[<prev] [next>] [day] [month] [year] [list]
Message-Id: <0190316A-EDFF-4200-B254-086E794C81BE@gmail.com>
Date: Mon, 8 Nov 2010 19:06:28 +0100
From: Philippe Langlois <philippe.langlois@...il.com>
To: "Full Disclosure (full-disclosure@...ts.grok.org.uk)"
<full-disclosure@...ts.grok.org.uk>,
"Bugtraq (bugtraq@...urityfocus.com)" <bugtraq@...urityfocus.com>
Subject: Hackito Ergo Sum 2011 - Call For Paper - HES2011
CFP
Hackito Ergo Sum 2011 - Call For Paper - HES2011 CFP
** http://hackitoergosum.org **
7-9 April 2011 / Paris / France
111111111111111111111111111111111111111111111111111111111111111111111111
1111111
111111111111111111111111111111111111111111111111111111111111111111111111
1111111
111111111111111111111111111111111111111111111111111111111111111111111111
1111111
111111111111111111110000000011111111111111111111111000001111111111111111
1111111
111111111111111111110000000011111111111111111111111000001111111111111111
1111111
111111111111111111110000000011111111111111111111111000001111111111111111
1111111
111111111111111111110000000011111111111111111111111000001111111111111111
1111111
111111111111100000000000000000000000000000000000000000000000000011111111
1111111
111111111111100000000000000000000000000000000000000000000000000011111111
1111111
111111111111100000000000000000000000000000000000000000000000000011111111
1111111
111111111111100000000000000000000000000000000000000000000000000011111111
1111111
111110000000000000001111111111111110000000011111111111111100000000000000
0111111
111110000000000000001111111111111110000000011111111111111100000000000000
0111111
111110000000000000001111111111111110000000011111111111111100000000000000
0111111
111110000000000000001111111111111110000000011111111111111100000000000000
0111111
111110000000000000000000000000000000000000000000000000000000000000000000
0111111
111110000000000000000000000000000000000000000000000000000000000000000000
0111111
111110000000000000000000000000000000000000000000000000000000000000000000
0111111
111110000000000000000000000000000000000000000000000000000000000000000000
0111111
111110000000000000000000000000000000000000000000000000000000000000000000
0111111
111110000000000000000000000000000000000000000000000000000000000000000000
0111111
111110000000000000000000000000000000000000000000000000000000000000000000
0111111
111110000000011111110000000011111110000000011111111000000011111111000000
0111111
111110000000011111110000000011111110000000011111111000000011111111000000
0111111
111110000000011111110000000011111110000000011111111000000011111111000000
0111111
111110000000011111110000000011111110000000011111111000000011111111000000
0111111
111111111111100000001111111100000000111111100000000111111100000011111111
1111111
111111111111100000001111111100000001111111100000000111111100000011111111
1111111
111111111111100000001111111100000001111111100000000111111100000011111111
1111111
111111111111100000001111111100000001111111100000000111111100000011111111
1111111
111111111111111111111111111111111111111111111111111111111111111111111111
1111111
111111111111111111111111111111111111111111111111111111111111111111111111
1111111
1111111111111111111111111111111111111111111111111
1111111111111111111111111111111111111111111111111 HES 2011
1111111111111111111111111111111111111111111111111 Paris, 7-9 April 2011
1111111111111111111111111111111111111111111111111
111111111111111111111111111111111111111111111111111111111111111111111111
1111111
111111111111111111111111111111111111111111111111111111111111111111111111
1111111
--[ Synopsis:
Hackito Ergo Sum conference will be held from April 7th to the 9th of
2011
in Paris, France.
Following last edition's success, HES2011 will be a bigger event with
even more
talks, focusing on hardcore computer & network security, insecurity,
vulnerability analysis, reverse engineering, research and hacking,
and will try
to keep the high quality content. Our dear Program Committee is there to
ensure this.
HES will this year be a fully international-oriented conference, 100% in
English, aiming to gather the best security researchers, experts and
decision
makers in one room.
--[ Introduction:
The goal of this conference is to promote security research, broaden
public
awareness and create an open forum so that communication between the
researchers, the security industry, the experts and the public can
happen.
Last year, we pioneered a domain with the first Capture The Flag
(CTF) contest
on FPGA, with excellent result that exceeded by far our expectations.
This
year, new contests will run with hopefully even more diverse and new
approaches
to security. Of course, network-based CTF and lockpicking contest
will still
happen.
We will have a specific session for new works, including slots for new
presenters -i.e. typically people whose personal research are extremely
interesting but who do not usually present at conferences- because
security innovations occur at the fringe of the security industry,
very often by
passionate people, and that's what we are and love. Submissions from
students,
academics or otherwise passionate people from anywhere on the
internet are
therefore most welcome.
