t2’24 schedule online

This year’s CFP process was one of the hardest in the history of t2. There were enough programworthy talks to fill speaker slots for another event. The stark contrast to historical editions of t2, where AB was hustling for talks in the final moments, couldn’t be more bittersweet.

The headline keynote is from no other than Thaddeus e. Grugq himself. Yes, in person and straight outta Bangkok. He continues the established tradition of having former @stake employees on stage at t2.

The longer you’ve been in the game, the more valuable seemingly outdated knowledge appears – especially when combined with topical trends. From old school to new school, the program should provide enough intellectual stimulation to both seasoned professionals and first timers alike.

Considering both Disobey and OffensiveCon have both sold all their tickets, if you plan on attending a Northern European con in the spring, there are not that many options outside us. Therefore, we warmly recommend early ticket acquisition.

t2 infosec 2024 schedule.

John Lambert keynote

Merry Christmas! As a small Christmas gift, we’re publishing John Lambert‘s t2’19 keynote “Advancing InfoSec”.

In the keynote John demonstrates with practical examples how we can accelerate learning through “Githubication of Infosec”. If you are a modern defender, or aspire to be one, this is the presentation to watch. Without giving away too much, graphs, MITRE ATT&CK (with cloud updates), winter2020, and repeatable analysis with Jupyter notebooks are all covered.

Thank you John for keynoting this year, and our warmest gratitude for the following kind words:

t2 has always had that commitment to technical excellence. .. Conferences, they may start like this, but they don’t always end up like this.

— John Lambert


Honoring that tradition has kept us going for the past sixteen years, and we promise to continue work hard to keep it this way, as t2 has always been and always will be an event for the community. Next year’s conference dates are Oct 29-30, 2020.

t2’19 speakers confirmed

The CFP is over for this year and the speaker lineup is ready for your reading pleasure.

Without sounding too enthusiastic for a Finn, it’s difficult not to get excited when there are entries on the agenda like the keynote from John Lambert, Distinguished Engineer and General Manager of the Microsoft Threat Intelligence Center. A seasoned t2 attendee might remember him from sparking the original inspiration behind olleB’s t2’15 talk ”If attackers think in graphs, why can’t we?”.

Looking at the schedule, it’s both refreshing and rousing to see research targeting wireless input devices and VPN clients. Both could easily be dismissed during target selection as mature technology, yet here we are. Having said that, there’s still a healthy focus on modern and up-and-coming tech in the agenda, such as using machine learning for vulndev.

Traditionally this post always ends with a gentle reminder to get your ticket early. The sales have been open for a couple of months and a good chunk of the tickets have already been sold. If you haven’t bought yours already, there’s not a better time for action than right now.

Halvar Flake keynote

The advisory board and organizers of t2 are honored and pleased to have Halvar Flake deliver the headlining keynote for the 15th anniversary edition of the event. His speaking history with t2 starts in 2005, and Halvar is certainly recognized as one the luminaries in the field. The following teaser provides a taste of what to expect.

Risks, Damn Lies, and Probabilities

IT continues to bring pervasive change to our societies, industries, and everyday life. This transformation also brings individualized and complicated risks to individuals, companies, and to societies.

IT security is, to some extent, charged with managing these risks. But for an industry tasked with managing risk, we are pretty unstructured in thinking about risk, accounting for risk, and most of all: Holding ourselves and other tech executives accountable for estimates of risks and their probabilities.

The IT industry is often incentivized to incur risks on behalf of others – and to underestimate the actual magnitude of these risks. Customers are either not empowered or not incentivized to challenge excessively rosy risk estimates. Entire executive careers in IT are built on underestimating risks incurred for others.

This talk will cover my observations about the ways we think sloppily about risk and harm, about the IT industries’ lack of risk management for systemic risks, and some thoughts about holding IT industry executives accountable for their risk estimates and decisions.

— Halvar Flake

t2’18 schedule online

The schedule for 2018 is now online.

