Unlike the on-going / upcoming cyber cold war involving nation states, image boards, corporate entities and drunk hackers, 2014 has run its course. In the private and public sector this means it’s time to start drafting those e-mails about next t2 infosec being included in the 2015 training budget. While not all our attendees are dependent on the fiscal calendar, we see fit to remind those who are. Our offensive friends can think of it as adding your backdoor into the target’s build environment.
Looking back at the past couple of years, the content has, more than once, been ahead of the times. A recent example would be the IMSI catcher hulabaloo in Norway a couple of months after @raviborgaonkar‘s and Swapnil’s t2 presentation.
Without a doubt, 2015 will give us more vulns with funny names and fancy websites, the Internet Of pwned Things, the doomsday clock getting closer to midnight and horrifying yet awesome nation state capabilities. To sum this up with an out-of-context quote from the 1950s:
“It must be obvious… that there is a contradiction in wanting to be perfectly secure in a universe whose very nature is momentariness and fluidity.”
— Alan Watts, The Wisdom of Insecurity
ps. despite several requests to add BTC, gift cards, pieces of eight or crash triggers as payment methods, we’re still sticking to the credit card payments. Getting those prepaid cards is not that hard really. On a final note, invoices have been marked as obsolete and our next release might not support them.
Year after year we hear stories about people who annually almost attend t2. The intention is always there, but when the time comes to register for the event, they find themselves in the middle of a floppy disk inventory or some other significant crisis at (work|home|garden).
The question for many of these people then remains – was it any good, should I attend next year? The advisory board is certainly too biased to answer this question; we are like winemakers who think each year qualifies as a vintage. The regulars and other long-time conference goers gladly reminisce past events, while wearing some obscure and highly collectible t-shirt from ’04. In our view, a first time speaker’s opinion is probably a good objective yardstick.
Patrick Wardle, flying half-way across the globe to deliver two talks in the cold and snowy Helsinki, was kind enough to share his experiences in this Synack lab’s blog post. For other t2 coverage, see #t2infosec on Twitter
Due to recent extraordinary events, we’re diverting from our usual Challenge process this year. Instead of a traditional puzzle, a captured binary will be released for crowdsourced reverse-engineering.
Running assets is always difficult, however this year has been excruciating for t2 infosec. We lost one of our most prized and well placed deep cover operatives in a foreign three letter agency. Shortly after the CFP, communications stopped and we have to assume her new assignment is a permanent placement at a black site somewhere in Eastern Europe.
Luckily for us, the person was able to exfiltrate a key piece of an intelligence analysis system before disappearing. In order to turn the tables and go for the pride-and-ego down, our intention is to burn this capability once and for all.
Y-LOCKPOINT is designed for searching and analyzing compromised computer systems. Despite the OPSEC failures, which allowed us to gain access to front-end application, the binary is well-protected – preliminary analysis indicates emphasis on multi-layer protection and resistance to analysis.
Your mission, should you choose to accept it, is to participate in the crowdsourced reverse engineering effort of the acquired front-end binary.
The first person to recover all content will win a free ticket to t2’14 conference. In addition to this, the creators of the Challenge will select another winner among the next ten correct answers. The criteria for the other selection is the elegance of the answer. In short, you can win with both speed and style.
The Challenge will be released on 2014-09-13 10:00 EEST right here at t2.fi
Do you feel like Las Vegas is too hot, Berlin too bohème, Miami too humid, Singapore too clean and Pattaya just totally confusing ? No worries! Helsinki will be the perfect match for you – guaranteed low temperature, high tech and just enough regulation to make everything appear to be under control. This is the country where indestructible mobile phone and Linux kernel were invented.
Helsinki, the capital of Finland, known for the Finnish design and casual-yet-almost-sophisticated drinking culture offers you the chance to familiarize yourself with the birth place of many popular PC, console and mobile games. The murder rate of only 2.2 per 100 000 people makes Finland one of the safest countries for delivering a presentation. Do polar bears roam free in Helsinki? How do you go from being silent in three languages to having incoherent discussions in all of them? What does 176% mobile penetration look like? Come and see for yourself!
t2’14 is looking for technical infosec presentations with original content. Whether it’s your complicated relationship with the APT, embedded device exploitation, tactics and operational procedures in high stress / high risk operations, implementing or avoiding global surveillance, latest advances in offensive/defensive applications of computer science, the gospel of weird machine, breaking the Internet, reverse engineering milware or something totally different, we’d like to hear about it.
The advisory board will be reviewing submissions until 2014-07-04. First come, first served. No returns, no refunds.
Quick facts for speakers
+ presentation length 60-120 minutes, in English
+ complimentary travel and accommodation
+ decent speaker hospitality benefits
+ no marketing or product propaganda
A blast from the past:
How to submit
Please include the following with your submission (incomplete submissions will not be accepted):
- Contact information (email and cell phone)
- Country and city of origin for your travel to the conference
- Brief biography (including employer and/or affiliations)
- Title of the presentation
- Presentation abstract
- Explanation why your submission is significant
- If your presentation references a paper or piece of software that you have published, please provide us with either a copy of the said paper or software, or an URL where we can obtain it
- List any other publications or conferences where this material has been or will be published/submitted
Please send the above information to cfp-2014 (at) lists.t2.fi