AV Workshops

August 7, 2020
  • A-ISAC CTF
    August 7, 2020  8:00 am - 8:00 pm PDT
    Read more...

    Aviation is under attack! A Tier 1 airport is in chaos!

    Ticketing kiosks, airline servers, flight information displays, transportation security, runway lights, aircraft, and other critical systems have all been compromised. And there are indicators that airport insiders may have colluded with hackers to bring the airport to its knees!

    It’s up to you now. YOU have 24 hours to research and investigate this crisis to regain control of the targeted airport and its airspace. From collecting evidence (and flags) to restoring all compromised assets and assisting impacted stakeholders, the clock is ticking!

    Its time to apply everything you know about cybersecurity (e.g., password cracking, log analysis, computer forensics, and ethical hacking), intelligence (e.g., OSINT), and aviation (e.g., crew, avionics, air traffic control communications, airline operations, security screening, airport information systems, and aviation cyber-physical systems) to help the airport return to normal operations.

    You have been given full authority to do whatever it takes to catch the hackers, seize back control of the airport, and restore aviation operations.

    https://aerospacevillage.org/defcon-28/a-isac-ctf/

    A-ISAC Bios:

    Terrance Kirk is the Senior Vice President of Global Operations at the Aviation Information Sharing & Analysis Center (A-ISAC). Prior to joining the Aviation ISAC, Terrance worked for the Boeing Company in their Information Solutions for Intelligence and Security Systems (I&SS), a division of Network and Space Systems, and with Boeing’s Commercial Aircraft Division. Terrance’s specialties include cybersecurity leadership, risk management, product security, systems engineering, and malware analysis.

    Terrance holds multiple degrees, way too many certifications, and received three patents in malware analysis. In his spare time, Terrance loves boating and drenching all types of food with Old Bay seasoning. 

    Paul Hart is the Cybersecurity Infrastructure Engineer for the Aviation ISAC. He has more than 23 years of IT experience and holds more than 10 professional certifications; most recently the E-Council’s Certified Network Defender. One of Paul’s projects at the Aviation ISAC has been to create a global collegiate cyber challenge. He also leads the Aviation ISAC’s network security architecture working group for its members. In his spare time, Paul is a football fanatic who loves the Dallas Cowboys (despite being a Philadelphia native).


  • Hack-A-Sat
    August 7, 2020  8:30 am - 4:00 pm PDT
    Read more...

    Abstract:  The democratization of space has opened up a new frontier for exploration and innovation. But with this opportunity, new cybersecurity vulnerabilities are also being created. One human can design, build and launch a satellite, adhering to very few standards and security protocols. So how can we achieve safe, reliable and trustworthy operations to truly realize the promise of space?
    ...BY HACKING A SATELLITE

    The United States Air Force, in conjunction with the Defense Digital Service, presents this year’s Space Security Challenge, Hack-A-Sat. This challenge asks hackers from around the world to focus their skills and creativity on solving cybersecurity challenges on space systems.

    https://aerospacevillage.org/defcon-28/hack-a-sat/


  • Aviation Privacy Treasure Hunt
    August 7, 2020  9:00 am - 4:00 pm PDT
    Read more...

    Run by:  Martin Strohmeier


    Abstract:  This OSINT CTF sends the participant on a wild treasure hunt across open aviation data, demonstrating the severe impact of some of the issues surrounding aviation tracking and datalink privacy. The participants will learn how the lack of security in wireless protocols affects the privacy of passengers and aircraft operators alike and how to exploit them. This treasure hunt will cover privacy leaks on datalinks and ATC communication used by corporate, government, military and commercial aircraft. We will actively engage with countermeasures and mitigations, showing which ones are helpful and which ones are not. This will include the most current industry attempts, including the FAA’s Privacy ICAO Address programme and ACARS encryption measures. For this CTF, we will use a mixture of OSINT data sources available on the web, exclusive real-world datasets, and mock data based on our research over the past five years.

    https://aerospacevillage.org/defcon-28/aviation-privacy-treasure-hunt/

    Bio:  Martin Strohmeier is a Junior Research Fellow of Kellogg College, University of Oxford and a Senior Scientist at the Swiss Cyber Defence Campus.The main focus of his work has been the design, implementation, and analysis of security protocols for cyber-physical systems, specifically those used in critical infrastructures such as aviation (civil and military). Using these domains as a driver for the real-world applicability of his research, his work has been published in many diverse venues, spanning wireless communications, cryptography, systems security, sensor networking, privacy, and aviation.

