After a brief hiatus last year due to the COVID-19 pandemic, CarolinaCon is back April 23 – 25, 2021. This hacker con for the Carolinas has been around since 2005 and taking place in Charlotte, NC since a couple years ago, moving from Raleigh, NC when UNCC’s 49th Security Division took over organizing responsibilities. Even though it’s taking place virtually this year, it’s great to get back to some of the regular conferences we’re used to seeing. Even better, the conference is free this year, being run by an all-volunteer staff and using donations for set up and miscellaneous expenses associated with putting the con on.
This year is also particular exciting for us because two of our own team members are giving talks, book-ending the conference with Matt Schmidt covering unique attack vectors associated with IPv6 in his talk “Ahem Your IPv6 is Showing” on Friday night and myself (JR Johnson) doing a fast review on web application penetration testing in the real world with “Crash Course on Web Application Penetration Testing – Thinking Outside the OWASP Top 10” on Sunday morning. We’ll also be fielding a team for the CTF competition as a team building and training exercise for some of our penetration testing team. Matt’s talk is going to touch on ways penetration testers should be evaluating and exploiting IPv6 on external penetration tests and internal penetration tests, as they are often harboring hidden attack surface. My talk is going to break away from the normal topics that folks focus on when talking about web application penetration testing, namely highlighting the OWASP Top 10 or specific vulnerabilities, to provide a more realistic process for assessing application security that be used regardless of application architecture.
While we wish we could attend in person, we’re looking forward to another great CarolinaCon this year. So if you’re able to, drop in and check out some talks, training, or the other activities that will be going on this weekend (you can’t beat the price)!