We are extremely excited to have two excellent keynote speakers. The headlining keynote comes from none other than Halvar Flake himself, and Friday starts with a live action keynote by Viss. While we don’t officially have tracks as such, the themes revolve this year around machine learning, hardware, and vulnerability research, with a mix of exploitation and lessons learned.

It’s funny how things come together – we were never going for a classic t2 lineup, but ended up getting one nevertheless. Regular visitors and long time friends might notice that the list of speakers revisits 2005, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, and 2017. All in all, seven talks out of thirteen are given by people who have been with us before, many of them several times. As such, we feel this suits the 15th anniversary celebrations well.

Slightly over 30% of the tickets were sold during the summer, and since 2014 we’ve been sold out one to two months before the event. Register now.

Dave Aitel keynote 2017

Good news everyone!

As both SyScan360 and INFILTRATE are just around the corner, it’s about time we release the long-awaited t2’17 keynote by Dave Aitel.  Whether you’re into policy, tactics, offense, defense, or meta in general, the keynote covers a whole gamut of cyber. For the younger generation, understanding the references and why they are relevant is a good starting point in a path of never-ending learning. Instead of dropping spoilers, here’s the actual presentation itself:

Friends of inconvenient truths, hard questions, analysis of cyber meta (or if you want to see Dave Aitel press volume control button during a presentation), this is the video to watch!

The keynote should be deemed mandatory for anybody working with cyber policy or lawyers.

Morgan Marquis-Boire keynote 2015

Edit: While the content has aged little, our keynote speaker choice failed on a catastrophic level. We are leaving this post and video up in the name of transparency.

“Those who cannot remember the past are condemned to repeat it.”

— George Santayana, The Life of Reason: The Phases of Human Progress – Vol. I, Reason in Common Sense. 1905

In this 2015 keynote headhntr aka Morgan Marquis-Boire philosophizes on nation state attacks, their history, how hackers operate, and the nature of the Internet. As with all philosophical content and/or keynotes, very little has fundamentally changed since the talk.

Is modern technology the Panopticon? What is the East Germany tipping point of today? Do you agree with Morgan at all? Watch the keynote and let us know on the Twitter with #t2infosec !

Trigger warning: Some slides TS/SI

t2’17 Challenge – a break from tradition

This year’s pre-conference challenge will be a t2 exclusive bug bounty. For more information on how to participate, please see the t2’17 Challenge page.

As we’ve been organizing challenges for over a decade, you might wonder why change now? For several years in a row, the challenge participant numbers have been steadily declining, despite increased efforts put into creating the technical puzzles, challenge descriptions and back stories, and actual promotion. It’s not just the number of submissions, but also the downloads and page views. Thomas Malmberg kindly pointed out that with conference challenges we’re competing for people’s time – this is the arena where also bug bounties play.

It was time for us to either adapt or perish. This being t2, failure was not an option and quitting is something you do for apps, not in real life. With conference budgets one simply does not organize a bug bounty – you need friends’ help for that. That is the reason we partnered up with LocalTapiola to provide you a t2 exclusive bug bounty, targeting a real world business application running in production environment. To make sure the spirit of t2 challenges is still there, we are emphasizing the vulnerability quality and proof of exploitability. The challenge is not a speed competition – the most elegant and meaningful vulnerability submission will receive the free ticket, and we have adjusted the whole bug bounty process to reflect that.

Once you convert someone else’s medium severity local file read into unauthenticated remote code execution, you start to value proper analysis and investigation into the technical details of a vulnerability. In other words, 2002 called – they want their apache-scalp.c back. The 15 year anniversary is a pure co-incidence, as is Dave Aitel’s headline keynote at t2’17, the stars just happened to align the right way, like good exploitation primitives after putting in the time and effort.

The challenge is dead. Long live the challenge.

We hope you enjoy the reinvigorated format!

