{"id":42,"date":"2011-12-10T21:28:00","date_gmt":"2011-12-10T21:28:00","guid":{"rendered":"http:\/\/www.thehhd.com\/HES\/?page_id=42"},"modified":"2012-03-17T15:09:38","modified_gmt":"2012-03-17T15:09:38","slug":"call-for-paper","status":"publish","type":"page","link":"http:\/\/2012.hackitoergosum.org\/blog\/home\/call-for-paper","title":{"rendered":"CALL FOR PAPER"},"content":{"rendered":"

If you want to propose your talk, please contact the CFP Team<\/a><\/p>\n

–[ Synopsis:<\/p>\n

This is the final call for papers for the HES 2012 Conference.
\nHackito Ergo Sum 2012 will take place in Paris from the\u00a012th to the 14th of April 2012.<\/p>\n

–[ What is HES ? Why would I like it anyway ?<\/p>\n

HES is a 100% hardcore technical security conference. HES is\u00a0unique by its continuous outstanding technical quality, but also\u00a0by its unusual freedom and spirit. HES is a 100% non profit conference,\u00a0mainly supported by the \/tmp\/lab Parisian hackerspace and generous\u00a0sponsors (who in exchange for their sponsoring, don’t get their say\u00a0on any of the organisation, format or content of the conference :).<\/p>\n

If you are unsure of wether you’ll like it, feel free to have a look\u00a0at the content of previous editions. Talks included topics such as\u00a0SS7 phone networks hacking, satellites take overs via x25, kernel land\u00a0exploits against grsecurity hardened kernels, or the pwnie awards\u00a0winner Tarjei Mandt for his first presentation on this topic (note\u00a0to Dave Aitel: yeah man, face it, it was first seen at HES !!) and\u00a0many more.<\/p>\n

Presentations on new R&D projects are the core of the conference.
\nBy R&D and security, HES really means new offensive R&D security.
\nResearchers from all around the internet are welcome to come to\u00a0Paris and talk, without discrimination whatsoever : everyone is\u00a0equal in front of a computer. Maybe skills appart that is \ud83d\ude09<\/p>\n

HES is also an open big party, by the hacking community and for the\u00a0hacking community, with people coming literally from around the world.
\nIf you’d like to not only come, but be part of HES by organising a\u00a0workshop (lockpickers and organisers of a social engineering contest
\nwanted !) or contest : please do and refer the relevant section below.<\/p>\n

–[ Quality:<\/p>\n

The quality of submitions is so critical to the Hackito Ergo Sum\u00a0conference that papers will be reviewed by the scary HES Programming\u00a0Comitee of death. It wasn’t made to dissuade you from submitting,\u00a0but to ensure that the talks selected for HES will be as interresting\u00a0and new as possible.<\/p>\n

Submitions should be original and as fresh as in “never seen anywhere\u00a0before”. Massive upgrades and significant new research added to\u00a0talks previously presented at a few great conferences may make it.\u00a0Talks given more than 3 times will be rejected.<\/p>\n

Intense debates often spread inside the Programming Comitee on wether\u00a0a given topic is of interrest or new at all. Consensus as been reached\u00a0though regarding a few security buzz words. In order to avoid bullshit\u00a0talks, topics on Social Engineering and SCADA will only be considered\u00a0if demos are provided, and if themagnitude of the attack would at least\u00a0affect affect a significant portion of say, a city. Old well documented\u00a0techniques such as web applications (especially XSS, CSRF and clickjacking)\u00a0but also basic exploitation techniques (or easy targets lacking modern\u00a0security protections) are discouraged. To the opposite, hacking non\u00a0understood and poorly documented technologies including for instance hardware,\u00a0protocols, architectures, devices, networks, or applications among\u00a0others are warmly welcome.<\/p>\n

In a nutshell, submitions on how to achieve world domination in 2012\u00a0and how to eventually avoid it are of primary importance. How to survive and
\nfacilitate privacy in an incrinsingly policed internet are also a concerned.<\/p>\n

