t2’17 schedule online

The schedule for t2’17 is now available for your viewing pleasure.

There are two open speaking slots, and trust us, we are working on those. History has thought us to leave options on the table, and that’s exactly what we are doing. While focus of t2 is heavily on the networking and human interaction, we take curating conference program very seriously – a good mix of thought-provoking and hardcore tech presentations gives a fitting backdrop for the lobby bar chats.

It’s a little over two months until t2’17 and over 50% tickets have been sold already. Coincidentally, that’s also about 50% increase from last year. Opening up the ticket sales early has proved to be popular, and you can expect us to continue doing so in the future.

To ensure a seat in the audience, we recommend registering your attendance sooner than later. For those interested in a free admission, the challenge is still open!

 

Beyond Security to sponsor t2’17

We are happy to announce a new sponsor of t2! Beyond Security SSD is a high end vulnerability disclosure program established in 2007. With over a decade of history in the business, they have a solid understanding of researcher needs.

The products in the scope include major operations systems, widely used software components, web platforms and network infrastructure equipment / software. Reported vulnerabilities are communicated to both the affected vendor and Securiteam clients. You can view the latest vulnerability publications on Securiteam blogs. If you have any questions about the process, just tweet!

Should you want to meet them in person, you can do that at t2’17 in Helsinki, October 26-27. Good luck in bug hunting!

t2’17 Challenge – a break from tradition

This year’s pre-conference challenge will be a t2 exclusive bug bounty. For more information on how to participate, please see the t2’17 Challenge page.

As we’ve been organizing challenges for over a decade, you might wonder why change now? For several years in a row, the challenge participant numbers have been steadily declining, despite increased efforts put into creating the technical puzzles, challenge descriptions and back stories, and actual promotion. It’s not just the number of submissions, but also the downloads and page views. Thomas Malmberg kindly pointed out that with conference challenges we’re competing for people’s time – this is the arena where also bug bounties play.

It was time for us to either adapt or perish. This being t2, failure was not an option and quitting is something you do for apps, not in real life. With conference budgets one simply does not organize a bug bounty – you need friends’ help for that. That is the reason we partnered up with LocalTapiola to provide you a t2 exclusive bug bounty, targeting a real world business application running in production environment. To make sure the spirit of t2 challenges is still there, we are emphasizing the vulnerability quality and proof of exploitability. The challenge is not a speed competition – the most elegant and meaningful vulnerability submission will receive the free ticket, and we have adjusted the whole bug bounty process to reflect that.

Once you convert someone else’s medium severity local file read into unauthenticated remote code execution, you start to value proper analysis and investigation into the technical details of a vulnerability. In other words, 2002 called – they want their apache-scalp.c back. The 15 year anniversary is a pure co-incidence, as is Dave Aitel’s headline keynote at t2’17, the stars just happened to align the right way, like good exploitation primitives after putting in the time and effort.

The challenge is dead. Long live the challenge.

We hope you enjoy the reinvigorated format!

Call for papers 2017

Do you have a fear of being naked[0] in front of other people? Can you name a president[1] who has climbed a palm tree during an official state visit? Do you prefer small and efficient airports? Would you like to present world class research to a highly technical audience? If not sure yet, please continue reading.

t2 infosec is warmly welcoming you to Helsinki, on October 26-27 2017 – CFP is now open, and by submitting a talk, you get a chance to answer one or more of the previous questions.

Finland, the country in the heart of darkness, has managed to survive neutral and independent throughout its history despite facing pressure from the global superpowers due to her geopolitically strategic location. Dominance over the Baltic sea depends on controlling a handful of islands, Åland islands being one of the areas of importance. In a very typical Finnish fashion, we have embraced the 160 years of Åland islands demilitarization by drinking at home, alone, in our underwear[2]. Even Vogue[3] approves that.

