Villages Arrival
Come watch Blade Runner 2049 with us in the Prime Dome!
To make sure we get back in time for opening remarks were going to do a jog to Sea Acres and back. Its around 2 miles out (4 miles round trip) but feel free to modify for shorter or longer: https://www.strava.com/routes/3239825243071242142. Plan is to be back at ToorCamp by 9am.
The ToorCamp Kick-off!
- Terms, exceptions and conditions apply.
Certain types of hardware attacks have a reputation of being difficult to perform or requiring specialized equipment - however recently, a lot of this has become a lot more accessible - and a lot more cheaper.
Let's take a look at how you can perform attacks that can be used to recover (or steal) millions of dollars - for the price of a cappuccino!
Deer Punk Kids Camp / Marshmallow & toothpicks
Storage is cheap, but we suck at presentation. We've archived gobs of the history of the 90s web (GeoCities, MySpace), but it's all mothballed in hard to surf archives. I'm going to show how we bring these lost sites back to life so people can actually look at them, and hopefully inspire you to take up a restoration project of your own.
Bring your ToorCamp 2024 badge to learn to solder. We will provide the components and show you how to build it.
Hardware Jewelry
During Prohibition in Seattle, the Olmstead Rumrunning operation became the largest employer in the whole city, delivering illicit hooch to luminaries such as Boeing and the mayor. And they did it all without guns and moonshine, unlike their east coast counterparts. Come find out the secrets of their success and how they are still useful today, especially given the political and cultural landscape we face now.
Do quantum computers mean the end of encryption? Or is that all FUD? This talk will cover the threat that quantum computers pose, the ways that we can defend against them, the real-world status of the mitigations, as well as steps you can take to keep your data safe.
A quick crash course on creating or embedding items in UV or 2-part epoxy resin. Discussion will include the differences between different types of resin, why and how theyre used, and when to choose one over the other. A live demonstration will walkthrough performing a simple cast using UV resin.
Take a peak behind the scenes of Shadybucks: the motivation, the code base, and all of the integrations. We'll go over some fun statistics from last Toorcamp and how it was hacked, as well as introducing some new features for this year.
If you've always wanted to write, or you think you might have a story idea, or you've been writing forever, this is the workshop for you! We'll sit down and talk about how to utilize science to write science fiction, and the awesome ways to launch stories from our everyday work. We'll do some exercises, talk about cool ways to approach scientific topics, and answer any questions you have about writing.
TBA
Cube Rule of Food / PB&J Snacktime
While it's cool and all to use specifically designed hardware for transmitting data, what happens when you don't, and all you have is some time code and a little bit of I/O? This is a follow-up talk to a video released in March 2024 where LoRa packets were transmitted over a mile with just a microcontroller, wire, and a dream.
Welcome to the New World Order, the Age of Artificial Intelligence, the unavoidable evolution of technology that is here to assimilate human knowledge in its natural language form! You've parleyed with the perceptrons, you've dreamed deeply with Dall-E, but how do we harness this emerging capability to perform security analysis tasks such as looking for vulnerabilities and malware in source or binaries? In this hour I will give you the down low download of deep learning applications for code analysis!
We will review successes and failures in research applying LLMs to code analysis tasks and discuss how to evaluate models and create your own dataset for evaluation, training, and tuning prompting for better results. Finally we will conclude with a brief discussion of the threat landscape when deploying LLMs in production including multiple new vulnerabilities discovered during the course of this research.
Throughout history, humans have loved making little books for our friends. These books have gone by many names, including zines, bibelots, pamphlets, and (certain types of) epistles. In this talk, I'll introduce you to several types of little books people have historically made for their friends in reverse chronological order, as well as the associated movements and defining characteristics of each type of little books.
Running computations over encrypted data you can't read sounds fundamentally impossible, right? It turns out, with the eldritch abomination known as Fully Homomorphic Encryption (FHE), you can! Leveraging the power of lattices, the TFHE scheme allows Bob to evaluate binary circuits over your ciphertexts without your secret key. He can then send it back to you and then you can decrypt it!