We will also have an anonymous side track so that people who wish to
present sensitive
subjects can do so in total freedom. As we believe the academic
system as setup a good
precedent with anonymous submissions, review and voting, we wish to
pursue this direction
by providing researcher a way to share important contribution without
being concerned
with politics and other non-research influences.
This conference will try to take into account all voices in order to
reach a
balanced position regarding research and security, inviting businesses,
governmental actors, researchers, professionals and the general
public to share
concerns, approaches and interests for this topic.
During three days research conferences, solutions presentations,
panels and
debates will aim to view and determine the future of IT security.
--[ Content of the Research Track:
We are expecting submissions in English only.
The format will be 45 mins presentation + 10 mins Q&A.
Please note that talks whose content will be judged too commercial or
biased
toward a given vendor will be rejected.
For the research track, preference will be given to offensive,
innovative and
highly technical proposals covering (but not restricted to) the
topics below:
[*] Attacking Software
* Automating vulnerability discovery
* The business of the 0-day market
* Non-x86 exploitation
* New classes of software vulnerabilities and new methods to detect
software bugs (source or binary based)
* Static and Dynamic binary or source-based analysis
* Current exploitation on Gnu/Linux WITH GRsecurity/SElinux/
OpenWall/SSP
and other current protection methods
* Kernel land exploits (new architectures or remote only)
* New advances in Attack frameworks and automation
* Secure Development Life Cycle and real-life development
experiences
[*] Attacking Infrastructures
* Botnets and C&C abuses
* Exotic Network Attacks
* Telecom (from VoIP to SS7 to GSM & 3G/4G RF hacks)
* Financial and Banking institutions
* SCADA and the industrial world, applied.
* Governmental firewall and their limits (Australia, French's
HADOPI,
China, Iran, Denmark, Germany, ...)
* Law enforcement : how to / how to deceive / how to abuse.
* Satellites, Military, Intelligence data collection backbones
("I hacked Echelon and I would like to share")
* Non-IP (SNA, ISO, make us dream...)
* M2M
* Wormable vulnerabilities against protocols & infrastructures
[*] Attacking Hardware
* Hardware reverse engineering (and exploitation + backdooring)
* Femto-cell hacking (3G, LTE, ...)
* BIOS and otherwise low-level exploitation vectors
* Real-world SMM usage! We know it's vulnerable, now let's do
something
* WiFi drivers and System on Chip (SoC) overflow, exploitation and
backdooring.
* Gnu Radio hacking applied to new domains
[*] Attacking Crypto
* Practical crypto attacks from the hacker's perspective
(RCE, algo modeling, bruteforce, FPGA ...)
* Algorithm strength modeling and evaluation metrics
* Hashing functions pre-image attacks
* Crypto where you wouldn't think there is
We highly encourage any other presentation topic that we may not even
imagine.
--[ Submissions:
[*] Required information:
Submitions must (see RFC 2119 for the meaning of this word) contain the
following information:
* Speaker's name or alias
* Biography
* Presentation Title
* Description
* Needs: Internet? Others?
* Company (name) or Independent?
* Address
* Phone
* Email
* Demo (Y/N)
We highly encourage and will favor presentations with a demo.
