{"$schema": "https://c3voc.de/schedule/schema.json", "generator": {"name": "pretalx", "version": "2025.2.2"}, "schedule": {"url": "https://talks.toorcon.net/toorcon-2021/schedule/", "version": "0.13", "base_url": "https://talks.toorcon.net", "conference": {"acronym": "toorcon-2021", "title": "ToorCon 2021", "start": "2021-10-12", "end": "2021-10-14", "daysCount": 3, "timeslot_duration": "00:05", "time_zone_name": "US/Pacific", "colors": {"primary": "#019F75"}, "rooms": [{"name": "The Point", "slug": "15-the-point", "guid": "d615ee56-f8cc-581a-aa61-617974a3bbc9", "description": "The Meeting Hall at The Point", "capacity": 150}, {"name": "The Lawn - Alpha", "slug": "16-the-lawn-alpha", "guid": "ea9fb3e9-9cd8-57e6-b136-5c993b322190", "description": "Work table setup on the lawn near the entrance to The Point", "capacity": 15}, {"name": "The Lawn - Beta", "slug": "17-the-lawn-beta", "guid": "4e159816-9e74-5ba1-8134-e41940de89a8", "description": "Work table setup on the lawn near the entrance to The Point", "capacity": 15}, {"name": "The Lawn - Gamma", "slug": "22-the-lawn-gamma", "guid": "824001d9-cc06-5315-806e-242048e6fdcc", "description": "Work table setup on the lawn near the entrance to The Point", "capacity": 15}, {"name": "Beach Lounge", "slug": "18-beach-lounge", "guid": "f8966f70-1f95-5ee5-b294-1e7852b70e74", "description": "Fire pit area on the beach for relaxing", "capacity": 50}, {"name": "Bahia Belle", "slug": "19-bahia-belle", "guid": "505bd29f-d54a-5186-9ed2-07b16b31231c", "description": "Thursday night party cruise, starts at the Catamaran hotel", "capacity": 60}, {"name": "Escape Rooms", "slug": "20-escape-rooms", "guid": "776cb5b4-dd93-5fa1-bd02-b4aec4e50e97", "description": "Quicksand Escape Games", "capacity": 24}, {"name": "Wake Boarding", "slug": "21-wake-boarding", "guid": "32a218df-644d-5904-8419-f594c8d96784", "description": "Mission Bay Aquatic Center", "capacity": 4}, {"name": "AMC 18 (Fashion Valley)", "slug": "23-amc-18-fashion-valley", "guid": "8f316fe3-83fd-57b6-90bd-4de49899f48c", "description": "7037 Friars Road, San Diego, California 92108", "capacity": 75}, {"name": "Toro (Downtown)", "slug": "24-toro-downtown", "guid": "f440944a-0fac-51ff-87d2-e85b1aa5f0db", "description": "672 Fifth Ave, San Diego, CA 92101", "capacity": 100}, {"name": "Paddle Pub", "slug": "25-paddle-pub", "guid": "5383b40a-b595-5354-be2d-0710f4dbf5a2", "description": null, "capacity": 16}, {"name": "ToorCon CTF", "slug": "26-toorcon-ctf", "guid": "d95e17a7-f8c4-5396-a044-6a4e218a942e", "description": "The non-embedded CTF!", "capacity": null}], "tracks": [{"name": "Talks", "slug": "22-talks", "color": "#000000"}, {"name": "Workshops & Demos", "slug": "23-workshops-demos", "color": "#FF0000"}, {"name": "Activity", "slug": "24-activity", "color": "#FA00FF"}, {"name": "Lightning Talks", "slug": "25-lightning-talks", "color": "#EBFF00"}], "days": [{"index": 1, "date": "2021-10-12", "day_start": "2021-10-12T04:00:00-07:00", "day_end": "2021-10-13T03:59:00-07:00", "rooms": {"The Point": [{"guid": "526dbb8b-7b06-514f-a50e-6682fa226a05", "code": "BRFRYD", "id": 136, "logo": null, "date": "2021-10-12T10:00:00-07:00", "start": "10:00", "duration": "00:50", "room": "The Point", "slug": "toorcon-2021-136-keynote-the-demise-of-the-cybersecurity-workforce", "url": "https://talks.toorcon.net/toorcon-2021/talk/BRFRYD/", "title": "KEYNOTE: The Demise of the Cybersecurity Workforce (!?)", "subtitle": "", "track": "Talks", "type": "Talk", "language": "en", "abstract": "Our career has been growing like crazy with an estimated 3.5 million unfilled cyber security jobs within the next few years. More certs, more quals, more money, right? But what if we\u0092re wrong? AI, outsourcing, and visa programs may put a huge downward pressure on future job opportunities (and pay) in America. Of course, we don\u0092t WANT this, but shouldn\u0092t a wise professional prepare for possibilities? We\u0092ll look at facts, figures, industry trends, and possible futures that might have us thinking that 2021 represents \u0093the good old days.\u0094 No gloom-and-doom here; just a risk-based look at what happens if we really can NOT get the talent regardless of price, and why financial incentives haven't effectively raised the ability level of our cybersecurity workforce.", "description": ".", "recording_license": "", "do_not_record": false, "persons": [{"code": "YQVYSB", "name": "G. Mark Hardy", "avatar": null, "biography": "G. Mark Hardy is founder and President of National Security Corporation, and has provided cyber security expertise to government, military and commercial clients for over 30 years. A retired U.S. Navy Captain, Hardy is an internationally recognized expert who has spoken at over 250 events world-wide. He serves on the Advisory Board of CyberWATCH, an Information Assurance/Information Security Advanced Technology Education Center of the National Science Foundation. A graduate of Northwestern University, he holds a B.S. in Computer Science, a B.A. in Mathematics, a Masters in Business Administration, a Masters in Strategic Studies, and holds CISSP, CISM, GSLC and CISA certifications.", "public_name": "G. Mark Hardy", "guid": "9dc37ec5-e6dd-5be7-8064-7736a1d3259c", "url": "https://talks.toorcon.net/toorcon-2021/speaker/YQVYSB/"}], "links": [], "feedback_url": "https://talks.toorcon.net/toorcon-2021/talk/BRFRYD/feedback/", "origin_url": "https://talks.toorcon.net/toorcon-2021/talk/BRFRYD/", "attachments": []}, {"guid": "44a3be4c-c26d-5a82-a389-52d1f1344c63", "code": "CYLURG", "id": 122, "logo": null, "date": "2021-10-12T11:00:00-07:00", "start": "11:00", "duration": "00:50", "room": "The Point", "slug": "toorcon-2021-122-fuzzers-analyzers-and-other-gophers-insecticides", "url": "https://talks.toorcon.net/toorcon-2021/talk/CYLURG/", "title": "Fuzzers, analyzers, and other Gophers insecticides", "subtitle": "", "track": "Talks", "type": "Talk + Hands-On Demo", "language": "en", "abstract": "Go is a great language that is explicit, simple, and it makes writing concurrency extremely easy. Yet, it suffers from many of the same vulnerabilities you'd encounter in C and C++ applications. Writing concurrent Go code can also be risky, as vicious concurrency bugs can slowly sneak into your application. So, how can you get started discovering vulnerabilities in Go code? This talk will discuss approaches to finding vulnerabilities in Go code and the state of static and dynamic analysis tools for automated discovery of Go vulnerabilities, from static analysis to fuzzing to fault injection. We will learn about common vulnerabilities in Go and how to catch them, whether you are a security researcher or a Go developer.", "description": "Go is a great language that is explicit, simple, and it makes writing concurrency extremely easy. Yet, it suffers from many of the same vulnerabilities you'd encounter in C and C++ applications. Writing concurrent Go code can also be risky, as vicious concurrency bugs can slowly sneak into your application. So, how can you get started discovering vulnerabilities in Go code? This talk will discuss approaches to finding vulnerabilities in Go code and the state of static and dynamic analysis tools for automated discovery of Go vulnerabilities, from static analysis to fuzzing to fault injection. We will learn about common vulnerabilities in Go and how to catch them, whether you are a security researcher or a Go developer. We will focus on:\r\n\r\n- Learning common bugs in Go applications\r\n- Learn the types of concurrency bugs that are common to Go\r\n- Discuss the state of tooling for catching and discovering Go bugs and the techniques that they rely on\r\n- Demonstrate Gotico, a tool currently in development for catching library-specific bugs", "recording_license": "", "do_not_record": false, "persons": [{"code": "MA7EDA", "name": "Alex Useche", "avatar": "https://talks.toorcon.net/media/261965-5c871b8871c9a.jpg", "biography": "Alex is a lead security engineer at Trail of Bits. He has over 13 years of experience in the IT industry as a software developer, security engineer, and penetration tester. As a software developer, he has worked and architected mobile and web applications in various languages and frameworks, including .NET, Objective C, and Go. Alex specializes in Go security research and is actively developing static analysis tools for discovering Go vulnerabilities.", "public_name": "Alex Useche", "guid": "89a518e1-d23f-544e-873d-e268fe742ed7", "url": "https://talks.toorcon.net/toorcon-2021/speaker/MA7EDA/"}], "links": [], "feedback_url": "https://talks.toorcon.net/toorcon-2021/talk/CYLURG/feedback/", "origin_url": "https://talks.toorcon.net/toorcon-2021/talk/CYLURG/", "attachments": []}, {"guid": "a57733ce-3f4f-5154-8944-c1fc9c5dd2c7", "code": "WRQEVD", "id": 118, "logo": null, "date": "2021-10-12T13:00:00-07:00", "start": "13:00", "duration": "00:50", "room": "The Point", "slug": "toorcon-2021-118-sleight-of-arm-demystifying-intel-houdini", "url": "https://talks.toorcon.net/toorcon-2021/talk/WRQEVD/", "title": "Sleight of ARM: Demystifying Intel Houdini", "subtitle": "", "track": "Talks", "type": "Talk", "language": "en", "abstract": "In the recent years, we have seen some of the major players in the industry switch from x86-based processors to ARM processors. Most notable is Apple, who has supported the transition to ARM from x86 with a binary translator, Rosetta 2, which has recently gotten the attention of many researchers and reverse engineers. However, you might be surprised to know that Intel has their own binary translator, Houdini, which runs ARM binaries on x86.