THE LINEUP

Here’s what we have cooking!

Friday, July 14

TimeSpeakerPresentation
10:00amDOORS OPEN
10:45amJohn Terrill &
Mark Trumpbour
Opening Remarks and Financials
11:00amDan “AltF4” PetroHacking the GameCube to Beat Nerds at Smash Bros for Charity
12:00pmDan Golden &
Renee Dudley
The Ransomware Hunting Team: A Band Of Misfits’ Improbable Crusade To Save The World From Cybercrime
1:00pmLUNCH
2:00pmAng CuiIce Ice Baby: Coppin’ RAM With DIY Cryo-Mechanical Robot
3:00pmJulien VanegueLogic for Hackers: the case of incorrectness logic and adversarial reasoning
4:00pmPwnie Awards Nominations
(Followed by a brief cDc Announcement)
4:30pmNick SullivanThis Year in Crypto
5:00pmEmily WickiDigital Forensics Unchained: Ripping Apart the Old School Rulebook
5:15pmMudgeTried and True Security Beliefs/Best Practices… Are Wrong
6:15pmHAPPY HOUR
Subject to change.

Saturday, July 15

TimeSpeakerPresentation
10:00amDOORS OPEN
10:45pmJohn Terrill &
Mark Trumpbour
Welcome back:, Recap, Apology, and Police Blotter.
11:00amChristopher SurageWhy can’t we be friends? Solving the social challenges of application security
11:30amClaudiu-Vlad UrsacheCode Property Graphs & joern – simple, precise static code analysis
12:00pmChristine FossacecaRace Against the Machine: Consumers vs. Bots
12:30pmJatin KatariaThe Debugging Uncertainty Principle
1:00pmLUNCH
2:00pmDan GuidoThe title of this presentation is [REDACTED], and it’s gonna be awesome
3:00pmHarri HurstiSub 1 Ghz and other radio/side channel attacks
4:00pmSamantha Davison &
Jennifer Leggio
Protect Yourself Before You Wreck Yourself
5:00pmJohn ViegaGrab Bag with wrappers, cookies, ELFs and injections
5:30pmThe Summercon FamilyIn Memoriam –
A VIDEO PRESENTATION
6:00pmHAPPY HOUR / CLOSING CEREMONIES / FLIP CUP
(The usual shenanigans)
Subject to change

Stay Tuned – We’re Figuring It Out

While there isn’t enough time to shovel a bunch of money out for Summercon 2022 research, we are really excited about being able to fund new research. Thanks for being patient!

Alphabetical (by title)

Code Property Graphs & joern – simple, precise static code analysis

Claudiu-Vlad Ursache

This talk introduces `kotlin2cpg` – the newest addition to Joern, the platform for robust analysis of source code, byte code and binary code.


First, Code Property Graphs are discussed – what they are, how they look like, why they’re the ideal intermediate representation for cross-language code analysis.


Second, the capabilities of Joern are shown – the interactive shell, its scripting support and the CPGQL query language.


Third, `kotlin2cpg` is put under the microscope – its underlying components are discussed together with the challenges of building a new static analyzer on top of Joern.


There will be a step-by-step guide for building a CPGQL query for a previously-undisclosed bug in a fairly prominent Android application [DISCLOSURE COMING SOON].

Digital Forensics Unchained: Ripping Apart the Old School Rulebook

Emily Wicki

Though she doesn’t want to tell you that you’re doing forensics wrong, you probably are. Emily’s gonna set you straight on a few things, and we can’t wait to hear it.

The Debugging Uncertainty Principle

Jatin Kataria

In this talk, Jatin will be sharing learnings and tools built for investigating low frequency kernel crashes in FreeBSD and discuss how hardware features could be utilized for providing zero-cost triage information in production systems. This Heisenberg bug was initially assumed to be happening due to an interrupt stack corruption but turned out to be a CPU bug. Heisenberg bugs, known for their elusive and unpredictable nature, can be a challenge to identify and fix. Therefore, this bug was difficult to produce and hence remained a mystery for debug invariant FreeBSD builds where integrity checks are enabled throughout the kernel. In order to investigate the bug, Jatin built stack analyzer tools and configured Last Branch Record (LBR) on CPUs and integrated them into the FreeBSD kernel to get CPU control flow information during a page or general protection fault for zero
cost overhead.

