An audience favorite from the archives – Walter Belgers with “Physical Penetration Testing”. This a great example of a presentation, which hasn’t aged a day since as updates to physical security controls rarely happen at regular predefined intervals. In addition to being good fun, covert entry can also save time and effort if you happen to *krhm* forget your keys.
The content was tailored to include material specific to Finland. Impatient viewers just wanting to see the Abloy Classic lockpicking can start the video from 47:07. Those watching the presentation more carefully might notice the mention of a familiar name who presented at t2’17.
As both SyScan360 and INFILTRATE are just around the corner, it’s about time we release the long-awaited t2’17 keynote by Dave Aitel. Whether you’re into policy, tactics, offense, defense, or meta in general, the keynote covers a whole gamut of cyber. For the younger generation, understanding the references and why they are relevant is a good starting point in a path of never-ending learning. Instead of dropping spoilers, here’s the actual presentation itself:
Friends of inconvenient truths, hard questions, analysis of cyber meta (or if you want to see Dave Aitel press volume control button during a presentation), this is the video to watch!
The keynote should be deemed mandatory for anybody working with cyber policy or lawyers.
In this video from t2’15Artturi Lehtiö peers inside over 7 years of state sponsored malware operations. The presentation covers themes such as less glamorous side of APT research, tools and approaches, in addition to the challenges related to publishing this type of information.
Those into offensive work can view the video as training material for improving tradecraft.
For additional information on the subject, here are the links for the whitepapers mentioned during the talk.
Edit: While the content has aged little, our keynote speaker choice failed on a catastrophic level. We are leaving this post and video up in the name of transparency.
“Those who cannot remember the past are condemned to repeat it.”
— George Santayana, The Life of Reason: The Phases of Human Progress – Vol. I, Reason in Common Sense. 1905
In this 2015 keynote headhntr aka Morgan Marquis-Boire philosophizes on nation state attacks, their history, how hackers operate, and the nature of the Internet. As with all philosophical content and/or keynotes, very little has fundamentally changed since the talk.
Is modern technology the Panopticon? What is the East Germany tipping point of today? Do you agree with Morgan at all? Watch the keynote and let us know on the Twitter with #t2infosec !
How does one go about creating new tools and toolchains?
In “Sweet Tools O’ Mine” from t2’16Hugo Teso shares his approach for creating an offensive toolkit, which contains both hardware and software parts. Learning by doing, when to leverage the power of existing solutions, and when to create your own are all discussed throughout the video.
If you are serious about offense, this is a presentation for you.
Iaitō, a GUI for radare2 reverse engineering framework is available on GitHub.
We’re continuing with the theme of securing international travel by releasing Andrea Barisani‘s Forging the USB Armory talk from t2’15.
Those enjoying international travel and/or operational situations, the dual-use capabilities of the platform might be something of interest. From safe USB charger, encrypted file storage and automated self-destruct, password manager, TOR access point to portable offensive toolkit, the opportunities are endless. Even if open source hardware design is outside your comfort zone, the video gives you a good glimpse into solving hard problems and the capabilities of USB Armory.
Again, as with all our curated releases, this is a must see – enjoy!
International travel can be difficult, and for a security conscious person especially so.
In this video from t2’15Georg Wicherski demonstrates a way of solving many problems related to carrying a personal computing device with you. For a person crossing borders on a regular basis or otherwise in need of heightened security for their laptop, this is a must see. Enjoy!
Do note that this has been actually implemented in practice instead of being just intellectual mastu^H^H^H a mental exercise. For more details about the setup, refer to the GitHub repository. The setup has been since updated to support TPM remote attestation.
Those in the business of securing enterprises and organizations should definitely watch OlleB‘s presentation from t2’15. Moving from point-in-time <insert-product-name-here> scans to a more structured approach using graphs, attack models, understanding and eradicating vulnerability classes or using safety/assurance cases is a long-term security investment.
Taking your defensive game to the next level requires trying out new approaches to old problems and sometimes challenging the conventional wisdom. This video should give you food for thought – it’s one of our favorites!
Since the first event in 2004, t2 has released annual pre-conference challenges for the attendees, people interested in showcasing their skills or gaining free attendance to the event. In this video from 2016 Ludvig Strigeus and Timo Hirvonen walk through the challenge and show how it’s all done.
Even if you are not into solving challenges you can learn how Ludde created a complete taxi meter application with built-in casino games!