mailing list archives
Hackito Ergo Sum 2011 - Call For Paper - HES2011 CFP
From: Philippe Langlois <philippe.langlois () gmail com>
Date: Mon, 8 Nov 2010 19:06:28 +0100
Hackito Ergo Sum 2011 - Call For Paper - HES2011 CFP
** http://hackitoergosum.org **
7-9 April 2011 / Paris / France
1111111111111111111111111111111111111111111111111 HES 2011
1111111111111111111111111111111111111111111111111 Paris, 7-9 April 2011
Hackito Ergo Sum conference will be held from April 7th to the 9th of
in Paris, France.
Following last edition's success, HES2011 will be a bigger event with
talks, focusing on hardcore computer & network security, insecurity,
vulnerability analysis, reverse engineering, research and hacking,
and will try
to keep the high quality content. Our dear Program Committee is there to
HES will this year be a fully international-oriented conference, 100% in
English, aiming to gather the best security researchers, experts and
makers in one room.
The goal of this conference is to promote security research, broaden
awareness and create an open forum so that communication between the
researchers, the security industry, the experts and the public can
Last year, we pioneered a domain with the first Capture The Flag
on FPGA, with excellent result that exceeded by far our expectations.
year, new contests will run with hopefully even more diverse and new
to security. Of course, network-based CTF and lockpicking contest
We will have a specific session for new works, including slots for new
presenters -i.e. typically people whose personal research are extremely
interesting but who do not usually present at conferences- because
security innovations occur at the fringe of the security industry,
very often by
passionate people, and that's what we are and love. Submissions from
academics or otherwise passionate people from anywhere on the
therefore most welcome.
We will also have an anonymous side track so that people who wish to
subjects can do so in total freedom. As we believe the academic
system as setup a good
precedent with anonymous submissions, review and voting, we wish to
pursue this direction
by providing researcher a way to share important contribution without
with politics and other non-research influences.
This conference will try to take into account all voices in order to
balanced position regarding research and security, inviting businesses,
governmental actors, researchers, professionals and the general
public to share
concerns, approaches and interests for this topic.
During three days research conferences, solutions presentations,
debates will aim to view and determine the future of IT security.
--[ Content of the Research Track:
We are expecting submissions in English only.
The format will be 45 mins presentation + 10 mins Q&A.
Please note that talks whose content will be judged too commercial or
toward a given vendor will be rejected.
For the research track, preference will be given to offensive,
highly technical proposals covering (but not restricted to) the
[*] Attacking Software
* Automating vulnerability discovery
* The business of the 0-day market
* Non-x86 exploitation
* New classes of software vulnerabilities and new methods to detect
software bugs (source or binary based)
* Static and Dynamic binary or source-based analysis
* Current exploitation on Gnu/Linux WITH GRsecurity/SElinux/
and other current protection methods
* Kernel land exploits (new architectures or remote only)
* New advances in Attack frameworks and automation
* Secure Development Life Cycle and real-life development
[*] Attacking Infrastructures
* Botnets and C&C abuses
* Exotic Network Attacks
* Telecom (from VoIP to SS7 to GSM & 3G/4G RF hacks)
* Financial and Banking institutions
* SCADA and the industrial world, applied.
* Governmental firewall and their limits (Australia, French's
China, Iran, Denmark, Germany, ...)
* Law enforcement : how to / how to deceive / how to abuse.
* Satellites, Military, Intelligence data collection backbones
("I hacked Echelon and I would like to share")
* Non-IP (SNA, ISO, make us dream...)
* Wormable vulnerabilities against protocols & infrastructures
[*] Attacking Hardware
* Hardware reverse engineering (and exploitation + backdooring)
* Femto-cell hacking (3G, LTE, ...)
* BIOS and otherwise low-level exploitation vectors
* Real-world SMM usage! We know it's vulnerable, now let's do
* WiFi drivers and System on Chip (SoC) overflow, exploitation and
* Gnu Radio hacking applied to new domains
[*] Attacking Crypto
* Practical crypto attacks from the hacker's perspective
(RCE, algo modeling, bruteforce, FPGA ...)
* Algorithm strength modeling and evaluation metrics
* Hashing functions pre-image attacks
* Crypto where you wouldn't think there is
We highly encourage any other presentation topic that we may not even
[*] Required information:
Submitions must (see RFC 2119 for the meaning of this word) contain the
* Speaker's name or alias
* Presentation Title
* Needs: Internet? Others?
* Company (name) or Independent?
* Demo (Y/N)
We highly encourage and will favor presentations with a demo.
