Welcome to the DCG 201 guide to Hacker Double Summer! This is part of a series where we are going to cover all the various hacker conventions and shenanigans at the start of July to the end of August both In Person & Digital! 2022 is a GIGANTIC year for hacker hysteria with so many events this will break the most guides we have ever written with the lucky number 13 as the goal. As more blog posts are uploaded, you will be able to jump through the guide via these links:
HACKER DOUBLE SUMMER — Part One: Surviving Las Vegas, New York & Virtually Anywhere
HACKER DOUBLE SUMMER — Part Two: Capture The Flags & MLH INIT Hackathon
HACKER DOUBLE SUMMER — Part Three: SummerC0n
HACKER DOUBLE SUMMER — Part Four: ToorCamp
HACKER DOUBLE SUMMER — Part Five: A New HOPE (HACKERS ON PLANET EARTH)
HACKER DOUBLE SUMMER — Part Six: SCaLE 19X
HACKER DOUBLE SUMMER — Part Seven: Back2Vegas by RingZero
HACKER DOUBLE SUMMER — Part Eight: BSides Las Vegas
HACKER DOUBLE SUMMER — Part Nine: Black Hat USA
HACKER DOUBLE SUMMER — Part Ten: The Diana Initiative
HACKER DOUBLE SUMMER — Part Eleven: USENIX + SOUPS
HACKER DOUBLE SUMMER — Part Twelve: DEFCON 30
HACKER DOUBLE SUMMER — Part Thirteen: Wiki World’s Fair
HACKER DOUBLE SUMMER — Part Fourteen: Blue Team Con
HACKER DOUBLE SUMMER — Part Fifteen: SIGS, EVENTS & PARTIES IN LAS VEGAS
SummerC0n 2022 Hybrid Conference
Date & Time: Friday, July 8th (10:00AM — 7:00PM EST) — Saturday, July 9th (10:00AM — 7:00PM EST)
Location: Littlefield (635 Sackett Street Brooklyn, NY 11217)
Website: https://www.summercon.org/
Virtual Tickets (IN-PERSON SOLD OUT): https://www.eventbrite.com/e/summercon-2022-registration-272409322617?aff=scweb
Virtual Platform(s): Zoom
Scheduel: https://www.summercon.org/schedule/
Live Streams:
TBA
Virtual Chat: Zoom Chat
Affordability: SummerC0n is FREE for the Virtual Zoom Webinar that will cover the entire convention. You must have a ticket via EventBrite for the Virtual Link. In-Person tickets are SOLD OUT.
Code Of Conduct: https://www.summercon.org/conference/
It’s time for Summercon!
Summercon is one of the oldest hacker conventions, and the longest running such conference in the United States. It helped set a precedent for more modern “cons” such as H.O.P.E. and DEF CON.
Summercon is open to everyone, including “hackers, phreakers, phrackers, feds, 2600 kids, cops, security professionals, U4EA, r00t kids club, press, groupies, chicks, conference whores, k0d3 kids, convicted felons, and concerned parents.
Summercon has been hosted in cities such as Pittsburgh, St. Louis, Atlanta, Washington, D.C., New York City, Austin, Las Vegas, and Amsterdam. Originally run by Phrack, the underground ezine, and held annually in St. Louis, the organizational responsibilities of running Summercon were transferred to clovis in 1998 and the convention took place in Atlanta, dubbed ‘Summercon X’.
In its modern incarnation, it is currently organized by redpantz and shmeck, who emphasize the importance of face-to-face interaction as technology increasingly mediates relationships between members of the information security community.
One of the oldest hacker conventions along with The Annual Phone Phreak Convention, Pumpcon & HoHoCon, they’ll be kicking off the summer conference season with their great presentations, games, drinks, and a celebration of the Pwnies! Designed to be smaller and more personal in size and scope, they will be using the same hybrid format as they did in 2021.
First, a few things:
- This is going to be a very, very weird time. Most of us have not been around other humans for months. So be prepared to roll with the punches, and know that some of the entertainment of this edition of Summercon will be how poor of a job they’ll do at organizing it.
- Speakers will do their thing at Littlefield. They’ll simulcast to Parklife and stream to the internet, so you have lots of options to see the show.
- As of today, Littlefield has extremely limited capacity. That could change at any time, but don’t be too sad if you miss out on Littlefield tickets.
- If you’re one of the lucky few who does snag a Littlefield ticket, you’ll need to show proof of vaccination.
- LITTLEFIELD IS A 100% VACCINATED SITE. FOR ACCESS YOU MUST BE ABLE TO SHOW PROOF THAT YOU ARE FULLY VACCINATED AS OF 6/24/2021.
- Attending from the comfort of your own home is still an option.
