8♠t♦♠♥♦ areas 0x7.pdf8 t areas this year the conference will have 5 different areas: *...

8♠T♦♠♥♦ Areas ♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠

This year the conference will have 5 different areas:

* LOC://SR - Track 1 - This is where the full-length talks are located. - There will rows of chairs with tables and rows without. - There will be some power and access to the tubes. - You can buy good food right outside this area. - You can buy good food right outside this area. 很抱歉，沒有酒了。

* LOC://IB - Track 2 - This is where the track 2 talks will be held. These are the turbo talks. - There will rows of chairs. - There will be some power and access to the tubes.

* LOC://SOUTH.LOFT - BarCon - There will be drinking in here. - There will be music and wubs. - There will be music and wubs. - There will be Lulz. - There will chairs and tables. - There will be power and access to the tubes. - There will be video games. - You do not have to STFU in here!

* LOC://NORTH.LOFT - Village - Table 0 - Workshop88 - Table 0 - Workshop88 - Table 1 - SANS Institute - Table 2 - Lock Pick Village - Table 3 - HACKER BREW CONTEST INFO/CHECK-IN/JUDGING - Table 4 - Hak4Kidz - Hacker Timeout! - Table 5 - Evolve Security - Table 6 - Illinois State University - Table 7 - Column Information Security - Table 7 - Column Information Security

* LOC://SKYHIGH - VIP - For the VIPs and Speakers there will be FREE hard drinks, a lunch buffet and an afternoon snacks. This area will be until 1 hour before close. - 這是所有瘋狂的和非法的狗屎將發生。 - Выпить все спиртное, взломать все вещи.

A1. Doha kv fvb zpa vu iba kvu'a ahrl dpao fvb?

A2. W u nyhiCcFl?oshkie

A3. 30-15-8-27 18-16-21-11 22-13 23-15-22-21-12 11-16-11 20-8-31-30-12-19-19 26-20-8-25-27 15-8-29-12?

6♥9♥♠♥♦ INDEX ♠♥♦♣♠♥♦♠♥♦♣♠♥♦♠♥♦♣♠♥♦♠♥♦♣♠♥♦♠♥♦♣♠♥♦♠♥♦♣♠♥♦♠♥♦♣♠♥♦♠| => ssh thotcon.orgWelcome to THOTCON 0x7 16.05.05-06 LTS (GNU/Linux 4.23.20-10-generic x86_64)| ~/THOTCON/0x7/ @ Chicago (user)| => ls -lahtotal 24

-rwxrwxrwx@ 1 thotcon staff 120K May 05 50:75 Page_01_Front.tc7-rwxrwxrwx@ 1 thotcon staff 120K May 05 50:75 Page_01_Front.tc7-rw-r--r--@ 1 thotcon staff 84K May 05 73:73 Page_02_Areas.map-rw-r--r--@ 1 thotcon staff 104K May 05 79:47 Page_03_Greetings.motd-rw-r--r--@ 1 thotcon staff 101K May 05 61:6c Page_04_Schedule_Thu.conf-rw-r--r--@ 1 thotcon staff 77K May 06 6f:72 Page_05_Schedule_Fri.conf-rw-r--r--@ 1 thotcon speak 97K May 05 65:4b Page_06_Keynotes_1.info-rw-r--r--@ 1 thotcon speak 110K May 05 69:73 Page_07_Keynotes_2.infodrwxr-xr-x 3 thotcon speak 119K May 05 73:79 Page_08_Full_Talks_1drwxr-xr-x 3 thotcon speak 119K May 05 73:79 Page_08_Full_Talks_1drwxr-xr-x 4 thotcon speak 105K May 05 53:75 Page_09_Full_Talks_2drwxr-xr-x 3 thotcon speak 116K May 05 7A:75 Page_10_Full_Talks_3drwxr-xr-x 3 thotcon speak 104K May 05 6B:69 Page_11_Full_Turbo_Talksdrwxr-xr-x 2 thotcon speak 116K May 05 48:6F Page_12_Turbo_Talks_1drwxr-xr-x 2 thotcon speak 104K May 05 6E:65 Page_13_Turbo_Talks_2drwxr-xr-x 3 thotcon speak 101K May 05 79:52 Page_14_Turbo_Talks_3drwxr-xr-x 3 thotcon speak 71K May 05 69:64 Page_15_Turbo_Talks_4drwxr-xr-x 3 thotcon speak 71K May 05 69:64 Page_15_Turbo_Talks_4drwxr-xr-x 3 thotcon speak 111K May 05 65:72 Page_16_Turbo_Talks_5drwxr-xr-x 4 thotcon speak 108K May 05 54:61 Page_17_Turbo_Talks_6drwxr-xr-x 2 thotcon speak 100K May 05 74:69 Page_18_Turbo_Talks_7---------- 1 thotcon staff 101K May XX 61:6E Page_19_Contests.pzldrwxr-xr-x 13 thotcon spons 110K May 06 61:52 Page_20_Sponsorsdrwxr-xr-x 13 thotcon staff 71K May 06 6F:6D Page_21_Sponsors---------- 1 thotcon staff 117K May 06 61:6E Page_22_¯\_(---------- 1 thotcon staff 117K May 06 61:6E Page_22_¯\_(ツ)_/¯---------- 1 thotcon staff 110K May 06 6F:76 Page_23 -> /dev/null-rw-r--r--@ 1 thotcon staff 120K May 06 61:2A Page_24_K_Thanks.bye

3♥3♦♠♥♦ GREETINGS ♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠My name is Con, THO7CON. Welcome to our Seventh (0x7) year.This year we have our talks shaken, not stirred. We begin each day with quality keynotes followed by an assortment of interesting talks. If you are bold enough, check out the different areas to learn something new. Want to earn a Gold Badge? Check out the puzzle and something new. Want to earn a Gold Badge? Check out the puzzle and other contests. The world is not enough. Please eat, drink, visit the village, and enjoy Chicago's Hacking Conference. Pass the good word on twitter (Hashtag #THOTCON). Please email your feedback at [email protected] so that we could bring you a better con next year.

