t2’18 challenge

Regular visitors and friends of t2 know our struggles with the annual challenge. The main purpose behind the puzzle has always been to find and recognize passionate people who have the talent, but sometimes lack the necessary budget to attend the event. We strongly believe in paying it forward and this tradition is something we want to hold on to.

For t2’18 the annual challenge will take a new form. To showcase technical excellence and prove you deserve a free ticket, all you need to do is submit an open application (preferably in ASCII format) over e-mail. Whether it’s your tool repository on github, awesome local meetup presentation, craziest exercise in memory manipulation, a recent bug bounty submission or something completely different, let us know. Supporting evidence goes a long way.

Rules of the challenge

  • The Advisory Board will select 0-2 ticket recipients out of the submissions
  • Challenge deadline is August 4, 2018 @ 23:59:59 UTC
  • Submissions must be sent to info-2018@lists.t2.fi
  • Criteria for selection is unscientific, tough but fair and may change at any time
  • Participants unestablished in the security industry will receive a scoring multiplier
  • The free ticket entitles to the same perks as a single regular ticket
  • Travel costs (if required to participate) are not covered by the prize
  • Decisions are final, but we still love you. It’s not you, it’s us. We hope we can still be friends.

Call for Papers 2018

Join us for the 15th anniversary celebrations on Oct 25-26! CFP and ticket sales are now open.

To truly appreciate the full spectrum of cyber, one simply needs to visit Helsinki. Sooner or later you need a break from the sunshine and warmth, and it is exactly that contrast we can provide. Located halfway between Miami and Singapore (the long way round), just 3200 km NNW of Tel-Aviv, we can offer you a wintry experience which has almost nothing to do with those cities[0]. More than once the first snow has fell in Helsinki during t2, making the small and intimate conference a tiny bit comfier.

What is Finland all about? In addition to having won 2018 U18 ice hockey world championship[1], the latest UN studies[2] describe Finland as the happiest country in the world. Sauna, sisu[3] and perkele – the three pillars of a small, yet resourceful nation which created Linux kernel, ice skates, and the safety reflector. In the capital city Helsinki a reasonable person can walk safely in the middle of the night, enjoy clean tap water and partake in naked[4] swimming.

At t2 we embrace that national essence – punctuality and reliability. We organize this conference out of love and do our best to make it a memorable experience to both speakers and audience alike. If you’re in doubt, just send questions with #t2infosec hashtag on Twitter for an (un)biased opinion. This is an event from hackers to hackers.

t2’18 offers you an audience with a taste for technical security presentations containing original content. This is your chance to showcase the latest research and lessons in memory manipulation, practical cryptographic attacks, subverting secure hardware, exploitation of artificial intelligence, avoiding murder mysteries and train robberies, targeting needles from haystacks, securing the enterprise, secdevops/devsecops, industrial control systems, remote centrifuge operation, upstream collection, covert entry, TLAs or any other relevant research containing the type of love and happiness appreciated by seasoned conference attendees.

The advisory board will be reviewing submissions until 2018-07-31.
First come, first served. Submissions will not be returned.

Quick facts for speakers
+ presentation length 60-120 minutes, in English
+ complimentary travel and accommodation for one person[6]
+ decent speaker hospitality benefits
+ no marketing or product propaganda

Still not sure if this is for you? Check out the blast from the past.

Considering many of our visitors know what they want and trust us to deliver, we’re making their life easy.. The registration is now open!

The total amount of attendees, including speakers and organizers is limited to 99.

How to submit
Fill out the form at https://t2.fi/action/cfp

[0] We do have running water and electricity (as of writing)
[1] https://en.wikipedia.org/wiki/IIHF_World_U18_Championship even in the
medal statistics we’re the neutral buffer between the West and the East
[2] http://www.bbc.com/news/world-43414145
[3] https://en.wikipedia.org/wiki/Sisu
[4] https://www.hel.fi/helsinki/en/culture/sports/indoor/swimming/yrjonkatu-swimming-hall
[5] hunter2
[6] Except literally @nudehaberdasher and @0xcharlie

Site maintenance

We are doing some major updates to the t2.fi website – so the site might not work normally for a while.

Stay tuned.

