should Attend:
This workshop is ideal for experienced cybersecurity professionals, ethical hackers, penetration testers, and anyone interested in understanding and exploiting Active Directory environments. Prior knowledge of Active Directory, Windows systems, and common penetration testing techniques is recommended.
By the end of this workshop, you'll be armed with the knowledge and skills needed to navigate and exploit modern Active Directory environments, making you a valuable asset in the world of Red Teaming and cybersecurity. Join us and take your penetration testing abilities to the next level!
long range off grid communcations using LoRaFractumSeraph
- An introduction to the Meshtastic system of long range communications using cheap LoRa dev boards.