-= [ Alligator Europe 2015] =- ****************************** If you have received this invitation by official means, you are welcome to the 2015 European edition of AlligatorCon. However, if you think of sending emails to Full-Disclosure to report DLL hijacking vulnerabilities makes you a hacker, and you have wet dreams about joining the NSA or perhaps sniffing Dan Kaminsky's underwear (we're not sure which would be more degrading), please automatically disregard this invitation. [--- The Alligator goes international Here in Krakow you will find top-notch, quite possibly illegal security research that will take place within our hallowed halls, the absolute ban on cameras and recording devices to make sure no evidence is left behind, the awesome vibe you'll find in all the attendants and the incredibly l33t special guests we're having, which may or may not include @thegrugq straight from Nam or wherever the hell he's at right now, Julian Assange over a crappy Skype connection that keeps getting shut down, Barack Obama who will be giving us a killer drone workshop, and a special live feed with Edward Snowden's girlfriend. After we are done expanding our networking skills (in every sense of the word), you can expect a kick-ass after party you'll never forget. We guarantee you will have opportunity to taste an insane amount of vodka in bottles of all colors of the spectrum, eat lots of exotic Eastern European food, and meet beautiful Polish girls. You have no excuses not to come here, so don't be a wuss. [--- But whatever happened to the good old Brazilian Alligator? The annual illicit gathering of cyber-delinquents is still scheduled this year in Brazil as usual - minus the Polish girls, of course. It will take place as always in a secret WWII bunker hidden deep in the Amazonian jungle, where the sex, drugs, rock & roll and plotting to take over the world will continue as usual. [--- Evaluation The evaluation committee of AlligatorCon the lectures are interested in topics extremely technical about hacking, pentesting, exploitation, pwnage, 0days, phreaking, rootkits, radio, satellites or any other topic that's related and minimally presentable. Presentations with live demos are strongly preferred. Presentations given while drinking a bottle of Soplica vodka on stage get bonus points. Bribing the organizing committee members also works. Claiming to have CEH, CISSP or similar such certifications is cause for immediate disqualification. Anyone attempting to present a XSS vulnerability will be shot on sight, and survivors will be shot again. Anyone trying to push a talk about risk assessment for enterprises, aiding law enforcement with spyware or anyone using words such as "cyber" and ”threat” unironically will be shot, tarred and feathered, burned at the stake, and then have their ashes shot again just to make sure. Send your proposal to: cfp@alligatorcon.pl [--- Talks Some talks are confidential, so this list is by no means complete, but here's a sneak peek of what you can find. Talks are listed in the order in which we received them: --- Title: Honeypwn: remote detection of medium interaction honeypots Speaker: Dr_Delete (Brazil) Abstract: Honeypots are widely deployed by threat researchers to gain a better insight of tools, tactics and procedures used by hackers. In order to keep black hats safe and pay massive respect to the fake Phrack #63, where the idea was initially discussed (along with hatred towards The Honeynet Project), this presentation will outline a few general ideas on why honeypots are prone to detection and use a popular SSH honeypot as case study. --- Title: Blame! Hunting Linux Kernel Vulnerabilities Like a Boss Speaker: Ovid (Brazil) Abstract: This talk discourses impact of source code complexity on development teams. A new metric called "Tolerance to Complexity" will be briefly introduced. This metric is able to quantitatively measure capacity of development teams handle source code complexity. The format for the presentation is mainly "hands-on" with practical examples and a live demonstration over the entire device drivers base for Linux Operating System (around 8.5 millions lines of code and 875 development teams). As we are going to demonstrate in practice, the presented technique can be effectively applied for prioritizing bug hunting initiatives on large-scale and distributed software development projects. --- Title: Lessons learnt from teaching security Speaker: ciphersheep (The Netherlands) Abstract: Students of information technology have a lot to learn about security. How can we most effectively teach this to them, and what are the obstacles on the way? This talk goes into some of the problems of teaching security at a college that has both hardware-focussed degrees (with a higher-than-average level of socially-challenged students/individuals), as well as degrees that are more focussed on creativity, the front end, and pushing out hot air. Designers, developers, and donkeys are all responsible for the horrible security failures that we continue to see every day. We all know that users are stupid, developers have no social skills, designers are only there to make things look pretty, and security people are ethically challenged. How do we deal with this situation? Parallels are drawn between the situation at the technical college (the way security is taught, and to which students), and the current situation in the usable security field: security people don't have insights into usability and are generally not interested in it (plus the usability nightmares that the average IT person has the deal make many usability problems of users pale in comparison), while for the usability people (even at the level of app and web developers) the interest in security can be lacking, with many