~ The THOTCON Spies

3♣8♦♠♥♦ SCHEDULE ♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥

Thursday, May 5th, 2016

^^^ TRACK ONE / Первый Трек / 一軌 ^^^09:30AM - DOORS OPEN - CHECK-IN & GET YOUR BADGE / SHIRT, 喝一杯10:45AM - WELCOME.0 - "HELLO, 你好, Здравствуйте, ELHO" - c7five11:00AM - KEYNOTE.1 - "Attack of the Clichés" - Robert Graham12:00PM - TALK.1 - "Cleaning up Magical Crypto Fairy Dust" - unicornFurnace12:00PM - TALK.1 - "Cleaning up Magical Crypto Fairy Dust" - unicornFurnace01:00PM - TALK.2 - "OPSEC on the Darkweb" - Nick Espinoza & Zach Flom02:00PM - BREAK - 1 HOUR - DRINK BEER / EAT FOODS03:00PM - TALK.3 - "Privacy's Past, Present and Future" - Robert Lei04:00PM - KEYNOTE.2 - "35 Years of Cyberwar" - Cyber Squirrel 105:00PM - TALK.4 - "A map to the legal hack-back" - Natalie Vanatta06:00PM - TALK.5 - "Hack All the Candidates" - Jonathan Lampe07:00PM - TALK.6 - "Do and Donts of security disclosures" - Daniel Liber07:00PM - TALK.6 - "Do and Donts of security disclosures" - Daniel Liber08:00PM - DAY 1 CLOSING REMARKS08:10PM - SYS64738, 请回家^^^ TRACK 2 / Второй Трек / 二軌 ^^^12:00PM - TURBO.1 - "Sharing is Caring" - Alex Pinto12:30PM - TURBO.2 - "Overcoming Imposter Syndrome" - Jesika McEvoy01:00PM - TUBRO.3 - "You sunk my battleship!" - David Bryan01:30PM - TURBO.4 - "Phishing 2FA Systems" - JP Smith && Eric Hennenfent01:30PM - TURBO.4 - "Phishing 2FA Systems" - JP Smith && Eric Hennenfent02:00PM - TURBO.5 - "Fighting User Apathy and Indifference" - Chris Carlis02:30PM - TURBO.6 - "Prime Time Cyber Heists" - Jibran Ilyas03:00PM - TURBO.7 - "Don't be stupd on GitHub" - metacortex03:30PM - TURBO.8 - "Adult Coloring on the Internet" - Weiss && Eberhardt04:00PM - BREAK - GO SEE THE KEYNOTE - DRINK BEER / EAT FOODS05:00PM - TURBO.9 - "Improving mobile security" - Andrew Hoog05:30PM - TURBO.10 - "Social Untrust" - Vaagn Toukharian05:30PM - TURBO.10 - "Social Untrust" - Vaagn Toukharian06:00PM - TRACK 2 ./SHUTDOWN

08:30PM - RECOMMENDED MEETUP Northdown Chicago - 10% off w/ Badge Got any of them

Dead Drops?

S1. Where was my last dead

drop?

YOU SHOT ME!

2♦5♦♠♥♦ SCHEDULE ♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥

Friday, May 6th, 2016

^^^ TRACK ONE / Первый Трек / 一軌 ^^^09:30AM - DOORS OPEN 喝一杯10:45AM - WELCOME.1 - "HELLO, 你好, Здравствуйте, ELHO" - c7five11:00AM - KEYNOTE.3 - "Access Security Events" - Oberheide && Hanley12:00PM - TALK.7 - "Knox: Dealing with Secrets at Scale" - Devin Lundberg12:00PM - TALK.7 - "Knox: Dealing with Secrets at Scale" - Devin Lundberg01:00PM - TALK.8 - "Real solutions from real incidents" - Rogers && Ross02:00PM - TALK.9 - "The Complete ESP8266 Psionics Handbook" - Joel Sandin03:00PM - KEYNOTE.4 - "Crimeware 101" - Vyrus04:00PM - CONTEST RESULTS 04:30PM - DAY 2 - CLOSING REMARKS05:00PM - SYS64738, 请回家^^^ TRACK 2 / Второй Трек / ^^^ TRACK 2 / Второй Трек / 二軌 ^^^11:30PM - TURBO.11 - "Cyber Vulns of America's Pipe Lines" - Paul Vann12:00PM - TURBO.12 - "Corporate Espionage" - John Bambenek12:30PM - TURBO.13 - "Pushing the Boundaries" - Anita Nikolich1:00PM - TUBRO.14 - ""Deploying a Shadow Threat Intel Capability" - grecs1:30PM - TURBO.15 - "Abusing Linux Trust Relationships" - Ronnie Flathers02:30PM - TURBO.16 - "The Clean(ish) Cashout" - Benjamin Brown02:00PM - TURBO.17 - "Trend in Whitelisted Proxies" - Schmitt, Dyas && Valin02:00PM - TURBO.17 - "Trend in Whitelisted Proxies" - Schmitt, Dyas && Valin03:00PM - TRACK 2 ./SHUTDOWN

08:30PM - THOTCON 0X7 AFTERPARTY * - DRINKS://localhost**

Featuring: - Local Craft Beer- Great Food- Music by I Fight Dragons!

* Must be >=21 to attended.* Must be >=21 to attended.* Must wear clothes. ** Located at conference venue.** THOTCON 0x7 Badge required for admission.

Midnight - AFTER AFTER PARTY - Jaku's Tesla Drunk Frunk Watch Twitter #THOTCON

Three spies, two are suspected to be double agents.

Each responded when questioned:

Jaku: "Sakebomb is a mole." Sakebomb: "C7five is a mole." C7five: "Sakebomb is lying."If moles lie, and good agents tell the truth,

who is the good agent? (Answer is OTP for LS5SCYXb=)who is the good agent? (Answer is OTP for LS5SCYXb=)

J♠Q♠♠♥♦ SPEAKERS ♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦

♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠

Keynotes (50 Minute)

Robert Graham: "Attack of the Clichés"Abstract: Abstract: Increasingly, it appears that infosec professionals are being abducted by aliens and replaced with Markov chain bots -- programs that simply string together

stock phrases. Consider that person on the other end of the long conference call,

trying to justify another layer of anti-virus, because "defense in depth". How do we

know it's an actual person? They haven't said anything original in the 30 minutes

they've been talking. Indeed, where do these clichés even come from? Who was the

first to apply "defense in depth" to infosec in the first place? What does it even

mean? This iconoclastic talk explores these clichés, not debating whether they are mean? This iconoclastic talk explores these clichés, not debating whether they are

right or wrong, but how they've lost all meaning. The goal is to prove we are

humans, able to discuss a concept without resorting to these clichés.

