Making predictions is easy when you have friends in low places. They indeed helped us secure a solid 5/5 performance for our 2015
predictions already during H1. It’s all about making your own luck –
Lady Fortune is not that random when you know what’s happening in the operational area.
To summarize what has happened during the past few months:
This brings us to the CFP – it’s still open a couple of weeks and waiting for your submissions. If you want to present your research to a technical audience, enjoy cold weather in Helsinki and/or meet hacker-minded people from all over the world, t2 is definitely your conference.
The registration will open soon after the first rounds of CFP has been accepted. Last year we sold all of the seats well before the event – if you are looking to buy 5 or more tickets, please contact us now.
Why spend your valuable conference time in the longest lines you have seen in your life, getting a sun burn or totally lost in the canals with your rental boat, being deprived of chewing gum or waking up in Nong Palai without any recollection how you got there? Helsinki offers you the safe and comfortable low-temperature alternative with a chance of first snow. Finland, the home country of many things you thought came from Japan.
This is the country where the strong demo scene culture has spawned multiple globally successful game companies, rally cross is also known as winter commute and people are sometimes so silent you wonder whether their opsec is 6/5 or if they are just mute. Silence doesn’t mean social situations have to be totally awkward – just ask if anybody wants have a drink and go to a sauna, and soon you are sitting naked in a steamy hot room beating yourself with a bath whisk. Experiencing Finland is extremely safe due to standards compliance and decent level of government regulation.
t2’15 offers you an audience with a taste for technical security presentations containing original content. This is your chance to showcase the latest research and lessons in offensive cryptography, hardware hacking, art of developing and cultivating assets, next generation cyber-APT-attribution, compromising nation states, displaying calculators, blinking leds or making games run (in several wrong places), anti-forensics, covert entry, enterprise defense tactics and techniques, censored research..or something completely different warming the hearts of seasoned con-goers.
The advisory board will be reviewing submissions until 2015-07-15 23:59:59 UTC. First come, first served. Submissions will not be returned.
Quick facts for speakers
+ presentation length 60-120 minutes, in English
+ complimentary travel and accommodation
+ decent speaker hospitality benefits
+ no marketing or product propaganda
Still not sure if this is for you? Check out the blast from the past
How to submit
Fill out the form at https://t2.fi/action/cfp
ProTip: Incomplete submissions will not be reviewed.
Unlike the on-going / upcoming cyber cold war involving nation states, image boards, corporate entities and drunk hackers, 2014 has run its course. In the private and public sector this means it’s time to start drafting those e-mails about next t2 infosec being included in the 2015 training budget. While not all our attendees are dependent on the fiscal calendar, we see fit to remind those who are. Our offensive friends can think of it as adding your backdoor into the target’s build environment.
Looking back at the past couple of years, the content has, more than once, been ahead of the times. A recent example would be the IMSI catcher hulabaloo in Norway a couple of months after @raviborgaonkar‘s and Swapnil’s t2 presentation.
Without a doubt, 2015 will give us more vulns with funny names and fancy websites, the Internet Of pwned Things, the doomsday clock getting closer to midnight and horrifying yet awesome nation state capabilities. To sum this up with an out-of-context quote from the 1950s:
“It must be obvious… that there is a contradiction in wanting to be perfectly secure in a universe whose very nature is momentariness and fluidity.”
— Alan Watts, The Wisdom of Insecurity
ps. despite several requests to add BTC, gift cards, pieces of eight or crash triggers as payment methods, we’re still sticking to the credit card payments. Getting those prepaid cards is not that hard really. On a final note, invoices have been marked as obsolete and our next release might not support them.
Year after year we hear stories about people who annually almost attend t2. The intention is always there, but when the time comes to register for the event, they find themselves in the middle of a floppy disk inventory or some other significant crisis at (work|home|garden).
The question for many of these people then remains – was it any good, should I attend next year? The advisory board is certainly too biased to answer this question; we are like winemakers who think each year qualifies as a vintage. The regulars and other long-time conference goers gladly reminisce past events, while wearing some obscure and highly collectible t-shirt from ’04. In our view, a first time speaker’s opinion is probably a good objective yardstick.
Patrick Wardle, flying half-way across the globe to deliver two talks in the cold and snowy Helsinki, was kind enough to share his experiences in this Synack lab’s blog post. For other t2 coverage, see #t2infosec on Twitter
Due to recent extraordinary events, we’re diverting from our usual Challenge process this year. Instead of a traditional puzzle, a captured binary will be released for crowdsourced reverse-engineering.
Running assets is always difficult, however this year has been excruciating for t2 infosec. We lost one of our most prized and well placed deep cover operatives in a foreign three letter agency. Shortly after the CFP, communications stopped and we have to assume her new assignment is a permanent placement at a black site somewhere in Eastern Europe.
Luckily for us, the person was able to exfiltrate a key piece of an intelligence analysis system before disappearing. In order to turn the tables and go for the pride-and-ego down, our intention is to burn this capability once and for all.
Y-LOCKPOINT is designed for searching and analyzing compromised computer systems. Despite the OPSEC failures, which allowed us to gain access to front-end application, the binary is well-protected – preliminary analysis indicates emphasis on multi-layer protection and resistance to analysis.
Your mission, should you choose to accept it, is to participate in the crowdsourced reverse engineering effort of the acquired front-end binary.
The first person to recover all content will win a free ticket to t2’14 conference. In addition to this, the creators of the Challenge will select another winner among the next ten correct answers. The criteria for the other selection is the elegance of the answer. In short, you can win with both speed and style.
The Challenge will be released on 2014-09-13 10:00 EEST right here at t2.fi