“Sleight of ARM: Demystifying Intel Houdini” Brian Hong · Talk (50 minutes)

In the recent years, we have seen some of the major players in the industry switch from x86-based processors to ARM processors. Most notable is Apple, who has supported the transition to ARM from x86 with a binary translator, Rosetta 2, which has recently gotten the attention of many researchers an…


“Extra Better Program Finagling (eBPF) for Attack and Defense” Richard Johnson · Talk (50 minutes)

Program instrumentation and tracing is a key component of any offensive persistence framework or defensive endpoint detection and response (EDR) technology. This talk will focus on the latest tracing infrastructure known as Extended Berkeley Packet Filters (eBPF) which is currently supported on Lin…


“The Unauthorized Guide to the LUNA USB Multitool” Karl Koscher · Talk + Hands-On Demo (50 minutes)

The LUNA USB Multitool is Great Scott Gadgets’s forthcoming FPGA-based platform intended for USB hacking and development. This talk will walk through several supported uses cases, including analyzing high-speed USB traffic, emulating USB devices with the FaceDancer framework, and performing MitM at…


“Getting Down with Bringup” Gene Erik · Talk + Hands-On Demo (50 minutes)

Discussing the interesting things in pre-boot stages of systems, especially SoCs. Cool stuff and tools, places to "hook", and why adding a resistor in the right place can drop the system to "debug" mode.


“Making Mischief with Machine Specific Register Based Exploits” John D Dunlap · Talk (50 minutes)

You can use your favorite system monitoring drivers to gain code execution in the kernel by writing to a single register.

Model Specific Registers (MSRs) are little known outside of Kernel developer circles. Even among kernel hackers, the use of each register is not well known, with several regist…


“House of Heap Exploitation (Workshop)” Maxwell (Strikeout) Dulin, Kevin Choi · Workshop (2 hours)

Heap exploitation is an incredibly powerful tool for a hacker. As exploit mitigations have made exploitation more difficult, modern exploit development has moved to the heap. However, heap exploitation is a subject that has evaded many people for years for one reason: they focus on the techniques i…


“Free as in Beer: Building a low cost static analysis program” Erin Browning, Tim Faraci · Talk + Hands-On Demo (50 minutes)

Static analysis can be expensive, time consuming, full of false positives, a pain in the rear to manage multiple languages, and not very configurable. But no more! At Slack, we’ve designed a static analysis program which utilizes one free, highly configurable tool to scan over 60 different codebase…


“Fuzzers, analyzers, and other Gophers insecticides” Alex Useche · Talk + Hands-On Demo (50 minutes)

Go is a great language that is explicit, simple, and it makes writing concurrency extremely easy. Yet, it suffers from many of the same vulnerabilities you'd encounter in C and C++ applications. Writing concurrent Go code can also be risky, as vicious concurrency bugs can slowly sneak into your app…


“The isle of tortuga, but on the internet” Dan Tentler · Lightning Talk (10 minutes)

Despite several thousand companies in the security space doing everything from PR to deep
packet inspection and threat intelligence, the internet is still very much lawless, international
waters. Largely because policymakers and elected officials just "aren’t computer people" and
are woefully under…


“Getting Down with Bringup (Demo Time)” Gene Erik · Workshop (2 hours)

For the demo, we will take a loot at a modern arm based platform and an x86/64 platform that are easy to recover from if broken. We'll build some firmware, learning the tools, break a device, recover it, look at debug points. Attendees will probably need/want some VU meters, FTDI/TTL connectors, …


“Fuzzers, analyzers, and other Gophers insecticides (Demo Time)” Alex Useche · Workshop (2 hours)

I will demo three tools:

  • Go-fuzz for fuzzing Go applications
  • GCatch for detecting concurrency bugs in Go code
  • gotico, a tool currently in development for catching library-specific bugs


“Free as in Beer: Building a low cost static analysis program (Demo Time)” Erin Browning · Workshop (2 hours)

We will demo tuning static analysis rules to specific environments. Attendees will need to download Semgrep, the static analysis engine our program is based upon, beforehand. We have tuned our rules extensively, which has greatly reduced our false positive rate.


