SummerC0n 2022 Hybrid Conference

Date & Time: Friday, July 8th (10:00AM — 7:00PM EST) — Saturday, July 9th (10:00AM — 7:00PM EST)

Location: Littlefield (635 Sackett Street Brooklyn, NY 11217)

Website: https://www.summercon.org/

Virtual Tickets (IN-PERSON SOLD OUT): https://www.eventbrite.com/e/summercon-2022-registration-272409322617?aff=scweb

Virtual Platform(s): Zoom

Scheduel: https://www.summercon.org/schedule/

Live Streams:

TBA

Virtual Chat: Zoom Chat

Affordability: SummerC0n is FREE for the Virtual Zoom Webinar that will cover the entire convention. You must have a ticket via EventBrite for the Virtual Link. In-Person tickets are SOLD OUT.

Code Of Conduct: https://www.summercon.org/conference/

It’s time for Summercon!

Summercon is one of the oldest hacker conventions, and the longest running such conference in the United States. It helped set a precedent for more modern “cons” such as H.O.P.E. and DEF CON.

Summercon is open to everyone, including “hackers, phreakers, phrackers, feds, 2600 kids, cops, security professionals, U4EA, r00t kids club, press, groupies, chicks, conference whores, k0d3 kids, convicted felons, and concerned parents.

Summercon has been hosted in cities such as Pittsburgh, St. Louis, Atlanta, Washington, D.C., New York City, Austin, Las Vegas, and Amsterdam. Originally run by Phrack, the underground ezine, and held annually in St. Louis, the organizational responsibilities of running Summercon were transferred to clovis in 1998 and the convention took place in Atlanta, dubbed ‘Summercon X’.

In its modern incarnation, it is currently organized by redpantz and shmeck, who emphasize the importance of face-to-face interaction as technology increasingly mediates relationships between members of the information security community.

One of the oldest hacker conventions along with The Annual Phone Phreak Convention, Pumpcon & HoHoCon, they’ll be kicking off the summer conference season with their great presentations, games, drinks, and a celebration of the Pwnies! Designed to be smaller and more personal in size and scope, they will be using the same hybrid format as they did in 2021.

First, a few things:

  • This is going to be a very, very weird time. Most of us have not been around other humans for months. So be prepared to roll with the punches, and know that some of the entertainment of this edition of Summercon will be how poor of a job they’ll do at organizing it.
  • Speakers will do their thing at Littlefield. They’ll simulcast to Parklife and stream to the internet, so you have lots of options to see the show.
  • As of today, Littlefield has extremely limited capacity. That could change at any time, but don’t be too sad if you miss out on Littlefield tickets.
  • If you’re one of the lucky few who does snag a Littlefield ticket, you’ll need to show proof of vaccination.
  • LITTLEFIELD IS A 100% VACCINATED SITE. FOR ACCESS YOU MUST BE ABLE TO SHOW PROOF THAT YOU ARE FULLY VACCINATED AS OF 6/24/2021.
  • Attending from the comfort of your own home is still an option.
  • Attending the watch party at Parklife is also an option, and capacity there is less limited.

See you there!

Acceptable Proof of Vaccination (choose one)

  • CDC Form MLS-319813_r “COVID-19 Vaccination Record Card” (or similar)
  • NY State Empire Pass

ABOUT LITTLEFIELD

Littlefield has been one of NYC’s premier independent live venues since 2009. It has showcased some of the best comedy, live music, dance parties, podcasts, art, film and theater. Currently housed in a former 1920’s printing press warehouse, littlefield’s layout and sound system also makes it ideal for weddings, private parties, conventions and festivals.

  • between 3rd and 4th Avenues
  • R to Union Street, then
    one block to Sackett.
  • 2, 3, 4, 5, B, D, N, Q to
    Atlantic Avenue or Pacific Street. 9 blocks south to Sackett.

PLACES NEARBY:

Insomnia Cookies (Late Night Snack Store): https://insomniacookies.com/locations/store/1228

PWNIE AWARDS NOMINATIONS

How do I submit?

On the website linked below you will find a list of categories they’ve selected for this year’s pwnie awards! Simply click the category you’d like to submit to and you’ll be brought to a Google form asking you a few questions. If you don’t want your submission to be tossed out the door immediately we HIGHLY recommend following the instructions as accurately as possible.

