SummerC0n 2023 Hybrid Conference

Date & Time: Friday, July 14th (10:00AM — 7:00PM EST) — Saturday, July 15th (10:00AM — 7:00PM EST)

Location: Littlefield (635 Sackett Street Brooklyn, NY 11217)

Website: https://www.summercon.org/

Virtual Tickets (IN-PERSON SOLD OUT): https://www.eventbrite.com/e/summercon-2023-registration-562594173317?aff=scweb

Virtual Platform(s): Zoom

Schedule: https://www.summercon.org/schedule/

Live Streams:

This free ticket gets you access to the Zoom Webinar. They’ll email conference links to the email address you use to register: https://www.eventbrite.com/e/summercon-2023-registration-562594173317?aff=scweb

YouTube: https://youtube.com/live/O0gDd8jXgfY

Virtual Chat: Zoom Chat

Affordability: SummerC0n is FREE for the Virtual Zoom Webinar that will cover the entire convention. You must have a ticket via EventBrite for the Virtual Link. In-Person tickets are SOLD OUT.

Code Of Conduct: https://www.summercon.org/conference/

It’s time for Summercon!

Summercon is one of the oldest hacker conventions, and the longest running such conference in the United States. It helped set a precedent for more modern “cons” such as H.O.P.E. and DEF CON.

Summercon is open to everyone, including “hackers, phreakers, phrackers, feds, 2600 kids, cops, security professionals, U4EA, r00t kids club, press, groupies, chicks, conference whores, k0d3 kids, convicted felons, and concerned parents.

Summercon has been hosted in cities such as Pittsburgh, St. Louis, Atlanta, Washington, D.C., New York City, Austin, Las Vegas, and Amsterdam. Originally run by Phrack, the underground ezine, and held annually in St. Louis, the organizational responsibilities of running Summercon were transferred to clovis in 1998 and the convention took place in Atlanta, dubbed ‘Summercon X’.

In its modern incarnation, it is currently organized by redpantz and shmeck, who emphasize the importance of face-to-face interaction as technology increasingly mediates relationships between members of the information security community.

One of the oldest hacker conventions along with The Annual Phone Phreak Convention, Pumpcon & HoHoCon, they’ll be kicking off the summer conference season with their great presentations, games, drinks, and a celebration of the Pwnies! Designed to be smaller and more personal in size and scope, they will be using the same hybrid format as they did in 2021.

Following the City’s recommendation, littlefield will no longer require proof of COVID-19 vaccination for entry. Guests are welcome to wear masks indoors based on their comfort level. All littlefield staff remain fully vaccinated. By attending indoor events, you are voluntarily assuming all risks related to exposure to COVID-19 and littlefield and its personnel are not liable for any issues arising from exposure.

See you there!

HACKING THE BIG APPLE

Once you’ve arrived in New York City, here are some transit suggestions for getting to Littlefield in Brooklyn. You can also find suggestions and specific time information at https://tripplanner.mta.info.

Offline NYC MTA Subway Map for Android: https://play.google.com/store/apps/details?id=com.thryvinc.nycmap&gl=US

Offline NYC MTA Subway Map for iOS: https://apps.apple.com/us/app/new-york-city-subway-map/id683294660?ign-mpt=uo%3D8

One ride on a subway or local bus is $2.75 (transfers are free between modes of transit). 7-day unlimited MetroCards, as well as pay-per-ride options, are available; a $1 surcharge also applies for getting a new MetroCard. MetroCard vending machines are available at subway stations and transit hubs, but not at bus stops. All buses and subway entrances are also equipped with OMNY readers, which will allow you to use a contactless credit or debit card for your fare. If you do not want to leave a digital trail of your travels, we suggest you purchase a MetroCard with cash or coins. Learn more about buying MetroCards at https://new.mta.info/fares/where-to-buy-a-metrocard.

VIA MTA LOCAL TRANSIT

For those who have been away from awhile, in addition to the crappy hard-to-scan MTA Metro Cards, the MTA System has their now RFID NFC Tap-To-Pay OMNI System:

VIA MTA EXPRESS BUS

(You will need a MetroCard to ride the MTA. 7-day unlimited options, as well as pay-per-ride options, are available; a $1 surcharge also applies for getting a new MetroCard. MetroCard vending machines are available at subway stations and transit hubs, but not at bus stops. If you plan on utilizing the Express Bus option, one ride is $6.75. You can also purchase a 7-day unlimited MetroCard with Express Bus availability for $62.)

VIA LONG ISLAND RAILROAD (LIRR)

(Long Island Railroad tickets are available for purchase at LIRR stops, including Penn Station. They may be purchased in conjunction with MetroCards at marked kiosks. You will need a MetroCard to get on the local bus.)

VIA CAR (ALSO DIRECTIONS FOR LYFT, UBER, ETC.)

