 Next, we have Hacking and Robotics, version two by Aaron Owens. My name is Aaron Patrick Owens. I've been with Roots for five years. I've been a CISO for 10 companies and been in security for about 20 years now. It's a very exciting area. I'm really glad to see this many young people that are involved with cybersecurity every day. And the STEM programs that you're going to find in Roots are absolutely exciting. With that, I'm going to introduce you to two people. I have here with me Duncan Owens, and he goes by Stealth Rock. Go ahead and say hi. Go ahead and just say hi, everyone. Duncan is 15 years old, and he's been coming to Roots now for five years. He's won some of the contests like the crypto programs and things in the past. And we became a part of the Roots program as far as introducing kids to technology over the past three years by hosting some of the workstations. So I want to talk to you today about one of our workstations. The Hacking and Robotics workstation that we had here last year, you can see that we're full on space. So we have the Drone Wars workstation instead of the Hacking and Robotics. So that's one thing that's changed just a little bit. We should have our robots back next year, but they're currently, they didn't make it through customs. So having said that, I want to introduce you to Drone Wars. But before we get started, could I have everyone's attention just for one moment? One second. I have one drone that has gone missing off the Drone Wars table. These are not inexpensive drones. They're part of the workstation. If someone could help me find this one drone, that'd be fantastic. The person that helps me find that will be the first person to be able to come over and participate in the Drone Wars workstation. It starts at one o'clock. Okay, thank you for your attention on that. We'll be presenting the full Drone Wars workstation tomorrow. I'm going to talk to you about the three major parts. The first part of Drone Wars and our Hacking and Robotics program is that we designed our own distribution of Cali Linux. Cali Linux is a hacking version of Linux for the Raspberry Pi. So we put that on Raspberry Pi early last year and now it's available to the public. So you should see that up on the websites. Having said that, our workstation is using and consuming Raspberry Pi distros on the Raspberry Pi. Everyone that comes by the workstation will leave with the Raspberry Pi and with that distro and the SD card to get working. So we'll work you through how to use and load the Raspberry Pi with Cali Linux. The second major thing you're going to see at our workstation, that's tomorrow by the way, then the second major thing you're going to see is the Drone Wars program. How many of you have watched Drone Racing League on ESPN? Show of hands. All right, do you have you? So we have a beta version of the Drone Racing League simulators. We have one of the Drone Racing League robots or drones with us. And what we've done is two unique things with these. So we're going to run a multiplayer game and let you guys come over and race against each other. If you've never flown a drone before, we're going to help you with the simulator on how to do that. You'll use a real drone controller to do that. The second thing that you'll do as part of the racing is that we're going to give away some of these drones to our winners. So you'll be able to walk away with one of these out of the workstation as well. The third thing that you're going to see in the workstation is you'll be able to build a custom drone. Custom drone so far. We're going to put the motors in and the chip and the controller will connect to that. And it's like a typewriter. It can fly around. We also have a black one and a yellow and black one. But this is the only yellow one. Where did this come from? Where did this come from? It came from a 3D printer. We 3D printed it. It's our own custom design. And this is kind of fragile. But if you're good at flying it and even if you're not, then you can still fly it. Because the things around there are supposed to protect it. The chip. So the chip won't get broken because of these. We're going to introduce the typewriter tomorrow on its full build. This was downloaded from Thingiverse. I don't know if you guys do 3D printing. But this is a design that we'll give the creds to tomorrow for who designed it. And you'll have the opportunity to build a drone and fly it on this platform. So this is a platform that will be made available at the workstation today and tomorrow. And so those are our three things just to sum up. We're filling in for the hacking robotics presentation. So our full presentation with the full team is tomorrow. And we have six people on the team. Six pilots. You're going to see some leaders in the industry. There are on our team some engineers. We also have our own custom drones. So how many of you in the room are familiar with what a red team is? Red teams? Two, three, four, five. Okay. How many of you know what a blue team is? Anybody participating in the Facebook CTF today? The capture the flag? Okay. So which team do you think you're on if you're participating in a CTF? Red, blue, white. You guys know what these terms are? Okay. So a red team is the attack team. So when we hire people to come in and test a computing system or in a test a system for vulnerabilities, we hire a team of people that are put together in order to be able to exploit or penetrate the system or the facility or the process that we've been engaged to attack. I participated in several red teams and led some. I've gotten into some of the largest banks in the United States. Nuclear facilities, things like that. Bank vaults, credit card stock, check stock, things like that from these places. Take control of a system. We call that ponying the system, escalating our privileges, taking over the network, and we win our trophies. A trophy is defined by our customer. In