______ _ _ ____ ___ _ _
/ / _ \ ___ ___ | |_ ___ __| |/ ___/ _ \| \ | |
/ /| |_) / _ \ / _ \| __/ _ \/ _` | | | | | | \| |
/ / | _ < (_) | (_) | || __/ (_| | |__| |_| | |\ |
/_/ |_| \_\___/ \___/ \__\___|\__,_|\____\___/|_| \_|
*** /RootedCON'2022 - Main activity ***
-=] About RootedCON
RootedCON is a technology congress that will be developed in Madrid
(Spain) from 10 - 12 of march 2022.
With an estimated seating from 2.500 to 3.000 people, is the most
relevant specialized congress that is held in the country, and one of
the most relevant in Europe, with attendee profiles ranging from
students, Law Enforcenment Agencies to professionals in the technology
and information security market and, even, just passionate people.
This is our XII edition, after the restrictions pause. And as in every
edition, we want it to make it special :)
-=] Talk types
We will mostly accept two kind of talks:
- Fast talks: 20 minutes.
- Standard talks: 50 minutes.
There will exist a limited number of talks of both types having, even,
the possibility of working with the schedule to extend a talk beyond the
20 minutes limit, or to reduce a 50 minutes one.
We encourage you to BE ORIGINAL with your proposals. We accept *rare*
talks and thematic, on culture or politics (always orbiting around the
concepts technological or Information Security).
-=] International speakers
There is simultaneous Spanish-English and English-Spanish translation on
all tracks, so please do not hesitate to inscribe a talk, wherever you
are from :)
Be sure to indicate the language in which you will give it:
[ES] - Spanish
[EN] - English
=] Topics we are looking for
Any interesting topic related to TECHNOLOGY, having examples below and
not limited to:
- ANY original topic that contributes content to our audience!
- APT, botnets and malware.
- Obviously, ransomware!
- BIO Hacking and alternative disciplines
- Any hacking topic in any environment: IP, OT, IoT, Cloud, EDGE,
Satellites, Mobiles...
- Reverse engineering, debugging, hooking, fuzzing, exploiting, DFIR,...
- Financial Tech (FinTech)
- Hardware Hacking, Jtag, SWJ, Dap, consoles,...
- Videogames, cheats...
- Cryptography, steganography, covert channels,...
- DEV/SEC/OPS.
- DEV: MQTT, AMQP, development patterns, distributed development,
CI/CD...
- OPS: puppet, jenkins, orchestration, virtualization and containers,
artifacts,...
- Culture, philosophy and ethics, future, innovation ... the world!
-=] Talk submission procedure
We will only accept talks submitted throught the official speaker form:
https://cfp.rootedcon.com/ (both english and spanish)
Any other talk submission will be considered "unofficial" and will not
have any guarantee in being selected.
-=] Speaker benefits and privileges
Every speaker will get these benefits and privileges:
- ONE extra ticket for a partner (1 ticket) to attend the event.
- Diner with all the speakers, RootedLABS trainees, sponsors and the
RootedCON team.
- Accommodation (RootedCON carries with the costs, even the partner)
- Travelling (RootedCON carries with the speaker's costs)
- Full access to all congress areas all the event long.
- The possibility of repeating the speech up to three times, one in
every track (depending of the final rating).
- Some free drinks in the party :)
- Potential job offers management.
- A gift from the organization.
-=] Obligations and duties of the speaker
All speakers that inscribed a talk and get selected must:
a) Confirm that the talk is TECHNICAL and it is supported with Proof of
Concepts (PoC). If PoC are not available, it should be justified.
Lately all I've been doing is data science but I've been trying to keep up
with some of the cool work happening in the cybers as well. One project I
think is especially cool is the Joern Ghidra2CPG project.
https://twitter.com/fabsx00/status/1466302205019971586?s=20https://joern.io/blog/joern-supports-binary/
The theory is that you can use the Ghidra decompiler, then have a code
property graph, which they store in a special purpose in-memory graph
database (that should probably be ported to A REAL GRAPH DATABASE). Then
you can make queries in scala (ugh) against that DB to find bugs.
One example is here:
https://github.com/joernio/query-database/blob/main/src/main/scala/io/joern…
Has anyone else tried using this?
It'd be cool instead of doing source sink to do clustering and missing link
analysis and MLlib against the graph database. Also a real graph db might
be able to scale better... but regardless, this is the kind of cool project
I hoped to see when Ghidra first came out!
This paper as well seems quite relevant:
https://twitter.com/0xadr1an/status/1466518964029169672?s=20
The Convergence of Source Code and Binary Vulnerability Discovery – A Case
Study
https://www.s3.eurecom.fr/docs/asiaccs22_mantovani.pdf
-dave