    After his DPhil, he has been extending his interests towards areas of open-source intelligence, privacy issues in aviation and satellite environments, and most recently adversarial machine learning. Martin is also a co-founder of the aviation research network OpenSky where he is responsible for communication and research activities.


  • Mission Alenium: Launching the Next Generation into an Immersive Cybersecurity and Space Systems Challenge
    August 7, 2020  9:00 am - 4:00 pm PDT
    Read more...

    Run by:  Henry Danielson

    Abstract: 
    The Convergence of Space and Cybersecurity is here! The goal of this immersive, two-part challenge is to expose beginner-level participants to Space Networks, Cybersecurity, Satellites, IoT devices and Digital Forensics Analysis through a gamified satellite cybercrime scenario. The first part includes a series of five online 3D “escape rooms” which each simulate different locations that contain important evidence. After all the information is collected, participants enter the second phase of the challenge and begin conducting forensic analysis. Participants will respond to a fictional storyline where the flight control system of a Low Earth Orbit (LEO) is compromised. Due to the hack, the rocket and its accompanying satellite crash before reaching orbit. The software payload survives the crash and is sufficiently intact for digital forensic analysis. The participants act as cybersecurity digital forensics analysts, attempting to find out how and why the system was hacked and by whom. It is being deployed at the California Cyber Innovation Challenge 2020, the state championship for cybersecurity competitions in California, for teams of middle school and high school students this upcoming October.

    https://aerospacevillage.org/defcon-28/mission-alenium-ctf/

    Bio:  Henry is deeply passionate about educating the next generation of cybersecurity professionals. He has been working at the California Cybersecurity Institute (CCI) for three years helping design network challenges and managing the California Cyber Innovation Challenge 2020. He also serves as Director of Technology at Coast Unified School District and has taught multiple courses in Cybersecurity to a variety of audiences including legislative analysts, and K-12 teachers, staff, and students. Henry obtained his Certified Information Systems Security Office (CISSO) in 2019, and earned a Cyber Teacher certificate from the Computer Science Teachers Association (CSTA) in 2016. He is also a member of the Infragard and is a member/mentor of the California Educational Technology Professionals Association who trains up and coming Chief Technology Officers. His experience integrating technology in an educational setting, combined with his interpersonal skills, serve him well on his mission is to connect with and create awareness for young people.


August 8, 2020
  • A-ISAC CTF
    August 8, 2020  8:00 am - 8:00 pm PDT
    Read more...

    Aviation is under attack! A Tier 1 airport is in chaos!

    Ticketing kiosks, airline servers, flight information displays, transportation security, runway lights, aircraft, and other critical systems have all been compromised. And there are indicators that airport insiders may have colluded with hackers to bring the airport to its knees!

    It’s up to you now. YOU have 24 hours to research and investigate this crisis to regain control of the targeted airport and its airspace. From collecting evidence (and flags) to restoring all compromised assets and assisting impacted stakeholders, the clock is ticking!

    Its time to apply everything you know about cybersecurity (e.g., password cracking, log analysis, computer forensics, and ethical hacking), intelligence (e.g., OSINT), and aviation (e.g., crew, avionics, air traffic control communications, airline operations, security screening, airport information systems, and aviation cyber-physical systems) to help the airport return to normal operations.

    You have been given full authority to do whatever it takes to catch the hackers, seize back control of the airport, and restore aviation operations.

    https://aerospacevillage.org/defcon-28/a-isac-ctf/


    A-ISAC Bios:

    Terrance Kirk is the Senior Vice President of Global Operations at the Aviation Information Sharing & Analysis Center (A-ISAC). Prior to joining the Aviation ISAC, Terrance worked for the Boeing Company in their Information Solutions for Intelligence and Security Systems (I&SS), a division of Network and Space Systems, and with Boeing’s Commercial Aircraft Division. Terrance’s specialties include cybersecurity leadership, risk management, product security, systems engineering, and malware analysis.

