TOP SECRET//SI//REL USA, FVEY National Security Agency/Central Security Service Information Paper 0x4255444150455354 AlligatorCon Europe 2019 Edition 16 & 17 August @ Büntetés-végrehajtás Országos Parancsnoksága - Budapest, Hungary aka Goulashland


-= [ AlligatorCon Europe 2019] =-
TOP SECRET - FOR YOUR EYES ONLY - TOP SECRET - FOR YOUR EYES ONLY - TOP SECRET - FOR YOUR EYES ONLY - TOP SECRET - FOR YOUR EYES ONLY - TOP SECRET - FOR YOUR EYES ONLY - TOP SECRET - FOR YOUR EYES ONLY - TOP SECRET - FOR YOUR EYES ONLY - TOP SECRET - FOR YOUR EYES ONLY - TOP SECRET - FOR YOUR EYES ONLY - TOP SECRET - FOR YOUR EYES ONLY - TOP SECRET - FOR YOUR EYES ONLY - TOP SECRET - FOR YOUR EYES ONLY - TOP SECRET - FOR YOUR EYES ONLY - TOP SECRET - FOR YOUR EYES ONLY - TOP SECRET - FOR YOUR EYES ONLY - TOP SECRET - FOR YOUR EYES ONLY - WE HOPE YOU ENJOY THE MINI CTF HIDDEN IN THIS WEBPAGE! :) The Alligators roam Europe once again! Keeping the tradition of holding this conference in authoritarian countries, this time we are gathering at the beautiful city of Budapest, where its unsuspecting citizens have no idea what horrors await them...

TFW we realized we have no idea either

Some things never change though. Entry is and always will be 100% free. If you've got your invite token from last year, just register at our website to reserve a spot. If you're new to AlligatorCon and want to get an invite here are the instructions on how to do so. Bribing us with money, sex, drugs and other cheap thrills also counts as a valid way to get an invite. We do not have sponsors or any sponsored content during the talks. We do welcome donations to keep the party going. All currencies are accepted, fiat or virtual. 0days and leaked documents are welcome as well, if you drop us any they will be shared with all attendees just for the lulz. The venue address and the location of all parties (yes, parties, plural) will be revealed at the last possible moment only to those who were invited, and you should not reveal it to anyone else. There will also be free posters for everyone designed by El Santa, the illustrator of HackerStrip:

You'll be the coolest kid in the block with this poster in your bedroom!

[--- Rules of the Alligator
  • You do not talk about AlligatorCon.
  • You do not talk about AlligatorCon.
  • If this is your first night at AlligatorCon, you have to hack.
  • You can present using your IRC nick, Mastodon handle, BDSM dungeon moniker, whatever the hell you want but never with your real name.
  • No cameras unless explicitly allowed by everyone in the picture, and no videos of the talks. If the spooks want to spy on us let's make them work for it.
  • The contents or even the title of some talks may not be public, on request of the speaker. Never discuss them after AlligatorCon ends, or you'll be banned forever. And we mean it.
[--- Call For Participation
Send your proposal to: cfp@alligatorcon.pl TL;DR just hack some shit and tell us how we all can do it too, for teh lulz. Now for the long version... WHAT WE WANT: The Honorable Evaluation Commitee AlligatorCon is interested in no-nonsense talks about hacking. We prefer technical talks but non-technical yet "unusual" ones are good too - the further you stray from your typical conference talk, the better. Bonus points for presentations that include code, practical examples, and live demos. The usual topics include pentesting, exploitation, pwnage, 0days, phreaking, rootkits, radio, satellites, spreading knowledge, evading censorship, old sch00l shit, new sch00l shit, worshipping Satan, raising the dead, fun times. Confidentiality is key, so don't hesitate to propose topics that "legit" conferences would never accept. You can check out the schedules for previous years to give you an idea of what's been presented before:
  • 2018 - Keep Calm And AlligatorCon
  • 2017 - Do Not Talk About AlligatorCon
  • 2016 - The Horror! The Monstrosity! The Lulz!
  • 2015 - The Alligator Goes International
WHAT WE DON'T WANT: We all know how fun it is to make your employer pay for your party trip, but there is a strict rule of NO CORPORATE BS TALKS. Nobody gives a flying crap who your employer is and how the product you're selling will change our lives and how many multi-letter certifications you got - just hack stuff or shut up. HOW WE WANT IT: Our format is the following: one hour slots for everyone, but how much you use is completely optional. We recommend 40 minute talks, to give people time to drink a beer or mate, chat and relax before the next talk. For really quick topics (5-10 minutes) it's probably best to use the lightning talks slot, it's free-for-all -- just like a rap battle, you go up on stage and grab the mic.
[--- Life insurance pays off triple if you die on a conference trip
Free accomodation and transport arrangements this year will be available to all attendees, generously donated by the BvOP. It's always refreshing to see support for the infosec community!