Frankly, we’re stunned that this whole thing fits inside of 30 minutes, so listen carefully — it’s gonna go by at light speed!

Hacking the GameCube to Beat Nerds at Smash Bros for Charity

Dan “AltF4” Petro

This is the story of how an AI (SmashBot) can beat professional Melee players on a real Nintendo GameCube (a 22 year old console with no Internet connectivity) in front of an audience of tens of thousands of people who can all interact directly with the game remotely from their browser.

We’ll cover all the technical details behind the Melee speedrun marathon showcase, including gaining arbitrary code execution on the GameCube, all the tooling for writing complex payloads in the dead PowerPC ASM architecture, exfiltrating data off the console, and the custom-built hardware to facilitate it. All so that I can live vicariously through a robot in my fantasies of being a pro Melee player.

Oh, and bring your controller, because you can try to beat SmashBot yourself live on stage too!

Ice Ice Baby: Coppin’ RAM With DIY Cryo-Mechanical Robot

Ang Cui

We present the design and construction of a robot that reliably extracts contents of RAM of modern embedded devices at runtime. We discuss the practical engineering challenges and solutions of adapting the traditional cold-boot attack to non-removable DDR chips commonly found on modern embedded devices. Lastly, we present a practical guide to building your own cryo-mem rig from COTS parts for less than a thousand bucks.

Have you noticed that embedded hardware is getting harder to reverse? BGA chips, massively integrated packages, vertical stackups, encrypted firmware at rest, and a pinch of “no jtag or uart” has become standard fare. While these artifacts do not correlate to material improvements in device security, you can’t prove it because you can’t dump the firmware or debug the hardware. Skip the noise and change up the game. Sometimes it’s easier just to grabbing unencrypted firmware from live RAM. All you have to do is keep the chips at -50C on a running system, pull all the chips off on the same CPU instruction, slap it on an FPGA that sort of respects the DDR state machine without punching a whole in your device, or cause shorts due to condensation, and without freezing your eyebrows off. We’ll show you how to build a robot to do this in an afternoon for about a thousand dollars.

In Memoriam – a Video Presentation

Dear Aloria, we miss you so much. We know you wouldn’t want us to cry, but we can’t promise that we won’t.

Logic for Hackers: the case of incorrectness logic and adversarial reasoning

Julien Vanegue

Typical static analysis for program verification comes with an over-approximate flavor, which considers a superset of program behaviors to guarantee the absence of bugs. This is a problem as spurious behaviors can lead to false positives, the enemy of software developers and security auditors alike. In the last few years, a new kind of formal logic “incorrectness logic” (O’Hearn, POPL’20) introduced under-approximate program analysis, where every bug is guaranteed to be a true positive, at the expense of false negatives, therefore coming as a foundation for the theory of formal bug finding. Such methodology is applied at scale by large software vendors (e.g. Meta) and is more immediately usable in industrial CI/CD pipelines. This talk will introduce under-approximate reasoning to the Summercon crowd, and discuss a recent extension “adversarial logic” (Vanegue, SAS’22) extending incorrectness logic with explicit adversary to formalize the detection of exploit conditions in buggy programs.

Protect Yourself Before You Wreck Yourself

Samantha Davison & Jennifer Leggio

For legal and/or aesthetic reasons, the description of this presentation is not availble. But you won’t want to miss it!

Race Against the Machine: Consumers vs. Bots

Christine Fossaceca

Do you have any beef with online merchants? Maybe you weren’t able to buy a PS5 for months after they were released. Maybe there teardrops on your guitar because Ticketmaster didn’t let you get tickets to Taylor Swift’s Eras Tour. Or maybe you will be too far apart from the Cure because of the latest ticket scandal leaving you empty handed! The common denominator to consumer stress in online sales is directly tied to the uptick in botnets and the scalpers that use them.