    Terrance holds multiple degrees, way too many certifications, and received three patents in malware analysis. In his spare time, Terrance loves boating and drenching all types of food with Old Bay seasoning. 

    Paul Hart is the Cybersecurity Infrastructure Engineer for the Aviation ISAC. He has more than 23 years of IT experience and holds more than 10 professional certifications; most recently the E-Council’s Certified Network Defender. One of Paul’s projects at the Aviation ISAC has been to create a global collegiate cyber challenge. He also leads the Aviation ISAC’s network security architecture working group for its members. In his spare time, Paul is a football fanatic who loves the Dallas Cowboys (despite being a Philadelphia native).


  • Mission Alenium: Launching the Next Generation into an Immersive Cybersecurity and Space Systems Challenge
    August 8, 2020  9:00 am - 4:00 pm PDT
    Read more...

    Run by:  Henry Danielson

    Abstract: 
    The Convergence of Space and Cybersecurity is here! The goal of this immersive, two-part challenge is to expose beginner-level participants to Space Networks, Cybersecurity, Satellites, IoT devices and Digital Forensics Analysis through a gamified satellite cybercrime scenario. The first part includes a series of five online 3D “escape rooms” which each simulate different locations that contain important evidence. After all the information is collected, participants enter the second phase of the challenge and begin conducting forensic analysis. Participants will respond to a fictional storyline where the flight control system of a Low Earth Orbit (LEO) is compromised. Due to the hack, the rocket and its accompanying satellite crash before reaching orbit. The software payload survives the crash and is sufficiently intact for digital forensic analysis. The participants act as cybersecurity digital forensics analysts, attempting to find out how and why the system was hacked and by whom. It is being deployed at the California Cyber Innovation Challenge 2020, the state championship for cybersecurity competitions in California, for teams of middle school and high school students this upcoming October.

    https://aerospacevillage.org/defcon-28/mission-alenium-ctf/

    Bio:  Henry is deeply passionate about educating the next generation of cybersecurity professionals. He has been working at the California Cybersecurity Institute (CCI) for three years helping design network challenges and managing the California Cyber Innovation Challenge 2020. He also serves as Director of Technology at Coast Unified School District and has taught multiple courses in Cybersecurity to a variety of audiences including legislative analysts, and K-12 teachers, staff, and students. Henry obtained his Certified Information Systems Security Office (CISSO) in 2019, and earned a Cyber Teacher certificate from the Computer Science Teachers Association (CSTA) in 2016. He is also a member of the Infragard and is a member/mentor of the California Educational Technology Professionals Association who trains up and coming Chief Technology Officers. His experience integrating technology in an educational setting, combined with his interpersonal skills, serve him well on his mission is to connect with and create awareness for young people.


  • Hack-A-Sat
    August 8, 2020  9:30 am - 4:00 pm PDT
    Read more...

    Abstract:  The democratization of space has opened up a new frontier for exploration and innovation. But with this opportunity, new cybersecurity vulnerabilities are also being created. One human can design, build and launch a satellite, adhering to very few standards and security protocols. So how can we achieve safe, reliable and trustworthy operations to truly realize the promise of space?
    ...BY HACKING A SATELLITE

    The United States Air Force, in conjunction with the Defense Digital Service, presents this year’s Space Security Challenge, Hack-A-Sat. This challenge asks hackers from around the world to focus their skills and creativity on solving cybersecurity challenges on space systems.

    https://aerospacevillage.org/defcon-28/hack-a-sat/


August 9, 2020
  • Hack-A-Sat
    August 9, 2020  9:00 am - 2:00 pm PDT
    Read more...

    Abstract:  The democratization of space has opened up a new frontier for exploration and innovation. But with this opportunity, new cybersecurity vulnerabilities are also being created. One human can design, build and launch a satellite, adhering to very few standards and security protocols. So how can we achieve safe, reliable and trustworthy operations to truly realize the promise of space?
    ...BY HACKING A SATELLITE

    The United States Air Force, in conjunction with the Defense Digital Service, presents this year’s Space Security Challenge, Hack-A-Sat. This challenge asks hackers from around the world to focus their skills and creativity on solving cybersecurity challenges on space systems.

    https://aerospacevillage.org/defcon-28/hack-a-sat/