\r\nIn this talk, we will discuss Intel's proprietary Houdini translator, which is primarily used by Android on x86 platforms, such as higher-end Chromebooks and desktop Android emulators. We will start with a high-level discussion of how Houdini works and is loaded into processes. We will then dive into the low-level internals of the Houdini engine and memory model, including several security weaknesses it introduces into processes using it. Lastly, we will discuss methods to escape the Houdini environment, execute arbitrary ARM and x86, and write Houdini-targeted malware that bypasses existing platform analysis.", "description": "NOVEL CONTRIBUTIONS OF THIS RESEARCH:  \r\nThe Intel Houdini emulator is a black box that does not appear to have undergone any significant public research into its inner workings or security impact. Existing work has focused on implementing function hooks targeting ARM code running through Houdini, but has not gone much deeper than that. This research dives into the internals of Houdini, discusses the security issues it introduces, and introduces several novel abuses of the runtime it provides.\r\n\r\nWHY THIS RESEARCH MATTERS:  \r\nThis research sheds a light onto the internal workings of a poorly understood binary emulator -- that among other issues, can enable malware to enter mobile app stores undetected -- and offers remediation strategies to app stores. The research also offers remediation and hardening advice to implementers of binary translators. In the near future, due to ISA diversification across x86, ARM, and RISC-V, there will likely be an increased need for binary translators to support porting software across both architectures and operating systems. Due to the compatibility and performance needs required, it is likely that \"in-process\" binary translators, such as Houdini and Rosetta 2, will be used over OS- or \"hypervisor\"-style sandbox emulators such as QEMU. Due to their \"direct\" mode of operation, they can introduce various kinds of risks that are highly specific to the implementation and host system. Our work extends modern security research into this newer style of emulator with a focus on ensuring that these newer binary translator emulators do not weaken the existing security model for native processes nor introduce additional vulnerabilities.", "recording_license": "", "do_not_record": false, "persons": [{"code": "W3PRTY", "name": "Brian Hong", "avatar": "https://talks.toorcon.net/media/headshot.jpg", "biography": "Brian Hong is a security consultant at NCC Group, a global information assurance specialist providing organizations with expert security consulting services. He specializes in hardware penetration testing, reverse engineering, and has performed security research related to embedded systems, firmware analysis, web application penetration testing, and Android security and malware analysis. Brian has a B. Eng. in Electrical Engineering and Computer Science from The Cooper Union.", "public_name": "Brian Hong", "guid": "733b4d01-be2d-5f6a-99f5-6f83f892ec14", "url": "https://talks.toorcon.net/toorcon-2021/speaker/W3PRTY/"}], "links": [], "feedback_url": "https://talks.toorcon.net/toorcon-2021/talk/WRQEVD/feedback/", "origin_url": "https://talks.toorcon.net/toorcon-2021/talk/WRQEVD/", "attachments": []}, {"guid": "44b9ee93-8846-542a-8e48-26a3c5e93c00", "code": "QKZRPV", "id": 124, "logo": null, "date": "2021-10-12T14:00:00-07:00", "start": "14:00", "duration": "00:50", "room": "The Point", "slug": "toorcon-2021-124-extra-better-program-finagling-ebpf-for-attack-and-defense", "url": "https://talks.toorcon.net/toorcon-2021/talk/QKZRPV/", "title": "Extra Better Program Finagling (eBPF) for Attack and Defense", "subtitle": "", "track": "Talks", "type": "Talk", "language": "en", "abstract": "Program instrumentation and tracing is a key component of any offensive persistence framework or defensive endpoint detection and response (EDR) technology. This talk will focus on the latest tracing infrastructure known as Extended Berkeley Packet Filters (eBPF) which is currently supported on Linux and is coming to Windows as well. eBPF is complex with several front end languages and backend hooking engines. This talk will explain how eBPF works, what it takes to write eBPF based hooks, and demonstrate two simple tools for verfiying or infecting ELF binaries on the fly.", "description": "Program instrumentation and tracing is a key component of any offensive persistence framework or defensive endpoint detection and response (EDR) technology. Desktop and Server platforms have included various tracing tools and APIs over the years from strace and truss to DTrace and SystemTap. This talk will focus on the latest tracing infrastructure known as Extended Berkeley Packet Filters (eBPF) which is currently supported on Linux and is coming to Windows as well. \r\n\r\neBPF has the ability to trace arbitrary kernel and userland binaries and includes a program verifier for the attached hook functions implemented by the user. As the tracing technologies are merging into a unified API layer, we see adoption happening for both the offensive and defensive tooling. eBPF is complex with several front end languages and backend hooking engines. This talk will explain how eBPF works, what it takes to write eBPF based hooks, and demonstrate two simple  tools for verfiying or infecting ELF binaries on the fly. \r\n\r\nSome of the topics we will cover: \r\n- What workflows allow rapid development of eBPF programs\r\n- How to use eBPF to verify privileged processes and build your own telemetry\r\n- How to use eBPF to stealthily infect ELF binaries from kernel\r\n- Why you should never load eBPF with Python w/ demo against real EDR\r\n- Fuzzing results for uBPF, the eBPF front end for Windows\r\n- The future of eBPF on Windows and Linux", "recording_license": "", "do_not_record": false, "persons": [{"code": "K9PEXF", "name": "Richard Johnson", "avatar": "https://talks.toorcon.net/media/JkUF0eDy_400x400.jpg", "biography": "Richard Johnson is a computer security specialist with a focus on software vulnerability analysis. Currently Principal Security Researcher at Fuzzing IO, a research and development company offering professional training and consulting services, Richard offers over 18 years of professional expertise and leadership in the information security industry including past positions as Director of Security Research at Oracle Cloud Infrastructure and Research Lead roles at Cisco Talos and Microsoft. Richard has been speaking at Toorcon since 2004 and has taken the stage for talks and training at many other premier conferences including Black Hat, RECON, and Hack in the Box.", "public_name": "Richard Johnson", "guid": "abd09d28-f0e6-576a-99e4-e20f73927b57", "url": "https://talks.toorcon.net/toorcon-2021/speaker/K9PEXF/"}], "links": [], "feedback_url": "https://talks.toorcon.net/toorcon-2021/talk/QKZRPV/feedback/", "origin_url": "https://talks.toorcon.net/toorcon-2021/talk/QKZRPV/", "attachments": []}, {"guid": "d408c2ca-3a22-5144-b686-0b4664906b20", "code": "UV79FN", "id": 127, "logo": null, "date": "2021-10-12T15:00:00-07:00", "start": "15:00", "duration": "00:50", "room": "The Point", "slug": "toorcon-2021-127-getting-down-with-bringup", "url": "https://talks.toorcon.net/toorcon-2021/talk/UV79FN/", "title": "Getting Down with Bringup", "subtitle": "", "track": "Talks", "type": "Talk + Hands-On Demo", "language": "en", "abstract": "Discussing the interesting things in pre-boot stages of systems, especially SoCs.  Cool stuff and tools, places to \"hook\", and why adding a resistor in the right place can drop the system to \"debug\" mode.", "description": "Systems these days depend on the lowest stages of start up to provide a base for security further up the chain.  As the security community and hackers have gotten better tools and better at sniffing out bugs, security has been forced to move down the chain.  