44CON LONDON 2015 has ended

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Workshop [clear filter]
Thursday, September 10


Introduction to Reverse Engineering C++
C++ and Object Oriented Programming (OOP) has been around for a while. Software (small to large scale projects) and malware are leveraging C++ and OOP more and more. Understanding how to program and reverse engineer C++ can aid in finding or exploiting vulnerabilities, performing in-depth analysis on malware, hacking games, etc.

In this workshop we will discuss
  • C++ Overview: Builds a foundation of C++-isms to ensure everyone understands the basic concepts we will discuss during the workshop. Some C++ topics that will be covered: class keyword, scope operator (::), public/private/protected keywords, constructor/destructor, getter/setter methods, this keyword, etc.
  • Polymorphism: What is polymorphism and what it adds to C++ programming that cannot be accomplished in a C application
  • Class Relationships and Binding Types: Highlights three different class relationships (containment, association, and inheritance) and how binding types (compile vs run time) affect the assembly generated by the compiler
  • Reversing Strategies: Developing a methodology for reverse engineering C++ object oriented programs with IDA Pro by leveraging structures and applying them to the disassembly. All previously discussed topics will be revisited at the assembly level.

This workshop requires attendees to:
  • Understand C and x86 Assembly
  • Have a Windows XP or higher VM
  • Have a free, license, or demo version of IDA Pro
  • Have a version of Microsoft's Visual Studio

avatar for Angel Villega

Angel Villega

Angel doesn't like writing about himself... Angel is a Research Engineer within the Talos Security Intelligence and Research Group at Cisco. He is based in Maryland, USA. In this role he conducts in-depth analysis of malware, vulnerability research, and develops software.

Thursday September 10, 2015 10:30 - 12:29


Analyzing Malicious Office Documents
In this workshop (2 hours), I explain how to use the tools (oledump, emldump, YARA rules, ...) I developed to analyze (malicious) Microsoft Office documents.
I have around 20 exercises that explain step by step to the workshop participants how they can analyze malicious office documents with my Python tools. Microsoft Office is not required for the analysis.

avatar for Didier Stevens

Didier Stevens

Didier Stevens (Microsoft MVP Consumer Security, SANS ISC Handler, Wireshark Certified Network Analyst, ...) is a Senior Analyst working at NVISO (https://www.nviso.be). Didier has developed and published more than 100 tools, several of them popular in the security community. You... Read More →

Thursday September 10, 2015 13:30 - 15:29


Indicators of Compromise: From malware analysis to eradication
This workshop takes you through the steps from locating a unknown malware inside the corporate network to analyzing the sample to identify the indicators of compromise and use those to eradicate the malware from the enterprise network using freely available tools - some that you might already have deployed.

avatar for Michael Boman

Michael Boman

Michael is a malware researcher, developer, speaker and founder of Malware Research Institute, an organisation that promotes and develops tools, techniques and procedures for malware research, malware forensics and incident response. Michael's interest in malware began when his... Read More →

Thursday September 10, 2015 16:00 - 17:59


The IOT Evening Workshop
  • 101 logic probing
  • vulnerable device playing (scales, cameras, routers & things)"
  • 102 firmware analysys + extraction
  • mobile app decompilation

Thursday September 10, 2015 19:35 - 22:59
Friday, September 11


Hands-on JTAG for fun and root shells
JTAG may be almost 30 years old with little change, but that doesn't mean most people really understand what it does and how. This workshop will start with a brief introduction to what JTAG really is, then quickly dive into some hands-on practice with finding, wiring, and finally exploiting a system via JTAG.
For this UK-themed workshop, we'll target a Raspberry Pi (Cambridge) with an ARM (also Cambridge) microprocessor. In order to interact with the system, we'll use a JTAG interface cable from FTDI (Glasgow). We won't do any hardware modifications, but we will hook up wires in weird and wonderful ways to make the Raspberry Pi do things it otherwise shouldn't.
You will need a computer that can boot a Linux USB drive.
Kits will be available for sale at the registration desk.

avatar for Joe FitzPatrick

Joe FitzPatrick

Joe FitzPatrick (@securelyfitz) has spent a decade working on low-level silicon debug, security validation, and penetration testing of CPUS, SOCs, and microcontrollers. He develops and delivers hardware security training at https://SecuringHardware.com, including Applied Physical Attacks on x86 Systems. In between, he keeps busy with contributions to the NSA Playset and other misdirected hardware projects, which he presents at all sorts of fun conferences... Read More →

Friday September 11, 2015 11:30 - 13:29


Old Dog, New Tricks: Forensics With PowerShell
Recent intrusion into the networks of organizations like Office of Personnel Management, Sony, JPMorgan Chase, and British Airways have shown that the question isn’t “if” your organization will be targeted, but “when”. With these attacks and many others in recent years, incident response teams have had to rapidly change tactics from the “image-and-forget” methodology to live box forensics and containment. During these engagements, forensic analysts must actively track and monitor an adversary in their network while preventing the adversary from recognizing detection but most tools are not up to the job. PowerShell brings the flexibility and in-memory nature to defenders to tackle live threats.

In this talk, I will cover how my project, PowerForensics, can provide the Digital Forensics/Incident Response community with an all in one toolset for attack response and investigation. By leveraging PowerShell’s access to the Windows API and .NET framework, PowerForensics provides investigators with a forensically sound “live” investigation platform without the need to image the hard drive. I’ll cover the background and overview of PowerForensics, including how its various capabilities can facilitate the investigation of advanced actors at scale. Finally, I’ll cap off with a complex demo, showing how PowerForensics can help blue teams investigate the real attacks they’re now facing. PowerShell isn’t just for the red team anymore.

avatar for Jared Atkinson

Jared Atkinson

Jared Atkinson is the Hunt Capability Lead with Veris Group’s Adaptive Threat Division and is an Adjunct Lecturer in Utica College’s M.S. in Cybersecurity program. Before working for Veris Group, Jared spent 4 years leading incident response missions for the U.S. Air Force... Read More →

Friday September 11, 2015 14:30 - 15:59