If you want to propose your talk, please contact the CFP Team

–[ Synopsis:

This is the final call for papers for the HES 2012 Conference.
Hackito Ergo Sum 2012 will take place in Paris from the 12th to the 14th of April 2012.

–[ What is HES ? Why would I like it anyway ?

HES is a 100% hardcore technical security conference. HES is unique by its continuous outstanding technical quality, but also by its unusual freedom and spirit. HES is a 100% non profit conference, mainly supported by the /tmp/lab Parisian hackerspace and generous sponsors (who in exchange for their sponsoring, don’t get their say on any of the organisation, format or content of the conference :).

If you are unsure of wether you’ll like it, feel free to have a look at the content of previous editions. Talks included topics such as SS7 phone networks hacking, satellites take overs via x25, kernel land exploits against grsecurity hardened kernels, or the pwnie awards winner Tarjei Mandt for his first presentation on this topic (note to Dave Aitel: yeah man, face it, it was first seen at HES !!) and many more.

Presentations on new R&D projects are the core of the conference.
By R&D and security, HES really means new offensive R&D security.
Researchers from all around the internet are welcome to come to Paris and talk, without discrimination whatsoever : everyone is equal in front of a computer. Maybe skills appart that is 😉

HES is also an open big party, by the hacking community and for the hacking community, with people coming literally from around the world.
If you’d like to not only come, but be part of HES by organising a workshop (lockpickers and organisers of a social engineering contest
wanted !) or contest : please do and refer the relevant section below.

–[ Quality:

The quality of submitions is so critical to the Hackito Ergo Sum conference that papers will be reviewed by the scary HES Programming Comitee of death. It wasn’t made to dissuade you from submitting, but to ensure that the talks selected for HES will be as interresting and new as possible.

Submitions should be original and as fresh as in “never seen anywhere before”. Massive upgrades and significant new research added to talks previously presented at a few great conferences may make it. Talks given more than 3 times will be rejected.

Intense debates often spread inside the Programming Comitee on wether a given topic is of interrest or new at all. Consensus as been reached though regarding a few security buzz words. In order to avoid bullshit talks, topics on Social Engineering and SCADA will only be considered if demos are provided, and if themagnitude of the attack would at least affect affect a significant portion of say, a city. Old well documented techniques such as web applications (especially XSS, CSRF and clickjacking) but also basic exploitation techniques (or easy targets lacking modern security protections) are discouraged. To the opposite, hacking non understood and poorly documented technologies including for instance hardware, protocols, architectures, devices, networks, or applications among others are warmly welcome.

In a nutshell, submitions on how to achieve world domination in 2012 and how to eventually avoid it are of primary importance. How to survive and
facilitate privacy in an incrinsingly policed internet are also a concerned.

–[ Submitting:

We are glad you are reading this section and are therefore thinking about
submitting to HES.

Before submitting, we gently recommand you to have a look at the presentations submitted in 2010 and 2011. It would give you an idea wether your talk may make it to HES.

We are accepting submissions in English only.
The format will be of 45 mins presentation + 10 mins Q&A.

Please note that talks with content will judged commercial or non vendor neutral will be rejected and/or interrupted on stage.

For this conference, preference will be given to offensive, innovative and highly technical proposals covering (but not restricted to) the topics below:

[*] Attacking Software
* Attacking the Internet Of Things
* Automating vulnerability discovery
* Weaponization and underworld/government exploit market intelligence
* Non-x86, MIPS, ARM and x64 specific exploitation techniques
* Smarter and Dumber fuzzing for binary only vulnerability hunt
* Static and Dynamic binary or source-based analysis
* Hacking mobile: defeating iOS and Android security
* Kernel land exploits
* New advances in Attack frameworks and automation
* Virtual Machines and Virtual Infrastructures evasion
* Governmentalization of hacking projection force

[*] Attacking Infrastructures
* Bank & insurance: Swift and national electronic fund transfer technologies
* Telecom attacks
* Vulnerability scanning in new networks environments.
* Living in a post-Duqu, post-Stuxnet world
* Circumventing Governmental firewalls
* Lawful interception and DPI: evasion, exploitation, detection
* Military & Intelligence data collection backbones
* Post monitoring techniques: Passive network attack
* GAN attacks
* Who’s the less secure: GPS or Galileo, show how

[*] Attacking Hardware
* Drone hacking: Tic-Tac-Toe in the sky with Reaper and Raptor
* Robots MCU infection: STDs for Petman and Bigdog?
* Attacking Wireless Sensors and their underlying networks.
* Hardware reverse engineering (and exploitation + backdooring)
* LTE mobile phone attack
* eNode-B hacking
* Hacking UEFI & Secure Boot
* Gnu Radio hacking applied to new domains
* RFID exploitation
* Hacking radio protocols, specifications and implementations

[*] Attacking Crypto
* Identity Based Encryption attacks
* Quantum-based attacks of asymetric crypto
* Linear/differential cryptanalysis of contemporary ciphers
* Crypto Algorithm strength modeling and evaluation metrics
* Crypto where you wouldn’t think there is
* Weak crypto in common radio links: from heartbeat links to microwave backhaul

We highly encourage topics entirely new and discuptive.

