TOP SECRET//SI//REL USA, FVEY National Security Agency/Central Security Service Information Paper 0x434f5649442d3139 AlligatorCon Europe 2022 Edition 12 & 13 August @ Büntetés-végrehajtás Országos Parancsnoksága - Budapest, Hungary aka Goulashland

-= [ AlligatorCon Europe 2020 2021 2022 ] =-
Much has happened in the past two years we have been away. A deadly pandemic that accelerated digital transformation much faster than any CIO or CTO ever did, the return of the Taliban, the arrest of one of our biggest donors, the rise and fall of NFTs (hahahaha), hacks of thousands of crappy blockchain projects, a war just around the corner that led Russia to be sanctioned & pwned left and right by every determined teenager in a basement, ransomware groups being exposed only for us to learn they operate more organized than many companies, a spectacular crash of the crypto markets, and the boiling of an upcoming global recession signaling the end of the capitalism as we know it.

Tis but a scratch! Just a flesh wound!

Despite all the bad news, there's a slight glimmer of hope: AlligatorCon is back to Europe! Of course we're keeping the tradition of holding the conference in an illiberal autocratic nation, and will gather all alligators again in the gorgeous Budapest, the city best known for fiercely disputing with Prague the title of the capital of porn in Europe. It's a new edition, but some things never change. Entry is and always will be 100% free. If you've got your invite token from the past edition, just register at our website to reserve a spot. If you're new to AlligatorCon and want to get an invite here are the instructions on how to do so. Bribing us with money, sex, drugs and other cheap thrills also counts as a valid way to get an invite. We do not have sponsors or any sponsored content during the talks. We do welcome donations (not in Luna and other shitcoins) to keep the party going. All currencies are accepted, fiat or virtual. 0days and leaked documents are welcome as well, if you drop us any they will be shared with all attendees just for the lulz. The venue address and the location of all parties (yes, parties, plural) will be revealed at the last possible moment only to those who were invited, and you should not reveal it to anyone else at the risk of a permanent ban. As always there will also be free posters for everyone designed by El Santa:

You'll be the coolest kid in the block with this poster in your bedroom!

