ToorCon 11 Preliminary Lineup Announced!

Showing 1-1 of 1 messages
ToorCon 11 Preliminary Lineup Announced! David Hulton 9/21/09 2:36 PM

We're proud to announce our preliminary lineup for ToorCon this year
and especially our keynote, Vernor Vinge. Vernor is a prolific science
fiction novel writer and is best known for his Hugo Award-winning
novels and novellas A Fire Upon the Deep (1992), A Deepness in the Sky
(1999), Rainbows End (2006), Fast Times at Fairmont High (2002) and
The Cookie Monster (2004), as well as for his 1993 essay "The Coming
Technological Singularity", in which he argues that exponential growth
in technology will reach a point beyond which we cannot even speculate
about the consequences.


Here's some talks to expect at the conference:

Keynote: Vernor Vinge
Some Consequences of Ubiquity

Dan Kaminsky

Joshua Wright
KillerBee: Practical ZigBee Exploitation Framework

Jason Ostrom & Arjun Sambamoorthy
IP Video Attacks!

Ben Feinstein
Koobface: Malware for the Social Web

Rob Havelt
Death to Obscurity: The Frequency Hopping Spread Spectrum Story

K. Chen
Reversing and Exploiting an Apple Firmware Update

Mike Bailey
There's One In Every Family: Exploiting subdomain-based trust
relationships on the Web

Stephan Chenette
The Dewey Decimal System for Exploit Analysis

barkode, cnelson, cstone & w0z
Building the Ninja Networks Badge for DEFCON 17: Mass producing a
custom electronic device with volunteer resources

John Eder
Hacking Games for Autism: Back to the roots of hacking as innovation

Kartik Trivedi
Breaking SWF and AMF

Sergey Bratus, Chrisil Arackaparambil & Anna Shubina
Fast and accurate detection of rogue access points using clock skews:
does it really work?

Mike Bailey
CSRF: Yeah, It Still Works

Ron Bowes
All your windows boxes are belong to me: scary fast SMB/RPC scanning witn Nmap

Web Shells in Server Side Languages


If you are interested in speaking, please make sure to submit your CFP
before Friday, September 25th to be considered before the lineup is


Over the past few years, ToorCon has been known for providing hands-on
workshops which focus on teaching a wide range of skills in a small
classroom environment. The main goal is to teach the basics and
provide the audience with the tools to expand on their knowledge on
their own after the 2-day workshop is over. We have an exciting list
of workshops to choose from this year:

Software Defined Radio Workshop
Instructor: Michael Ossman
Includes: Use of a USRP (If you would like a USRP kit included in your
training cost, please contact us)
Software Defined Radio (SDR) techniques are rapidly becoming essential
to all areas of wireless security research. Recent attacks on
Bluetooth, GSM, wired and wireless keyboards, implantable medical
devices, RFID, and more have been made possible by software radio. A
combination of lectures, software exercises, and over-the-air
projects, this workshop will provide the hands-on background in
digital signal processing and radio engineering required to apply
software radio techniques to practical hacking of diverse wireless
systems. If you have experience developing software but lack
experience with radio technology and digital signal processing, this
workshop is for you.

Application Security Workshop
Instructor: Jared DeMott
Includes: CD with VMWare images and printed training materials
There are four technical skills required by security researchers,
software quality assurance engineers, or developers concerned about
security: Source code auditing, fuzzing, reverse engineering, and
exploitation.  All these skills and more are covered.  C/C++ code has
been plagued by security errors resulting from memory corruption for a
long time.  Problematic code is discussed and searched for in lectures
and labs, with WebGoat introduced as well.  Fuzzing is a topic book
author DeMott knows about well.  Mutation file fuzzing and framework
definition construction (Sulley and Peach) are just some of the
lecture and lab topics.  When it comes to reversing C/C++ (Java and
others are briefly discussed) IDA pro is the tool of choice.  Deep
usage of this tool is covered in lecture and lab.  Exploitation
discussions and labs are the exciting final component.  You’ll enjoy
exploiting BSD local programs to Vista browsers using the latest

Web and Cloud Application Security Workshop
Instructor: Andre Gironda
Includes: Printed workbook, Build/setup/use of a virtual infrastructure
This cloud-web application security workshop covers web applications
in various virtual infrastructures, primarily focused on defense,
compliance, and incident response. First, we'll identify applications
as if they had already been attacked. Then, we'll come up with a risk
management plan based on incident data, compliance/regulations, as
well as data classifications. We'll look at full-knowledge
verification using web server configuration and content files, in
addition to runtime and source code verification. We'll go over the
various implications of pen-testing cloud-web applications. This will
include a thorough look at the strengths and weaknesses of web
application firewalls and application hardening practices. Finally,
we'll perform mock verifications and discuss partnering with
application developers.

Applied Physical Security - Lockpicking and Safecracking
Instructor: datagram
Includes: 1 lockpicking kit, 1 handcuff key, 1 practice deadbolt, 1
practice padlock
This course focuses on learning and applying techniques of
lockpicking, key bumping, impressioning, decoding, bypass, and safe
cracking against a variety of real world locks and safes. Common lock
designs are examined for various weaknesses that allow different
methods of attack, some of which are extremely fast and easy to
perform. High security locks will also be examined so attendees can
learn to spot good locks from bad locks when shopping for access
control devices.


Once again we are providing an additional day of deep knowledge
seminars focused on addressing the growing corporate security issues
in a small classroom environment that encourages discussion and
interaction with the instructors. Here are a couple topics that have
been preliminarily accepted for the Seminars:

Wes Brown
Building and Using an Automated Malware Analysis Pipeline

Robert Zigweid
Threat Modeling: Learn to Optimize Your Security Budget


Pre-registration for the Conference, Seminars, and Workshops will be
increasing in price soon so register today! Here is our current
pricing schedule for ToorCon 11:

$100 - Conference
$750 - Seminars + Conference
$1300 - Workshop + Conference
$1700 - Workshop + Seminars + Conference

After October 9th:

$140 - Conference
$950 - Seminars + Conference
$1600 - Workshop + Conference
$2100 - Workshop + Seminars + Conference

We also provide discount pricing for groups that wish to attend. For
more information about this please reply to this email.


As always, ToorCon doesn't mind getting money from anyone who wants to
give it to them. If you've got any growing on trees and don't mind
sharing with some starving conference planners to help them throw an
even more awesome conference, please let us know. We have all sorts of
ways of making it look like your money was well spent including
banner/logo placement, booths, sponsored parties & lunches, etc. For
more information, please contact


ToorCon 11 San Diego (Conference)
October 23rd-25th, 2009
San Diego Convention Center
111 W. Harbor Dr
San Diego, CA 92101

ToorCon 11 San Diego (Workshops & Seminars)
October 21st-23rd, 2009
Hotel Solamar
435 6th Ave
San Diego, CA 92101


Sept 25th, 2009 - Call for papers closes
Oct 2nd, 2009 - Speaker & sponsor selection finalized
Oct 21st, 2009 - ToorCon training workshops start
Oct 23rd, 2009 - ToorCon seminars & conference reception
Oct 24th, 2009 - ToorCon conference 50-minute talks
Oct 25th, 2009 - ToorCon conference 20-minute talks