Magazine Internet

Hackito Ergo Sum 2011

Publié le 09 novembre 2010 par Olivier Laurelli
Hackito Ergo Sum 2011

Hackito Ergo Sum 2011

Hackito Ergo Sum est le rendez-vous international que vous fixe le hackerspace /tmp/lab. L’édition 2011 se tiendra du 7 au 9 avril et reunira, on peut leur faire confiance, de nombreux talents pour offrir des interactions de haut niveau. L’appel à participation vient tout juste d’être lancé. Si vous avez des choses à partager, qu’il s’agisse de code ou de bidouille matérielle, cet événement est un incontournable : conférences de haut niveau, capture the flag, des rencontres qui s’adressent aussi bien aux bidouilleurs qu’aux institutionnels ou représentant d’organisation gouvernementale.

La HADOPI ne sera surement pas oubliée, quelque part entre le hacking d’Echelon et de SCADA, un set « Governmental firewall and their limits (Australia, French’s HADOPI, China, Iran, Denmark, Germany, …) » est prévu et je ne saurai trop recommander aux représentants de la HADOPI d’y participer pour comprendre que les limites ne sont pas que philosophiques et que les dangers sont bien réels.

HES 2011 c’est aussi et surtout l’espoir de voir un jour la France rattraper son retard historique sur les autres pays européens en matière de hacking. Faut il encore préciser que le hacking est une discipline noble, utile, favorisant l’innovation et la créativité, indiscociable de la recherche informatique ou de la recherche en général, et qui ‘na rien à voir avec le « piratage ».

A noter que HES2011 se cherche encore des sponsors, n’hésitez pas à les contacter si vous pensez que l’image de votre institution ou de votre entreprise peut trouver une cohérence à s’associer avec un évènement de ce type dont on sait par avance qu’il ne peut être qu’une réussite vu le sérieux reconnu du /tmp/lab pour l’organisation d’évènements (comme le Hacker Space Festival) et sa faculté à regrouper aisément des spécialistes très reconnus dans leur discipline.

