AoE had a great time (as always) at DerbyCon. If you were there hopefully you caught one of the three talks given by our
instructors. To view them online follow the links listed beneath each instructor's name.
The featured attractions at the AoE Booth were what we like to call our DerbyPi's. We raffled off 2 at the booth, gave away
one at each of our talks, and donated one to Hackers for Charity. Attendees also had a chance to win 2 Louisville
Sluggers that we had on display during the event.
Our DerbyPi is a Raspberry Pi that uses a Python script to allow you to completely wipe or clone a USB device
(thumb drives, SD cards, external hard drives). We created the DerbyPi as a fun way to showcase some of the methodology
and tools we use in our training courses. It was designed with hackers in mind. Everyone should be security conscious about
what they plug into their machines.
For more about AoE’s DerbyPi, check out the interview that AoE instructor
Aaron Soto gave to
Hack5 at DerbyCon. (You can find him at 15:35)
The script and how to create your own will be released shortly!
Hacker Halted 2013
Members of the AoE team attended the Hacker Halted conference in Atlanta from September 19-21.
Hacker Halted is the Information Security Training Event and Conference for CEH's and others in the InfoSec
industry who are looking to increase their knowledge and know-how. The AoE team was invited to put on a
capture the flag based game for conference attendees. Participants were given a platform and a suite of tools,
and were turned loose on a network where they accumulated points. Points were earned for identifying hosts, open ports,
applications, acquiring a root shell, cracking passwords, and retrieving information from the network. All in all, the game went off
great and received a lot of good feedback from conference attendees.
The team also spent time with members of the Wounded Warrior project, providing an ad-hock training session on network exploitation.
These wonderful men and women were given a taste of life in the cyber security community, and now have a better understanding of the
end goal of the training provided to them through the Wounded Warrior Project.
BSides Los Angeles 2013
AoE instructor Nathan Magniez flew out to Los Angeles, CA to attend and speak at the Security BSidesLA conference on August 22-23.
The goal of BSidesLA is to mash up the local Southern California security community with the best open thinkers from around the world
in the famous SecurityBSides open, interactive and community oriented format.
Nathan was able to give and participate in impromptu talks around a beach firepit on the first night of the conference and gave a formal
lecture on his second day there. His talk “ALICE IN EXPLOIT REDIRECTION LAND: A TRIP DOWN THE RABBIT HOLE” was about keeping yourself anonymous
and out of your target's logs. The lecture covered the topic of redirection and how to use it to send our (exploit) packets through to our end target. Understanding redirection, and how to accomplish it manually, is one of the most important concepts for a PenTester. The talk covered everything you need to accomplish that goal.
Black Hat USA 2013
This year TCS once again sponsored Black Hat USA in Las Vegas, NV. This conference has been around for 16 years bringing together
the brightest in the world for six days of learning, networking, and skill building.
July 27- August 1 the team was there promoting our AoE training, cyber services, and announcing our continued sponsorship of Hackers
for Charity. We were also there attending training and talks to keep our skills and knowledge relevant.
May 27, 2013
AoE speaks to Wireless Community
This past week we participated at CTIA2013 where Jeremy Willingham and Courtney Lancaster had the privilege to lead two workshops.
Jeremy’s Lessons Learned Workshop talked about Government, law enforcement and businesses that are being targeted by cyber-attacks,
including mobile devices. The hands-on session looked at incidents in the last year, and explored how the attacks occurred, what
the impact was, and how it could have been prevented.
Courtney’s Forensics Workshop talked about how Government, military and commercial industries are encountering the need to recover
and protect data now more than ever. The session looked at the different types of mobile device information acquisitions techniques.
Portions of the session were quoted in an article that appeared in an article on CNN Money. The article can be
CTIA is an international nonprofit membership organization that has represented the wireless communications industry since 1984.
Membership in the association includes wireless carriers and their suppliers, as well as providers and manufacturers of wireless
data services and products. Please click here to read more about CTIA.