Assess your organization's ransomware readiness with the Offensive Security Guide. DOWNLOAD THE GUIDE ›

Barrett Darnell, Kelly Albrink and Caleb Gross to Present at DERPCON Virtual Conference

Date & Time:
Past Event
Location:
Virtual Conference | https://derpcon.io
Illustration for Derpcon 2020

We are proud to announce that Bishop Fox security associate Barrett Darnell will be holding a virtual workshop, and both senior security analyst Kelly Albrink and senior security engineer Caleb Gross will be presenting at DERPCON. Bishop Fox is also excited to be a Gold level sponsor of DERPCON. Learn more below.

Getting Your Hands Dirty: CTF Workshop

Presented by Barrett Darnell

Abstract

Capture the Flag (CTF) competitions range in style and difficulty but each and every CTF offers a wealth of knowledge for any participant. In the talk: Demystifying CTFs, Barrett Darnell will provide an overview of CTF formats, the skills they require and the experience they develop, and conclude with a plethora of CTF resources for those wanting to participate. The main focus of the talk will be relating how both technical and non-technical skills learned through CTF participation can be applied to real world information security challenges. The target audience for this talk are those who are interested in playing CTFs and would like to maximize the value from them.


Ham Hacks: Breaking into the World of Software Defined Radio

Presented by Kelly Albrink

Abstract

RF Signals are basically magic. They unlock our cars, power our phones, and transmit our memes. You’re probably familiar with Wi-Fi and Bluetooth, but what happens when you encounter a more obscure radio protocol? If you’re a hacker who has always been too afraid of RF protocols to try getting into SDRs, or you have a HackRF collecting dust in your closet, this talk will show you the ropes. This content is for penetration testers and security researchers to introduce you to finding, capturing, and reverse engineering RF signals.

I’ll cover the basics of RF so you’re familiar with the terminology and concepts needed to navigate the wireless world. We’ll compare SDR hardware from the $20 RTLSDR all the way up to the higher end radios, so you get the equipment that you need without wasting money. I’ll introduce some of the software you’ll need to interact with and analyze RF signals. And then we’ll tie it all together with a step by step demonstration of locating, capturing, and reverse engineering a car key fob signal.

* You don’t need any special equipment for this presentation, just follow along with the demos.

.NET Roulette: Exploiting Insecure Deserialization in Telerik UI

Presented by Caleb Gross

Abstract

So you're pentesting a .NET application, and you notice the server is deserializing user input—great! You know this is bad in theory, but have no idea how to actually get a shell in time for the engagement. This talk will bring you up to speed on how .NET deserialization works and how to get shells on real applications.

In this presentation, we'll dig into the internals of CVE-2019-18935, a deserialization vulnerability that allows RCE on the popular web UI suite Telerik UI for ASP.NET AJAX. After demonstrating how to exploit this issue step-by-step, you'll learn a hands-on approach to debugging a locally running ASP.NET application, quickly assessing the site's attack surface, and examining possible avenues for finding and exploiting insecure uses of deserialization. This talk is intended for penetration testers and security researchers who'd like to begin testing deserialization vulnerabilities in .NET software.



Barrett darnell

About the speaker, Barrett Darnell

Bishop Fox Alumnus

Barrett Darnell was a Senior Operator at Bishop Fox and a technical lead for the Continuous Attack Surface Testing (COSMOS) Managed Security Service. Prior to coming to Bishop Fox, he served as an exploitation operator in the US Department of Defense's most elite computer network exploitation (CNE) unit. As a top-rated military officer, Barrett led an offensive operations team in the US Air Force's premier selectively-manned cyber attack squadron. Barrett also teaches SANS SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking to a worldwide audience. Barrett holds a Bachelor of Science in Computer Science from Washington State University and a Master of Science in Software Engineering from the University of West Florida.

More by Barrett

Kelly albrink

About the speaker, Kelly Albrink

Application Security Practice Director

Kelly Albrink is the Application Security Practice Director at Bishop Fox where she focuses on leading a diverse practice that includes traditional application security, mobile applications, and product security (including embedded, industrial, and IoT devices).

As the Application Security Practice Director at Bishop Fox, she has helped facilitate the expansion of the practice to focus on security during the design phase. This includes the development of offerings such as architecture security assessments, source code review, and threat modeling. She has also created a consulting mentorship program and led the revamp of an internal knowledge-sharing series of technical talks.

As a consultant, Kelly frequently performed hardware and wireless testing, becoming a subject matter expert in this area. She is responsible for identifying a high-risk CVE that impacted an Eaton power management appliance.

Kelly is an active member of the security community. At the first ever DerpCon, she presented on Software Defined Radio (SDR), a topic she later wrote about for the Bishop Fox blog in "Ham Hacks: Breaking into Software-Defined Radio."

More by Kelly

Caleb

About the speaker, Caleb Gross

Senior Security Engineer

Caleb Gross is a Senior Security Engineer at Bishop Fox, where he works as a technical lead for the Cosmos, formerly CAST Managed Security Service. Prior to coming to Bishop Fox, he served as an exploitation operator in the US Department of Defense's most elite computer network exploitation (CNE) unit. As a top-rated military officer, Caleb led an offensive operations team in the US Air Force's premier selectively manned cyber attack squadron.
More by Caleb

Ready to get started? We can help.

Contact Us

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.