HACK DURING A PANDEMIC OPERATING SYSTEMS WIRELESS CARS SCADA BROWSERS FIRMWARE BASEBANDS HYPERVISORS PROTOCOLS

AirGap 2020 is a free virtual conference bought to you by ThugCrowd. It will be streamed live to Twitch on the 2nd of May 2020 to your personal sandbox with a focus on weird bugs and unconventional approaches to offensive security. #AirGap2020

Register

Events

Presentations

The main focus of the event is the presentations, these will be held over 8 hours in 30 and 60 minute blocks, with a 5 minute Q&A or break time in between.

Capture the Flag

A CTF will be taking place for the duration of the event. It is open to individuals and teams with winners and prizes to be announced at the end of the event.

Ch0pp3d!

The Ch0pp3d hack-a-thon will run for the duration for the event. It is open to individuals and teams with winners and prizes to be announced at the end of the event.

Mainframe Panel

A Big-Iron security panel, featuring prominent mainframe security experts from around the world (there isn't that many of them).

Twitch2Shell

The infamous ThugCrowd twitch2shell event will return at AirGap2020. Partcipants of the twitch chat can interact with a shell. The only problem is everyone has to share!

Pandemic Party

Stay around after to chat with speakers and guests, discuss solutions to ch0pp3d and the CTF, and enjoy a live DJ set from ytcracker!

Schedule

11:30-04:00
The gap is crossed

The stream will start at 11:30am. The text chat will be spicy and the events will begin.

12:00-04:00
Incubation Period

Guests will be gr33tz'd with a general checkup. All the usual disclaimers and a few words from the ThugCrowd hosts.

12:30-04:00
Satellaview Reverse Engineering
Luigiblood

Come hear the tale of reverse engineering the Satellaview, a satellite add-on for the Super Famicom to download games. You may have never heard of it, but come see how it works!

13:00-04:00
Mainframe Hacker Society Panel

Join the mainframe society, previously operating in secret to further the study and advancement of mainframe security around the world!

14:00-04:00
Switches get Root Canals
Reid Wightman

Come examine a typical Layer 2 switch, without many features, identify a 'root' level vulnerability, and see what we can achieve. Drop or even modify packets in transit? Hide malicious activity?

14:30-04:00
Owning the clout through SSRF and PDF generators
Nahamsec

Come and discuss a number of different methods to exfiltrate data SSRF. We were able to hack some of the major transportation, hospitality, and social media companies for big bounties!

15:00-04:00
Emulating IoT firmware en masse with Docker & QEMU
Ilya

Come see techniques using containers and QEMU used to emulate non-x86 firmware to demonstrate capabilities and limitations when used for security research (and target practice)

16:00-04:00
Rapid Prototyping Chaos
MG

Come see how rapid prototyping has worked for projects that resulted in the demonseed and o.mg cable. MG is a thug of chaos, and this presentation promises to be nothing less!

16:30-04:00
twitch2shell

The Twitch2Shell event will begin! You can interact with a real shell using twitch chat commands. This time can be used for rigorous scrub downs and maintianing healthy fluid levels.

17:00-04:00
Adventures in Binary Golf
netspooky

Hit the back 9 on an adventure of binary mangling and manipulation. Lower your par with approach, rationale and techniques for ELF and PE formats. Enjoy tips, tricks and polyglot treats to minify your game.

17:30-04:00
Viral Vulnerability Disclosure
Casey Ellis

What about disclosure? Does hacking in a skimask make you a burglar? Meet the ghosts of past present and future to create conversation between builders and breakers with disclose.io

18:00-04:00
Modern Linux Heap Exploitation
Dr Silvio Cesare

A classic heap overflow can’t lead to code execution! Come see how with some grooming and a little application login how you can defeat all current mitigations in Linux allocators such as ptmalloc2

18:30-04:00
haha v8 engine go brrrrr
Syed Faraz Abrar

V8 is so complex that it has its own bug classes You'll be able to learn about the gory internals of one of the most used JS engines in the world and the best approach for finding JS engine vulns

19:30-04:00
Code that gets you pwn(s|'d)
Snyff

From regular expression magic to Unicode jiu-jitsu, we will end mixing the two to create some Unicode/regular expression krav maga for maximum damage in Golang, Ruby, Python, C#

20:00-04:00
Outbreak Containment

A recap of the days events will be discussed. This will include announcing the winners of the CTF and Ch0pp3d events.

20:30-04:00
Pandemic Party

Time to let your hair down with community events and music. Booze and chatter optional while maintaining a safe distance (not optional).