CarolinaCon 14 – Shall we Play a Game?

Another weekend is over, and CarolinaCon 14 is in the books.

CarolinaCon 14 - Introduction

Last weekend (13-15 April) was another great CarolinaCon.

If you've never made it out to one, then I highly recommend it.

This is probably my favorite conference, and you can't beat the price ($40).

Talks

I was only able to make it to a few talks this year, due to helping out with (and poking at) the EverSec CTF.

That said, Curbob will post the videos to YouTube soon, and you can always catch them there.

  • The GHS Shoothouse for WiFi - The shootout seemed awesome, and run by an awesome program. Unfortunately, I ended up not having enough time to actually check it out and compete. That said, I got to take a look at it after the con, and it is sweet. Not only do they have everything configured for wireless attacks, but the display is gorgeous. I'm hoping that these guys can come out every year, and I'd love to combine the CTFs.
  • Getting Access with Spear Phishing - This was a great talk about spear phishing, and I picked up a few new tricks. I've seen attachments get flagged/blocked too many times, but never thought about using a service like OneDrive/Google Drive/Dropbox. I'm looking forward to trying out a few of these new techniques and tools in the future.
  • Master Baiting - Don’t Click Bait, Click Yourself! - BACE16 gave an awesome talk about introspection, real life social engineering, and master-baiting that you just need to watch for yourself!
  • Liverstrong - Upping Your Game with the Cause of and Solution To All of Life's Problems - Deviant gave an awesome, and expensive, talk about alcohol and drinking! From the differences in liquors, to the history of cocktails, and plenty of free samples. We also got to learn how to turn a cheap Chinese ultrasound machine into a DIY liquor aging machine. This talk was a lot of fun, I just wish I sat on the left side for more samples/a wrist-band.
  • WiFiPi: Raspberries and Radios and Antennas, oh my! - This was my talk, and it went pretty well this year! An infomercial styled talk about my WiFiPi and how to use it for wireless assessments. Fun was had, and a drink was even made for my adoring fans.
  • Blockchain: The New Digital Swiss Army Knife? - G. Mark laying down some knowledge about blockchains that made me actually believe in them. I only caught part of this talk (late lunch + cleaning up after my talk), but it was actually really interesting. He covered cryptocurrency and its origins, what blockchains are, what companies pretend to use them for, and some legitimate uses in the future.

CarolinaCon 14 - Speaking

I spoke again at CarolinaCon this year, making it my 4th total talk!

This was a great experience, and I'm glad that I submitted my talk here.

CarolinaCon 14 - Schedule

There were a few technical difficulties with the streaming, but hopefully that all gets sorted out in post-processing.

CarolinaCon 14 - Technical Difficulties

My presentation this year was about the WiFiPi, and I even made a themed drink.

CarolinaCon 14 - Raspberry Rootkit

The reason for the themed drink was my presentation falling under the uDrink Protocol this year, which was a lot of fun.

CarolinaCon 14 - Drink Mixing

I got to discuss my uses for the WiFiPi, and showed off the way that I normally carry it on engagements.

CarolinaCon 14 - WiFiPi

There were a ton of questions after the talk, which is always great. The crowd was asking plenty of questions, and they seemed to really enjoy the topic/idea. I even had to leave the conference room with a few people following me while it shut down for lunch.

CarolinaCon 14 - Questions

That said, there were some rumors about my drink attempting to "poison" CERTAIN con-goers.

CarolinaCon 14 - Poison Drink

I might give this talk one more time this year, but be on the lookout for slides and a video when that is complete.

Finally, if you have any feedback (positive, negative, or neutral) about the content or presentation, then please let me know!

CarolinaCon 14 - Villages/Events

EverSec ran the CTF again this year, though it wasn't without issue.

First, the PSU in the official CTF machine seemed to have died. That said, after getting a new PSU, the system still did not want to work.

Next, we attempted to move the entire system into someone else's server. I had to leave at this point, but many hours of Xen troubleshooting followed.

Finally, the next day around noon, everything was up and running. I want to give a huge shout out to all the teams, and non-participants, that helped get everything sorted out. This was definitely a community effort, and you guys showed EverSec some real love.

When all the chips had fallen, securisec came out with the victory.

CarolinaCon 14 - CTF Final Scoreboard

I won't post any write-ups from this year, as I didn't really spend much time on any of the more interesting/difficult challenges.

It was great to see all the people pitch in and try to help. That said, hopefully we'll have some better hardware at the next event!

CarolinaCon 14 - Conclusion

This was another great year, even considering the first ever CC arrest!

During the closing ceremonies, everyone who had contributed to the conference in some way came up on stage.

CarolinaCon 14 - Everyone

I was able to get my drinking in this year as well, and hope to continue speaking/drinking as long as the con exists.

That said, I did manage to bring home some con flu this year, which was unfortunate.

CarolinaCon 14 - Con Flu

If you've never made it out to a CarolinaCon, then definitely try to make it next year!

doyler on Githubdoyler on Twitter
doyler
Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he's done it all. To show for it, he has obtained an OSCP, eCPPT, eWPT, eWPTX, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!

He currently serves as a Senior Penetration Testing Consultant for Secureworks. His previous position was a Senior Penetration Tester for a major financial institution.

When he's not figuring out what cert to get next (currently GXPN) or side project to work on, he enjoys playing video games, traveling, and watching sports.

Leave a Comment

Filed under Security Not Included

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.