the playground where you guys are working as far as red and blue teams, the blue team is the defense team, and that is the team that is there to stop the red team. If you can keep the red team from attacking, you win. If the red team wins, the captures the flag, they win. Sometimes that's time-based. Sometimes it's based on the trophies or a certain thing that you have to do. So how weird can the trophies get? Let's talk about some trophies. So, anybody have an interesting trophy story they want to come up and share? I can give a couple. Okay, one trophy that a company might give you is, hey, we would really like your team to get a picture in the CEO's office next to this zebra, and it's a zebra statue in his office, and if you can get that picture, you win. And so that would be an example of a trophy. Another trophy might be we'd like you to get domain admin privileges on our network, and we would like you to use that privilege to be able to exploit our domain controller and be able to create a new account on our domain controller so that you could show us that it can be done. That's another example of a trophy. And another example might be that we want you to be able to social engineer your way into our building and get the security guard to let you pass the front desk. That might be another trophy. So, in a CTF, you're going to have trophies. And one of the things that you're going to see is that the red teams are getting better and better at how we're going to adapt to be able to go into a company. One of the ways that we attack companies is we attack them through their Wi-Fi networks. How many of you guys in here know what a Wi-Fi is? All of you, right? Okay, anyone connected to a Wi-Fi right now might want to rethink that at DEF CON. So, if you're connecting to a Wi-Fi, you're connecting to an access point in the sky, and there's an SSID that's being sent from that access point, and it's communicating broadcasting its name. Maybe you've seen in this room there's a Roots 2 name. Anybody seen that one? Roots 2 on their Wi-Fi list. That's your Facebook CTF's Wi-Fi. So, it's broadcasting and saying, here I am. You can connect to me, but I've secured with the password. Now, companies do the same thing. They secure their systems, just like you should at home. So, if you are running a Wi-Fi system at home, how do you keep your neighbors or your friends off your Wi-Fi system? And that's going to be why we secure the system. What people want to test is they want to hire a team of people to see if you can break into their Wi-Fi. So, they bring a red team in. The red team's goal is to break the Wi-Fi system, which requires a couple of things unique. To break a Wi-Fi system, we have to be close to it so that we can access that within proximity. Would you go grab that piece over there? You know the hack five. I'm going to show you a Wi-Fi attack, or what we call a Wi-Fi assault system that is put out by hack five. If you're looking, I'm not going to advertise that, but it has a few unique capabilities. This is called a pineapple. So, if you've ever pineappleed, we have the instruction books on how to pineapple at our workstation. This has a couple of different antennas. So, you guys can see how long these antennas are. These allow us to hack wireless signals at a long distance. So, I don't have to be as close, but they are directional. These are omnidirectional antennas. So, these are designed to be able to hit things at a longer distance in all directions. Now, what we've done with our drones is we've attached these to our drones, and we can hack from the sky. So, that's some of the cool things that our red teams are doing with your own technology in order to be able to use it in the security community. Second thing that we're doing with the drones is we created, and we will have available for the Roots program next year, and this is something our researchers will talk to you about tomorrow, is we created to capture the flag with drones so that you can actually capture the drone itself. To capture the drone out of the air, there's a couple of different ways that you can do that. You can take over its remote control communication system, which we've encrypted, so that's a little bit harder to take over. Another thing you can do is you can jam the drone and keep the drone from flying, and that's just another way you haven't taken control of it, but you prevented the user from actually using it. And then another thing you can do is you can do forensics on the drone and determine its flight path and where it's been, what it's taken pictures of, what kind of reconnaissance missions it's gone on, etc. So our capture the flag associated with drones for drone wars next year will offer all three of those things. You'll be able to do forensics on the drone to determine where it's been, and you'll be able to capture the drone out of the air, and you'll be able to jam the drone while it's in flight. So it's going to be really cool. DefCon is, we're looking at running this at DefCon with about 25 drones, and I think you guys are going to really enjoy seeing that here at Roots as well. The Wi-Fi Assault drones that we've built, use a more portable version of this called the Hackfi Pineapple Nano, and then we built our own Raspberry Pi attack assault system that is working with a Custom OS that we've developed just for this. You'll see some more on that tomorrow. So, just as a preview, I wanted to introduce the drone wars program. It's new to Roots this year. It's over here under the tent so that when you fly the drone, which you will do, you won't hit the ceiling, and so we have a lot of room for that. And then some of our workstation volunteers, like Firestarter here, will be available to answer questions and Stealth Rock here as well. So, thank you for letting us come back to Roots. Fill in this time slot. You'll see the full presentation on drone wars tomorrow. Thank you.