It’s pretty crazy that even Dr Dre managed to release new music since the last time t2 was organized. The 3.5 years without a conference definitely put a dent on the proverbial ’64 Impala, despite a steady stream of releases from our favorite artists. Even FSMCs performed live!
“They wanna know if AB still got it, They say confs’ changed, they wanna know how we feel about it”
— Still t2
Coming back from the cold, CFP was one of the hardest ones we’ve had so far. The most brutal reviews and expectations for whether we curated a relevant program consisting of decent content or not comes from within the AB. “Why is that?” you ask sitting on a comfortable lobby bar sofa.
The Advisory Board of t2 has always had an aspirational goal of some day achieving certified status with the prestigious Security Vacation Club, yet we have decided to not submit an application until we can demonstrate a track record of at least twenty successful events.
On practical terms, using random puzzle pieces to put together a sensible picture, isn’t just dependent on the quality of individual pieces. It also depends on other ones on the table at the same time.
Right now we feel there’s a credible set of heavy hitters to warrant publishing our program in beta. Having said that, we are still working on it to make sure there’s the right recipe in the mix to facilitate those lobby bar discussions.
We still have about 25 tickets left. If you plan on attending and have not yet bought a ticket, it’s more or less the perfect moment (and second-to-last chance to do). The closer the event gets, the more likely it is someone comes and just buys 5+ at a time.
And yes, it’s on – with additional small print: a t2 Scarab challenge winner who uses a white ’86 Testarossa for ground transportation during the whole duration of t2’23 receives a free entry to t2’24 and t2’25.
This time we’re looking back into our archives to bring you a presentation from Guy Barnhart-Magen and Ezra Caltum. In their t2’18 talk the BSidesTLV co-founders cover offensive research possibilities when it comes to machine learning systems. Do you know which ML attacks have the most business impact? Watch the video to learn more.
The presentation will be answering questions such as “what does it mean to hack a machine learning system?” and “what would you actually target?”, with an emphasis on the methodology and the way Guy and Ezra approached the problem.
We have always enjoyed these types of talks, as the shared knowledge powers the audience to do research and find their own zero days. Speaking of research and zero days – don’t forget to checkout BSidesTLV, coming July 2 2020!
The CFP is over for this year and the speaker lineup is ready for your reading pleasure.
Without sounding too enthusiastic for a Finn, it’s difficult not to get excited when there are entries on the agenda like the keynote from John Lambert, Distinguished Engineer and General Manager of the Microsoft Threat Intelligence Center. A seasoned t2 attendee might remember him from sparking the original inspiration behind olleB’s t2’15 talk ”If attackers think in graphs, why can’t we?”.
Looking at the schedule, it’s both refreshing and rousing to see research targeting wireless input devices and VPN clients. Both could easily be dismissed during target selection as mature technology, yet here we are. Having said that, there’s still a healthy focus on modern and up-and-coming tech in the agenda, such as using machine learning for vulndev.
Traditionally this post always ends with a gentle reminder to get your ticket early. The sales have been open for a couple of months and a good chunk of the tickets have already been sold. If you haven’t bought yours already, there’s not a better time for action than right now.
The advisory board and organizers of t2 are honored and pleased to have Halvar Flake deliver the headlining keynote for the 15th anniversary edition of the event. His speaking history with t2 starts in 2005, and Halvar is certainly recognized as one the luminaries in the field. The following teaser provides a taste of what to expect.
Risks, Damn Lies, and Probabilities
IT continues to bring pervasive change to our societies, industries, and everyday life. This transformation also brings individualized and complicated risks to individuals, companies, and to societies.
IT security is, to some extent, charged with managing these risks. But for an industry tasked with managing risk, we are pretty unstructured in thinking about risk, accounting for risk, and most of all: Holding ourselves and other tech executives accountable for estimates of risks and their probabilities.
The IT industry is often incentivized to incur risks on behalf of others – and to underestimate the actual magnitude of these risks. Customers are either not empowered or not incentivized to challenge excessively rosy risk estimates. Entire executive careers in IT are built on underestimating risks incurred for others.
This talk will cover my observations about the ways we think sloppily about risk and harm, about the IT industries’ lack of risk management for systemic risks, and some thoughts about holding IT industry executives accountable for their risk estimates and decisions.
We are extremely excited to have two excellent keynote speakers. The headlining keynote comes from none other than Halvar Flake himself, and Friday starts with a live action keynote by Viss. While we don’t officially have tracks as such, the themes revolve this year around machine learning, hardware, and vulnerability research, with a mix of exploitation and lessons learned.
It’s funny how things come together – we were never going for a classic t2 lineup, but ended up getting one nevertheless. Regular visitors and long time friends might notice that the list of speakers revisits 2005, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, and 2017. All in all, seven talks out of thirteen are given by people who have been with us before, many of them several times. As such, we feel this suits the 15th anniversary celebrations well.
Slightly over 30% of the tickets were sold during the summer, and since 2014 we’ve been sold out one to two months before the event. Register now.
An audience favorite from the archives – Walter Belgers with “Physical Penetration Testing”. This a great example of a presentation, which hasn’t aged a day since as updates to physical security controls rarely happen at regular predefined intervals. In addition to being good fun, covert entry can also save time and effort if you happen to *krhm* forget your keys.
The content was tailored to include material specific to Finland. Impatient viewers just wanting to see the Abloy Classic lockpicking can start the video from 47:07. Those watching the presentation more carefully might notice the mention of a familiar name who presented at t2’17.
As both SyScan360 and INFILTRATE are just around the corner, it’s about time we release the long-awaited t2’17 keynote by Dave Aitel. Whether you’re into policy, tactics, offense, defense, or meta in general, the keynote covers a whole gamut of cyber. For the younger generation, understanding the references and why they are relevant is a good starting point in a path of never-ending learning. Instead of dropping spoilers, here’s the actual presentation itself:
Friends of inconvenient truths, hard questions, analysis of cyber meta (or if you want to see Dave Aitel press volume control button during a presentation), this is the video to watch!
The keynote should be deemed mandatory for anybody working with cyber policy or lawyers.
In this video from t2’15Artturi Lehtiö peers inside over 7 years of state sponsored malware operations. The presentation covers themes such as less glamorous side of APT research, tools and approaches, in addition to the challenges related to publishing this type of information.
Those into offensive work can view the video as training material for improving tradecraft.
For additional information on the subject, here are the links for the whitepapers mentioned during the talk.
This year’s program is indeed great! There are many familiar names – almost an alumni meeting of sorts, but also those who are making their t2 debut. Speaking of debuts, our new sponsor Beyond Security will also be present and available to discuss SecuriTeam Secure Disclosure.
The last week of the challenge is starting – there is still time left to claim the free ticket to t2’17. Registrations have continued steadily, and 70% of available tickets have been sold. If you are planning to attend, we recommend booking your seat now.