In this workshop, we'll
* Journey through the basics of FHE and the TFHE scheme
* Ignore most of the math to keep things fun
* Show how to turn any binary circuit into one compatible with TFHE
* Use Mr. Circuit(TM) to automate the transformation
* Demo the circuit running with real(TM) cryptography
* Explore a few possible use cases
Afterwards, you too can play with Mr. Circuit to your heart's content and build your own circuits from a self-contained Rust starter project.
Calling all young hackers and pixel art enthusiasts! Join us for a hands-on workshop where you'll unleash your creativity and transform tiny beads into amazing retro-inspired masterpieces. We'll delve into the world of pixel art, exploring the secrets behind classic video game characters, iconic symbols, and even your own original designs.
Learn to:
* Decode Pixel Art: Discover how to break down images into their pixelated building blocks.
* Bead by Bead: Master the techniques for placing fuse beads on pegboards to bring your visions to life.
* Fusing Fun: Use heat to magically fuse the beads together, creating durable and colorful artwork.
* Retro Remix: Get inspired by pixel art from classic games and learn to recreate your favorites.
* Express Yourself: Design your own unique pixel creations and unleash your inner artist.
This workshop is your chance to level up your pixel art skills and have a blast with fuse beads!
Electronic conference badges are cool and everything, but they're A LOT of time, money, and effort including but not limited to hardware, software and art design, testing, manufacturing, testing, provisioning, and repairing.
I've got a relatively simple, cheap, mass-producible badge design. We'll start out by looking at and understanding the design and implementation, highlighting the areas worth customizing (and which to leave as-s). Then we'll spend the majority of our time working in KiCAD to customize the hardware, CircuitPython to customize the software, or both if you have time.
We'll wrap up with some discussion of how to handle badge logistics for events of different sizes, and warn about some of the many pitfalls that electronic badges suffer. You should walk away with the design for your own customized badge design plus everything you need to have it mass produced.
Make your own dragon or faerie wings, adding EL wire so you can be seen at night. This workshop will include the use of contact cement. Respirators advised if you are sensitive
Open source has a lot to offer potential contributors! Contributing to a project is a great way to build a technical portfolio, learn industry tools/practices, and have real world impact. In turn, new contributors help sustain healthy technical communities and enable them to grow. Mentorship can be an especially powerful tool for cultivating a more diverse, equitable, and inclusive tech pipeline. In this talk we discuss what mental barriers students face when it comes to coding and contributing to open source, how to craft mentorship resources, and what resources projects need to build lasting relationships with students.
Join Becca for some Nintendo Switch Karaoke via the JOYSOUND game. Compete on the song of your choice with the world (or not).
What is a Repair Café?
Repair Cafés are free meeting places and theyre all about repairing things (together). In the place where a Repair Café is located, youll find tools and materials to help you make any repairs you need. On clothes, furniture, electrical appliances, bicycles, crockery, appliances, toys, et cetera. Youll also find expert volunteers, with repair skills in all kinds of fields.
Visitors bring their broken items from home. Together with the specialists they start making their repairs in the Repair Café. Its an ongoing learning process. If you have nothing to repair, you can enjoy a cup of tea or coffee. Or you can lend a hand with someone elses repair job. You can also get inspired at the reading table by leafing through books on repairs and DIY.
DJ dance music set with most songs directly influenced by science-fiction or fantasy themes or closely adjacent to geek themes.
DJ PatAttack blends all the best House music for you to enjoy!
Come join other runners for a jog around Cascade Lake. The total loop around the lake is 2.5 miles (https://www.strava.com/routes/3237644739876640498) but can be easily be extended to about 3.3 miles (https://www.strava.com/routes/3237645062167190774) or lapped twice for any faster runners that want to get some extra mileage in. We'll meet up at the Volleyball Court and then carpool to the lake at 8:00am sharp and should be back around 10:00am.
