The gap is crossed
The stream will start at 11:30am. The text chat will be spicy and the events will begin.
Guests will be gr33tz'd with a general checkup. All the usual disclaimers and a few words from the ThugCrowd hosts.
Satellaview Reverse Engineering
Come hear the tale of reverse engineering the Satellaview, a satellite add-on for the Super Famicom to download games. You may have never heard of it, but come see how it works!
Switches get Root Canals
Come examine a typical Layer 2 switch, without many features, identify a 'root' level vulnerability, and see what we can achieve. Drop or even modify packets in transit? Hide malicious activity?
Owning the clout through SSRF and PDF generators
Come and discuss a number of different methods to exfiltrate data SSRF. We were able to hack some of the major transportation, hospitality, and social media companies for big bounties!
Emulating IoT firmware en masse with Docker & QEMU
Come see techniques using containers and QEMU used to emulate non-x86 firmware to demonstrate capabilities and limitations when used for security research (and target practice)
Rapid Prototyping Chaos
Come see how rapid prototyping has worked for projects that resulted in the demonseed and o.mg cable. MG is a thug of chaos, and this presentation promises to be nothing less!
The Twitch2Shell event will begin! You can interact with a real shell using twitch chat commands. This time can be used for rigorous scrub downs and maintianing healthy fluid levels.
Adventures in Binary Golf
Hit the back 9 on an adventure of binary mangling and manipulation. Lower your par with approach, rationale and techniques for ELF and PE formats. Enjoy tips, tricks and polyglot treats to minify your game.
Viral Vulnerability Disclosure
What about disclosure? Does hacking in a skimask make you a burglar? Meet the ghosts of past present and future to create conversation between builders and breakers with disclose.io
Modern Linux Heap Exploitation
Dr Silvio Cesare
A classic heap overflow can’t lead to code execution! Come see how with some grooming and a little application login how you can defeat all current mitigations in Linux allocators such as ptmalloc2
haha v8 engine go brrrrr
Syed Faraz Abrar
V8 is so complex that it has its own bug classes You'll be able to learn about the gory internals of one of the most used JS engines in the world and the best approach for finding JS engine vulns
Code that gets you pwn(s|'d)
From regular expression magic to Unicode jiu-jitsu, we will end mixing the two to create some Unicode/regular expression krav maga for maximum damage in Golang, Ruby, Python, C#
A recap of the days events will be discussed. This will include announcing the winners of the CTF and Ch0pp3d events.
Time to let your hair down with community events and music. Booze and chatter optional while maintaining a safe distance (not optional).