What could possibly go wrong?

Alternatively, there's plenty of hotels, hostels, apartments and Airbnbs for rent near the center. This city also has a really amazing CouchSurfing community that you should definitely reach out to. And of course you're welcome to bring a sleeping bag and crash on a friendly local hacker's home, a popular choice of AlligatorCon attendees every year. As for public transport, there is a bus from the airport to the city center that costs approximately 3€. We're told you can also take a taxi for around 30€ but... who likes getting ripped off like some tourist? Not us, we're cheap bastards and proud of it.
[--- I am Jack's list of talks

Hours of MS Paint went into this image.

Title: Lightning Talks Speaker: .* Country of origin: .* A slot will be reserved for lightning talks. Just get up on stage and talk about whatever you want. Worst that can happen we throw milkshakes at you. [--- Title: Nobody cares - it's a single track conference, so you have to watch it anyway - PART II Speaker: shm aka @akat1_pl Country of origin: 🇵🇱 Poland aka Cebulandia $ id uid=65534(nobody) gid=65534(nobody) groups=65534(nobody) $ ./a.out # id uid=0(root) gid=0(wheel) (...) [--- Title: 5G - whats all that fuzz about it Speaker: c0decafe Country of origin: 🇩🇪 Germany aka Beerland During the talk I'll get rid of some of the fancy features everybody claims about 5G telekommunikation networks. I'll show whats really behind the next gen telko standart in the most brutal technical way possible. [--- Title: Lifestyles of the rich & famous Speaker: Dr_Delete Country of origin: 🇧🇷 Brazil aka HueHuEland Abstract redacted - you will have to come here to know what it is about. [--- Title: PARASITE: Can An Open Internet Fight Extremism? Speaker: dn97 Country of origin: 🇮🇪 Northern Ireland aka Little Alabama It's no secret that people are more interconnected than ever: not only is it incredibly convenient to contact old friends and distant family, but thanks to the open internet we can engage with strangers all over the world at the press of a button. A single tweet can gain thousands of interactions from strangers seemingly at random: what could possibly go wrong? In this talk, I touch on a wide variety of subjects related to the complex relationship between extremism & the internet: among these, I will be exploring the various stages of how extremism manifests itself online and the methods that they will employ to achieve their goal: whether that be recruitment, intimidation or simply to organise amongst themselves. Can we combat this threat while still keeping the internet open? Is the burden too much for service providers like Google & Facebook alone? What is the role of governments, and how do we collaborate? What is censorship? When does it become negligence? And most importantly, will I have to talk about machine learning? Expect a healthy mix of technical and soft content. No prior knowledge will be assumed, so strap in! [--- Title: Presenting the Darkmesh project Speaker: Darkmesh Staff Country of origin: 🌍 The Internet We are creating an open mesh (distributed vpn based on tinc) to anyone interested in sharing their projects with other people like them without putting it on internet, contact with others in a (not very) anonymous way or use it in the way they want. We are targeting hackerspaces, makerspaces and other *spaces to use this network as way to share among them. Yes! there are other initiatives like this, like dn42, and we are interconnecting with them, we provide access to this network, chaosnet and others but easier and less red tape. We are also creating some services inside the mesh, like our own DNS system, PKI, IRC servers and more. [--- Title: Free HUgS Speaker: lyz & millaguie Country of origin: 🇪🇸 Spain aka Expensive Portugal In the *newly* born DevSecOps world, all the efforts are focused on the hardening of the development process. Nevertheless, we'll show that the toolbox can be used to automatically hunt vulnerabilities in open source projects as soon as there is a new release. [--- Title: Liar, liar - embedded systems don't come unwind Speaker: saliente Country of origin: 🇫🇮 Finland aka North of the Wall The connected society relies on speed and information