- Attending the watch party at Parklife is also an option, and capacity there is less limited.
See you there!
Acceptable Proof of Vaccination (choose one)
- CDC Form MLS-319813_r “COVID-19 Vaccination Record Card” (or similar)
- NY State Empire Pass
ABOUT LITTLEFIELD
Littlefield has been one of NYC’s premier independent live venues since 2009. It has showcased some of the best comedy, live music, dance parties, podcasts, art, film and theater. Currently housed in a former 1920’s printing press warehouse, littlefield’s layout and sound system also makes it ideal for weddings, private parties, conventions and festivals.
- between 3rd and 4th Avenues
- R to Union Street, then
one block to Sackett. - 2, 3, 4, 5, B, D, N, Q to
Atlantic Avenue or Pacific Street. 9 blocks south to Sackett.
PLACES NEARBY:
Insomnia Cookies (Late Night Snack Store): https://insomniacookies.com/locations/store/1228
PWNIE AWARDS NOMINATIONS
How do I submit?
On the website linked below you will find a list of categories they’ve selected for this year’s pwnie awards! Simply click the category you’d like to submit to and you’ll be brought to a Google form asking you a few questions. If you don’t want your submission to be tossed out the door immediately we HIGHLY recommend following the instructions as accurately as possible.
How do I win?
All accepted nominations are voted on by a select committee of hackers, breakers, and coders. Simply put, if your hacks are great you get a pwnie.
How do I collect?
A selection of nominations will be announced at SummerCon in NYC. If you’ve been nominated we ask that you kindly join them this year at Black Hat USA in Las Vegas where the winners are announced and given their very own Pwnie Awards!
If you can not make it, they will reach out to arrange some way to get it to you.
Submission Guidelines, Requirements, Tips & Tricks
The PWNIE Awards Staff ask that submissions be well written and explain in clear and concise terms why you think the nomination deserves a pwnie. Just because you submit a nomination does not mean it will be accepted into the running. They receive many dozens of submissions every year and if you put some thought and effort into your submission they’ll happily give it the due consideration it deserves.
If you copy/paste your entire 500 line PoC it’s going to be immediately tossed out and/or lambasted on social media. If you send them a single link to a tweet with zero context it’s getting the ol > /dev/null treatment.
SCHEDULE (PST)
FRIDAY, JULY 8
- DOORS OPEN
- 10:00am
OPENING REMARKS AND FINANCIAL REPORT
- John Terrill and Mark Trumpbour
- 10:45am — 11:00am
Just don’t fuck up: Cybersecurity lessons from engineering disasters
- Arya
- 11am — 12pm
Mitre Engage
- Dr. Stanley J. Barr
- 12pm — 1pm
LUNCH
- 1pm — 2pm
Introduction to ATM Penetration Testing
- Hector Cuevas Cruz
- 2pm — 3pm
Down With The Thickness — An Intro to Thick Client Testing
- Thomas Wilson
- 3pm — 4pm
M.e.o.w. (Memory Execution Override With ebpf)
- Grant Seltzer Richman
- 4pm — 4:30pm
Die, PGP, die
- Will Woodruff
- 4:30pm — 5pm
What the blockchain got right… no, really
- Dan Guido
- 5:00pm — 5:30pm
CyberPower, CyberWar, and Other Ghosts of Cybers Past
- Juan Andres Guerrero-Saade
- 5:30pm — 6:00pm
PWNIES NOM NOM NOMS
- The Pwnies Committee
- 6:00pm — 6:30pm
HAPPY HOUR
- 6:30pm — 7:00pm
SATURDAY, JULY 9
- DOORS OPEN
- 10:00am
Virtual Memory Attacks
- Phillip Tennen
- 10:30am — 11:30am
Lamboozling Attackers
- Kelly Shortridge and Ryan Petrich
- 11:30am — 12:30pm
A Multi-model Analysis of Geopolitical Futures and its implications for the 5th domain
- Constantine Nicolaidis
- 12:30pm — 1:30pm
LUNCH
- 1:30pm — 2:30pm
Zero Trust, now we must but what it means?
- Harri Hursti
- 2:30pm — 3:30pm
Reversing an M32C firmware — Lesson learned from playing with an uncommon architecture
- Philippe Laulheret
- 3:30pm — 4:30pm
OFRAK Me? OFRAK You!
- Dr. Ang Cui and Wyatt Ford
- 4:30pm — 5:30pm
Hackers got 99 problems and Threat Intel ain’t one
- Ian Roos
- 5:30pm — 6pm
CLOSING CEREMONY
- 6pm — 6:30pm
HAPPY HOUR
- 6:30pm — 7:00pm
SPEAKERS/MODERATORS
ARYA
After graduating with a mechanical engineering degree, Arya quickly transitioned into cybersecurity, where she now leads the security team at a location data company. When she’s not tinkering with various electronics, software, or whatever odds and ends she fancies, you’ll find her moderating a few online communities and dabbling in music, photography, and voice acting. And if you ever find yourself in a storm while out in nature, you might just catch a glimpse of her walking among the trees.