HES 2011 : le call for paper

–[ Synopsis: Hackito Ergo Sum conference will be held from April 7th to the 9th of 2011 in Paris, France. Following last edition's success, HES2011 will be a bigger event with even more talks, focusing on hardcore computer & network security, insecurity, vulnerability analysis, reverse engineering, research and hacking, and will try to keep the high quality content. Our dear Program Committee is there to ensure this. HES will this year be a fully international-oriented conference, 100% in English, aiming to gather the best security researchers, experts and decision makers in one room. --[ Introduction: The goal of this conference is to promote security research, broaden public awareness and create an open forum so that communication between the researchers, the security industry, the experts and the public can happen. Last year, we pioneered a domain with the first Capture The Flag (CTF) contest on FPGA, with excellent result that exceeded by far our expectations. This year, new contests will run with hopefully even more diverse and new approaches to security. Of course, network-based CTF and lockpicking contest will still happen. We will have a specific session for new works, including slots for new presenters -i.e. typically people whose personal research are extremely interesting but who do not usually present at conferences- because security innovations occur at the fringe of the security industry, very often by passionate people, and that's what we are and love. Submissions from students, academics or otherwise passionate people from anywhere on the internet are therefore most welcome. We will also have an anonymous side track so that people who wish to present sensitive subjects can do so in total freedom. As we believe the academic system as setup a good precedent with anonymous submissions, review and voting, we wish to pursue this direction by providing researcher a way to share important contribution without being concerned with politics and other non-research influences. This conference will try to take into account all voices in order to reach a balanced position regarding research and security, inviting businesses, governmental actors, researchers, professionals and the general public to share concerns, approaches and interests for this topic. During three days research conferences, solutions presentations, panels and debates will aim to view and determine the future of IT security. --[ Content of the Research Track: We are expecting submissions in English only. The format will be 45 mins presentation + 10 mins Q&A. Please note that talks whose content will be judged too commercial or biased toward a given vendor will be rejected. For the research track, preference will be given to offensive, innovative and highly technical proposals covering (but not restricted to) the topics below: [*] Attacking Software * Automating vulnerability discovery * The business of the 0-day market * Non-x86 exploitation * New classes of software vulnerabilities and new methods to detect software bugs (source or binary based) * Static and Dynamic binary or source-based analysis * Current exploitation on Gnu/Linux WITH GRsecurity/SElinux/OpenWall/SSP and other current protection methods * Kernel land exploits (new architectures or remote only) * New advances in Attack frameworks and automation * Secure Development Life Cycle and real-life development experiences [*] Attacking Infrastructures * Botnets and C&C abuses * Exotic Network Attacks * Telecom (from VoIP to SS7 to GSM & 3G/4G RF hacks) * Financial and Banking institutions * SCADA and the industrial world, applied. * Governmental firewall and their limits (Australia, French’s HADOPI, China, Iran, Denmark, Germany, …) * Law enforcement : how to / how to deceive / how to abuse. * Satellites, Military, Intelligence data collection backbones (« I hacked Echelon and I would like to share ») * Non-IP (SNA, ISO, make us dream…) * M2M * Wormable vulnerabilities against protocols & infrastructures [*] Attacking Hardware * Hardware reverse engineering (and exploitation + backdooring) * Femto-cell hacking (3G, LTE, …) * BIOS and otherwise low-level exploitation vectors * Real-world SMM usage! We know it’s vulnerable, now let’s do something * WiFi drivers and System on Chip (SoC) overflow, exploitation and backdooring. * Gnu Radio hacking applied to new domains [*] Attacking Crypto * Practical crypto attacks from the hacker’s perspective (RCE, algo modeling, bruteforce, FPGA …) * Algorithm strength modeling and evaluation metrics * Hashing functions pre-image attacks * Crypto where you wouldn’t think there is We highly encourage any other presentation topic that we may not even imagine. –[ Submissions: [*] Required information: Submitions must (see RFC 2119 for the meaning of this word) contain the following information: * Speaker’s name or alias * Biography * Presentation Title * Description * Needs: Internet? Others? * Company (name) or Independent? * Address * Phone * Email * Demo (Y/N) We highly encourage and will favor presentations with a demo. Submissions may contain the following information: * Tool * Slides * Whitepaper [*] How to submit: Submit your presentation and materials at: http://hackitoergosum.org/apply/ –[ Workshops: If you want to organize a workshop or any other activity during the conference, you are most welcome. Please contact us at: [email protected] --[ Dates: 2010-11-15    Call for Paper 2011-02-20    Submission Deadline 2011-02-21    Acceptance notification 2011-03-01    Program announcement 2011-04-07    Start of conference 2011-04-09    End of conference --[  Program Committe: The submissions will be reviewed by the following program committee: * Tavis Ormandy (Google) @taviso * Matthew Conover (Symantec) @symcmatt * Jason Martin (SDNA Consulting, Shakacon) * Stephen Ridley @s7ephen * Mark Dowd (AzimuthSecurity) @mdowd * Tiago Assumpcao * Alex Rice (Facebook) facebook.com/rice * Pedram Amini (ZDI) @pedramamini * Erik Cabetas * Dino A. Dai Zovi (Trail Of Bits) @dinodaizovi * Alexander Sotirov @alexsotirov * Barnaby Jack (IOActive) @barnaby_jack * Charlie Miller (SecurityEvaluators) @0xcharlie * David Litchfield (V3rity Software) @dlitchfield * Lurene Grenier (Harris) @pusscat * Alex Ionescu @aionescu * Nico Waisman (Immunity)  @nicowaisman * Philippe Langlois (P1 Security, TSTF, /tmp/lab) @philpraxis * Jonathan Brossard (Toucan System, P1 Code Security, /tmp/lab) @endrazine * Matthieu Suiche (MoonSols) @msuiche * Piotr Bania @piotrbania * Laurent Gaffié (Stratsec) @laurentgaffie * Julien Tinnes (Google) * Brad Spengler (aka spender) (Grsecurity) * Silvio Cesare (Deakin University) @silviocesare * Carlos Sarraute (Core security) * Cesar Cerrudo (Argeniss) @cesarcer * Daniel Hodson (aka mercy) (Ruxcon) * Nicolas Ruff (E.A.D.S) @newsoft * Julien Vanegue (Microsoft US) @jvanegue * Itzik Kotler (aka izik) (Security Art) @itzikkotler * Rodrigo Branco (aka BSDeamon) (Checkpoint) @bsdaemon * Tim Shelton (aka Redsand) (HAWK Network Defense) @redsandbl4ck * Ilja Van Sprundel (IOActive) * Raoul Chiesa (TSTF) * Dhillon Andrew Kannabhiran (HITB) @hackinthebox * Philip Petterson (aka Rebel) * The Grugq (COSEINC) @thegrugq * Emmanuel Gadaix (TSTF) @gadaix * Kugg (/tmp/lab) * Harald  Welte (gnumonks.org) @LaF0rge * Van Hauser (THC) * Fyodor Yarochkin (Armorize) @fygrave * Gamma (THC, Teso) * Pipacs (Linux Kernel Page Exec Protection) * Shyama Rose @shazzzam --[ Fees: Business-ticket (3 days)                                         120 EUR Public entrance (3 days)                                         80 EUR Discount for Students below 26  (3 days)                         40 EUR Discount for CVE publisher or exploit publisher in 2010-2011(3d) 40 EUR One-day pass                                                     40 EUR Volunteers (Must register, see below)  (3 days)                   0 EUR --[ Trainings The list of trainings for HES2011 will be announced shortly after CFP publishing. You can still send us training description to hes2011-orga AT_lists.hackitoergosum.org if you want to offer some training. Trainings will happen from Monday 4th of April until Wednesday 6th of April, just before the conference. --[ Sponsors: We are looking for sponsors. Entrance fees and sponsors fees are used to fund international speakers travel costs and hosting facility. Please ask for the HES2011 Sponsor Kit at hes2011-orga __AT__ lists.hackitoergosum.org. --[ Volunteers: Volunteers who sign up before 2011-03-01 get free access and will need to be present onsite two days before (2011-04-05) if no further arrangement is made with the organization. --[ Journalists: Journalists are welcome, but are required to comply with simple rules to ensure the mutual respect among adults we aim to bring in hackito. In particular, filming or taking pictures of attendees without their prior agreement is totally prohibited. "We shall respect privacy and people" is the only motto. --[ Greetz: We would like to thank the HES2010 Team, its reviewing committee and all the volunteers for their time and dedication in making this event a success. Thumbs up to the /tmp/lab hackerspace for their support and the final HES party which was a tremendous success. We would also like to greet all the speakers of last year's edition for the quality of their presentation and the great time we shared in Paris : you are all most welcome back in Paris for the 2011 edition. Likewise, we'd like to thank last year's sponsors for their unconditional support. Feel free to support us again for this 2011 edition. Finally, we would like to thank all the people that participated to last years edition : the conference is the people
:)
See you all in April !

