Build Your Own Microcontroller Multi-ToolDo you live with your head in a cloud? Do you fear small things? Is your mastery of virtualization and IAAS to the point where you haven't seen a real computer in months? Do you (most importantly) feel an unexplainable compulsion to open anti-static baggies handed to you by (almost) strangers and tinker with the contents therein? If so, have we got a workshop, nay, a way of life for you! In the Build Your Own Microcontroller Multi-Tool workshop, you and a handful of your newest and coolest friends will get to construct an ESP32 microcontroller-based device that you can take home! While constructing the device, we will discuss and tinker with each component to see what makes it tick. Then we'll boot things up and (provided the blue smoke hasn't escaped by this point) write some code, interface with sensors to measure the environment, tap into common communications buses for fun and profit, mess with wireless communications, and maybe even lose some time playing a video game.
Prerequisites:MaterialsSESSIONFridayTIME8am - 12pm# SPOTS30COST$70SESSIONSaturdayTIME8am - 12pm# SPOTS30COST$70Network Analysis WorkshopStudents learn how to use Wireshark to analyze multiple protocols within the common IT network stack. Students gain multiple hours of hands-on experience and essential skills for analyzing network traffic on Information Technology (IT) and Operational Technology (OT) networks.
- Laptop with Arduino IDE - https://www.arduino.cc/en/Main/Software
Students in this class will learn:
- A basic understanding of IT and OT networks including but not limited to the OSI model, the TCP/IP model, and network taps. Students also learn the differences between IT (information management) networks and OT (physical operations systems) networks and how to capture and analyze network traffic.
- A basic understanding of CANbus, BACnet, and other control system protocols and technologies.
- A basic understanding of how to use GrassMarlin to analyze network traffic and relationships.
- How to setup and configure Wireshark for use in packet capture and analysis.
- How to use Wireshark to capture packets from IT networks and perform analysis of captured packets, as well as access and analyze network traffic commonly found on IT and OT networks.
MaterialsSESSIONFridayTIME8am - 5pm# SPOTS30COST$30An Introduction to Hardware Hacking and IOTIn this hands-on hacking village, users will be walked through modifying a (minimally) functional smart-home outlet plug. In its default state, the smart plug runs feature- limited, insecure firmware and software that depends on cloud connections and, in some cases, beacons to an external address in China. We will replace the software with open-source pieces and configure the plug to run with 100% local-only, non-cloud, control. Users will also be walked-through connecting the newly converted plug to a home-automation platform for software control via MQTT which enables web-based control, voice-based control, and control of state by a physical button.
- Laptop with Wireshark installed.
- Users will get to keep the plug they spend the workshop modifying.
MaterialsSESSIONFridayTIME1pm - 2pm# SPOTS30COST$20SESSIONFridayTIME3pm - 4pm# SPOTS30COST$20Building Control System - Incident ResponseHands-on exercises utilizing OT networks are used to develop the skill objectives of the course, including the fundamentals of triage, network hunting, and active defense in OT networks. Teamwork, communication, and proper application of these skills are required to pass the final exercise, where students must work together to identify and stop an active sabotage attack against an OT network. Students gain real-world experience in the fundamentals of BCS incident response on BACnet-based systems and networks.
- Soldering irons, supplies, laptops, and all adapters will be provided.
- A live home-assistant environment will be available for demo/test as well.
Students in this class will learn:
- A basic understanding of BACnet protocol, covering BACnet objects, services, networking, vulnerabilities and attacks.
- A basic understanding of physical dependencies in building control systems and how control systems interact with one another.
- A basic understanding of the attack surface and impact surface for building control systems.
- A basic understanding of triage and network analysis regarding incident response of building control systems.
- An ability to communicate effectively with OT engineers during incident response for control systems.
