Press Release

(This is being sent to KUTV, KSL, ABC4, and Fox 13)

HackWest is the newest Information Security and Hacking Conference in Utah. The committee is the same one that has been running BSidesSLC for the last five years. We’re going to have many exciting activities: two tracks of talks on Friday, keynotes on Friday from Dawn-Marie Hutchinson (from Optiv) and Eva Galparin (From the Electronic Frontier Foundation, or EFF.org as they’re often referred to), a Pros. Vs. Joes Capture the Flag Wednesday and Thursday, excellent trainings sessions also on Wednesday and Thursday, and lockpick villages, mobile device hacking villages, and a wifi hacking village. But what we think would be of interest to more in Utah than just the hackers, we will have a Voting Machine Hacking Village. We have 12 voting machines that are the very same models that were used in Utah in 2016. Utah’s best hackers and researchers will have days to attack the machines, will all their tools, their hardware, and anything else that comes to mind, to see exactly how vulnerable these machines are, to hands-on attacks and remote (say, from a foreign country?) hacking. Is it possible to alter a user’s vote? Is it possible to rig an election? We’ll show you what can be done.

 

HackWest is happening at the Salt Palace March 21-23. Talks (and the most traffic) will be Friday, with trainings, workshops, a capture the flag event, and industry networking on Wednesday and Thursday.

SNOWFENSIVE OSINT CTF

Join us for Snowfensive’s first Open-Source Intelligence (OSINT) Capture The Flag (CTF) challenge. Come with just a laptop that can get on the internet. This is your chance to prove your skills! There will be two unique games, and each game will be about two hours long. Each game will include multiple timed rounds. Its up to you and your team to get a flag before anyone else can. Once its been found, no one else can get it. There will be multiple flags in each round, which will be assigned different point values based off difficulty. All rounds will be timed and as soon as the round ends, a new one will start with new flags. We recommend team sizes of no more than two people (as we only have four prizes for the first-place winners (two prizes for each team)). However, you can have more team members.

 

Thursday March 22, Game 1 (1pm-2:45pm) Game 2(3:15pm -5pm)

Advanced Wireless Attacks Against Enterprise Networks – Workshop

Gabriel Ryan – @s0lst1c3

This workshop will instruct attendees on how to carry out sophisticated wireless attacks against corporate infrastructure. Attendees will learn how to attack and gain access to WPA2-Enterprise networks, bypass network access controls, and perform replay attacks to gain administrative control over an Active Directory environment. External wireless adapters and preconfigured live USBs will be provided to all workshop attendees, and material learned in the lectures will be practiced within a realistic lab environment.
Areas of focus include:

• Wireless reconnaissance and target identification within a red team environment
• Attacking and gaining entry to WPA2-EAP wireless networks
• LLMNR/NBT-NS Poisoning
• Firewall and NAC Evasion Using Indirect Wireless Pivots
• MITM and SMB Relay Attacks
• Downgrading modern SSL/TLS implementations using partial HSTS bypasses

Prerequisites:

Download Virtual Lab and Course Guide before class

https://drive.google.com/drive/folders/0BwFgM9oAhmd_c2JJaG1iUmhkZTg

This workshop will be all day Thursday March 22, 9am-5pm.

HackWest 2018 – Villages

Lock Picking Village Provided by Marv

Marv is HERE! The lock picking village will contain sets of picks and practice locks for people to practices their skill in popping locks. The locking picking village will be open during March 21-22. Depending on availability instructors will be able to provide instruction in the art of picking common locks on the market today. Complete beginners through well-worn professionals are encouraged to join in.
Open daily from 9:30am 12:00 PM 1:30 PM to 5:00 PM

Mobile Hacking Village provided by Sirgid

From Stagefright to rootkits the Android people attending this village will get hands on experience hacking mobile phones along with a virtual machine with android vulnerabilities with a mini CTF to see who can exploit the most mobile phone vulnerabilities.
Open daily from 9:30am 12:00 PM 1:30 PM to 5:00 PM