Submissions may contain the following information:
* Tool
* Slides
* Whitepaper
[*] How to submit:
Submit your presentation and materials at:
http://hackitoergosum.org/apply/
--[ Workshops:
If you want to organize a workshop or any other activity during the
conference,
you are most welcome. Please contact us at:
hes2011-orga@...ts.hackitoergosum.org
--[ Dates:
2010-11-15 Call for Paper
2011-02-20 Submission Deadline
2011-02-21 Acceptance notification
2011-03-01 Program announcement
2011-04-07 Start of conference
2011-04-09 End of conference
--[ Program Committe:
The submissions will be reviewed by the following program committee:
* Tavis Ormandy (Google) @taviso
* Matthew Conover (Symantec) @symcmatt
* Jason Martin (SDNA Consulting, Shakacon)
* Stephen Ridley @s7ephen
* Mark Dowd (AzimuthSecurity) @mdowd
* Tiago Assumpcao
* Alex Rice (Facebook) facebook.com/rice
* Pedram Amini (ZDI) @pedramamini
* Erik Cabetas
* Dino A. Dai Zovi (Trail Of Bits) @dinodaizovi
* Alexander Sotirov @alexsotirov
* Barnaby Jack (IOActive) @barnaby_jack
* Charlie Miller (SecurityEvaluators) @0xcharlie
* David Litchfield (V3rity Software) @dlitchfield
* Lurene Grenier (Harris) @pusscat
* Alex Ionescu @aionescu
* Nico Waisman (Immunity) @nicowaisman
* Philippe Langlois (P1 Security, TSTF, /tmp/lab) @philpraxis
* Jonathan Brossard (Toucan System, P1 Code Security, /tmp/lab)
@endrazine
* Matthieu Suiche (MoonSols) @msuiche
* Piotr Bania @piotrbania
* Laurent GaffiƩ (Stratsec) @laurentgaffie
* Julien Tinnes (Google)
* Brad Spengler (aka spender) (Grsecurity)
* Silvio Cesare (Deakin University) @silviocesare
* Carlos Sarraute (Core security)
* Cesar Cerrudo (Argeniss) @cesarcer
* Daniel Hodson (aka mercy) (Ruxcon)
* Nicolas Ruff (E.A.D.S) @newsoft
* Julien Vanegue (Microsoft US) @jvanegue
* Itzik Kotler (aka izik) (Security Art) @itzikkotler
* Rodrigo Branco (aka BSDeamon) (Checkpoint) @bsdaemon
* Tim Shelton (aka Redsand) (HAWK Network Defense) @redsandbl4ck
* Ilja Van Sprundel (IOActive)
* Raoul Chiesa (TSTF)
* Dhillon Andrew Kannabhiran (HITB) @hackinthebox
* Philip Petterson (aka Rebel)
* The Grugq (COSEINC) @thegrugq
* Emmanuel Gadaix (TSTF) @gadaix
* Kugg (/tmp/lab)
* Harald Welte (gnumonks.org) @LaF0rge
* Van Hauser (THC)
* Fyodor Yarochkin (Armorize) @fygrave
* Gamma (THC, Teso)
* Pipacs (Linux Kernel Page Exec Protection)
* Shyama Rose @shazzzam
--[ Fees:
Business-ticket (3 days) 120 EUR
Public entrance (3 days) 80 EUR
Discount for Students below 26 (3 days) 40 EUR
Discount for CVE publisher or exploit publisher in 2010-2011(3d) 40 EUR
One-day pass 40 EUR
Volunteers (Must register, see below) (3 days) 0 EUR
--[ Trainings
The list of trainings for HES2011 will be announced shortly after CFP
publishing.
You can still send us training description to hes2011-orga
AT_lists.hackitoergosum.org
if you want to offer some training. Trainings will happen from Monday
4th of April until
Wednesday 6th of April, just before the conference.
--[ Sponsors:
We are looking for sponsors.
Entrance fees and sponsors fees are used to fund international
speakers travel
costs and hosting facility. Please ask for the HES2011 Sponsor Kit at
hes2011-orga __AT__ lists.hackitoergosum.org.
--[ Volunteers:
Volunteers who sign up before 2011-03-01 get free access and will
need to be
present onsite two days before (2011-04-05) if no further arrangement
is made
with the organization.
--[ Journalists:
Journalists are welcome, but are required to comply with simple rules
to ensure
the mutual respect among adults we aim to bring in hackito. In
particular,
filming or taking pictures of attendees without their prior agreement
is totally
prohibited. "We shall respect privacy and people" is the only motto.
--[ Greetz:
We would like to thank the HES2010 Team, its reviewing committee and
all the
volunteers for their time and dedication in making this event a success.
Thumbs up to the /tmp/lab hackerspace for their support and the final
HES
party which was a tremendous success.
We would also like to greet all the speakers of last year's edition
for the
quality of their presentation and the great time we shared in Paris :
you are
all most welcome back in Paris for the 2011 edition.
Likewise, we'd like to thank last year's sponsors for their
unconditional
support. Feel free to support us again for this 2011 edition.
Finally, we would like to thank all the people that participated to
last years
edition : the conference is the people :) See you all in April !
--[ Contact:
hes2011-orga __AT__ lists.hackitoergosum.org
Hackito Ergo Sum 2011 conference - http://hackitoergosum.org
Hacker Space Festival - http://www.hackerspace.net
-- [ Social Media:
Keep in touch with the HES Organization via Facebook, Twitter and
Linkedin !
"Hackito Ergo Sum" on Facebook -
http://www.facebook.com/pages/Hackito-Ergo-Sum/376978867704
@HackitoErgoSum on Twitter ! - https://twitter.com/HackitoErgoSum
HackitoErgoSum on Linkedin ! - http://www.linkedin.com/groups?
gid=2861584
-
[EOF]-------------------------------------------------------------------
---
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists