Another weekend is over, and CarolinaCon 14 is in the books.
CarolinaCon 14 – Introduction
Last weekend (13-15 April) was another great CarolinaCon.
If you’ve never made it out to one, then I highly recommend it.
This is probably my favorite conference, and you can’t beat the price ($40).
I was only able to make it to a few talks this year, due to helping out with (and poking at) the EverSec CTF.
That said, Curbob will post the videos to YouTube soon, and you can always catch them there.
- The GHS Shoothouse for WiFi – The shootout seemed awesome, and run by an awesome program. Unfortunately, I ended up not having enough time to actually check it out and compete. That said, I got to take a look at it after the con, and it is sweet. Not only do they have everything configured for wireless attacks, but the display is gorgeous. I’m hoping that these guys can come out every year, and I’d love to combine the CTFs.
- Getting Access with Spear Phishing – This was a great talk about spear phishing, and I picked up a few new tricks. I’ve seen attachments get flagged/blocked too many times, but never thought about using a service like OneDrive/Google Drive/Dropbox. I’m looking forward to trying out a few of these new techniques and tools in the future.
- Master Baiting – Don’t Click Bait, Click Yourself! – BACE16 gave an awesome talk about introspection, real life social engineering, and master-baiting that you just need to watch for yourself!
- Liverstrong – Upping Your Game with the Cause of and Solution To All of Life’s Problems – Deviant gave an awesome, and expensive, talk about alcohol and drinking! From the differences in liquors, to the history of cocktails, and plenty of free samples. We also got to learn how to turn a cheap Chinese ultrasound machine into a DIY liquor aging machine. This talk was a lot of fun, I just wish I sat on the left side for more samples/a wrist-band.
- WiFiPi: Raspberries and Radios and Antennas, oh my! – This was my talk, and it went pretty well this year! An infomercial styled talk about my WiFiPi and how to use it for wireless assessments. Fun was had, and a drink was even made for my adoring fans.
- Blockchain: The New Digital Swiss Army Knife? – G. Mark laying down some knowledge about blockchains that made me actually believe in them. I only caught part of this talk (late lunch + cleaning up after my talk), but it was actually really interesting. He covered cryptocurrency and its origins, what blockchains are, what companies pretend to use them for, and some legitimate uses in the future.
CarolinaCon 14 – Speaking
I spoke again at CarolinaCon this year, making it my 4th total talk!
This was a great experience, and I’m glad that I submitted my talk here.
There were a few technical difficulties with the streaming, but hopefully that all gets sorted out in post-processing.
My presentation this year was about the WiFiPi, and I even made a themed drink.
The reason for the themed drink was my presentation falling under the uDrink Protocol this year, which was a lot of fun.
I got to discuss my uses for the WiFiPi, and showed off the way that I normally carry it on engagements.
There were a ton of questions after the talk, which is always great. The crowd was asking plenty of questions, and they seemed to really enjoy the topic/idea. I even had to leave the conference room with a few people following me while it shut down for lunch.
That said, there were some rumors about my drink attempting to “poison” CERTAIN con-goers.
I might give this talk one more time this year, but be on the lookout for slides and a video when that is complete.
Finally, if you have any feedback (positive, negative, or neutral) about the content or presentation, then please let me know!
CarolinaCon 14 – Villages/Events
EverSec ran the CTF again this year, though it wasn’t without issue.
First, the PSU in the official CTF machine seemed to have died. That said, after getting a new PSU, the system still did not want to work.
Next, we attempted to move the entire system into someone else’s server. I had to leave at this point, but many hours of Xen troubleshooting followed.
Finally, the next day around noon, everything was up and running. I want to give a huge shout out to all the teams, and non-participants, that helped get everything sorted out. This was definitely a community effort, and you guys showed EverSec some real love.
When all the chips had fallen, securisec came out with the victory.
I won’t post any write-ups from this year, as I didn’t really spend much time on any of the more interesting/difficult challenges.
It was great to see all the people pitch in and try to help. That said, hopefully we’ll have some better hardware at the next event!
CarolinaCon 14 – Conclusion
This was another great year, even considering the first ever CC arrest!
During the closing ceremonies, everyone who had contributed to the conference in some way came up on stage.
I was able to get my drinking in this year as well, and hope to continue speaking/drinking as long as the con exists.
That said, I did manage to bring home some con flu this year, which was unfortunate.
If you’ve never made it out to a CarolinaCon, then definitely try to make it next year!
Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he’s done it all. To show for it, he has obtained an OSCE, OSCP, eCPPT, GXPN, eWPT, eWPTX, SLAE, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!
He currently serves as a Senior Staff Adversarial Engineer for Avalara, and his previous position was a Principal Penetration Testing Consultant for Secureworks.
This page contains links to products that I may receive compensation from at no additional cost to you. View my Affiliate Disclosure page here. As an Amazon Associate, I earn from qualifying purchases.