Bio: Created:[BlackICE,IPS,sidejacking,masscan]. Doing:[blog,code,cyber-rights,In-ternet-scanning]. Unethical coder, according to the EFF.

Cyber Squirrel 1: "35 Years of Cyberwar: The Squirrels are Winning"Abstract: Despite years and years of rhetoric concerning the weaknesses in the elec-tronic defenses of the power grid there has yet to be one long term power outage di-

rectly caused by a cyber attack. Policy makers are routinely warning about the risk

to the electric grid and yet there are no confirmed power outages caused by a cyber

attack. While cyber attacks have not yet taken out the power squirrels have, hun-

dreds of times a year. This talk will examine previous claims of infrastructure

cyber attacks such as the Brazil blackout, Turkish pipeline explosion, German steel

plant blast furnace and the recent power outage in the Ukraine among others. We will

also examine decades of confirmed attacks by squirrels, birds, snakes, and other an-

imals. We will breakdown our meticulously gathered data of cyber squirrel attacks by

country, number of people impacted and length of outages and compare that with the

same data caused by cyber attack. #cyberwar4ever

Bio: Chief Intelligence Minister for the Cyber Squirrel militia

Jon Oberheide && Michael Hanley: "Extrapolating from Billions of Access Security Events"Abstract:Abstract: At Duo, we see billions of authentication and access events each year from tens of thousands of customers across diverse user and device populations. "BIG

DATA", or whatever the cool kids are calling it these days. We'd like to share some

of that data with you, since tiny hard-to-read graphs and pie charts make for super

compelling presentations. Spoiler alert: Everything is broken and vulnerable. But

we'll keep our glasses half full and opine on how we, as an industry and practi-

tioners, can and should be doing better. The future of security is bright...but it's

still five years of breach headlines away.still five years of breach headlines away.

Bio: jono = cto @ duo, mhanley = labs @ duo

9♠8♣♠♥♦ SPEAKERS ♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦

♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠

Keynotes continued (50 Minute)

Vyrus: “Crimewave 101“Abstract: Abstract: What is “crimeware”? Crimeware is software designed exclusively to commit crime. Usually (but not always), crimeware is written using very poor “best practic-

es”, and yet, is typically highly effective against its intended targets (despite

the efforts of “information security professionals”). Why? Because most “Information

security professionals” are not tasked with preventing the types of crime that most

crimeware is designed to commit. Most crimeware is designed to commit theft (usually

of money), and most theft is not done by exotic criminals with fancy gadgets and

well funded backers or look like anything out an Oceans 11 scene. Most crime is done well funded backers or look like anything out an Oceans 11 scene. Most crime is done

by desperate and or opportunistic people in order to acquire wealth as fast as pos-

sible. Which is why it usually is done with a crow bar and a ski mask rather than

some lockpicks, a proxmark, or a laptop. Within this nexus between the reality of

crime and the ill compared seductiveness of “espionage” is where our story “and this

presentation” begins…

Bio: Vyrus is some guy who for some unholy reason enjoys researching the efficacies of subjectively elegant crime (hypothetical or otherwise). Since the only method of

conducting research on crime from a first hand perspective is to commit crime(s), he

does not admit to ever having been directly or indirectly involved in the commitment

of such crimes, or, associating with any known criminals. And since the only people

who DO admit to such things are either now or have at one time been found guilty by

a criminal justice system, he advises you to not trust anything anybody has to say

on the matter who chooses to discuss such things without provocation (including himon the matter who chooses to discuss such things without provocation (including him-

self) and instead compare his presented research to that of your own material

(should you so allegedly choose to do so).

??

A♦3♠♠♥♦ SPEAKERS ♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦

♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠

FULL Length (50 Minute)Daniel "unicornFurnace" Crowley - "Cleaning up Magical Crypto Fairy Dust with Cryptanalib and FeatherDuster"Abstract: Abstract: The gap between academic development of cryptanalysis techniques and their practical application is wide. The application security community was in awe in 2010

when Duong and Rizzo were able to apply Vaudenay's 2002 padding oracle attack tech-

nique to not one but three major frameworks, ASP.NET, Ruby on Rails, and Java Server

Faces. There are various tools being developed for certain applications of these

attacks, but they tend to implement at most a handful of different attacks. One of

the difficulties is that flawed cryptography can exist in lots of different kinds of

technologies; cryptography can exist in pretty much any place normal data can! As a

result, performing practical cryptographic attacks often requires writing your own

custom tool. This can be beyond the scope of a pen test due to time restrictions. It

may also be beyond the skill of a tester to implement a given attack. Enter

Cryptanalib: A library implementing various crypto attacks to make writing crypto Cryptanalib: A library implementing various crypto attacks to make writing crypto

attack tools easier! But how do you use it if you can't write code? Enter Feather-

Duster: A modular, wizard-like interface to make using cryptanalib as simple as pos-

sible, sometimes even requiring the user to write no code whatsoever! This talk will

discuss some common cryptographic mistakes and show how to use Cryptanalib and Feat-

herDuster to exploit them.

Bio: Daniel works in infosec since 2004, is the author of the Magical Code Injection Rainbow, and denies all allegations of unicorn smuggling.

still five years of breach headlines away.

Natalie Vanatta - "ARRR Maties! A map to the legal hack-back"Abstract:Abstract: Defense of the nation (and by extension its citizens) is the only task that the Constitution tells the federal government that it must do. All other powers

are just authorizations that the government can choose to use. But, what happens

when the government is ill-equipped to handle the defense? Today, we are bombarded

by both nation-state and non-state actors operating within cyberspace with the goal

to steal our property, harm our livelihoods, and destroy our way of life. In the

early days of the nation, we faced a similar dilemma on the high seas which resulted

in the issuance of letters of marquis and reprisal to private citizens and in the issuance of letters of marquis and reprisal to private citizens and

corporations. At the time, our government could not field and maintain a naval force

that could defend the nation and its citizens. This talk will draw parallels between

the nation’s situation then and our situation today with respect to cyber security.

