Forwarded from: h1kari <h1kari (at) toorcon.org> TOORCON 11 PRELIMINARY LINEUP ANNOUNCED! We're proud to announce our preliminary lineup for ToorCon this year and especially our keynote, Vernor Vinge. Vernor is a prolific science fiction novel writer and is best known for his Hugo Award-winning novels and novellas A Fire Upon the Deep (1992), A Deepness in the Sky (1999), Rainbows End (2006), Fast Times at Fairmont High (2002) and The Cookie Monster (2004), as well as for his 1993 essay "The Coming Technological Singularity", in which he argues that exponential growth in technology will reach a point beyond which we cannot even speculate about the consequences. http://sandiego.toorcon.org PRELIMINARY LINEUP Here's some talks to expect at the conference: Keynote: Vernor Vinge Some Consequences of Ubiquity Dan Kaminsky TBA Joshua Wright KillerBee: Practical ZigBee Exploitation Framework Jason Ostrom & Arjun Sambamoorthy IP Video Attacks! Ben Feinstein Koobface: Malware for the Social Web Rob Havelt Death to Obscurity: The Frequency Hopping Spread Spectrum Story K. Chen Reversing and Exploiting an Apple Firmware Update Mike Bailey There's One In Every Family: Exploiting subdomain-based trust relationships on the Web Stephan Chenette The Dewey Decimal System for Exploit Analysis barkode, cnelson, cstone & w0z Building the Ninja Networks Badge for DEFCON 17: Mass producing a custom electronic device with volunteer resources John Eder Hacking Games for Autism: Back to the roots of hacking as innovation Kartik Trivedi Breaking SWF and AMF Sergey Bratus, Chrisil Arackaparambil & Anna Shubina Fast and accurate detection of rogue access points using clock skews: does it really work? Mike Bailey CSRF: Yeah, It Still Works Ron Bowes All your windows boxes are belong to me: scary fast SMB/RPC scanning witn Nmap Evil1 Web Shells in Server Side Languages CALL FOR PAPERS CLOSING If you are interested in speaking, please make sure to submit your CFP before Friday, September 25th to be considered before the lineup is finalized. WORKSHOPS Over the past few years, ToorCon has been known for providing hands-on workshops which focus on teaching a wide range of skills in a small classroom environment. The main goal is to teach the basics and provide the audience with the tools to expand on their knowledge on their own after the 2-day workshop is over. We have an exciting list of workshops to choose from this year: Software Defined Radio Workshop Instructor: Michael Ossman Includes: Use of a USRP (If you would like a USRP kit included in your training cost, please contact us) Software Defined Radio (SDR) techniques are rapidly becoming essential to all areas of wireless security research. Recent attacks on Bluetooth, GSM, wired and wireless keyboards, implantable medical devices, RFID, and more have been made possible by software radio. A combination of lectures, software exercises, and over-the-air projects, this workshop will provide the hands-on background in digital signal processing and radio engineering required to apply software radio techniques to practical hacking of diverse wireless systems. If you have experience developing software but lack experience with radio technology and digital signal processing, this workshop is for you. Application Security Workshop Instructor: Jared DeMott Includes: CD with VMWare images and printed training materials There are four technical skills required by security researchers, software quality assurance engineers, or developers concerned about security: Source code auditing, fuzzing, reverse engineering, and exploitation. All these skills and more are covered. C/C++ code has been plagued by security errors resulting from memory corruption for a long time. Problematic code is discussed and searched for in lectures and labs, with WebGoat introduced as well. Fuzzing is a topic book author DeMott knows about well. Mutation file fuzzing and framework definition construction (Sulley and Peach) are just some of the lecture and lab topics. When it comes to reversing C/C++ (Java and others are briefly discussed) IDA pro is the tool of choice. Deep usage of this tool is covered in lecture and lab. Exploitation discussions and labs are the exciting final component. You’ll enjoy exploiting BSD local programs to Vista browsers using the latest techniques. Web and Cloud Application Security Workshop Instructor: Andre Gironda Includes: Printed workbook, Build/setup/use of a virtual infrastructure This cloud-web application security workshop covers web applications in various virtual infrastructures, primarily focused on defense, compliance, and incident response. First, we'll identify applications as if they had already been attacked. Then, we'll come up with a risk management plan based on incident data, compliance/regulations, as well as data classifications. We'll look at full-knowledge verification using web server configuration and content files, in addition to runtime and source code verification. We'll go over the various implications of pen-testing cloud-web applications. This will include a thorough look at the strengths and weaknesses of web application firewalls and application hardening practices. Finally, we'll perform mock verifications and discuss partnering with application developers. Applied Physical Security - Lockpicking and Safecracking Instructor: datagram Includes: 1 lockpicking kit, 1 handcuff key, 1 practice deadbolt, 1 practice padlock This course focuses on learning and applying techniques of lockpicking, key bumping, impressioning, decoding, bypass, and safe cracking against a variety of real world locks and safes. Common lock designs are examined for various weaknesses that allow different methods of attack, some of which are extremely fast and easy to perform. High security locks will also be examined so attendees can learn to spot good locks from bad locks when shopping for access control devices. DEEP KNOWLEDGE SEMINARS Once again we are providing an additional day of deep knowledge seminars focused on addressing the growing corporate security issues in a small classroom environment that encourages discussion and interaction with the instructors. Here are a couple topics that have been preliminarily accepted for the Seminars: Wes Brown Building and Using an Automated Malware Analysis Pipeline Robert Zigweid Threat Modeling: Learn to Optimize Your Security Budget REGISTRATION Pre-registration for the Conference, Seminars, and Workshops will be increasing in price soon so register today! Here is our current pricing schedule for ToorCon 11: $100 - Conference $750 - Seminars + Conference $1300 - Workshop + Conference $1700 - Workshop + Seminars + Conference After October 9th: $140 - Conference $950 - Seminars + Conference $1600 - Workshop + Conference $2100 - Workshop + Seminars + Conference We also provide discount pricing for groups that wish to attend. For more information about this please reply to this email. SPONSORSHIP As always, ToorCon doesn't mind getting money from anyone who wants to give it to them. If you've got any growing on trees and don't mind sharing with some starving conference planners to help them throw an even more awesome conference, please let us know. We have all sorts of ways of making it look like your money was well spent including banner/logo placement, booths, sponsored parties & lunches, etc. For more information, please contact geo_at_toorcon.org. LOCATION INFO ToorCon 11 San Diego (Conference) October 23rd-25th, 2009 San Diego Convention Center 111 W. Harbor Dr San Diego, CA 92101 http://sdccc.org ToorCon 11 San Diego (Workshops & Seminars) October 21st-23rd, 2009 Hotel Solamar 435 6th Ave San Diego, CA 92101 http://hotelsolamar.com SPECIAL DATES Sept 25th, 2009 - Call for papers closes Oct 2nd, 2009 - Speaker & sponsor selection finalized Oct 21st, 2009 - ToorCon training workshops start Oct 23rd, 2009 - ToorCon seminars & conference reception Oct 24th, 2009 - ToorCon conference 50-minute talks Oct 25th, 2009 - ToorCon conference 20-minute talks ________________________________________ Did a friend send you this? From now on, be the first to find out! Subscribe to InfoSec News http://www.infosecnews.orgReceived on Tue Sep 22 2009 - 01:04:06 PDT
This archive was generated by hypermail 2.2.0 : Tue Sep 22 2009 - 01:23:50 PDT