11:00 - BeaCon opens; intro

11:30 - TBA

12:00 - TBA

13:00 - TBA

14:00 - TBA

14:15 - TBA

14:30 - TBA

15:30 - TBA

16:30 - TBA

17:30 - TBA

18:00 - Outro; BeaCon ends 

Michael Coppola - Performing Open Heart Surgery on a Furby 

This talk will dive into the world of hardware hacking, as applied to the satanic toy known only as the Furby.  We'll discuss various techniques to reverse engineer and instrument the hardware, including identifying unknown chips, dumping memory, sniffing data buses, and boiling chips in corrosive acid.

Michael Coppola is a vulnerability researcher working at a defense contractor, as well as an undergraduate student at Northeastern University. His main interests include Linux kernel exploitation and rootkit development, embedded systems, and burning things with a soldering iron. He has been known to hack unsuspecting Androids and bathroom scales.

Dan Crowley - Application-level Denial of Service

While traffic flooding attacks are generally what come to mind when one hears the term "Denial of Service", this is only a very small slice of attacks on availability. Traffic flooding is so often used and so popular because there is never a way to fully protect against it, only ways to reduce its usefulness. To borrow a quote: "Brute force always works. If it doesn't work, you're not using enough." However, traffic flooding attacks are a war of attrition. It all comes down to whoever has the most resources.

The more interesting attacks on availability are asymmetric; that is, one person with one 28.8k dialup connection can take down an entire web server. What's more, some of these attacks can be very difficult to block using technologies like WAF and IPS, because they look like completely normal traffic. This talk will discuss various asymmetric denial of service attacks from the historical to the modern to provide a broader understanding of how attacks on availability can be achieved.

Daniel (aka "unicornFurnace") is a Senior Security Consultant for Trustwave's SpiderLabs team. Daniel denies all allegations regarding unicorn smuggling and questions your character for even suggesting it. Daniel has developed configurable testbeds such as SQLol and XMLmao for training and research regarding specific vulnerabilities. Daniel enjoys climbing large rocks. Daniel has been working in the information security industry since 2004 and is a frequent speaker at conferences including Black Hat, DEF CON, Shmoocon, and SOURCE. Daniel does his own charcuterie.Daniel has won assorted CTF events and locksport competitions. Daniel is covered in BEEEEEEEEES. Daniel also holds the title of Baron in the micronation of Sealand and writes in the third person. 

Oliver Day - Guerrilla Techniques in Website Defense

Defending websites has become more difficult as advance tools have proliferated in the underground markets. Organizations that are too small to afford IT staff, let alone security staff, are outgunned and have little chance at keeping attackers out. This talk describes a new strategy in web defense that focuses on cheap and fast recovery of web site attacks. We will discuss automated backup and detection strategies that assume the attacker can and will compromise an account that allows them to write files to the web

Oliver Day is an information security professional and has consulted for many Fortune 100 companies in the last ten years. He has developed security audits to detect vulnerabilities in computers remotely, performed penetration tests, and architected security through analysis of engineering designs. His information security pedigree includes tenure at companies such as eEye Digital Security, @stake, Symantec, Rapid7, StopBadware and Akamai.

Oliver is also deeply fascinated by urban farming and has a thriving herb garden. He likes to study the applications of biostatistics and epidemiological models to predict the spread of computer disease. He is also an avid student of Mandarin and international relations issues in Asia. He lives with one very happy and slightly chubby cat.

Paul Drapeau - Steganography in a Commonly Used HF Protocols

TBD

Andrew Murray - TBD

TBD