[Dailydave] SyScan 2012 Singapore - Speaker Selection

Ben Nagy ben at iagu.net
Mon Feb 6 03:14:26 EST 2012


Denizens of DailyDave,

Because I am not good at internets, I am just going to leave this here
and let the cool kids disseminate it with twitter or whatever the hell
you use these days.

On behalf of the selection committee (Thomas Lim, Dave and Halvar) and
the advisory adjunct (researchers of COSEINC) it gives me extreme
pleasure to announce the speakers for this year's SyScan Singapore.
Some of you may be unaware that 2012 was announced to be the
penultimate instantiation of our flagship conference, and we're proud
to be able to mark it with a particularly fine speaker lineup.

Yes, I'm aware this may look a bit long, but you have to read more
than 140 characters in a row at some point in your life, stop whining.

Full Length Talks (in no particular order):

Stefan Esser - iOS Kernel Heap Armageddon

Well first of all it's Stefan, which means it will be technical enough
to make my brain dribble out of my ears, but, more importantly, it has
the word Armageddon in the title, so Job Done. You up and comers need
to take note of these pro-tips from people like Stefan! Try not to
kill as many bugs as he does, though...

Chris Valasek and Tarjei Mandt - Heaps of Doom

The word 'Doom' is almost as awesome as the word 'Armageddon'.
Hopefully these talks aren't back to back because I'm not sure my tiny
brain can handle @nudehaberdasher AND @kernelpool on stage at the SAME
TIME tearing up the Windows 8 heap, and especially not right after the
iOS kernel.

Brett Moore - Post Exploitation Process Continuation

Brett Moore might be the most reliably awesome speaker I have seen.
Honestly, if he could pick a decent title, with, like "Doom" or
"Armageddon" or "Meltdown" or something in it he would take over the
world. No serious exploit writer will want to miss this, though. Clean
exploitation with no process crash is the difference between a 'bug'
and a pile of cash that is too big to carry without a brown paper bag.
So I'm told, anyway. :(

Loukas (snare) - DE MYSTERIIS DOM JOBSIVS

I've not yet seen Loukas present, but I think it's clear from his
ability to pick catchy titles that he has a bright future. EFI OSX
rootkits. Hell yes.

Alex Ionescu - ACPI 5.0 Rootkit Attacks Against Windows 8

Dear Microsoft - please do not send anybody from the Win8 team to our
conference, or read the presentation materials, so that all of Alex's
techniques make it into the release. Love, SyScan.

James Burton (jayji) - Entomology: A Case Study of Rare and Interesting Bugs

For such a tiny place, New Zealand sure does have a lot of hackers
with big brains. Sadly, because it's literally in the middle of
nowhere and keeps falling over, many of you from the developed world
may not be as familiar with them as you probably should. Jayji is the
chief exploit guy for Insomnia, which automatically makes him badass,
and he is going to show us how he exploits bugs. We will learn things.
Hopefully he will not wear the hat he chose for the CFP submission
photo.

Ryan Macarthur ( backpacker ) and SeungJin Lee ( beist ) - PDF/DOC/SWF
payloads are so 2011
( Owning entire organizations with regional software they’ve never heard of )

Beist is seriously awesome. He hacks stuff, wins most of the CTFs he
doesn't run, and drank so much Shochu in Taiwan that he had to be
taken up to his room in a wheelchair. So, when he talks about hacking
stuff, we honestly have no choice but to listen, even with Ryan
tagging along for a free flight. Seriously, though, this talk will
make you think about what your 'attack surface' looks like to real
hackers instead of to PWC or EY.

Jon Oberheide - Exploiting the Linux Kernel: Measures and Countermeasures

While I have, personally, never heard of this Oberheide or the 'Linux'
of which he speaks, I'm told that they're both something of a big
deal, and hey, it has 'Exploiting' in the title. I've also been
instructed to issue this warning to attendees - LADIES! Whatever he
may tell you, he is NOT THAT KIND OF DOCTOR.

Aaron LeMasters - I/O, You own: Regaining control of your disk in the
presence of bootkits

I guess we had to have at least one defensive talk. On the plus side,
the title is pretty good, despite not using the words 'Cloud', 'APT'
or 'Armageddon'. Ignoring the defensive angle, brand new research on
an alternate IO path to disk in Windows sounds pretty awesome.

Paul Craig - iOS Applications - Different Developers, Same Mistakes

Some may not be aware that SyScan practices Affirmative Action for the
Ginger Haired, so with The Grugq not submitting, there was a slot
free. Paul is another Kiwi who doesn't get the notice he probably
should, and despite having a strange fetish for Internet Kiosks, when
he owns something up he usually does a pathologically thorough job.
The fact that he has been looking at iOS banking apps in Singapore
makes me incredibly grateful that I don't bank there.

Edgar Barbosa - Automating the identification of data structures inside binaries

Usually when people start talking about 'SMT Solvers' and 'REIL' and
'formal methods' I just mentally dub them over with the sound of
chickens arguing. However, when Edgar says he can automatically
recover data structures and format from random files and use that to
build better fuzzers, assist with reversing and generally save me days
/ weeks of staring at IDA and hexdumps I instead become mentally
erect.

Lightning Talks

While it's too early to announce a lineup, we will have some. I've
been informed that they will be timed by me drinking beer - this means
that I can personally guarantee that talks which become boring will be
finishing within the following 10 seconds. If you've just read the
awesome lineup we have and decided to come, have something cool to
talk about and don't want to pad it out with fluff, then drop us a
line at cfp at syscan.org! You don't get any money, but you do get
free beer and the the chance to be heckled by a drunk
@nudehaberdasher. Speakers - feel free to submit a lightning as well,
if you think you're hard enough.

TL;DR Summary

The Year of the Dragon may just be the best SyScan Singapore yet.
Also, as far as I am aware, it is the only conference that provides
unlimited free beer for all attendees. I can't believe more people
don't know that. Apparently there will be free soft drinks this year
as well, although I have no idea why anyone would care about that.

Cheers!

ben


More information about the Dailydave mailing list