ToorCamp 2022
General attendees can now begin moving into camp!
Reserved cabins, yurts, domes, and private campsites can now check-in.
To kick off ToorCamp, we'll be playing "Blade Runner" in the prime dome.
Want to go on a morning run/jog/hike? Lets meet up at the NightMrkt Dome / Volleyball Court and go from there. There's a few great trails we can do at Moran State Park if there's enough seats to drive over or some nice routes directly from Doe Bay. Lets meet up and figure out a distance and terrain that works well for everyone.
Time to kick off the conference with announcements and greetings from the ToorCamp crew.
The COVID-19 outbreak made 2020 an unprecedented year, bringing with it a slew of cybersecurity concerns. With the increase of COVID-19 cases crippling healthcare providers across the globe, tracking and containing the outbreak became a top priority. Countries scrambled to develop contact tracing applications and rushed their development, prioritizing application functionality over security. Driven by skepticism that rushed applications truly possess robust security controls, we were motivated to expose weaknesses present in contact tracing applications. Our talk will discuss the testing conducted on contact-tracing applications, including our discoveries. Then, we will run through the implications of rushed development, including its causes and effects. Finally, we will conclude with solutions that could mitigate and prevent security risks associated with accelerated application development.
Learn to solder and join the glow club! Join us to build a simple badge that can help light your path at night.
"Shiva" A modern look into advancing the state of Linux process runtime hardening against exploitation by introducing a modular programming environment for the design and implementation of new security technologies without the need for compile-time instrumentation. One example demonstrates a Shiva module which implements backwards edge control flow integrity to prevent stack corruption exploits. The technology is fast, dynamic, and offers developers the programmatic insight and control to build quality software security features.
A short presentation about creating the badges for this years Toorcamp.
Program instrumentation and tracing is a key component of any offensive persistence framework or defensive endpoint detection and response (EDR) technology. This talk will focus on the latest tracing infrastructure known as Extended Berkeley Packet Filters (eBPF) which is currently supported on Linux and is coming to Windows as well. eBPF is complex with several front end languages and backend hooking engines. This talk will explain how eBPF works, what it takes to write eBPF based hooks, and demonstrate two simple tools for verfiying or infecting ELF binaries on the fly.
In this talk, I'll begin by explaining what templating engines are, what need they serve, and detail where templates are generally used. I'll then discuss how bugs in these systems can arise, how they can be detected as an attacker, and how they can be exploited. I'll also discuss significant examples of template injection bugs, such as Log4Shell, and talk about how they were exploited and fixed.
Rapid prototyping is all the rage, but if that still involves too much foresight and planning for you, there's always reckless prototyping!
Never made a PCB before? This is the quickest way to learn. First, we'll give you a complete KiCAD schematic for a simple flashy light circuit. Next, we'll walk you through the process of laying out your first board. Finally, we'll show you how to fab it in minutes on a PCB milling machine! Made a mistake? No problem, fix it and you'll have V0.0.2 in your hands in a few more minutes.
Ever wanted to make electronic music, but found yourself getting distracted by the internet instead of producing music? Have you felt lost and overwhelmed at the infinite options of programs like ableton or fruity loops? Looking for a gateway drug to electronics and circuit design? A eurorack modular system might be for you! This talk will cover the history of synthesizers, a description of the eurorack format, an overview of synthesis techniques and a collection of cool hacks that are used to make everything from EDM bangers to movie soundtracks.
This workshop will show you how to build a forge to melt down aluminium cans and cast ingots
This talk explores the softer side of electronics, from electronic embroidery and e-textiles to soft robotics and flexible PCB design. We will take a look at some of the exciting technologies in this field, including industrial machines that embroider traces to microcontrollers, open source soft robotics, 'pick and place' sewable LEDs, e-textiles in space, fabric speakers and the world of flexible and stretchable PCB design. I will also share examples of how engineers, scientists and artists are using these soft electronics technologies in their work.
As well as this higher level overview, we will take a look at a number of accessible DIY projects, along with practical tips on materials and techniques, and suggestions for further learning. I will also talk about softness in electronics in a non-literal sense, looking at some cool projects from the community that link emotions, vulnerability and physical computing.
Make your own dragon or fairy wings, adding EL wire so you can be seen at night.
Memphis Terrazzo brings the custom MIDI electronics and original remixes to mash a live set resurrecting all the adrenaline rush of 90s cyberpunk cinema. Turn up for electronica that makes you want to put on sunglasses, rollerblades, and a pager.
