What: THOTCON 0x1
When: Friday, April 23, 2010

*** ABOUT ******************************
THOTCON (pronounced \ˈthȯt\ and taken fr
om THree - One - Two) is a new small ven
ue hacking conference based in Chicago I
L, USA. This is a non-profit, non-commer
cial event looking to provide the best c
onference possible on a very limited bud

*** SPEAKERS****************************
We are pleased to announce that the foll
owing people will be speaking at THOTCON
David "VideoMan" Bryan
TITLE: Hacking with GNU Radio

This presentation will focus on the requ
irements for GnuRadio, cost, code, and r
adio technology basics.  I will also pre
sent some of attacks that have been crea
ted using the GnuRadio, as well as my ow
n research from a successful hack of a p
roprietary Multiple Address System (MAS)
 SCADA network, and a quick demo of the 
GnuRadio in action.

Videoman has 10 years of experience doin
g computer security. He has worked for l
arge enterprise financial institutions t
o secure their networks. Currently a com
puter security consultant, he enjoys wor
king for NetSPI's clients to help them r
educe their risks. In his spare time he 
co-manages the local DefCon Group (DC612
) and serves on the OWASP MSP board, add
itionally he helps to run the network at
 DefCon. He also likes to brew beer, and
 bike the many miles of pathways in Minn

Michael Coates
TITLE: How Everyone Screws Up SSL

SSL has taken many hits over the past ye
ar. From the MD5 rogue certificate creat
ion to SSL Strip, it seems that SSL shou
ld be dead and gone. However, SSL is sti
ll one of the fundamental security patte
rns used to protect data in transit. Unf
ortunately, SSL is widely misunderstood.
 It's time to take a breath and make sur
e everyone knows what we are really doin
g when we implement SSL. This will be an
 advanced talk that will focus on unders
tanding the entire lifecycle of SSL. How
 does it work, what are the weaknesses a
nd what's going on with the recent SSL a
ttacks? We will address issues such as: 
How does SSL really work? Is redirecting
 from HTTP to HTTPS safe? Does the landi
ng page need to be SSL? How bad are thos
e browser warnings? What tools are avail
able and how do I test my server's SSL c
onfiguration? Should I be concerned abou
t the MD5 rogue certificate or SSL strip
? These questions and more will be answe
red. This presentation will not be a bas
ic intro to SSL talk. This will be 45 mi
nutes of drinking from the SSL security 
fire hose. It is intended for security a
udiences already familiar with the basic
s of SSL and encryption.

Michael Coates is the lead Web Security 
Engineer for Mozilla with the responsibi
lity of protecting all of Mozilla's web 
applications.  Prior to Mozilla, Michael
 spent many years in consulting and perf
ormed penetration assessments, security 
code reviews, and security training sess
ions for leading corporations worldwide.
 Michael is a contributor to the OWASP T
op 10, creator of the OWASP TLS Cheat Sh
eet and the OWASP AppSensor project and 
holds a Masters Degree in Computer Secur
ity from DePaul University.

Luiz "effffn" Eduardo
Title: 30K Foot Look at WiFi

Inflight WiFi is really nothing new, but
, it's a growing thing in the US in the 
past couple of years. This talk will be 
about the latest findings in this area. 

Luiz "effffn"  Eduardo is your everyday 
security professional, with a strong net
work and WiFi background. He's a regular
 speaker at security cons like DefCon, h
iTB Malaysia, Toorcon, Shmoocon, H2HC, L
ayerone and others. It's somewhat known 
for having implemented WiFi at some of y
our favorite security cons and is one of
 the organizers of a Brazilian security 
conference YSTS (you sh0t the sherfiff).

TITLE: Trolling Reverse-Engineers w/Math

Did you ever sit around in your trigonom
etry class in high school wondering why 
you were learning anything about sinewav
es or why they were even useful enough t
o warrant learning to begin with? Math i
s actually /pretty goddamn cool/. It may
 be irritating to solve for Y in all tho
se formulas consisting of variable-salad
, but solving for Y can be helpful in th
e world of binary obfuscation. This talk
 will attempt to teach a few techniques 
that will allow for the application of a
rbitrary mathematical formulas (such as 
sinewaves) to create unique, polymorphic
 sequences of assembly code. The weaknes
s, strengths, pitfalls of assembly intri
cacies and potential implementations of 
such obfuscation techniques will also be

frank^2 is a bottom-feeding script-kiddi
e who has made numerous attempts at perf
orming DDoS attacks with WinNuke. Freque
ntly, he can be seen working Santa Monic
a Boulevard, informing everyone he walks
 by of the services he'll provide and at
tempting hard-sells by informing people 
of the cheeseburgers he's got. He uses t
his coke-addled income to purchase Rbot 
herds, gathering infected nodes like an 
over-hyped hip-hop artist gathers bling.
 (The inability to do anything useful wi
th said bling also applies.)

