-= [ AlligatorCon Europe 2017] =-

If you have received an invitation by official means, you are welcome to the 2017 edition of AlligatorCon Europe. If you've been here last year, you know the drill – friendly hackers, free booze, no-nonsense technical talks and partying all night in Kraków, the Best City in the World (tm). If you're new, congratulations on joining the mayhem and insanity of the Alligator! If you haven't been invited this year but you know us IRL, just ping us and we will add you to the list. If you've only heard of us online and want to join in, send us an email to cfp@alligatorcon.pl letting us know who you are and why you want to come. Your chances improve dramatically if you also present a talk!

[--- It's cheaper than a movie, and there's free beer

The Alligator is back, still rocking the Geocities style, because the 90's never ended!

Admit it. Now this song is stuck in your head.

This year we have again changed the dates a bit, and we got a new venue. The exact address will be disclosed right before the conference, but it will be around the area of Old Town in the good old city of Kraków that we all know and love. Entry is of course 100% free. We welcome donations of any kind (cash, Bitcoin, drugs, sex, guns, 0dayz, leaked documents, etc...). There will be a black hat on stage where you can deposit your donations, but please don't steal it and then give it to some random girl in a club like it happened in the 2015 edition. Goddamn it, it was a nice hat. As usual, it will be very important for you to join the mailing list, to keep up with our unpredictable mood swings once we hit full-on party mode, get lost in the streets of Stare Miasto, forget we were supposed to host a conference at all, and wake up three days later in the middle of a park with no money or clothes on us (it's been known to happen to a certain Spanish guest after a vodka-fueled night at Komisariat in our 2016 edition). If you haven't joined already, send us an email to: cfp@alligatorcon.pl

[--- Rules of the Alligator

[--- Call For Participation

Send your proposal to: cfp@alligatorcon.pl The evaluation committee of AlligatorCon is interested in no-nonsense technical talks about hacking, pentesting, exploitation, pwnage, 0days, phreaking, rootkits, radio, satellites, spreading knowledge, evading censorship, old sch00l shit, new sch00l shit, destroying Evilcorp and taking over the world. Presentations with live demos are strongly preferred. Confidentiality is key, so don't hesitate to propose topics that "legit" conferences would never accept. And if you can't think of anything, just hack some shit and tell us how we can all do it too, for teh lulz. WARNING Presentations with company branded slides will turn the audience into a pitchfork mob trying to murder the speaker. Anyone claiming to have CEH, CISSP, CREST or similar certifications will also be dealt with swiftly, and with extreme prejudice. The smiling, entrepreneurial infosec professional keen to do some networking, get the synergy started and expand business horizons, simply has no place here. But if you're one of them... don't worry! There's always Black Hat Vegas, right?

[--- Talks

The slots format is the following: one hour slots for everyone, but how much you use is completely optional. We recommend 40 minutes talks, to give people time to drink a beer or mate, chat and relax before the next talk. For really short talks (5-10 minutes) it's probably best to use the lightning talks slot, it's free-for-all -- just like a rap battle, you go up on stage and grab the mic.

[--- Why Kraków?

Charming, small, cozy, great food, cheap strong alcohol and hands down the coolest party hub in Europe. Why not?