How do I win?

All accepted nominations are voted on by a select committee of hackers, breakers, and coders. Simply put, if your hacks are great you get a pwnie.

How do I collect?

A selection of nominations will be announced at SummerCon in NYC. If you’ve been nominated we ask that you kindly join them this year at Black Hat USA in Las Vegas where the winners are announced and given their very own Pwnie Awards!

If you can not make it, they will reach out to arrange some way to get it to you.

Submission Guidelines, Requirements, Tips & Tricks

The PWNIE Awards Staff ask that submissions be well written and explain in clear and concise terms why you think the nomination deserves a pwnie. Just because you submit a nomination does not mean it will be accepted into the running. They receive many dozens of submissions every year and if you put some thought and effort into your submission they’ll happily give it the due consideration it deserves.

If you copy/paste your entire 500 line PoC it’s going to be immediately tossed out and/or lambasted on social media. If you send them a single link to a tweet with zero context it’s getting the ol > /dev/null treatment.

SCHEDULE (PST)

FRIDAY, JULY 8

  • DOORS OPEN
  • 10:00am

OPENING REMARKS AND FINANCIAL REPORT

  • John Terrill and Mark Trumpbour
  • 10:45am — 11:00am

Just don’t fuck up: Cybersecurity lessons from engineering disasters

  • Arya
  • 11am — 12pm

Mitre Engage

  • Dr. Stanley J. Barr
  • 12pm — 1pm

LUNCH

  • 1pm — 2pm

Introduction to ATM Penetration Testing

  • Hector Cuevas Cruz
  • 2pm — 3pm

Down With The Thickness — An Intro to Thick Client Testing

  • Thomas Wilson
  • 3pm — 4pm

M.e.o.w. (Memory Execution Override With ebpf)

  • Grant Seltzer Richman
  • 4pm — 4:30pm

Die, PGP, die

  • Will Woodruff
  • 4:30pm — 5pm

What the blockchain got right… no, really

  • Dan Guido
  • 5:00pm — 5:30pm

CyberPower, CyberWar, and Other Ghosts of Cybers Past

  • Juan Andres Guerrero-Saade
  • 5:30pm — 6:00pm

PWNIES NOM NOM NOMS

  • The Pwnies Committee
  • 6:00pm — 6:30pm

HAPPY HOUR

  • 6:30pm — 7:00pm

SATURDAY, JULY 9

  • DOORS OPEN
  • 10:00am

Virtual Memory Attacks

  • Phillip Tennen
  • 10:30am — 11:30am

Lamboozling Attackers

  • Kelly Shortridge and Ryan Petrich
  • 11:30am — 12:30pm

A Multi-model Analysis of Geopolitical Futures and its implications for the 5th domain

  • Constantine Nicolaidis
  • 12:30pm — 1:30pm

LUNCH

  • 1:30pm — 2:30pm

Zero Trust, now we must but what it means?

  • Harri Hursti
  • 2:30pm — 3:30pm

Reversing an M32C firmware — Lesson learned from playing with an uncommon architecture

  • Philippe Laulheret
  • 3:30pm — 4:30pm

OFRAK Me? OFRAK You!

  • Dr. Ang Cui and Wyatt Ford
  • 4:30pm — 5:30pm

Hackers got 99 problems and Threat Intel ain’t one

  • Ian Roos
  • 5:30pm — 6pm

CLOSING CEREMONY

  • 6pm — 6:30pm

HAPPY HOUR

  • 6:30pm — 7:00pm

SPEAKERS/MODERATORS

ARYA

After graduating with a mechanical engineering degree, Arya quickly transitioned into cybersecurity, where she now leads the security team at a location data company. When she’s not tinkering with various electronics, software, or whatever odds and ends she fancies, you’ll find her moderating a few online communities and dabbling in music, photography, and voice acting. And if you ever find yourself in a storm while out in nature, you might just catch a glimpse of her walking among the trees.

HECTOR CUEVAS CRUZ

Hector Cuevas Cruz is a Bishop Fox security consultant. He has more than 11 years of experience in information security where he has worked as an Offensive Security Consultant, Forensic Analyst, and Threat Hunter at some of the most renowned security companies. Hector has been a regular presenter at national conferences in Mexico since age 17. He has specialized in Red teaming, Digital Forensics, Incident Response, and ATM security assessments.