Car Hacking Workshop
House DJ hailing from Seattle, ready to drop some tunes
TBA
This set will be a spooky techno set, with a healthy dose of squelchy acid synth lines. This will be an entirely eurorack set, with no DAW or laptop in site!
2012: the golden era of Electronic Dance Music. Get nostalgic and dance your ass off to the best EDM classics of the 2010s.
Let's build a cyberpunk night market! Everyone is welcome to come barter, build, buy and sell their warez at ToorCamp's first NIGHTMRKT.
Bring sketchy electronics, con swag, midnight snax.
Want to go on a morning run/jog/hike? Lets meet up at the NightMrkt Dome / Volleyball Court and go from there. There's a few great trails we can do at Moran State Park if there's enough seats to drive over or some nice routes directly from Doe Bay. Lets meet up and figure out a distance and terrain that works well for everyone.
Fancy finger painting!
It's hard to know when to stop shouting at your mobile device and start taking action to survive. This talk is about how science fiction deals with that question, in stories about social complacency, resistance, and the unexpected consequences of revolution. I'll discuss the ways storytelling helps us resist authority, including real-world examples from my experiences as a sci-fi author and science journalist.
Had a radio that no one knew the password for it. All I wanted was to wipe it and get it setup again. Their reset procedures were failing. I fell on my sword, and called support. After we tried it all, they just sent a new piece of hardware. However, I still had “working” hardware.
The reset instructions just failed to work (bug in the code?). I then pulled apart the radio, and found all kinds of stuff for me to connect up to. I’ll explain the process of reverse engineering the hardware, connecting the serial (UART), and recovering the device, as well as hardware that works super well to get into this. Cheap Logic probes, etc.
Synthetics monitoring is simulating user traffic and behavior on your web application. It is essential to proactively detect and resolve outages, security issues and poor performance issues before any users or your stakeholders notice. In this workshop, you will build your own synthetics monitoring test suite using Selenium webdriver and popular JavaScript testing frameworks.
Come taste and learn about bean-to-bar chocolate. We will focus on chocolate makers that are local to the PNW. I've worked in chocolate on and off for several years, and currently judge for the International Chocolate Awards.
It is becoming increasingly harder to interconnect modern systems with old circuit-switched technologies, such as TDM/T1 trunk lines, ISDN, etc. Additionally, there are also a number of interesting older technologies that rely on telephone modems. To deploy new projects based on these technologies, we need a way to both interface with old circuit-switched phone systems and create virtual modem banks to support new services. This talk will introduce Tedium, an FPGA-based T1 interface that exposes up to 192 phone lines as USB audio devices, as well as our efforts to interface old softmodem drivers with this new hardware, allowing us to deploy and scale novel dial-up-based services at camp.
A list of potential secret ingredient(s) is going to be published two weeks prior to the event. The actual ingredient(s) are to be shown and given to the competitors 3 hours before they need to present their entries. Judging order is done via first come first serve to sign ups. Teams not being shown first get an additional 5 minutes to warm up (please note this is to warm up only and not to cook) any food items before it is served
At the Connections Museum in Seattle, volunteers have spent years locating parts for, and restoring the last No. 1 Crossbar and Panel telephone switches in the world. A tale of wild luck, adventure, and passion, with a reasonable amount of interesting technical details.
Come sit down and solder your ToorCamp 2022 badge or get help on how to start your soldering journey.
What, exactly, does a gender transition involve?
Over time, it has increasingly become the case that there is no simple answer. The degree to which people can now pick and choose what they want in terms of (de)masculinizing and (de)feminizing effects/procedures is astonishing - even to many trans people and medical professionals providing them care. Much of this customization is especially attractive to non-binary (neither strictly male nor female) individuals.
From simply unbundling things that have historically been considered package deals to experimental surgeries and straight up biohacking... come learn about the gender transition "secret menu", compared and contrasted with the traditional options.
This workshop is a hands-on introduction to working with audio in Pure Data (PD). PD is the free/libre visual/dataflow programming language and the cousin / younger parent of MaxMSP. PD lives in it's own idiomatic world where you build flow charts with something like audio patch cables, and the thing you build is the programming logic and also the user interface. Pd patches can create things like a custom instrument/synth, noise maker, meditation aid, telephony tone generator, FX box, audio installation, or commercial experience design engine. We will build some glitchy audio tools/toys/terrors from scratch. No programming chops are needed or even preferred, and you will exit the workshop as an empowered human with new skills in audio hacking. Bring a laptop and headphones!
