The Important People

Arya

After graduating with a mechanical engineering degree, Arya quickly transitioned into cybersecurity, where she now leads the security team at a location data company. When she’s not tinkering with various electronics, software, or whatever odds and ends she fancies, you’ll find her moderating a few online communities and dabbling in music, photography, and voice acting. And if you ever find yourself in a storm while out in nature, you might just catch a glimpse of her walking among the trees.

Hector Cuevas Cruz

Hector Cuevas Cruz is a Bishop Fox security consultant. He has more than 11 years of experience in information security where he has worked as an Offensive Security Consultant, Forensic Analyst, and Threat Hunter at some of the most renowned security companies. Hector has been a regular presenter at national conferences in Mexico since age 17. He has specialized in Red teaming, Digital Forensics, Incident Response, and ATM security assessments.

Dr. Ang Cui

Dr. Ang Cui is the Founder and Chief Scientist of Red Balloon Security. Dr. Cui received his PhD from Columbia University in 2015. His doctoral dissertation — “Embedded System Security: A Software-based Approach” — focused exclusively on scientific inquiries concerning the exploitation and defense of embedded systems.

Wyatt Ford

Wyatt Ford is a benevolent binary manipulator at Red Balloon Security.

Juan Andres Guerrero-Saade

We swear we have a bio for Juan.

Dan Guido

You absolutely know who this is.

Harri Hursti

Clearly, someone got lazy on the bios.

Philippe Laulheret

Philippe Laulheret is a Senior Security Researcher on the Trellix vulnerability research team with Trellix’s Threat Labs. With a focus on Reverse Engineering and Vulnerability Research, Philippe uses his background in Embedded Security and Software Engineering to poke at complex systems and get them behave in interesting ways. In his spare time, Philippe enjoys playing CTFs, immersing himself in the beauty of the Pacific Northwest, and exploring the realm of Creative Coding.

Philippe holds a MSc in Computer Science from Georgia Tech and a MSc in Electrical and Computer Engineering from Supélec (France).

Constantine Nicolaidis

Constantine has been leading custom software development teams since 1996 with a strong emphasis on data-driven development methodologies. Over the last decade he has become focused on developing tools for OSSINT investigators and information security practitioners using Human-Computer Interaction best practices.

Ryan Petrich

Ryan Petrich is an SVP at a financial services company and was previously chief technology officer at Capsule8. Their current research focuses on using systems in unexpected ways for optimum performance and subterfuge. Their work spans designing developer tooling, developing popular and foundational jailbreak tweaks, architecting resilient distributed systems, and experimenting with compilers, state replication, and frustrating instruction sets.

Grant Seltzer Richman

Grant is a software engineer on the open source team at Aqua. He primarily works on eBPF code for the Tracee project, and regularly contributes to libbpf. Outside of software development, he very much enjoys riding his bike and will be competing in the upcoming edition of the Tour de France.

Ian Roos

Ian is a serial summercon presenter, shitpost artificer, pwnie awards organizer, and general bad actor in the wild.

Kelly Shortridge

Kelly Shortridge is a Senior Principal Product Technologist at Fastly. Kelly is co-author with Aaron Rinehart of Security Chaos Engineering (O’Reilly Media) and is an expert in resilience-based strategies for systems defense. Their research on applying behavioral economics and DevOps principles to information security has rustled considerable jimmies among the infosec status quo but also has been featured in top industry publications and presented at conferences globally, including Black Hat USA, O’Reilly Velocity Conference, and Zero Nights.

Phillip Tennen

Phillip Tennen is a security research engineer at Data Theorem and card-carrying operating systems nerd. His areas of interest include automated binary analysis, binary file formats, and building low-level systems. Building on top of his foundation as an iOS tweak developer, he plays a key role in Data Theorem’s automated app analysis pipeline. He enjoys the piano and all varieties of dexterity games.

Philippe holds a MSc in Computer Science from Georgia Tech and a MSc in Electrical and Computer Engineering from Supélec (France).

Thomas Wilson

Thomas Wilson is a senior security consultant at Bishop Fox and a musician. He is a jack-of-some-trades and a master of fewer, but he has been living in the land of computers since the era of the Macintosh II, so he can type without looking. When he isn’t hacking phones and IOT devices, you’ll likely find Thomas DJ-ing house music or playing Final Fantasy XIV.

William Woodruff

William Woodruff is a Senior Security Engineer at Trail of Bits, a New York-based cybersecurity consultancy. On the professional side, William works on static and dynamic program analysis within LLVM, as well as on open-source supply chain security in the Python packaging ecosystem. As a hobbyist, he maintains a variety of Rust, Ruby, Python and C/C++ tools and blogs about subjects he finds interesting at https://blog.yossarian.net.

