Cosmic Duke

In this video from t2’15 Artturi Lehtiö peers inside over 7 years of state sponsored malware operations. The presentation covers themes such as less glamorous side of APT research, tools and approaches, in addition to the challenges related to publishing this type of information.

Those into offensive work can view the video as training material for improving tradecraft.

For additional information on the subject, here are the links for the whitepapers mentioned during the talk.

t2’17 schedule complete

Those on Twitter may have noticed yesterday that our schedule is finally complete and available online. Check out the contents and RT if you like what you see!

This year’s program is indeed great! There are many familiar names – almost an alumni meeting of sorts, but also those who are making their t2 debut. Speaking of debuts, our new sponsor Beyond Security will also be present and available to discuss SecuriTeam Secure Disclosure.

The last week of the challenge is starting – there is still time left to claim the free ticket to t2’17. Registrations have continued steadily, and 70% of available tickets have been sold. If you are planning to attend, we recommend booking your seat now.

Budgeting season

Surprisingly many companies lock down their next year’s budgets already in Q3. While many of our attendees have negotiated conference and training costs to be part of their annual non-negotiable compensation package, there are also those who rely on the good graces of financial overlords to okay their attendance. This post is to remind that it’s yet again time to have the discussion about t2’18 – after all, it’s the 15th anniversary.

Why do we pester our readers with this? As Thomas Lim finely stated it in his keynote at Infiltrate 2012:

“[..] Conferences don’t really make a lot of money, unless you’re Black Hat [..]”

In many years, the question of making a small profit to guarantee enough liquidity for organizing the next event comes down to having the right sponsors. No sane person would enter a business with this kind of a risk/reward ratio. The talk is filled with other gems as well, and it’s definitely worth watching.

The reasons for organizing are elsewhere, namely you want to give back to the community, love the atmosphere of a small event and want to see world class security presentations in your home country. The volunteer work behind the scenes only works when you focus on high quality and networking – it also helps getting repeat guests who value the effort put into curating the program, and setting the stage for making new friends. A considerable part of the audience comes from outside Finland, and it’s certainly not thanks to the weather.

To summarize some of our core values:

  • Networking is an integral part of the event
  • We focus on new research and technical aspects of information security
  • We never sell or give out the attendance list
  • Sponsorship does not give you a speaking slot or influence on the agenda, only CFP does

If you are interested in sponsoring t2, we are glad to discuss your exact needs. Please get in contact with us.

t2’17 challenge update

We are updating the rules slightly, and increasing the challenge scope to cover the complete LocalTapiola Bug Bounty program.

The basic rules stay the same, with these changes:

  • The in-scope domains are expanded to cover all the domains that are in-scope in the normal LocalTapiola bug bounty program as well
  • All submissions are eligible for bounties – the rules are the same as in the normal LocalTapiola bug bounty program ($50-$50k)
  • Only NEW reports are eligible – don’t duplicate current open and/or unresolved reports from the normal LocalTapiola bug bounty program
  • In any case of confusion or ambiguity between the two bug bounty programs – LocalTapiola reserves all rights to make wise decisions

Happy hunting!

t2’17 schedule online

The schedule for t2’17 is now available for your viewing pleasure.

There are two open speaking slots, and trust us, we are working on those. History has thought us to leave options on the table, and that’s exactly what we are doing. While focus of t2 is heavily on the networking and human interaction, we take curating conference program very seriously – a good mix of thought-provoking and hardcore tech presentations gives a fitting backdrop for the lobby bar chats.

It’s a little over two months until t2’17 and over 50% tickets have been sold already. Coincidentally, that’s also about 50% increase from last year. Opening up the ticket sales early has proved to be popular, and you can expect us to continue doing so in the future.

To ensure a seat in the audience, we recommend registering your attendance sooner than later. For those interested in a free admission, the challenge is still open!

 

Beyond Security to sponsor t2’17

We are happy to announce a new sponsor of t2! Beyond Security SSD is a high end vulnerability disclosure program established in 2007. With over a decade of history in the business, they have a solid understanding of researcher needs.

