ToorCon 11 Preliminary Lineup Announced!

[h1kari@xxxxxxxxxxx]

TOORCON 11 PRELIMINARY LINEUP ANNOUNCED!

We're proud to announce our preliminary lineup for ToorCon this year and 
especially our keynote, Vernor Vinge. Vernor is a prolific science fiction 
novel writer and is best known for his Hugo Award-winning novels and novellas A 
Fire Upon the Deep (1992), A Deepness in the Sky (1999), Rainbows End (2006), 
Fast Times at Fairmont High (2002) and The Cookie Monster (2004), as well as 
for his 1993 essay "The Coming Technological Singularity", in which he argues 
that exponential growth in technology will reach a point beyond which we cannot 
even speculate about the consequences.

http://sandiego.toorcon.org


PRELIMINARY LINEUP

Here's some talks to expect at the conference:

Keynote: Vernor Vinge
Some Consequences of Ubiquity

Dan Kaminsky
TBA

Joshua Wright
KillerBee: Practical ZigBee Exploitation Framework

Jason Ostrom & Arjun Sambamoorthy
IP Video Attacks!

Ben Feinstein
Koobface: Malware for the Social Web

Rob Havelt
Death to Obscurity: The Frequency Hopping Spread Spectrum Story

K. Chen
Reversing and Exploiting an Apple Firmware Update

Mike Bailey
There's One In Every Family: Exploiting subdomain-based trust relationships on 
the Web

Stephan Chenette
The Dewey Decimal System for Exploit Analysis

barkode, cnelson, cstone & w0z
Building the Ninja Networks Badge for DEFCON 17: Mass producing a custom 
electronic device with volunteer resources

John Eder
Hacking Games for Autism: Back to the roots of hacking as innovation

Kartik Trivedi
Breaking SWF and AMF

Sergey Bratus, Chrisil Arackaparambil & Anna Shubina
Fast and accurate detection of rogue access points using clock skews: does it 
really work?

Mike Bailey
CSRF: Yeah, It Still Works

Ron Bowes
All your windows boxes are belong to me: scary fast SMB/RPC scanning witn Nmap

Evil1
Web Shells in Server Side Languages


CALL FOR PAPERS CLOSING

If you are interested in speaking, please make sure to submit your CFP before 
Friday, September 25th to be considered before the lineup is finalized.


WORKSHOPS

Over the past few years, ToorCon has been known for providing hands-on 
workshops which focus on teaching a wide range of skills in a small classroom 
environment. The main goal is to teach the basics and provide the audience with 
the tools to expand on their knowledge on their own after the 2-day workshop is 
over. We have an exciting list of workshops to choose from this year:

Software Defined Radio Workshop
Instructor: Michael Ossman
Includes: Use of a USRP (If you would like a USRP kit included in your training 
cost, please contact us) 
Software Defined Radio (SDR) techniques are rapidly becoming essential to all 
areas of wireless security research. Recent attacks on Bluetooth, GSM, wired 
and wireless keyboards, implantable medical devices, RFID, and more have been 
made possible by software radio. A combination of lectures, software exercises, 
and over-the-air projects, this workshop will provide the hands-on background 
in digital signal processing and radio engineering required to apply software 
radio techniques to practical hacking of diverse wireless systems. If you have 
experience developing software but lack experience with radio technology and 
digital signal processing, this workshop is for you.

Application Security Workshop
Instructor: Jared DeMott
Includes: CD with VMWare images and printed training materials
There are four technical skills required by security researchers, software 
quality assurance engineers, or developers concerned about security: Source 
code auditing, fuzzing, reverse engineering, and exploitation.  All these 
skills and more are covered.  C/C++ code has been plagued by security errors 
resulting from memory corruption for a long time.  Problematic code is 
discussed and searched for in lectures and labs, with WebGoat introduced as 
well.  Fuzzing is a topic book author DeMott knows about well.  Mutation file 
fuzzing and framework definition construction (Sulley and Peach) are just some 
of the lecture and lab topics.  When it comes to reversing C/C++ (Java and 
others are briefly discussed) IDA pro is the tool of choice.  Deep usage of 
this tool is covered in lecture and lab.  Exploitation discussions and labs are 
the exciting final component.  You?ll enjoy exploiting BSD local programs to 
Vista browsers using the latest techniques.