I've been home-roasting coffee for about 15 years. It's been a fun journey that I'd like to share with interested folks. I'll talk about coffee beans, harvesting and processing, then describe various options for roasting coffee. Next we'll roast a kilogram or two of coffee in my home roaster which shows the temperature of the beans throughout the roasting process. Finally we'll grind, brew and drink some freshly-roasted coffee.
Kids Safe Science Experiment
Shadytel is excited to introduce Shadyvision, a 24/7 digital TV broadcast at Toorcamp that you can receive with hardware you likely already have (an RTL-SDR dongle). This talk covers the technical details of how it works, including how to set up your own broadcasts at other hacker events.
Learn how to create a custom Minecraft mob using Blockbench. Bring your imagination! And also your own computer with Minecraft. We will supply the rest.
Bring your ToorCamp 2024 badge to learn to solder. We will provide the components and show you how to build it.
Stomp Rockets
The secret life of chocolate explores the complex nature of chocolate and how to coat the perfect strawberry.
There are some fun tools to be had, and attacks that can bypass code or instructions in code if you either inject voltage at the right time or enough EMI that it can flip bits. or scramble/overwrite segments of memory that it will bypass security controls with-in the code.
This talk will break down the seemingly infinite variables that contribute to the effects of cannabis. By discussing the chemistry of cannabinoids, terpenes, and the endocannabinoid system we will begin to identify the causes of desired effects. Extraction and delivery afford even more opportunities to fine tune cannabis experiences. This talk will explore extraction, vaporization, and even DIY nano-emulsions.
Learn both surface-mount and through-hole soldering to create your own interactive, color-tuning cat badges with the Meow Mixer!
Make your own dragon or faerie wings, adding EL wire so you can be seen at night. This workshop will include the use of contact cement. Respirators advised if you are sensitive
Flipper Zero - who hasnt seen it in the news in the past year?. Depending on what one reads, it could be an annoying prank device, a deadly hacking appliance, or something in between. What is FUD, and what is true? Is there some utility to this little gadget? What are my chances of going directly to jail (straight to jail!)?!
We attempt to provide a no-nonsense primer on what the Flipper is, isnt, and what can be done to help people explore the wonderful world of RF and consumer electronics. Ever wondered how your hotel key works? Want to see how that weird remote control functions? The Flipper is your extremely portable gateway to the world!
Security tools in nixpkgs hack session
nixpkgs folks on hand to help you package your favorite obscure security tools.
Have you ever dreamed of living abroad? You might be surprised how possible it is, especially if you can work remotely. In this talk, TProphet will discuss citizenship and residency programs available around the world. You'll learn about obtaining second citizenships and second residencies, tax implications and considerations, and what to plan for when you're considering an international move. We'll discuss myths and misunderstandings, contingency planning, and the all-important question of "how fast is the Internet?" Don't want to leave the US? You can get the benefits of living abroad in some US jurisdictions as well! There will be plenty of time for Q&A with the speaker, so bring your wildest dreams to discuss. And remember: living abroad isn't crazy. Staying home might be!
We are launching a mid altitude weather balloon with a ham radio tracking device (APRS) in to the jetstream and racing it around the world.
Running programs simultaneously in the same memory-space: what could possibly go wrong? This is about how and then playing with it hands-on. We look at the inner workings, build our own small programs which try to overwrite each other and have a small battle!
DIY Piano
In this workshop, youll learn to write bad USB scripts to hack computers using a cute, cat-themed hacking tool called the USB Nugget.
What is a Repair Café?
Repair Cafés are free meeting places and theyre all about repairing things (together). In the place where a Repair Café is located, youll find tools and materials to help you make any repairs you need. On clothes, furniture, electrical appliances, bicycles, crockery, appliances, toys, et cetera. Youll also find expert volunteers, with repair skills in all kinds of fields.
