Wild West Hackin' Fest - Deadwood 2024

Are you interested in learning how to solder? Well you are in luck! This year Rick Wisser and Dave Fletcher from BHIS have put together a soldering workshop where you can get some hands on experience soldering on a working project. Rick and Dave have had several years of experience related to all types of soldering related to contract manufacturing of printed circuit boards. The goal of the workshop is to get you familiar with soldering and how to avoid common mistakes in solder techniques. Rick and Dave will share proper techniques, tips, and pointers that simplifies the manual soldering process.

Every hacker wants more cool stuff and many of us have a 3D printer gathering dust in the corner. In my presentation "Unlocking Physical Security: 3D Printing Your Way Inside." I will inspire the audience to buy more filament and start preheating their print beds to extrude a collection of valuable physical security tools (both offensive and defensive). This talk goes over a handful of original (never before seen) designs, 3D-printable versions of existing tools, explains how to use each tool with demonstration videos, offers practical advice to those who want to 3D print their own physical security tools, and shows the audience where they can find my models and others to print.

Discover how psychological theories can revolutionize cybersecurity practices! This presentation explores the transformative potential of Attention Restoration Theory (ART) and Social Cognitive Theory (SCT) in enhancing cybersecurity measures. By optimizing work environments to rejuvenate mental focus (ART) and leveraging social influences and self-efficacy to boost security compliance (SCT), let's shed light on strategies that minimize human errors and amplify vigilance. Dive into a session that blends theory with practical solutions, paving the way for a cybersecurity culture that's as robust as user-centric. Get ready to shift from traditional defenses to psychologically empowered cybersecurity tactics!

Although Simple Network Management Protocol (SNMP) is a critical protocol for system and network administrators, a comprehensive SNMP version 1/2c/3 hacking methodology has not been clearly documented. This presentation will explain how to correctly perform SNMP password attacks, test SNMP read/write permissions, and how to exploit any successful access. A Python wrapper script will be introduced to automate these tedious steps across a large scope of systems especially given Windows's required access to multi-function devices. In addition to describing how to correctly assess SNMP, recommended approaches for mitigation will be stated so that SNMP can be locked down to to only authorized persons.

The goal of the presentation is to showcase how to perform the Evil Twin Attack exploit without the use of a Wifi pineapple as well as to showcase how to bypass randomization of wireless channels on wireless access points

As Artificial Intelligence (AI) and Large Language Models (LLMs) diffuse into everyday business use, these new technologies present novel challenges for IT Staff, Security, Compliance and Development Teams. How can practitioners ensure AI is used securely and follows company and industry guidelines? This session will present an overview of AI usage in the enterprise and how companies can safely control and harness this new power that AI can provide.

Companies or individuals often sit on domains for later use, and can even make a “passive income" off of these unused domains. The monetary incentives of the domain parking system lead to these parked domains becoming littered with malware and potentially putting consumers in danger. This talk is essentially a PSA, and gives an overview of the phenomenon including stakeholder analysis, perverse incentives, and why you might want to reconsider parking your domains.

Many organizations current policies and controls allow for their helpdesks to reset users passwords and multi-factor authentication, which makes those helpdesks a prime target for social engineering attacks such as those demonstrated in the past by threat actors like the ALPHV/BlackCat ransomware groups. This talk will cover common tactics successfully used by threat actors, and emulated by BHIS's ANTISOC team, as well as policies and procedures that can help deter such attacks.

I’ve been in Infosec for almost 20 years. I also have AD(H)D. This talk is my story; how I kept feeling something was off until diagnosed 5 years ago, what impact ADHD and being diagnosed had on my life and why one should always confront realities and get the best out of it.I'll also talk about what I learned since last year and the talk I did at WWHF 2023 and about which advantages me and others with a similar diagnose has that makes them unique and helped them accomplish great things in life.An important learning for me since I started talking about neurodiversity is that there is an overrepresentation of mental diagnoses in infosec. This is my attempt to educate, break down taboos and inspire others to learn about themselves and others and hopefully get a better life.

Are you interested in learning how to solder? Well you are in luck! This year Rick Wisser and Dave Fletcher from BHIS have put together a soldering workshop where you can get some hands on experience soldering on a working project. Rick and Dave have had several years of experience related to all types of soldering related to contract manufacturing of printed circuit boards. The goal of the workshop is to get you familiar with soldering and how to avoid common mistakes in solder techniques. Rick and Dave will share proper techniques, tips, and pointers that simplifies the manual soldering process.

Felon in Five Minutes:
 
Peel back the mystique behind the most basic and effective ways that threat actors, criminals, and pentesters breach physical locations. All of these techniques can be done in less than five minutes.
 
Learn how to properly manage expectations and scoping for your next Physical Security adventures.

In this workshop, we distill key tactics from the comprehensive Practical Physical Exploitation course, tailored specifically for penetration testers looking to attack Physical Access Controls (PACS).

Participants will embark on a journey through the ins and outs of cloning badges during physical penetration tests. Explore the intricacies of long-range, short-range, and Stealth cloning tactics, gaining hands-on experience in the art of badge duplication. Delve into the realm of implantable devices, understanding their role in modern access control exploitation.

Join us as we uncover the nuances of downgrade/upgrade attacks and the protocols that make them possible. Learn to navigate the landscape of access control systems with expert guidance, equipping yourself with the knowledge to identify and exploit vulnerabilities.

By the end of this session, you'll wield an arsenal of cutting-edge techniques, ready to transform your facility into a bastion of high-security readiness. Don't miss this opportunity to elevate your skills and refine your physical security penetration testing skills.