–[ Submitting:<\/p>\n

We are glad you are reading this section and are therefore thinking about
\nsubmitting to HES.<\/p>\n

Before submitting, we gently recommand you to have a look at the presentations\u00a0submitted in 2010 and 2011. It would give you an idea wether your talk may make\u00a0it to HES.<\/p>\n

We are accepting submissions in English only.
\nThe format will be of 45 mins presentation + 10 mins Q&A.<\/p>\n

Please note that talks with content will judged commercial or non vendor neutral\u00a0will be rejected and\/or interrupted on stage.<\/p>\n

For this conference, preference will be given to offensive, innovative and\u00a0highly technical proposals covering (but not restricted to) the topics below:<\/p>\n

[*] Attacking Software
\n* Attacking the Internet Of Things
\n* Automating vulnerability discovery
\n* Weaponization and underworld\/government exploit market intelligence
\n* Non-x86, MIPS, ARM and x64 specific exploitation techniques
\n* Smarter and Dumber fuzzing for binary only vulnerability hunt
\n* Static and Dynamic binary or source-based analysis
\n* Hacking mobile: defeating iOS and Android security
\n* Kernel land exploits
\n* New advances in Attack frameworks and automation
\n* Virtual Machines and Virtual Infrastructures evasion
\n* Governmentalization of hacking projection force<\/p>\n

[*] Attacking Infrastructures
\n* Bank & insurance: Swift and national electronic fund transfer technologies
\n* Telecom attacks
\n* Vulnerability scanning in new networks environments.
\n* Living in a post-Duqu, post-Stuxnet world
\n* Circumventing Governmental firewalls
\n* Lawful interception and DPI: evasion, exploitation, detection
\n* Military & Intelligence data collection backbones
\n* Post monitoring techniques: Passive network attack
\n* GAN attacks
\n* Who’s the less secure: GPS or Galileo, show how<\/p>\n

[*] Attacking Hardware
\n* Drone hacking: Tic-Tac-Toe in the sky with Reaper and Raptor
\n* Robots MCU infection: STDs for Petman and Bigdog?
\n* Attacking Wireless Sensors and their underlying networks.
\n* Hardware reverse engineering (and exploitation + backdooring)
\n* LTE mobile phone attack
\n* eNode-B hacking
\n* Hacking UEFI & Secure Boot
\n* Gnu Radio hacking applied to new domains
\n* RFID exploitation
\n* Hacking radio protocols, specifications and implementations<\/p>\n

[*] Attacking Crypto
\n* Identity Based Encryption attacks
\n* Quantum-based attacks of asymetric crypto
\n* Linear\/differential cryptanalysis of contemporary ciphers
\n* Crypto Algorithm strength modeling and evaluation metrics
\n* Crypto where you wouldn’t think there is
\n* Weak crypto in common radio links: from heartbeat links to microwave backhaul<\/p>\n

We highly encourage topics entirely new and discuptive.<\/p>\n

–[ Submissions:<\/p>\n

[*] Required information:<\/p>\n

Submitions must contain the following information:<\/p>\n

* Speakers name or alias
\n* Biography
\n* Presentation Title
\n* Description
\n* Needs: Internet? Others?
\n* Company (name) or Independent?
\n* Address
\n* Phone
\n* Email
\n* Demo (Y\/N)<\/p>\n

We highly encourage and will favor presentations with demos.<\/p>\n

Specify if submission contains any of the following information:
\n* Tool
\n* Slides
\n* Whitepaper<\/p>\n

[*] How to submit:<\/p>\n

Submit your presentation and materials by sending a mail at:<\/p>\n

hes-cfp@hackitoergosum.org<\/p>\n

–[ Wargame:<\/p>\n

As in all the previous editions of HES, Steven from the Over The Wire\u00a0community will charm and delight us with a wargame in the Russian\u00a0Mob thema. You will have to face one of the most active cyber mafia in the world.\u00a0Otlichno! We’d like to thank Steven for his amazing job at untertaining\u00a0us with both intellectually challenging and phun wargames.<\/p>\n