MaterialsSESSIONSaturdayTIME8am - 5pm# SPOTS30COST$30FPV Drone Build-n-Race WorkshopFPV Drones are not the off-the-shelf toys that show up at Christmas time, and they're not the heavy, expensive aerial photography drones that basically fly for you... these drones are meant for racing. In this workshop we will cover the basics of FPV Drones and piloting. We will start from scratch, physically assembling an indoor racing drone, programming the on-board controller, and ultimately racing against other attendees. Workshop participants will take home the drone, controller, and FPV goggles - everything is included! Basic soldering skills are highly recommended for this workshop.
- Laptop with Wireshark installed.
MaterialsSESSIONSaturdayTIME8am - 12pm# SPOTS30COST$210Introduction to Web Application Penetration TestingLearn the tools and techniques for conducting a web application penetration test. Get your hands dirty with HTTP and Burp Suite. This workshop will provide a solid introduction to web application penetration testing. This class is designed for those with little to no web application penetration testing experience, although it will move quickly. This class will include hands on challenges where attendees use skills acquired during the class to exploit web applications. Attendees will walk away with a basic understanding of the tools and processes for conducting a web application penetration test.
- Laptop with BetaFlight installed. Note: You do not need to know how to use BetaFlight - we will cover that.
- Basic knowledge of HTTP requests and responses, and any web application programming experience will be helpful, but is not required.
MaterialsSESSIONSaturdayTIME1pm - 5pm# SPOTS30COST$30
- Laptop with Firefox, Java, and virtualization software (VMWare/Vbox) installed.
TOOOL Lockpicking VillageTired of staring at a monitor trying to hack your way through a computer...come try your hand [literally] at hacking hardware! The Open Organization Of Lockpickers [TOOOL] is set up and ready to give you a new kind of challenge. Gaining access has a different meaning here. TOOOL uses their knowledge to guide you through different types of locks, their vulnerabilities, and how to exploit them. Scrape pin tumblers instead of data!Resume VillageHack your career. Whether you’re just starting out professionally in security, or looking to change things up the Kernelcon resume clinic is the perfect place to get constructive, honest advice on your resume and interviewing skills. First, experienced recruitment volunteers will review your resume and give you constructive feedback on how to get beyond corporate filters and non-technical reviewers. Next, a brief one-on-one interview with an experienced security hiring manager will give you a sandbox for testing your interviewing techniques. After the interview, the hiring manager will discuss with you the details of your resume, skills, and interview and including areas to focus on for improvement. The Kernelcon resume clinic is a pressure-free environment, and your information won’t be given to any of the recruiters involved unless you provide it. The clinic is free for attendees, but space is limited and slots will be filled on a first-come first-serve basis. Talent & Employers, Kernelcon is happy to provide job hiring/seeking bracelets. If you’re looking to hire some of the best hackers in the area, or you are scoping out new opportunities grab a bracelet from the registration table. Spark up a conversation with others who have the bracelet and see where it takes you.Chillout RoomWant a break from the con or just a place to relax? Come hang out in the Chillout room with all your hacker friends! We've got video games, music, free popcorn and other activities. We will have Retro-Raspberry-Pi devices for all types of gaming emulation and maybe even a video game tournament or two!
Capture-the-Flag EventJoin us for an awesome CTF. Developed by a group of security professionals who have participated in and facilitated CTFs, this Capture-the-Flag competition is designed for all levels whether you're a script kiddie just learning the ropes or a seasoned professional looking to challenge yourself in between talks.WiFi Fox and Hound ChallengeLearn the basics of wireless network penetration, and put them to use in this fun, sanctioned environment! Learn to use the aircrack-ng suite, kismet, coWPAtty, WiFisher, and more in the classroom session, and then put the skills to use in the WiFi Fox & Hound challenge. Can you find all the hidden WAP's and break the encryption to get the flag?Technology OlympicsJoin us during the happy hour on Friday, April 5th for Tech Olympics, a social event that is fun for everyone! No qualification rounds, no entry fees, but a champion across several nerdy events will be crowned.Chillout Room CompetitionsLooking to get off the computer for a bit? Come to the chillout room and sign up for one of our retro video game competitions. Compete for prizes and eternal glory as Kernelcon's first video game champion.