[--- Rules of the Alligator
  • You do not talk about AlligatorCon.
  • You do not talk about AlligatorCon.
  • If this is your first night at AlligatorCon, you have to hack.
  • You can present using your IRC nick, Mastodon handle, BDSM dungeon moniker, whatever the hell you want but never with your real name.
  • No cameras unless explicitly allowed by everyone in the picture, and no videos of the talks. If the spooks want to spy on us let's make them work for it.
  • The contents or even the title of some talks may not be public, on request of the speaker. Never discuss them after AlligatorCon ends, or you'll be banned forever. And we mean it.
  • We'll follow Hungary's Ministry of Health recommendations regarding COVID. The use of medical masks inside the venue are for now not mandatory, but heavily encouraged.
[--- Call For Participation
Send your proposal to: TL;DR just hack some shit and tell us how we all can do it too, for teh lulz. Now for the long version... WHAT WE WANT: The Honorable Evaluation Commitee AlligatorCon is interested in no-nonsense talks about hacking. We prefer technical talks but non-technical yet "unusual" ones are good too - the further you stray from your typical conference talk, the better. Bonus points for presentations that include code, practical examples, and live demos. The usual topics include pentesting, exploitation, pwnage, 0days, phreaking, rootkits, radio, satellites, spreading knowledge, evading censorship, old sch00l shit, new sch00l shit, worshipping Satan, raising the dead, fun times. Confidentiality is key, so don't hesitate to propose topics that "legit" conferences would never accept. You can check out the schedules for previous years to give you an idea of what's been presented before:
  • 2021 - 404 Conference Not Found
  • 2020 - 404 Conference Not Found
  • 2019 - Hell Yeah, AlligatorCon!
  • 2018 - Keep Calm And AlligatorCon
  • 2017 - Do Not Talk About AlligatorCon
  • 2016 - The Horror! The Monstrosity! The Lulz!
  • 2015 - The Alligator Goes International
WHAT WE DON'T WANT: We all know how fun it is to make your employer pay for your party trip, but there is a strict rule of NO CORPORATE BS TALKS. Nobody gives a flying crap who your employer is and how the product you're selling will change our lives and how many multi-letter certifications you got - just hack stuff or shut up. HOW WE WANT IT: Our format is the following: one hour slots for everyone, but how much you use is completely optional. We recommend 40 minute talks, to give people time to drink a beer or mate, chat and relax before the next talk. For really quick topics (5-10 minutes) it's probably best to use the lightning talks slot, it's free-for-all -- just like a rap battle, you go up on stage and grab the mic.
[--- I am Jack's list of talks
DAY 1: /-------+---------------------------------------------------------------------\ | 10:00 | REGISTRATION | |-------+---------------------------------------------------------------------| | 10:30 | Keynote (by Skyper) | | 11:30 | TBD (by Disconnect3d) | | 12:30 | Jackpotting ATMs for fun and profit (by Dillinger, Gillis & Barrow) | |-------+---------------------------------------------------------------------| | 13:30 | LUNCH BREAK | |-------+---------------------------------------------------------------------| | 14:30 | TBD | | 15:30 | TBD (by charlinhos) | | 16:30 | Nobody cares, it's a single track conference (by Lusia Kundel) | \-------+---------------------------------------------------------------------/ DAY 2: /-------+---------------------------------------------------------------------\ | 10:00 | HANGOVER BREAK | |-------+---------------------------------------------------------------------| | 10:30 | How to Index the World Wide Web (by Gergely) | | 11:30 | Fileless is Easy: Interpreted Malware (by Vegano) | | 12:30 | Rooting Devices && Prank Your Friends (by Zezadas) | |-------+---------------------------------------------------------------------| | 13:30 | LUNCH BREAK | |-------+---------------------------------------------------------------------| | 14:30 | Pwning AWS Lambdas & GCP Cloud Functions (by @_pkusik) | | 15:30 | Automated vm builds (by ~sloth) | | 16:30 | Lightning Talks | \-------+---------------------------------------------------------------------/
Title: Keynote Speaker: Skyper Country of origin: 🇩🇪 Germany aka Beerland I will take everyone on a journey through time starting with thc/Teso and ending with where the scene is heading (a personal forecast). It will not be about the “how” or “what” but more about the “why” and “when”. [--- Title: TBD Speaker: Disconnect3d Country of origin: 🇧🇷 Brazil aka HueHuEland Abstract redacted - you will have to come here to know what it is about. [--- Title: Jackpotting ATMs for fun and profit Speaker: John Dillinger, Lester M. Gillis, Clyde Barrow Country of origin: 🌍 The Internet Things you always wanted to know about ATMs. Or maybe not. We don't care. :p [--- Title: TBD Speaker: charlinhos Country of origin: 🇧🇷 Brazil aka HueHuEland Abstract redacted - you will have to come here to know what it is about. [--- Title: Nobody cares - it's a single track conference, so you have to watch it anyway - PART III (trilogy's grand finale) Speaker: Lusia Kundel Country of origin: 🏴󠁰󠁬󠁳󠁬󠁿🇵🇱 Silesia, right next to Narnia $ id uid=65534(nobody) gid=65534(nobody) groups=65534(nobody) $ ./a.out # id uid=0(root) gid=0(wheel) (...) [--- Title: How to Index the World Wide Web Speaker: Gergely Country of origin: 🇭🇺 Hungary aka Goulashland I downloaded all .com index pages with some Python code and found millions of outdated boxes, ridiculous Internet providers and the real reason for asynchronous programming. We will dig through the code, the dataset and have a chuckle at people who still use PHP4. [--- Title: Fileless is Easy: Interpreted Malware Speaker: vegano Country of origin: 🇳🇱 Neatherlands aka Weedland This talk is about fileless malware. It will demonstrate that with interpreted languanges such as Python, Ruby, etc. writing fileless malware can be quite easy. In this talk we will discuss how to write a fileless Python malware and show several useful techniques. Basic topics will be discussed such as the importance of key exchange and encryption, why you should stop executing shell commands, how to make process listing from `/proc/[pid]` entries and more. Some more advanced features that will be covered and demonstrated include writing and reading to other proces' memory on the infected host but also a technique that allows you to mount remote files locally. By creating a local FUSE filesystem we don't have to exfiltrate terabyte disk images, but we can mount them locally and only extract the files that we want. The final feature that will be demonstrated shows the usefulness of allowing RPC calls from your C2 server. This way you can expose a Python API that allows you to interact with malware agents in pure Python. This becomes especially useful if you are in a network with a lot of hosts and you want to automate certain tasks. [--- Title: Rooting Devices && Prank Your Friends Speaker: Zezadas Country of origin: 🇵🇹 Portugal aka Cheap Spain Rick Roll || GTFO [--- Title: Is persistence on serverless even possible?! Pwning AWS Lambdas & GCP Cloud Functions Speaker: @_pkusik Country of origin: 🇵🇱 Poland aka Cebulandia Did you even think about how serverless works under the hood? Is serverless really server-less? How execution environment works? Is persistence even possible in this event-driven compute service? I won't be lying - Remote Code Executions are rare, but what if there is one in your function? I will show how to use it to acquire persistency and exfiltrate more data than function role gives. Let's discover: How the infrastructure in serverless works. Why persistence is possible in this semi-volatile environment. How can we make use of an RCE vulnerability to obtain a persistence - exploitation demo & code will be shown! Possible mitigations (or why they won't work). Let's hijack the data real-time from the AWS Lambdas and GCP Cloud Functions! [--- Title: Automated VM builds Speaker: ~sloth Country of origin: 🏴󠁤󠁥󠁢󠁹󠁿🇩🇪 Bavaria, the land of beer Virtual machines allow to keep a clean, per-customer pentesting environment with all required tools - although maintaining them becomes time consuming, especially when they're supposed to be used by a team and across different hosts. This talk shows our internal setup to automatically build ready-to-use VMs containing all required tooling, configurations, and licenses. It covers regular and automated creation of Windows and Linux based images that eventually run on VMware Workstation and Raspberry Pis, but the approach is also adaptable for other targets, for example AWS AMIs, Qemu Images etc. Such a reliable and up-to-date base image allows our pentesters to focus on the assessment instead of spending hours with setting up and fixing their environment before getting to work. [--- Title: Lightning Talks Speaker: .* Country of origin: .* A slot will be reserved for lightning talks. Just get up on stage and talk about whatever you want. Worst that can happen we throw lángos at you.
[--- Life insurance pays off triple if you die on a conference trip
Free accomodation and transport arrangements this year will be available to all attendees, generously donated by the BvOP. It's always refreshing to see support for the infosec community!