Call for papers 2017

Do you have a fear of being naked[0] in front of other people? Can you name a president[1] who has climbed a palm tree during an official state visit? Do you prefer small and efficient airports? Would you like to present world class research to a highly technical audience? If not sure yet, please continue reading.

t2 infosec is warmly welcoming you to Helsinki, on October 26-27 2017 – CFP is now open, and by submitting a talk, you get a chance to answer one or more of the previous questions.

Finland, the country in the heart of darkness, has managed to survive neutral and independent throughout its history despite facing pressure from the global superpowers due to her geopolitically strategic location. Dominance over the Baltic sea depends on controlling a handful of islands, Åland islands being one of the areas of importance. In a very typical Finnish fashion, we have embraced the 160 years of Åland islands demilitarization by drinking at home, alone, in our underwear[2]. Even Vogue[3] approves that.

While many people here would like to officially see us as the gateway between the East and the West – either through our land border with Russia or the fastest flights between Europe and Asia [4], the biggest advantage comes from the side alleys of the Internet. On the imageboards, the last sanctions for true freedom of speech, Finnish tactical meme capabilities hold a special stature – loved, admired, feared and hated, sometimes all of those at the same time. Classics like Spurdo spärde are shitposted with an intensity only a country with a long history in developing Linux, Internet protocols and mobile phones can provide, while new organic highly viral OC is pushed out at a rate comparable to major information warfare centers.

In addition to meeting the nation, which produces above average amounts of hackers, memelords and F1 drivers per capita, Helsinki in October offers you a mix of modern architecture and the Classics, saunas, casual foreign intelligence activities [5], early days of Northern European winter and cold weather, and chance to visit neighboring countries by just hopping onto a ferry at one of the harbors.

We organize this conference out of love and do our best to make it a memorable experience to both speakers and audience alike. If you’re in doubt, just send questions with #t2infosec hashtag on Twitter for an (un)biased opinion. This is an event from hackers to hackers.

t2’17 offers you an audience with a taste for technical security presentations containing original content. This is your chance to showcase the latest research and lessons in strategic offensive capabilities, practical applications for 48 Laws of Power, snakeoil-less security certifications, scientifically proven remote sensing, dropping zero days during presentations, scaling defense or buildings, detection mechanisms and tactics, preventing diamond heists, putting the ASL into ASLR, new vulnerability classes or something completely different containing love, happiness and traces of technical security.

The advisory board will be reviewing submissions until 2017-08-09.
First come, first served. Submissions will not be returned.

Quick facts for speakers

  • presentation length 60-120 minutes, in English
  • complimentary travel and accommodation for one person [6]
  • decent speaker hospitality benefits
  • no marketing or product propaganda

Still not sure if this is for you? Check out the blast from the past.

Considering many of our visitors know what they want and trust us to deliver, we’re making their life easy.. The registration is now open!

How to submit
Fill out the form at https://t2.fi/action/cfp

References

[0] No worries, we have saunas to cater to both nude or non-nude guests.
[1] Urho Kekkonen https://upload.wikimedia.org/wikipedia/commons/a/a1/Kekkonen-Tunis-1965.jpg
[2] https://toolbox.finland.fi/images/finland-emojis/kalsarikannit/
[3] http://www.vogue.com/article/finnish-trend-kalsarikannit-vogue-archive
[4] http://www.cnbc.com/2016/10/17/finnair-launches-singapore-to-helsinki-route-claiming-fastest-way-to-get-to-europe.html
[5] http://yle.fi/uutiset/osasto/news/finnish_intelligence_warns_foreign_powers_targeting_young_politicians/9540600
[6] Except literally @nudehaberdasher and @0xcharlie
[
42] Ladies, gentlemen, and hackers, this year our headlining keynote speaker is the voice of reason when it comes to cyber policies, offense and Buffy the Vampire slayer, the person who needs no introductions,  Dave Aitel!

Haroon Meer keynote 2016

The first video we are releasing is the ’16 keynote “Learning the wrong lessons from Offense” by none other than Haroon Meer himself. With strong focus on getting defense right, this is the keynote to watch, regardless of whether you’re into compromises or preventing them.

Enjoy!