Henri Lindberg | t2 infosec conference

2016-05-08

Call for Papers 2016

If you are tired of any of the following: 1) conferences where coffee service equals one coupon (= cup) per day, 2) conferences with crazy-ass lines making world’s busiest transit hubs seem like a pleasurable life experience, 3) conferences showcasing talks indistinguishable from sponsored content, or 4) conferences which overcharge and underdeliver, please continue reading.

t2 has throughout its history offered speakers and guests an intimate atmosphere where ideas can be exchanged with fellow hax0rz. We take pride in treating speakers as guests of honor – presenting a talk at t2 and visiting Helsinki is something we want you to both remember and enjoy.

Finland is a country, which has pioneered things such as the first web browser with a GUI[1], has no embassy in New Zealand and has introduced the world some minor tech stuff such as Linux and SMS. In case your bucket list contains BDSM with complete strangers, just submit a paper, come to Helsinki and ask for Finnish sauna [2].

While Helsinki cannot offer you sunshine, resorts or palm trees, we can compensate that with cold weather, eternal winter, darkness, and snow if you’re lucky. According to the latest OECD statistics[3], Finland has as many metal bands as France has wine producers, but more metal subgenres than there are wine regions.

t2’16 offers you an audience with a taste for technical security presentations containing original content. This is your chance to showcase the latest research and lessons in offensive offense, enterprise compromise, ambiguous APT-attribution, nation state lulz, anti-anti-anti-forensics, blacklisted research, crafting digital munitions, defense strategy and tactics that actually work, tampering anti-tamper units, competitive barbecue and/or doping in professional sports. Topics outside the listed categories are accepted as long as you promise to share love and happiness.

The advisory board will be reviewing submissions until 2016-07-01.
First come, first served. Submissions will not be returned.

Quick facts for speakers

presentation length 60-120 minutes, in English
complimentary travel and accommodation for one person [4]
decent speaker hospitality benefits
no marketing or product propaganda

Still not sure if this is for you? Check out the blast from the past:
https://t2.fi/schedules/

ps. If you are one of those dedicated hardcore t2 visitors and want to ensure your place in the audience even before speakers are announced.. The registration is now open!

How to submit
Fill out the form at https://t2.fi/action/cfp

References
[0] https://en.wikipedia.org/wiki/Erwise
[1] http://www.visitfinland.com/article/10-sauna-tips-for-beginners/
[2] https://www.google.com/search?q=site:oecd-nea.org+filetype:php
[3] With the exception of Charlier Miller and Chris Valasek
[4] Yes, we know

2016-04-12

Call for Artists

t2 is looking for an artistically gifted professional interested in refreshing the visual brand language of the conference. The task entails renewing the whole look and creating online+offline assets accordingly.

Understanding what infosec events and the participants are all about is a plus. Throughout the past decade t2 has worked hard to provide a first class conference in an intimate setting – we’re taking that a step further by making everything more pleasing to the eye.

What is this all about ?

influence over visual identity (the t2 logo being the only exception)
ascii, RGB, CMYK
compensation provided (don’t expect platinum grills and a Maybach)
small gfx tasks every once in a while
fun times with the annual schwag extravaganza

Preferably you will have non-existent or very limited skills in developing weaponized multiplatform 0days for common picture formats.

If you know who Robert Bringhurst is, know demoscene, like stickers, prefer black or like old skool rap you’re given definite bonus points.

Those interested in applying, please e-mail to info-2016@lists.t2.fi with an application and a link to your drive-by ex^H^H^H^H^H^H^H^H^H^H portfolio.

The deadline for applications is 2016-05-01 16:20 UTC+2

2015-10-05

99 problems but a free ticket ain’t one

Three and half weeks until t2’15. We’re sold out but we didn’t sell out. The hard limit of 99 attendees is the corner stone of the conference and come hell or high water, it’s here to stay.

It’s also the reason we think now is a good time to remind those who plan on attending t2’16 to sneak those figures into next year’s budget. After that, it’s just a case of “We had this discussion last October” and “Our training budget accounts for t2, lobby bar and/or random 0day”. Some of the more veteran attendees have taken this a step further and just labeled the cost as threat intel. After all, it’s the one budget category where you can pour in money and nobody questions the spending or the results.

Speaking of money, we’d like to see Lester Freamon’s take on attribution when it comes to those annoyingly pedestrian toolkits.

2015-09-25

Registration closed

The registration for t2’15 is now closed and all available tickets have been sold.

Yes – just like last year, we’re out of seats a month before the event. The only remaining ticket is the one awarded for the most elegant challenge write-up. It’s literally the last chance if you don’t have a ticket by now!

A big thank you to all registered attendees and speakers – you are making this happen. See you next month in Helsinki!

2015-09-19

Electronic emanations explained

Some of us are young/old enough to have spent too much time browsing through Cryptome archives in the late 90s and being amazed by documents about ECHELON and TEMPEST. Yet, it only took a couple of decades to see those unravel before our very eyes.

Compared to many other security topics, open source information available on electromagnetic intelligence cannot be described as extensive nor comprehensive. Luckily, the talented researchers from Tel Aviv took public research to a new level by demonstrating their 300 USD pita bread.

The setup brings practical attacks to class rooms and coffee shops near you. This time paper and pencil are recommended for taking notes.

2015-09-14

t2’15 Challenge to be released 2015-09-19 10:00 EEST

Last year’s crowdsourcing effort was a definite success and that inspired us to go for a crowdsourced cryptanalysis mission.

Background

After last year’s t2 we spent the cold winter months browsing through online auctions for historical data processing equipment. Just like LinkedIn profiles revealing sensitive projects and inside information, old devices and mass storage units can be a treasure trove for the lucky.

