Pumpcon 2016 Speakers:


The Fault in Our Logs

They're logs. They're logs. They're big. They're heavy. Just hope they aren't multiline.

Logs are everywhere. Every system we interact with generates them, but more often than not, they suck. We put up with them though because, when they do work, they can be incredibly useful. If you want to find out how to make your logging suck less, or maybe get confirmation that you're not the only one who's run into "that" logging problem, this talk is for you. I'll cover the logs themselves, moving them around over the network to a central-ish location, and then some fun things that you can do with logs once you actually have them under control (and, of course, myriad ways that that each of those things go wrong in practice).

Never worry about having too much free disk space ever again: logs.

Bio
Bob does network/systems security things professionally and for fun. Bob also drinks bourbon for fun, but would be open to offers to do that professionally. These things are completely unrelated.


Don't be a Hero

Abstract
The early days of a startup are the age of heroes--individual hackers, attacking the darkness. Heroes don't follow policies; they slay dragons! Having rules would go against their very nature as swashbucklers! There comes a time in every company's life, however, where the heroes must stand aside to build a legacy bigger than a statue or a ballad. This seems like a terrible idea--who doesn't want to be a hero? And who wants rules, anyway?

This talk presents an idea for how to sell compliance ("the other meat product") to organizations driven only by red things (red teaming, red bull, red eyes, and red alerts). "Just grow up / woman up / you're playing with the big boys now" are typical, but ineffective, exhortations. Building on an idea that came to me from James Arlen, this is how I've been trying to sell organizations on the idea of doing work which seems both hard and boring, but which is in reality neither. We do this work because individual heroes (the ones that make things happen in startups) swing swords, kill dragons, and die. We build a plinth, and put a statue on it in their honor. 50 years later, nobody remembers why we have that statue there. In a thousand years, however, people know what the cathedral-makers did. Don't be a hero; together, we can build a cathedral.

Bio
Brendan O'Connor is a lawyer with a ponytail who hangs out with hackers, but unlike the *other* one you've met, his coworkers described him as "not the lawyer we need, but the lawyer we deserve"--and they didn't mean it as a compliment. If I'm the Robin to Alex's Batman, I'm costuming in a kilt instead of spandex.


nasm_shell is too high-level

Abstract
Nasm_shell.rb is too high level because x86 assembly is too high level. In this talk, there will be a demo of a vulnerable program with an exploit that would not be arrived at with tools like nasm_shell; the exploit uses redundant (but valid) machine code often never used.

Finally, a sneak preview to a 'super secret' script that hopefully aims to let exploit developers revisit their old vulnerable (but previously unexploitable) software and exploit it.

Bio:
XlogicX hacks at anything low level. He's unmasked sanitized IP addresses in packets (because checksums) and crafts his own pcaps with just xxd. He feeds complete garbage to forensic tools, AV products, decompression software, and intrusion detection systems. He made evil strings more evil (with automation) to exploit high consumption regular expressions. Lately he has been declaring war on assembly language (calling it too high-level) and doing all kinds of ignorant things with machine code. More information can be found on xlogicx.net


Vlad

Something about cars...

Bio:
Vlad likes cars


Russ

Something about Radios...

Bio:
Russ likes Radios


PLUS Special Surprise Guests!!!
(might be Josh talking about The Future of Compliance, Regulation, Business, and Bullshit... or Al3x talking about Law Stuff again. Knarph is confirmed to giv an "epic" talk about how not to book a venue for YOUR next con... Details to follow.)