t2’24 dates announced

TL;DR – t2’24 April 18-19, 2024, Helsinki Finland. Mark your calendars and prepare your training & travel budgets for the next season. Watch t2’23 Andy Jones keynote.

The unabridged version:

The information ops run amok on social media platforms, mainstream media, image boards, and state media, by more or less anyone wanting to influence the world politics one way or another make it non-trivial to grasp both the nuances and the broader impact of any affairs having a global impact.

The non-simplicity of the current situation, or the eternal meta, in Europe is not-so-subtly highlighted by the seemingly easy cohabitation of German luxury cars with Russian and Ukrainian plates in Jūrmala, Latvia – known as The Baltic Riviera, a popular destination also for Finns and Estonians. Historically a favorite among Communist officials, the location is considerably more Western after this July.

First-person narratives still hold value, and considering that you are spending the most valuable currency in existence for humans – time – during the interaction, makes it an infinitely more symmetrical experience for all parties involved.

While anecdotal experiences are hardly the whole story, they do give a level of ground truth unattainable by any other means. Just like zealous investigative journalism is practically indistinguishable from intelligence activities, firsthand experiences from those directly involved get you as close to those events as possible, until a heavily dramatized Netflix documentary is released.

This is what t2 aims at – allowing the attendees, both speakers and guests to engage in a meaningful dialogue and exchange of knowledge. Despite what we are told to believe, information still wants to be free. It’s the Sky Room Bar & Lounge view, which costs money. Next year on April 18-19, Clarion Hotel Helsinki.

For your viewing pleasure, the keynote by Andy Jones from t2’23.

Andy Jones keynote at t2’23

Forgot about t2 | Program beta out now

It’s pretty crazy that even Dr Dre managed to release new music since the last time t2 was organized. The 3.5 years without a conference definitely put a dent on the proverbial ’64 Impala, despite a steady stream of releases from our favorite artists. Even FSMCs performed live!

“They wanna know if AB still got it,
They say confs’ changed, they wanna know how we feel about it”

— Still t2

Coming back from the cold, CFP was one of the hardest ones we’ve had so far. The most brutal reviews and expectations for whether we curated a relevant program consisting of decent content or not comes from within the AB. “Why is that?” you ask sitting on a comfortable lobby bar sofa.

The Advisory Board of t2 has always had an aspirational goal of some day achieving certified status with the prestigious Security Vacation Club, yet we have decided to not submit an application until we can demonstrate a track record of at least twenty successful events.

On practical terms, using random puzzle pieces to put together a sensible picture, isn’t just dependent on the quality of individual pieces. It also depends on other ones on the table at the same time.

Right now we feel there’s a credible set of heavy hitters to warrant publishing our program in beta. Having said that, we are still working on it to make sure there’s the right recipe in the mix to facilitate those lobby bar discussions.

We still have about 25 tickets left. If you plan on attending and have not yet bought a ticket, it’s more or less the perfect moment (and second-to-last chance to do). The closer the event gets, the more likely it is someone comes and just buys 5+ at a time.

And yes, it’s on – with additional small print: a t2 Scarab challenge winner who uses a white ’86 Testarossa for ground transportation during the whole duration of t2’23 receives a free entry to t2’24 and t2’25.

Call For Papers 2023

Tired of your bosses suspecting conference trips to exotic locations being just a ploy to partake in Security Vacation Club? Prove them wrong by coming to Helsinki, Finland on May 4-5 2023! Guaranteed lack of sunburn, good potential for rain or slush. In case of great spring weather, though, no money back.

CFP and registration both open. Read further if still unsure.

Maui, Miami, Las Vegas, Tel Aviv or Wellington feel so much sunnier once you’ve experienced the lack of infinity pools in Northern Europe. Instead of pools and palms trees, we can offer you actual saunas and a high tech environment, which is a weird combination of demoscene, widespread Linux adoption, mobile Internet with uncapped flat rate data and a long history of IRC and imageboards.