Rob Havelt
TITLE: War Driving for Warehouses

Focusing on mostly industrial areas with
 warehouse facilities that have been aro
und at least 10 years can be quite enlig
htening when you lift the veil and wardr
ive for legacy 802.11 FHSS. This talk wi
ll show you a functioning War Drive Rig 
for this wireless technology in action, 
and provide some Wardrive maps of comple
tely open networks in the Milwaukee/Chic
ago North Burbs to show how relevant thi
s technology still is.

Rob Havelt is the Practice Manager for P
enetration Testing at Trustwave's Spider
Labs, the advanced security team respons
ible for Penetration Testing, Applicatio
n Security, and Incident Response for Tr
ustwave's clients. Formerly a bourbon-fu
eled absurdist, raconteur, and man about
 town, currently a sardonic workaholic o
ccasionally seeking meaning in the finer
things in life. When Rob isn't working w
hich is rare, he's usually trying to mak
e the perfect cup of coffee, or obsessin
g over things like surrealist Czech vamp
ire movies from the seventies.

Ryan Jones
TITLE: Top 5 Ways in a Data Center

This speech would go over the top 5 most
 common ways to breach the physical secu
rity of a data center. This information 
has been gathered by the speaker over th
e course of his career as a physical pen
etration tester/red teamer. Topics cover
ed will include social engineering, lock
 picking, and common construction flaws.
 Example of how these vulnerabilities we
re and can be used to attack a data cent
er physically as well as solutions to th
ese issues will also be covered.

Ryan Jone has worked in the information 
security field for over 14 years. His ma
in focus has been on network, applicatio
n, and physical security assessments and
 he has worked in these capacities with 
over 1000+ clients for a variety of busi
ness sectors with the primary the emphas
is being on the government, banking, and
 medical industries. His work included t
esting web applications, network penetra
tion testing, physical penetration testi
ng, physical security assessments and pl
anning, social engineering testing as we
ll as designing information security rem
ediation programs for these clients. He 
has spoken at at various events and conf
erences, including the Defcon Skybox tal
ks. He was a cast member and technical p
roducer of the 2007 TV show "Tiger Team"
 and is also currently the co-host of th
e security podcast "Exotic Liability." H
e is currently a Senior Security Consult
ant on the Application Security Team of 
Trustwave's Spiderlabs.

Rafal Los
TITLE: Dr. Evil's Guide to Web 2.0

You have no choice but to deal with the 
“Web 2.0 phenomenon” … but most people h
ave no idea how dangerous these technolo
gies are.  Web 2.0 is old technologies h
eld together with duct tape and implicit
 trust, and exploiting them often doesn’
t involve a whole lot of technical knowl
edge … In this talk you’ll see and learn
 the concepts behind testing, manipulati
ng, and penetrating the new “Web 2.0” te
chnologies.  There will be demos, code s
nips, and analysis … Come learn why the 
new wave in web application technologies
, based on end-user interaction and incr
eased functionality is even easier to “h
ack” than you think. 

Rafal is 16+ year veteran of the IT worl
d, working as a penetration tester, rese
archer then consultant, architect and In
formation Security Officer at companies 
ranging from SMBs to a stretch with a Fo
rtune 5.

Nelson Murilo
TITLE: Beholder WIDS Tool

Although it's not something new, network
 administrators are still facing old pro
blems. One of these problems is to be ab
le to detect rogue and/or fake access po
ints in their networks and surroundings.
The solutions available are mostly comme
rcial and/ or proprietary, but still no 
open-source tool. Now there is: Beholder
. The talk will include a brief introduc
tion on the general state of the commerc
ial WIDS and will be mostly focused on t
he Beholder project. Beholder is an C la
nguage opensource tool available (for no
w) for linux platforms, it can be used f
or whatever 802.11 technology the nic ca
rd supports and it isn't driver dependen
t, run in all available linux wifi drive

Nelson Murilo has been a Network Securit
y Analyst since 1992. He is the author o
f two network security books in Portugue
se and a regular contributor of Brazilia
n Computer Emergency Response Team publi
shed papers (security guides and technic
al papers). Nelson is the author and co-
author of open source security tools lik
e chkrootkit and Btsearch. Regular speak
er in Brazil and international conferenc
es and is one of the organizers of a Bra
zilian security conference YSTS (you sh0
t the sheriff).

Kevin A. Nassery
TITLE: Where did those damn packets go?

Passive network monitoring has been a fo
undational to network security architect
ures for over a decade.  IDS, DLP, link 
capacity planning, and network troublesh
ooting usually relies on having full vis
ibility into in-flight network data.  Fo
r years we sat back and enjoyed the fact
 that our Pentium computers could easily
 outrun our measly WAN speeds and access
ing the traffic was a simple matter of c
onfiguring a SPAN port on a switch. Toda
y we face the challenge an uphill battle
 when 10GigE+ interconnects are common p
lace, virtualization platforms are keepi
ng data off our switch ports, and more a
nd more of our data is headed out our eg
ress links to the cloud.  This talk will
 discuss today’s challenges, provide an 
overview of new product classes that can
 help us stand up to those challenges, a
nd what we need to do to keep our heads 
above water moving forward.

