Hacking ML in images (and everywhere else)

This time we’re looking back into our archives to bring you a presentation from Guy Barnhart-Magen and Ezra Caltum. In their t2’18 talk the BSidesTLV co-founders cover offensive research possibilities when it comes to machine learning systems. Do you know which ML attacks have the most business impact? Watch the video to learn more.

The presentation will be answering questions such as “what does it mean to hack a machine learning system?” and “what would you actually target?”, with an emphasis on the methodology and the way Guy and Ezra approached the problem.

We have always enjoyed these types of talks, as the shared knowledge powers the audience to do research and find their own zero days. Speaking of research and zero days – don’t forget to checkout BSidesTLV, coming July 2 2020!

t2’19 speakers confirmed

The CFP is over for this year and the speaker lineup is ready for your reading pleasure.

Without sounding too enthusiastic for a Finn, it’s difficult not to get excited when there are entries on the agenda like the keynote from John Lambert, Distinguished Engineer and General Manager of the Microsoft Threat Intelligence Center. A seasoned t2 attendee might remember him from sparking the original inspiration behind olleB’s t2’15 talk ”If attackers think in graphs, why can’t we?”.

Looking at the schedule, it’s both refreshing and rousing to see research targeting wireless input devices and VPN clients. Both could easily be dismissed during target selection as mature technology, yet here we are. Having said that, there’s still a healthy focus on modern and up-and-coming tech in the agenda, such as using machine learning for vulndev.

Traditionally this post always ends with a gentle reminder to get your ticket early. The sales have been open for a couple of months and a good chunk of the tickets have already been sold. If you haven’t bought yours already, there’s not a better time for action than right now.

Halvar Flake keynote

The advisory board and organizers of t2 are honored and pleased to have Halvar Flake deliver the headlining keynote for the 15th anniversary edition of the event. His speaking history with t2 starts in 2005, and Halvar is certainly recognized as one the luminaries in the field. The following teaser provides a taste of what to expect.

Risks, Damn Lies, and Probabilities

IT continues to bring pervasive change to our societies, industries, and everyday life. This transformation also brings individualized and complicated risks to individuals, companies, and to societies.

IT security is, to some extent, charged with managing these risks. But for an industry tasked with managing risk, we are pretty unstructured in thinking about risk, accounting for risk, and most of all: Holding ourselves and other tech executives accountable for estimates of risks and their probabilities.

The IT industry is often incentivized to incur risks on behalf of others – and to underestimate the actual magnitude of these risks. Customers are either not empowered or not incentivized to challenge excessively rosy risk estimates. Entire executive careers in IT are built on underestimating risks incurred for others.

This talk will cover my observations about the ways we think sloppily about risk and harm, about the IT industries’ lack of risk management for systemic risks, and some thoughts about holding IT industry executives accountable for their risk estimates and decisions.

— Halvar Flake

t2’18 schedule online

The schedule for 2018 is now online.

We are extremely excited to have two excellent keynote speakers. The headlining keynote comes from none other than Halvar Flake himself, and Friday starts with a live action keynote by Viss. While we don’t officially have tracks as such, the themes revolve this year around machine learning, hardware, and vulnerability research, with a mix of exploitation and lessons learned.

It’s funny how things come together – we were never going for a classic t2 lineup, but ended up getting one nevertheless. Regular visitors and long time friends might notice that the list of speakers revisits 2005, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, and 2017. All in all, seven talks out of thirteen are given by people who have been with us before, many of them several times. As such, we feel this suits the 15th anniversary celebrations well.

Slightly over 30% of the tickets were sold during the summer, and since 2014 we’ve been sold out one to two months before the event. Register now.

Physical Penetration Testing

An audience favorite from the archives – Walter Belgers with “Physical Penetration Testing”. This a great example of a presentation, which hasn’t aged a day since as updates to physical security controls rarely happen at regular predefined intervals. In addition to being good fun, covert entry can also save time and effort if you happen to *krhm* forget your keys.

The content was tailored to include material specific to Finland.  Impatient viewers just wanting to see the Abloy Classic lockpicking can start the video from 47:07. Those watching the presentation more carefully might notice the mention of a familiar name who presented at t2’17.

Dave Aitel keynote 2017

Good news everyone!

As both SyScan360 and INFILTRATE are just around the corner, it’s about time we release the long-awaited t2’17 keynote by Dave Aitel.  Whether you’re into policy, tactics, offense, defense, or meta in general, the keynote covers a whole gamut of cyber. For the younger generation, understanding the references and why they are relevant is a good starting point in a path of never-ending learning. Instead of dropping spoilers, here’s the actual presentation itself:

Friends of inconvenient truths, hard questions, analysis of cyber meta (or if you want to see Dave Aitel press volume control button during a presentation), this is the video to watch!

The keynote should be deemed mandatory for anybody working with cyber policy or lawyers.

Cosmic Duke

In this video from t2’15 Artturi Lehtiö peers inside over 7 years of state sponsored malware operations. The presentation covers themes such as less glamorous side of APT research, tools and approaches, in addition to the challenges related to publishing this type of information.

Those into offensive work can view the video as training material for improving tradecraft.

For additional information on the subject, here are the links for the whitepapers mentioned during the talk.

t2’17 schedule complete

Those on Twitter may have noticed yesterday that our schedule is finally complete and available online. Check out the contents and RT if you like what you see!

This year’s program is indeed great! There are many familiar names – almost an alumni meeting of sorts, but also those who are making their t2 debut. Speaking of debuts, our new sponsor Beyond Security will also be present and available to discuss SecuriTeam Secure Disclosure.

The last week of the challenge is starting – there is still time left to claim the free ticket to t2’17. Registrations have continued steadily, and 70% of available tickets have been sold. If you are planning to attend, we recommend booking your seat now.

t2’17 schedule online

The schedule for t2’17 is now available for your viewing pleasure.

There are two open speaking slots, and trust us, we are working on those. History has thought us to leave options on the table, and that’s exactly what we are doing. While focus of t2 is heavily on the networking and human interaction, we take curating conference program very seriously – a good mix of thought-provoking and hardcore tech presentations gives a fitting backdrop for the lobby bar chats.

It’s a little over two months until t2’17 and over 50% tickets have been sold already. Coincidentally, that’s also about 50% increase from last year. Opening up the ticket sales early has proved to be popular, and you can expect us to continue doing so in the future.

To ensure a seat in the audience, we recommend registering your attendance sooner than later. For those interested in a free admission, the challenge is still open!