Jonathan Tomek

Jonathan Tomek

What the world needs now, is HAM sweet HAM

Do you know why the hacker community is so interested in HAM radio? You probably do; it is the ultimate nerd hobby. It invokes a variety of abilities involving multiple competencies and skills. What skills you may ask? Too many to list here…

Devices from IoT to satellites to power meters all use radio signals to communicate. Since security is often an after-thought, it is the wild west in the radio realm for a hacker.

Let’s introduce you to some things to increase your appetite for becoming a HAM. Whether you have an SDR laying around or hand-held you have had since the last hackercon, you should to know how to use it. For those HAMs out there, this should still get you excited to try something new. Since it wouldn’t be Cyphercon without the “cypher”, there will be some fun things here to spir the curiosity in your old hackerself.


Josh Frantz

Josh Frantz

Thrift Shoppin’ with your data

Do you ever wonder what happens with disk drives, flash drives, even floppy drives when you drop them off at thrift stores or e-recycling centers? You signed an agreement saying they would wipe your data, so that no one could ever find those text files filled with passwords and sensitive information. Well, even though you signed that piece of paper, these thrift stores and e-recycling centers have not been making good on their contractual obligations.

We all have a box of wires, 10 flash drives and 5 hard drives laying around. How do you properly dispose of those devices safely and securely? In this presentation, we take a dive into thrift shopping all around Wisconsin, in particular, buying your data back from those who agreed to destroy it. You signed an agreement saying that your disks would be wiped, your data destroyed, but based on what i found, that couldn’t be further from the truth.


Arden Meyer

Arden Meyer

Privilege Escalation in Mechanical Master-Key Systems

The mechanical pin and tumbler locks we use on our homes, schools, and businesses have not changed much in over 100 years. Sure, there have been some exotic new designs but most are just not fiscally feasible compared to their relatively minor improvements (if any) in security. A feature desired on large scale deployments is called Master Keying, which allows for many unique key/lock combinations while supporting multiple permission levels commonly referred to as “janitor keys” or “security keys” that can open multiple locks. While these systems are still in use around the globe in medium-to-large scale businesses, schools, and government buildings, they are also susceptible to what some consider to be the original privilege escalation attack. We will talk about an optimization attack against the most common master keyed lock systems in use today, reducing the potential attack surface from 1,000,000 permutations for an SC4 keyway system down to 42 steps to find the highest privilege key.