availability. It relies on data, measurements, observations, analysis and notifications. Decision making is likely to be increasingly automated. The data is being provided by or produced with e.g. embedded systems. Data integrity and non-repudiation are important because this data is supporting decision making within the critical infrastructure and on top of it. The talk is about detecting data manipulation attacks with graph convolutional networks. [--- Title: [REDACTED] Speaker: esanfelix Country of origin: 🇪🇸 Spain aka Expensive Portugal Abstract redacted - you will have to come here to know what it is about. [--- Title: Distributed Network Discovery Speaker: edermi Country of origin: 🇩🇪 Germany aka Beerland Finding services in a network is part of the daily business. Whereas there are free, platform independent scanners that have large protocol support or reach line speed, there are no solutions with builtin and automated work distribution capabilities. In this talk, nray, a port scanner written from scratch, is going to be introduced. Apart from the ability to run in a distributed manner, it brings a lot of outstanding features that are going to ease the life of its users as well as some fresh ideas to the field of network discovery. [--- Title: Full Disk(losure) Encryption Speaker: sghctoma Country of origin: 🇭🇺 The Mighty Dictatorship of Football Stadiums and Billionare Gas Fitters (aka Hungary) I'm going to talk about a work in progress reverse engineering effort of a major FDE product. After a short introduction to the Windows Master and Volume Boot Records, I'll show what the target software's VBR do, and how it tries to hide a small partition full of information necessary for all the fancy features. Besides reversing the VBR's 16-bit real mode code, it was also necessary to understand some proprietary file formats - including a custom database format. I will show how I got from using strings through simple Python scripts to a full-blown script that utilizes Kaitai Struct to dump the database. At the end, I will summarize what data can already be obtained from an ecrypted disk, and what tasks are still to be done. [--- Title: Fancy "privileged" Docker container escapes Speaker: disconnect3d Country of origin: 🇵🇱 Poland aka Cebulandia This talk will show different ways to escape privileged Docker containers. While people rather know not to use --privileged, you don't need to run a docker container with --privileged flag to make it insecure. Many sources on the net mentions that, for example, the SYS_ADMIN capability makes your container insecure but it's hard to find explanations with PoCs. The talk will show and explain 2-3 methods based on SYS_ADMIN and maybe some other insecure options (disabling apparmor/seccomp or enabling additional cgroup access). [--- Title: Toll of personal privacy in 2019 Speaker: Kirils Country of origin: 🇱🇻 Latvia aka Over The Rainbow Updated for 2019 for the first time, this talk revisits the theme of personal privacy in the digital world, shedding light upon the motivation behind caring about one's privacy. Author also talks about their personal privacy choices that they made in the past and how those affected their life, discussing the dawn of loyalty cards, biometric passports, banking services, CCTV, and certification programs.
[--- We are the all singing, all dancing crap of the infosec world
The venerable Organizing Committee for this year will be:
  • Kurwa Małpka & Count Crapula, controlling everything from the shadows
  • El Santa on original artwork
  • Toxic Avenger as our BOFH
  • Julian Assange on press releases
  • Sabrina Spellman on magic and potions
  • Pinky & The Brain on world domination
  • ...and always with us, Our Lord Satan whom we praise
Special thanks go to Xava Kosmosach for that original web design we keep rehashing every year since 2016.
[--- Sponsors
This event is proudly sponsored by: Paper Street Soap Company, Bellingcat, Internet Research Agency (IRA), US Cyber Command, The Church of Satan, George Soros & Open Society Foundations, and the New World Order. Special thanks to the law enforcement agencies from many countries for their relentless interest in our activities. We love you guys! #BlueLivesMatter
0x4255444150455354 [EOF]