Utilizing legal statues and lessons learned over the last two hundred years, I will

propose a methodology that enables private groups to petition for the right to

become privateers and “hack back” their foreign attackers.

Bio: Natalie Vanatta is an Army Cyber Officer currently exploring the cybersecurity challenges facing the Army 5-10 years in the future.

Robert Lei - "Privacy's Past, Present and Future"Abstract:Abstract: I believe in privacy not paranoia. Come join me on an adventure through the history of privacy violations and legal/illegal abuses in the United States over

the past few hundred years. Let us reflect on current topics of privacy abuses and

make some educated guesses on the potential future of privacy and the concept of

privacy throughout the world.

Bio: Robert hails from California and has been a part of the infosec scene since 2000, he loves privacy, security, and good beer.

7♣4♥♠♥♦ SPEAKERS ♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦

♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠

FULL Length (50 Minute)

Nick Espinoza && Zach Flom - "OPSEC on the Darkweb: The good, the bad and the ugly"Abstract: Abstract: Recorded Future analysts have analyzed how the dark web (TOR) is being used for the good, the bad, and the ugly. We focus on a few use cases: *Threat actors and their poor OPSEC across open/deep/dark web *Specific market places and poor obfuscation and configuration of services *Uniquely identifying data points for hidden services *How and where hidden sites/services are commonly flagged on the open Web *A discussion of what might be a good use of TOR (social dissent), bad (child exploitation), and ugly (focus on data around terror support networks) We leverage open source collections and analysis tools, custom network scanning tools, leverage open source collections and analysis tools, custom network scanning tools, and private sources in our research.Bio: NJE and Zach Flom are Threat Intelligence Analysts at Recorded Future. Flom and Espinoza have supported the DoD and IC as analysts.

Jonathan Lampe - "Hack All the Candidates"Abstract: For the past 18 months, Jonathan Lampe has been explaining how IT security professionals can use their skills to get a idea of how secure another party is - without actually hacking them. With the 2016 presidential campaign in full swing, Lampe applied these techniques to the web sites of 17 different candidates and came away with some surprising results, including the fact that most of the candidates he surveyed published a full list of all their usernames! This presentation dives into the technical details of Lampe's analysis and allows attendees to discuss where they would draw the line between ""observing very closely"" and outright hacking. A live would draw the line between ""observing very closely"" and outright hacking. A live demonstration of typical candidate site reconnaissance is expected as we look at the current security profile of candidates today.Bio: Lampe has been in software and IT security since 2001. He runs Security Awareness for the InfoSec Institute and is a frequent author.

Daniel Liber - "Security ResPWNses - Do and Donts of security disclosures"Abstract: In the modern era, breaches have become (unfortunately) a matter of daily news. The recent events show that the probability of becomes higher and higher, as the attacks are becoming more sophisticated and targeted. Unfortunately, the incident response processes are still focused on IT and network breaches rather than looking at the entire range of security incidents that grew rapidly with the introduction of new technologies, concepts and platform. In this lecture we will go introduction of new technologies, concepts and platform. In this lecture we will go over the classification of 'new era' security breaches and try to understand better how they differ from classic ones, along with analyzing the current frameworks of handling them (and pointing out the obvious gaps). Also, we will cover examples from the past year regarding bad practices of incident responses and learn the basic concepts that should be covered in the 'customer facing' incident response. Lastly, concepts that should be covered in the 'customer facing' incident response. Lastly, we will offer some guidance on what tools are available for lightweight operational incident response and how can one utilize them in order to improve the reply and act for each incident or disclosure.Bio: Security manager/researcher, community enthusiast, curious by nature and spends most of his time learning what else can go wrong.

4♣5♥♠♥♦ SPEAKERS ♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦

♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠

FULL Length (50 Minute)

Jordan Rogers && Guillaume Ross -

"Real solutions from real incidents: save money and your job!"

Abstract: Abstract: This talk will cover scenarios from real incidents and how simple solu-

tions that are very cost effective can be used to prevent them from occurring. * A

scenario based on real incidents will be presented. * The typical state of security

in enterprise will be presented. * Specific gaps that allowed the incident to occur

and for data to be exfiltrated will be scrutinized. For each observation, a review

of how enterprises are protecting themselves, successfully or not, as well as what

can be done to potentially prevent the incident from occurring in the first place

will be performed. The presentation will conclude with a discussion on the imporwill be performed. The presentation will conclude with a discussion on the impor-

tance of incident response lessons learned being leveraged to further guide deci-

sions related to security program development.

Bio: Jordan and Guillaume are senior consultants at Rapid7. Guillaume focuses on se-

curity programs, and Jordan on incident response.

Joel Sandin -

"The Complete ESP8266 Psionics Handbook"

Abstract: The ESP8266 SoC has fast become a hugely popular platform for developing

IoT applications. The reasons for this are obvious: it's affordable, provides wire-

less connectivity, comes in a small form factor, and includes a fully-featured Ten-

silica lx106 core onboard powerful enough to run fully-featured embedded operating

systems. The manufacturer, Espressif, also provides an SDK, a port of FreeRTOS, and

a cloud-backed IOT platform for embedded devices. A new generation of developers are

flocking to the ESP8266 and being introduced to C and systems programming in the

process. But few realize that beneath the veneer of accessibility lurks a Pandora's

box of perils straight out of the 90s... This talk will focus on exploiting memory

corruption vulnerabilities for platforms hosted on the ESP8266. We will provide an

overview of the Tensilica lx106 core, cover testing and development workflow, and

use real bugs to motivate a discussion of internals of multiple platforms including

the Espressif IOT Platform based on FreeRTOS and NodeMCU firmware core. This

research is based on experience code reviewing, fuzzing, and developing attacks

against both vendor SDKs and open-source libraries for this hardware. Attendees will

understand the risks facing users of this new class of devices. Pentesters will

learn how to review applications built for this hardware platform and determine the

impact of bugs they identify. Defensive security practitioners will get an inside

look at attacks against software written for the ESP8266.