THE LINEUP

FRIDAY, July 8

DOORS OPEN

10:00am

OPENING REMARKS AND FINANCIAL REPORT

John Terrill and Mark Trumpbour

10:45am – 11:00am

Just don’t fuck up: Cybersecurity lessons from engineering disasters

Arya

11am – 12pm

Mitre Engage

Dr. Stanley J. Barr

12pm – 1pm

LUNCH

1pm – 2pm

Introduction to ATM Penetration Testing

Hector Cuevas Cruz

2pm – 3pm

Down With The Thickness – An Intro to Thick Client Testing

Thomas Wilson

3pm – 4pm

M.e.o.w. (Memory Execution Override With ebpf)  

Grant Seltzer Richman

4pm – 4:30pm

Die, PGP, die  

Will Woodruff

4:30pm – 5pm

What the blockchain got right… no, really

Dan Guido

5:00pm – 5:30pm

CyberPower, CyberWar, and Other Ghosts of Cybers Past  

Juan Andres Guerrero-Saade

5:30pm – 6:00pm

PWNIES NOM NOM NOMS

The Pwnies Committee

6:00pm – 6:30pm

HAPPY HOUR

6:30pm – 7:00pm

SATURDAY, July 9

DOORS OPEN

10:00am

Virtual Memory Attacks

Phillip Tennen

10:30am – 11:30am

Lamboozling Attackers

Kelly Shortridge and Ryan Petrich

11:30am – 12:30pm

A Multi-model Analysis of Geopolitical Futures and its implications for the 5th domain

Constantine Nicolaidis

12:30pm – 1:30pm

LUNCH

1:30pm – 2:30pm

Zero Trust, now we must but what it means?

Harri Hursti

2:30pm – 3:30pm

Reversing an M32C firmware — Lesson learned from playing with an uncommon architecture

Philippe Laulheret

3:30pm – 4:30pm

OFRAK Me? OFRAK You!

Dr. Ang Cui and Wyatt Ford

4:30pm – 5:30pm

Hackers got 99 problems and Threat Intel ain’t one

Ian Roos

5:30pm – 6pm

CLOSING CEREMONY

6pm – 6:30pm

HAPPY HOUR

6:30pm – 7:00pm

Stay Tuned – We’re Figuring It Out

While there isn’t enough time to shovel a bunch of money out for Summercon 2022 research, we are really excited about being able to fund new research. Thanks for being patient!

Presentations

CyberPower, CyberWar, and Other Ghosts of Cybers Past

Juan Andres Guerrero-Saade

Die, PGP, die

Will Woodruff

In German, the name of this presentation means “The, PGP, the.” With sincere apoologies to Phil Zimmerman we’re 86.9% sure Will means the other thing, though.

Hackers got 99 problems and Threat Intel ain’t one

Ian Roos

If you’re having EDR problems I feel bad for you son
I got ninety-nine problems but a TIP ain’t one

– The Hacker known as Jay Z

Introduction to ATM Penetration Testing

Hector Cuevas Cruz

ATM attacks will not stop anytime soon. They are an attractive target for cyber criminals, and financial institutions need skilled pen testers to test their ATM security. Nevertheless, few have the experience due to the lack of information. This presentation aims to be an introduction to ATM penetration testing, which can help guide security consultants into how to effectively perform an assessment. As attractive as it sounds, a financial institution doesn’t get much value from jackpotting their ATMs. There is a wide variety of variables that come into play that a pen tester should review.

It’s Harri!

Harri Hursti

One of Summercon’s favorite experts on voting fraud returns to tell us, no doubt, that the most secure election in our lifetime was, in fact, very secure. And hopefully that everything is going to be okay and that armed mobs of people aren not going to overturn your next election. But since this is a placeholder for the actual presentation abstract anything could happen when Harri hits the stage. Don’t miss it!

Just don’t fuck up: Cybersecurity lessons from engineering disasters

Arya

A chemical spill in Kansas. A plutonium accident in the USSR. Mechanical failures, human errors, tragedies. Traditional engineering–mechanical, civil, industrial–has been dealing with risk for far longer than we have. And over there, the stakes are high. The cost of a mistake can be devastating. Over decades, the industry has matured and processes have standardized. Risk reduction is now a highly formalized (and regulated) affair. There are lessons we can learn, and approaches we can use.
In this talk, we’re going to go over real engineering disasters. We’ll talk details: what went wrong, and how, and what we have learned. We will then adapt these lessons to cybersecurity and see how industrial hazard reduction concepts apply to actual security incidents.

Content note: this talk will cover actual, real engineering disasters. In some of these cases, people have died, or been seriously injured. There won’t be any graphic images–but there will be details, and some of this content may be distressing.

Lamboozling Attacker

Kelly Shortridge and Ryan Petrich

M.e.o.w. (Memory Execution Override With ebpf)

Grant Seltzer Richman

Mitre Engage

Dr. Stanley J. Barr

A Multi-model Analysis of Geopolitical Futures and its implications for the 5th domain

Constantine Nicolaidis

OFRAK Me? OFRAK You!

Dr. Ang Cui & Wyatt Ford

We are proud to present OFRAK (Open Firmware Reverse Analysis Konsole), which we will be open sourcing in August 2022!

During this talk, we will recap the OFRAK origin story, provide a sneak peek tour of the OFRAK APIs, and demonstrate how it can be used to unpack, modify, and repack firmware binaries, both interactively and programmatically at scale.

OFRAK is a software tool that combines the ability to unpack, analyze, modify, and repack binaries & firmware in a single application.

