Today we are launching Empire Hacking, a bi-monthly meetup that focuses on pragmatic security research and new discoveries in attack and defense.
Empire Hacking is technical. We aim to bridge the gap between weekend projects and funded research. There won’t be any product pitches here. Come prepared with your best ideas.
Empire Hacking is exclusive. Talks are by invitation-only and are under Chatham House Rule. We will discuss ongoing research and internal projects you won’t hear about anywhere else.
Empire Hacking is engaging. Talk about subjects you find interesting, face to face, with a community of experts from across the industry.
Each meetup will consist of short talks from three expert speakers and run from 6-9pm at Trail of Bits HQ. Tentative schedule: Even months, on Patch Tuesday (the 2nd Tuesday). Beverages and light food will be provided. Space is limited. Please apply on our Meetup page.
Our inaugural meetup will feature talks from Chris Rohlf, Dr. Byron Cook, and Nick DePetrillo on Tuesday, June 9th.
Offense at Scale
Chris will discuss the effects of scale on vulnerability research, fuzzing and real attack campaigns.
Chris Rohlf runs the penetration testing team at Yahoo in NYC. Before Yahoo he was the founder of Leaf Security Research, a highly-specialized security consultancy with expertise in vulnerability discovery, reversing and exploit development.
Automatically proving program termination (and more!)
Byron will discuss research advances that have led to practical tools for automatically proving program termination and related properties.
Dr. Byron Cook is professor of computer science at University College London.
Cellular Baseband Exploitation
Baseband exploitation has been a topic of interest for many, however, few have described the effort required to make such attacks practical. In this talk, we explore the challenges towards reliable, large-scale cellular baseband exploitation.
Nick DePetrillo is a principal security engineer at Trail of Bits with expertise in cellular hardware and infrastructure security.
Keep up with Empire Hacking by following us on Twitter. See you at a meetup!
Frequently Asked Questions
Why is Empire Hacking a membership-based group?
To cultivate a tight-knit community. This should be a place where members feel free to discuss private or exclusive research and data, knowing that it will remain within the group. Furthermore, we believe that a membership process increases motivation to make a high-quality contribution.
To protect against abuse. Everyone is expected to treat his or her fellow members with respect and decency. Violators lose membership and all access to the group, including membership lists, meeting locations, and our discussion board.
To follow the crowd. Not really. But seriously, we are hardly the first private meetup or group in security. Consider that NCC Open Forum “is by invite only and is limited to engineers and technical managers”, NY Information Security Meetup charges $5 to attend, and Ops-T “does not accept applications for membership.”
Why does Empire Hacking use Chatham House Rules?
We welcome everyone to apply to Empire Hacking, even journalists. But we don’t want participants to worry that their personal thoughts will be relayed to outsiders, or used against them or their employers. We enforce Chatham House Rules to preserve the balance between candor and discretion.
How can I attend a meetup?
Please apply on our meetup.com page. If you have any trouble, feel free to reach out to any of the Trail of Bits staff, including on our Slack community for Empire Hacking.
Re: Chatham House Rules, an excerpt from a private conversation:
The reason for CHR is you find yourself talking with someone you don’t know while standing around sipping a beer and you say something off the cuff about “it would be scary if the DMV was hacked and all their records were dumped.” Then you wake up the next morning to a front page headline that says “[PERSON] OF [COMPANY] CALLS FOR ANONYMOUS TO HACK THE DMV.”
For some people, the response to that article might be “Who is [PERSON]?” CHR doesn’t really, profoundly, benefit many people since the fallout from that headline would be annoying but life would go on. However, if you were a senior DoD person or a product manager at Amazon, you would be fired. Journalists know what CHR means and its a way to guide their behavior for the safety of all the attendees.
Pingback: Why we give so much to CSAW – Trail of Bits Blog
Pingback: 2015 In Review – Trail of Bits Blog
Pingback: The Problem with Dynamic Program Analysis – Trail of Bits Blog
Pingback: Securing Ethereum at Empire Hacking | Trail of Bits Blog
Pingback: Videos from Ethereum-focused Empire Hacking | Trail of Bits Blog