Web and Cloud Application Security Workshop
Instructor: Andre Gironda
Includes: Printed workbook, Build/setup/use of a virtual infrastructure
This cloud-web application security workshop covers web applications in various 
virtual infrastructures, primarily focused on defense, compliance, and incident 
response. First, we'll identify applications as if they had already been 
attacked. Then, we'll come up with a risk management plan based on incident 
data, compliance/regulations, as well as data classifications. We'll look at 
full-knowledge verification using web server configuration and content files, 
in addition to runtime and source code verification. We'll go over the various 
implications of pen-testing cloud-web applications. This will include a 
thorough look at the strengths and weaknesses of web application firewalls and 
application hardening practices. Finally, we'll perform mock verifications and 
discuss partnering with application developers.

Applied Physical Security - Lockpicking and Safecracking
Instructor: datagram
Includes: 1 lockpicking kit, 1 handcuff key, 1 practice deadbolt, 1 practice 
padlock
This course focuses on learning and applying techniques of lockpicking, key 
bumping, impressioning, decoding, bypass, and safe cracking against a variety 
of real world locks and safes. Common lock designs are examined for various 
weaknesses that allow different methods of attack, some of which are extremely 
fast and easy to perform. High security locks will also be examined so 
attendees can learn to spot good locks from bad locks when shopping for access 
control devices.


DEEP KNOWLEDGE SEMINARS

Once again we are providing an additional day of deep knowledge seminars 
focused on addressing the growing corporate security issues in a small 
classroom environment that encourages discussion and interaction with the 
instructors. Here are a couple topics that have been preliminarily accepted for 
the Seminars:

Wes Brown
Building and Using an Automated Malware Analysis Pipeline

Robert Zigweid
Threat Modeling: Learn to Optimize Your Security Budget


REGISTRATION

Pre-registration for the Conference, Seminars, and Workshops will be increasing 
in price soon so register today! Here is our current pricing schedule for 
ToorCon 11:

$100 - Conference
$750 - Seminars + Conference
$1300 - Workshop + Conference
$1700 - Workshop + Seminars + Conference

After October 9th:

$140 - Conference
$950 - Seminars + Conference
$1600 - Workshop + Conference
$2100 - Workshop + Seminars + Conference

We also provide discount pricing for groups that wish to attend. For more 
information about this please reply to this email.


SPONSORSHIP

As always, ToorCon doesn't mind getting money from anyone who wants to give it 
to them. If you've got any growing on trees and don't mind sharing with some 
starving conference planners to help them throw an even more awesome 
conference, please let us know. We have all sorts of ways of making it look 
like your money was well spent including banner/logo placement, booths, 
sponsored parties & lunches, etc. For more information, please contact 
geo_at_toorcon.org.


LOCATION INFO

ToorCon 11 San Diego (Conference)
October 23rd-25th, 2009
San Diego Convention Center
111 W. Harbor Dr
San Diego, CA 92101
http://sdccc.org

ToorCon 11 San Diego (Workshops & Seminars)
October 21st-23rd, 2009
Hotel Solamar
435 6th Ave
San Diego, CA 92101
http://hotelsolamar.com


SPECIAL DATES

Sept 25th, 2009 - Call for papers closes
Oct 2nd, 2009 - Speaker & sponsor selection finalized
Oct 21st, 2009 - ToorCon training workshops start
Oct 23rd, 2009 - ToorCon seminars & conference reception
Oct 24th, 2009 - ToorCon conference 50-minute talks
Oct 25th, 2009 - ToorCon conference 20-minute talks