Bio: Bio: Joel works as an independent security researcher and has recently focused on

security in embedded systems.

JKR7♥♠♥ SPEAKERS ♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥

♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠

FULL Length continued (50 Minute)

Devin Lundberg - "Knox: Dealing with Secrets at Scale"Abstract: Abstract: Key management is a fundamental piece of security infrastructure. As companies scale, the number of different API secrets, cryptographic keys, passwords, and other secrets values grow at an increased rate. These secrets need to be stored in a way that provides confidentiality and integrity, and that developers can understand and use. Additionally, in any organization, po-tential breaches will happen and secrets will need to be changed and rotated, but mechanisms for supporting proper cryptographic rotation (such as that built into keyczar) are unsupported. Knox is the first open source project built into keyczar) are unsupported. Knox is the first open source project that combines these two important pieces of functionality into one system. It also provides strong operationability, as well as ease of use for developers. During the presentation we will compare to existing solutions for storing keys/secrets including Vault and Keywhiz. Knox is a service built by and used at Pinterest. Knox provides confidentiality and integrity for secrets and fits into a micro service systems architecture. It also provides important best practices for handling failure such as rotation capabilities for all keys and practices for handling failure such as rotation capabilities for all keys and better operationability features. Knox will be open-sourced in early 2016.Bio: Application Security Engineer @ Pinterest. Previously researched aircraft security @ UCSD. Contributor to keyczar.

TURBO Talks (25 Minute)

David Bryan - “You sunk my battleship!”Abstract: This talk will cover breaking out of a Docker container, and other fun things that you can do to crack a docker instance, and the VM that the docker instance is running on.Bio: Bio: David Bryan has been in the information security industry for over 16 years. He has presented research at Black Hat, DEF CON, THOTCON, and many others. David also volunteers at DEF CON, supports the local DC612 Group, and is part of the board for Thotcon (a hackers conference based in Chicago). When he's not working, he is building a local WirelessISP, welding, biking, gardening, or enjoying a beer.

metacortex - "Don't be stupd on GitHub"Abstract: Abstract: You may be surprised (you probably shouldn't) at all of the sensi-tive information people put on GitHub. If you look, you can find everything from database passwords, RSA private keys, and even unix shadow files. Not only will I show you how to find all this awesome data but I will show you how to harvest as much of it as possible as well as some password analysis on the passwords that were found.Bio: Currently a native of SLC and founder of the 801 Labs hacker space as well as responsible for reviving the local DEF CON group, DC801.

T♥8♥♠♥♦ SPEAKERS ♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦

♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠

TURBO Talks Continued (25 Minute)

octalpus (Jesika McEvoy) -

"Overcoming Imposter Syndrome (even if you’re totally faking it)"

Abstract: Imposter Syndrome has been oft discussed in the context of gender or

other minorities and mentoring, but these discussions have left out the

greater truth – nearly everyone in the infosec community experiences this

phenomenon. This talk is designed to approach the topic from a broader phenomenon. This talk is designed to approach the topic from a broader

perspective. It will contain tips on not only overcoming this ourselves, but

how to use this confidence to be a mentor and role model to others. This talk

highlights the challenge current and emerging researchers encounter – feeling

supported in pursuing a research path and speaking authoritatively when the

cutting edge nature of infosec is counterproductive to building confidence in

your own expertise. If we want to continue to be a research-focused

community, we need to address some of the underlying issues that are community, we need to address some of the underlying issues that are

contributing to the stagnation and drain of the brain trust.

Bio: Ninja, brewer, snowboarder, noiser, and an expert at faking expertise.

Chris Carlis -

"Securitygenic: Fighting User Apathy and Indifference"

Abstract: We, as information security professionals, are not good at

convincing people to care about information security. We may be passionate, convincing people to care about information security. We may be passionate,

intelligent, and dedicated in the pursuit of defending our organizations but,

when it comes to motivating our co-workers to employ even the most basic of

security measures, our efforts often fall flat. Motivating people is a problem

that often does not align well with our core skillsets. Yet, as attackers

today look to compromise organizations, social engineering attacks against

employees are an increasingly attractive option. In this talk we look at a

expanding our usual methods of user education and leveraging non-conventional expanding our usual methods of user education and leveraging non-conventional

resources to amplify and increase the lasting effectiveness of information

security training. Enlisting the help of individuals with the training,

experience, and understanding in what is needed to motivate a largely

apathetic base into incorporating better security behavior into their everyday

lives. Our information security programs need Marketing. We will discuss some

the benefits of incorporating marketing into your security program. We will

cover some of the political, business, and interpersonal challenges that may

arise and strategies for overcoming them. Finally we will discuss methods of

popularizing this practice outside out individual organizations.

Bio: Chris Carlis, a Dell SecureWorks Red Team member, enjoys grassroots

InfoSec communities & investigating finer points of Impostor Syndrome.InfoSec communities & investigating finer points of Impostor Syndrome.

Q♦Q♣♠♥♦ SPEAKERS ♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦

♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠


Rob Weiss && John Eberhardt -

"Playing with Pictures: Adult Coloring on the Internet"

Abstract: Abstract: We approach analytics as an extension of the human brain, rather than trying to make the analytics behave more like a human. We want to “see” abstract data and open the way to gamification of network operations, such as the crowdsourcing network defense. At THOTCON 0x6 we provided a discussion and demo of our immersive network data visualization concept with five open-source components: i) an open source sensor, ii) an open source streaming ingest engine, iii) a curation layer that uses a pluggable Python library, iv) a construct that creates a visual language of networking to interface the construct that creates a visual language of networking to interface the platform and other services, and v) a set of visualizations that provide immersive, intuitive visuals of the data. Since THOTCON 0x6, we have focused on developing the analytics, visualization library, sensor tools, and the user framework to make the system simpler, easier to deploy, and easier to play with and use the tools. We will present and demo: 1. An overview of our approach, conceptual and physical architecture 2. We would demo the platform live in our talk and then be around to help folks play with itBio: Rob Weiss is a senior systems engineer with 24+ years experience; John Eberhardt is a Data Scientist with 20+ years experience.