Kevin A. Nassery is a hands-on technical
 architect, who has been an active Unix 
systems, network, and security engineer 
and consultant for more than a decade. A
fter serving for more than four years as
 principal infrastructure architect for 
a major online presence, he recently ret
urned to his passion of security consult
ing. At present, he is a RHCE, CISSP, an
d holds an MS from Depaul University in 
Computer, Information, and Network secur
ity. He is currently a senior security c
onsultant with Consciere LLC.

Cris Neckar and Greg Ose
TITLE: Forensic Fail

Forensic analysis is one of the least de
veloped areas of computer security. Inve
stigations are often handled by individu
als withlittle more than a software cert
ifications and very few investigators ha
ve detailed knowledge of the inner worki
ngs of the software and systems they ana
lyze. A checklist of search terms and a 
copy of EnCase is often sufficient for c
ases involving less knowledgeable defend
ants, but what happens when a skilled at
tacker plans for the eventuality of fore
nsic analysis? This talk will discuss th
e process and failings of forensic analy
sis as it is commonly performed today. W
e will present the details of techniques
 which can be used to undermine modern f
orensic analysis. These techniques will 
be outlined through detailed samples imp
lemented in a Linux rootkit along with i
mprovements that could be made to the fo
rensic process.

Cris Neckar is currently a jobless bum b
ut will be starting on Google's security
 team in May. Until recently he was a Se
nior Application Security Consultant at 
Neohapsis Inc. where he specialized in a
pplication assessment, vulnerability res
earch, and exploit development. In this 
capacity Cris led penetration tests and 
whitebox assessments on high profile sof
tware, web applications and embedded dev
ices as well as forensic malware analysi
s. Cris also spends his time performing 
and publishing research into new attack 
techniques. As an adjunct professor for 
DePaul University's College of Digital M
edia in Chicago, Cris developed and teac
hes one of the first graduate level cour
ses on the technical details of applicat
ion assessment and exploit development.

As an Application Security Consultant at
 Neohapsis Inc., Greg specializes in app
lication security assessment, internal a
nd external penetration testing, as well
 as performing research on topics rangin
g from kernel-level exploitation to web 
application vulnerabilities. Prior to jo
ining Neohapsis, Greg developed a lightw
eight security framework for mobile devi
ces and implemented a secure boot and re
-imaging infrastructure to enforce data 

Tim Sally
TITLE: Virus Writing Techniques

The state of software security in early 
1990 was abysmal; vendors relied on secu
rity through obscurity and were slow to 
patch or improve the security of their p
roducts. This changed with full disclosu
re, which forced software vendors to ado
pt effective security policies and pract
ices. The antivirus industry of today lo
oks much like the software industry of 1
990. The effectiveness of existing solut
ions is stagnant or decreasing and vendo
rs mislead their customers about the cap
abilities of their products. This talk e
xplores the idea of bringing full disclo
sure to the antivirus industry in an att
empt to jumpstart innovation and improve
 the effectiveness of antivirus. We will
 examine modern virus writing techniques
 and explore the implementation of a new
 metamorphic engine. We will show that t
he metamorphic engine is capable of evad
ing modern antivirus and we will make a 
few recommendations on how detection rat
es could be improved.

Tim Sally is a computer science undergra
duate at the University of Illinois, Urb
ana-Champaign.  He has worked at a Depar
tment of Energy funded research center a
nd at a large defense contractor.  His s
tudies are fully funded by the National 
Science Foundation.

Jayson E. Street
TITLE: Stratagem 1 - 瞒天过海

There are new threats arising everyday. 
The problem is there has been a vulnerab
ility in the system that has not been pa
tched since the first computer was creat
ed Humans! As the network perimeter hard
ens and the controls on the desktop tigh
tens. Hackers are going back to the basi
cs and getting through the firewall by g
oing through the front door. They are by
passing the IPS and IDS simply by bypass
ing the receptionist. We look at this to
pic with a different viewpoint. We look 
at the history as well as the culture an
d keep it offbeat with showing how 1st c
entury strategies can still be used to b
reak into 21st century networks.

Jayson E. Street is an author of the boo
k "Dissecting the hack: The F0rb1dd3n Ne
twork" from Syngress. He is well versed 
in the ten domains of Information System
s security defined by the International 
Information Systems Security Certificati
on Consortium ([ISC]2). He specializes i
n intrusion detection response, penetrat
ion testing, and auditing. He also has a
 working knowledge of the implementation
 and administration of major firewalls, 
vulnerability scanners, and intrusion de
tection systems. Jayson has created and 
conducted security awareness training fo
r a major Internet bank and his consulta
tion with the FBI and Secret Service on 
attempted network breaches resulted in t
he capture and successful prosecution of
 the criminals involved. He has also spo
ken in America, Belgium, China and at se
veral other colleges and conferences on 
a variety of Information Security subjec
ts and is on the SANS GIAC Advisory Boar
das well as a mentor for SANS.  On a hum
orous note he was chosen as one of Time'
s persons of the year for 2006.