What defines a conference? For t2 it has always been that intimate welcoming atmosphere of a small event, which makes both audience and speakers approachable. There are enough regulars to create the feeling of a community, but not too many that a first-comer would feel being left out. On the content side, we have always been and always will be a technical security conference, emphasizing the cutting edge, world class research. This is an event for the community. Our focus is on technical excellence, not politics or player hating.

t2’23 offers you an audience with a taste for technical security presentations containing original content. This is your chance to showcase the latest research and lessons in EDR simulation and healthcheck spoofing, hardware insecurity, inferring information from interference, cloud-scale forensics or persistance automation, new vulnerability classes, AI exploitation, virtual machines inside parsers, elegant exploitation of old vulnerability classes, modern defense, dropping zero days during presentations, state of the art memory corruption mitigation bypasses, evasions, safe cracking, satellite and space security, remote vehicle access, or whatever research lights up the eyes of seasoned conference visitors. For the hackers by the hackers.

The advisory board will be reviewing submissions until 2023-03-17. Slide deck submission final deadline 2023-04-20 for accepted talks.

First come, first served. Submissions will not be returned.

Quick facts for speakers
+ presentation length 60-120 minutes, in English
+ complimentary travel and accommodation for one person[6]
+ decent speaker hospitality benefits
+ no marketing or product propaganda

Still not sure if this is for you? Check out the blast from the past.

The total amount of attendees, including speakers and organizers is limited to 99. Advisory Board recognize the OG Finnish sauna culture is an acquired taste and can promise the lack of sweaty, partially or fully nude sauna-goers at all conference functions.

[0] hunter2
[6] except literally @nudehaberdasher and @0xcharlie

How to submit
Fill out the form


Third time’s the unlucky charm. It’s been three Nas studio albums since the last t2. While in normal times having frequent releases from a one-time King of New York, and an overall legend, would make our day it does little to ease the situation.

My disappointment is immeasurable, and my day is ruined.

— John Jurasek, 2017

Just December, when the t2 Advisory Board last met, we were confident in our ability to organize the event this May. In fact, we were so certain we started to contact potential special speakers. The CFP post was updated and polished for 2022 – everything was ready to go. Our mood was celebratory and festive, as expected after having to cancel two years in a row. Unfortunately all the grandiose plans were premature.

The reasons for nuking t2’22 are two-fold – first and foremost, the overall global health situation. Secondly, our desire to avoid irrational exuberance – organizing an event failing financially would be very close to betting the farm, and if nothing else, erasing two decades worth of gradually built safety nets.

We warmly welcome you to join us for t2’23. Clarion Hotel Helsinki, 2023-05-04 – 2023-05-05. The twentieth anniversary edition.


In a normal world this would be the time we release the CFP for the next edition of t2. Unfortunately that is not the case. Our conservative-yet-optimistic-and-hopeful plan is looking less realistic as we step further into the twenties.

Unless someone from Pfizer/BioNTech or Moderna is looking to sponsor us with 200 doses of COVID-19 vaccine, we have no other choice but to postpone t2 once again. Due to the current uncertainty, we have decided after a long consideration to forgo organizing t2’21.

While the advisory board is heartbroken from missing two t2s in a row, the idea of not being able to organize a full blown t2 experience, which is both fun and safe for all attendees (and their families), is less appealing.

If it takes another year to bring you a roaring con and a lot of jazz, so be it. t2 is, has always been, and will always about the community. 

We will return in 2022.

t2’21 changelog

For the first time during the history of the event, we’re skipping a year. In our previous post we shared our thoughts on the topic, and in this one, we’re announcing some changes and updates to practicalities.

First and most importantly, starting next May t2 will take place in Clarion Hotel Helsinki. This is something which really excites us. Not only is Clarion one of the newest hotels in Helsinki, they have a spectacular Sky Room offering beautiful views and refreshing (c|m)ocktails for the weary traveler. Located just across the street from the previous hotel, with easy access by boat, we’re confident t2 is able to cater to demands of even the most discerning conference guests. In fact, anyone attending t2 with a Wellcraft Scarab 38′ KV will be treated to a bottle of champagne or dinner on the AB. Terms and conditions apply.

