Category Archives: News

SOHOplessly Broken Contest!

Despite being widely distributed and deployed in nearly every modern home and small office, SOHO networking equipment has received surprisingly little attention from security researchers. Yet, these devices facilitate the connectivity and protection (we hope) of millions of end-systems. The critical vulnerabilities that persist in these widely used devices demonstrate an urgent need for deeper scrutiny.

SOHOplessly is a no-holds-barred router hacking competition. There will be three (3) tracks that focus on exploiting vulnerabilities.
Track 0 is a pre-con contest. Track 1 is a capture the flag style contest. Track 2 is a surprise contest that will take place at random times throughout the conference.

Please see the contest page for more information!

PancakeCon? PancakeCon!

If you are brave enough to wake early Sunday, October 26 from 8:30 to 11 am, join us at the 1st Annual PancakeCon! PancakeCon is hell-bent on offering the three best hours of eating gourmet pancakes in an interesting atmosphere of demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical InfoSec issues. PancakeCon will be hosted at CyberHive, a nearby incubator and shared workspace dedicated to the building the next generation of cybersecurity products.

More information will be in the program and announced during the conference! PancakeCon.

Hacapocalypse Team Fortress 2 LAN Party!

Join us as San Diego 2600 Presents a Team Fortress 2 LAN Party, Friday, October 24th, at 9PM. Join other hackers in Team Fortress 2 madness, either in the structured team server or on the free-for-all server. Bring your laptop/gaming rig with Team Fortress 2 (available for free on Steam) and join in the fun.

Interested? Please fill out the following form. You do not have to provide your real name or handle, but we would appreciate a count so we can anticipate the number of people interested in playing.

Preliminary Lineup Released!

We’re proud to announce our preliminary lineup for ToorCon San Diego 16. We’ll be posting additional talks and more details over the next week as we finish up the Call for Papers. Also, our Workshops are selling fast so don’t wait too long to register!

Advanced ANDROID & iOS Exploitation Workshop
Instructor: Aditya Gupta, Attify Security

Software Defined Radio Workshop
Instructor: Michael Ossmann, Great Scott Gadgets

MS-SQL Post-exploitation In-depth Workshop
Instructors: Rob Beck & Noelle Murata, Neohapsis

ToorCon 15 Reception

Our reception tonight is at the pool deck on the 3rd Floor. Follow the signs for the Ivory Room. Saturday and Sunday’s events will be on the Second Floor. You’ll need to use the elevators to get up. We’ll see you all soon!

Preliminary Lineup Announced!

We just announced our preliminary lineup of talks for ToorCon 15, go check it out!


Peach Fuzzer: Effective Fuzzing – New!
Michael Eddington

Advanced Mobile Hacking Workshop
Aditya Gupta & Subho Halder

3D Printing Workshop

Software Defined Radio Workshop – Sold Out!
Michael Ossmann

Deep Knowledge Seminars

Defeating Spread Spectrum Communication with Software Defined Radio
Michael Ossmann

Firmware attacks, Copernicus, and You
Xeno Kovah


BREACHing SSL, one byte at a time
@PradoAngelo & @GluckYoel

Multiplexed Wired Attack Surfaces
Michael Ossmann & Kos

x86 Rewriting: Beating Binaries into Submission

Traffic Interception and Remote Mobile Phone Cloning with a Compromised CDMA Femtocell
Doug DePerry & Andrew Rahimi

The Outer Limits: Hacking a Smart TV
Aaron Grattafiori

So you ZMAP’d the internet. Now what?
Paul McMillan

Data Leaking in Next Generation Cars
Christie Dudley / Valkyrie

Clowntown express, interesting bugs and running a bug bounty program
Collin Greene

Are you a Janitor or a Cleaner?
John “geekspeed” Stauffacher / Matthew “mattrix” Hoy

I Can Haz DarkNet & MeshNet Best Practices? : Helping making better decentralized networks, one beer at a time.
Drew Redshift Porter

Applications of Artificial Intelligence in Ad-Hoc Static Code Analysis

Let the Hackers Learn
John Irwin

TPMS Report
Jared Boone

Death by Numbers: Scalable Mobile Malware Heuristics
David Shaw

Managing your pentest data with Kvasir

Rickrolling your neighbors with Google Chromecast
Dan “AltF4” Petro

Making Attacks Go Backwards

Hacking and Reverse Engineering Industrial Control Systems with DOSBox

Bypassing FireEye
AverageJoe / Joe Giron

PeachFuzz Workshop Announced!

Fuzzing is the technique of finding flaws and vulnerabilities in solutions through the mutation of data. This technique is a preferred way of both defenders and attackers to discover vulnerabilities in a system. The Peach Fuzzing Framework is the most widely used fuzzing system. Researchers, corporations, and governments use Peach to find vulnerabilities in systems. Peach was designed to fuzz any type of data consumer from servers to embedded systems. Peach is a cross platform system running on Windows, Linux, and OS X.

This class will focus on the latest release of Peach 3 and is taught by Michael Eddington the creator of Peach.

You will learn to create both dumb and smart fuzzers and apply these concepts and tools to their unique environment. The course is designed to be student-centric, hands-on, and lab intensive. On day one the Peach Fuzzing Framework is introduced from a practitioner’s perspective. You will learn how to use Peach to fuzz a variety of targets including network clients & servers, file consumers, and API interfaces such as COM. On the second day you will develop and run fuzzers against different targets mutating data and collecting crashes.

TC:SD Peach Fuzzing + Seminar