Paul Vann -

"Cyber Vulnerabilities of America's Pipe Lines"

Abstract:Abstract: This is Paul Vann(the younger one from Schmoocon) and I just wanted to let you know that I have decided my topic for Thot Con. My topic will be the Cyber Vulnerabilities of America's Pipe Lines. I will be talking about the vulnerabilities in the pipe line systems and how unethical hackers are attack-ing them. I will also be explaining what the potential hacker could do the system and how he could affect it. I am going to have my grandpa who has worked in the pipe line and gas system his whole life explain how the pipe line system's technology has evolved, and I can use this information to exline system's technology has evolved, and I can use this information to ex-plain to the audience how over the years the pipe line system has become more susceptible to cyber attack. I hope this is a topic you will decide is worth sharing at Thot Con and would love to get any feedback back.Bio: Son of a security guy

T♣5♠♠♥♦ SPEAKERS ♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦

♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠


JP Smith && Eric Hennenfent - "Turning Credential Harvesting Into Credential Clearcutting: Phishing 2FA Systems"Abstract: Abstract: Two-factor authentication is being touted by many as the "next big thing" in security, and as such is increasingly being adopted by enterprises. Of course, as with any highly-hyped security technology, there exist numerous flaws, and even the most mature implementations can be bypassed. The first half of this talk goes over the design, implementation, and effectiveness of a credential harvester the authors built that steals both username-password pairs and two-factor authentication tokens. The second half focuses on practically mitigating attacks like these, and provides suggestions and practically mitigating attacks like these, and provides suggestions and guidance for people currently rolling out two-factor authentication to avoid and detect this kind of attack in their environments.Bio: JP and Eric are hackers at UIUC who enjoy programming things. If their combined exploits fit in 140 characters, they'd be pretty sad

Jibran Ilyas - "Prime Time Cyber Heists – Reporting from the Trenches!"Abstract: Abstract: In this era of Advanced Persistent Threats (APT), organizations have increased spending on IT security, but for the most part, it has not proven to be fully effective against sophisticated attacks. In the recent past, we have witnessed large data breaches at major companies causing the loss of Intellectual Property or consumer PII (Personally Identifiable Information). As the Security Program matures for high profile companies, the motivated attackers also adjust their Techniques, Tactics and Procedures (TTPs) for the attackers also adjust their Techniques, Tactics and Procedures (TTPs) for the perfect heist. This session will contain a case study of a data breach where attackers didn’t find the need of malware for persistent communication channel, and used WMI and Powershell to carry out a successful data extraction channel, and used WMI and Powershell to carry out a successful data extraction mission. The lessons learned from the trenches as the lead investigator of several high profile breaches will be shared in this session, which shall result in actionable takeaways to improve the security posture and response capabilities of your organization. A live demo will also be shown to illustrate the new age attacks.Bio: Jibran Ilyas is a Director of Global Incident Response at Stroz Friedberg. He leads the development of Threat Hunting capabilities, mainly the Friedberg. He leads the development of Threat Hunting capabilities, mainly the hunt for Advanced Persistent Threats (APT) and Point of Sale (POS) adversaries. He contributes to the innovation in incident response methodology adversaries. He contributes to the innovation in incident response methodology and the development of in-house tools to improve efficiency. He serves as one of the firm’s investigative leads for high profile data breaches and leverages the experience in the field to the benefit of organizations seeking proactive risk assessments. Jibran is also an Adjunct Faculty at Northwestern University teaching their first ever Digital Forensics course.

K♠K♦♠♥♦ SPEAKERS ♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦

♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠


Ronnie Flathers - "Abusing Linux Trust Relationships: Authentication Back Alleys and Forgotten Features"Abstract: Passwords are weak, and generally speaking, the less a company relies on them, the better. Instead of using password authentication for multiple services and sending passwords (or hashes) all over the network, companies have started trying to adopt more password-less authentication companies have started trying to adopt more password-less authentication mechanisms to secure their infrastructure. From SSH bastion hosts to Kerberos and 2FA, there are many controls that attempt to limit attacker mobility in the event that a single account or password is compromised. This session will be a ""walking tour"" of bypass techniques that allow a small compromise to pivot widely and undetectably across a network using and abusing built in authentication features and common tools. Starting with a simple compromise of authentication features and common tools. Starting with a simple compromise of an unprivileged account (e.g. through phishing), this session will discuss techniques that pentesters and attackers use to gain footholds in networks and abuse trust relationships in shared computing resources and ""jumphosts"".Bio: Ronnie is a Sr. Security Consultant with Cisco Advisory Services (formally Neohapsis) where he gets paid to break into networks and apps.

Andrew Hoog - "Improving mobile security with forensics, app analysis and big data"Abstract: The velocity of change in the mobile ecosystem requires a new techniques to secure mobile devices. This talk will explain how we can address this challenge by combining global data from mobile devices and app store metadata with static, forensic and dynamic app analysis to create a powerful, data-centric approach to mobile security.Bio: Bio: Andrew Hoog is a mobile security researcher, expert witness and the CEO and co-founder of NowSecure.

Vaagn Toukharian - "Social Untrust"Abstract:Abstract: Value of the information is stressed enough in concerns of the modern technocrat society. Information sometimes is equal to money, or there is some indirect connection between these to elements. The talk is going to talk about the new type of value that information can represent and aspects of loss or alterations of that information. New types of values are those that just appeared with technology and may not be connected to real vales, e.g. ePride, eFitness, eEducation. Sites like DigitalEpo are examples of the new hackery that is happening. We have a concept of an even better tool for that hackery that is happening. We have a concept of an even better tool for that purpose, which makes you the king of the mountain on hill of your choice, instantly. People are faking virtual achievements that may eventually destroy the value of the system overall. The talk is going to present an analysis of other eValue systems, and the dangers those face.Bio: Principal Engineer for Qualys's Web Application Scanner. He also helps to run OWASP Armenia chapter.