In our effort to push t2 in to the Security Vacation Club Global Top 5000 list, we paid particular attention to Clarion’s rooftop pool and terrace. Open to all hotel guests, two saunas and a heated pool make it almost too easy to enjoy the Helsinki weather. For the seasoned conference guests, we can recommend saunas with unheated pools or easy access to the Baltic sea.

While t2 has always had that welcoming and safe atmosphere of a community-driven event, where many of our attendees have delivered a talk at some point, and/or know organizers, speakers or other long-time attendees personally, we realize it’s time to make the unofficial official by introducing documented incident reporting procedures. Beginning with t2’21 we will be publishing a transparency report documenting any incidents or noteworthy events related to the conference. Previously we’ve had the localhostess supporting attendees during the event, organizers actively keeping everyone entertained and safe, and a conference EULA setting the expectation for polite behavior. Against this historical background we are expecting the transparency report to hopefully be uninteresting and devoid of content.

In the meanwhile, stay safe.

Terms and conditions for the “t2 Scarab challenge”

  • The boat must be in legal possession of the participant (owned or rented) for the duration of the event
  • The participant must arrive to the conference with the boat (subtle flair, and making a grandiose entrance are both expected, but not mandatory)
  • At least one Advisory Board member must be able to perform an off-shore inspection on the boat, at which time the claimant must demonstrate ability to wear shoes without socks.
  • In case multiple attendees co-own or co-rent an applicable Scarab, the offer is valid for the captain only.
  • Challenge limited to the first 15 claims, in order of berthing. Number of lifetime claims limited to five per participant.

t2 2021 officially announced

The next edition of t2 will happen in spring 2021. We’re opening our thought process below.

As the first phase of COVID-19 pandemic is almost behind us, it may initially seem counter-intuitive to cancel now. Rest assured, we still know what we’re doing. t2 has always been an event for the community by the community, and shifting the traditional October event was not an easy decision, but it was the only one we could make.

This isn’t the case of being risk averse, rather it’s about understanding both the upsides and the downsides, our own values and focusing on what truly matters.

As a community event, protecting both our audience and speakers is the only important thing at the moment. While countermeasures and protocols against the novel coronavirus and other infectious diseases have been implemented all over Europe, there’s very little practical experience on living with the “new normal”. Second wave might be coming in the fall and that’s just Europe. Last year we had visitors from 17 different countries.

Being a practically-non-commercial event, we can err on the side of caution – there’s no need to calculate “acceptable infection rate”. If you don’t personally know your audience and guests, you might be tempted to categorize “95-99% uninfected” as a job well done, and the few infected just being the cost of doing business. Yet, many of our visitors are longtime t2 attendees and good friends – the rest, new friends and (hopefully) future t2 visitors. Who’s an acceptable casualty?

With the heavy parts out of the way, we can now ridicule glitchy webinars as full blown conference replacements. No doubt watching a hung-over Grugq deliver a keynote over Zoom, wearing just Vibrams without pants, and waiting for the video to buffer like it’s RealPlayer’s heyday, is the epitome of conference immersion for many. After all, how cool it is to sit at home, unshaven and alone, in pajamas, while tweeting how awesome a conference you’re attending? During breaks, you can either join a chat room with thirty to fifty other introverts trying to make awkward small talk all implementing CSMA/CD, or better yet, call one of the other attendees you know and with whom you speak weekly in any case. Instead of proving Dave Aitel so wrong by serving him pizza in Europe at 02:30AM, you can play online (chat) roulette or read someone else’s retweets.

The in-person interaction, exchange of gifts/drinks/insults/cash/exploits, lobby bar chats, meeting new people or old friends whom you mostly meet in conferences, or just casually (and legally!) analysing the security level of a publicly available computing device are the key ingredients for a successful t2. Just like Campari & Soda, t2 is an acquired taste.

By postponing the event to 2021, we have plenty of time to scout for a new venue, with a functional lobby bar. Having t2 in spring means better weather in Helsinki – we’re expecting to finally reach the Security Vacation Club Global Top 5000 list and are thus preparing accordingly. In the meanwhile, we’ll collect more data on the global pandemic and event safety processes, which actually work. 

Exact dates and CFP will come out later. Stay safe. Be Brave.

