It’s that time of year again! ToorCon 15 is coming so get your code finished and submit a talk this time around. We’re letting you decide if you want to be a part of our 50-minute talks on Saturday, 20-minute talks on Sunday, and 75-minute talks for our Deep Knowledge Seminars on Friday depending on how much time you need to present your new ideas and techniques. We evaluate our submissions in the order that they’re received so submit your talk before time runs out!
Please no vendor pitches or talks on old subjects. We try to keep ToorCon highly technical so please only submit talks on original research that isn’t more than 12 months old. Talks that are submitted for a 50-minute or 75-minute slot may be asked to be reduced to 20-minutes if space on the lineup is limited. You must notify ToorCon if you are in any way unable to make it to your talk after being accepted.
Reasons to Submit
- The honor and prestige of knowing you’ve made your contribution to hacker society
- A free ticket for yourself and a friend
- Invitations to all of the parties and special events
- Free admission to the Friday seminars (as space is available)
- Compensation is provided to 2-day workshop trainers, please email for details
ToorCon San Diego 15 Call For Papers!
Hey gang, we are pushing Seminar and Workshop Reg to Aug 11th since we still need to firm up our program. We will make an announcement once we have it up. Thanks for patients!
-the ToorCon Cr3w
Our first Round of Pre-registration is now open for $80. Pricing goes up August 4th. Click Here to Register
Being one of the few devs with an interest in security, I have seen quite a few rants on what developers need to learn from the infosec profession. Yet most of these talks are given at security conferences. Out of the few dev conferences, I can count the number of security talks on one hand, and even then it ended up being a walkthrough of the top 10 OWASP vulnerabilities website. This has got to change, and hope to shed some insight or a few WTF moments.
Renaissance coder, tinkerer, musician, brewer, and pilot.
As SoC price continue to drop and their implementation continues to rise, embedded “appliances” will be become an attractive avenue for cyber criminals. Due to the fact they provide no traditional feedback (monitor) or input (mouse/keyboard) If one were able to compromise an embedded host it would be the perfect vantage point for a MITM attack or a beachhead to launch other attacks. I plan to guide you through some of the steps from initial reconnaissance to building binaries for different architectures. Then end goal being to take over the host without breaking designed functionality (stealthy), being able to run third party binaries at start (lethal), and surviving basic removal techniques (persistent) aka weaponizing. As part of this walkthrough I will be guiding you through the exploitation of the Belkin WeMo light switch appliance.
I majored in computer science and became a network engineer. I found passion in security and like to perform research in my spare time.
As Microsoft SQL Server has progressed, the security features and facilities have greatly matured. Unfortunately, the functionality of the service has also gone to great lengths to facilitate the programmability of the service by administrators and operators. This talk demonstrates how to use the latest version of SQL server and the default functionality of both SQL and Windows, to create, install, and hide a SQL service rootkit – all in 20 minutes.
Career pen-tester with a talent for breaking SQL – still hates being called, “The SQL guy.”
this is my 1st android (jelly bean) with my first app install i was appalled at all the access to my phone’s data that it wanted, nothing for free, eh? so, can you sanbox android apps even if they think they need access to my SIM, contacts, data on miniSD card, WFT. had to take control of my own device and this is how i did it
….experience flashing the ROM with custom kernel & getting rid of samsung+ATT bloatware on a new phone.
also included is backing up original device/ROM so i can restore it when needed/necessary
how to change the MAC address on it. setting up a VPN tunnel and a TOR APP. how to secure android in general
steven is an artist/computer wizard who loves computer security, keeping things secret, and freely using any device/os in any manner desired
1. What are quantum computers?
2. How do they work?
3. Current Technology Situation
4. Programming a Quantum Computer
5. The 20 Questions Algorithm
6. Crypto which resists a Quantum Computer
Downloaded the password file from a 360/67 in 1974.
Invented the “20 Questions” algorithm for quantum computers.
Still using Ubuntu.
Took the “Quantum Computers” seminar at UCSD. Audited “Quantum Computers” and “Photonic Crystals” at Stanford.
The US National Security Agency has been public about the inevitability of mobile computing and the need to support cloud-based service use for secret projects. General Alexander, head of the NSA, recently spoke of using smartphones as ID cards on classified networks.
And yet, mobile devices have a poor security track record, both as data repositories and as sources of trustworthy identity information. Cloud services are no better: current security features are oriented toward compliance and not toward real protection.
What if we could provide a strong link between mobile device identity, integrity, and the lifecycle of data retrieved from the cloud using only the hardware shipped with modern smartphones and tablets?
The good news is that we can do that with the trusted execution environment (TEE) features of the common system on a chip (SOC) mobile processor architectures using “measurement-bound” encryption. This talk will describe how data can be encrypted to a specific device, how decryption is no longer possible when the device is compromised, and where the weaknesses are. I will demonstrate measurement-bound encryption in action. I will also announce the release of an open-source tool that implements it as well as a paper that describes the techniques for time-bound keys.
This is likely the very same way that NSA will be protecting the smartphones that will be used for classified information retrieval. Come learn how your government plans to keep its own secrets and how you can protect yours.
Dan is the founder of JW Secure and is a Microsoft Enterprise Security MVP. Dan is the author of the books Cloud Security and Control, published in 2012, and The Four Pillars of Endpoint Security, to be published in 2013, and is a frequent conference speaker. Dan holds a Master’s degree in Computer Science from the University of Washington and a Bachelor’s degree in Computer Science from Indiana University.
Real life experiences handling an active attack and cleaning up after a breach. This will delve into the book taught theory and the reality of how things should be done when being actively attacked.
Matthew Hoy – mattrix has worked in the Information Security world for over 11 years in various Information Security roles from Security Analyst, Architect, Incident Response, Consultant and Management. Matt currently holds CISSP and SANS GCIH Certifications.
Most attendees would probably recognize mattrix better in a staff shirt of some kind for either Toorcon or a red shirt at Defcon.
Matt’s hobbies include Off-roading, shooting sports, fishing, hunting and technology when he has time.