Tuesday, October 22, 2013

Hack3rCon^4 - Eye Of The Storm

Reflecting on this past weekend, I can't count the number of great memories that I have from Hack3rCon^4. Rob Dixon (@304geek), and the rest of the #304Geeks put on yet another amazing conference in 2013! 

Hack3rCon^4 was held in Charleston, WV, and the slogan was "Eye Of The Storm." The conference was a single track with pen testing workshops, a locksport contest put on by Digital Trust (@digitaltrustllc), an awesome CTF put on by XRG (@the_xrg), and an awesome talk line-up! 

This conference is one of my 'do not miss' items throughout the year. Being from West Virginia, I feel the need to do everything that I can to help my home state change their reputation to that of one representative of a more technical population having been produced there. The state suffers from poverty across most of it, but there is a core group of innovators seeking to change this momentum for the better! The other reason that I feel the need to be in attendance is that it is a conference who's sole goal is to generate funds to support Hackers For Charity. I believe that this is a cause that needs as many people as possible to rally around it and make a difference!

I was honored to be able to present at this year's Hack3rCon^4 conference, and my talk was entitled "Red Teaming Your Bug-Out Bag." Please check it out if you have not already done so, and provide me feedback on how I can better the presentation! For more information, and the Amazon shopping list containing the items mentioned in the presentation, please consult my previous blog posting.

It was a little overwhelming to see my name listed among such an esteemed group of information security professionals in the talk lineup.  The presenters did not disappoint either! There were so many great talks and Adrian Crenshaw (@irongeek_adc) once again amazed us at his speed-to-delivery of the videos being posted on his website and announced on Twitter.

You can view each of the presentation videos by clicking here!

Though I had every intention of participating in the XRG's Hack3rCon^4 Capture the Flag contest, I found myself desiring to spend more time in conversation and building relationships with those in attendance than I did to spend the conference with my head down in my laptop. I had such a great time hanging with @k0nsp1racy, @icbkr, @304geek, @irongeek_adc, @oncee, @cowboysfaninky, @johndegruyter, @kill9core, @hackhunger, @myddrn@johnschipp, @cptsexy@ragingotaku and many others, that I feel that I made the right decision. I even got the chance to catch up with my old buddy @ablinkin for a 20 mile bike ride, though I was unable to sway his attendance to the conference, we still had a great time! I do somewhat regret not challenging myself to see if I could overcome the odds in the competition, but I had an outright awesome time in conversation that couldn't be replicated anywhere else!

I did however try my hand at the Digital Trust LLC. (@digitaltrustllc), LockSport contest, and had an awesome time! Brian Martin (@icbkr) had a wide variety of locks available in the gambit as well as a few safes for the popping! His rigs were well put together, and you could tell that he had invested a lot of time and money into putting this competition together! 

The competition consisted of a select number of locks and safes, each having a point value assigned to them. Each participant was given 15 minutes on the clock, and points were awarded for each lock successfully picked within the time allotment. 

I was very fortunate to have ended up with the winning score, and was awarded with a certificate for training from Front Sight Firearms Training Institute! Now to find my way out to Nevada to take advantage of this opportunity!
Brian Martin with Digital Trust, LLC deserves an extra round of gratitude due to his generosity throughout the conference though. He not only put in all of the time, effort, and funding to put together such an awesome LockSport contest, he presented "Imaging A Skyscraper", but he also sponsored the Hacker Family Dinner (@hackerfamdinner) as well as the dinner for the party on Saturday evening! I hope that one day, I am in a position to show that level of appreciation to the community! Thank you Brian!

In conclusion, I had an outstanding time at Hack3rCon^4 this year and can't wait to see what 2014 holds in store for this potent little conference!