Hacking ML in images (and everywhere else)

This time we’re looking back into our archives to bring you a presentation from Guy Barnhart-Magen and Ezra Caltum. In their t2’18 talk the BSidesTLV co-founders cover offensive research possibilities when it comes to machine learning systems. Do you know which ML attacks have the most business impact? Watch the video to learn more.

The presentation will be answering questions such as “what does it mean to hack a machine learning system?” and “what would you actually target?”, with an emphasis on the methodology and the way Guy and Ezra approached the problem.

We have always enjoyed these types of talks, as the shared knowledge powers the audience to do research and find their own zero days. Speaking of research and zero days – don’t forget to checkout BSidesTLV, coming July 2 2020!

John Lambert keynote

Merry Christmas! As a small Christmas gift, we’re publishing John Lambert‘s t2’19 keynote “Advancing InfoSec”.

In the keynote John demonstrates with practical examples how we can accelerate learning through “Githubication of Infosec”. If you are a modern defender, or aspire to be one, this is the presentation to watch. Without giving away too much, graphs, MITRE ATT&CK (with cloud updates), winter2020, and repeatable analysis with Jupyter notebooks are all covered.

Thank you John for keynoting this year, and our warmest gratitude for the following kind words:

t2 has always had that commitment to technical excellence. .. Conferences, they may start like this, but they don’t always end up like this.

— John Lambert

Honoring that tradition has kept us going for the past sixteen years, and we promise to continue work hard to keep it this way, as t2 has always been and always will be an event for the community. Next year’s conference dates are Oct 29-30, 2020.

Finance With Attitude

Those who personally partake in the autumn theater, or have bosses who are in the game, know this is the time of the year when bigger decisions are made.

Since everybody is exposed to big ticket items and larger numbers, throwing in the annual training cost is best done close to those discussions. A pro player separates the travel costs from the event cost, as these come from a different category anyways. Depending on your organization, there may or may not be leeway, so act accordingly.

Why go through all this trouble, our junior readers ask? Well, the discussion of attending t2’20 (and your other favorite cons) is a lot more easier for you and your boss, when everything has been agreed already beforehand and there is the money available for it. If you have a boss who appreciates employees making their life a tiny bit easier, giving the right support at the right time can go a long way. 

At the end of the day, your boss is the one who needs to figure out the right course of action after the Good Idea Fairy visited C-level executive(s) and they decided to go three levels deep into the budgeting spreadsheet to make cuts without any discussion on its impact or guidance on a new direction. Or maybe your boss was naive enough to provide accurate numbers from the get-go, when everyone else was inflating their numbers in anticipation of the first round of cuts. 

The worst kind of budgeting wizard just runs out of money in Q4, and the rest of the organization takes the hit. For those, you reserve your sneakiest DDE payload, figure out a chain of actions resulting in the file on their workstation, get the code running (everyone clicks OK at some point), establish persistence and wipe the payload from the original file. Whatever happens after this is left as an exercise for the reader.

Talking of planning, the big game hunter is saving up their Office 0days for this time of the year. Depending on the organization structure and budgeting process, it might be trivial to land your carefully crafted version of the budgeting numbers on at least one C-level workstation. Be sure to take note well in advance if someone is deviating from corporate policy with their device choice – this is most likely one of the easiest targets from exploitation perspective, as you can bet it lacks some or all hardening. IT isn’t too keen on debugging mysterious crashes happening to a unique snowflake, in case your toolkit isn’t that stable. Bonus points given for pretexting service desk with a false track record of unstable behaviour on a similar device, if you just can’t be bothered to get your budget items stable enough.

Not that any of these kinds of hypothetical things ever happen in real life. It would be ridiculous to potentially burn valuable exploits when you can just enjoy the adrenaline rush of quick rubber ducky action on the top floor, or casually misplace USB-cables in the right meeting rooms (Outlook Scheduling Assistant is your friend here).

So, get those events locked down on the budget level. Getting the commitment for your attendance well in advance never hurts.

After all, bug bounty and exploit money is typically reserved for bottle service, fast cars, exotic vacations and expensive handbags. And yeah, while Helsinki definitely can tick those boxes, we hope that the main reason for attending is our curated and hand picked program – finally available in its complete version.