Rebecca and Christine are going to shed light on the underground world of online resellers (scalpers) and the botnets they use to gain a competitive advantage when buying merchandise, such as sneakers, concert tickets, GPUs, and even NFTs, edging out legitimate consumers and profiting from the sales of products they didn’t design and music they didn’t create.


This talk will explain what botnets are, how scalpers build them and use them, and then recap some real world examples of botnets being seen in the wild. First we will talk about a cyber attack that no one even knew happened against the Shopify platform, when a scalper botnet broke a popular makeup website during the Shane Dawson and Jeffree Star Conspiracy makeup collection release. No, they didn’t break the internet, a botnet did. Next, Rebecca and Christine will evaluate the veracity of claims that Ticketmaster made in their Senate committee hearing, blaming their ticketing fiascos on “botnet attacks”, and ask the question, “Was the botnet truly scalpers or a just a convenient scapegoat?”

The Ransomware Hunting Team: A Band Of Misfits’ Improbable Crusade To Save The World From Cybercrime

Dan Golden & Renee Dudley

ProPublica journalists Renee Dudley and Daniel Golden, are the authors of “The Ransomware Hunting Team: A Band of Misfits’ Improbable Crusade to Save the World from Cyber-Crime,” published in October 2022 by Farrar Straus, & Giroux to critical acclaim. Among other plaudits, Amazon made it an editor’s choice for non-fiction, and the New York Times called it “brilliant.” In this presentation, Dan and Renee will take us through their narrative, descrive the hunt, talk about some of the moral dilemmas, and share some thoughts about the the future of malware.Book signing to follow; bring your copy or buy one at Summercon! https://us.macmillan.com/books/9780374603304/theransomwarehuntingteam

[REDACTED], a Presentation With an Elaborate Title

Dan Guido and/or [REDACTED}

Dan and the good folks at [REDACTED] have been working on [REDACTED]. and will discuss some of the outcomes of their [REDACTED]. This talk will [REDACTED] your [REDACTED].

Sub 1 Ghz and other radio/side channel attacks

Harri Hursti

Sub 1 GHz attacks are nothing new and SDRs made those a long time ago accessible. Flipper Zero blew this family of attacks into the mainstream consciousness as easy to use and almost no skills required cheap tools. Jailbreaking Quansheng UV-K5 brings in a $20 radio transceiver from 18MHz to 1.3 GHz, so where are we heading?

This Year in Crypto

Nick Sullivan

We swear we have an abstract for this lying around somewhere — but it’s Nick, so you know you’re good.

Tried and True Security Beliefs/Best Practices… Are Wrong

Mudge

Charming, irreverant, and always controversial, Mudge has hot takes. Get ready for a deep cut on so-called “best practices” It’s an honor to welcome him to the Summercon stage.

Why can’t we be friends? Solving the social challenges of application security

Christopher Surage

Application security remains a difficult challenge for organizations to solve. Year after year we are constantly bombarded with new vulnerabilities in products and libraries which we all use. Much of the focus with improving application security revolves around the technical aspects yet the social aspects are widely ignored. This presentation is about the social challenges of application security which security practitioners don’t address, and provide some solutions to those challenges.

Grab Bag with wrappers, cookies, ELFs and injections

John Viega & Brandon Edwards

John and Brandon share a bunch of novel crap they’ve done recently, all of which is either open source, or about to be.

cDc Announcement

Our friends from the Cult of the Dead Cow have a quick announcement. We’re as curious as you are!

Sponsors 2023

Research Grant

Platinum Tier

Atredis Partners is a research-driven Information Security consultancy. We deliver advanced penetration testing, embedded security research, and cutting edge risk management. Our team is made up of some of the most respected hackers in the information security industry, and we thrive on hacking complicated targets, on time and under budget. Our HQ also happens to be in the birth city of Summercon, but we’re pretty sure the Best Western in North Saint Louis burned down years ago.