While many people here would like to officially see us as the gateway between the East and the West – either through our land border with Russia or the fastest flights between Europe and Asia [4], the biggest advantage comes from the side alleys of the Internet. On the imageboards, the last sanctions for true freedom of speech, Finnish tactical meme capabilities hold a special stature – loved, admired, feared and hated, sometimes all of those at the same time. Classics like Spurdo spärde are shitposted with an intensity only a country with a long history in developing Linux, Internet protocols and mobile phones can provide, while new organic highly viral OC is pushed out at a rate comparable to major information warfare centers.

In addition to meeting the nation, which produces above average amounts of hackers, memelords and F1 drivers per capita, Helsinki in October offers you a mix of modern architecture and the Classics, saunas, casual foreign intelligence activities [5], early days of Northern European winter and cold weather, and chance to visit neighboring countries by just hopping onto a ferry at one of the harbors.

We organize this conference out of love and do our best to make it a memorable experience to both speakers and audience alike. If you’re in doubt, just send questions with #t2infosec hashtag on Twitter for an (un)biased opinion. This is an event from hackers to hackers.

t2’17 offers you an audience with a taste for technical security presentations containing original content. This is your chance to showcase the latest research and lessons in strategic offensive capabilities, practical applications for 48 Laws of Power, snakeoil-less security certifications, scientifically proven remote sensing, dropping zero days during presentations, scaling defense or buildings, detection mechanisms and tactics, preventing diamond heists, putting the ASL into ASLR, new vulnerability classes or something completely different containing love, happiness and traces of technical security.

The advisory board will be reviewing submissions until 2017-08-09.
First come, first served. Submissions will not be returned.

Quick facts for speakers

  • presentation length 60-120 minutes, in English
  • complimentary travel and accommodation for one person [6]
  • decent speaker hospitality benefits
  • no marketing or product propaganda

Still not sure if this is for you? Check out the blast from the past.

Considering many of our visitors know what they want and trust us to deliver, we’re making their life easy.. The registration is now open!

How to submit
Fill out the form at https://t2.fi/action/cfp

References

[0] No worries, we have saunas to cater to both nude or non-nude guests.
[1] Urho Kekkonen https://upload.wikimedia.org/wikipedia/commons/a/a1/Kekkonen-Tunis-1965.jpg
[2] https://toolbox.finland.fi/images/finland-emojis/kalsarikannit/
[3] http://www.vogue.com/article/finnish-trend-kalsarikannit-vogue-archive
[4] http://www.cnbc.com/2016/10/17/finnair-launches-singapore-to-helsinki-route-claiming-fastest-way-to-get-to-europe.html
[5] http://yle.fi/uutiset/osasto/news/finnish_intelligence_warns_foreign_powers_targeting_young_politicians/9540600
[6] Except literally @nudehaberdasher and @0xcharlie
[
42] Ladies, gentlemen, and hackers, this year our headlining keynote speaker is the voice of reason when it comes to cyber policies, offense and Buffy the Vampire slayer, the person who needs no introductions,  Dave Aitel!

Carry on tradition

Having recently returned from the warmer parts of EMEA, where nights are warm and days even warmer, the importance of having friends and making new ones seems somehow topical. Global and regional geopolitics get a new meaning, when you can enjoy pleasant discussions with people having a local insight. The often-repeated-cliché of travel widening your horizons certainly holds true, but only if you get away from hotel and airport lounges to spend enough time in one place to really soak in the surroundings.

Historically, Helsinki has been the host city for all kinds of talks, and in many ways, t2 follows those traditions. We cater to an all-encompassing audience, where everybody is welcome regardless of a funny hat they might wear. One person’s ethical choice is another’s livelihood, and yesterday’s break-up/bankruptcy/allsafe is today’s comeback tour/hottest startup/evilcorp.

Just like a good foothold inside a Jenkins server gives you the keys to the kingdom, allocating an annual training budget for t2 is a good investment, if you prefer meeting fantastic people, exchanging intel^H^H^H^H^Hknowledge, and learning from world class research. This year there are also other interesting opportunities around t2 in Helsinki – a sauna day opening the doors of private homes for sauna visits and a whole event dedicated just to salty liquorice.

What more could you ask from an infosec conference?

ps. Don’t forget to include lobby bar expenses in your training cost estimates!