But how far?  Is the boot loader enough? At what point can you really call it \"SecureBoot\"? Do you need a TPM?\r\n\r\nWe are going down the rabbit hole to find out where the bits get flipped, whats signed, whats not, and what IS signing anyway? Let's take a look at chip ROMs, BIOS, UEFI, e-fuses, pre-boot partitions (like TrustZone and aBoot), where TPMs get involved, and when boot loaders go wrong.\r\n\r\nLets see if we can get a \"secure\" boot environment going on cheap, easy to debug hardware, and juts how secure we can make it.  After all, doesn't every hacker need a place where they can try out their boot loader and firmware exploits?", "recording_license": "", "do_not_record": false, "persons": [{"code": "DMZFAN", "name": "Gene Erik", "avatar": null, "biography": "Gene Erik is a hacker with many variety interests spanning the gamut of hacking topic, including wireless networking, software defined radio, embedded device hacking, phone phreaking, application security, social engineering, and much more. Gene Erik is a hacker with many variety interests spanning the gamut of hacking topic, including wireless networking, software defined radio, embedded device hacking, phone phreaking, application security, social engineering, and much more. Gene's major passion is taking those hacking concepts, distilling them down, and weaponizing them through automation and tool creation. In the real world, Gene has had experience at companies big and small doing stuff all over the IT professional space: software development; technical support; desktop support; dev(sec)ops (system administration and hardening, orchestration, vulnerability management, cloud achitecture and migration, and the software development that goes with it); network engineering; data center and storage architecture; PBX design and management; AppSec; and much more. Gene is a long time toorcon attendee with a passion for breaking (and fixing) things.", "public_name": "Gene Erik", "guid": "4daeaf65-5aaf-59ce-8437-5b43c5a3a53f", "url": "https://talks.toorcon.net/toorcon-2021/speaker/DMZFAN/"}], "links": [], "feedback_url": "https://talks.toorcon.net/toorcon-2021/talk/UV79FN/feedback/", "origin_url": "https://talks.toorcon.net/toorcon-2021/talk/UV79FN/", "attachments": []}, {"guid": "29c68cbe-3dc9-565e-a857-5385c30ad97b", "code": "UQ7RVJ", "id": 114, "logo": null, "date": "2021-10-12T16:00:00-07:00", "start": "16:00", "duration": "00:50", "room": "The Point", "slug": "toorcon-2021-114-making-mischief-with-machine-specific-register-based-exploits", "url": "https://talks.toorcon.net/toorcon-2021/talk/UQ7RVJ/", "title": "Making Mischief with Machine Specific Register Based Exploits", "subtitle": "", "track": "Talks", "type": "Talk", "language": "en", "abstract": "You can use your favorite system monitoring drivers to gain code execution in the kernel by writing to a single register. \r\n\r\nModel Specific Registers (MSRs) are little known outside of Kernel developer circles. Even among kernel hackers, the use of each register is not well known, with several registers being either partially or fully undocumented. This has led to a proliferation of low quality kernel mode drivers that expose primitives to read and write to these registers. While writing to a single register is seldom cause for celebration by the exploit developer, in several instances an understanding of these registers can lead kernel remote code execution allowing for privilege escalation. This talk will explore the purpose of these special registers, how we can use them to get kernel code execution, and how developers should be protecting themselves from these attacks.", "description": "This talk will introduce the audience to the concept of model specific registers, with a brief overview of their history and introduction. An overview of the commonly used model specific registers will be given, with examples in a vulnerable driver being used to illustrate how and where they are used. A sample driver will be reverse engineered to demonstrate the process of assessing a vulnerability with model specific register use, an example exploit will also be given to demonstrate how the registers can be successfully leveraged in order to gain kernel code execution. Finally, mitigation strategies for model specific register based attacks will be given for kernel mode driver developers.", "recording_license": "", "do_not_record": false, "persons": [{"code": "MABSWM", "name": "John D Dunlap", "avatar": "https://talks.toorcon.net/media/vq9_pcPO_400x400.jpeg", "biography": "John Dunlap (MrSynAckster) is a NYC based reverse engineer, exploit developer, and security engineer. He has presented at numerous conferences such as Bsides DC, Hope Conference, Ruxcon, and the Defcon villages. His research focuses on binary exploitation of low level software, but has also reached into the realms of machine learning based exploit tools and DNA based Biohacking. He has also done research on hacker history and lore, uncovering the hidden history of the team \u0093Script Kiddy\u0094 in his 2018 Hope Conference presentation. John has worked with top NYC security firms Gotham Digital Science, Trail of Bits, and now works with Seatle based Leviathan Security.", "public_name": "John D Dunlap", "guid": "24e86d2f-cabc-56f0-8ecd-900d0c5db4fd", "url": "https://talks.toorcon.net/toorcon-2021/speaker/MABSWM/"}], "links": [], "feedback_url": "https://talks.toorcon.net/toorcon-2021/talk/UQ7RVJ/feedback/", "origin_url": "https://talks.toorcon.net/toorcon-2021/talk/UQ7RVJ/", "attachments": []}, {"guid": "d203ddc7-de16-5c95-85a6-f51a315408a2", "code": "C8BGWG", "id": 115, "logo": "https://talks.toorcon.net/media/toorcon-2021/images/C8BGWG/title-page_YYFxHVI.PNG", "date": "2021-10-12T17:00:00-07:00", "start": "17:00", "duration": "00:50", "room": "The Point", "slug": "toorcon-2021-115-free-as-in-beer-building-a-low-cost-static-analysis-program", "url": "https://talks.toorcon.net/toorcon-2021/talk/C8BGWG/", "title": "Free as in Beer: Building a low cost static analysis program", "subtitle": "", "track": "Talks", "type": "Talk + Hands-On Demo", "language": "en", "abstract": "Static analysis can be expensive, time consuming, full of false positives, a pain in the rear to manage multiple languages, and not very configurable. But no more! At Slack, we\u0092ve designed a static analysis program which utilizes one free, highly configurable tool to scan over 60 different codebases in six languages and has saved us over $700,000 annually. Semgrep, an open source static analysis engine, uses highly configurable rules. Tuning these rules to our specific environment saves developer time while providing useful guard rails against dangerous code patterns. We\u0092ve been able to reduce false positives by over 80%, and we\u0092ve removed rules that don\u0092t apply in our environment. Adding a new codebase to our scanning pipeline adds almost no additional overhead; we merely add one line to a file to enable the scans and review new results. Implementing our program this way has allowed us to meet our compliance requirements while providing a useful, low overhead static analysis program.", "description": "Scaling static analysis across languages and multiple codebases is a difficult process at best. Here we walk through our setup, which we've designed to be easy to maintain, trivial to add additional codebases, and provide few false positives. Plus, the primary tool we use is free, as in beer. Cheers.", "recording_license": "", "do_not_record": false, "persons": [{"code": "8VHJFQ", "name": "Erin Browning", "avatar": "https://talks.toorcon.net/media/frowning.png", "biography": "Erin Browning is a computer security researcher. She has worked at Latacora as a senior engineer and HCSC as a red team member. Currently, she works at Slack in product security. She teamed up with @fbz to create the cryptography scarf puzzle for Hushcon 2019.", "public_name": "Erin Browning", "guid": "269aa1c5-c0ec-581a-bc42-f798dfece590", "url": "https://talks.toorcon.net/toorcon-2021/speaker/8VHJFQ/"}, {"code": "9LESJL", "name": "Tim Faraci", "avatar": "https://talks.toorcon.net/media/1539217681205.jpg", "biography": "Staff security engineer at slack. Years of experience working on SAST, IAST, and implementing application security programs. In a previous life did infrastructure prod support and development testing.", "public_name": "Tim Faraci", "guid": "6000c238-5d17-50dd-a003-076561142af3", "url": "https://talks.toorcon.net/toorcon-2021/speaker/9LESJL/"}], "links": [], "feedback_url": "https://talks.toorcon.net/toorcon-2021/talk/C8BGWG/feedback/", "origin_url": "https://talks.toorcon.net/toorcon-2021/talk/C8BGWG/", "attachments": []}], "Wake Boarding": [{"guid": "db14b675-3be3-53c4-95ce-792bd5ac1579", "code": "BJHYZ7", "id": 137, "logo": "https://talks.toorcon.net/media/toorcon-2021/images/BJHYZ7/somerset-recon-logo_QaUmNLX.png", "date": "2021-10-12T06:30:00-07:00", "start": "06:30", "duration": "02:30", "room": "Wake Boarding", "slug": "toorcon-2021-137-wakeboarding-and-wakesurfing", "url": "https://talks.toorcon.net/toorcon-2021/talk/BJHYZ7/", "title": "Wakeboarding and Wakesurfing", "subtitle": "", "track": "Activity", "type": "Activity", "language": "en", "abstract": "Like hacking computers? Now it's time to hack the wake! This event will allow participants of all abilities to wakeboard or wakesurf. Whether an advanced rider throwing toeside backrolls or a beginner who has never stepped foot on a wakesurf, this event will cater to the rider's ability and allow for a fun experience. Experienced instructors will provide participants with tailored tips and the equipment necessary for success. All boats, boards and safety equipment will be provided by the organizers. Participants must be at least 6 years of age or older and know how to swim (participants under 18 will need a parent/guardian to sign the liability form).