Voting Machine Village

HackWest will be providing a dozen voting machines for discovery purposes. Stop by the Voting Machine Village and spend 10 minutes, an hour, or 8 hours testing the same machines used in Utah’s general elections.The Voting Machine Village will be open daily from 9:30am to 5:30pm during the conference in the Villages area. Attendees the opportunity to perform a blackbox assessment on the machines linked below.

https://www.essvote.com/products/3/7/dre/accuvote-tsx/

Hackwest Workshop – The Good, The Bad, The Crypto – Working through Coin Challenges

Coin challenges require a lot of thinking outside the box, and it can be hard to do it alone. Join us in working on last year’s coin challenge. This will be an informal workshop, with the goal of broadening your thought process as you work through the challenges.
Instructors:
Michael Whiteley @compukidmike is an electrical engineer, IT manager, father, and Defcon black badge winner. He doesn’t like long walks on the beach, but prefers to be indoors with a fast internet connection.
Sherrie Cowley @SherrieCowley has a Masters in Information Systems from the University of Utah with an emphasis on software engineering and cyber security. She has managed help desk, software engineering, and identity and access management teams and is currently an Information Security Manager for a large organization. She has presented at universities, was a keynote for Splunk Live, and acts as a liaison for InfraGard members and the FBI Cyber Task Force.
Colin Jackson  @d1dymu5 – Father, locksport enthusiast, security engineer/architect, inventor.
Nate @n8zwn. He is currently working as a Sr. Security Analyst for the past few years. His current position involves doing both red and blue team activities. He loves everything information security related as well as being outdoors with his family.
Andrew Hall – RuShan @RuShan_EE – Security expert and board designer. Father, electrical engineer, CISSP, graduate student, and enjoys all things security related.
Jake @s7a73farm. Senior Security Engineer. Due to a severe case of ADD, Infosec was a natural habitat for him. Send him the problem that makes everyone else quit. He loves learning by breaking stuff. His favorite thing about…. “Oooh something shiny, brb!”

Pros Vs Joes

https://docs.google.com/forms/d/e/1FAIpQLSe69etuakIuet3eSuR4i59gNKYfDN8RxLe1zclxa-_oaTTo6Q/viewform

http://prosversusjoes.net/

There was a local conference that was privileged to host the Pros Vs Joes CTF a few years ago, and if you got to play, I’m sure you can attest to how much fun (or agonizing) it was to play. If you’ve been able to attend BSidesLV in the past couple years, there has been this very game being played in the back of the common area. No, you would not have heard much hubbub, as most players are hunched over their laptops, trying to hide the tears leaking from their eyes.

Why this mix of joy and pain?

Pros Vs. Joes has been described as ‘an entire year of experience in two seven-hour days.’ I’ve described it myself (Sean) as the most intense training experience I’ve ever had.

Imagine this: You are just hired, along with the rest of your team for a typical corporate entity, with a typical IT infrastructure (a few web sites, a shopping cart, some databases, a CMS, phones, email, domain controller, etc.), and typical corporate needs (get users added/removed, grant access to drives or FTP, keep the web presence online, make sure email and phones are working, etc.). Why has the *entire* team been hired today? Because the last team wasn’t able to get the hackers out. It’s been going on and on, email and phones haven’t been reliable, the web sites are being hacked, data has been exfiltrated. Corporate management had a complete lack of faith in the security team’s ability to solve it, so they cleaned house. This is where you come in. The hackers are already in. You’re already behind the 8-ball. You need to get them out now, and keep them out, and keep all the corporate distractions at rest.

This is day one of Pros Vs. Joes. You’re hitting the ground running, with the Pros (the red team) *already* in your network. You spend the day finding them and getting them out, while keeping all the services up, and taking care of all the IT service desk tickets. This is pure Blue Team, and it’s intense. In our day jobs, we all do our best to plan for the worst, and for some of us, that day comes, and then it goes. You’re not sure who it was, and incident management will take some time before you can assess just what happened. For this one day, you *know* that you’re being aggressively attacked by professional hackers. And they’re relentless. There’s a scoreboard that shows services being up or down, and a list of beacons within your network, pinging out to the ‘C&C’ under the control of the hackers. Sound intense? You better believe it.

