Like hacking computers? Now it's time to hack the wake! This event will allow participants of all abilities to wakeboard or wakesurf. Whether an advanced rider throwing toeside backrolls or a beginner who has never stepped foot on a wakesurf, this event will cater to the rider's ability and allow for a fun experience. Experienced instructors will provide participants with tailored tips and the equipment necessary for success. All boats, boards and safety equipment will be provided by the organizers. Participants must be at least 6 years of age or older and know how to swim (participants under 18 will need a parent/guardian to sign the liability form).
If you're interested in signing up for this, please indicate such in the questionnaire you have received from ToorCon and we'll get in touch.
Our career has been growing like crazy with an estimated 3.5 million unfilled cyber security jobs within the next few years. More certs, more quals, more money, right? But what if we’re wrong? AI, outsourcing, and visa programs may put a huge downward pressure on future job opportunities (and pay) in America. Of course, we don’t WANT this, but shouldn’t a wise professional prepare for possibilities? We’ll look at facts, figures, industry trends, and possible futures that might have us thinking that 2021 represents “the good old days.” No gloom-and-doom here; just a risk-based look at what happens if we really can NOT get the talent regardless of price, and why financial incentives haven't effectively raised the ability level of our cybersecurity workforce.
CTF begins 10:00 AM Tuesday October 12 and will continue through 4:00 PM Wednesday October 13th. (We can adjust the end time to whatever will work best for finalizing the standings and getting that info to the Closing Remarks people.)
No pre-registration is required, but people are encouraged to form teams before Toorcon. The Scoreboard URL will be posted in Toorcon Discord at 10AM Tuesday. Players can register then.
They can also follow us on Twitter for announcements and hints at @toorconctf.
There is no additional cost to participate in our CTF. It is open to all Toorcon attendees, virtual or in-person. (Some people were confusing our CTF with the Embedded CTF, which cost an additional $99.)
Go is a great language that is explicit, simple, and it makes writing concurrency extremely easy. Yet, it suffers from many of the same vulnerabilities you'd encounter in C and C++ applications. Writing concurrent Go code can also be risky, as vicious concurrency bugs can slowly sneak into your application. So, how can you get started discovering vulnerabilities in Go code? This talk will discuss approaches to finding vulnerabilities in Go code and the state of static and dynamic analysis tools for automated discovery of Go vulnerabilities, from static analysis to fuzzing to fault injection. We will learn about common vulnerabilities in Go and how to catch them, whether you are a security researcher or a Go developer.
In the recent years, we have seen some of the major players in the industry switch from x86-based processors to ARM processors. Most notable is Apple, who has supported the transition to ARM from x86 with a binary translator, Rosetta 2, which has recently gotten the attention of many researchers and reverse engineers. However, you might be surprised to know that Intel has their own binary translator, Houdini, which runs ARM binaries on x86.
In this talk, we will discuss Intel's proprietary Houdini translator, which is primarily used by Android on x86 platforms, such as higher-end Chromebooks and desktop Android emulators. We will start with a high-level discussion of how Houdini works and is loaded into processes. We will then dive into the low-level internals of the Houdini engine and memory model, including several security weaknesses it introduces into processes using it. Lastly, we will discuss methods to escape the Houdini environment, execute arbitrary ARM and x86, and write Houdini-targeted malware that bypasses existing platform analysis.
Program instrumentation and tracing is a key component of any offensive persistence framework or defensive endpoint detection and response (EDR) technology. This talk will focus on the latest tracing infrastructure known as Extended Berkeley Packet Filters (eBPF) which is currently supported on Linux and is coming to Windows as well. eBPF is complex with several front end languages and backend hooking engines. This talk will explain how eBPF works, what it takes to write eBPF based hooks, and demonstrate two simple tools for verfiying or infecting ELF binaries on the fly.
Discussing the interesting things in pre-boot stages of systems, especially SoCs. Cool stuff and tools, places to "hook", and why adding a resistor in the right place can drop the system to "debug" mode.
You can use your favorite system monitoring drivers to gain code execution in the kernel by writing to a single register.