The mystery box we received in the mail is suspected to be a part of secure communication infrastructure between nation states. After hard work and tedious efforts, we managed to extract an executable from the device for analysis.

Details

The first person to recover all content will win a free ticket to t2’15 conference. In addition to this, the creators of the Challenge will select another winner among the next ten correct answers. The criteria for the other selection is the elegance of the answer. In short, you can win with both speed and style.

The Challenge will be released on 2015-09-19 10:00 EEST right here at t2.fi

2015-08-17

t2’15 schedule now online

So many CFP entries, so little time. The schedule for 2015 is ready
and finalized, and as always, we’re pretty excited! There’s a mix of
high level and low level, offense and defense, cocktails and
networking. ..and by the way, our keynote speaker is @headhntr.

This year we’re continuing the tradition of not having dedicated
tracks – therefore Thursday’s string of OPSEC presentations is just a glitch in the random number generator. The same glitch also caused Alexander Bolshev and Boris Ryutin to receive two one hour slots for their exploit development workshop. AVR microcontrollers have never been this interesting!

As anybody who’s been to security conferences during the last decade knows, it takes something special to have a solid fuzzing presentation – Nils‘ “Windows kernel fuzzing” definitely
hits the mark. Speaking of awesomeness previously available only with nation state budgets, the guys from Tel Aviv university are
demonstrating what EMSEC means in practice. You probably want to take notes with pencil and paper this time.

The hard limit of 99 attendees (including the speakers and t2 staff)
is again in full effect. No exceptions, no excuses. Early registration
is definitely recommended. As always, t2’15 will take place in Radisson Blu Royal Hotel Helsinki.

2015-06-27

Fortuna Huiusce Diei

Making predictions is easy when you have friends in low places. They indeed helped us secure a solid 5/5 performance for our 2015
predictions already during H1. It’s all about making your own luck –
Lady Fortune is not that random when you know what’s happening in the operational area.

To summarize what has happened during the past few months:

the doomsday clock was moved closer to midnight
we got vulns with funny names..
..and fancy websites
Internet of pwned Things and..
horrifying-yet-awesome nation state capabilities

This brings us to the CFP – it’s still open a couple of weeks and waiting for your submissions. If you want to present your research to a technical audience, enjoy cold weather in Helsinki and/or meet hacker-minded people from all over the world, t2 is definitely your conference.

The registration will open soon after the first rounds of CFP has been accepted. Last year we sold all of the seats well before the event – if you are looking to buy 5 or more tickets, please contact us now.

2015-06-01

Call for Papers 2015

Why spend your valuable conference time in the longest lines you have seen in your life, getting a sun burn or totally lost in the canals with your rental boat, being deprived of chewing gum or waking up in Nong Palai without any recollection how you got there? Helsinki offers you the safe and comfortable low-temperature alternative with a chance of first snow. Finland, the home country of many things you thought came from Japan.

This is the country where the strong demo scene culture has spawned multiple globally successful game companies, rally cross is also known as winter commute and people are sometimes so silent you wonder whether their opsec is 6/5 or if they are just mute. Silence doesn’t mean social situations have to be totally awkward – just ask if anybody wants have a drink and go to a sauna, and soon you are sitting naked in a steamy hot room beating yourself with a bath whisk. Experiencing Finland is extremely safe due to standards compliance and decent level of government regulation.

t2’15 offers you an audience with a taste for technical security presentations containing original content. This is your chance to showcase the latest research and lessons in offensive cryptography, hardware hacking, art of developing and cultivating assets, next generation cyber-APT-attribution, compromising nation states, displaying calculators, blinking leds or making games run (in several wrong places), anti-forensics, covert entry, enterprise defense tactics and techniques, censored research..or something completely different warming the hearts of seasoned con-goers.

The advisory board will be reviewing submissions until 2015-07-15 23:59:59 UTC. First come, first served. Submissions will not be returned.

Quick facts for speakers
+ presentation length 60-120 minutes, in English
+ complimentary travel and accommodation
+ decent speaker hospitality benefits
+ no marketing or product propaganda

Still not sure if this is for you? Check out the blast from the past

How to submit
Fill out the form at https://t2.fi/action/cfp

ProTip: Incomplete submissions will not be reviewed.

2015-01-03

Budgets, t2 and IMSI catchers

Unlike the on-going / upcoming cyber cold war involving nation states, image boards, corporate entities and drunk hackers, 2014 has run its course. In the private and public sector this means it’s time to start drafting those e-mails about next t2 infosec being included in the 2015 training budget. While not all our attendees are dependent on the fiscal calendar, we see fit to remind those who are. Our offensive friends can think of it as adding your backdoor into the target’s build environment.

Looking back at the past couple of years, the content has, more than once, been ahead of the times. A recent example would be the IMSI catcher hulabaloo in Norway a couple of months after @raviborgaonkar‘s and Swapnil’s t2 presentation.

Without a doubt, 2015 will give us more vulns with funny names and fancy websites, the Internet Of pwned Things, the doomsday clock getting closer to midnight and horrifying yet awesome nation state capabilities. To sum this up with an out-of-context quote from the 1950s:

“It must be obvious… that there is a contradiction in wanting to be perfectly secure in a universe whose very nature is momentariness and fluidity.”

— Alan Watts, The Wisdom of Insecurity

ps. despite several requests to add BTC, gift cards, pieces of eight or crash triggers as payment methods, we’re still sticking to the credit card payments. Getting those prepaid cards is not that hard really. On a final note, invoices have been marked as obsolete and our next release might not support them.