Physical Penetration Testing

An audience favorite from the archives – Walter Belgers with “Physical Penetration Testing”. This a great example of a presentation, which hasn’t aged a day since as updates to physical security controls rarely happen at regular predefined intervals. In addition to being good fun, covert entry can also save time and effort if you happen to *krhm* forget your keys.

The content was tailored to include material specific to Finland.  Impatient viewers just wanting to see the Abloy Classic lockpicking can start the video from 47:07. Those watching the presentation more carefully might notice the mention of a familiar name who presented at t2’17.

Dave Aitel keynote 2017

Good news everyone!

As both SyScan360 and INFILTRATE are just around the corner, it’s about time we release the long-awaited t2’17 keynote by Dave Aitel.  Whether you’re into policy, tactics, offense, defense, or meta in general, the keynote covers a whole gamut of cyber. For the younger generation, understanding the references and why they are relevant is a good starting point in a path of never-ending learning. Instead of dropping spoilers, here’s the actual presentation itself:

Friends of inconvenient truths, hard questions, analysis of cyber meta (or if you want to see Dave Aitel press volume control button during a presentation), this is the video to watch!

The keynote should be deemed mandatory for anybody working with cyber policy or lawyers.

t2’17 Challenge winner announced

This year’s free ticket was awarded at LocalTapiola HackDay to the team who discovered the most severe vulnerability. After a full day of analyzing, verifying and rating the reported vulnerabilities, we had a clear winner rising above the competitors.

Congratulations Harri Kuosmanen of team ROT! Well done!

We would also like to thank all the other teams and those participating in the challenge during the summer. The countdown to t2’17 starts now – see you on Thursday! (..or Wednesday night at one of the many pre-event meetups/lobby bar gatherings)

If you have ideas on how to give out free tickets to our 15th anniversary event next year, please let us know!

What ever happened to the t2 challenge?

So, the t2 challenge of 2017.. It’s over for sure, but not in a way we anticipated. Before we get ahead of ourselves, let’s get back to the beginning.

The challenge was originally created in 2005 to give out free tickets to people with fantastic technical talents – there were two tracks, speed and elegance. You could either win by being the first one to solve the challenge, or by submitting the finest write-up. The idea was that also those without a personal training budget had a chance of participating the event – in practice, many new talents got a turbo boost for their contacts and career in security.

The format was successful for almost a decade, until the successful completions, attempts and downloads/page views started to drop steadily. The numbers were coming down and there was no denying it – the format of each year’s challenge appeared to have no effect on this.

We tried to compensate by putting more effort into creating the challenges, and promoted them also on Twitter in addition to the traditional channels. Alas, this did not work and we pivoted to a bug bounty this year.

The challenge was open for three full months over the summer, and during that time our own tweets alone reached over 130 000 people. Further promotion was done on our own blog, and mailing list, in addition to Full Disclosure and DailyDave. In the spirit of past challenges, the rules emphasized quality submissions and finesse to allow people to focus on what truly matters. Most importantly, the target had been selected exclusively for the t2 challenge, and had not been previously subjected to a bug bounty.

Despite a major scope increase two weeks before the challenge end date, we received exactly zero submissions. Not one, not two, but Z-to-the-E-to-the-R-to-the-0. Talk about failing..

Our question now to you, esteemed fellow hackers is:

How should we give out the free tickets in the future?

Please tweet or e-mail us, we want to hear your ideas! All feedback on the subject is appreciated.

There is sunshine after the rain – our good friend Leo Niemelä invited t2 to judge the annual LocalTapiola Hack Day. That’s the where the story continues in the following post.

Registration closed

The registration for t2’17 is now closed and all available tickets have been sold.

Yes – just like last year, we’re out of seats a month before the event.

A big thank you to all registered attendees and speakers – you are making this happen. See you soon!

F-Secure sponsors t2’17

As one of our oldest supporters, F-Secure has been sponsoring t2 since 2011. We’re more than delighted to have sponsors who stick around! A cyber security company headquartered in Helsinki, with 25 offices around the world, F-Secure will be celebrating their 30th anniversary next year.

A home to many recognized security experts, F-Secure provides a broad range of cyber security products and services to consumers, corporations and governmental organizations.

In case of any questions, you can reach them through multiple accounts on Twitter, or just apply for a job and find out the answer yourself! F-Secure products are covered by a vulnerability reward program.

Should you want to meet them in person, you can do that at t2’17 in Helsinki, October 26-27.