OFRAK equips users with:

  • A Graphical User Interface (GUI) for interactive exploration and visualization of firmware images.
  • A fully-fledged Python API, which allows users to write readable and reproducible scripts that can then be applied to entire classes of binaries, rather than only one.
  • Automatic and recursive identification, unpacking and repacking of many file formats, from ELF executables to filesystem archives, with support for many compression algorithms.

Built-in integration with powerful analysis backends(Angr, Binary Ninja, Ghidra, oh my!) tools to programmatically patch executables.

Reversing an M32C firmware – Lesson learned from playing with an uncommon architecture

Philippe Laulheret

Virtual Memory Attacks

Phillip Tennen

Memory paging is a foundational technology in modern computing environments, and a thorough understanding is a critical tool in any exploit developer’s toolkit. In this talk, we’ll explore paging from the ground up, building an awareness of the abundance of OS-level technologies that are enabled by paging. This understanding will serve us while covering approaches to exploitation, as well as while covering notable security attacks both relying on paging tricks and exploiting them. We’ll examine paging’s role both in advanced security features such as ASLR and authenticated pointers, as well as how paging infrastructure and its guarantees can be abused or circumvented by an attacker to gain remote code execution. We will also demonstrate several novel attacks on-stage, with an approachable explanation of exactly how we’re managing to carry out these attacks.

What the blockchain got right… no, really

Dan Guido

Sponsors 2022

Research Grant

Platinum Tier


Gold Tier

Bishop Fox is the largest private professional services firm focused on offensive security
testing. Since 2005, the firm has provided security consulting services to the world’s
leading organizations — working with over 25% of the Fortune 100 — to help secure
their products, applications, networks, and cloud with penetration testing and security
assessments. The company is headquartered in Phoenix, AZ and has offices in Atlanta,
GA; San Francisco, CA; New York, NY; and Barcelona, Spain.

Silver Tier

Supporter Tier

IncludeSec does the hacks all day, every day 2,000+ assessments since 2011. We do software and hardware security assessments in over 38 programming languages. We’ve hacked everything from Python and C to Java and Haskell….whatever tech you’ve got, we’ve hacked it before!

sponsors sidebar 2022

Research Grant Sponsors

Platinum Sponsors

Gold Sponsors

Silver Sponsors

Supporter Sponsors

Registration is now open!

It’s time to register for Summercon.

Some notes:

  • If you elect to attend at Littlefield, you’ll need to abide with whatever COVID protocols the venue and NYC DOH impose. If you register and for whatever reason you cannot abide by these COVID rules, we’ll refund your ticket. It’s been two years of this, so you know the drill.
  • We’re hopeful that there will be a Summercon simulcast at Parklife. Frankly, it might be nicer to be outside in the Parklife courtyard for the duration of Summercon.
  • You can also register for the live stream. 

Choose your ticket at Eventbrite here

OUR CODE OF CONDUCT

It’s been a long, strange year. Since some of us are going to be in the same room together for the first time in eons and might have forgotten about the normal social contract that exists in shared spaces, we’d like to remind everyone of our Code of Conduct.

Many years ago, Summercon published its first real code of conduct. This was kind of a landmark, since the Summercon team has always prided itself on a certain amount of constructive chaos. That early code of conduct looked like this:

If you love anarchy, want to break things, set off fire alarms, or generally behave like a twelve year old, you probably should stay away–even if you are a twelve year old. Especially if you are a twelve year old. It’s not that kind of event, and we’re not those kind of people. Even though we’re a group of hackers, breaking the law is still illegal.

If you’re interested in meeting your peers in the security world, meeting some of the finest people you’ll ever know, putting names to faces, and learning about the latest trends in security analysis, we’d love to see you. Mingle, socialize, make lifelong friendships. That’s what we’re all about.


We still believe in that.

But the world has grown. And while we still love that constructive chaos, we’ve grown a lot, too. We want everyone to have a good time. And because not everyone knows what that means, we’ll be very clear:

Summercon is dedicated to providing a harassment-free conference experience for everyone, regardless of race, color, national origin, religion, age, sex, gender, sexual orientation, or disability. We do not tolerate harassment of conference participants in any form. Sexual language and imagery is not appropriate for conference talks or exhibitors. The conference reserves the right to eject anyone who engages in behavior that is threatening or patently offensive to the community, regardless of whether it occurs at the conference venue, parties, or online.

Conference participants violating our rules may be thrown out of the conference without a refund at the discretion of the conference organizers.

If you are being harassed, notice that someone else is being harassed, or have any other concerns, please contact a member of the conference staff immediately. Anyone wearing a red Summercon Staff shirt is empowered to intervene.

In case you don’t feel comfortable approaching a member of the staff, call us at 720 586-4225 (720 586-HACK) so that you can speak directly with the conference organizers about your concerns.


TL;DR: Not to be all heavy or anything, but top legal minds tell us we should say this: we reserve the right to eject anyone at any time for any reason at the sole discretion of the conference organizers.

Thanks for listening. Sorry if this harshes anyone’s mellow, but it’s easier to have a good time when everyone knows the ground rules. Have fun, everyone!