Author Archives: davidhulton

Workshop Venue Change!

The workshops are kicking off today at 8:30am and have been moved to the 13th floor in the Office Tower at the Emerald Plaza (use the office tower elevators on the other side of the building from the hotel lobby). Continental breakfast will be provided. If you have trouble finding us, ask the concierge or the office tower security desk in the lobby.

Workshops Open for Registration!

260930313_57c3abaee2_mWe have some great workshops this year. Once again, Michael Ossmann will be teaching his best selling Software Defined Radio Workshop based on the HackRF. New workshops for this year include Dmitry Nedospasov teaching Hardware Hacking using FPGAs and Ubertooth hackers, Mike Ryan & Dominic Spill teaching their first ever Bluetooth Hacking Workshop. Tickets are selling fast, so register today!

Hacapocalypse Team Fortress 2 LAN Party!

Join us as San Diego 2600 Presents a Team Fortress 2 LAN Party, Friday, October 24th, at 9PM. Join other hackers in Team Fortress 2 madness, either in the structured team server or on the free-for-all server. Bring your laptop/gaming rig with Team Fortress 2 (available for free on Steam) and join in the fun.

Interested? Please fill out the following form. You do not have to provide your real name or handle, but we would appreciate a count so we can anticipate the number of people interested in playing.

Preliminary Lineup Released!

We’re proud to announce our preliminary lineup for ToorCon San Diego 16. We’ll be posting additional talks and more details over the next week as we finish up the Call for Papers. Also, our Workshops are selling fast so don’t wait too long to register!

Advanced ANDROID & iOS Exploitation Workshop
Instructor: Aditya Gupta, Attify Security

Software Defined Radio Workshop
Instructor: Michael Ossmann, Great Scott Gadgets

MS-SQL Post-exploitation In-depth Workshop
Instructors: Rob Beck & Noelle Murata, Neohapsis

MS-SQL Post-exploitation In-depth Workshop Registration Open!

MS-SQL Post-exploitation In-depth Workshop:

The MS-SQL Post-exploitation In-depth workshop demonstrates the tactics an attacker can employ to maintain persistence in a Microsoft SQL Server database, while harnessing the available facilities to expand their influence in an environment. Plenty of resources exist today that show methods for compromising SQL and SQL-dependent applications to achieve access to the environment, very few provide methods for maintaining control of a SQL instances or performing attacks against the host and environment from within the SQL service.

This course will offer attendees an understanding of the various facilities that are available for executing system level commands, scripting, and compiling code… all from inside the SQL environment, once privileged access has been acquired. Students will walk away from this two-day course with a greater understanding of:

  • MS-SQL specific functionality
  • Stored procedures
  • Extended stored procedures
  • SQL assemblies
  • SQL agent
  • SQL internals
  • Conducting attacks and assessments from inside the SQL environment
  • Methods employed for stealth inside of SQL

Upon the completion of this workshop, attendees will:

  • Be familiar with multiple facilities in the SQL Server environment for executing system commands.
  • Understand ways to execute arbitrary code and scripts from within the database.
  • Understand methods for operating with stealth in the SQL service.
  • Know ways an attacker can rootkit or backdoor the SQL service for persistence.
  • Be familiar with hooking internal SQL functions for data manipulation.
  • Harvest credentials and password hashes of the SQL server.
  • Have familiarity with the extended stored procedure API.
  • Be able to create and deploy SQL assemblies.
  • Have the ability to impersonate system and domain level users for performing escalation in the environment.

Attendee requirements for this workshop:

  • Modern laptop with wired or wireless networking capabilities.
  • Ability to use Microsoft remote desktop from their system.
  • Basic understanding of the T-SQL language and syntax.
  • Ability to follow along with coding/scripting concepts (coding experience a plus, but not required – languages include: C, C++, C#, vbscript, jscript, and powershell)
  • Ability to navigate Visual Studio and OllyDBG (previous experience a plus, but not required.)

Attendees will be provided with:

  • Hosted VMs for testing and workshop labs.
  • Training materials – presentation materials and lab examples.

Who should attend this workshop?

  • SQL administrators and security personnel.
  • Professional pen-testers and corporate security team members.
  • Incident response analysts for new methods of attack detection.
  • Forensic team members unfamiliar with SQL related attack patterns.
  • Anyone interested in furthering their understanding of SQL Server.

Registration: TC:SD MS-SQL Post-exploitation In-depth Workshop + Seminar

A Success!

Lots of fun was had, but alas, ToorCamp is now over. Thanks so much for coming out and bringing all of the awesomeness! It’s still hard to think about all of the great memories that were made and we’re extremely grateful for the top notch speakers, inventors, campsite organizers, and attendees that made it out. We couldn’t have put this together without all of your support!

If you have any pictures or videos of the camp, please post them on the ToorCamp google group forum. There’s also some great GoPro videos that Dragos posted of flying over the camp and of the Titanium Chef competition. Also be sure to check out the videos coming out from Hak5 like this one.

ToorCamp This Week!

It’s just a few days until ToorCamp and setup is just about to begin! If you have just decided you want to come out last minute, no worries, we’ll have registration up for a little longer and you can always register on-site for $300. Otherwise, here’s a few things to remember about coming out to ToorCamp!

The drive from Seattle takes around 4 hours. If you plan on taking a ferry, make sure to check the wait times as during rush our they can get backed up and it may be faster to drive around the sound.
Although Marijuana is legal in Washington State, it is not on Makah Tribal Land where ToorCamp is being held. The Makah law also prohibits alcohol and illegal drugs as well. Please also make sure to obey all posted speed limits when you’re on the reservation as the roads are patrolled frequently and the locals would appreciate it.
So far the weather forecast looks great, extremely low chance of rain and high of ~65, low of ~53 and winds up to 14 MPH. Weather can be unpredictable there though so pack for the unexpected.
Make sure to bring a LAND LINE TELEPHONE and an UNLOCKED GSM PHONE so you can use the awesome network that the ShadyTel crew is putting together for us.
Ada’s Technical Books & Cafe will be operating a pop-up shop/cafe at the camp with espresso and snacks and there’s restaurants within a 5 minute drive into town so remember to bring some cash.
If you’re participating in any of the Contests or Workshops double check if there’s any equipment you need to bring.

That’s all for now! We’re really looking forward to seeing all of you and all of the awesome projects and ideas you’re bringing out to share. See you in a few days!

Contest Sign-Ups Open!

We’ve got some great contests running at ToorCamp this year. Titanium Chef returns, matching the wits of hacker chefs against each other and is sure to create some amazing results. Also, new to ToorCamp, we have MashQuatch, a mash-up competition that will span July 9th-11th. Sign-up today and help make ToorCamp history!