VIA CITI-BIKE RENT-A-BIKE & REVEL SCOOTER

VIA THE NY WATERWAY FERRY

ABOUT LITTLEFIELD

Littlefield has been one of NYC’s premier independent live venues since 2009. It has showcased some of the best comedy, live music, dance parties, podcasts, art, film and theater. Currently housed in a former 1920’s printing press warehouse, littlefield’s layout and sound system also makes it ideal for weddings, private parties, conventions and festivals.

  • Between 3rd and 4th Avenues
  • R to Union Street, then
    one block to Sackett.
  • 2, 3, 4, 5, B, D, N, Q to
    Atlantic Avenue or Pacific Street. 9 blocks south to Sackett.

THE OTHER SIDE OF THE CON

SummerCon has a great option for those who missed out on getting a ticket or are at the con but want to experience it in a less crowded, open air place. Around the corner on Degraw between 3rd & 4th Avenues, Parklife BK is the half outside, half-inside sister-location of Littlefield. Many of the con attendees will be there and it has a full bar with food & drink. In addition, the LIVE Stream of the convention will be displayed on the TV and projector screen. No con fees, just pay for food and drink!

Parklife (636 Degraw St, Brooklyn, NY 11217)

PLACES NEARBY:

Kosher Restaurant: https://www.tripadvisor.com/Restaurants-g60827-zfz10768-Brooklyn_New_York.html

Insomnia Cookies (Late Night Snack Store): https://insomniacookies.com/locations/store/1228

PRE-REGISTRATION PARTY

The traditional Summercon pre-registration is once again at Canal Bar, Thursday (June 13th) from 7pm-10pm.

Get your wristbands, T-shirts, and swag; see your friends, throw a shoe; whatever. We’ll see you at Canal — 270 3rd Ave # A, Brooklyn, NY 11215

PWNIE AWARDS 2023 NOMINATIONS

How do I submit?

On the website linked below you will find a list of categories they’ve selected for this year’s pwnie awards! Simply click the category you’d like to submit to and you’ll be brought to a Google form asking you a few questions. If you don’t want your submission to be tossed out the door immediately we HIGHLY recommend following the instructions as accurately as possible.

How do I win?

All accepted nominations are voted on by a select committee of hackers, breakers, and coders. Simply put, if your hacks are great you get a pwnie.

How do I collect?

A selection of nominations will be announced at SummerCon in NYC. If you’ve been nominated we ask that you kindly join them this year at Black Hat USA in Las Vegas where the winners are announced and given their very own Pwnie Awards!

If you can not make it, they will reach out to arrange some way to get it to you.

Submission Guidelines, Requirements, Tips & Tricks

The PWNIE Awards Staff ask that submissions be well written and explain in clear and concise terms why you think the nomination deserves a pwnie. Just because you submit a nomination does not mean it will be accepted into the running. They receive many dozens of submissions every year and if you put some thought and effort into your submission they’ll happily give it the due consideration it deserves.

If you copy/paste your entire 500 line PoC it’s going to be immediately tossed out and/or lambasted on social media. If you send them a single link to a tweet with zero context it’s getting the ol > /dev/null treatment.

CDC ANNOUNCEMENT

Our friends from the Cult of the Dead Cow have a quick announcement. We’re as curious as you are!

DCG 201 TALK HIGHLIGHTS FOR SUMMERCON 2023 (EST)

This is the section where we have comb through the entire list of talks on both days and list our highlights for the talks that stand out to us. Note that this does not invalidate any talks we didn’t list, in fact, we highly recommend you take a look at the full convention schedule beforehand and make up your own talk highlight lists. These are just the talks that for us had something stand out, either by being informative, unique or bizarre. (Sometimes, all three!)

HACKING THE GAMECUBE TO BEAT NERDS AT SMASH BROS FOR CHARITY

Dan “AltF4” Petro

Friday, 11:00 AM

This is the story of how an AI (SmashBot) can beat professional Melee players on a real Nintendo GameCube (a 22 year old console with no Internet connectivity) in front of an audience of tens of thousands of people who can all interact directly with the game remotely from their browser.

We’ll cover all the technical details behind the Melee speedrun marathon showcase, including gaining arbitrary code execution on the GameCube, all the tooling for writing complex payloads in the dead PowerPC ASM architecture, exfiltrating data off the console, and the custom-built hardware to facilitate it. All so that I can live vicariously through a robot in my fantasies of being a pro Melee player.

Oh, and bring your controller, because you can try to beat SmashBot yourself live on stage too!

THE RANSOMWARE HUNTING TEAM: A BAND OF MISFITS’ IMPROBABLE CRUSADE TO SAVE THE WORLD FROM CYBERCRIME

Dan Golden & Renee Dudley

Friday, 12:00 NOON

ProPublica journalists Renee Dudley and Daniel Golden, are the authors of “The Ransomware Hunting Team: A Band of Misfits’ Improbable Crusade to Save the World from Cyber-Crime,” published in October 2022 by Farrar Straus, & Giroux to critical acclaim. Among other plaudits, Amazon made it an editor’s choice for non-fiction, and the New York Times called it “brilliant.” In this presentation, Dan and Renee will take us through their narrative, descrive the hunt, talk about some of the moral dilemmas, and share some thoughts about the the future of malware.Book signing to follow; bring your copy or buy one at Summercon! https://us.macmillan.com/books/9780374603304/theransomwarehuntingteam

THIS YEAR IN CRYPTO

Nick Sullivan

Friday, 4:30 PM

We swear we have an abstract for this lying around somewhere — but it’s Nick, so you know you’re good.