\r\n\r\nIf you're interested in signing up for this, please indicate such in the questionnaire you have received from ToorCon and we'll get in touch.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "8DYQBG", "name": "Somerset Recon", "avatar": null, "biography": "TBA", "public_name": "Somerset Recon", "guid": "daa10fa8-a86c-5bfd-b555-80dd766bd4ca", "url": "https://talks.toorcon.net/toorcon-2021/speaker/8DYQBG/"}], "links": [], "feedback_url": "https://talks.toorcon.net/toorcon-2021/talk/BJHYZ7/feedback/", "origin_url": "https://talks.toorcon.net/toorcon-2021/talk/BJHYZ7/", "attachments": []}], "AMC 18 (Fashion Valley)": [{"guid": "168d164e-a64f-55c7-aaf3-b7bcca0263e7", "code": "XYPTTH", "id": 138, "logo": null, "date": "2021-10-12T20:00:00-07:00", "start": "20:00", "duration": "03:00", "room": "AMC 18 (Fashion Valley)", "slug": "toorcon-2021-138-private-viewing-james-bond-no-time-to-die", "url": "https://talks.toorcon.net/toorcon-2021/talk/XYPTTH/", "title": "Private Viewing: James Bond No Time to Die", "subtitle": "", "track": "Activity", "type": "Activity", "language": "en", "abstract": "We've rented out a private theater for us to view the new James Bond movie at! Come join us after dinner to see an in-person movie!!!\r\n\r\nAMC Fashion Valley 18\r\n7037 Friars Road, San Diego, California 92108", "description": "", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://talks.toorcon.net/toorcon-2021/talk/XYPTTH/feedback/", "origin_url": "https://talks.toorcon.net/toorcon-2021/talk/XYPTTH/", "attachments": []}], "ToorCon CTF": [{"guid": "827f9238-42a8-5993-84a2-77aeebf18418", "code": "ELQA8C", "id": 146, "logo": null, "date": "2021-10-12T10:00:00-07:00", "start": "10:00", "duration": "08:00", "room": "ToorCon CTF", "slug": "toorcon-2021-146-toorcon-ctf", "url": "https://talks.toorcon.net/toorcon-2021/talk/ELQA8C/", "title": "ToorCon CTF", "subtitle": "", "track": "Activity", "type": "Activity", "language": "en", "abstract": "CTF begins 10:00 AM Tuesday October 12 and will continue through 4:00 PM Wednesday October 13th. (We can adjust the end time to whatever will work best for finalizing the standings and getting that info to the Closing Remarks people.)\r\n\r\nNo pre-registration is required, but people are encouraged to form teams before Toorcon. The Scoreboard URL will be posted in Toorcon Discord at 10AM Tuesday. Players can register then.\r\n\r\nThey can also follow us on Twitter for announcements and hints at @toorconctf.\r\n\r\nThere is no additional cost to participate in our CTF. It is open to all Toorcon attendees, virtual or in-person. (Some people were confusing our CTF with the Embedded CTF, which cost an additional $99.)", "description": "", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://talks.toorcon.net/toorcon-2021/talk/ELQA8C/feedback/", "origin_url": "https://talks.toorcon.net/toorcon-2021/talk/ELQA8C/", "attachments": []}]}}, {"index": 2, "date": "2021-10-13", "day_start": "2021-10-13T04:00:00-07:00", "day_end": "2021-10-14T03:59:00-07:00", "rooms": {"The Point": [{"guid": "29d501eb-7706-51dd-93ba-948728a831d8", "code": "X3LW87", "id": 135, "logo": "https://talks.toorcon.net/media/toorcon-2021/images/X3LW87/Jasper-Van-Woudenberg_wBAAlBH.jpg", "date": "2021-10-13T10:00:00-07:00", "start": "10:00", "duration": "00:50", "room": "The Point", "slug": "toorcon-2021-135-keynote-on-hardware-hacking-and-turtles", "url": "https://talks.toorcon.net/toorcon-2021/talk/X3LW87/", "title": "KEYNOTE: On Hardware Hacking and Turtles", "subtitle": "", "track": "Talks", "type": "Talk", "language": "en", "abstract": "Hardware hacking is usually associated with soldering irons and wires, with the PCB being the primary attack surface. In reality, it's turtles all the way down: the deeper you dig, the more opportunities for attack emerge. I'll give a whirlwind tour of the incredibly diverse field of hardware hacking, including how transistors emit light and leak secrets, how to simulate hardware faults, and how you may spend most of your time dealing with software. I'll discuss how some attacks need a professional lab, but many can be done on a limited budget. This talk should allow anyone with a general technical background to walk away with an insight into what all this \"hardware hacking\" can mean.", "description": ".", "recording_license": "", "do_not_record": false, "persons": [{"code": "SY9HYU", "name": "Jasper van Woudenberg", "avatar": null, "biography": "Jasper (@jzvw) currently is CTO for Riscure North America and half of the authors of the \"Hardware Hacking Handbook: Breaking Embedded Security with Hardware Attacks\". He works with Riscure's San Francisco based team to improve embedded device security through innovation.\r\n\r\nAs CTO of Riscure North America, Jasper is principal security analyst and ultimately responsible for Riscure North America's technical and innovation activities.\r\n\r\nJasper's interest in security matters was first sparked in his mid-teens by reverse engineering software. During his studies for a master's degree in both CS and AI, he worked for a penetration testing firm, where he performed source code review, binary reverse engineering and tested application and network security.\r\n\r\nAt Riscure, Jasper's expertise has grown to include various aspects of hardware security; from design review and logical testing, to side channel analysis and perturbation attacks. He leads Riscure North America's pentesting teams and has a special interest in combining AI with security research.\r\n\r\nJasper's eagerness to share knowledge is reflected by regular speaking appearances, specialized client training sessions, student supervision and academic publications.\r\n\r\nJasper has spoken at many security conferences including BlackHat briefings and trainings, Intel Security Conference, RWC, RSA, EDSC, BSides SF, Shakacon, ICMC, Infiltrate, has presented scientific research at SAC, WISSEC, CT-RSA, FDTC, ESC Design {West,East}, ARM TechCon, has reviewed papers for CHES and JC(rypto)EN, and has given invited talks at Stanford, NPS, GMU and the University of Amsterdam.\r\n\r\nSpecialties: embedded security, side channel analysis, fault injection, binary code analysis, security evaluations of {mobile phones, smart cards, set-top-boxes}, network penetration testing, code reviews.", "public_name": "Jasper van Woudenberg", "guid": "2759ba10-bd75-5cab-8fe3-3f120361ad7f", "url": "https://talks.toorcon.net/toorcon-2021/speaker/SY9HYU/"}], "links": [], "feedback_url": "https://talks.toorcon.net/toorcon-2021/talk/X3LW87/feedback/", "origin_url": "https://talks.toorcon.net/toorcon-2021/talk/X3LW87/", "attachments": []}, {"guid": "28a9de97-1c45-5fbf-bf7a-dfde00a9365d", "code": "KCFGVF", "id": 119, "logo": null, "date": "2021-10-13T11:00:00-07:00", "start": "11:00", "duration": "00:50", "room": "The Point", "slug": "toorcon-2021-119-the-unauthorized-guide-to-the-luna-usb-multitool", "url": "https://talks.toorcon.net/toorcon-2021/talk/KCFGVF/", "title": "The Unauthorized Guide to the LUNA USB Multitool", "subtitle": "", "track": "Talks", "type": "Talk + Hands-On Demo", "language": "en", "abstract": "The LUNA USB Multitool is Great Scott Gadgets\u0092s forthcoming FPGA-based platform intended for USB hacking and development. This talk will walk through several supported uses cases, including analyzing high-speed USB traffic, emulating USB devices with the FaceDancer framework, and performing MitM attacks against USB. Additionally, this talk introduces ways you can (ab)use its FPGA-based design in unsupported ways, such as using the hardware as a flexible FPGA development board with extensive USB connectivity, as well as targeting the