Submissions may contain the following information:
[*] How to submit:
Submit your presentation and materials at:
If you want to organize a workshop or any other activity during the
you are most welcome. Please contact us at:
hes2011-orga () lists hackitoergosum org
2010-11-15 Call for Paper
2011-02-20 Submission Deadline
2011-02-21 Acceptance notification
2011-03-01 Program announcement
2011-04-07 Start of conference
2011-04-09 End of conference
--[ Program Committe:
The submissions will be reviewed by the following program committee:
* Tavis Ormandy (Google) @taviso
* Matthew Conover (Symantec) @symcmatt
* Jason Martin (SDNA Consulting, Shakacon)
* Stephen Ridley @s7ephen
* Mark Dowd (AzimuthSecurity) @mdowd
* Tiago Assumpcao
* Alex Rice (Facebook) facebook.com/rice
* Pedram Amini (ZDI) @pedramamini
* Erik Cabetas
* Dino A. Dai Zovi (Trail Of Bits) @dinodaizovi
* Alexander Sotirov @alexsotirov
* Barnaby Jack (IOActive) @barnaby_jack
* Charlie Miller (SecurityEvaluators) @0xcharlie
* David Litchfield (V3rity Software) @dlitchfield
* Lurene Grenier (Harris) @pusscat
* Alex Ionescu @aionescu
* Nico Waisman (Immunity) @nicowaisman
* Philippe Langlois (P1 Security, TSTF, /tmp/lab) @philpraxis
* Jonathan Brossard (Toucan System, P1 Code Security, /tmp/lab)
* Matthieu Suiche (MoonSols) @msuiche
* Piotr Bania @piotrbania
* Laurent Gaffié (Stratsec) @laurentgaffie
* Julien Tinnes (Google)
* Brad Spengler (aka spender) (Grsecurity)
* Silvio Cesare (Deakin University) @silviocesare
* Carlos Sarraute (Core security)
* Cesar Cerrudo (Argeniss) @cesarcer
* Daniel Hodson (aka mercy) (Ruxcon)
* Nicolas Ruff (E.A.D.S) @newsoft
* Julien Vanegue (Microsoft US) @jvanegue
* Itzik Kotler (aka izik) (Security Art) @itzikkotler
* Rodrigo Branco (aka BSDeamon) (Checkpoint) @bsdaemon
* Tim Shelton (aka Redsand) (HAWK Network Defense) @redsandbl4ck
* Ilja Van Sprundel (IOActive)
* Raoul Chiesa (TSTF)
* Dhillon Andrew Kannabhiran (HITB) @hackinthebox
* Philip Petterson (aka Rebel)
* The Grugq (COSEINC) @thegrugq
* Emmanuel Gadaix (TSTF) @gadaix
* Kugg (/tmp/lab)
* Harald Welte (gnumonks.org) @LaF0rge
* Van Hauser (THC)
* Fyodor Yarochkin (Armorize) @fygrave
* Gamma (THC, Teso)
* Pipacs (Linux Kernel Page Exec Protection)
* Shyama Rose @shazzzam
Business-ticket (3 days) 120 EUR
Public entrance (3 days) 80 EUR
Discount for Students below 26 (3 days) 40 EUR
Discount for CVE publisher or exploit publisher in 2010-2011(3d) 40 EUR
One-day pass 40 EUR
Volunteers (Must register, see below) (3 days) 0 EUR
The list of trainings for HES2011 will be announced shortly after CFP
You can still send us training description to hes2011-orga
if you want to offer some training. Trainings will happen from Monday
4th of April until
Wednesday 6th of April, just before the conference.
We are looking for sponsors.
Entrance fees and sponsors fees are used to fund international
costs and hosting facility. Please ask for the HES2011 Sponsor Kit at
hes2011-orga __AT__ lists.hackitoergosum.org.
Volunteers who sign up before 2011-03-01 get free access and will
need to be
present onsite two days before (2011-04-05) if no further arrangement
with the organization.
Journalists are welcome, but are required to comply with simple rules
the mutual respect among adults we aim to bring in hackito. In
filming or taking pictures of attendees without their prior agreement
prohibited. "We shall respect privacy and people" is the only motto.
We would like to thank the HES2010 Team, its reviewing committee and
volunteers for their time and dedication in making this event a success.
Thumbs up to the /tmp/lab hackerspace for their support and the final
party which was a tremendous success.
We would also like to greet all the speakers of last year's edition
quality of their presentation and the great time we shared in Paris :
all most welcome back in Paris for the 2011 edition.
Likewise, we'd like to thank last year's sponsors for their
support. Feel free to support us again for this 2011 edition.
Finally, we would like to thank all the people that participated to
edition : the conference is the people :) See you all in April !
hes2011-orga __AT__ lists.hackitoergosum.org
Hackito Ergo Sum 2011 conference - http://hackitoergosum.org
Hacker Space Festival - http://www.hackerspace.net
-- [ Social Media:
Keep in touch with the HES Organization via Facebook, Twitter and
"Hackito Ergo Sum" on Facebook -
@HackitoErgoSum on Twitter ! - https://twitter.com/HackitoErgoSum
HackitoErgoSum on Linkedin ! - http://www.linkedin.com/groups?
- Hackito Ergo Sum 2011 - Call For Paper - HES2011 CFP Philippe Langlois (Nov 08)