--[ Synopsis:
Hackito Ergo Sum conference will be held from April 7th to the 9th of 2011 in Paris, France.
Following last edition's success, HES2011 will be a bigger event with even more talks, focusing on hardcore computer & network security, insecurity, vulnerability analysis, reverse engineering, research and hacking, and will try to keep the high quality content. Our dear Program Committee is there to ensure this.
HES will this year be a fully international-oriented conference, 100% in English, aiming to gather the best security researchers, experts and decision makers in one room.

--[ Introduction:
The goal of this conference is to promote security research, broaden public awareness and create an open forum so that communication between the researchers, the security industry, the experts and the public can happen.
Last year, we pioneered a domain with the first Capture The Flag (CTF) contest on FPGA, with excellent result that exceeded by far our expectations. This year, new contests will run with hopefully even more diverse and new approaches to security. Of course, network-based CTF and lockpicking contest will still happen.
We will have a specific session for new works, including slots for new presenters -i.e. typically people whose personal research are extremely interesting but who do not usually present at conferences- because security innovations occur at the fringe of the security industry, very often by passionate people, and that's what we are and love. Submissions from students, academics or otherwise passionate people from anywhere on the internet are therefore most welcome.
We will also have an anonymous side track so that people who wish to present sensitive subjects can do so in total freedom. As we believe the academic system as setup a good precedent with anonymous submissions, review and voting, we wish to pursue this direction by providing researcher a way to share important contribution without being concerned with politics and other non-research influences.
This conference will try to take into account all voices in order to reach a balanced position regarding research and security, inviting businesses, governmental actors, researchers, professionals and the general public to share concerns, approaches and interests for this topic.
During three days research conferences, solutions presentations, panels and debates will aim to view and determine the future of IT security.

