The IoT security bug hunt!

17/18  +   24/25

August, 2017

Hogeschool van Amsterdam
Location: Theo Thijssenhuis (TTH), Cyber Security Lab (4th floor)



#sumofpwn

Summer Of Pwnage is an open Dutch summer event for everyone interested in security / hacking.

So students, hackers, learners, coders, join the crowd!



+

We are a free educational summer event aiming to bring students and other security enthusiasts together, to share appsec knowledge, have fun, hunt for zero-days and contribute to the security of the web along the way.

Last summer we found and responsibly disclosed 120 new WordPress vulnerabilities. Resulting in a huge number of security patches, protecting millions of users all around the world.

And this summer, we are back again to hunt for zero-days in popular IoT devices!

Want to learn about hacking, improve your skills, contribute to a more secure web, or just want to drop by for a Club-Mate and meet new people? Welcome at the Summer of Pwnage 2017!

Meet. Fun. Learn. Pwn!

Bring home the IoT you PWN!

At the closing day we will rate all Pwns, together. Last year the most brilliant/elegant/awesome Pwn of all won the Summer Of Pwn MacBook Pro. Grats Jullien Rentrop!

This year, the best Pwnrs can bring home their hacked IoT device(s)!

More info on the selected IoT gear soon. Mail us your cool ideas! sumofpwn@securify.nl

Target #1

Target #2

Target #3

Target #4

Target #5

Target #6

Target #7

Target #8

Target #9

Target #10

Target #11

Target #12

Target #13

Target #14

Target #15

Event Info


Agenda

The Summer of Pwnage will be running for two weeks. Each week there will be a meet-up to discuss findings, work together and to have fun!

We have scheduled the following meetings. If you want to contribute with a talk, let us know!

  • Thu. Aug 17: Pwn Off

    11.00: The Pwn off. Explain concept & targets, Pwn responsibly.

    11.00 - 16.00: IoT Bug hunting!

    13.00: Talk: How I hacked the WD My Cloud NAS. Pwn1 - Pwn2. By Remco Vermeulen.

    16.00: Drinks

  • Fri Aug 18

    11.00-16.00 - IoT Bug hunting!

    15.00: Workshop: Pwning the Bank. OWASP top 10 workshop - beginner.

    15.00: Demo: Pwn of the Week. Demonstrate the best Pwns of this week.

    16.00: Drinks.

  • Thu Aug 24

    11.00-16.00: Bug hunting!

    13.00: Talk: Introduction to automotive security. By Guillaume Dupont.

    15.00: Talk: More info soon.

    16.00: Drinks.

  • Fri Aug 25:

    11.00-16.00: IoT Bug hunting!

    13.00: Pwn of the Week. Demonstrate the best Pwns of this week.

    15.00: Rate all Pwns to compete for prizes.

    16.00: Drinks.

Can I participate?

Of course you can! Summer of Pwnage is open to everyone (not only students) with an interest in software security, regardless of your expertise on the subject. So anyone from eager beginners to the 1337est hackers can join. Are you curious about the type of work involved and you just want to find out if it is something for you? Sign up! We are here to get you on track.

So Students, Learners, Coders, Hackers, Breakers, Join Us!

Learn from the best

The event has a strong focus on sharing knowledge and teaching others, and with all the security experts joining there is more than enough knowledge to go around! Participating researchers have found security holes in products made by Microsoft, Apple, Cisco, Citrix, Amazon, Adobe, EMC, Oracle, Synology, Western Digital and more. Therefore this is an excellent opportunity to learn from and work with the very best. Check out some previous research here!

Contributing to IoT security

Summer of Pwnage is a community project and its goal is to contribute to the security of popular, widely-used products / (open-source) software in a fun and educational way. So everyone wins! We are not here to make the rules, and as a result everyone will be the rightful owner of his or her own bugs and exploits, so you can use them as you like. We do, however, strongly support being part of the solution and responsibly disclosing them to the authors/owners of the products, something we will be helping you with if need be.

Pwn and Win!

Bring Home The IoT You Pwn!

During the last SoP day (Aug 25) we will present and rate all findings together! The top 3 coolest findings will be rewarded with epic Summer of Pwnage sunglasses and T-shirts! But there is more! The pwned IoT-devices can be brought home by their respective (best) Pwner!

Target

IoT

During this event we will be researching and exploiting a set of popular IoT devices available on location for you to exploit. The exact devices will be announced here and on Twitter when selected. If you have any great ideas, let us know at sumofpwn@securify.nl

IoT devices are used by a great many people! By revealing and (responsibly) disclosing security bugs in these devices, users will become aware of the risks so they can take appropriate action (patch, disconnect or any other possible measure to mitigate risks).

Submit Your Pwn

To compete for the prizes we'd like you to send your Pwn to us. If you like we can report your find to the vendor. In order to submit your Pwn, please fill in the following form: pwn form.txt (example).

We are not here to make the rules, and as a result everyone will be the rightful owner of his or her own bugs and exploits, so you can use them as you like. We do, however, strongly support being part of the solution and responsibly disclosing them to the authors/owners of the products, something we will be helping you with if need be.

Submit the form to sumofpwn@securify.nl. Submissions can be encrypted with PGP or S/MIME.

Contact / How to get there

Any questions about the Summer of Pwnage? Drop us a line at sumofpwn@securify.nl

This year The Summer of Pwnage is hosted at the Cyber Security Lab of the Hogeschool van Amsterdam

HVA Location

Cyber Security Lab (4th floor) in the Theo Thijssenhuis building of the Applied University of Amsterdam (HvA). Google maps

Public Transport

Take the metro to the Weesperplein metro station. From there it takes less than five minutes to walk to the Theo Thijssenhuis (TTH) building.

Parking

Q-Park Centrum Oost (right across the TTH building). Google maps

Address

Higeschool van Amsterdam
Wibautstraat 2-4 (TTH), Amstelcampus
1091 GM Amsterdam

Contact

Tel: +31 (0)20 820 45 16
Mail: sumofpwn@securify.nl
KVK: 58043624

What we did last summer...

During last year's edition our target was WordPress & its Plugins and Themes. During a month of security bug hunting over 100 new vulnerabilities have been identified and disclosed responsibly. But most important, we had lots of fun, shared a wealth of knowledge and introduced many new people to the fascinating world of cyber security.

Participants

40+

Security bugs found

100+

Bugs Fixed

89

WP installs affected

10M+

Crates of Mate emptied

20+

Pizzas eaten

100+

What they wrote about us..