Day Two: Complete reset of the environment. Call it a groundhog day repeat. But this time you’re wearing two hats. You’re protecting your network, keeping everything up, and taking care of the IT tickets. But you’re also wearing your red hat, and you’re attacking the other teams. Yesterday, everyone was Blue. Today, everyone is Purple. And the local Pros have been assigned to join a team, and they’ll help you attack the other guys. Now your score will be based on keeping everything running and up, AND the flags you can steal from your opponents. Any beacons you can get in their network doesn’t boost your score, but it stops theirs from increasing.

Sound fun? Oh, it is. Sound intense? Oh, it really is.

I’m hooked. I played in Las Vegas in 2015, and our team won. I know why, and it wasn’t me. I played in Vegas again in 2016, and we did not win. I know why, and it wasn’t ALL me. I played again in 2017 as a Pro. I don’t think I’m ready to compete in the DefCon CTF, but I will try my best at the Pros Vs Joes CTF, any year I can. And at any venue I can (Pros Vs Joes CTF is now branching out to other cons, other than just BSides events).

We have room for more players, both Pros and Joes. If you think you can at least keep your head above water, then we would love to give you a seat at a table. https://docs.google.com/forms/d/e/1FAIpQLSe69etuakIuet3eSuR4i59gNKYfDN8RxLe1zclxa-_oaTTo6Q/viewform

One of my favorite things about running the Pros Vs. Joes CTF this year is that we’re doing this Wednesday and Thursday, so you’ll not miss any talks on Friday. With the con being small (we’re starting brand new this year), it would be tragic to have you tied up in the CTF for two days and not be able to catch the talks. So I’m very happy we’ve figured out a way to make this work for everyone.

Once you’ve registered for the con, come sign up to play in the CTF. It’ll be an experience you’ll never forget.

–Sean

Community

Once you decide to create a new hacker conference, there are so many ideas that come up to the mind. Nothing is easy to make it in physical form. Great ideas are shared, problems discussed, ideas change, and you go around and around. Remembering good cons you’ve been to in the past can help, and guide you. At the top of the problems, you will always have need for a budget. Thanks to our sponsors, we have been able to bring to fruition many of (not all) the things we wanted to do at HackWest 2018. Ultimately, we’ve had to push some things to the future, and that’s ok. Looking forward is always fun. As conference organizers, we welcome input from all participants, sponsors, speakers, and volunteers. To not take that input would be crazy. It would be ignoring the needs of the community. Our goal is to serve the community, enrich the depth of skill among information security professionals, and encourage discussion and communication between the community members. Now that we’ve been able to make HackWest a thing, we’re nothing but excited for you to see it, and for our future plans to come to fruition. So if you haven’t registered already, do so, and come be a part of this great and exciting conference!

Knowing that the community has such a great thirst for knowledge is exciting. Every week there are many activities happening at the local hackerspace, 801Labs. You can interact with professionals and hobbyists and make great friends. When you’re able to meet among these friends and learn how to solder, how to do 3D printing, how to pick locks, and how to do both security and hacking better, you remember these things and these people for life. Often the DC801 group (the local DefCon group) can be found participating not only in local cons and events, but they put on a great party at DefCon every year, and other cons (see Overdrive in Spain!) Radio (HAM) classes and training is often taught there, so if that’s something on your bucket list, take advantage of that. Don’t miss out on such a great resource here in the Salt Lake area.

Indeed, the Salt Lake (and the rest of Utah) InfoSec scene is booming. So let’s also talk about other resources available to us:

Have you heard of SaintCon? Actually, the organization behind it is Utah Saint, and they’ve been putting SaintCon on for the last 14 years (2018 will be #15). Credit for this fantastic con must be given to Troy Jessup, but he’s too humble to accept it. Keep in mind the other great InfoSec con, BSidesSLC. Hard to forget that one around here. 🙂 Also we need to remember OpenWest. Really, OpenWest is focused not so much on security only, but also on development, hardware, standards, open source tools, and data. Driving OpenWest is Victor Villa, another great guy, also too humble to take much praise. Excitement can’t even describe what we’re feeling by bringing you HackWest! Ready or not, we’ll see you in two weeks!