--[ Content of the Research Track:
We are expecting submissions in English only. The format will be 45 mins presentation + 10 mins Q&A.
Please note that talks whose content will be judged too commercial or biased toward a given vendor will be rejected.
For the research track, preference will be given to offensive, innovative and highly technical proposals covering (but not restricted to) the topics below:
[*] Attacking Software   * Automating vulnerability discovery   * The business of the 0-day market   * Non-x86 exploitation   * New classes of software vulnerabilities and new methods to detect     software bugs (source or binary based)   * Static and Dynamic binary or source-based analysis   * Current exploitation on Gnu/Linux WITH GRsecurity/SElinux/OpenWall/SSP     and other current protection methods   * Kernel land exploits (new architectures or remote only)   * New advances in Attack frameworks and automation   * Secure Development Life Cycle and real-life development experiences
[*] Attacking Infrastructures   * Botnets and C&C abuses   * Exotic Network Attacks   * Telecom (from VoIP to SS7 to GSM & 3G/4G RF hacks)   * Financial and Banking institutions   * SCADA and the industrial world, applied.   * Governmental firewall and their limits (Australia, French’s HADOPI,     China, Iran, Denmark, Germany, …)   * Law enforcement : how to / how to deceive / how to abuse.   * Satellites, Military, Intelligence data collection backbones     (« I hacked Echelon and I would like to share »)   * Non-IP (SNA, ISO, make us dream…)   * M2M   * Wormable vulnerabilities against protocols & infrastructures
[*] Attacking Hardware   * Hardware reverse engineering (and exploitation + backdooring)   * Femto-cell hacking (3G, LTE, …)   * BIOS and otherwise low-level exploitation vectors   * Real-world SMM usage! We know it’s vulnerable, now let’s do something   * WiFi drivers and System on Chip (SoC) overflow, exploitation and backdooring.   * Gnu Radio hacking applied to new domains
[*] Attacking Crypto   * Practical crypto attacks from the hacker’s perspective     (RCE, algo modeling, bruteforce, FPGA …)   * Algorithm strength modeling and evaluation metrics   * Hashing functions pre-image attacks   * Crypto where you wouldn’t think there is
We highly encourage any other presentation topic that we may not even imagine.
–[ Submissions:
[*] Required information:
Submitions must (see RFC 2119 for the meaning of this word) contain the following information:
* Speaker’s name or alias* Biography* Presentation Title* Description* Needs: Internet? Others?* Company (name) or Independent?* Address* Phone* Email* Demo (Y/N)
We highly encourage and will favor presentations with a demo.
Submissions may contain the following information:* Tool* Slides* Whitepaper
[*] How to submit:
Submit your presentation and materials at:http://hackitoergosum.org/apply/

–[ Workshops:
If you want to organize a workshop or any other activity during the conference, you are most welcome. Please contact us at: [email protected]

