HackCon 2024 | HackCon | 13 February 2024 | Høyres Hus Konferanse & Selskapslokaler, Stortingsgata 20, 0161 Oslo, Norway

The conference is for those of you who are genuinely interested in IT security and who want a real increase in skills to handle current and future IT security challenges. The conference is created by security enthusiasts for security enthusiasts.

Why you should attend:
• Over 1500 lectures
• The event will be the best learning platform we will go through over 1500 lectures, vulnerabilities, research results to select the best!
• Best learning platform for IT security
• Whether you are security personnel (technical, strategic, administrative, or management), analyst, management, strategist, auditor, cert personnel, bit fiend or security enthusiast, you will get the full benefit of the event and be updated on the latest the trends, threat images, and security updates.
• The event will continue to be the best learning platform, professional forum and arena for IT security.

Topics include:
• Graph Theory: Unveiling the Microsoft Entra ID Post-Exploitation Landscape. In today's cloud-driven landscape, Microsoft Azure and 365 (M365) have become essential tools for businesses worldwide.
• Smoke and mirrors: Russian influence operations. Are you aware that we are being manipulated daily online and on social media? Are you able to uncover the manipulation? In this lecture, we go through concrete examples of Russian influence operations, including methods and tools.
• Ghost in the Wires. Demonstration of multiple techniques that attackers can use to exploit vulnerabilities, escalate privileges and move laterally, without being detected.
• Behind the Breach: A Triad of Zero-Day Exploits Uncovered. In this session we will fokus on complex and sophisticated attack that has been attributed to an APT. The adversary exploited three zero-days in Ivanti Endpoint Manager Mobile (EPMM) and Ivanti Sentry as part of the attack. During this session, we’ll examine the anatomy of this attack, diving into the zero-days themselves and how they were chained together, along with other tools and techniques the threat actors utilised.
• The MultiCloud of Madness. Welcome to cloud security in 2023. If you think you’re only in a single cloud provider, you’re probably wrong. Any organization of any size or age probably has a presence in every major cloud provider. In this session you will learn what you need to care about and why the cloud really is dark and full of terrors.
• He Who Controls the Network, Controls the Universe
This talk delves into the latest trends in network device hacking, highlighting novel attack vectors that emerged last year. We will explore a range of attacks, from firmware manipulation to advanced persistent threats (APTs) targeting routers, switches, and other critical network infrastructure. Key topics include the exploitation of zero-day vulnerabilities, leveraging AI for living off the land techniques, and the challenges facing organizations due to lack of visibility and nonexistent security tooling at the device level.
• Red Team Chronicles: Blunders and Triumphs
In this lecture we take a deep dive into the clumsy, but at the same time instructive and untold events from Red Team missions. Here we share experiences and lessons learned, taken from ups and downs, as well as things that we have not told about before! We promise that this will be a lecture you won't want to miss!
• Social event
Here you have the opportunity to make contacts and get to know others. HackCon provides light dinner and "entertainment". It is possible that a special session will be set up during the social event - a session you will not want to miss (depending on the speaker)!
• This is how artificial intelligence is changing IT security. The lecture gives a unique insight into the dynamic and constantly changing connections between artificial intelligence and security, and is essential for anyone who wants to understand and shape the future in an informed way. In this lecture you will find out what AI is and how AI will change IT security!
• Internet wallhacks: combining internet-wide scanning research and GPT to automate discovery and risk surface analysis, If youre interested in scanning the internet, or even a section of the internet, you've probably run into a variety of hurdles and challenges. Turns out there's a lot of engineering involved in that heavy of a lift, and then again to deal with whatever comes out the other end. 5 gig xml files? 50,000 screenshots? If you're like me and you're not the best developer in the world, but you know what needs to happen mechanically, you can leverage GPT in these circumstances to get you past where you're stuck. Come with me on live-fire adventure with audience participation where we'll do some massive jobs live on stage!
• That’s Just a Tool – Not Good Nor Bad. That Part is Up to YOU. In this session we’ll present technical, hands-on examples of what SUCKS and what ROCKS on the Windows ‘Living off the land’ remote admin operations, Protocols and APIs from IPC mechanisms (Named Pipes, mailslots etc’) through RPC (WMI / DCOM / Multiple LoLBins), WinRM / PSRemoting, RDP and more.
• Bad neighbors: Cross tenant exploitation with guest users. We will introduce a new technique for abusing guest users across tenants, and look at scenarios where that technique could be catastrophic to the security of an organization. To show how to exploit these scenarios, we will introduce a new azure pentesting tool that can be used to help test and exploit both guest users, as well as the rest of the Azure and Entra ID ecosystem.
• How to deal with Ransomeware. Help, we've got ransomware! What now?! Here you will learn how to handle Ransomeware, both technically and in the organisation.

2024 Speakers

Beau Bullock
Senior Security Analyst and Penetration Tester

Eskil Grendahl Sivertsen
Special advisor associated, C-SPI project

Tom Jøran Rønning
Internal penetrationtester, Statnet

Per Morten Sandstad
CTI analyst, mnemonic

Chris Farris
Experienced Sales and Business Development Specialist, Palmyra

Nate Warfield
Director of Threat Research and Intelligence, Eclypsium

Oddvar Moe and Melvin Langvik
Senior Security Consultant, and Jason Lang, Practice Lead

Per-Arne Andersen
Associate Professor, University of Agder

Dan Tentler
Executive founder, Phobos Group

Yossi Sassi
The Oriental Rock Orchestra

Cody Burkard
Partner and Principal Security Architect, O3 Cyber

2024 Sponsors

• Menmonic
• Netsecurity
• O3C
• tietoevry
• Paloalto
• Conscia
• Cyberon
• SOCRadar
• BlackHill