“The Unauthorized Guide to the LUNA USB Multitool (Demo Time)” Karl Koscher · Hands-On Demo (2 hours)

I will have my LUNA prototype with me that people will likely be able to experiment with. I’m hoping to have a CodeSpaces-like environment where people can simply load up the base LUNA code base in their browser, hack on some Python or nMigen gateware, run tests, and finally see their hacks running…


“Nerf Modding 101 (Workshop)” Riverside · Workshop (2 hours)

Are you a gadgeteer, modder, tinkerer? Do you want to be but hardly know how to use a screwdriver? Well, then this workshop is for you... There is no reason to settle for a stock blaster out of the box!

Join long time prop maker, inventor & nerf modifier Riverside in a workshop that will go ste…


“KEYNOTE: On Hardware Hacking and Turtles” Jasper van Woudenberg · Talk (50 minutes)

Hardware hacking is usually associated with soldering irons and wires, with the PCB being the primary attack surface. In reality, it's turtles all the way down: the deeper you dig, the more opportunities for attack emerge. I'll give a whirlwind tour of the incredibly diverse field of hardware hacki…


“KEYNOTE: The Demise of the Cybersecurity Workforce (!?)” G. Mark Hardy · Talk (50 minutes)

Our career has been growing like crazy with an estimated 3.5 million unfilled cyber security jobs within the next few years. More certs, more quals, more money, right? But what if we’re wrong? AI, outsourcing, and visa programs may put a huge downward pressure on future job opportunities (and pay) …


“Wakeboarding and Wakesurfing” Somerset Recon · Activity (2 hours)

Like hacking computers? Now it's time to hack the wake! This event will allow participants of all abilities to wakeboard or wakesurf. Whether an advanced rider throwing toeside backrolls or a beginner who has never stepped foot on a wakesurf, this event will cater to the rider's ability and allow f…


“Private Viewing: James Bond No Time to Die” · Activity (2 hours)

We've rented out a private theater for us to view the new James Bond movie at! Come join us after dinner to see an in-person movie!!!

AMC Fashion Valley 18
7037 Friars Road, San Diego, California 92108


“Beach Luau” · Activity (2 hours)

We'll be grilling up some amazing food on the beach and have bonfires going to chill around. Join us to eat some grub before heading to the party downtown!


“Party!” Keith Myers · Activity (2 hours)

We've rented out our own space at the lively Toro nightclub downtown and have none other than Keith Myers and a slew of other infamous hacker DJs to rock the con all night long. Come join us downtown in our exclusive space with some of the best DJs in the scene!


“Beach Lounge & Activities” · Activity (2 hours)

We'll be grilling up food all day and have tons of activities lined up at the Mission Bay Sportcenter that's next to The Point. We'll be running sign-ups for the activities throughout Tuesday & Wednesday and sending out a poll to attendees the week before the event to gauge interest. We look fo…


“Escape Rooms!” · Activity (2 hours)

We've rented out 3 different escape rooms at Quicksand Escape Games for us to tackle. We need 3 groups of up to 8 people each to head over. Must be there by 5:30pm and expect to be done around 7pm.


“Party Cruise” · Activity (2 hours)

We've bought a ton of tickets for the Bahia Belle Bay Cruise for us to take from 8pm-10pm. There's drinks available on-board and we'll be catching it at the dock at the Catamaran Resort.

Catamaran Resort
3999 Mission Blvd, San Diego, CA 92109


“HACK THE, er... WESTERN HEMISPHERE!!” Karl Koscher · Lightning Talk (10 minutes)

We're legitimately live-streaming Toorcon across North America via a geosynchronous satellite. This talk explains how we did it.


“Paddle Pub & San Diego Beer Tasting” · Activity (2 hours)

We're renting a paddle pub and getting a bunch of SD beers for everyone! Feel free to join us on this 12 passenger paddle boat that YOU (and your beer) power. We'll will have two sailings, leaving the dock at 3PM and 4PM, respectfully.

'NOTE': Attendance is limited. There will be sign-up sheets to…


“ToorCon CTF” · Activity (2 hours)

CTF begins 10:00 AM Tuesday October 12 and will continue through 4:00 PM Wednesday October 13th. (We can adjust the end time to whatever will work best for finalizing the standings and getting that info to the Closing Remarks people.)

No pre-registration is required, but people are encouraged to fo…


“ToorCon CTF” · Activity (2 hours)

CTF begins 10:00 AM Tuesday October 12 and will continue through 4:00 PM Wednesday October 13th. (We can adjust the end time to whatever will work best for finalizing the standings and getting that info to the Closing Remarks people.)

No pre-registration is required, but people are encouraged to fo…