Model Specific Registers (MSRs) are little known outside of Kernel developer circles. Even among kernel hackers, the use of each register is not well known, with several registers being either partially or fully undocumented. This has led to a proliferation of low quality kernel mode drivers that expose primitives to read and write to these registers. While writing to a single register is seldom cause for celebration by the exploit developer, in several instances an understanding of these registers can lead kernel remote code execution allowing for privilege escalation. This talk will explore the purpose of these special registers, how we can use them to get kernel code execution, and how developers should be protecting themselves from these attacks.
Static analysis can be expensive, time consuming, full of false positives, a pain in the rear to manage multiple languages, and not very configurable. But no more! At Slack, we’ve designed a static analysis program which utilizes one free, highly configurable tool to scan over 60 different codebases in six languages and has saved us over $700,000 annually. Semgrep, an open source static analysis engine, uses highly configurable rules. Tuning these rules to our specific environment saves developer time while providing useful guard rails against dangerous code patterns. We’ve been able to reduce false positives by over 80%, and we’ve removed rules that don’t apply in our environment. Adding a new codebase to our scanning pipeline adds almost no additional overhead; we merely add one line to a file to enable the scans and review new results. Implementing our program this way has allowed us to meet our compliance requirements while providing a useful, low overhead static analysis program.
We've rented out a private theater for us to view the new James Bond movie at! Come join us after dinner to see an in-person movie!!!
AMC Fashion Valley 18
7037 Friars Road, San Diego, California 92108
Hardware hacking is usually associated with soldering irons and wires, with the PCB being the primary attack surface. In reality, it's turtles all the way down: the deeper you dig, the more opportunities for attack emerge. I'll give a whirlwind tour of the incredibly diverse field of hardware hacking, including how transistors emit light and leak secrets, how to simulate hardware faults, and how you may spend most of your time dealing with software. I'll discuss how some attacks need a professional lab, but many can be done on a limited budget. This talk should allow anyone with a general technical background to walk away with an insight into what all this "hardware hacking" can mean.
CTF begins 10:00 AM Tuesday October 12 and will continue through 4:00 PM Wednesday October 13th. (We can adjust the end time to whatever will work best for finalizing the standings and getting that info to the Closing Remarks people.)
No pre-registration is required, but people are encouraged to form teams before Toorcon. The Scoreboard URL will be posted in Toorcon Discord at 10AM Tuesday. Players can register then.
They can also follow us on Twitter for announcements and hints at @toorconctf.
There is no additional cost to participate in our CTF. It is open to all Toorcon attendees, virtual or in-person. (Some people were confusing our CTF with the Embedded CTF, which cost an additional $99.)
The LUNA USB Multitool is Great Scott Gadgets’s forthcoming FPGA-based platform intended for USB hacking and development. This talk will walk through several supported uses cases, including analyzing high-speed USB traffic, emulating USB devices with the FaceDancer framework, and performing MitM attacks against USB. Additionally, this talk introduces ways you can (ab)use its FPGA-based design in unsupported ways, such as using the hardware as a flexible FPGA development board with extensive USB connectivity, as well as targeting the LUNA gateware to other, unsupported FPGA boards.
We will demo tuning static analysis rules to specific environments. Attendees will need to download Semgrep, the static analysis engine our program is based upon, beforehand. We have tuned our rules extensively, which has greatly reduced our false positive rate.
Heap exploitation is an incredibly powerful tool for a hacker. As exploit mitigations have made exploitation more difficult, modern exploit development has moved to the heap. However, heap exploitation is a subject that has evaded many people for years for one reason: they focus on the techniques instead of the allocator. By learning with an allocator first style, the techniques are easily understood and practical to use.
This workshop is for learning heap exploit development in GLibC Malloc. GLibC Malloc is the default allocator on most Linux distros. With this hands-on introduction into GLibC Malloc heap exploitation you will learn how the allocator functions, heap specific vulnerability classes and to pwn with a variety of techniques. Whether you're an avid CTFer or just trying to get into heap exploitation on your pwnables site, this course is good for adding another tool to the tools arsenal. After taking this course you will understand the GLibC Malloc allocator, be able to discover heap specific vulnerability classes and pwn the heap with a variety of techniques, with the capability to easily learn more.
Are you a gadgeteer, modder, tinkerer? Do you want to be but hardly know how to use a screwdriver? Well, then this workshop is for you... There is no reason to settle for a stock blaster out of the box!
Join long time prop maker, inventor & nerf modifier Riverside in a workshop that will go step by step through modding the Nerf Zombie Strike Hammershot Blaster; one of the hottest blasters on the market.
