Anyone else hanging out at GrrCON this year?

seen from Thailand
seen from Netherlands
seen from Russia
seen from United States

seen from United States

seen from United States

seen from Brazil
seen from Mexico
seen from Mexico

seen from Australia
seen from Russia
seen from Russia
seen from China
seen from United States
seen from United States
seen from Malaysia

seen from Netherlands
seen from China
seen from Türkiye
seen from United States
Anyone else hanging out at GrrCON this year?
Digital Forensics Club takes on GrrCON
This fall, the Bloomsburg Digital Forensics Club attended the GrrCON computer security conference for the third consecutive year with 34 students and an alum joining Phil Polstra, associate professor of digital forensics.
It was Polstra’s fifth consecutive year as a speaker at this event.
GrrCON attracts speakers from around the world and features numerous speaking tracks, workshops, villages, and competitions. This year some new villages appeared, including an open hacking village, car hacking village, and Internet of Things (IoT) hacking village.
“My favorite highlight had to be learning at the car hacking village,” said Jesse Mancuso, a senior digital forensics major. “There are a lot of ‘villages’ that allow you to learn things like lock picking, wireless hacking, and car hacking. My favorite by far was the car hacking. They had a fully simulated car with a steering wheel, odometer, and brakes. By the time we were done, we were able to fully control most of the simulated car!”
As in years past, students spent many hours in these villages learning about new areas in security and forensics.
“This competition really opens your eyes as to how much information is available floating around the internet,” said Matthew Shafer, a senior digital forensics major. “Our society has sacrificed security for convenience, and it’s never more evident than when I can identify a target’s childhood pet’s nickname because one family member with an open social media account left a comment on a photo that was posted years earlier.”
Shafer added, “You may think that such information is benign, until you realize that a possible security question to your bank account is your childhood pet’s name.”
Polstra said students brought that knowledge back to campus and shared it with rest of the club by performing a car hacking demonstration. They were able to do this thanks to having won some of the required hardware as a prize in the largest competition at GrrCON, he added.
The most popular contest at GrrCON, according to Polstra, was the Open Source INTelligence Capture the Flag competition.
Nearly 80 teams competed for thousands of dollars in prizes in this competition, which was introduced last year. One of the BU teams ended up in third place when the dust settled on the final day of the conference, Polstra said.
“At one point this team was only a few points behind the winning team and over 1,000 points ahead of the next team below them,” Polstra said. “Students competed in this competition last year placing second out of 44 teams. BU students have competed and placed in competitions all three years they have attended GrrCON.”
In addition to all of the learning occurring in villages, talks, workshops, and competitions, Polstra said there was a lot of networking going on.
“Approximately 50 organizations sponsored GrrCON and our students took full advantage of the chance to speak with many of these sponsors about internships and full time jobs for those close to graduation,” Polstra said.
“Not only can I put that I attended the conference on my resume, but I also have talking points during an interview,” Mancuso said. “One of the first questions for my internship interview, we talked about conferences and competitions for at least 30 minutes.”
Shafer added, “I used my experience from last year’s competition to land an internship over the summer with a private intelligence company. I utilized a lot of the same techniques to gather information from open social media accounts.”
— Samantha Gross, mass communications major
Irongeek's Information Security site with tutorials, articles and other information.
http://grrcon.com/
Network Security Alumni Presents at GrrCon about Code Created for UAT Class.
What began as code written for a Network Security class assignment at University of Advancing Technology (UAT) has now lead to UAT alumni Wolfgang Goerlich being invited to speak about his work at the premier Midwest Information Security & Hacker Convention, GrrCon. His 50-minute presentation on covert channels and steganography was well-received, as it used his code, #incog, to illustrate key points.
The #incog project is a series of demos useful in evaluating how channels work and how defenses may detect or block these channels. It is writing in C# on the Microsoft.NET framework. After his talk at GrrCon, Goerlich released the source code on GitHub under the name #incog, and just this week he publicly announced #incog's availability to the public.
The inspiration for #incog came from a Network Security class Goerlich took as student at UAT. It was a Covert Channels class and for the final project he decided to write a code to demonstrate one covert channel. Goerlich had such a great time with the project that over the summer he decided to extend it to demonstrate ten different covert channels along with shellcode execution and IDS Evasion.
Now that he has graduated, Goerlich sees everyday application for his covert channels as they come into play daily at his job as an Information Security Manager for a financial services firm.
“Many firms are being compromised these days. A telltale sign of breach is the appearance of covert channels connecting the organization’s network back to the attackers. I use #incog to simulate such a breach and test our controls,” says Goerlich.
The classes Goerlich took at UAT were the genesis for this project. The main courses that applied to the development of #incog were: Network Defense Theory (NTS250) with Al Kelly, Applied Exploits (NTS330) with Bill Rogers, and Network Defense and Countermeasures (NTS415) with Kevin McLaughlin.
Learn how to become a Network Security Student at UAT: www.uat.edu/networksecurity
The #incog library is available at Goerlich’s GitHub: http://www.github.com/jwgoerlich
Goerlich working with other students at a conference.