LUNA gateware to other, unsupported FPGA boards.", "description": "The Great Scott Gadgets LUNA USB Multitool hardware is set to begin shipping in late May of 2022. Unfortunately, global events will likely prevent the GSG team from being able to present their new platform before its release, so you get the next best thing \u0096 the 100% unofficial, unauthorized talk. Based on my experience with the latest beta hardware and LUNA\u0092s open-source design, I\u0092ll first introduce LUNA, its history, its goals, and its capabilities, then cover applications that currently work out-of-the box, including high-speed USB traffic capture and analysis (in conjunction the open-source ViewSB software) and device emulation/manipulation using FaceDancer. I\u0092ll then pivot to talk about how you can extend LUNA\u0092s functionality by writing new gateware, briefly covering digital logic design, hardware description languages, the nMigen Python-based HDL, and testing your design in simulation. I\u0092ll demonstrate how to build a simple System-on-Chip design based on a simple RISC-V core and write firmware for it to control custom logic, making LUNA a standalone FPGA/SoC development board. I will show off some weird, powerful, and definitely unsupported projects you can create with LUNA. Finally, I\u0092ll talk about other unofficial hardware platforms LUNA targets, how to create additional targets, and how you can get started with LUNA on hardware you might already own!\r\n\r\nKeep hacking.", "recording_license": "", "do_not_record": false, "persons": [{"code": "BRM8EW", "name": "Karl Koscher", "avatar": "https://talks.toorcon.net/media/134179.jpg", "biography": "Karl Koscher is a research scientist working at the University of Washington where he specializes in wireless and embedded systems security. Previously, he was a postdoctoral scholar working with Stefan Savage at UC San Diego. He received his Ph.D. from the University of Washington in 2014, where he was advised by Tadayoshi Kohno.", "public_name": "Karl Koscher", "guid": "3605b54a-7966-5370-8175-27933c340b49", "url": "https://talks.toorcon.net/toorcon-2021/speaker/BRM8EW/"}], "links": [], "feedback_url": "https://talks.toorcon.net/toorcon-2021/talk/KCFGVF/feedback/", "origin_url": "https://talks.toorcon.net/toorcon-2021/talk/KCFGVF/", "attachments": []}, {"guid": "4c970036-c006-5edb-9bde-97a3eb041f99", "code": "M9ETDR", "id": 117, "logo": null, "date": "2021-10-13T13:00:00-07:00", "start": "13:00", "duration": "04:00", "room": "The Point", "slug": "toorcon-2021-117-house-of-heap-exploitation-workshop", "url": "https://talks.toorcon.net/toorcon-2021/talk/M9ETDR/", "title": "House of Heap Exploitation (Workshop)", "subtitle": "", "track": "Workshops & Demos", "type": "Workshop", "language": "en", "abstract": "Heap exploitation is an incredibly powerful tool for a hacker. As exploit mitigations have made exploitation more difficult, modern exploit development has moved to the heap. However, heap exploitation is a subject that has evaded many people for years for one reason: they focus on the techniques instead of the allocator. By learning with an allocator first style, the techniques are easily understood and practical to use. \r\n\r\nThis workshop is for learning heap exploit development in GLibC Malloc. GLibC Malloc is the default allocator on most Linux distros. With this hands-on introduction into GLibC Malloc heap exploitation you will learn how the allocator functions, heap specific vulnerability classes and to pwn with a variety of techniques. Whether you're an avid CTFer or just trying to get into heap exploitation on your pwnables site, this course is good for adding another tool to the tools arsenal. After taking this course you will understand the GLibC Malloc allocator, be able to discover heap specific vulnerability classes and pwn the heap with a variety of techniques, with the capability to easily learn more.", "description": "- Module 1 - Introduction to the GLibC Heap Allocator: \r\n    - History of dynamic memory allocators\r\n    - Basic Data structures\r\n    - Chunks\r\n    - Bins (Free Chunks Handling)\r\n    - Challenge #1: Fixing a chunk\r\n    - Malloc & Free Ordering\r\n- Module 2 - Heap Vulnerability Classes: \r\n    - Ideal heap environment testing setup\r\n    - Buffer overflows    \r\n    - Use after frees\r\n    - Challenge #2: Use after free \r\n    - Double frees\r\n- Module 3 - Fd Poisoning: \r\n    - Understanding the TCache Bin\r\n    - Exploiting fd pointers\r\n    - Challenge #3: Fd Poison\r\n    - Introduction to TCache leaks\r\n    - Fastbin Variation\r\n    - Pointer Mangling\r\n- Module 4: Unlink:\r\n    - Understanding the original bins (unsorted, small and large) \r\n    - Removing a chunk from a bin\r\n    - Unlink attack for arbitrary write primitive\r\n    - Modern unlink attack\r\n    - Unsafe unlink demo\r\n    - Challenge #5: Unlink Attack\r\n- Module 5 - Overlapping Chunks: \r\n    - Understanding the size and prev_size chunk metadata\r\n    - Corrupting the size field\r\n    - Overlap chunks by growing the size\r\n    - Challenge #6: Overlap two chunks\r\n    - Variant analysis (shrinking, mmap, unsorted bin, etc.) \r\n- Conclusion", "recording_license": "", "do_not_record": true, "persons": [{"code": "8QKGPW", "name": "Maxwell (Strikeout) Dulin", "avatar": "https://talks.toorcon.net/media/IMG_2009.jpg", "biography": "Maxwell Dulin (Strikeout) is a security consultant at Security Innovation hacking all things under the sun, from robots to web applications. Maxwell has published many articles/papers for a plethora of heap exploitation techniques, assorted web application hacking exploits, machine learning and IoT device vulnerability hunting. He has previously spoken at DEF CON 27 IoT Village and DEF CON workshops. In his free time, he plays with RF toys, hikes to fire lookouts and catches everything at dodgeball.", "public_name": "Maxwell (Strikeout) Dulin", "guid": "f493d1cf-98b4-5d84-955d-1a060c3a70e9", "url": "https://talks.toorcon.net/toorcon-2021/speaker/8QKGPW/"}, {"code": "BAVGLX", "name": "Kevin Choi", "avatar": null, "biography": "Kevin Choi is always on the lookout for his next adventure. Whether trekking past remote glaciers, exploring abandoned hospitals, accessing rooftops, spelunking down subnets, or reconnoitering web applications, Kevin finds that new horizons open creative solutions for existing problems. Kevin is currently working on the problem of self-sovereign identity and smart contract vulnerabilities. No matter where Kevin is in the world or the internet, Kevin will always consider two places home-- the University of California, Irvine, and the Security Innovation VPN.", "public_name": "Kevin Choi", "guid": "ac6c94a5-f7d3-5c8b-8ef5-5874027db166", "url": "https://talks.toorcon.net/toorcon-2021/speaker/BAVGLX/"}], "links": [], "feedback_url": "https://talks.toorcon.net/toorcon-2021/talk/M9ETDR/feedback/", "origin_url": "https://talks.toorcon.net/toorcon-2021/talk/M9ETDR/", "attachments": []}, {"guid": "961bd4f0-53f0-5aa9-a148-32e39ee3b19c", "code": "GFTAYN", "id": 123, "logo": null, "date": "2021-10-13T17:00:00-07:00", "start": "17:00", "duration": "00:10", "room": "The Point", "slug": "toorcon-2021-123-the-isle-of-tortuga-but-on-the-internet", "url": "https://talks.toorcon.net/toorcon-2021/talk/GFTAYN/", "title": "The isle of tortuga, but on the internet", "subtitle": "", "track": "Lightning Talks", "type": "Lightning Talk", "language": "en", "abstract": "Despite several thousand companies in the security space doing everything from PR to deep\r\npacket inspection and threat intelligence, the internet is still very much lawless, international\r\nwaters. Largely because policymakers and elected officials just\u00a0"aren\u0092t computer people" and\r\nare woefully underprepared to deal with highly technical topics. Add to this that most\r\norganizations do not actually do much real security - they only do whatever their corporate\r\ncompliance legally requires, and few companies do anything more. The result of this\r\narrangement is that ransomware gangs and other flavors of attackers can do whatever they\r\nwant with impunity - and they're getting creative about it. In this presentation we'll cover some\r\nof the threat landscape we've seen in recent years, and what businesses and governments are\r\ndoing to stay on top of things.", "description": "This is a high-level talk about the colorful antics that attackers are getting up to outside of the typical \"phish-to-ransomware\" approach that has become popular in the last few years. The bar isn't going up, exactly, but more like the bar is getting wider. Attackers are employing interesting and colorful tactics and these sorts of behaviors typically fall outside of the comfort-zone of