Gold Tier

Red Balloon Security is a leading embedded security provider and research firm committed to securing embedded devices across a range of critical industries and shaping the future of the embedded security industry. Our expert team has pioneered foundational technologies deployed to secure millions of embedded devices currently in service. Today, we continue to research, develop, commercialize, and enhance new capabilities through our engagements with the U.S. Department of Defense (DoD), including Defense Advanced Research Projects Agency (DARPA) and Air Force Research Laboratory (AFRL), Department of Homeland Security (DHS),as well as Fortune 500 companies.

Silver Tier

Most companies find out way too late that they’ve been breached. Thinkst Canary fixes this. They deploy in under 5 minutes and require almost 0 ongoing admin overhead. Find out why they are deployed and [loved](https://canary.tools/love) on all 7 continents!
Data Theorem is a leading provider of modern application security, helping customers prevent AppSec data breaches. Its products focus on API security, cloud (serverless apps, CSPM, CWPP, CNAPP), mobile apps (iOS and Android), and web apps (single-page apps). Its core mission is to analyze and secure any modern application anytime, anywhere. The award-winning Data Theorem Analyzer Engine continuously analyzes APIs, Web, Mobile, and Cloud applications in search of security flaws and data privacy gaps. The company has detected more than 5 billion application incidents and currently secures more than 25,000 modern applications for its enterprise customers around the world.

Data Theorem is a leading provider of modern application security, helping customers prevent AppSec data breaches. Its products focus on API security, cloud (serverless apps, CSPM, CWPP, CNAPP), mobile apps (iOS and Android), and web apps (single-page apps). Its core mission is to analyze and secure any modern application anytime, anywhere. The award-winning Data Theorem Analyzer Engine continuously analyzes APIs, Web, Mobile, and Cloud applications in search of security flaws and data privacy gaps. The company has detected more than 5 billion application incidents and currently secures more than 25,000 modern applications for its enterprise customers around the world.

sponsors sidebar 2023

Research Grant Sponsors

Platinum Sponsors

Gold Sponsors

Silver Sponsors

OUR CODE OF CONDUCT

It’s been a long, strange year. Since some of us are going to be in the same room together for the first time in eons and might have forgotten about the normal social contract that exists in shared spaces, we’d like to remind everyone of our Code of Conduct.

Many years ago, Summercon published its first real code of conduct. This was kind of a landmark, since the Summercon team has always prided itself on a certain amount of constructive chaos. That early code of conduct looked like this:

If you love anarchy, want to break things, set off fire alarms, or generally behave like a twelve year old, you probably should stay away–even if you are a twelve year old. Especially if you are a twelve year old. It’s not that kind of event, and we’re not those kind of people. Even though we’re a group of hackers, breaking the law is still illegal.

If you’re interested in meeting your peers in the security world, meeting some of the finest people you’ll ever know, putting names to faces, and learning about the latest trends in security analysis, we’d love to see you. Mingle, socialize, make lifelong friendships. That’s what we’re all about.


We still believe in that.

But the world has grown. And while we still love that constructive chaos, we’ve grown a lot, too. We want everyone to have a good time. And because not everyone knows what that means, we’ll be very clear:

Summercon is dedicated to providing a harassment-free conference experience for everyone, regardless of race, color, national origin, religion, age, sex, gender, sexual orientation, or disability. We do not tolerate harassment of conference participants in any form. Sexual language and imagery is not appropriate for conference talks or exhibitors. The conference reserves the right to eject anyone who engages in behavior that is threatening or patently offensive to the community, regardless of whether it occurs at the conference venue, parties, or online.

Conference participants violating our rules may be thrown out of the conference without a refund at the discretion of the conference organizers.

If you are being harassed, notice that someone else is being harassed, or have any other concerns, please contact a member of the conference staff immediately. Anyone wearing a red Summercon Staff shirt is empowered to intervene.

In case you don’t feel comfortable approaching a member of the staff, call us at 720 586-4225 (720 586-HACK) so that you can speak directly with the conference organizers about your concerns.


TL;DR: Not to be all heavy or anything, but top legal minds tell us we should say this: we reserve the right to eject anyone at any time for any reason at the sole discretion of the conference organizers.

Thanks for listening. Sorry if this harshes anyone’s mellow, but it’s easier to have a good time when everyone knows the ground rules. Have fun, everyone!