TRIED AND TRUE SECURITY BELIEFS/BEST PRACTICES

Mudge

Friday, 5:15 PM

Charming, irreverant, and always controversial, Mudge has hot takes. Get ready for a deep cut on so-called “best practices” It’s an honor to welcome him to the Summercon stage.

RACE AGAINST THE MACHINE: CONSUMERS VS. BOTS

Christine Fossaceca

Saturday, 12:00 NOON

Do you have any beef with online merchants? Maybe you weren’t able to buy a PS5 for months after they were released. Maybe there teardrops on your guitar because Ticketmaster didn’t let you get tickets to Taylor Swift’s Eras Tour. Or maybe you will be too far apart from the Cure because of the latest ticket scandal leaving you empty handed! The common denominator to consumer stress in online sales is directly tied to the uptick in botnets and the scalpers that use them.

Rebecca and Christine are going to shed light on the underground world of online resellers (scalpers) and the botnets they use to gain a competitive advantage when buying merchandise, such as sneakers, concert tickets, GPUs, and even NFTs, edging out legitimate consumers and profiting from the sales of products they didn’t design and music they didn’t create.

This talk will explain what botnets are, how scalpers build them and use them, and then recap some real world examples of botnets being seen in the wild. First we will talk about a cyber attack that no one even knew happened against the Shopify platform, when a scalper botnet broke a popular makeup website during the Shane Dawson and Jeffree Star Conspiracy makeup collection release. No, they didn’t break the internet, a botnet did. Next, Rebecca and Christine will evaluate the veracity of claims that Ticketmaster made in their Senate committee hearing, blaming their ticketing fiascos on “botnet attacks”, and ask the question, “Was the botnet truly scalpers or a just a convenient scapegoat?”

THE DEBUGGING UNCERTAINTY PRINCIPLE

Jatin Kataria

Saturday, 12:30 PM EST

In this talk, I will be sharing learnings and tools built for
investigating low frequency kernel crashes in FreeBSD and discuss how
hardware features could be utilized for providing zero-cost triage
information in production systems. This Heisenberg bug was initially
assumed to be happening due to an interrupt stack corruption but
turned out to be a CPU bug. Heisenberg bugs, known for their elusive
and unpredictable nature, can be a challenge to identify and fix.
Therefore, this bug was difficult to produce and hence remained a
mystery for debug invariant FreeBSD builds where integrity checks are
enabled throughout the kernel. In order to investigate the bug, I
built stack analyzer tools and configured Last Branch Record(LBR) on
CPUs and integrated them into the FreeBSD kernel to get CPU control
flow information during a page or general protection fault for zero
cost overhead.

Frankly, we’re stunned that this whole thing fits inside of 30 minutes, so listen carefully — it’s gonna go by at light speed!

[REDACTED], A PRESENTATION WITH AN ELABORATE TITLE

Dan Guido and/or [REDACTED}

Saturday, 2:00pm PM

Dan and the good folks at [REDACTED] have been working on [REDACTED] and will discuss some of the outcomes of their [REDACTED]. This talk will [REDACTED] your [REDACTED].

SUB 1 GHZ AND OTHER RADIO/SIDE CHANNEL ATTACKS

Harri Hursti

Saturday, 3:00 PM

Sub 1 GHz attacks are nothing new and SDRs made those a long time ago accessible. Flipper Zero blew this family of attacks into the mainstream consciousness as easy to use and almost no skills required cheap tools. Jailbreaking Quansheng UV-K5 brings in a $20 radio transceiver from 18MHz to 1.3 GHz, so where are we heading?

PROTECT YOURSELF BEFORE YOU WRECK YOURSELF

Samantha Davison & Jennifer Leggio

Saturday, 4:00 PM

For legal and/or aesthetic reasons, the description of this presentation is not availble. But you won’t want to miss it!

RIP KELLY “ALORIA” LUM

IN MEMORIAM — A VIDEO PRESENTATION (5:30 PM)

Dear Aloria (1982–2023), we miss you so much. We know you wouldn’t want us to cry, but we can’t promise that we won’t.

CONTINUE TO: HACKER SUMMER CAMP 2023 — Part Four: Zero Gravity by RingZero

--

--

DCG 201
DCG 201

Written by DCG 201

North East New Jersey DEFCON Group Chapter. Dirty Jersey Represent! We meet at Sub Culture once a month to hack on technology projects! www.defcon201.org

No responses yet