defenders, as they will involve things like sim cloning, DNS attacks, theft of cookies and taking advantage of lax business logic and misconfigurations to avoid triggering sensors by using actual exploits, or doing things like classical scan-and-attack techniques. Defenders will get an idea of some of the new tricks attackers are deploying, and attackers may learn some new tricks!", "recording_license": "", "do_not_record": false, "persons": [{"code": "3MYZS9", "name": "Dan Tentler", "avatar": null, "biography": "Dan Tentler is the Executive Founder and CTO of Phobos Group, a boutique information security services and products company. Having been on both red and blue teams, Dan brings a wealth of both defensive and adversarial knowledge to the colorful and interesting problems the security landscape of today produces for us all. Dan has spent time at Twitter, British Telecom, Websense, Anonymizer, Intuit and Sempra Energy, to name a few and has a strong background in systems, networking, architecture and wireless networks, which translates to strengths in lateral movement, data exfiltration, hiding from the blue team, physical security and a variety of other redteam techniques. Outside of work, Dan enjoys spending time either in his kitchen, or inside the goggles of his FPV aircraft.", "public_name": "Dan Tentler", "guid": "1eb22925-35fd-5f16-ae83-699294c5de0e", "url": "https://talks.toorcon.net/toorcon-2021/speaker/3MYZS9/"}], "links": [], "feedback_url": "https://talks.toorcon.net/toorcon-2021/talk/GFTAYN/feedback/", "origin_url": "https://talks.toorcon.net/toorcon-2021/talk/GFTAYN/", "attachments": []}, {"guid": "08fa4f0f-8e7e-5a4f-b492-84bcd7425c31", "code": "XGYT99", "id": 144, "logo": null, "date": "2021-10-13T17:15:00-07:00", "start": "17:15", "duration": "00:10", "room": "The Point", "slug": "toorcon-2021-144-hack-the-er-western-hemisphere", "url": "https://talks.toorcon.net/toorcon-2021/talk/XGYT99/", "title": "HACK THE, er... WESTERN HEMISPHERE!!", "subtitle": "", "track": "Lightning Talks", "type": "Lightning Talk", "language": "en", "abstract": "We're legitimately live-streaming Toorcon across North America via a geosynchronous satellite. This talk explains how we did it.", "description": "The Shadytel cabal has been provided an unprecedented opportunity to legally uplink to and use a vacant transponder slot on a geostationary satellite about to be decommissioned. This lightning talk will cover the tools we used (including the HackRF, GNU Radio, tsduck, Flusonic, OBS, and others) to convert an unused commercial uplink facility into the ultimate, legitimate information broadcast.", "recording_license": "", "do_not_record": false, "persons": [{"code": "BRM8EW", "name": "Karl Koscher", "avatar": "https://talks.toorcon.net/media/134179.jpg", "biography": "Karl Koscher is a research scientist working at the University of Washington where he specializes in wireless and embedded systems security. Previously, he was a postdoctoral scholar working with Stefan Savage at UC San Diego. He received his Ph.D. from the University of Washington in 2014, where he was advised by Tadayoshi Kohno.", "public_name": "Karl Koscher", "guid": "3605b54a-7966-5370-8175-27933c340b49", "url": "https://talks.toorcon.net/toorcon-2021/speaker/BRM8EW/"}], "links": [], "feedback_url": "https://talks.toorcon.net/toorcon-2021/talk/XGYT99/feedback/", "origin_url": "https://talks.toorcon.net/toorcon-2021/talk/XGYT99/", "attachments": []}], "The Lawn - Alpha": [{"guid": "ab7682d0-3ccb-5338-9659-97305a9ee212", "code": "GNT7YX", "id": 133, "logo": null, "date": "2021-10-13T13:00:00-07:00", "start": "13:00", "duration": "02:00", "room": "The Lawn - Alpha", "slug": "toorcon-2021-133-the-unauthorized-guide-to-the-luna-usb-multitool-demo-time", "url": "https://talks.toorcon.net/toorcon-2021/talk/GNT7YX/", "title": "The Unauthorized Guide to the LUNA USB Multitool (Demo Time)", "subtitle": "", "track": "Workshops & Demos", "type": "Hands-On Demo", "language": "en", "abstract": "I will have my LUNA prototype with me that people will likely be able to experiment with. I\u0092m hoping to have a CodeSpaces-like environment where people can simply load up the base LUNA code base in their browser, hack on some Python or nMigen gateware, run tests, and finally see their hacks running on real hardware.", "description": "I will have my LUNA prototype with me that people will likely be able to experiment with. I\u0092m hoping to have a CodeSpaces-like environment where people can simply load up the base LUNA code base in their browser, hack on some Python or nMigen gateware, run tests, and finally see their hacks running on real hardware.", "recording_license": "", "do_not_record": false, "persons": [{"code": "BRM8EW", "name": "Karl Koscher", "avatar": "https://talks.toorcon.net/media/134179.jpg", "biography": "Karl Koscher is a research scientist working at the University of Washington where he specializes in wireless and embedded systems security. Previously, he was a postdoctoral scholar working with Stefan Savage at UC San Diego. He received his Ph.D. from the University of Washington in 2014, where he was advised by Tadayoshi Kohno.", "public_name": "Karl Koscher", "guid": "3605b54a-7966-5370-8175-27933c340b49", "url": "https://talks.toorcon.net/toorcon-2021/speaker/BRM8EW/"}], "links": [], "feedback_url": "https://talks.toorcon.net/toorcon-2021/talk/GNT7YX/feedback/", "origin_url": "https://talks.toorcon.net/toorcon-2021/talk/GNT7YX/", "attachments": []}, {"guid": "42d007d4-6492-511c-abb7-333fbbefe920", "code": "LWDTPB", "id": 130, "logo": null, "date": "2021-10-13T15:00:00-07:00", "start": "15:00", "duration": "02:00", "room": "The Lawn - Alpha", "slug": "toorcon-2021-130-getting-down-with-bringup-demo-time", "url": "https://talks.toorcon.net/toorcon-2021/talk/LWDTPB/", "title": "Getting Down with Bringup (Demo Time)", "subtitle": "", "track": "Workshops & Demos", "type": "Workshop", "language": "en", "abstract": "For the demo, we will take a loot at a modern arm based platform and an x86/64 platform that are easy to recover from if broken.  We'll build some firmware, learning the tools, break a device, recover it, look at debug points.  Attendees will probably need/want some VU meters, FTDI/TTL connectors, power strips, and something raspbery-pi like to follow along.", "description": "For the demo, we will take a loot at a modern arm based platform and an x86/64 platform that are easy to recover from if broken.  We'll build some firmware, learning the tools, break a device, recover it, look at debug points.  Attendees will probably need/want some VU meters, FTDI/TTL connectors, power strips, and something raspbery-pi like to follow along.", "recording_license": "", "do_not_record": false, "persons": [{"code": "DMZFAN", "name": "Gene Erik", "avatar": null, "biography": "Gene Erik is a hacker with many variety interests spanning the gamut of hacking topic, including wireless networking, software defined radio, embedded device hacking, phone phreaking, application security, social engineering, and much more. Gene Erik is a hacker with many variety interests spanning the gamut of hacking topic, including wireless networking, software defined radio, embedded device hacking, phone phreaking, application security, social engineering, and much more. Gene's major passion is taking those hacking concepts, distilling them down, and weaponizing them through automation and tool creation. In the real world, Gene has had experience at companies big and small doing stuff all over the IT professional space: software development; technical support; desktop support; dev(sec)ops (system administration and hardening, orchestration, vulnerability management, cloud achitecture and migration, and the software development that goes with it); network engineering; data center and storage architecture; PBX design and management; AppSec; and much more. Gene is a long time toorcon attendee with a passion for breaking (and fixing) things.", "public_name": "Gene Erik", "guid": "4daeaf65-5aaf-59ce-8437-5b43c5a3a53f", "url": "https://talks.toorcon.net/toorcon-2021/speaker/DMZFAN/"}], "links": [], "feedback_url": "https://talks.toorcon.net/toorcon-2021/talk/LWDTPB/feedback/", "origin_url": "https://talks.toorcon.net/toorcon-2021/talk/LWDTPB/", "attachments": []}], "The Lawn - Beta": [{"guid": "63fa7ece-26eb-5fff-9336-9a3bd41be9a8", "code": "XAQEHG", "id": 132, "logo": null, "date": "2021-10-13T13:00:00-07:00", "start": "13:00", "duration": "02:00", "room": "The Lawn - Beta", "slug": "toorcon-2021-132-free-as-in-beer-building-a-low-cost-static-analysis-program-demo-time", "url": "https://talks.toorcon.net/toorcon-2021/talk/XAQEHG/", "title": "Free as in Beer: Building a low cost static analysis program (Demo Time)", "subtitle": "", "track": "Workshops & Demos", "type": "Workshop", "language": "en", "abstract": "We will demo tuning static analysis rules to specific environments. Attendees will need to download Semgrep, the static analysis engine our program is based upon, beforehand. We have tuned our rules extensively, which has greatly reduced our false positive rate.", "description": "We will demo tuning static analysis rules to specific environments. Attendees will need to download Semgrep, the static analysis engine our program is based upon, beforehand. We have tuned our rules extensively, which has greatly reduced our false positive rate.", "recording_license": "", "do_not_record": false, "persons": [{"code": "8VHJFQ", "name": "Erin Browning", "avatar": "https://talks.toorcon.net/media/frowning.png", "biography": "Erin Browning is a computer security researcher. She has worked at Latacora as a senior engineer and HCSC as a red team member. Currently, she works at Slack in product security. She teamed up with @fbz to create the cryptography scarf puzzle for Hushcon 2019.", "public_name": "Erin Browning", "guid": "269aa1c5-c0ec-581a-bc42-f798dfece590", "url": "https://talks.toorcon.net/toorcon-2021/speaker/8VHJFQ/"}], "links": [], "feedback_url": "https://talks.toorcon.net/toorcon-2021/talk/XAQEHG/feedback/", "origin_url": "https://talks.toorcon.net/toorcon-2021/talk/XAQEHG/", "attachments": []}, {"guid": "019fdfde-ccfe-59ba-823d-a9a3e2cef592", "code": "PHDDMD", "id": 131, "logo": null, "date": "2021-10-13T15:00:00-07:00", "start": "15:00", "duration": "02:00", "room": "The Lawn - Beta", "slug": "toorcon-2021-131-fuzzers-analyzers-and-other-gophers-insecticides-demo-time", "url": "https://talks.toorcon.net/toorcon-2021/talk/PHDDMD/", "title": "Fuzzers, analyzers, and other Gophers insecticides (Demo Time)", "subtitle": "", "track": "Workshops & Demos", "type": "Workshop", "language": "en", "abstract": "I will demo three tools:\r\n\r\n- Go-fuzz for fuzzing Go applications\r\n- GCatch for detecting concurrency bugs in Go code\r\n- gotico, a tool currently in development for catching library-specific bugs", "description": "I will demo three tools:\r\n\r\n- Go-fuzz for fuzzing Go applications\r\n- GCatch for detecting concurrency bugs in Go code\r\n- gotico, a tool currently in development for catching library-specific bugs", "recording_license": "", "do_not_record": false, "persons": [{"code": "MA7EDA", "name": "Alex Useche", "avatar": "https://talks.toorcon.net/media/261965-5c871b8871c9a.jpg", "biography": "Alex is a lead security engineer at Trail of Bits. He has over 13 years of experience in the IT industry as a software developer, security engineer, and penetration tester. As a software developer, he has worked and architected mobile and web applications in various languages and frameworks, including .NET, Objective C, and Go. Alex specializes in Go security research and is actively developing static analysis tools for discovering Go vulnerabilities.", "public_name": "Alex Useche", "guid": "89a518e1-d23f-544e-873d-e268fe742ed7", "url": "https://talks.toorcon.net/toorcon-2021/speaker/MA7EDA/"}], "links": [], "feedback_url": "https://talks.toorcon.net/toorcon-2021/talk/PHDDMD/feedback/", "origin_url": "https://talks.toorcon.net/toorcon-2021/talk/PHDDMD/", "attachments": []}], "The Lawn - Gamma": [{"guid": "ae40b383-65a5-5b2b-8fcd-edabe8c76292", "code": "TMVUJA", "id": 134, "logo": null, "date": "2021-10-13T13:00:00-07:00", "start": "13:00", "duration": "04:00", "room": "The Lawn - Gamma", "slug": "toorcon-2021-134-nerf-modding-101-workshop", "url": "https://talks.toorcon.net/toorcon-2021/talk/TMVUJA/", "title": "Nerf Modding 101 (Workshop)", "subtitle": "", "track": "Workshops & Demos", "type": "Workshop", "language": "en", "abstract": "Are you a gadgeteer, modder, tinkerer? Do you want to be but hardly know how to use a screwdriver? Well, then this workshop is for you... There is no reason to settle for a stock blaster out of the box!\r\n\r\nJoin long time prop maker, inventor & nerf modifier Riverside in a workshop that will go step by step through modding the Nerf Zombie Strike Hammershot Blaster; one of the hottest blasters on the market.\r\n\r\nWhat will I learn if I join this workshop?\r\nIn this workshop you will learn the secret inner workings of the four major classes' of nerf blaster (Electric, Spring, Air, Gas).\r\n\r\nWe will cover modification principles for both functionality (shoot farther) and cosmetic (wow that's pretty/cool!)\r\n\r\nThis includes masking & paint, form factor changes (addition and reduction), air-flow restriction removals, and a lot more...\r\n\r\nAs part of our nerf gun cosmetics instruction, we will be covering an introduction to basic electronics and the use of LED lights to make things glow as well as the basics of Bondo to change shapes of basic guns.\r\n\r\nOf course all of this amazing stuff will require some crazy tools; drills, hammers, saws, dremmel's, etc. So we will be going over the proper \"safe\" use of each tool for beginners.\r\n\r\nNOTE: Basic paint colors will be provided. If you would like super fancy colors and want to bring your own, please contact the instructor ahead of time to ensure it is the right type of paint (Must be paint for plastic).", "description": "Are you a gadgeteer, modder, tinkerer? Do you want to be but hardly know how to use a screwdriver? Well, then this workshop is for you... There is no reason to settle for a stock blaster out of the box!\r\n\r\nJoin long time prop maker, inventor & nerf modifier Riverside in a workshop that will go step by step through modding the Nerf Zombie Strike Hammershot Blaster; one of the hottest blasters on the market.\r\n\r\nWhat will I learn if I join this workshop?\r\nIn this workshop you will learn the secret inner workings of the four major classes' of nerf blaster (Electric, Spring, Air, Gas).\r\n\r\nWe will cover modification principles for both functionality (shoot farther) and cosmetic (wow that's pretty/cool!)\r\n\r\nThis includes masking & paint, form factor changes (addition and reduction), air-flow restriction removals, and a lot more...\r\n\r\nAs part of our nerf gun cosmetics instruction, we will be covering an introduction to basic electronics and the use of LED lights to make things glow as well as the basics of Bondo to change shapes of basic guns.\r\n\r\nOf course all of this amazing stuff will require some crazy tools; drills, hammers, saws, dremmel's, etc. So we will be going over the proper \"safe\" use of each tool for beginners.\r\n\r\nNOTE: Basic paint colors will be provided. If you would like super fancy colors and want to bring your own, please contact the instructor ahead of time to ensure it is the right type of paint (Must be paint for plastic).", "recording_license": "", "do_not_record": false, "persons": [{"code": "9VKRQF", "name": "Riverside", "avatar": null, "biography": null, "public_name": "Riverside", "guid": "4855766c-462d-550f-a21e-d1292cf08875", "url": "https://talks.toorcon.net/toorcon-2021/speaker/9VKRQF/"}], "links": [], "feedback_url": "https://talks.toorcon.net/toorcon-2021/talk/TMVUJA/feedback/", "origin_url": "https://talks.toorcon.net/toorcon-2021/talk/TMVUJA/", "attachments": []}], "Beach Lounge": [{"guid": "7625653e-1f76-5e9d-b2d0-625948f5653f", "code": "YGHLGR", "id": 139, "logo": null, "date": "2021-10-13T18:30:00-07:00", "start": "18:30", "duration": "01:30", "room": "Beach Lounge", "slug": "toorcon-2021-139-beach-luau", "url": "https://talks.toorcon.net/toorcon-2021/talk/YGHLGR/", "title": "Beach Luau", "subtitle": "", "track": "Activity", "type": "Activity", "language": "en", "abstract": "We'll be grilling up some amazing food on the beach and have bonfires going to chill around. Join us to eat some grub before heading to the party downtown!", "description": "", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://talks.toorcon.net/toorcon-2021/talk/YGHLGR/feedback/", "origin_url": "https://talks.toorcon.net/toorcon-2021/talk/YGHLGR/", "attachments": []}], "Toro (Downtown)": [{"guid": "e14a8863-3eb8-59c4-8632-74e939591209", "code": "NF33MH", "id": 140, "logo": "https://talks.toorcon.net/media/toorcon-2021/images/NF33MH/toro_4N8g4Md.PNG", "date": "2021-10-13T21:00:00-07:00", "start": "21:00", "duration": "03:00", "room": "Toro (Downtown)", "slug": "toorcon-2021-140-party", "url": "https://talks.toorcon.net/toorcon-2021/talk/NF33MH/", "title": "Party!", "subtitle": "", "track": "Activity", "type": "Activity", "language": "en", "abstract": "We've rented out our own space at the lively Toro nightclub downtown and have none other than Keith Myers and a slew of other infamous hacker DJs to rock the con all night long. Come join us downtown in our exclusive space with some of the best DJs in the scene!", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "LVDV7N", "name": "Keith Myers", "avatar": "https://talks.toorcon.net/media/km_o9PnjKA.jpeg", "biography": "I wear shoes and pants. Sometimes I don't wear pants. I love house music, race cars, and throwing extremely last minute parties at ToorCon events.", "public_name": "Keith Myers", "guid": "6d3adc1c-b72e-5581-9a00-b73a18c59305", "url": "https://talks.toorcon.net/toorcon-2021/speaker/LVDV7N/"}], "links": [], "feedback_url": "https://talks.toorcon.net/toorcon-2021/talk/NF33MH/feedback/", "origin_url": "https://talks.toorcon.net/toorcon-2021/talk/NF33MH/", "attachments": []}], "ToorCon CTF": [{"guid": "49c6f32c-b985-5841-b507-3424a66ed964", "code": "RNET8S", "id": 147, "logo": null, "date": "2021-10-13T10:00:00-07:00", "start": "10:00", "duration": "06:00", "room": "ToorCon CTF", "slug": "toorcon-2021-147-toorcon-ctf", "url": "https://talks.toorcon.net/toorcon-2021/talk/RNET8S/", "title": "ToorCon CTF", "subtitle": "", "track": "Activity", "type": "Activity", "language": "en", "abstract": "CTF begins 10:00 AM Tuesday October 12 and will continue through 4:00 PM Wednesday October 13th. (We can adjust the end time to whatever will work best for finalizing the standings and getting that info to the Closing Remarks people.)