44CON2022 has ended

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Workshop [clear filter]
Thursday, September 15

11:00am BST

James Forshaw - Ask James
This workshop is different. You’ve listened to James’ talk, you have many questions and there isn’t enough time during the Q&A to ask them all. Now is the time to ask them.

James will be happy to discuss his research and any topic of mutual interest.

Prepare your questions and reserve your place on this workshop when you arrive. Time with this awesome member of Google’s project Zero is time well spent.

avatar for James Forshaw

James Forshaw

James is a security researcher in Google’s Project Zero. He has been involved with computer hardware and software security for over 10 years looking at a range of different platforms and applications. With a great interest in logical vulnerabilities he’s been listed as the #1... Read More →

Thursday September 15, 2022 11:00am - 12:50pm BST
*Workshop 2*

11:00am BST

Klaus Schmeh - Forensic Codebreaking
The purpose of this workshop is to give a hands-on introduction to forensic codebreaking – something that is usually not taught in public lessons. The lecturer will introduce the most important pencil-and-paper solving techniques along with links to free codebreaking software.

In the main part of the workshop, the attendees will have the chance to break authentic crime-related ciphertexts themselves. For this purpose, the lecturer will choose the most suitable messages from his large collection. Different difficulty levels, based on the participants’ skills, will be provided. Whenever necessary, the lecturer will assist and give hints. At the end of the session, detailed solution descriptions will be provided.

For this workshop, a laptop is helpful, but not required.

avatar for Klaus Schmeh

Klaus Schmeh

Klaus Schmeh has published 19 books, 300 articles, 1,500 blog posts, and 30 research papers about encryption technology, which makes him the most-published cryptology author in the world. While most of his publications are in German, his 2020 book “Codebreaking: A Practical Guide... Read More →

Thursday September 15, 2022 11:00am - 12:50pm BST
*Workshop 1*

11:00am BST

Trace Labs CTF Introduction
Trace Labs is a Canadian based not for profit organization that partners with law enforcement agencies around the world to leverage the power of crowd sourced OSINT collection to assist in ongoing missing persons investigations.

They maintain a vibrant and welcoming online community where new investigators can pick up the fundamentals and seasoned professionals can keep their skills sharp. They’d love it if you joined their Discord: https://tracelabs.org/discord

They’ve made a name for themselves over the last several years by hosting a very unique kind of Capture the Flag competition: The Search Party CTF

The Trace Labs Search Party CTF is a non theoretical, gamified effort that allows for the crowdsourcing of contestants to perform a single task: Conduct open source intelligence operations to assist in missing persons investigations.

They take real missing persons cases and break out various categories of open source intelligence in to different “flags”. These flags represent pieces of intelligence that could prove useful to LE in missing persons investigations. The more flags a team finds, the more points they get and the stronger the dataset becomes. The end result of the competition is a robust and clean set of data points outlining a missing person’s online footprint. This dataset is then turned over to the agency responsible for investigating that particular missing person case.

Trace Labs will be hosting a Search Party CTF exclusive to the attendees at 44CON! In addition to investigating missing persons cases in real time on Thursday and Friday they’ll also be presenting a short workshop on Thursday showcasing the value of OSINT to missing persons investigations as well as some tips and tricks around people focused OSINT.

If you’re looking for a different kind of CTF and want to use your powers to #OSINT4Good then this CTF is worth checking out.


For a deeper dive in to the mechanics and methodology of their CTF we recommend you check out their YouTube Channel:

Thursday September 15, 2022 11:00am - 1:00pm BST
Trace Labs Alley

2:00pm BST

Matt Lorentzen - Using SliverC2 for Red Team Operations
Whilst Cobalt Strike is still arguably the most popular red teaming toolkit as a commercial offering, several open source frameworks have emerged in the last few years that have comparable feature sets, reduce the cost barrier to entry and provide stable platforms to develop, customise and extend red teaming tradecraft and approach. SliverC2 is an open source adversary emulation red teaming framework created by BishopFox and is written in Golang. The framework has gained popularity with red teamers and Russian Foreign Intelligence Services alike .

In this workshop I will take you through the deployment, configuration, and usage of SliverC2 against a fictious company. The goal of the workshop is to provide hands-on experience of the SliverC2 toolset.


The environment will be provided and participants will need to have a laptop that has a functional Linux component either as a virtual machine or native operating system. The ability to run Golang will also be needed. An internet connection will be needed to install armoury packages, so a laptop with an ethernet connection that is used to be part of the environment and a secondary connection such as a wireless device is required for that section.

avatar for Matt Lorentzen

Matt Lorentzen

Matt has worked in the IT industry for 25 years. From a sysadmin through to running his own company before spending the last 10 years focusing on a dedicated testing role. Matt has gained a wealth of experience in many sectors delivering pentesting and red teaming services. He is... Read More →

Thursday September 15, 2022 2:00pm - 4:50pm BST
*Workshop 1*
Friday, September 16

9:30am BST

Trace Labs CTF Update

Friday September 16, 2022 9:30am - 10:00am BST
Trace Labs Alley

10:30am BST

Paco Hope - Build Your Own AWS Security Scanner
In this session you’ll learn to how to use AWS APIs to not just discover infrastructure, but discover insecure or badly configured AWS infrastructure. Starting nearly from scratch, you’ll build a shell-script or python-based tool that can invoke AWS APIs, interrogate and understand the responses, and use that to guide your exploration of AWS infrastructure.


In order to get value from this workshop, you need to bring the following. There will not be time to open an AWS account, install the AWS CLI, and set up your environment during the workshop. You need to do that in advance. You can use a personal AWS account: the techniques in this workshop can be executed with literally 0 cost. Creating (empty) buckets, security groups, NACL rules and IAM policies are all free actions, as are the discovery APIs that we will call.

Before the workshop you need:

Access to an AWS account
You need some king of identity:
create an IAM user and give it some privileges
use an existing identity and use it at the command line
A laptop where you can write code and run commands at the command line
install a recent version of bash. Any Linux will do. (Windows Subsystem for Linux works fine) or Python 3.8 or later
install the AWS CLI
install jq (for parsing JSON)
if you are using Python, you need to install Boto3 (pip install boto3)
A code editor that you know how to use. We use VSCodium, but it’s up to you.
If you can run the following comment and get sensible output, you have met the prerequisites:

aws sts get-caller-identity

Sensible output looks like:



"Account": "111122223333",

"Arn": "arn:aws:iam::111122223333:user/paco"


avatar for Paco Hope

Paco Hope

Paco Hope has 20 years experience securing software and systems. Key competencies in cloud security, application security, and infrastructure security.Today Paco consults with the biggest enterprises to secure their cloud workloads on AWS. He helps customers with data encryption at... Read More →

Friday September 16, 2022 10:30am - 12:20pm BST
*Workshop 1*
Filter sessions
Apply filters to sessions.