This weekend, I attended HackSpaceCon, which, from my understanding, is in its second year. What is cool about Hack Space Con is that it's at the Kenedy Space Center, and admission and parking are included in your ticket. People came from all over to attend this conference while I was lucky enough to have only to drive about 2 hours each day to attend. Even though this is a new conference, some huge names in the cyber security world attend, as I'll mention below. The first two days of the conference were professional training; I didn't attend any of those and just attended the last two days, primarily talks and short-format free training.
There were four tracks covering Space, Career, Blue Team, and Red Team. I attended mostly red team talks, but I will cover all the talks I attended below. The first day of talks was about 45-60 minutes each, while the second day had longer formats of about 60-90 minutes.
Hardware Implant Revolution: Unveiling ISM Bands on Hardware Implants for Red Team Operations - Victor Fernandez Minguillon
As an amateur radio operator, I have played around with several different radio protocols using the Flipper Zero and HackRF. Recently, for my Birthday, my dad got me some Lora radios. I haven't found much time to play around with it but clearly Victor has. This talk focused on using Lora radios as a Command and Control. Lora radios allow an alternative to Wi-Fi communication and Bluetooth for long-distance communication. They run on a few different boards, such as the ESP32 board, which makes it a great cheap option. I feel like there will be many other talks in the future about using Lora communication in the world of offensive security.
Big Tests from Small Teams - Mike Lisi
I understand this talk was titled Small Teams, but why was this talk given only at a single conference table and like 10 seats? Well, besides that, this talk was great for anyone who was starting a penetration test or a small business. Mike went over the importance of asking the right questions when going into an engagement. There are 3 things in an engagement: the projected scope, the cost & time, and the actual scope. If they don't line up with what the expectations of the client are you both waste time and end up with an unhappy client. This was a great talk, as I have experienced the real-life applications of the content he covered.
JS-Tap Mark II - Drew Kirkpatrick
I walked in a little late for this talk but got to hear some of the functionality of this tool. JS-Tap is a great tool for red team engagements. Drew went over the 2 implementations of JS-Tap, trap, and implant. This tool is very powerful for stealing information when you have a basic XSS vulnerability. If you are running a red team engagement, I think this is a must-have in your toolkit. You can check out the tool for yourself below.
You can watch this whole talk for yourself at the link below.
How I Was Bored One Night and Found Two CVEs - Joe Helle
I have followed Joe Helle (The Mayor) on the TCM Discord since taking the privilege escalation courses during my OSCP training. Joe talked about his experience finding 2 CVEs, as the title says when he was bored at night. This talk lit a fire and made me want to go home that night and look up some GitHub projects to see what vulnerabilities are out there. This talk also covered how to submit a CVE, things to avoid, and ways to make money during it. CVE submissions are a great area of cyber security that I don't think has as much of a barrier of entry as bug bounties but are a resume builder and learning experience.
Dude, I Broke the Satellite - Celi Johnson & Erin York
How can you attend a hacker conference at NASA and not attend a talk about space? Celi and Erin discussed everything risk-related to building a satellite. They covered the insanely slim tolerances required for satellites, the cost, and the testing that goes into a launch. They also went over the security risks after launch, such as backdoors, radiation, and denial-of-service attacks. If seeing a rocket launch into space wasn't impressive enough, this talk really gave me a new appreciation for it. There was so much content put into this 45-minute talk, and I'm glad I got to see this one.
The Lost Underground - Mike Felch
Mike's talk was a fascinating history of the underground world of hacking, going all the way back to the 1980s. Although it was only 45 minutes long, it started with the Warez scene, phreaking, BBS, and how these groups and individuals evolved. My only knowledge outside of this was from documentaries and reading 2600 magazines. You really get an understanding of how much this industry has evolved over the past 40 years.
Pwning Networks: An Introduction to Network Pentesting - Phillip Wylie
I attended this talk because I mainly focus on web application pen testing, but I feel like I don't have much experience in network pen testing. Philip started his talk by explaining how he became a pen tester. I had to grab this photo of him wrestling a bear, which he didn't even bother to explain, which makes it that much better. The talk covered network port scanners, vulnerability scanners, and other tools that would be important for a network pen test. While this covered most things I already knew, I appreciated the amount of audience interaction he had. Many people attended who were new to the field, and Philip had answers to every question that came his way. Even provided resources such as learning platforms and books people should read.
Modern Web Appsec with OWASP crAPI - Jonathan Singer and Paige Harlan
Have you ever heard of Webgoat? It's a vulnerable web application designed by OWASP for practice in a home lab that has been around for years. CrAPI is a new twist on that. Jonathan and Paige discussed Crapi, a vulnerable web application focused on the OWASP API top 10. This talk walked through several API vulnerabilities utilizing many common tools. They walked through each example because the internet connection was pretty unreliable during the conference. This was a super entertaining talk. Maybe I'm biased because there were prizes for correct answers and donuts. Great speakers. If you want to play around with CrAPI, here is a link: https://github.com/OWASP/crAPI
Intro to AWS Hacking - Carlos Polop
If you aren't familiar with Carlos, you may be familiar with the website Hacktricks that I have mentioned on this blog several times. Hacktricks was a significant factor in my passing the OSCP exam. So I knew that talk was going to have some fantastic information. Carlos gave us some of the content from the HackTricks ARTE course. Even though this course was called an "introduction" it quickly dives in deep. Carlos explained misconfiguration, permissions, and IAM roles commonly seen in AWS accounts. Because so many companies use AWS, this is an area I want to work on; this talk just gave us a peek at what this course has to offer. I have added this to my wishlist. If you want to check out more information, here is a link. https://training.hacktricks.xyz/courses/arte
HackSpaceCon gives a real bang for its buck. Workshops, parking, and admission to the space center are all included in your ticket. Not to mention that as a brand new conference, you get some of the biggest names in the cyber security world. In the future, I hope that the internet is more reliable, but that will happen as they get more years under their belt. I will also mention if you have a special diet you're only going to be getting burgers, salads and chicken strips as the food court at the kenedy space center, so just be advised. I'll be watching for this conference in the future.