The Summer of Pwnage will be running for two weeks. Each week there will be a meet-up to discuss findings, work together and to have fun!
We have scheduled the following meetings. If you want to contribute with a talk, let us know!
Thu. Aug 17: Pwn Off
11.00: The Pwn off. Explain concept & targets, Pwn responsibly.
11.00 - 16.00: IoT Bug hunting!
13.00: Talk: How I hacked the WD My Cloud NAS. Pwn1 - Pwn2. By Remco Vermeulen.
16.00: Drinks
Fri Aug 18
11.00-16.00 - IoT Bug hunting!
15.00: Workshop: Pwning the Bank. OWASP top 10 workshop - beginner.
15.00: Demo: Pwn of the Week. Demonstrate the best Pwns of this week.
16.00: Drinks.
Thu Aug 24
11.00-16.00: Bug hunting!
13.00: Talk: Introduction to automotive security. By Guillaume Dupont.
15.00: Talk: More info soon.
16.00: Drinks.
Fri Aug 25:
11.00-16.00: IoT Bug hunting!
13.00: Pwn of the Week. Demonstrate the best Pwns of this week.
15.00: Rate all Pwns to compete for prizes.
16.00: Drinks.
Of course you can! Summer of Pwnage is open to everyone (not only students) with an interest in software security, regardless of your expertise on the subject. So anyone from eager beginners to the 1337est hackers can join. Are you curious about the type of work involved and you just want to find out if it is something for you? Sign up! We are here to get you on track.
So Students, Learners, Coders, Hackers, Breakers, Join Us!
The event has a strong focus on sharing knowledge and teaching others, and with all the security experts joining there is more than enough knowledge to go around! Participating researchers have found security holes in products made by Microsoft, Apple, Cisco, Citrix, Amazon, Adobe, EMC, Oracle, Synology, Western Digital and more. Therefore this is an excellent opportunity to learn from and work with the very best. Check out some previous research here!
Summer of Pwnage is a community project and its goal is to contribute to the security of popular, widely-used products / (open-source) software in a fun and educational way. So everyone wins! We are not here to make the rules, and as a result everyone will be the rightful owner of his or her own bugs and exploits, so you can use them as you like. We do, however, strongly support being part of the solution and responsibly disclosing them to the authors/owners of the products, something we will be helping you with if need be.
During the last SoP day (Aug 25) we will present and rate all findings together! The top 3 coolest findings will be rewarded with epic Summer of Pwnage sunglasses and T-shirts! But there is more! The pwned IoT-devices can be brought home by their respective (best) Pwner!
During this event we will be researching and exploiting a set of popular IoT devices available on location for you to exploit. The exact devices will be announced here and on Twitter when selected. If you have any great ideas, let us know at sumofpwn@securify.nl
IoT devices are used by a great many people! By revealing and (responsibly) disclosing security bugs in these devices, users will become aware of the risks so they can take appropriate action (patch, disconnect or any other possible measure to mitigate risks).
To compete for the prizes we'd like you to send your Pwn to us. If you like we can report your find to the vendor. In order to submit your Pwn, please fill in the following form: pwn form.txt (example).
We are not here to make the rules, and as a result everyone will be the rightful owner of his or her own bugs and exploits, so you can use them as you like. We do, however, strongly support being part of the solution and responsibly disclosing them to the authors/owners of the products, something we will be helping you with if need be.
Submit the form to sumofpwn@securify.nl. Submissions can be encrypted with PGP or S/MIME.
Any questions about the Summer of Pwnage? Drop us a line at sumofpwn@securify.nl
This year The Summer of Pwnage is hosted at the Cyber Security Lab of the Hogeschool van Amsterdam
Cyber Security Lab (4th floor) in the Theo Thijssenhuis building of the Applied University of Amsterdam (HvA). Google maps
Take the metro to the Weesperplein metro station. From there it takes less than five minutes to walk to the Theo Thijssenhuis (TTH) building.
Q-Park Centrum Oost (right across the TTH building). Google maps
Higeschool van Amsterdam
Wibautstraat 2-4 (TTH), Amstelcampus
1091 GM Amsterdam
Tel: +31 (0)20 820 45 16
Mail: sumofpwn@securify.nl
KVK: 58043624