The products in the scope include major operations systems, widely used software components, web platforms and network infrastructure equipment / software. Reported vulnerabilities are communicated to both the affected vendor and Securiteam clients. You can view the latest vulnerability publications on Securiteam blogs. If you have any questions about the process, just tweet!

Should you want to meet them in person, you can do that at t2’17 in Helsinki, October 26-27. Good luck in bug hunting!

New location area code detected

After a solid run of nine years, we are changing the venue to Radisson Blu Seaside Hotel.

The old hotel certainly holds dear memories like the once-locked-down-and-restricted-but-now-retired web kiosks *krhm* and the lobby bar. Nevertheless, the new hotel offers freshly renovated guest rooms and larger meeting areas; features which are in the heart of conference experience.

The waterfront area offers a different view into Helsinki as it’s surrounded by both old and new – Sinebrychoff park is a couple of blocks away, while the neighboring Jätkäsaari island is the latest urban development in Helsinki. The Aleksanterikatu and Esplanadi area is as close as before, you just take the tram instead of metro or walking – travel time still under 10 minutes. Most importantly, compared to the previous venue, the odds for a boat chase are considerably better. Looking back, Radisson Blu Royal was the only hotel in t2 infosec history where getaway by boat was not that practical.

Helsinki residents and other long-time visitors may be shocked by the dramatic move of 700 meters (as the crow flies), but in the larger scheme of things, this is nothing – for example those who stayed at Bellagio when Black Hat was still held at Caesars Palace most likely walked to the conference. That distance is greater, despite being mostly indoors.

Staying fresh and keeping up with the times is required to stay in the game. With the challenge format reinvigorated, we hope that the new venue will keep us going strong – after 2017, if everything goes well, the planning for the 15th anniversary begins. Consider this year as the robustness test for the new venue.

Morgan Marquis-Boire keynote 2015

Edit: While the content has aged little, our keynote speaker choice failed on a catastrophic level. We are leaving this post and video up in the name of transparency.

“Those who cannot remember the past are condemned to repeat it.”

— George Santayana, The Life of Reason: The Phases of Human Progress – Vol. I, Reason in Common Sense. 1905

In this 2015 keynote headhntr aka Morgan Marquis-Boire philosophizes on nation state attacks, their history, how hackers operate, and the nature of the Internet. As with all philosophical content and/or keynotes, very little has fundamentally changed since the talk.

Is modern technology the Panopticon? What is the East Germany tipping point of today? Do you agree with Morgan at all? Watch the keynote and let us know on the Twitter with #t2infosec !

Trigger warning: Some slides TS/SI

t2’17 Challenge – a break from tradition

This year’s pre-conference challenge will be a t2 exclusive bug bounty. For more information on how to participate, please see the t2’17 Challenge page.

As we’ve been organizing challenges for over a decade, you might wonder why change now? For several years in a row, the challenge participant numbers have been steadily declining, despite increased efforts put into creating the technical puzzles, challenge descriptions and back stories, and actual promotion. It’s not just the number of submissions, but also the downloads and page views. Thomas Malmberg kindly pointed out that with conference challenges we’re competing for people’s time – this is the arena where also bug bounties play.

It was time for us to either adapt or perish. This being t2, failure was not an option and quitting is something you do for apps, not in real life. With conference budgets one simply does not organize a bug bounty – you need friends’ help for that. That is the reason we partnered up with LocalTapiola to provide you a t2 exclusive bug bounty, targeting a real world business application running in production environment. To make sure the spirit of t2 challenges is still there, we are emphasizing the vulnerability quality and proof of exploitability. The challenge is not a speed competition – the most elegant and meaningful vulnerability submission will receive the free ticket, and we have adjusted the whole bug bounty process to reflect that.

Once you convert someone else’s medium severity local file read into unauthenticated remote code execution, you start to value proper analysis and investigation into the technical details of a vulnerability. In other words, 2002 called – they want their apache-scalp.c back. The 15 year anniversary is a pure co-incidence, as is Dave Aitel’s headline keynote at t2’17, the stars just happened to align the right way, like good exploitation primitives after putting in the time and effort.

The challenge is dead. Long live the challenge.

We hope you enjoy the reinvigorated format!