What could possibly go wrong?

Alternatively, there's plenty of hotels, hostels, apartments and Airbnbs for rent near the center. This city also has a really amazing CouchSurfing community that you should definitely reach out to. And of course you're welcome to bring a sleeping bag and crash on a friendly local hacker's home, a popular choice of AlligatorCon attendees every year. As for public transport, there is a bus from the airport to the city center that costs approximately 3€. We're told you can also take a taxi for around 30€ but... who likes getting ripped off like some tourist? Not us, we're cheap bastards and proud of it.
[--- We are the all singing, all dancing crap of the infosec world
The venerable Organizing Committee for this year will be:
  • Kurwa Małpka, Count Crapula & The Face Dancer, controlling everything from the shadows
  • El Santa on original artwork
  • The Tinder Swindler as manager of our PR department
  • Luna's Do Kwon for running a successful Ponzi
  • Heather Morgan as our dark web connection
  • Pinky & The Brain on world domination
  • ...and always with us, Our Lord Satan whom we praise
Special thanks go to Xava Kosmosach for that original web design we keep rehashing every year since 2016.

Our true financing method finally revealed

[--- Sponsors
This event is proudly sponsored by: what remained of NSO Group, @jonathandata1, Bitfinex, Citizen Lab, the almighty George Soros & Open Society Foundations, OnlyFans for live streaming the conference talks, and Conti ransomware gang. Special thanks to the law enforcement agencies from many countries for their relentless interest in our activities. We love you guys! #BlueLivesMatter See you all in Budapest!
0x434f5649442d3139 [EOF]