HECTOR CUEVAS CRUZ
Hector Cuevas Cruz is a Bishop Fox security consultant. He has more than 11 years of experience in information security where he has worked as an Offensive Security Consultant, Forensic Analyst, and Threat Hunter at some of the most renowned security companies. Hector has been a regular presenter at national conferences in Mexico since age 17. He has specialized in Red teaming, Digital Forensics, Incident Response, and ATM security assessments.
DR. ANG CUI
Dr. Ang Cui is the Founder and Chief Scientist of Red Balloon Security. Dr. Cui received his PhD from Columbia University in 2015. His doctoral dissertation — “Embedded System Security: A Software-based Approach” — focused exclusively on scientific inquiries concerning the exploitation and defense of embedded systems.
WYATT FORD
Wyatt Ford is a benevolent binary manipulator at Red Balloon Security.
JUAN ANDRES GUERRERO-SAADE
We swear we have a bio for Juan.
DAN GUIDO
You absolutely know who this is.
HARRI HURSTI
Clearly, someone got lazy on the bios.
PHILIPPE LAULHERET
Philippe Laulheret is a Senior Security Researcher on the Trellix vulnerability research team with Trellix’s Threat Labs. With a focus on Reverse Engineering and Vulnerability Research, Philippe uses his background in Embedded Security and Software Engineering to poke at complex systems and get them behave in interesting ways. In his spare time, Philippe enjoys playing CTFs, immersing himself in the beauty of the Pacific Northwest, and exploring the realm of Creative Coding.
Philippe holds a MSc in Computer Science from Georgia Tech and a MSc in Electrical and Computer Engineering from Supélec (France).
CONSTANTINE NICOLAIDIS
Constantine has been leading custom software development teams since 1996 with a strong emphasis on data-driven development methodologies. Over the last decade he has become focused on developing tools for OSSINT investigators and information security practitioners using Human-Computer Interaction best practices.
RYAN PETRICH
Ryan Petrich is an SVP at a financial services company and was previously chief technology officer at Capsule8. Their current research focuses on using systems in unexpected ways for optimum performance and subterfuge. Their work spans designing developer tooling, developing popular and foundational jailbreak tweaks, architecting resilient distributed systems, and experimenting with compilers, state replication, and frustrating instruction sets.
GRANT SELTZER RICHMAN
Grant is a software engineer on the open source team at Aqua. He primarily works on eBPF code for the Tracee project, and regularly contributes to libbpf. Outside of software development, he very much enjoys riding his bike and will be competing in the upcoming edition of the Tour de France.
IAN ROOS
Ian is a serial summercon presenter, shitpost artificer, pwnie awards organizer, and general bad actor in the wild.
KELLY SHORTRIDGE
Kelly Shortridge is a Senior Principal Product Technologist at Fastly. Kelly is co-author with Aaron Rinehart of Security Chaos Engineering (O’Reilly Media) and is an expert in resilience-based strategies for systems defense. Their research on applying behavioral economics and DevOps principles to information security has rustled considerable jimmies among the infosec status quo but also has been featured in top industry publications and presented at conferences globally, including Black Hat USA, O’Reilly Velocity Conference, and Zero Nights.
PHILLIP TENNEN
Phillip Tennen is a security research engineer at Data Theorem and card-carrying operating systems nerd. His areas of interest include automated binary analysis, binary file formats, and building low-level systems. Building on top of his foundation as an iOS tweak developer, he plays a key role in Data Theorem’s automated app analysis pipeline. He enjoys the piano and all varieties of dexterity games.
Philippe holds a MSc in Computer Science from Georgia Tech and a MSc in Electrical and Computer Engineering from Supélec (France).
THOMAS WILSON
Thomas Wilson is a senior security consultant at Bishop Fox and a musician. He is a jack-of-some-trades and a master of fewer, but he has been living in the land of computers since the era of the Macintosh II, so he can type without looking. When he isn’t hacking phones and IOT devices, you’ll likely find Thomas DJ-ing house music or playing Final Fantasy XIV.
WILLIAM WOODRUFF
William Woodruff is a Senior Security Engineer at Trail of Bits, a New York-based cybersecurity consultancy. On the professional side, William works on static and dynamic program analysis within LLVM, as well as on open-source supply chain security in the Python packaging ecosystem. As a hobbyist, he maintains a variety of Rust, Ruby, Python and C/C++ tools and blogs about subjects he finds interesting at https://blog.yossarian.net