- c0ncealed
Posted by at No comments:

Hack3rCon^4 - Red Teaming Your Bug-Out Bag

I had the immense honor to present at this year's Hack3rCon^4 in Charleston, WV! Hack3rCon^4 is a conference very close to my heart that is put on by the #304Geeks. Being a native of West Virginia, I commend the #304Geeks with trying to make a difference in the area, and bringing an understanding that there is a living community of extremely technical and proficient information security people in this community! (@hack3rcon)
This year's Hack3rCon^4 slogan was "Eye Of The Storm" and while it primarily focused on information security, it was requested that prepper talks were also submitted. The talk that I submitted was entitled "Red Teaming Your Bug-Out Bag."
After reviewing the lineup of speakers on sched.org, I felt that my talk would most likely not fit in, and would be something that only a few of the attendees would suffer through. I even had discussions with Rob Dixon (@304geek), who heads up Hack3rCon^4 while at DerbyCon about switching up my talk. I was extremely surprised to see such a good number of the attendees made a point to stay in the room when I announced that there would be zero IT content within the talk. 

As the presentation started to progress, I was amazed and humbled that the content was being received so well and I could tell by the reactions of those in attendance that there was sincere interest in this subject. This gave me the encouragement that I needed to make the most of this opportunity! There were input and inquiries by the folks in attendance on several occasions, and it made for great discussion! The presentation ended up going a little longer than I had originally anticipated, but it didn't seem to scare anyone off. 

I was yet again surprised by the level of interest expressed by the folks that hung around to discuss the topic and ask questions after the presentation concluded. It humbled me that the talk that I felt would be a complete and utter flop was the source of so many conversations throughout the rest of the conference. I was yet again surprised by how many were inspired to put together their own kit, as well as those who stated that the presentation confirmed what they had in their current kits, or helped them understand what they need to do to make theirs more effective! 

The synopsis of the talk is this:
Part of prepping is having a plan to "Bug-Out", or survive by taking only what you can carry that should sustain life and aid in survival for at least 72 hours in the event of a disaster. As a red team member, having contingency plans is a requirement. You can not just create a primary plan and expect everything to run smoothly and according to that plan.

This talk will be centered around the physical contents and methodologies behind the selections of content for my personal bug-out bag. The beauty of it being put together by a Red Teamer is that I Try to break my selections as part of the planning to ensure that only the most rigorous, multi-functional, and light-weight items for the situation make it into my bag!



You can view the video recording of my presentation here, however Irongeek has done an amazing job of posting all of the Hack3rCon^4 videos here and I highly recommend going through them as there were so many amazing talks!

You can view the slide deck on SlideShare here.
You can access the Amazon.com shopping list of the main contents of my 72-hour bag here.
(Please note that smaller quantities may be desired, and that other venues may have the items for less. This was put together to make it easier to find these items.)
Firearm selection: Ruger 22/45 Mark III  /  CCI MiniMag 22LR 36 Grain Ammo
Lockpicks from FALE - I forgot to include lockpicks! A must have in urban environments!
You can download a Acrobat document outlining some of the items discussed within the presentation, as well as resources that are handy to have on a single sheet of paper here. (coming soon)

Since water purification is extremely important, and we covered a few of the options you may have to resort to in the presentation, I felt that I would post a few video links here for your review.
Boiling water in bamboo - https://www.youtube.com/watch?v=ogWkQYvDFns
Boiling water in a water bottle - https://www.youtube.com/watch?v=Kp0uk644PjM

I truly hope that this is a help to people when researching the subject of preparedness, and that in the unfortunate circumstances that may befall a disaster, that the information compiled can assist in your survival.

- c0ncealed

PS. I did notice that I had a mistype in the slide deck regarding 550 Paracord. There are 7 inner strands, not 5. I read directly from the slides and didn't catch this during the presentation, but it has been corrected in the slide deck.
I also forgot to mention medication during the recording. Please ensure that if you are reliant on medications, you have a stash of your medication allotted for your bag, and cycle it out as you refill prescriptions to prevent expiration. 

Posted by at No comments:

DerbyCon 3.0 - All In The Family


In reflection of DerbyCon 3.0, I am still in awe at the flawlessness by which this conference is executed! Dave Kennedy (@HackingDave) and his wife Erin (@MrsRel1k), along with Adrian Crenshaw (@Irongeek_adc), Martin Bos (@purehate_), and Nick Hitchcock (@nick8ch), put on one of the best conferences that an information security geek could ask for! They are backed by an outstanding crew of security individuals and volunteers that run like a well-oiled machine!


