SkyDogCon 2015: Full Schedule

8:00am CDT

Registration Open

Friday October 23, 2015 8:00am - 8:00pm CDT
Front Lobby

SDC Operations

9:30am CDT

Opening Remarks

Speakers

SkyDog

Friday October 23, 2015 9:30am - 10:00am CDT
Track 1

Track 1

10:00am CDT

Multirotors for fun and hacking - Ron Foster

Have you ever wanted to build a multirotor? lets demystify it for you, it is not that hard and really fun.

Speakers

With over 15 years of IT experience with various platforms and technologies, I have tested both large and small enterprise applications. Cutting my teeth as a UNIX instructor for Sun Microsystems. I then went on to make a career out of breaking things, and I have been doing it ever... Read More →

Friday October 23, 2015 10:00am - 11:00am CDT
Track 1

Track 1

10:00am CDT

SDC CTF Opens

Friday October 23, 2015 10:00am - Sunday October 25, 2015 10:00am CDT
TBA

Contest / Event

Tags Activity, CTF

11:00am CDT

Keynote: From IT to Pentester - JP Dunning

Work in IT? Want to make a change? Pen-testing sound like a fun job? The key is to make your job work for you. Even outside of a technical job, your “hobbies” can be just as beneficial. Breaking into security as a professional can be a tough nut to crack. Luckily, we are just the type of people who love to break in.

This presentation will walk you through some of the advice I was given over the years. A lot of what works and what is not worth the stress, along with ways to work with you current positional to get into security as a professional. If you think this is an overwhelming task, your wrong. Everyone in infosec has their own story, and this presentation may help guide yours.

Speakers

JP Dunning - @r0wnin

JP Dunning “.ronin” is a security consultant and researcher. His main research interests include wireless, physical, and hardware security. He is the primary developer on Katana: Portable Multi-Boot Security Suite, SpoofTooph, BlueRanger, and other open projects. He also developed... Read More →

Friday October 23, 2015 11:00am - 12:00pm CDT
Track 1

Track 1

12:00pm CDT

Lunch Break

Friday October 23, 2015 12:00pm - 1:00pm CDT
TBA

SDC Operations

1:00pm CDT

Vulns in Hunter Exploit Kit - Paul Burbage

The Hunter Exploit Kit is available for purchase in underground forums making it easily attainable for miscreants conducting cybercrime campaigns. This talk will cover info on previous campaigns including its dropped malware, usage of the exploit kit, and vulnerabilities found in the PHP admin panel.

Speakers

Paul Burbage

Paul Burbage is an avid security network enthusiast with over 13 years of experience. He has a passion for breaking malware panels and disrupting the cybercrime ecosystem. Currently he works for PhishMe as a malware researcher.

Friday October 23, 2015 1:00pm - 2:00pm CDT
Track 1

Track 1

2:00pm CDT

Hacking Grain! - Jim Manley

Ever wondered what the difference is between “whisky” and “whiskey?” Or what makes bourbon different than Scotch? Or why does this whisky give me a hangover and that one doesn’t? This talk is a whirlwind tour of what whisky is, the science and art of how it is made, and how whiskies differ. We will also cover organoleptic analysis techniques that will allow you to break a whisky down and uncover the complexities of the aroma and flavor profiles. By the end of the session you’ll be equipped to confidently answer the “What would you like to drink?” question at that important client dinner or meeting with the boss with an answer other than “Red Bull® and vodka.”

Speakers

Jim Manley

Aged InfoSec practitioner who has spent 30+ years trying to keep bad people from stealing secrets. Part-time bourbon distillery worker who spends weekends educating the public on the wonders of whisky. Newly minted grad school professor shaping young minds by exposing them to life... Read More →

Friday October 23, 2015 2:00pm - 3:00pm CDT
Track 1

Track 1

3:00pm CDT

Everything You Know About Security Is a Lie - Curtis Koenig

Have you ever considered what it means to be secure? Is the concept of security a mental construct or is it something that is equally quantifiable across people? Several recent studies have shown disparity in the way experts and non-experts act with regards to how they view and act when presented with security choices. This talk seeks to examine how "Mostly Hairless Monkeys (MHM)" or Humans perceive and act with regards to "security".

Speakers

Curtis Koenig

Curtis has done security work for higher education, high tech, insurance and banking industries over the last 20 years. His experience spans network, physical, logical and software level activities. His favorite though is the mental and psychological aspects that affect not only security... Read More →

Friday October 23, 2015 3:00pm - 4:00pm CDT
Track 1

Track 1

4:00pm CDT

Scotty Moulton - Title TBD

Speakers

Nathan Maginez

Friday October 23, 2015 4:00pm - 5:00pm CDT
Track 1

Track 1

5:00pm CDT

Programmers, Players and Pain - Dr Scott

Dr. Scott, from the Weird Medicine Show, returns for a second time to discuss some of the common ailments affecting computer "over-users". He will discuss warning signs, prevention ideas, diagnostic exams and treatment options from an Integrative perspective. Dr. Scott has been practicing medicine for 14 years, and Dr. Steve's side kick for 7 years, lot's of experience and lots of great stories! If you have any specific questions you would like addressed but don't want to ask in public, send him an email prior to the conference.

Speakers

Dr. Scott

Friday October 23, 2015 5:00pm - 6:00pm CDT
Track 1

Track 1

6:00pm CDT

Keynote: Why are you here? - Jayson Street

TBD

Speakers

Jayson Street

Jayson E. Street is an author of “Dissecting the hack: The F0rb1dd3n Network” from Syngress. Also creator of http://dissectingthehack.com He has also spoken at DEFCON, DerbyCon, UCON and at several other ‘CONs and colleges on a variety of Information Security subjects. His life... Read More →

Friday October 23, 2015 6:00pm - 7:00pm CDT
Track 1

Track 1

7:00pm CDT

Dinner Break

Friday October 23, 2015 7:00pm - 9:00pm CDT
TBA

SDC Operations

9:00pm CDT

LoungeCON: SDC Cyber & Mystery Science Theater

Party scene not your thing? We've listened to your feedback and, for the first time, present Lounge CON! Come to the conference area to socialize & participate in "mini-events" that include Slideshow Roulette, Mystery Science Theater, Youtube Showdown, SDC Cyber Challenge, & more! We'll have free beer on tap, couches, and high powered HD audio/video systems for...well, whatever!

Got a project you want to get help with? Want to learn soldering, hack a piece of hardware, or take time to work on the SDC CTF? Its pretty much like "study hall" for hackers!

We'll also have the Gaming Village, Lockpick Village, and CTF open until the organizers spontaneously erupt in insanity due to lack of sleep!

Friday October 23, 2015 9:00pm - 11:00pm CDT
Track 1

Contest / Event

8:00am CDT

Registration Open

Saturday October 24, 2015 8:00am - 8:00pm CDT
Front Lobby

SDC Operations

10:00am CDT

How to Not Cheat on Your Spouse: What Ashley Madison Can Teach Us About OpSec - l0stkn0wledge

Embarrassed spouses everywhere are scurrying for excuses about their infidelity. This refresher will look at some lessons we can all take away on how to not get caught up in embarrassing situations.

Simple steps could have prevented lots of embarrassment and if you need to do something unavoidable you should take lessons from the mistakes of these unfortunate souls.

Speakers

Joey

Ten year security professional whose worked in certifications to penetration testing across a variety of industries, l0stkn0wledge provides his own skewed view of the world to any others who would bother to listen.

Saturday October 24, 2015 10:00am - 11:00am CDT
Track 1

Track 1

10:00am CDT

Fuzzing Basics - Scott M

Ever wanted to break software? You know you want to...it's fun! In this talk, I will share some tools & techniques that I have used to help improve software by breaking it.

Speakers

Scott M

Scott has worked in I/T for over 20 years, with roles in system admin, operations, and programming. Most of his time has been spent as an in-the-trenches programmer. Scott has worked for small businesses, global corporations, government entities, and has done some consulting on... Read More →

Saturday October 24, 2015 10:00am - 11:00am CDT
Track 2

Track 2

11:00am CDT

Hacking the Job Market: Socially Engineering Hiring - Josh More

There is a lot more skill in the security community than is reflected in the jobs we can get. Most people are limited not by technical skills or even soft skills necessary to do well in a new job, but because landing a job is a different skillset than keeping one. Thus, good people are stuck in dead end jobs while unethical incompetents bounce from job to job, increasing their profile and salary with each hop. It's time to change that.

Fortunately, while we live in a world where personal data is out of control, that applies to prospective employers as well as ourselves. It's time to turn the world's proliferation of data to our advantage. This presentation explains the job hunting process through a hacker's lens. It discusses why the most commonly followed models fail and how to better approach the search. It covers deciding to leave your current job, researching new possible job opportunities, targeting your new boss, controlling the job interview process and negotiating your new compensation and the departure from your current job.

Speakers

Josh More

https://www.eyrasecurity.com, Eyra Security

Josh has more than eighteen years of experience in security, IT, development and system and network administration. Currently, he runs Eyra Security, a security and business improvement consulting firm based in Minneapolis, MN. Josh holds several security and technical certifications and has served in a leadership position on several security-focused groups. He has written several books on I.T. and Information Security, with... Read More →

Saturday October 24, 2015 11:00am - 12:00pm CDT
Track 1

Track 1

11:00am CDT

The Doorman Project - Joel Hart

This talk discusses scenarios when being able to remotely administer firewall rules is advantageous, but keeping administrative services available to random source IP addresses is both dangerous and generates bad data points for auditors. This talk will discuss the concept of covert admin channels, such as port knocking, but expands them to use more robust communication channels, strong authentication, non-affiliated IP ranges, and small-footprint on-prem proxy services running on cheap commodity hardware (such as Raspberry Pi).