\r\n\r\nNo pre-registration is required, but people are encouraged to form teams before Toorcon. The Scoreboard URL will be posted in Toorcon Discord at 10AM Tuesday. Players can register then.\r\n\r\nThey can also follow us on Twitter for announcements and hints at @toorconctf.\r\n\r\nThere is no additional cost to participate in our CTF. It is open to all Toorcon attendees, virtual or in-person. (Some people were confusing our CTF with the Embedded CTF, which cost an additional $99.)", "description": "", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://talks.toorcon.net/toorcon-2021/talk/RNET8S/feedback/", "origin_url": "https://talks.toorcon.net/toorcon-2021/talk/RNET8S/", "attachments": []}]}}, {"index": 3, "date": "2021-10-14", "day_start": "2021-10-14T04:00:00-07:00", "day_end": "2021-10-15T03:59:00-07:00", "rooms": {"Beach Lounge": [{"guid": "833506f1-9863-5d65-9864-2156085dc3b5", "code": "G7EQQC", "id": 141, "logo": null, "date": "2021-10-14T10:00:00-07:00", "start": "10:00", "duration": "07:20", "room": "Beach Lounge", "slug": "toorcon-2021-141-beach-lounge-activities", "url": "https://talks.toorcon.net/toorcon-2021/talk/G7EQQC/", "title": "Beach Lounge & Activities", "subtitle": "", "track": "Activity", "type": "Activity", "language": "en", "abstract": "We'll be grilling up food all day and have tons of activities lined up at the Mission Bay Sportcenter that's next to The Point. We'll be running sign-ups for the activities throughout Tuesday & Wednesday and sending out a poll to attendees the week before the event to gauge interest. We look forward to having a great fun day with you all! Here's a sample of the available activities we're considering:\r\n\r\n- Take a Sailing Class\r\n- Jet Ski Tour of San Diego Coastline\r\n- Glow Paddleboard Tour (at Night)\r\n- Paddle Pub Tour of Mission Bay\r\n- Stand Up Paddleboard Yoga\r\n- Rent a Jetpack!\r\n- Rent a Power Boat\r\n- Rent a Jetski / Waverunner\r\n- Rent a Sail Boat / Catamaran\r\n- Rent a SUP / Kayak\r\n- Ride Rollercoasters", "description": "", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://talks.toorcon.net/toorcon-2021/talk/G7EQQC/feedback/", "origin_url": "https://talks.toorcon.net/toorcon-2021/talk/G7EQQC/", "attachments": []}], "Bahia Belle": [{"guid": "1ce06531-fe7d-5248-9da6-209f7d0b34b6", "code": "DDVQES", "id": 143, "logo": "https://talks.toorcon.net/media/toorcon-2021/images/DDVQES/bahia_belle_7T08OO8.jpg", "date": "2021-10-14T20:00:00-07:00", "start": "20:00", "duration": "02:00", "room": "Bahia Belle", "slug": "toorcon-2021-143-party-cruise", "url": "https://talks.toorcon.net/toorcon-2021/talk/DDVQES/", "title": "Party Cruise", "subtitle": "", "track": "Activity", "type": "Activity", "language": "en", "abstract": "We've bought a ton of tickets for the Bahia Belle Bay Cruise for us to take from 8pm-10pm. There's drinks available on-board and we'll be catching it at the dock at the Catamaran Resort.\r\n\r\nCatamaran Resort\r\n3999 Mission Blvd, San Diego, CA 92109", "description": "", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://talks.toorcon.net/toorcon-2021/talk/DDVQES/feedback/", "origin_url": "https://talks.toorcon.net/toorcon-2021/talk/DDVQES/", "attachments": []}], "Escape Rooms": [{"guid": "b0956e6f-bc84-5916-90c9-cdb7d8673d62", "code": "GW39ME", "id": 142, "logo": "https://talks.toorcon.net/media/toorcon-2021/images/GW39ME/quicksand_c1zxwBL.jfif", "date": "2021-10-14T17:30:00-07:00", "start": "17:30", "duration": "01:30", "room": "Escape Rooms", "slug": "toorcon-2021-142-escape-rooms", "url": "https://talks.toorcon.net/toorcon-2021/talk/GW39ME/", "title": "Escape Rooms!", "subtitle": "", "track": "Activity", "type": "Activity", "language": "en", "abstract": "We've rented out 3 different escape rooms at Quicksand Escape Games for us to tackle. We need 3 groups of up to 8 people each to head over. Must be there by 5:30pm and expect to be done around 7pm.", "description": "", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://talks.toorcon.net/toorcon-2021/talk/GW39ME/feedback/", "origin_url": "https://talks.toorcon.net/toorcon-2021/talk/GW39ME/", "attachments": []}], "Paddle Pub": [{"guid": "f8b04993-fbda-5d7d-acfc-c637f8efbc06", "code": "DJZMXS", "id": 145, "logo": "https://talks.toorcon.net/media/toorcon-2021/images/DJZMXS/paddlepub_X5qkGEZ.jpg", "date": "2021-10-14T15:00:00-07:00", "start": "15:00", "duration": "02:00", "room": "Paddle Pub", "slug": "toorcon-2021-145-paddle-pub-san-diego-beer-tasting", "url": "https://talks.toorcon.net/toorcon-2021/talk/DJZMXS/", "title": "Paddle Pub & San Diego Beer Tasting", "subtitle": "", "track": "Activity", "type": "Activity", "language": "en", "abstract": "We're renting a paddle pub and getting a bunch of SD beers for everyone! Feel free to join us on this 12 passenger paddle boat that YOU (and your beer) power. We'll will have two sailings, leaving the dock at 3PM and 4PM, respectfully. \r\n\r\n'**NOTE**': Attendance is limited. There will be sign-up sheets to reserve a sheet, and EVERYONE HAS to fill out a waiver form in Advance of the event.", "description": "## **Beer List 2021**\r\n\r\nThis year we focus on three different breweries for different samples of San Diego brewing.\r\n\r\n#### **Ballast Point**\r\n*****\r\n* **Longfin Lager** - https://untappd.com/b/ballast-point-brewing-company-longfin/11602\r\n* **California K\u00f6lsch** - https://untappd.com/b/ballast-point-brewing-company-california-kolsch/1387947\r\n* **Blood Orange Lager** - https://untappd.com/b/ballast-point-brewing-company-blood-orange-lager/4539244\r\n* **Grapefruit Sculpin** - IPA with Grapefruit  - https://untappd.com/b/ballast-point-brewing-company-grapefruit-sculpin/285658\r\n\r\n#### **Alesmith**\r\n*****\r\n* **Tropical Marmalade** - Hazy IPA https://untappd.com/b/alesmith-brewing-company-tropical-marmalade/3215328\r\n* **San Andreas Shake** - Milkshake IPA with Lactose and Pineapple  https://untappd.com/b/alesmith-brewing-company-san-andreas-shake/4469840\r\n* **Speedway Stout** - Imperial Stout with Mexican Dark Chocolate, Sea Salt, and Mexican Coffee https://untappd.com/b/alesmith-brewing-company-speedway-stout-w-mexican-dark-chocolate-sea-salt-and-mexican-coffee/4474854\r\n* **.394 Pale Ale** - San Diego Style Pale Ale https://untappd.com/b/alesmith-brewing-company-san-diego-pale-ale-394/705460\r\n* **Aleschmidt Oktoberfest** - German-Style M\u00e4rzen Lager https://untappd.com/b/alesmith-brewing-company-aleschmidt-oktoberfest-2021/4428298\r\n\r\n\r\n#### **Mikkeler **\r\n*****\r\n* **Falling Sparks** - West Coast IPA https://untappd.com/b/mikkeller-brewing-san-diego-falling-sparks/4464234\r\n* **Tr\u00e6blod** - Imperial Stout brewed with Maple & Coffee https://untappd.com/b/mikkeller-brewing-san-diego-traeblod/3877424\r\n* **This Just In!** - Imperial Tart Ale with Pear and Vanilla Beans https://untappd.com/b/mikkeller-brewing-san-diego-this-just-in/4442726\r\n* House Mikkeller of San Diego's **Ghost Visions Lager** - Winter is HERE https://untappd.com/b/mikkeller-brewing-san-diego-game-of-thrones-ghost-visions/4535436\r\n* **Spontanblueberry** - Blueberry Lambic Mikkeller https://untappd.com/b/mikkeller-spontanblueberry/2273521 \r\n* **Hammock Bound** - `Fruited Berliner Weisse Ale with Key Lime` https://untappd.com/b/mikkeller-brewing-san-diego-hammock-bound/4409430", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://talks.toorcon.net/toorcon-2021/talk/DJZMXS/feedback/", "origin_url": "https://talks.toorcon.net/toorcon-2021/talk/DJZMXS/", "attachments": []}]}}]}}}