2♥6♣♠♥♦ SPEAKERS ♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦

♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠


John Bambenek - "Corporate Espionage Without the Hassle of Committing Felonies"Abstract: Pentesters and corporate spies alike have a desire to get their hands on the secret information of their corporate targets. Normally this involves recruiting and turning insiders, social engineering or intrusions involves recruiting and turning insiders, social engineering or intrusions into corporate networks. The reality is that a good deal of information is already lying around in the open available for the taking if the hunter knows where to look. This talk will highlight new techniques of passively mining security data (such as repositories like VirusTotal) to uncover sensitive documents, private encryption keys, security configurations and proprietary code on the target. As an example, by running a simple yara rule it was trivial to retrieve over 10,000 private ssh keys. This talk will cover the trivial to retrieve over 10,000 private ssh keys. This talk will cover the hunting techniques to retrieve this data as well as sensitive documents that can be immediately weaponized for a penetration test or for monitoring competitors.Bio: John Bambenek is a Sr. Threat Analyst at Fidelis Cybersecurity and runs several private intelligence groups.

Parker Schmitt, Matt Dyas & John Valin - "A Major New Trend in the Enterprise is Whitelisted Proxies"Abstract: Enterprises (and by enterprise we mean large companies, not java) love their perimeter because, well, let’s face it, everything’s broken inside. However they still want their employees to have internet access as it is critical but they have a flat network. The current trend is whitelisting all critical but they have a flat network. The current trend is whitelisting all traffic and doing an SSL Man-In-The-Middle. Our goal is to show that that does absolutely nothing by exfilling through commonly whitelisted platforms and using steganography to hide all the data. We have written tools that allow covert communication through youtube and twitter to establish a reverse shell. Using the steganography from the exfil toolkit (which will be released under the GPL) we will incorporate steganography into youtube comments so that even with ssl decryption it just looks like a drunk youtube commenter. With with ssl decryption it just looks like a drunk youtube commenter. With twitter there is text stego but also images can contain steganography. We will also discuss polymorphism in stego algorithms to evade heuristics.Bio: Matthew is a student at the Illinois Math and Science Academy. He likes red-teaming and participating in CTFs, and he has somehow managed to stay out of trouble so far. In addition to breaking things, he likes making things that fly as well. John enjoys Security and is currently studying at Illinois Mathematics and Science Academy. When he gets free time from the academic rigour of IMSA, his other interests include triathlons, building and flying drones, the drums and video games. Parker was the guy who nearly hit you with a drone at thotcon for the past couple years. He also likes fun ways to defeat blinky boxes.

T♠JKR♠♥ SPEAKERS ♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥

♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠


grecs -

"Deploying a Shadow Threat Intel Capability:

Understanding YOUR Adversaries without Expensive Security Tools"

Abstract: In the presentation that threat intel vendors do not want you to see, open source and internal data meets home grown resources to produce actionable threat intelligence that your organization can leverage to stop the actionable threat intelligence that your organization can leverage to stop the bad guys. This presentation discusses and shows examples of using what your already have to bootstrap this capability using existing data management platforms with open and flexible schemas to ease identification of advanced platforms with open and flexible schemas to ease identification of advanced threats. Specific topics covered include the advantages of using open and flexible platforms that can be molded into a data repository, a case tracking system, an indicator database, and more. By analyzing this data organizations can discovery trends across attacks that help them understand their adversaries. An example nosql schema will be release to help attendees create their own implementations.Bio: Bio: grecs has two decades of industry experience, undergraduate & graduate engineering degrees, and a really well known security certification.

Benjamin Brown -

"Mo Money Mo Problems: The Clean(ish) Cashout"

Abstract: Abstract: The hardest part of cybercrime is the cashout. The strategy for cashing out needs to be easy enough to make it worth your while and safe enough to stay out of the klink. With more and more focus on identifying and stopping credit card fraud cybercrooks are diversifying their methods for cashing out. While criminals can, and do, sell whole and bundled online retailer accounts, credit card data, and fullz, I want to look at how they get retailer accounts, credit card data, and fullz, I want to look at how they get their grubby paws on that cold hard cash. Lets dig into the tools, techniques, and procedures used by this new generation of e-launderers and cyber hustlers. The Real-Real? Understanding the lifecycle of a financially motivated cybercrime is an important part of successfully and efficiently defending against them. When we have insight into the tools, techniques, procedures, motivations, methods, and ecosystems driving these attacks we are afforded the motivations, methods, and ecosystems driving these attacks we are afforded the opportunity to build defense in depth that specifically targets the weaknesses and load-bearing assumptions of the attackers. This talk is not a general hand-waving at the topic of ""cybercrime"", but instead an in-depth exposition showing currently active tools and methods, non-public case study information, and defense tactics that are actively and successfully being employed right now.Bio: Bio: Benjamin currently computers on the darknets and holds like at least 7 darkwebz.

Q♥K♥♠♥♦ SPEAKERS ♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦

♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠


Anita Nikolich - "Cybersecurity Research: Pushing the Boundaries"

Abstract: Abstract: The National Science Foundation (NSF) funds $70M annually across all cybersecurity research areas, including cryptography, cybereconomics, anti censorship, vehicle security, digital currency, privacy, dark web analytics and many more. We look for radically novel approaches to security problems and never know what the results of the research may look like. Some of the recent interesting projects include: analyzing online anonymous marketplaces in the wake of Silk Road; enhancing anonymity networks against pervasive attacks and identifying insider threats at financial institutions. This talk will give a identifying insider threats at financial institutions. This talk will give a brief overview of the NSF Secure and Trustworthy Cyberspace (SaTC) program and present some of the more interesting research results we’ve seen.Bio: Anita Nikolich is Program Director for Cybersecurity in the Division of Advanced Cyberinfrastructure at the National Science Foundation (NSF). Prior to her work at the NSF she served as the Executive Director of Infrastructure at the University of Chicago. Past assignments include positions in networking and security at Aon, Worldcom and the U.S. Marine Corps.

