How does one go about creating new tools and toolchains?
In “Sweet Tools O’ Mine” from t2’16 Hugo Teso shares his approach for creating an offensive toolkit, which contains both hardware and software parts. Learning by doing, when to leverage the power of existing solutions, and when to create your own are all discussed throughout the video.
If you are serious about offense, this is a presentation for you.
Iaitō, a GUI for radare2 reverse engineering framework is available on GitHub.
We’re continuing with the theme of securing international travel by releasing Andrea Barisani‘s Forging the USB Armory talk from t2’15.
Those enjoying international travel and/or operational situations, the dual-use capabilities of the platform might be something of interest. From safe USB charger, encrypted file storage and automated self-destruct, password manager, TOR access point to portable offensive toolkit, the opportunities are endless. Even if open source hardware design is outside your comfort zone, the video gives you a good glimpse into solving hard problems and the capabilities of USB Armory.
Again, as with all our curated releases, this is a must see – enjoy!
The code is available on GitHub, slides here and INTERLOCK code here.
International travel can be difficult, and for a security conscious person especially so.
In this video from t2’15 Georg Wicherski demonstrates a way of solving many problems related to carrying a personal computing device with you. For a person crossing borders on a regular basis or otherwise in need of heightened security for their laptop, this is a must see. Enjoy!
Do note that this has been actually implemented in practice instead of being just intellectual mastu^H^H^H a mental exercise. For more details about the setup, refer to the GitHub repository. The setup has been since updated to support TPM remote attestation.
Those in the business of securing enterprises and organizations should definitely watch OlleB‘s presentation from t2’15. Moving from point-in-time <insert-product-name-here> scans to a more structured approach using graphs, attack models, understanding and eradicating vulnerability classes or using safety/assurance cases is a long-term security investment.
Taking your defensive game to the next level requires trying out new approaches to old problems and sometimes challenging the conventional wisdom. This video should give you food for thought – it’s one of our favorites!
Since the first event in 2004, t2 has released annual pre-conference challenges for the attendees, people interested in showcasing their skills or gaining free attendance to the event. In this video from 2016 Ludvig Strigeus and Timo Hirvonen walk through the challenge and show how it’s all done.
Even if you are not into solving challenges you can learn how Ludde created a complete taxi meter application with built-in casino games!
If you want to learn how to apply defensive measures to protect offensive operations and your capabilities, Jacob Torrey’s “Nano-Scale Red Teaming: Making REs Cry With Device-Specific Opaque Execution” from t2’16 is the presentation to watch.
The wealth of knowledge presented on how to create trusted implants via physically uncloneable functions and encrypted execution is not limited to just theory as Jacob and Assured Information Security, Inc have released PUFlib on GitHub.
Live long and persist!
The first video we are releasing is the ’16 keynote “Learning the wrong lessons from Offense” by none other than Haroon Meer himself. With strong focus on getting defense right, this is the keynote to watch, regardless of whether you’re into compromises or preventing them.
Enjoy!
The beauty of good research is that it rarely gets old over night. Instead it matures, giving perspective to fundamentals or an outlook to a different time – possibly even igniting or re-igniting the passion and serving as a platform for fresh ideas. New technologies fall in the face of old methods yet defensive tactics still work despite being exposed to the real world for decades/centuries/millennia.
In 2015 we recorded talks for the first time, and continued doing so last year. These will be released semi-regularly, in no particular order, in the coming months. Having had the privilege of witnessing world class content at t2 over the years, we know what stands the test of time. While memes and movie references can either become classics or disappear completely, talent and fruits of persistent work remain.
Conferences are all about meeting people, making connections and exchanging information. By showcasing past presentations we hope to inspire you to start doing research and tinkering with technology – you will meet like-minded people from all over the world at t2.
Having recently returned from the warmer parts of EMEA, where nights are warm and days even warmer, the importance of having friends and making new ones seems somehow topical. Global and regional geopolitics get a new meaning, when you can enjoy pleasant discussions with people having a local insight. The often-repeated-cliché of travel widening your horizons certainly holds true, but only if you get away from hotel and airport lounges to spend enough time in one place to really soak in the surroundings.
Historically, Helsinki has been the host city for all kinds of talks, and in many ways, t2 follows those traditions. We cater to an all-encompassing audience, where everybody is welcome regardless of a funny hat they might wear. One person’s ethical choice is another’s livelihood, and yesterday’s break-up/bankruptcy/allsafe is today’s comeback tour/hottest startup/evilcorp.
Just like a good foothold inside a Jenkins server gives you the keys to the kingdom, allocating an annual training budget for t2 is a good investment, if you prefer meeting fantastic people, exchanging intel^H^H^H^H^Hknowledge, and learning from world class research. This year there are also other interesting opportunities around t2 in Helsinki – a sauna day opening the doors of private homes for sauna visits and a whole event dedicated just to salty liquorice.
What more could you ask from an infosec conference?
ps. Don’t forget to include lobby bar expenses in your training cost estimates!
Where did the last 365 days go? Time flies when you’re up all night cybering, and t2’16 is now just around the corner. The schedule for this year has been released, and we’ve reserved one slot for a wildcard – stay tuned for updates.
This week’s nation-state hackback / Counter Computer Network Exploitation / HUMINT op who-knows-what makes Peter Kosinar’s talk on Thursday more than relevant. We promise this is a total co-incidence! To prevent your C&C business intelligence server from getting compromised, coming early enough to check out the keynote is a good idea.
While t2-as-a-Service is not yet on our drawing board, opening up the registration together with the CFP seemed to be a popular move. Around 30% tickets were sold over the summer, and based on purchasing patterns of previous years, majority will be sold during the next 4-6 weeks. Last year was sold out a month before the conference – if you want to confirm your attendance, now is the time to do so.
As always, creating a conference schedule from CFP entries is not as easy as one might think. Balancing the content to cater to a varied audience means, unfortunately, leaving out quality submissions. The Advisory Board would like to thank each and everyone who submitted a talk this year – a conference is nothing without the speakers.