DR. ANG CUI

Dr. Ang Cui is the Founder and Chief Scientist of Red Balloon Security. Dr. Cui received his PhD from Columbia University in 2015. His doctoral dissertation — “Embedded System Security: A Software-based Approach” — focused exclusively on scientific inquiries concerning the exploitation and defense of embedded systems.

WYATT FORD

Wyatt Ford is a benevolent binary manipulator at Red Balloon Security.

JUAN ANDRES GUERRERO-SAADE

We swear we have a bio for Juan.

DAN GUIDO

You absolutely know who this is.

HARRI HURSTI

Clearly, someone got lazy on the bios.

PHILIPPE LAULHERET

Philippe Laulheret is a Senior Security Researcher on the Trellix vulnerability research team with Trellix’s Threat Labs. With a focus on Reverse Engineering and Vulnerability Research, Philippe uses his background in Embedded Security and Software Engineering to poke at complex systems and get them behave in interesting ways. In his spare time, Philippe enjoys playing CTFs, immersing himself in the beauty of the Pacific Northwest, and exploring the realm of Creative Coding.

Philippe holds a MSc in Computer Science from Georgia Tech and a MSc in Electrical and Computer Engineering from Supélec (France).

CONSTANTINE NICOLAIDIS

Constantine has been leading custom software development teams since 1996 with a strong emphasis on data-driven development methodologies. Over the last decade he has become focused on developing tools for OSSINT investigators and information security practitioners using Human-Computer Interaction best practices.

RYAN PETRICH

Ryan Petrich is an SVP at a financial services company and was previously chief technology officer at Capsule8. Their current research focuses on using systems in unexpected ways for optimum performance and subterfuge. Their work spans designing developer tooling, developing popular and foundational jailbreak tweaks, architecting resilient distributed systems, and experimenting with compilers, state replication, and frustrating instruction sets.

GRANT SELTZER RICHMAN

Grant is a software engineer on the open source team at Aqua. He primarily works on eBPF code for the Tracee project, and regularly contributes to libbpf. Outside of software development, he very much enjoys riding his bike and will be competing in the upcoming edition of the Tour de France.

IAN ROOS

Ian is a serial summercon presenter, shitpost artificer, pwnie awards organizer, and general bad actor in the wild.

KELLY SHORTRIDGE

Kelly Shortridge is a Senior Principal Product Technologist at Fastly. Kelly is co-author with Aaron Rinehart of Security Chaos Engineering (O’Reilly Media) and is an expert in resilience-based strategies for systems defense. Their research on applying behavioral economics and DevOps principles to information security has rustled considerable jimmies among the infosec status quo but also has been featured in top industry publications and presented at conferences globally, including Black Hat USA, O’Reilly Velocity Conference, and Zero Nights.

PHILLIP TENNEN

Phillip Tennen is a security research engineer at Data Theorem and card-carrying operating systems nerd. His areas of interest include automated binary analysis, binary file formats, and building low-level systems. Building on top of his foundation as an iOS tweak developer, he plays a key role in Data Theorem’s automated app analysis pipeline. He enjoys the piano and all varieties of dexterity games.

Philippe holds a MSc in Computer Science from Georgia Tech and a MSc in Electrical and Computer Engineering from Supélec (France).

THOMAS WILSON

Thomas Wilson is a senior security consultant at Bishop Fox and a musician. He is a jack-of-some-trades and a master of fewer, but he has been living in the land of computers since the era of the Macintosh II, so he can type without looking. When he isn’t hacking phones and IOT devices, you’ll likely find Thomas DJ-ing house music or playing Final Fantasy XIV.

WILLIAM WOODRUFF

William Woodruff is a Senior Security Engineer at Trail of Bits, a New York-based cybersecurity consultancy. On the professional side, William works on static and dynamic program analysis within LLVM, as well as on open-source supply chain security in the Python packaging ecosystem. As a hobbyist, he maintains a variety of Rust, Ruby, Python and C/C++ tools and blogs about subjects he finds interesting at https://blog.yossarian.net

--

--

DCG 201

North East New Jersey DEFCON Group Chapter. Dirty Jersey Represent! We meet at Sub Culture once a month to hack on technology projects! www.defcon201.org