Alex Pinto - "Sharing is Caring: Understanding and measuring Threat Intelli-

gence Sharing Effectiveness"

Abstract: For the last 18 months, MLSec Project and Niddel collected threat intelligence indicator data from multiple sources in order to make sense of the ecosystem and try to find a measure of efficiency or quality in these feeds. This initiative culminated in the creation of Combine and TIQ-test, two of the open source projects from MLSec Project. In this talk, we have gathered aggregated usage information from intelligence sharing communities in order to determine if the added interest and "push" towards sharing is really being followed by the companies and if its adoption is putting us in the right followed by the companies and if its adoption is putting us in the right track to close these gaps. We propose a new set of metrics on the same vein as TIQ-test to help you understand what does a "healthy" threat intelligence sharing community looks like, and how to improve the ones you may be a part of today! We will be conducting this analysis with usage data from some high-profile threat intelligence platforms and sharing communities.Bio: Alex Pinto is the Chief Data Scientist of Niddel and MLSec Project, doing data science in infosec to automate our work and even the odds.

A♠J♦♠♥♦ PUZZLE ♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣

7♠6♠♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣KJRJZ TXNNF YMLLT VDCDN VRPRP HMFCF IVZKI MOZZF VYKHP HRGVG SUUMI UBJVF UQDNE ZJJCL DPOSP CXEQD DLKIP LQSOE MCTWD AUFQN MULYD SDGPL HHGLH HRRMB BEZMG SNCOL FCAKZ ZXMUZ AKIAU SQRAD VYZPA RJGOM GUHAJ LIXHW HPCHN YTTTS DZEQU CZKOQ MYVFS PBPLO ANXUV JBCFQ XWOIM OLAPV VTHNJ YVJMK HXHWT WJKCL SEXWA SLGWZ MJFUA ZOLJF DTCUU FNEBU WLDMJ CTXRO BKWWP OSXYG KZBTZ YYCTQ PVPLL VYSMH BMIXX QAUOT MFVJI PWAAE ROCOJ MVBLO DGVCK KOMVQ QFNXA AYJIY OZVPR YFSQA BWUVB PZKAY RTDHD SAOGK GTWIS LDB? (Hint: Who beat James Bond at Gin Rummy?)SAOGK GTWIS LDB? (Hint: Who beat James Bond at Gin Rummy?)

Note: This is a GOLD (lifetime) badge contest.

5♣2♣♠♥♦ AFTER PARTY SPONSORS ♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥

Tune in to KMOP for all your greatest hits!

A♥J♥♠♥♦ SPONSORS ♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥

♣♠♥♦♣♠♥

♠♥♦♣♠ TECHNOLOGY SPONSOR ♥♦♣♠♥♦♣♠♥♦♣♠♥♦ PRIZE SPONSORS ♣♠♥♦♠♣♥♦♣

♠♥♦♣♠♥ EDUCATION SPONSORS ♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣

6♦4♠♠♥♦ ¯\_(ツ)_/¯ ♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠The badge this year is a badge cloning badge that clones badges. Try it at work. :-D It was designed by Workshop88. http://workshop88.com

Got WiFi? if not, visit: https://aruba.thotcon.org/

If you have any issues, tweet@effffn or @_CRV can help.

♦♣♠♥♦♣♠ DRINKING GAME ♥♦♣♠♥♦♣♠♥♦First to figure out the coding language and tell Sakebomb gets a prize!

fun void drink( int beer ) { 2::day + now => time later; ; 1 => beer; while( now < later ) { if( beer beer; } else { ; 1 +=> beer; } 1::second => now; }}

♥♦♣♠♥♦♣ HACKER BREW CONTEST ♠♥♦♣Hackers like beer.Some like to brew their own.Brew a special beer for THOTCON and Brew a special beer for THOTCON and bring a bomber with you to enter in the Hacker Brew contest - a special session during lunch on Day 2 located in the village.

This event is considered a Sanctioned BJCP competition!

Note: This is a Note: This is a GOLD (lifetime) badge contest.

FunniesA TCP packet walks into a bar, and says to the barman "Hello, I'd like a beer."The barman replies "Hello, you'd like a beer?""Yes," replies the TCP packet, "I'd "Yes," replies the TCP packet, "I'd like a beer."

I'd tell you my UDP packet joke, but I'm not sure you'd get it.

Q: Why programmers keep confusing Halloween and Christmas?A: Because Oct 31 == Dec 25.

Q: Where Programmers Usually Hang Q: Where Programmers Usually Hang Out?A: at the Foo Bar

You probably haven’t heard of this cool new band called 1023MB.They haven’t had any gigs yet.

One day, a French spy received a coded message from an American spy claiming it came directly from President Bush. It read: S370HSSV-0773H. The spy was stumped, so he sent it to his boss at the agency. His boss was stumped too, so he sent it to the Russians for de-coding. The Russians couldn't solve it either, so they asked the Germans. The Germans, having received this same message during WWII from the Americans, suggested turning it upside down.

K♣9♣♠♥♦ /dev/null ♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠

A♣J♣4♦2♠7♦9♦ TRANSMISSION CLOSED ♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦♣♠♥♦

SPECIAL THANKS

c7five (c7five (laqam), jaku (matowy), sakebomb (ناثانوج), atucom (约翰), Videoman (Дэвид), effffn, angrygrrl, chelapple, jaxx, Michael Goetzman, Brian Johnson, Isaiah Sarju, Michael Anderson, Brett Andrews, Robert Bak, Sam Bakken, Jared Bird, Laura Bryan, Christopher Carlis, Mike Connor, Juan C. Cortes, Morgan Davis, Mike Durakovich, Alex Fernandez-Gatti, Rob Havelt, Bahb Heddle, Ethan Hobart, Jeremy Kennelly, Ryan Klein, Jason Lewis, Travis McDermott, Scott Ortell, Doug Parker, Cristina Peterson, Julien Rostand, Luiz E Dos Santos, Joshua Skorich, Kat Traxler, Colin Vallance, Alex Vargas, Steven Weinstein, Joshua Skorich, Kat Traxler, Colin Vallance, Alex Vargas, Steven Weinstein, Reno Zenere, DROWN, James Bond, NSA for spying on us, China for keeping back-ups of our data, William Gibson, Rick and Morty, Nikola Tesla, Bitcoin, Beer, Unix, Grace Hopper, DC612, DC312, DEFCON, EFF, B-Sides, ChiSec, Workshop 88, You Sh0t the Sheriff, Hitcon, Mr. Robot, all of the attendees, VIPs, and Speak-ers whom made this con possible.

8♠t♦♠♥♦ areas 0x7.pdf8 t areas this year the conference will have 5 different areas: *...

Documents