–[ Dates:
2010-11-15    Call for Paper2011-02-20    Submission Deadline2011-02-21    Acceptance notification2011-03-01    Program announcement2011-04-07    Start of conference2011-04-09    End of conference
–[  Program Committe:
The submissions will be reviewed by the following program committee:* Tavis Ormandy (Google) @taviso* Matthew Conover (Symantec) @symcmatt* Jason Martin (SDNA Consulting, Shakacon)* Stephen Ridley @s7ephen* Mark Dowd (AzimuthSecurity) @mdowd* Tiago Assumpcao* Alex Rice (Facebook) facebook.com/rice* Pedram Amini (ZDI) @pedramamini* Erik Cabetas* Dino A. Dai Zovi (Trail Of Bits) @dinodaizovi* Alexander Sotirov @alexsotirov* Barnaby Jack (IOActive) @barnaby_jack* Charlie Miller (SecurityEvaluators) @0xcharlie* David Litchfield (V3rity Software) @dlitchfield* Lurene Grenier (Harris) @pusscat* Alex Ionescu @aionescu* Nico Waisman (Immunity)  @nicowaisman* Philippe Langlois (P1 Security, TSTF, /tmp/lab) @philpraxis* Jonathan Brossard (Toucan System, P1 Code Security, /tmp/lab) @endrazine* Matthieu Suiche (MoonSols) @msuiche* Piotr Bania @piotrbania* Laurent Gaffié (Stratsec) @laurentgaffie* Julien Tinnes (Google)* Brad Spengler (aka spender) (Grsecurity)* Silvio Cesare (Deakin University) @silviocesare* Carlos Sarraute (Core security)* Cesar Cerrudo (Argeniss) @cesarcer* Daniel Hodson (aka mercy) (Ruxcon)* Nicolas Ruff (E.A.D.S) @newsoft* Julien Vanegue (Microsoft US) @jvanegue* Itzik Kotler (aka izik) (Security Art) @itzikkotler* Rodrigo Branco (aka BSDeamon) (Checkpoint) @bsdaemon* Tim Shelton (aka Redsand) (HAWK Network Defense) @redsandbl4ck* Ilja Van Sprundel (IOActive)* Raoul Chiesa (TSTF)* Dhillon Andrew Kannabhiran (HITB) @hackinthebox* Philip Petterson (aka Rebel)* The Grugq (COSEINC) @thegrugq* Emmanuel Gadaix (TSTF) @gadaix* Kugg (/tmp/lab)* Harald  Welte (gnumonks.org) @LaF0rge* Van Hauser (THC)* Fyodor Yarochkin (Armorize) @fygrave* Gamma (THC, Teso)* Pipacs (Linux Kernel Page Exec Protection)* Shyama Rose @shazzzam
–[ Fees:
Business-ticket (3 days)                                         120 EUR
Public entrance (3 days)                                         80 EURDiscount for Students below 26  (3 days)                         40 EURDiscount for CVE publisher or exploit publisher in 2010-2011(3d) 40 EUROne-day pass                                                     40 EURVolunteers (Must register, see below)  (3 days)                   0 EUR
–[ Trainings
The list of trainings for HES2011 will be announced shortly after CFP publishing. You can still send us training description to hes2011-orga AT_lists.hackitoergosum.org if you want to offer some training. Trainings will happen from Monday 4th of April until Wednesday 6th of April, just before the conference.
–[ Sponsors:
We are looking for sponsors. Entrance fees and sponsors fees are used to fund international speakers travel costs and hosting facility. Please ask for the HES2011 Sponsor Kit at hes2011-orga __AT__ lists.hackitoergosum.org.
–[ Volunteers:
Volunteers who sign up before 2011-03-01 get free access and will need to be present onsite two days before (2011-04-05) if no further arrangement is madewith the organization.
–[ Journalists:
Journalists are welcome, but are required to comply with simple rules to ensure the mutual respect among adults we aim to bring in hackito. In particular, filming or taking pictures of attendees without their prior agreement is totally prohibited. « We shall respect privacy and people » is the only motto.

–[ Greetz:
We would like to thank the HES2010 Team, its reviewing committee and all the volunteers for their time and dedication in making this event a success. Thumbs up to the /tmp/lab hackerspace for their support and the final HES party which was a tremendous success.
We would also like to greet all the speakers of last year’s edition for the quality of their presentation and the great time we shared in Paris : you are all most welcome back in Paris for the 2011 edition.
Likewise, we’d like to thank last year’s sponsors for their unconditional support. Feel free to support us again for this 2011 edition.
Finally, we would like to thank all the people that participated to last years edition : the conference is the people

:)
See you all in April !

–[ Contact:

  • hes2011-orga __AT__ lists.hackitoergosum.org
  • Hackito Ergo Sum 2011 conference – http://hackitoergosum.org
  • Hacker Space Festival – http://www.hackerspace.net

– [ Social Media:

Keep in touch with the HES Organization via Facebook, Twitter and Linkedin !

Possibly Related Posts:

  • Atteintes aux libertés : tout ce qui rentre par Internet, finit par sortir d’Internet
  • DPI over SSL, pour un Internet vachement plus civilisé
  • SCADA sous les balles
  • Start-VPN.com : spamming as a full time job
  • DPI : Stonesoft découvre une AET (Advanced Evasion Technique ) sur les solutions d’inspection de contenus


Retour à La Une de Logo Paperblog