[--- I am Jack's conference schedule

[--- I am Jack's list of talks

Title: Lightning Talks Speaker: .* Country of origin: .* A slot will be reserved for lightning talks. Just get up on stage and talk about whatever you want. Worst that can happen we throw pierogi at you. [--- Title: Drones Don't Fly When the Sky is Grey Speaker: @kuasar Country of origin: Spain aka Vacationland We will have a screening of the short movie "Drones Don't Fly When the Sky is Grey" about government surveillance and hacking, followed by a round of questions and answers with director Bea Cabrera (@kuasar). http://www.imdb.com/title/tt5839300/ [--- Title: Finding Game Secrets... AT SCALE! Speaker: charlinhos Country of origin: Brazil aka HuEhuEland Some video game secrets and cheats took years/decades to be discovered. From debug menus, to unused graphics or levels, many games also have content never meant to be seen by anybody but the developers. Hopefully, sites like tcrf.net are dedicated to unearthing and researching unused and cut content from video games. This talk gives an overview of how we can apply our infosec skills to reverse games and uncover all sorts of secrets... AT SCALE! Live demos will include fuzzing, disassembling, debugging and memory watching techniques. And yes, they are all deemed to fail during the presentation. [--- Title: How to hide your browser 0-days (Free offense tips included) Speaker: @zh4ck Country of origin: Hungary aka Goulashland Zero-day exploits targeting browsers are usually very short-lived. These zero-days are actively gathered and analyzed by security researchers. Whenever a new 0-day becomes known by the security industry, protections against the exploit are shared, AV/IDS signatures are made, patches are deployed, and the precious 0-day loses its value. During my presentation, I will propose solutions for defenders to analyze these attacks, countermeasures for attackers to further complicate this kind of analysis and release a POC Ruby code which can be integrated into Metasploit. So far, no encrypted browser exploit delivery code is available in the public to test or implement these attacks. [--- Title: Cutting the Gordian Knot off Oracle Forms Speaker: @buherator Country of origin: Hungary aka Goulashland As we all know Oracle software is generally unbreakable[1]. But while security testing is obviously superfluous, those poor souls who are tasked to build, maintain and debug applications built on Oracle Forms[2] still need weapons to fight the circles of horror that manifests under the layers of enterprise-level abstraction:

• The Circle of the Impalpable Server State
• The Circle of Rape of Protocols
• ... and The Infinite Circle of Java 1.4

While yours truly published in-depth analysis of the framework internals[3], automated testing is still generally considered as an unresolved problem. In this talk I will present a new approach and tools that drastically reduce the complexity of the problem and allow automated testing of applications for those who prove worthy. Walkthrough of the design and implementation of new techniques will hopefully help to approach similar systems of insanity too. [1] http://www.itweb.co.za/index.php?option=com_content&view=article&id=89339 (yes, this is a Joomla! site) [2] http://www.oracle.com/technetwork/developer-tools/forms/overview/index.html [3] https://www.sans.org/reading-room/whitepapers/testing/automated-security-testing-oracle-forms-applications-35970 [--- Title: Nobody cares - it's a single track conference, so you have to watch it anyway. Speakers: @akat1_pl Country of origin: Poland aka Cebulandia $ id uid=65534(nobody) gid=65534(nobody) groups=65534(nobody) $ ./a.out # id uid=0(root) gid=0(wheel) (...) [--- Title: How to get STUNned? Speaker: |_ Y /\/\ P |-| 0 Country of origin: Poland aka Cebulandia Down the Rabbit-Hole! Have you also been stunned by last year's Mirai - how many insecure devices have public IP? Well, you will get really STUNned when you find out how many more devices you can pwn. I will show you how using Sessi0n Trav3rsal Utiliti3s f0r NAT jump through firewalls directly to millions of cameras, doorbells, baby monitors, etc. not exposed publicly and build mirai^4. Live demo and free vodka included! [--- Title: Red teaming in Poland - test cases Speaker: borys Country of origin: Poland aka Cebulandia The presentation will be about real examples of redteam attacks targeted at Polish customers. We will show the advantages and disadvantages of certain type of attacks and our failures and successes. We will summarize the most important best practices to protect against a redteam and good advices on how to attack effectively and be more stealthly. #phishing, #malware, #physicalsecurity, #hackinggadgets. [--- Title: Poor man's air gapped network Speaker: Esteban Country of origin: Spain aka Vacationland I will explain how to set up a gapped environment to protect your data/your communications in non trusted environments for very little money, and some use cases. [--- Title: Rainbows: Creating and Looking up Speaker: msoos Country of origin: UK aka Brexitland The pain and suffering of rainbow tables, all without getting high. [--- Title: Python in a hacker's toolbox vol. 2 Speaker: Disconnect3d Country of origin: Poland aka Cebulandia Inspired by Gynvael Coldwind's talk on PyCon PL 2015 about the topic, here comes vol 2. The talk will present some IPython tricks and interesting Python libraries used both in CTF and security field. [--- Title: Monero Speaker: ? Country of origin: ? (Content may not be published. You'll have to come here to find out!)

