BrrCon 2018 – Honestly, not Really that Cold

I went to Minnesota for BrrCon a few weekends ago, and I loved it.

BrrCon 2018 – Introduction

This was my first time in Minnesota, and it was fun. Everyone was super friendly, and the food was excellent.

It was also great to know someone in the area. He was able to show me around, take us to some places, and just generally hang out.

And, of course, I repped SwAG again during my presentation day.

BrrCon 2018 - SwAG

BrrCon 2018 - Presentation Promo Shot

Venue, Area, Food and Drinks

While sponsored by a few local companies, BrrCon was free of sponsor booths and pitches.

The venue was in the Minneapolis Convention Center, and had a number of rooms setup.

There were two rooms for presentations (aptly named Frostbyte and Snowmageddon), a large hang out area with a few villages, and a room for the free workshops.

After the conference, Hacker’s Girlfriend and I spent a few days near downtown Minneapolis. We hung out, drank, ate, drank, ate, and hung out some more. This was fun, and I really enjoyed the city.

We got to spend some time with Sean, his girlfriend, Brady (who I met at BSides Denver), and Carl!

Then, we drove on up to Duluth, which was a fun and gorgeous drive.

BrrCon 2018 - Duluth bridge

BrrCon 2018 - Scenic Overlook

Duluth was a fun little city, and we spent plenty of time exploring it.

There was a really cool aerial lift bridge next to the inn that we stayed at.

BrrCon 2018 - Duluth Aerial Lift Bridge

Pictured: me watching the bridge go up.

BrrCon 2018 - Watching bridge

I also got to try one of the best tripels that I’ve had in the states from a brewery there. I of course had to immediately make room in our suitcases for 2 growlers.

BrrCon 2018 - Dawntreader

BrrCon 2018 - Growlers

We had a great time in the area, and I’m glad that I made a trip out of this con.

Talks

I went to 5 talks at BrrCon, and they were pretty enjoyable.

  • Murky Waters: Analyzing Phish Kits – this was a really neat talk about obtaining, analyzing, and comparing phishing kits. This isn’t really a topic that I have much familiarity with, so I definitely learned a bit.
  • DNS – The Security Platform No One Cares About – a talk about DNS vulnerabilities, attacks, and remediations. This talk actually gave me a few ideas for offensive DNS uses, as well as a possible presentation topic.
  • Legit Comms: Evolving Both Red and Blue – an awesome talk from (twitter) Dave Kennedy about evolving the way red teams attack, and blue teams defend. Plus, some demos of the new TrevorC2 and Unicorn.
  • Incident Response, More Than a Plan – this was an interesting talk about IR, but mostly in relation to teaching it at various levels.
  • WiFiPi: Rasberries and Radios and Antennas, oh my! – my talk again! Went great, though I still really need to slow down.

Unfortunately, this was another conference without recording. That said, you might be able to find a few of these talks online eventually.

Legit Comms: Evolving Both Red and Blue – Given at HACK NYC, but not sure if there will be any recordings.
WiFiPi – blame Curbob STILL.

BrrCon 2018 – Speaking

One more con, and one more presentation! That brings it up to 6 total, and 3rd for this topic.

I’m still really enjoying speaking, and I think that my delivery and style is quite good. Still cutting down on the filler words, but my words per minute are still far too high.

I had a few more questions this go round, but I like the idea of including the answers in future presentations.

The talk was the last before the “closing ceremony”, so I had plenty of time for discussions and questions.

BrrCon 2018 - Presenting

This is the last time that I’ll give this talk (for now), so I will post the slides soon.

Finally, if you have any feedback (positive, negative, or neutral) about the content or presentation, then please let me know!

Villages/Events

While there were only a few villages at BrrCon, there were still some pretty neat ones.

There was a small lock picking village, but I didn’t do anything there this time.

There was also 12 Battletech pods, which was amazing! This was an older game similar to Mechwarrior, only with you controlling the mech from the pods.

BrrCon 2018 - Battletech pods

I played one game (with girlfriend), and ended up in 3rd place!

BrrCon 2018 - Scoreboard

Other than that, there was a setup for a forensics based challenge/CTF. That said, I think it required pre-registration, and I was never able to see any of the competition.

BrrCon 2018 – Conclusion

I had an awesome week, and I’m glad that I decided to go up to Minnesota.

I was able to do a little (ok more than a little) eating, a little drinking, some networking, and some exploring.

While I did get delayed on the way there (of course), it wasn’t any worse than normal.

I’m looking forward to traveling around for more cons, and always looking for new talk ideas!

Leave a Comment

Filed under Security Not Included

Hello World Shellcode – Now for the fun part!

Once I finished module 1 of the SLAE course, it was time to move on to some hello world shellcode.

Continue reading

Leave a Comment

Filed under Security Not Included

The Nexus Root Toolkit is Super Easy and Straightforward

I had to root an Android device for a recent engagement, and I found myself using the Nexus Root Toolkit for this.

Continue reading

Leave a Comment

Filed under Security Not Included

Assembly Saving Flags / Registers (More SLAE “Fun”)

Another week, and another post about my SLAE progress! This time, I’ll be covering assembly saving flags and registers.

Continue reading

Leave a Comment

Filed under Security Not Included

Assembly Hello World – Making SLAE Progress!

Now that I’m making progress, I wanted to share the code and descriptions for assembly Hello World.

Continue reading

Leave a Comment

Filed under Security Not Included

BSides Denver 2018 – Hacking the Mile High City

I traveled out to BSides Denver 2018 this past weekend, and had a great time!

Continue reading

Leave a Comment

Filed under Security Not Included

Extract Android Chrome Tabs via USB Debugging

While only partially security related, I finally learned out to get my Android Chrome tabs to my desktop.

Continue reading

Leave a Comment

Filed under Security Not Included

Alfa AWUS051NH Installation and Configuration (VMware on MacOS)

I had a few questions about using an Alfa AWUS051NH wireless card, so I figured I would share a quick write-up about it.

Continue reading

Leave a Comment

Filed under Security Not Included

XSS Phishing for Fun and Credentials!

Since it came up in a recent conversation, I figured I would share an XSS phishing technique!

Continue reading

Leave a Comment

Filed under Security Not Included

CarolinaCon 14 – Shall we Play a Game?

Another weekend is over, and CarolinaCon 14 is in the books.

Continue reading

Leave a Comment

Filed under Security Not Included