Our workshop presenters

  1. Attacks on mobile network connected alarms, smart homes and smartwatches
  2. Invisibility Workshop
  3. Impressioning
  4. A beginners guide to manipulation
  5. Masterkeying CTF
  6. Introduction to Lock Picking

Workshop details

  1. hackergotchi of Aleksandr Kolchanov Aleksandr Kolchanov

    Workshop Attacks on mobile network connected alarms, smart homes and smartwatches

    This training will cover different attack on popular mobile network enabled devices: alarms, smart home systems, access control systems and smartwatchs for kids. Phone network devices are popular and easy for use: for example, you just need to insert SIM-card in mobile network-alarm, and system is ready for use. But the security of that devices is questionable. Common alarm-devices tested properly, revealed a wide variety of vulnerabilities and attacks. At this workshop, participants will be taught attacks against the mobile network part of vulnearble devices, as this part is not covered properly and there are some easy and effective attacks. Please bring:

    • A laptop with a modern browser
    • Headphones
    • Favorite editor with script language (optional)

    This workshop will contain several parts:

    You will learn the basics of attacks on GSM-alarms, controllers and smart homes in the theory part. The questions of attacks methods, different authorization methods, typical problems, some advanced tricks, and ideas will be discussed.

    In the demonstration part, the speaker will present our “guest” - different devices, we will discuss vulnerabilities and problems with real-life examples. Also, several attacks will be shown on video.

    Several virtual devices (emulators of vulnerable IVR menu with DTMF-commands, based on the issues in real devices) will be presented in the practical part. Attendees are invited to use SIP-accounts to make a call to the emulator, then try to bypass different authorization methods.

    You also can take part in a small competition: several virtual devices with different vulnerabilities will be presented. They will be similar with devices from the practical part, but the hacking will be a bit harder. The first successful hackers will get small prizes.

    If you are going to attend in a practical part or in a competition, I strongly recommend to prepare a SIP-account for calls. I use Zadarma.com (you can sign up for free, get a login and passport for SIP-account), but you can use anything you like. Also, you need a SIP application to make calls. You can use Zadarma mobile application or any other application, include some SIP applications for WEB.

    I highly recommend to check, that you can make a call with sip to any external SIP-domain. I created a small domain for checks: test@workshop-test.sip.twilio.com If you get an answer, you are ready for the workshop.

    Important note: you can not make a call from the Zadarma site to external SIP domains (like sip@domain.com), because only calls to digital phone numbers can be made from the site. You need to use any application (mobile, web or desktop). Please check, that you can make calls to external sip-domains from your application. Some applications allow to make calls only to digit number, in this case, try to use other application.

    Preparing a SIP-account and an application for calls in recommended, but it is not obligatory, I will try to help during the workshop in case any technical troubles. It will be helpful to save time.

    Aleksandr Kolchanov is an independent security researcher and consultant. Ex penetration tester of a bank in Russia. He takes part in different bug bounty programs (PayPal, Facebook, Yahoo, Coinbase, Protonmail, Telegram, Privatbank). Aleksandr is interested in uncommon security issues, telecom problems, airline security and social engineering. Speaker at PHDays 2018, c0c0n 2018, DeepSec 2018 and BSides Odessa.
    Pre-registration is not required however limited spaces are available for these workshops so please be on time, first come first served. Additional classes may be run if there is overwhelming interest.
  2. hackergotchi of Lilly ‘Attacus’ Ryan Lilly ‘Attacus’ Ryan

    Workshop Invisibility Workshop

    This all-day, drop-in facial recognition workshop will let you get creative with visual disguise as you try to trick cameras into thinking you’re invisible and stop them from recognising you. Use face paint, reflective tape, masks, wigs, fake beards, and your best ideas to craft an effective disguise in both bright and dark conditions. You’ll learn the basics of how facial detection and recognition systems work, and then it’s up to you to do your best against the workshop recognition systems and the ones you carry in your own pockets.

    Attacus was born 1757 during a full moon. During a long and eventful career, she accidentally became Pope, invented the tricycle, and wrote copy for fortune cookies. She is currently an internet gremlin at Assurance and in her spare time enjoys licking poisonous wallpaper and patting dogs.
    Pre-registration is not required however limited spaces are available for these workshops so please be on time, first come first served. Additional classes may be run if there is overwhelming interest.
  3. hackergotchi of Jos and Holly Jos and Holly

    Workshop Impressioning

    This course will be an introduction to lock impressioning traditional pin tumbler locks for people who are new or who want to practice and improve their skills with Jos and Holly. Participants will be able to practice using provided tools and locks however they are also welcome to bring their own tools if they prefer them. This is held the day before at 14:00 to 15:30.

    Jos is a world-record holder in the field of lock impressioning and a mainstay participant at LockSport events around the world. A long-time member of TOOOL in the Netherlands and a key figure at the Hack42 hackerspace in Arnhem, Jos is the Vice-President of TOOOL.nl and helps to oversee that organization and the LockCon conference. Some people know him as the Dutch Kilt guy. Featured in the New York Times. Voted #2 in the category “Hackers and Security” of the Nerd101-list of VrijNederland June 2015.
    Pre-registration is required. This can be found at our ticket website .
  4. hackergotchi of Michael Maynard Michael Maynard

    Workshop A beginners guide to manipulation

    Group two mechanical safe locks have been the industry standard for sixty years. They’re beautiful pieces of engineering but they can be beaten, and with a bit of hard work and practice, you can learn how. This workshop will teach you the absolute basics. After that… it’s just you, your practice lock, and hours spent alone in the spare room with your significant other wondering where the hell you’ve gone…

    Michael Maynard is a full time optometrist and part time lock nerd. He lives in Napier, on the east coast of New Zealand’s North Island. He is interested mostly in mechanical locking systems, and in particular likes reverse engineering commercial products to see what the designers were thinking, and what compromises were made in the design of the lock. He picked his first lock in the 1970’s and hasn’t really stopped since.
    Pre-registration is not required however limited spaces are available for these workshops so please be on time, first come first served. Additional classes may be run if there is overwhelming interest.
  5. hackergotchi of Oisin ‘Nomad’ Donohoe Oisin ‘Nomad’ Donohoe

    Workshop Masterkeying CTF

    Using a bag of tricks and a bit of grey matter participants will be challenged to decode keys from photos that will work a series of locks (photos will be of keys held by various staff). Stage 1 will consist of decoding 8 different keys that work two different ‘areas’ (A and B respectively). Stage 2 will then require participants to use the key codes to find the common patterns.

    Locksmith/semi-professional Macgyver-neer/YouTube and Reddit connoisseur
    Pre-registration is not required however limited spaces are available for these workshops so please be on time, first come first served. Additional classes may be run if there is overwhelming interest.
  6. hackergotchi of OzSecCon OzSecCon

    Workshop Introduction to Lock Picking

    This course will be an introduction to lock picking for people who are new or who want to practice and improve their skills with our instructors present. Participants will be able to practice using provided tools and locks however they are also welcome to bring their own tools if they have. This is held the day before at 9:00 to 12:00.

    Pre-registration is required. This can be found at our ticket website .