[--- Life insurance pays off triple if you die on a conference trip

The exact location of the event and directions to get there will be provided through the mailing list. If you're not already in it, send us an email to: cfp@alligatorcon.pl. Word of warning: some people reported following our directions and ending up in a weird masked rich people orgy along with Tom Cruise. If that happens to you, just try to enjoy it, and whatever you do don't let them find out you don't really know the password. The recommended place for your stay in Kraków is the 5 star hotel Areszt Śledczy Kraków-Podgórze. Just knock on the door, tell them all about your hacking feats, and you'll find nice people who will be more than happy to let you in - for free! With some luck you can even score a presidential suite if you are bald and dressed in sportswear. Alternatively, here are a few -possibly more comfortable- venues you can try out:

• Hotel Maksymilian
• Ventus Rosa Apartments
• Hotel Logos
• Hotel Alexander

If you're on a budget, Greg & Tom hostel at Ul. Florianska is quite decent, centrally-located and has a nice bar too. Additionally, this city has a really amazing CouchSurfing community that you should definitely reach out to. You're also welcome to bring a sleeping bag and crash on a friendly local hacker's home, a popular choice of Alligator attendees every year. Transport arrangements are prepared for the occasion in the form of a rusty van with the words FREE CANDY spray painted on the side and the picture of a funny bear you may have seen on 4chan before. Trust the nice man with the moustache, he'll take you where you want to go.

Seems legit.

There are also the 208, 292 and 902 buses from the Kraków airport to the city center as well as a train to the main station, or you can alternatively fly to Warsaw or Katowice and go from there to Kraków by train (it's sometimes cheaper). But there's no free candy in those. On the other hand, the man on the van says he has free candy.

[--- I am Jack's rooted box

Alligator has an old and rich tradition of "controversial" CTF topics, and this year won't be the exception. Alligator always had a zero tolerance policy for bullshit and prejudice, so we're setting the challenge for our attendees to pwn the Jesus-loving homophobic bigots of Młodzież Wszechpolska, leak their mailspools to Wikileaks and deface their website with the message "IT'S OK TO BE GAY" and a double rainbow.

We're also big fans of Spongebob Squarepants.

On a completely unrelated note, our lawyer suggested to add a paragraph to make sure everyone understands this text is satirical and everything here should be read as a joke. So here it is. Hacking is bad, kids. Also, winners don't do drugs. And you wouldn't download a car.

[--- We're the all-singing, all-dancing crap of the infosec industry

You're not your lame whitehat job. You're not how much money you don't have in the bank because you spent it all on vodka. You're not the car with the CAN chip you modded. You're not the contents of your Bitcoin wallet. You're not your fucking black hoodie. Speaking of black hoodies and T-shirts, we can hook you up with that shit, and with some stickers to boot. The Hackerstrip folks made some fucking cool artwork for this, and the folks at Camisetas Frikis so if you want one (of course you do!) speak up now or regret it forever!

You know you want one.

There will also be free posters for everyone, designed by HackerStrip:

Sure, every con has T-shirts, but how many have POSTERS?.

[--- Organizing Committee

[--- Sponsors

This event is proudly sponsored by: Soplica Vodka, Paper Street Soap Company, Departamento del Turismo de San Escobar, Hugo nominated author Chuck Tingle, the Russian Ministry of Cyberwar, the American Ministry of Truth, Donald Trump's latest Reality TV show: "President of the United States", Hillary Clinton's "Fuck Latin America in the Ass" (FLAA) Foundation, all the toasters of the Internet of Hackable Things, and as every year the Official Facebook Page of Mikolaj, the iconic old dude of Kazimierz.