suffering from security helplessness syndrome. I close with some day dreaming and Cloud 9 scenarios, plus some tender plans to make these a reality (i.e. how to deal with the mess that we’re in). --- Title: Jarvis Project Speaker: @m0n0sapiens (Spain) Abstract: JARVIS means "Just Another ReVersIng Suite" or whatever other bullshit you can think of :) What is it? It is a small bughunting suite comprising three elements, namely: - A fuzzer (to be released) - A tracer based on INTEL PIN - A plugin for IDA Pro thought to assist you with the most common reversing tasks. It integrates with the tracer. --- Title: Dark Fairtytales from a Phisherman Speaker: @antisnatchor (Italy) Abstract: Phishing and client-side exploitation DevOps for all your needs. Combine BeEF, PhishingFrenzy and your fishy business to automate most of the usual phishing workflow while minimizing human interaction. ---- Title: Fuzzing challenges Speaker: s_n, shm & n1x0n (Poland) Abstract: We want to share with you our observations, experiences and ideas in the field of fuzzing. We will focus on challenges this software testing technique presents to the tester but also the ones that fuzzing is facing on its own. Specifically, the talk will cover issues like fuzzing approaches, techniques, target builds, debugging, code coverage, test cases, reproducibility and more. We will be happy to see you there with us! ---- Title: Who putthebackdoorin myrouter? Speaker: Crash (Brazil) Abstract: For quite some time we have been seeing espionage cases reaching countries, governments and large companies. A large number of backdoors were found on network devices, mobile phones and other related devices, having as main cases the ones that were reported by the media, such as: TP-Link, Dlink, Linksys, Samsung and other companies which are internationally renowned. This talk will discuss a backdoor found on the modem / router rtn, equipment that has a big question mark on top of it, because there isn’t a vendor identification and no information about who’s its manufacturer and there are at least 7 companies linked to its production, sales and distribution in the market. Moreover, some of them never really existed. Which lead us to question on the research title: “Who put the backdoor in my modem?" ---- Title: Fear and Loathing in Las Borrosos Speaker: Buherátor (Hungary) Abstract: Have a crazy idea; Put together some hardware in a garage; Overdose on caffeine and implement the software; Get rich and famous. With an original idea and a bit of luck anyone can benefit from the bug mines that todays software are. At least this is what the numerous articles, talks, blog posts and tweets have been promising us for a long time. But is the path of brute-force vulnerability discovery really as smooth as Interstate 15? Can a lonely hacker from the middle of Europe enter the world of infosec rockstars, Pwn2Own champions and the Wolves of Vuln Street with just 5 lines of Python in his pocket? In this presentation I introduce my journey to find the American Dream with a bag full of debuggers, instumentation tools, distributed software and cloud technologies (and a bottle of Pálinka, just in case). (Disclaimer: This is a presentation of #fail. Unfortunately I've been unable to find those big mines yet, but since I started dealing with fuzzing I faced and (partially) solved problems that I think worth discussing.) ---- Title: ShellGen, the shellcoding Swiss knife Speaker: @MarioVilas (Argentina) Abstract: This is a shameless plug for a project I've been working on for some time, a shellcode collection library with a twist: everything is coded in a modular way, so instead of a collection of canned shellcodes you can work with customizable snippets of code that fit in each other like Lego pieces. There were other attempts at doing the same in the past, but they're either abandoned or proprietary or both. Hopefully I can convince you all to join me and build the biggest, meanest shellcode library evah! ---- Title: Proprietary network protocols - risky business on the wire. Speaker: @j_kaluzny (Poland) Abstract: When speed and latency counts, there is no place for standard HTTP/SSL stack and a wise head comes up with a proprietary network protocol. How to deal with embedded software or thick clients using protocols with no documentation at all? Binary TCP connections, unlike anything, impossible to be adapted by a well-known local proxy. Without disassembling the protocol, pentesting the server backend is very limited. However, when you dive inside this traffic and reverse-engineer the communication inside, you are there. Welcome to the world full of own cryptography, revertible hash algorithms and no access control at all. We would like to present our approach and a short guideline how to reverse engineer proprietary protocols. To demonstrate, we will show you few case-studies, which in our opinion are a quintessence of "security by obscurity" - the most interesting examples from real-life financial industry software, which is a particularly risky business regarding security. [--- Location Attendants will have to show up at the dragon statue in Wawel Castle, Kraków, Poland (50°03′10″N 19°56′07″E) and send an SMS message to the number 7168 with the following text: "OYNPX PBNG JUVGR FUBRF OYNPX UNG PNQVYYNP". An agent will contact you with further instructions. [--- Organizing Committee * Kurwa Małpka & Count Crapula * Mikolaj, the old dude that roams around every bar in Kazimierz * Flower Guy of Kazimierz * A secret squad of ninjas (number and location unknown) * Some homeless guy we just met [--- Sponsors This event is sponsored by Elon Musk, Rick Astley, Kevin Mitnick, the Church of Scientology, and a special donation from the Ministry of Explosives of ISIS. 0x4153454e4f4c4f50 [EOF]