–[ Submissions:

[*] Required information:

Submitions must contain the following information:

* Speakers name or alias
* Biography
* Presentation Title
* Description
* Needs: Internet? Others?
* Company (name) or Independent?
* Address
* Phone
* Email
* Demo (Y/N)

We highly encourage and will favor presentations with demos.

Specify if submission contains any of the following information:
* Tool
* Slides
* Whitepaper

[*] How to submit:

Submit your presentation and materials by sending a mail at:


–[ Wargame:

As in all the previous editions of HES, Steven from the Over The Wire community will charm and delight us with a wargame in the Russian Mob thema. You will have to face one of the most active cyber mafia in the world. Otlichno! We’d like to thank Steven for his amazing job at untertaining us with both intellectually challenging and phun wargames.

Stevens wargames are always very creative, and have a reputation to be both terribly exciting and technically challenging.

–[ Workshops:

If you want to organize a workshop or any other activity during the conference, you are most welcome. Please contact us at:

We’d like to see lockpicking, Social Engineering , phone moding, demo making, DIY eletronics workshops among others.

–[ Dates:

2012-02-13 Final Call for Paper
2012-03-01 Submission Deadline
2012-03-05 Acceptance notification
2012-03-05 Program announcement
2012-04-12 Start of conference
2012-04-14 End of conference

–[ Program Committe:

The submissions will be reviewed by the following program committee:
* Tavis Ormandy (Google) @taviso
* Matthew Conover @symcmatt
* Jason Martin (SDNA Consulting, Shakacon)
* Stephen Ridley @s7ephen
* Mark Dowd (AzimuthSecurity) @mdowd
* Tiago Assumpcao (RIM)
* Alex Rice (Facebook) facebook.com/rice
* Pedram Amini @pedramamini
* Erik Cabetas (Include Security)
* Dino A. Dai Zovi (Trail Of Bits) @dinodaizovi
* Alexander Sotirov @alexsotirov
* Barnaby Jack (McAfee) @barnaby_jack
* Charlie Miller (Accuvant) @0xcharlie
* David Litchfield (Accuvant) @dlitchfield
* Lurene Grenier (Harris) @pusscat
* Alex Ionescu @aionescu
* Nico Waisman (Immunity) @nicowaisman
* Philippe Langlois (P1 Security, TSTF, /tmp/lab) @philpraxis
* Jonathan Brossard (Toucan System, /tmp/lab) @endrazine
* Matthieu Suiche (MoonSols) @msuiche
* Piotr Bania @piotrbania
* Laurent Gaffie @laurentgaffie
* Julien Tinnes (Google)
* Brad Spengler (aka spender) (Grsecurity)
* Silvio Cesare (Deakin University) @silviocesare
* Carlos Sarraute (Core security)
* Cesar Cerrudo (IOActive) @cesarcer
* Daniel Hodson (aka mercy) (Ruxcon)
* Nicolas Ruff (E.A.D.S) @newsoft
* Julien Vanegue (Microsoft Security, Redmond) @jvanegue
* Itzik Kotler (aka izik) @itzikkotler
* Rodrigo Branco (aka BSDeamon) (Qualys) @bsdaemon
* Tim Shelton (aka Redsand) (HAWK Network Defense) @redsandbl4ck
* Ilja Van Sprundel (IOActive)
* Raoul Chiesa (TSTF)
* Dhillon Andrew Kannabhiran (HITB) @hackinthebox
* Philip Petterson (aka Rebel)
* The Grugq (COSEINC) @thegrugq
* Emmanuel Gadaix (TSTF) @gadaix
* Kugg (/tmp/lab)
* Harald Welte (gnumonks.org) @LaF0rge
* Van Hauser (THC)
* Fyodor Yarochkin (Armorize) @fygrave
* Gamma (THC, Teso)
* Pipacs (Linux Kernel Page Exec Protection)
* Shyama Rose @shazzzam

Note: Hackito Ergo Sum would like to thank all those great researchers for their unvaluable help in detecting the good ideas and potential great talks in the HES submissions.

–[ Trainings

There will be no trainings in 2012. We hope to be able to offer trainings in 2013. Thanks for those who submitted training offers this year : we got
amazing proposals.