°==============================================================° -= =- -= Hackito Ergo Sum 2012 - HES2012 Final CFP =- -= =- -= ** http://2012.hackitoergosum.org ** =- -= =- -= 12-14 April 2012 / Paris / France =- -= =- °==============================================================° Kak dela Komrad, --[ Synopsis: This is the final call for papers for the HES 2012 Conference. Hackito Ergo Sum 2012 will take place in Paris from the 12th to the 14th of April 2012. --[ Venue: HES 2012 will take place in the building of the French Communist Party. This is an amazing historical building, located in Paris (19th arrondissement). We would like to thank the French Communist Party to allow a bunch of hackers to take possession of this greate piece of architecture for 3 days. The exact address is: Espace Oscar Niemeyer - Siège du Parti Communiste 2 Place Colonel Fabien, 75019 Paris, France A map is avaiable here: http://tinyurl.com/6mlarx6 --[ What is HES ? Why would I like it anyway ? HES is a 100% hardcore technical security conference. HES is unique by its continuous outstanding technical quality, but also by its unusual freedom and spirit. HES is a 100% non profit conference, mainly supported by the /tmp/lab Parisian hackerspace and generous sponsors (who in exchange for their sponsoring, don't get their say on any of the organisation, format or content of the conference :). If you are unsure of wether you'll like it, feel free to have a look at the content of previous editions. Talks included topics such as SS7 phone networks hacking, satellites take overs via x25, kernel land exploits against grsecurity hardened kernels, or the pwnie awards winner Tarjei Mandt for his first presentation on this topic (note to Dave Aitel: yeah man, face it, it was first seen at HES !!) and many more. Presentations on new R&D projects are the core of the conference. By R&D and security, HES really means new offensive R&D security. Researchers from all around the internet are welcome to come to Paris and talk, without discrimination whatsoever : everyone is equal in front of a computer. Maybe skills appart that is ;) HES is also an open big party, by the hacking community and for the hacking community, with people coming literally from around the world. If you'd like to not only come, but be part of HES by organising a workshop (lockpickers and organisers of a social engineering contest wanted !) or contest : please do and refer the relevant section below. --[ Quality: The quality of submitions is so critical to the Hackito Ergo Sum conference that papers will be reviewed by the scary HES Programming Comitee of death. It wasn't made to dissuade you from submitting, but to ensure that the talks selected for HES will be as interresting and new as possible. Submitions should be original and as fresh as in "never seen anywhere before". Massive upgrades and significant new research added to talks previously presented at a few great conferences may make it. Talks given more than 3 times will be rejected. Intense debates often spread inside the Programming Comitee on wether a given topic is of interrest or new at all. Consensus as been reached though regarding a few security buzz words. In order to avoid bullshit talks, topics on Social Engineering and SCADA will only be considered if demos are provided, and if themagnitude of the attack would at least affect affect a significant portion of say, a city. Old well documented techniques such as web applications (especially XSS, CSRF and clickjacking) but also basic exploitation techniques (or easy targets lacking modern security protections) are discouraged. To the opposite, hacking non understood and poorly documented technologies including for instance hardware, protocols, architectures, devices, networks, or applications among others are warmly welcome. In a nutshell, submitions on how to achieve world domination in 2012 and how to eventually avoid it are of primary importance. How to survive and facilitate privacy in an incrinsingly policed internet are also a concerned. --[ Disclosure policy: It is worth noticing that we do not enforce any disclosure policy on our speakers. We believe they are responsible adults and can chose what they believe is the best way to present their work to others by themselves. We also belive they are smart enough to take into consideration any legal and professional constraints. --[ Submitting: We are glad you are reading this section and are therefore thinking about submitting to HES. Before submitting, we gently recommand you to have a look at the presentations submitted in 2010 and 2011. It would give you an idea wether your talk may make it to HES. We are accepting submissions in English only. The format will be of 45 mins presentation + 10 mins Q&A. Please note that talks with content will judged commercial or non vendor neutral will be rejected and/or interrupted on stage. For this conference, preference will be given to offensive, innovative and highly technical proposals covering (but not restricted to) the topics below: [*] Attacking Software * Attacking the Internet Of Things * Automating vulnerability discovery * Weaponization and underworld/government exploit market intelligence * Non-x86, MIPS, ARM and x64 specific exploitation techniques * Smarter and Dumber fuzzing for binary only vulnerability hunt * Static and Dynamic binary or source-based analysis * Hacking mobile: defeating iOS and Android security * Kernel land exploits * New advances in Attack frameworks and automation * Virtual Machines and Virtual Infrastructures evasion * Governmentalization of hacking projection force [*] Attacking Infrastructures * Bank & insurance: Swift and national electronic fund transfer technologies * Telecom attacks * Vulnerability scanning in new networks environments. * Living in a post-Duqu, post-Stuxnet world * Circumventing Governmental firewalls * Lawful interception and DPI: evasion, exploitation, detection * Military & Intelligence data collection backbones * Post monitoring techniques: Passive network attack * GAN attacks * Who's the less secure: GPS or Galileo, show how [*] Attacking Hardware * Drone hacking: Tic-Tac-Toe in the sky with Reaper and Raptor * Robots MCU infection: STDs for Petman and Bigdog? * Attacking Wireless Sensors and their underlying networks. * Hardware reverse engineering (and exploitation + backdooring) * LTE mobile phone attack * eNode-B hacking * Hacking UEFI & Secure Boot * Gnu Radio hacking applied to new domains * RFID exploitation * Hacking radio protocols, specifications and implementations [*] Attacking Crypto * Identity Based Encryption attacks * Quantum-based attacks of asymetric crypto * Linear/differential cryptanalysis of contemporary ciphers * Crypto Algorithm strength modeling and evaluation metrics * Crypto where you wouldn't think there is * Weak crypto in common radio links: from heartbeat links to microwave backhaul We highly encourage topics entirely new and discuptive. --[ Submissions: [*] Required information: Submitions must contain the following information: * Speakers name or alias * Biography * Presentation Title * Description * Needs: Internet? Others? * Company (name) or Independent? * Address * Phone * Email * Demo (Y/N) We highly encourage and will favor presentations with demos. Specify if submission contains any of the following information: * Tool * Slides * Whitepaper [*] How to submit: Submit your presentation and materials by sending a mail at: hes-cfp@xxxxxxxxxxxxxxxxxx --[ Wargame: As in all the previous editions of HES, Steven from the Over The Wire community will charm and delight us with a wargame in the Russian Mob thema. You will have to face one of the most active cyber mafia in the world. Otlichno! We'd like to thank Steven for his amazing job at untertaining us with both intellectually challenging and phun wargames. Stevens wargames are always very creative, and have a reputation to be both terribly exciting and technically challenging. --[ Workshops: If you want to organize a workshop or any other activity during the conference, you are most welcome. Please contact us at: hes-orga@xxxxxxxxxxxxxxxxxxxxxxxx We'd like to see lockpicking, Social Engineering , phone moding, demo making, DIY eletronics workshops among others. --[ Dates: 2012-02-13 Final Call for Paper 2012-03-01 Submission Deadline 2012-03-05 Acceptance notification 2012-03-05 Program announcement 2012-04-12 Start of conference 2012-04-14 End of conference --[ Program Committe: The submissions will be reviewed by the following program committee: * Tavis Ormandy (Google) @taviso * Matthew Conover @symcmatt * Jason Martin (SDNA Consulting, Shakacon) * Stephen Ridley @s7ephen * Mark Dowd (AzimuthSecurity) @mdowd * Tiago Assumpcao (RIM) * Alex Rice (Facebook) facebook.com/rice * Pedram Amini @pedramamini * Erik Cabetas (Include Security) * Dino A. Dai Zovi (Trail Of Bits) @dinodaizovi * Alexander Sotirov @alexsotirov * Barnaby Jack (McAfee) @barnaby_jack * Charlie Miller (Accuvant) @0xcharlie * David Litchfield (Accuvant) @dlitchfield * Lurene Grenier (Harris) @pusscat * Alex Ionescu @aionescu * Nico Waisman (Immunity) @nicowaisman * Philippe Langlois (P1 Security, TSTF, /tmp/lab) @philpraxis * Jonathan Brossard (Toucan System, /tmp/lab) @endrazine * Matthieu Suiche (MoonSols) @msuiche * Piotr Bania @piotrbania * Laurent Gaffié @laurentgaffie * Julien Tinnes (Google) * Brad Spengler (aka spender) (Grsecurity) * Silvio Cesare (Deakin University) @silviocesare * Carlos Sarraute (Core security) * Cesar Cerrudo (IOActive) @cesarcer * Daniel Hodson (aka mercy) (Ruxcon) * Nicolas Ruff (E.A.D.S) @newsoft * Julien Vanegue (Microsoft Security, Redmond) @jvanegue * Itzik Kotler (aka izik) @itzikkotler * Rodrigo Branco (aka BSDeamon) (Qualys) @bsdaemon * Tim Shelton (aka Redsand) (HAWK Network Defense) @redsandbl4ck * Ilja Van Sprundel (IOActive) * Raoul Chiesa (TSTF) * Dhillon Andrew Kannabhiran (HITB) @hackinthebox * Philip Petterson (aka Rebel) * The Grugq (COSEINC) @thegrugq * Emmanuel Gadaix (TSTF) @gadaix * Kugg (/tmp/lab) * Harald Welte (gnumonks.org) @LaF0rge * Van Hauser (THC) * Fyodor Yarochkin (Armorize) @fygrave * Gamma (THC, Teso) * Pipacs (Linux Kernel Page Exec Protection) * Shyama Rose @shazzzam Note: Hackito Ergo Sum would like to thank all those great researchers for their unvaluable help in detecting the good ideas and potential great talks in the HES submissions. --[ Fees: We would like to remind you that, we are not a company, we are 100% benevolant. Whatever you pay is going either to reimbourse plane tickets to international speakers, boose, or renting the spot. We try to keep the tickets as cheap as possible to ensure a venue to the greater possible number of budgets. Security Professionals pay more, unless they can prove they participated to the community by publishing or releasing an exploit in 2011-2012. In this later case, we give them a serious discount to reward their work and spirit. Here is the list of prices for HES 2012: * Public entrance for security professionals (3 days): 150 EUR * Public entrance for non security professionals (3 days) 100 EUR * Discount for Students below 26 (3 days) 50 EUR * Discount for CVE publisher or exploit publisher in 2011-2012 (3 days) 50 EUR * One-day pass 50 EUR * Volunteers (Must register, see below) (3 days) 0 EUR This year, we introduce a special Corporate ticket (which is clearly a way to directly sponsor HES) which may (or may not!) entitle you to special privileges such as sharing drinks with speakers: * Corporate ticket: 300 euros. --[ Book your ticket: Seats are limited. We recommend you secure yours as early as possible. You can book online here: http://www.amiando.com/SEQSYLV.html Remaining tickets will be sold directly at the doors, on the day of the conference. --[ Trainings There will be no trainings in 2012. We hope to be able to offer trainings in 2013. Thanks for those who submitted training offers this year : we got amazing proposals. --[ Sponsors: We are still looking for sponsors. Entrance fees and sponsors fees are used to fund international speakers travel costs and hosting facility. Please ask for the HES2012 Sponsor Kit at hes-orga __AT__ lists.hackitoergosum.org. --[ Volunteers: Volunteers who sign up before 2012-03-05 get free access and will need to be present onsite two days before (2012-04-09) if no further arrangement is made with the organization. --[ Journalists: In an attempt to educate the media and increase their actual competence when discussing subjects such as hacking and information security, journalists are welcome. But journalists are also required to comply with some simple rules to ensure the mutual respect among adults we aim to bring in hackito. In particular, filming or taking pictures of attendees without their _prior_ agreement is totally prohibited. "We shall respect privacy and people" is the only motto. We do respect and encourage freedom of press, but in return, journalists are entiteled to follow the #1 rule of hacking : the right to anonymity and privacy. Hackers have the right to come to HES without being filmed, pictured, or otherwise monitored in this environment. This may sound as a surprise to you, but as citizens of the internet, we believe we have more rights than maybe your government is granting you. Comply or leave : our rights has hackers are not negociable in our own conference. Period. --[ Parties: The HES crew is teaming up with The Grugq to offer you an orgy of hacking, alcohol, sweet locations and great people. Get your liver ready, it's gonna rock !! --[ Greetz: We would like to thank the HES2011 crew, its reviewing committee and all the volunteers for their time and dedication in making this event a success. Thumbs up to the /tmp/lab hackerspace for their support and the final HES party which was a tremendous success. We would also like to greet all the speakers of last year's edition for the quality of their presentation and the great time we shared in Paris : you are most welcome back in Paris for the 2012 edition. Likewise, we'd like to thank last year's sponsors for their unconditional support. Feel free to support us again for this 2012 edition. Finally, we would like to thank all the people who came and participated in the two previous editions : the conference is the people. See you all in April 2012 ! --[ F*ck off: As security experts and citizens of the internet, we do oppose liberticide laws from day 1. We do oppose ACTA, SOPA, Hadopi, Lopsi2, internet sensorship of any kind (even against pedophiles, terrorists and other scapegoats) and we remain strong advocates of net neutrality. --[ Contact: hes-orga __AT__ lists.hackitoergosum.org Please submit via hes-cfp __AT__ lists.hackitoergosum.org Hackito Ergo Sum 2012 conference - http://2012.hackitoergosum.org -- [ Social Media: Keep in touch with the HES Organization via Facebook, Twitter and Linkedin ! Website: http://2012.hackitoergosum.org "Hackito Ergo Sum" on Facebook - https://www.facebook.com/pages/Hackito-Ergo-Sum/376978867704 @HackitoErgoSum on Twitter ! - https://twitter.com/HackitoErgoSum HackitoErgoSum on Linkedin ! - https://www.linkedin.com/groups?gid=2861584 -[EOF]-
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/