Stevens wargames are always very creative, and have a reputation to be both\u00a0terribly exciting and technically challenging.<\/p>\n

–[ Workshops:<\/p>\n

If you want to organize a workshop or any other activity during the conference,\u00a0you are most welcome. Please contact us at:
\nhes-orga@lists.hackitoergosum.org<\/p>\n

We’d like to see lockpicking, Social Engineering , phone moding, demo making,\u00a0DIY eletronics workshops among others.<\/p>\n

–[ Dates:<\/p>\n

2012-02-13 Final Call for Paper
\n2012-03-01 Submission Deadline
\n2012-03-05 Acceptance notification
\n2012-03-05 Program announcement
\n2012-04-12 Start of conference
\n2012-04-14 End of conference<\/p>\n

–[ Program Committe:<\/p>\n

The submissions will be reviewed by the following program committee:
\n* Tavis Ormandy (Google) @taviso
\n* Matthew Conover @symcmatt
\n* Jason Martin (SDNA Consulting, Shakacon)
\n* Stephen Ridley @s7ephen
\n* Mark Dowd (AzimuthSecurity) @mdowd
\n* Tiago Assumpcao (RIM)
\n* Alex Rice (Facebook) facebook.com\/rice
\n* Pedram Amini @pedramamini
\n* Erik Cabetas (Include Security)
\n* Dino A. Dai Zovi (Trail Of Bits) @dinodaizovi
\n* Alexander Sotirov @alexsotirov
\n* Barnaby Jack (McAfee) @barnaby_jack
\n* Charlie Miller (Accuvant) @0xcharlie
\n* David Litchfield (Accuvant) @dlitchfield
\n* Lurene Grenier (Harris) @pusscat
\n* Alex Ionescu @aionescu
\n* Nico Waisman (Immunity) @nicowaisman
\n* Philippe Langlois (P1 Security, TSTF, \/tmp\/lab) @philpraxis
\n* Jonathan Brossard (Toucan System, \/tmp\/lab) @endrazine
\n* Matthieu Suiche (MoonSols) @msuiche
\n* Piotr Bania @piotrbania
\n* Laurent Gaffie @laurentgaffie
\n* Julien Tinnes (Google)
\n* Brad Spengler (aka spender) (Grsecurity)
\n* Silvio Cesare (Deakin University) @silviocesare
\n* Carlos Sarraute (Core security)
\n* Cesar Cerrudo (IOActive) @cesarcer
\n* Daniel Hodson (aka mercy) (Ruxcon)
\n* Nicolas Ruff (E.A.D.S) @newsoft
\n* Julien Vanegue (Microsoft Security, Redmond) @jvanegue
\n* Itzik Kotler (aka izik) @itzikkotler
\n* Rodrigo Branco (aka BSDeamon) (Qualys) @bsdaemon
\n* Tim Shelton (aka Redsand) (HAWK Network Defense) @redsandbl4ck
\n* Ilja Van Sprundel (IOActive)
\n* Raoul Chiesa (TSTF)
\n* Dhillon Andrew Kannabhiran (HITB) @hackinthebox
\n* Philip Petterson (aka Rebel)
\n* The Grugq (COSEINC) @thegrugq
\n* Emmanuel Gadaix (TSTF) @gadaix
\n* Kugg (\/tmp\/lab)
\n* Harald Welte (gnumonks.org) @LaF0rge
\n* Van Hauser (THC)
\n* Fyodor Yarochkin (Armorize) @fygrave
\n* Gamma (THC, Teso)
\n* Pipacs (Linux Kernel Page Exec Protection)
\n* Shyama Rose @shazzzam<\/p>\n

Note: Hackito Ergo Sum would like to thank all those great researchers\u00a0for their unvaluable help in detecting the good ideas and potential\u00a0great talks in the HES submissions.<\/p>\n

–[ Trainings<\/p>\n

There will be no trainings in 2012. We hope to be able to offer trainings\u00a0in 2013. Thanks for those who submitted training offers this year : we got
\namazing proposals.<\/p>\n

-[EOF]-
\nTweet<\/a>
\n