Visitors bring their broken items from home. Together with the specialists they start making their repairs in the Repair Café. Its an ongoing learning process. If you have nothing to repair, you can enjoy a cup of tea or coffee. Or you can lend a hand with someone elses repair job. You can also get inspired at the reading table by leafing through books on repairs and DIY.
Recent advances in cryptography have made it practical to prove that you have correctly executed a program, even while keeping details of the execution hidden, and without any trusted parties, custom hardware, or trusted execution environments. Moreover, the execution of arbitrarily complex long running programs can be verified in a small constant time (milliseconds). This talk will provide a basic introduction to the idea of zero knowledge proofs, talk about the current state of the art, examine some of the impacts and consequences of this emerging technology, and provide some pointers for further exploration. We'll leave out the math and focus on explaining the high level concepts in a (hopefully) accessible way.
In recent years, Zero Knowledge Proofs have unlocked some surprising new capabilities. As the tooling matures, we're seeing a groundswell of new applications. This talk will explore the implications for the software security space, and how these tools can be leveraged premissionlessly to achieve unprecedented levels of software security assurances to everyday users.
Bingo
In this workshop you will cut, fold, build and decorate your own Fairy House, then construct a circuit to light your house.
How to collect and assemble UAV photos into an orthomosaic.
At Nautilus Institute, we built a system for running "Raw Water," a web-based SQL injection challenge for DEF CON Capture The Flag qualifiers in 2023. This challenge allowed teams to attack a private, isolated, and persistent SQL instance through a web application that wasn't solvable with the very generic "sqlmap" tool.
This talk touches on Vito's experience with web-based challenges as both a player and challenge author, SQL sandboxing techniques and how they affect game operations, mitigations for sqlmap, and potential future work.
We'll go over how to set up a HaLow network, how it achieves ranges of up to 1km with many devices, and what's new in the protocol
Build your own EMF Explorer badge that lets you listen to the world of electromagnetic frequencies around you!
Want to get started in malware analysis or development? Never compiled code or read assembly language before? No problem! This workshop will have you building 32-bit and 64-bit DLLs from scratch, understanding Windows API calls and some basics of assembly language.
Bubbles and Wands
The Stupid Hackathon presents an opportunity to create the most useless, dangerous and/or variously unwise things you can imagine.
How to build an arcade system using Evo Linux on a micro SD card in a Raspberry Pi. We will leverage a standard Jamma board and wiring harness.
Come see some lightning talks! If you have anything you'd like to share in 10 minutes or less, please add your name to the wiki for a reserved spot, or show up and be ready to hop up on stage to present!
Funding security research is hard, full of conflicts of interest, and perverse incentives. This talk will discuss my explorations in solving these issues by fusing some of the oldest technologies with some of our newest. Bastet was once known as the Egyptian goddess of protection, and of the home. She protected her loyal followers from vermin and disease, and kept her people safe. Can we empower a modern day Bastet to protect us from the modern vermin and disease that plague our digital existence?
Create your own Wi-Fi controllable DIY hexleaf using WLED!
How to create unbreakable encryption with pencil, paper, and dice.
HEAVY MUSIC. Headbangers Welcome.
ELECTRONIC+METAL
More music. More forms? Come find out.
https://soundcloud.com/massaccelerator
0xfff3
mattrix has been a DJ at Toorcon, Toorcamp, ShellCon and DEFCON
It turns out that it's roughly 11-13 miles to run from Doe Bay to the top of Mt. Constitution and back, so we thought we'd try having the first trail race at ToorCamp! There is no set course, so everyone is encouraged to plan a route ahead of time-- although here's the most direct route according to Strava (11.42mi / 3020ft gain): https://www.strava.com/routes/3237629479105980898. We'll start at the volleyball court at 8:00am sharp and have someone at the lookout on the top of the mountain with some refreshments and snacks. Take a selfie when you get to the top and post to #bladerunners on discord as your proof of making it and in front of the TOORCAMP sign at the Prime Dome when you return to register your finish time. After 5 hours, if everyone isn't accounted for we'll come looking for you, so we'll be requiring everyone to bring a provided radio with them. We also encourage everyone to bring ample hydration and fuel.