Speakers

Joel Hart

NSG has over 15 years in the InfoSec community providing various services, such as security training, pen-testing, social engineering, thinking about geeky things, and creating various automatons to perform various network and security tasks.

Saturday October 24, 2015 11:00am - 12:00pm CDT
Track 2

Track 2

12:00pm CDT

Lunch Break

Saturday October 24, 2015 12:00pm - 1:00pm CDT
TBA

SDC Operations

1:00pm CDT

x = x + 1; # Except when it doesn't - Redvers Davies

Remember the "good 'ol days" when rendering video took up 100% of your one CPU? Remember the "bad 'ol days" when the rendering took 100% of _one_ of your four CPUs?

The Laws of Physics have finally eaten Moore's law. In 10 years expect thousands of slower cores. As the number of cores scale, how do we build software that scales with it?

Speakers

Redvers Davies

Team Periwinkle during the day, code junkie at night.Happy when neck deep in massive data-streams looking for the shiny / indicators of compromise.Happier when learning new languages and finding new problems to solve.Happiest when reminiscing over a Pimm's No. 1 about being the prettier... Read More →

Saturday October 24, 2015 1:00pm - 2:00pm CDT
Track 1

Track 1

1:00pm CDT

Business Email Compromise: The Next Billion Dollar Problem - Mac

New social engineering techniques driven by business email compromise are costing businesses hundreds of millions of
dollars per year. Every business is a target and attack success rates are alarmingly high. These techniques are undetected
by antivirus, firewalls, IDS sensors and the email protections (SPF/DKIM). It’s essential that organizations
adopt the proper business procedures to validate the authenticity of any email communications used to initiate financial
transactions in order to avoid becoming the next victim.

Speakers

Donald McCarthy

Director, Field Operations, Open Source Context

I singlehandedly stopped every phishing email on the planet - for a time. But then people were starting to stop acting stupid, and I was getting bored not bing able to make fun of them. I have the best visibility into business email compromise on the planet (and the last part is... Read More →

Saturday October 24, 2015 1:00pm - 2:00pm CDT
Track 2

Track 2

1:00pm CDT

HAM Radio / License Exam

Saturday October 24, 2015 1:00pm - 3:00pm CDT
Downstairs Conference Room

Contest / Event

2:00pm CDT

TSA Luggage Locks: Details, Flaws & Making The Best Of A Bad Lock - IronGeek

Every lock picker knows that the TSA approved Travel Sentry/Safe Skies locks are garbage, but if you don’t want your normal checked bags to have its locks cut off, there are only so many options. While this knowledge is common to lock sport folks, the average traveler is mostly unaware of it. This talk will cover the 7 master keys used by the TSA, non-destructive attack methods to open the locks, efforts to reproduce the master keys by reverse engineering the locks, and what TSA approved locks are the best of a bad situation.

Speakers

Adrian Crenshaw

Irongeek

Adrian Crenshaw has worked in the IT industry for the last fifteen years. He runs the information security website Irongeek.com, which specializes in videos and articles that illustrate how to use various pen-testing and security tools. He did the cert chase for awhile (MCSE NT 4... Read More →

Saturday October 24, 2015 2:00pm - 3:00pm CDT
Track 1

Track 1

2:00pm CDT

Security Lessons Learned Sponsoring a Sex Addict - Sarah Clarke

What happens when someone in your home comes to you and asks you to help with their sex addiction? A tour through the technical and human issues that must be addressed to provide a solution, a compare and contrast to our larger infosec issues, and the results of the experiment.

Speakers

Sarah Clarke

infosec practitioner. housemate herder. keeper of the keys.

Saturday October 24, 2015 2:00pm - 3:00pm CDT
Track 2

Track 2

3:00pm CDT

Meaningful Measurement: Feeding the Cyber FUD Monster - Phat Hobbit

Fear, Uncertainty and Doubt (FUD) has become a staple in the cyber-attack measurement and reporting diet. Be it sensationalist and hyperbole-filled language, or the lack of any meaningful and consistent measurement methodology, the end result is the same: zero clarity concerning an already complex subject matter which serves to continue rather than counter the cyber-crime threat. The public discussion (via media reports) and business insight (through myriad methodologies of mis-measurement) need to be better framed if we as an industry are to truly confront the growing and increasingly expensive problem of cyber-crime. Who the criminals were is of less import than how they got in; compromise indicators are more valuable to other businesses than the financial cost to that particular victim. The measurement metric dial has moved too far towards attribution and needs to be reset to prevention and a business-based analysis of risk once more.

Speakers

Ian Trump

Ian Trump, CD, CPM, BA is an ITIL certified Information Technology (IT) consultant with 20 years of experience in IT security and information technology. As a project and operational resource, Ian has functioned as an IT business analyst, project coordinator and as a senior technical... Read More →

Saturday October 24, 2015 3:00pm - 4:00pm CDT
Track 1

Track 1

3:00pm CDT

The Politics of Security Failures - Tom Ruff

A light-hearted comparison of how laser beam focus can result in serious problems. In software, it usually leaves gaping security holes. In politics, it usually leaves gaping holes in my wallet (which I can now recover some of by fixing the gaping security holes in other people's software).

Speakers

Tom Ruff

15 years of software development in numerous languages including the super secure Java Platform.Spent more time in Operations than most doctors.Certified ScrumMaster yet have never played Rugby...but was a star in the Redneck Football League in years past including the rare "Passing... Read More →

Saturday October 24, 2015 3:00pm - 4:00pm CDT
Track 2

Track 2

4:00pm CDT

Hacking Web Apps - Brent White

Assessing the security posture of a web application is a common project for a penetration tester and a good skill for developers to know. In this talk, I'll go over the different stages of a web application pen test, from start to finish. We'll start with tools used during the discovery phase to utilize OSINT sources such as search engines, sub-domain brute-forcing and other methods to help you get a good idea of targets "footprint", all the way to tools used for fuzzing parameters to find potential SQL injection vulnerabilities. I'll also discuss pro-tips and tricks that I use while conducting a full application penetration assessment. After this talk, you should have a good understanding of what is needed as well as where to start on your journey to hacking web apps.

Speakers

Brent White

Brent is an Offensive Security Consultant at Solutionary--An NTT Group Security Company and has spoken at numerous security conferences, including ISSA International, B-Sides Nashville, CircleCityCon and DEF CON 22 & 23 and DerbyCon. He has held the role of Web/Project Manager and... Read More →

Saturday October 24, 2015 4:00pm - 5:00pm CDT
Track 1

Track 1

5:00pm CDT

Persistence Pays Off: A Brief History of APT Attacks - Alex Berta

Speakers

Alexander Berta

Saturday October 24, 2015 5:00pm - 6:00pm CDT
Track 1

Track 1

6:00pm CDT

Staring Into the Light - Josh Ruppe

When you think of someone performing a standard man in the middle attack, what do you picture in your head? A network tap on copper cables? Someone using a WiFi Pineapple? Well what if the data being intercepted is leaving your home or coffee shop? Would you feel safer if your data was inside an optical fiber? You shouldn't. Fiber optics are just as susceptible to tapping as any other method of communication. In my demo lab, I will show you how fiber optic tapping works, how to conceal a tapping setup and how to defend against such an attack.

Speakers

Josh Ruppe

Josh Ruppe has been working in information security for a little over a decade, and is currently working as a Security Engineer in Atlanta, GA. Josh's primary focus is on penetration testing, but also dabbles in web application security, cryptography and reverse engineering.

Saturday October 24, 2015 6:00pm - 7:00pm CDT
Track 1

Track 1

9:00pm CDT

Lounge CON: Slideshow Roulette, YouTube Showdown, CTF Cram Session

Party scene not your thing? We've listened to your feedback and, for the first time, present Lounge CON! Come to the conference area to socialize & participate in "mini-events" that include Slideshow Roulette, Mystery Science Theater, Youtube Showdown, SDC Cyber Challenge, CTF Cram Session, & more! We'll have free beer on tap, couches, and high powered HD audio/video systems for...well, whatever!

Got a project you want to get help with? Want to learn soldering, hack a piece of hardware, or take time to work on the SDC CTF? Its pretty much like "study hall" for hackers!

We'll also have the Gaming Village, Lockpick Village, and CTF open until the organizers spontaneously erupt in insanity due to lack of sleep!

Saturday October 24, 2015 9:00pm - 11:59pm CDT
Track 1

Contest / Event

Tags Event, Activity

10:00am CDT

Contests / Awards

Sunday October 25, 2015 10:00am - 10:30am CDT
Track 1

Contest / Event

10:30am CDT

CTF Recap & Walkthrough

James Bower will announce the winners of the #SDC5 capture-the-flag & do a walkthrough of the answers & discuss the design/approach of this year's competition. We want you to walk away with new ideas, skills, and ways to challenge yourself! We'll also take questions & feedback on your experience to improve for next year.

Sunday October 25, 2015 10:30am - 11:00am CDT
Track 1

Contest / Event

Tags CTF

11:00am CDT

Closing Remarks

Sunday October 25, 2015 11:00am - 11:30am CDT
Track 1

Contest / Event