Modern criminals don't hack computers, they hack people. Emulating modern techniques requires modern tooling. This talk takes you on a journey from being an outsider to full domain compromise of a modern corporate network, with a focus on identifying and leveraging human targets at each step along the escalation path, all using freely available open source tools.
Ham radio testing all classes. Everyone who passes gets 250 shadybucks. Prepare at hamstudy.org that has practice tests and study guides.
https://wiki.toorcamp.org/Stupid_Shit_No_One_Needs_%26_Terrible_Ideas_Hackathon
Have a FCC amateur radio license or thinking about getting one? There are some easy quick ways to get on the air, and yes all it takes is some wire, balun, and a radio (this can be a raspberry pi). I'll share a few quick examples of my own.
We're showcasing a little project that sketches your face to provide a memorable little souvenir for you to take home from Toorcamp!
Make your own dragon or fairy wings, adding EL wire so you can be seen at night. Adult version next day Saturday.
If you find yourself stuck in an endless beerocracy you're gonna need a soundtrack. While Cisco's Opus Number 1 is a certified banger, sometimes you need some variety in your on hold music. Listen no further than DJ Mass Accelerator, bringing you the finest tunes to fill out forms to. M-F 9:00-5:00, excepting federal holidays.
Constellation Viewer Kit
Missing the non-stop techno thump of European hacker camps? Come join dj supersat for some Berlin-inspired techno, perfect for either late night hacking or dancing the night away.
TBA
DJ mattrix
Let's build a cyberpunk night market! Everyone is welcome to come barter, build, buy and sell their warez at ToorCamp's first NIGHTMRKT.
Bring sketchy electronics, con swag, midnight snax.
Want to go on a morning run/jog/hike? Lets meet up at the NightMrkt Dome / Volleyball Court and go from there. There's a few great trails we can do at Moran State Park if there's enough seats to drive over or some nice routes directly from Doe Bay. Lets meet up and figure out a distance and terrain that works well for everyone.
Launching and racing a mid altitude weather balloon to circumnavigate the earth! (Hopefully)
We've brought various iterations of robot boats to every Toorcamp since 2014... now we've got one that sails and carries cargo.
The Robodox, a FIRST & VEX Robotics Team from LA, was left in my hands at the beginning of this school year. From one of three rookie programmers to the president of the 40-student team after two COVID-19 graduating classes was quite a drastic change. With ambition for improvement and a bit of insane luck, I led our team to winning a regional competition for the first time in our 20+ year history, qualifying us to compete at the FIRST World Championship. This is a story of the ups and downs and plot twists, all from the perspective of a high school junior with self-diagnosed senioritis.
We'll cover some of the more nuanced, weird and off-kilter ways one might go about hacking DAOs, from Airdrops to Daoism, general hacks and social engineering. At the end, we'll hand out some DIY DAO Card Games where you can practice hacking a DAO yourself! No DAO experience necessary!
Grab a soldering iron and build your own phone-phreakin' blue box! Learn to hack like it's 1974 - and practice your skills on the Shadytel phone network. 25 kits based on an open-source design will be made available for purchase prior to and during the event. Plan to spend 1-2 hours with us if you are familiar with soldering, or ~4 hours if you are a beginner.
What is alt text and why is it important? What is support like on major social media platforms? What can be done to help people make their presence on the web accessible?
MHFA is an amazing tool for helping anyone to navigate an increasingly complicated and chaotic world. MHFA is useful for anyone anywhere who has a brain and nervous system, or knows others who do. We will go over the basics of recognizing someone experiencing a mental health or substance use crisis and how to respond. We also will go over some exercises for recognizing and managing the signs in yourself that you need to pull back and take a break to prevent or manage burn out.
Could a signed Windows executable be modified, but still have a valid signature? Everyone told me "no", so I built a set of tools that does exactly that. Lets talk Authenticode, PE/COFF and a trivial Microsoft limitation that allows one to inject data without breaking signatures or triggering Defender and EDR warnings. Then, see what you can do with that "feature".
Kubernetes popularity has triggered a growth of frameworks, tools and technologies around it. This in turn spurred growth of the attack surface. We'll chat about default security controls and the lack of protections, issues and trade-offs that one makes when deploying on Kubernetes. We'll also talk about using the best of the new technologies and processes for keeping the applications out of harms way.