NOTE: Please RSVP here if you're going to join us! https://forms.gle/7HoJUYHXKnK7GBb9A
Zelda Potions
We'll discuss our reverse engineering of the TA-1042, a Digital Non-secure Voice Terminal (early digital military telephone).
Using through-hole and surface mount soldering, make a cat-themed hacking tool that allows for bad USB attacks, control hardware with circuitpython, and more!
Textile Crafting
Payphones and their journey from manually operated to full automation is fun! Come see a table of old to new(ish) payphones, get to see their guts, and learn about why they were built the ways that they were!
This is a demonstration of everyone's favorite exothermic reduction-oxidation reaction.
Futel is keeping payphones alive by rescuing them from the scrappers and installing them in public locations, where they provide free calls, telephone services, interactive experiences, and live operator assistance. We currently support 17 phones in Portland, Detroit, and Ypsilanti.
Keeping the project alive and reliable for nine years has required learning and applying skills in many fields, IT engineering, social engineering, municipal engineering, whatever. How do we do it? And why?
Wi-Fi Recon: Uncover Hidden Cameras, Network Intruders, and more with the Wi-Fi Nugget
Ever wondered how information gets transported deep underground? Caves present a very unique harsh environment, often requiring people to take notes and transport it by hand. This talk will go into the history of cave rescue communications and some of newer technologies that are being prototyped, in particular attempting to use meshtastic.
Make your own dragon or faerie wings, adding EL wire so you can be seen at night. This workshop will include the use of contact cement. Respirators advised if you are sensitive
Pride Parade from Prime Dome through camp, down Doe Bay Rd., ending at Beerocracy
Bring a laptop and learn to create and share directory scoped software environments.
12:30 at the fire circle
Three years ago, I had never ridden a motorcycle, then I covered more than 10,000 miles in 2022!!! WTF Happened? Oh, right, I hyperfixated!
In this talk, I'll share stories from my moto adventures and weave in a tale of how modulating my hyperfixations has been a superpower that led me to build unusual skills -- like playing a medieval japanese flute and transcribing sanskrit manuscripts at 25 wpm -- and has also helped me land amazing jobs.
But like all superpowers, hyperfixation has a dark side ... it can be isolating, can lead to spiraling self-doubt or self-harming behaviors, and is often misunderstood by others. So I'll talk about the hard stuff, too.
The audience might learn a little about themselves and/or about friends who hyperfixate, and might come away with a new desire to ride motorcycles.
Have you wondered what those green, white and blue flags are? It's the flag of Cascadia, the bioregion that we are currently in. This talk will cover what bioregions are, the Cascadia bioregion itself, and a framework for a healthier way of being in the world.
Since 2019 there has been a project to test and analyze any submitted street drug using the FTIR Spectrometer. Now that more than 60,000 samples have been analyzed we will be sharing a detailed subset of this data known as "the heroine bible project" that documents more than 50 of these samples in detail.
While it's fascinating to see the raw data and analyze the trends over time, we will also look at the impact of addictions for everyone that is touch by it in some way. You will leave with a better understanding about addiction to hard drugs and how it impacts everyone's lives, you'll learn the stigmas around drug use and terms like safe supply, harm reduction and poison vs overdose. You will walk away with the tools and techniques to save lives in the case of an overdose as this workshop provides life-saving antidote and training.
Addiction to hard drugs may be more common than you thought, but they are not always visible. We will also spend a few minutes on topics related to alcohol, amphetamines and tips to ensure hacker-summer-camp continues to be a safe and enjoyable experience for everybody.
This workshop includes hands-on training and your very own naloxone kit to take home. No pre-requisites are required.
Kids will have a chance to make their own solar ovens out of pizza boxes, and we can cook s'mores. (Note: this is weather dependent and won't work if it's not a warm day.)
