Tune into our first episode of Tool Talk: a how-to series for hackers. REGISTER ›

Barrett Darnell, Kelly Albrink and Caleb Gross to Present at DERPCON Virtual Conference

Date & Time:
Past Event
Derpcon 2020 card

We are proud to announce that Bishop Fox security associate Barrett Darnell will be holding a virtual workshop, and both senior security analyst Kelly Albrink and senior security engineer Caleb Gross will be presenting at DERPCON. Bishop Fox is also excited to be a Gold level sponsor of DERPCON. Learn more below.

Getting Your Hands Dirty: CTF Workshop

Presented by Barrett Darnell

Abstract

Capture the Flag (CTF) competitions range in style and difficulty but each and every CTF offers a wealth of knowledge for any participant. In the talk: Demystifying CTFs, Barrett Darnell will provide an overview of CTF formats, the skills they require and the experience they develop, and conclude with a plethora of CTF resources for those wanting to participate. The main focus of the talk will be relating how both technical and non-technical skills learned through CTF participation can be applied to real world information security challenges. The target audience for this talk are those who are interested in playing CTFs and would like to maximize the value from them.


Ham Hacks: Breaking into the World of Software Defined Radio

Presented by Kelly Albrink

Abstract

RF Signals are basically magic. They unlock our cars, power our phones, and transmit our memes. You’re probably familiar with Wi-Fi and Bluetooth, but what happens when you encounter a more obscure radio protocol? If you’re a hacker who has always been too afraid of RF protocols to try getting into SDRs, or you have a HackRF collecting dust in your closet, this talk will show you the ropes. This content is for penetration testers and security researchers to introduce you to finding, capturing, and reverse engineering RF signals.

I’ll cover the basics of RF so you’re familiar with the terminology and concepts needed to navigate the wireless world. We’ll compare SDR hardware from the $20 RTLSDR all the way up to the higher end radios, so you get the equipment that you need without wasting money. I’ll introduce some of the software you’ll need to interact with and analyze RF signals. And then we’ll tie it all together with a step by step demonstration of locating, capturing, and reverse engineering a car key fob signal.

* You don’t need any special equipment for this presentation, just follow along with the demos.

.NET Roulette: Exploiting Insecure Deserialization in Telerik UI

Presented by Caleb Gross

Abstract

So you're pentesting a .NET application, and you notice the server is deserializing user input—great! You know this is bad in theory, but have no idea how to actually get a shell in time for the engagement. This talk will bring you up to speed on how .NET deserialization works and how to get shells on real applications.

In this presentation, we'll dig into the internals of CVE-2019-18935, a deserialization vulnerability that allows RCE on the popular web UI suite Telerik UI for ASP.NET AJAX. After demonstrating how to exploit this issue step-by-step, you'll learn a hands-on approach to debugging a locally running ASP.NET application, quickly assessing the site's attack surface, and examining possible avenues for finding and exploiting insecure uses of deserialization. This talk is intended for penetration testers and security researchers who'd like to begin testing deserialization vulnerabilities in .NET software.



Barrett darnell

About the speaker, Barrett Darnell

Bishop Fox Alumnus

Barrett Darnell was a Senior Operator at Bishop Fox and a technical lead for the Continuous Attack Surface Testing (COSMOS) Managed Security Service. Prior to coming to Bishop Fox, he served as an exploitation operator in the US Department of Defense's most elite computer network exploitation (CNE) unit. As a top-rated military officer, Barrett led an offensive operations team in the US Air Force's premier selectively-manned cyber attack squadron. Barrett also teaches SANS SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking to a worldwide audience. Barrett holds a Bachelor of Science in Computer Science from Washington State University and a Master of Science in Software Engineering from the University of West Florida.

More by Barrett

Kelly albrink

About the speaker, Kelly Albrink

Application Security Practice Director

Kelly Albrink (CCNA CyberOps, GCIH, GSEC, OSCP, GWAPT, Sec+) is the Application Security Practice Director at Bishop Fox. In this role, she focuses on application security, red teaming, network penetration testing, and hardware security.

To her credit, Kelly has discovered 3 CVEs in Eaton UPS, including a high-risk vulnerability. She has performed numerous penetration tests for companies using zero trust networking in addition to performing multiple red teams for a leading clothing retailer including, e-commerce environments, factory and industrial control systems, as well as cloud security reviews.

Kelly is big into researching hardware with interesting wireless integrations (eg. LoRaWan, Zigbee, Bluetooth Low Energy). During one of these research projects, she reversed engineered the signals on 20+ key fobs with a software-defined radio. Additionally, she recently worked on a project that found a way to completely, wirelessly disable a home security system with BishopFox’s tool “ZigDiggity.”

Kelly has presented at a number of security events including Okta's inaugural security conference, Okta Rex, Day of Shecurity, and the DeadDrop San Francisco Meetup. At the first ever DerpCon, Kelly presented on SDRs, a topic she later wrote about for the Bishop Fox blog in "Ham Hacks: Breaking into Software-Defined Radio." She is a recipient of the SANS CyberTalent Immersion Academy scholarship. Kelly has competed in the NetWars Tournament of Champions, a national invite-only competition that admits only those who have placed highly in regional CTFs. In addition, she volunteers with her local hackerspace, Noisebridge, where she organizes Infosec Lab Nights and mentors aspiring penetration testers.

More by Kelly

Caleb

About the speaker, Caleb Gross

Senior Security Engineer

Caleb Gross is a Senior Security Engineer at Bishop Fox, where he works as a technical lead for the Cosmos, formerly CAST Managed Security Service. Prior to coming to Bishop Fox, he served as an exploitation operator in the US Department of Defense's most elite computer network exploitation (CNE) unit. As a top-rated military officer, Caleb led an offensive operations team in the US Air Force's premier selectively manned cyber attack squadron.
More by Caleb

Ready to get started? We can help.

Contact Us

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.