The recent nature publication, "Dual use of artificial-intelligence-powered drug discovery" demonstrated that a machine learning model designed to predict toxicity for drug discovery could be co-opted to generate deadly chemical weapon compounds, including VX gas and novel, uncharacterized toxic chemical substances. It seems likely that there will be many more such dangerous applications of AI systems, as these systems grow more powerful. At the same time, AI systems are likely to be increasingly useful for a wide variety of applications, including defensive security. Given this tension, how can the infosec community help develop good norms around the security of AI systems? The infosec community has a lot of experience navigating tradeoffs in vulnerability disclosure norms. Can these lessons be applied to AI systems that might be capable of generating their own vulnerabilities, in both computer systems and biological systems?
Learn how to work with conductive thread to sew your own circuits. In this workshop we will make a plush sparkle heart emoji with felt, LEDs and conductive thread. You will learn:
- tips and tricks for using the different types of conductive threads
- how to hack regular through hole components into sewable ones
- how to make a simple electronic circuit that lights up an LED
Suitable for beginners and older children (11+). It will help if you know how to thread a needle and tie a knot but instruction will be provided.
Machine learning's entry barrier is far too high. Right now, for one to get started, they need to know languages like Python, be familiar with libraries like NumPy and ScikitLearn, and know linear algebra and calculus, but these entry barriers discourage people who don't have these prerequisites. ML concepts don't have a fundamental link with text based languages, so we created a system that doesn't pretend they do. We developed Kobra, a visual programming language (like Scratch) for Machine Learning, which allows you to create and share machine learning models in minutes, even for those without programming experience. It's fully open source on GitHub, and for this talk, we want to build an ML project on Kobra with everyone here.
Come learn how to hack networks without needing to piss off your local coffee shop, housemates, or the Feds! Bring your laptop and by the end of this workshop, everyone can walk away having intercepted some packets and popped some reverse shells
We are living in a golden age of machine learning research. Language models, GANs, and emerging text-to-image generation breakthroughs are happening faster than anyone can reasonably keep up with. Corporations with nation-state level funding are pouring billions of compute hours into generating models to solve specific domains of the general AI problem. But how can you leverage these pieces of academic-grade software to build a coherent gestalt entity?
I'm happy to announce the release of persyn.io, a lightweight open source microservices architecture for linking together any number of AI research projects into a single consciousness. I'll also introduce Anna, the first proto-personality implemented in persyn.
Building on experiences gained during the pandemic, this presentation will briefly cover some common interpersonal dynamics found in public community gardens and how they can be navigated to develop positive changes.
I started gardening on my balcony about a year ago and it's easy, fun, and emotionally fulfilling.
Heterochronic pararabiosis is the interlinking of the circulatory systems of young and old animals. While it has been shown to have rejuvenative effects on the older animal, it is the sort of experiment that sends villagers into the mad scientist's laboratory with pitchforks and fire. Last summer I convinced a few fellow hackers to try something novel and less icky: donate plasma on an aggressive schedule and see if we could observe similar effects in humans. It worked, and we published a paper about it. This is the story of what we did, how we did it, and what might happen next.
Lets celebrate and make fun of the ways ADHD messes with us; and maybe learn some coping skills to boot
Looking like mess of wires and knobs and resembling something Shady Tel might be familiar with, modular synthesizers stand at the intersection of art and technology. Individual modules follow the Unix philosophy of combining small tools that do one thing well. By connecting these modules in any of millions of different combinations, musicians create their own custom instruments capable of almost any sound imaginable. In this talk, the audience will get an introduction to modular synthesizers with the popular Eurorack format. Through a live demonstration of the author’s Eurorack system we’ll discuss the basic building blocks, introduce and walk through the classic “East Coast” subtractive synthesis style, and build up to some banging techno.
Make your own dragon or fairy wings, adding EL wire so you can be seen at night. This workshop will include the use of contact cement. Respirators advised if you are sensitive
https://wiki.toorcamp.org/Stupid_Shit_No_One_Needs_%26_Terrible_Ideas_Hackathon
Join us to close out the conference and annouce winners for all the contests!
Take the test for your Ham radio license. Free re-takes.
bash explode will be playing a set of electronic music + guitar + maybe singing + live remixes!?
Once again we have DJ Keith Myers and many guest stars for a night of fun and dancing until 2am!
Let's build a cyberpunk night market! Everyone is welcome to come barter, build, buy and sell their warez at ToorCamp's first NIGHTMRKT.
Bring sketchy electronics, con swag, midnight snax.