An exploration of how to make your relationship with your friendly local compliance team less combative and more collaborative
Are you interested in communicating over long distances and eager to uncover how to harness satellites for this purpose? This workshop is designed for you!
In our increasingly digital world, theres no shortage of software and apps to simplify our life (youve probably made one!). Despite the accessibility of digital tools to structure the chaos, the most reliable productivity system that has worked for my ADHD brain for over 5 years is the Bullet Journal method. I want to share my experience using the bullet journal method to structure my life, why I think you should give it a try, and how to get started on your own journey.
Are you ready to help fight the enshittification of the internet through self-hosting? Start here.
10Gb residential uplink is now being deployed in urban areas and it's deployment is only going to accelerate.
Come learn how to deploy 10Gb to your home net on a budget, from hardware selection to the software stack configuration.
This four-hour workshop will teach the legal basis of flame effect installation, including NFPA 160 and other codes, as well as some basic physical properties of LP gas. With that in place, we'll move on to constructing a simple static effect, i.e. a tiki torch, and then using that as the pilot light for an wifi-connected dynamic effect, i.e. a poofer. By the end of the course, you will have the basic knowledge necessary to add a flamethrower to your own network
Lock Picking
Create a deer or dragon puppet. In this workshop you'll create and decorate a custom puppet made out of cardboard and your imagination.
Join us as we explore the unlikely intersection of design and security programs. Discover the impact of swag and cohesive branding in fostering a strong security culture within organizations. Gain insights into how strategic design choices can elevate awareness campaigns, engage audiences, and ultimately drive behavior change. This talk will equip attendees with practical tips to improve messaging.
For a complete analysis of an IoT device, it is required to look at the firmware itself. In most cases this means that the firmware, data or encryption keys need to be extracted from the device memory. Many researchers are hesitant to do that as there is a high risk of destroying the device or leaving it in an inoperable state. But do not worry! You can try your skills by playing with one of the used Amazon Echo Dots that we got very cheaply on eBay in bulk! While we are outside the soldering smoke wont hurt us.
In this workshop we will look at different flash memory types (EEPROM, SPI flash, NAND flash, eMMC flash) and how to extract the information from them.
Sign up here: https://forms.gle/r8dv8MD3JYNpQgQN7
Modern data science has a lot of tools to detect corporate fraud, but relatively few people are familiar with the options people have to act upon this information. Several programs exist where people who discover fraud committed against the government can pursue the matter, generally through civil court. These people are generally paid as a cut of the money the government recovers. We're going to talk about some of these programs, some basics for aspiring beginners, some areas we think might be of future interest, and a little bit about how things are going for some computery people right now with the Pandemic Paycheck Protection program.
Come write with us! Want to know how to take stories like fairy tales and write them in new and different ways? This session is for you! We'll talk about fairy tales and myths and stories in the public domain and how to tweak them to write something new. Fan fiction creation welcome! Workshop is for all ages.
Starting a hackerspace in Seattle has been an experience. Lessons learned, mistakes had, friends made.
Laptop Teardown
The propensity of LLMs to "hallucinate" limits their practical application. However, their ability to analyze input based on prompt supplied parameters generally does not suffer this problem. This makes LLMs an adequate resource for classifying, and, extracting intelligence from, publicly available news sources at scale. This talk will showcase an example solution of this useless in which an application ingests a body of HTML for analysis, converts that HTML into a markdown format, assesses the text within the generated markdown for relevance based on criteria outlined within an LLM prompt, and finally, produces output text consisting of an LLM produced summary and extracted indicator set if found appropriate.
Stop by to see the conference wrap-up and see who won all the contests!
Bring your ToorCamp 2024 badge to learn to solder. We will provide the components and show you how to build it.
Join us to celebrate the (almost) lost art of ANSI Art! We will be sharing a canvas to create a large piece of pixelart together. Bring your own computing device with PabloDraw or Moebius ANSI Art editors installed.
TBA