This year's conference slogan was "All In The Family", and once again, it completely lived up to its name! The shirt design says it all...
The purpose of the slogan and design was to enforce the fact that the Information Security community doesn't need to alienate any sect from attending. If we are going to fix the broken cycle of our industry, we need to band together, no matter if you're a White Hat, Agent, or Black Hat. We all learn from one another, and without any of the three, our industry's eco-system would be broken.

There was an AMAZING lineup of talented thought-leaders in the information security community both teaching as well as presenting. There were a total of 5 tracks running simultaneously, and never was there a time slot where I didn't feel the need to attend a talk! In fact, I couldn't attend many that I wanted to, due to the fact that some of the greatest talks were stacked against one another in order to allow for an even distribution of people across all of them.

There were so many amazing things during this conference that I could expound upon, but one of the most memorable pieces of this conference to me was being able to present at a conference that I hold in such high regard! I was extremely honored to be able to present with Adam Byers (@al14s) at this conference. Please check out our talk Rapid Assessment of Web Resources (RAWR) if you haven't done so already!

I was also extremely excited to spend some time with my High Hack Society crew! So many members of our group were presenting, I was very proud to be representing #HHS (@HighHackSociety) while on stage. It was great to finally meet several folks in person that I have not had the opportunity to meet yet!
Below is a list of HHS members that were in attendance, with links to those who were presenting:
(In no particular order)
@gl11tch - Learn To Be A Penetration Tester
@iampr1me - Put Me In Coach! How We Got Started In InfoSec
@fjhackettPut Me In Coach! How We Got Started In InfoSec & Why Your IT Bytes
@oncee - Building an Information Security Awareness Program From Scratch
@essobi - The Internet Of Things - Vulns, Botnets, & Detections
@hacktalkblog - Phishing Like The Pros
@c0ncealed - Rapid Assessment of Web Resources (RAWR)
@g0tmi1k
@_fmm
@spridel11
@xillwillx
@k0nsp1racy
@humanpr3y
As you can see... we rolled in deep! =P  Our brothers that couldn't make it were sorely missed.

Looking forward to next year already!

- c0ncealed


Posted by at No comments:

DerbyCon 3.0 - Rapid Assessment of Web Resources

Rapid Assessment of Web Resources (RAWR) is an automated tool capable of enumerating a network and bringing visibility to the web resources that lie therein. It not only finds them, but also takes screenshots and pulls as much data as it possibly can through the request. It extends to functions such as spidering, reverse DNS resolution, cookies, and pulling other information such as robots.txt for your review. The output is simple, structured data that can be easily visually skimmed as well as parsed.

I could go on and on about this tool, because it has saved me innumerable hours in enumeration and data collection on web resources, but I'll not submit you to that today. 

Adam Byers (@al14s), and myself were extremely honored to be able to present RAWR at DerbyCon 3.0 this year! DerbyCon has been one of my favorite InfoSec conferences since it's inception, and I can't put into words my thankfulness to the staff for not only considering us, but also allowing us to present in such an amazing time slot! This opportunity has allowed us a platform to communicate this tool to a large number of people who we hope are able to benefit from it as much as we have!


You can view the video recording of our presentation here, however Irongeek has done an amazing job of posting all of the DerbyCon 3.0 videos here and I highly recommend going through them as there were so many amazing talks!

You can view our slide deck on SlideShare here!
The videos that were embedded in the slide deck are on YouTube at the following links:
RAWR Installation / RAWR Scanning

To obtain a copy of RAWR, please visit our BitBucket repository.
https://bitbucket.org/al14s/rawr

Please let us know what you think! We would love to hear how RAWR has helped you, or how you could envision us improving the tool!

- c0ncealed
Posted by at No comments:

Sunday, October 20, 2013

Let's try this blogging thing again...

I held a blog for a while, and it suffered from my lack of time and consistency to commit. Over the course of this weekend, I have been asked over and over again where my blog might be located...
I hereby submit, and will give this thing another shot. :)
I hope to have some information posted soon, as I am currently at Hack3rCon^4 in Charleston, WV.

- c0ncealed
Posted by at No comments:
Subscribe to: Posts (Atom)