What will I learn if I join this workshop?
In this workshop you will learn the secret inner workings of the four major classes' of nerf blaster (Electric, Spring, Air, Gas).
We will cover modification principles for both functionality (shoot farther) and cosmetic (wow that's pretty/cool!)
This includes masking & paint, form factor changes (addition and reduction), air-flow restriction removals, and a lot more...
As part of our nerf gun cosmetics instruction, we will be covering an introduction to basic electronics and the use of LED lights to make things glow as well as the basics of Bondo to change shapes of basic guns.
Of course all of this amazing stuff will require some crazy tools; drills, hammers, saws, dremmel's, etc. So we will be going over the proper "safe" use of each tool for beginners.
NOTE: Basic paint colors will be provided. If you would like super fancy colors and want to bring your own, please contact the instructor ahead of time to ensure it is the right type of paint (Must be paint for plastic).
I will have my LUNA prototype with me that people will likely be able to experiment with. I’m hoping to have a CodeSpaces-like environment where people can simply load up the base LUNA code base in their browser, hack on some Python or nMigen gateware, run tests, and finally see their hacks running on real hardware.
I will demo three tools:
- Go-fuzz for fuzzing Go applications
- GCatch for detecting concurrency bugs in Go code
- gotico, a tool currently in development for catching library-specific bugs
For the demo, we will take a loot at a modern arm based platform and an x86/64 platform that are easy to recover from if broken. We'll build some firmware, learning the tools, break a device, recover it, look at debug points. Attendees will probably need/want some VU meters, FTDI/TTL connectors, power strips, and something raspbery-pi like to follow along.
Despite several thousand companies in the security space doing everything from PR to deep
packet inspection and threat intelligence, the internet is still very much lawless, international
waters. Largely because policymakers and elected officials just "aren’t computer people" and
are woefully underprepared to deal with highly technical topics. Add to this that most
organizations do not actually do much real security - they only do whatever their corporate
compliance legally requires, and few companies do anything more. The result of this
arrangement is that ransomware gangs and other flavors of attackers can do whatever they
want with impunity - and they're getting creative about it. In this presentation we'll cover some
of the threat landscape we've seen in recent years, and what businesses and governments are
doing to stay on top of things.
We're legitimately live-streaming Toorcon across North America via a geosynchronous satellite. This talk explains how we did it.
We'll be grilling up some amazing food on the beach and have bonfires going to chill around. Join us to eat some grub before heading to the party downtown!
We've rented out our own space at the lively Toro nightclub downtown and have none other than Keith Myers and a slew of other infamous hacker DJs to rock the con all night long. Come join us downtown in our exclusive space with some of the best DJs in the scene!
We'll be grilling up food all day and have tons of activities lined up at the Mission Bay Sportcenter that's next to The Point. We'll be running sign-ups for the activities throughout Tuesday & Wednesday and sending out a poll to attendees the week before the event to gauge interest. We look forward to having a great fun day with you all! Here's a sample of the available activities we're considering:
- Take a Sailing Class
- Jet Ski Tour of San Diego Coastline
- Glow Paddleboard Tour (at Night)
- Paddle Pub Tour of Mission Bay
- Stand Up Paddleboard Yoga
- Rent a Jetpack!
- Rent a Power Boat
- Rent a Jetski / Waverunner
- Rent a Sail Boat / Catamaran
- Rent a SUP / Kayak
- Ride Rollercoasters
We're renting a paddle pub and getting a bunch of SD beers for everyone! Feel free to join us on this 12 passenger paddle boat that YOU (and your beer) power. We'll will have two sailings, leaving the dock at 3PM and 4PM, respectfully.
'NOTE': Attendance is limited. There will be sign-up sheets to reserve a sheet, and EVERYONE HAS to fill out a waiver form in Advance of the event.
We've rented out 3 different escape rooms at Quicksand Escape Games for us to tackle. We need 3 groups of up to 8 people each to head over. Must be there by 5:30pm and expect to be done around 7pm.
We've bought a ton of tickets for the Bahia Belle Bay Cruise for us to take from 8pm-10pm. There's drinks available on-board and we'll be catching it at the dock at the Catamaran Resort.
Catamaran Resort
3999 Mission Blvd, San Diego, CA 92109