Summercon 2026 Join us for the 39th installment of America's longest-running Hacker conference in Brooklyn, NY!

SummerCon: What we do we do for you, and with you, but hopefully not to you.
Grab your tickets before they sell out www.eventbrite.com/e/summercon-...

From left to right: Executive Director of Finance John Terrill and Executive Director and Chairman Mark Trumpbour onstage at SummerCon

The Summercon 2026 CFP is open.

We’re looking for original work. Things you’ve actually done. Things that worked, or didn’t.

Don't overthink it, the first step is submitting.

summercon.short.gy/CFP-2026

Maury Povich, mouthing the words next to him: "YOU ARE THE FATHER"

Paternity confirmed; this is a top-tier dad joke.

There is no esCAPing @summerc0n.bsky.social

Get it! E S C A P E -ing

No cap, on key.

Holla.

Summercon 2025 - Live from Littlefield, Brooklyn, USA - Day 2 A hackers' conference.

Day 2 begins, and the live stream countdown is running. youtube.com/live/TuKPA-C...

#scon2025 #TipYourBartender

Summercon 2025 - Live from Littlefield, Brooklyn, USA - Day 1 A hackers' conference.

The technical team has been burning the midnight oil to get our livestream up:

They tell us that the link is youtube.com/live/RDlYLmv...

Lights, camera, chaos!

#scon2025 #TipYourBartender

Canal Bar's iconic chalkboard, side one: "Tip your bartender or we'll publish your passwords! Welcome Summercon 2025!"

Canal Bar iconic chalkboard side two: "$ sudo get drunk Welcome Summercon 2015!!!"

The Pre-registration pre-party kicks off tonight at 7pm at Canal Bar and goes late—real late. They’ve got their chalkboard ready and beers on ice. See you there! 🍻 #scon2025 #TipYourBartender

A cyan glowing neon sign with the Summercon brandmark and the words "ADULTS ONLY" atop a black velvet curtain.

A brief reminder: Summercon is for mature audiences only.

We're loading into Littlefield, excited for all the Summerconnery on tap!

Winnona Bernsen is a policy researcher, reverse engineer, and intelligence analyst.

Her talk distills what happens when zero-days capability meet bureaucracy--and why the next cyber war may be lost in a SCIF, not on a terminal. 

Join us. www.eventbrite.com/e/summercon-...

We’re watching states and non-state actors evolve cyber doctrine in real time. Ours is lagging. From strategy to staffing, the U.S. is stuck in a loop of “what we should do” rather than “what we can execute.”

The real vulnerabilities aren’t in your SIEM. They’re in org charts, outdated legal frameworks, and 2-year procurement cycles. This isn’t just red tape. It’s a ticking time bomb.

We're in a global cyber war. it won't be lost on a terminal. It'll be lost in a SCIF -- buried under org charts, bad doctrine, and bureaucratic drift. Learn what we can still do from: Winnona Bernsen CRASH (EXPLOIT) AND BURN: HOW TO LOSE A CYBER WAR IN 10 PROCUREMENT CYCLES [SUMMERCON HORIZONTAL LOGO, JULY 11-12 BROOKLYN, NY]

We spend billions on cyber capabilities. But the tools don’t matter if the doctrine fails. Winnona Bernsen explores how policy, process, and politics can sabotage cyber readiness—before an attack even starts. 
www.summercon.org/presentation...

*Not a real case.

In the recent Cyberdyne Systems v. United States, 603 U.S. 404, the Court held that AI hallucinations constitute "protected synthetic expression," with Justice Kavanaugh concurring that "the societal impact of a rogue chatbot is, at worst, on par with a couple of cold ones with the boys."*

Select a Room © Ace Hotel 2023

🚨 Hotel Block Alert 🚨
We’ve got a limited number of rooms at the Ace Hotel Brooklyn for Summercon 2025—available at a group rate until June 18. After that, they’re gone.

It's rollerblading distance from the venue.
🔗 reservations.acehotel.com?&hotel=30176...

Members of the credentialed press -- you can send your requests for conference access to press@summercon.org.

Our new Media Guidelines for Credentialed Press are live:
Respect privacy. Confirm consent. Drink a beer.

www.summercon.org/summercon-20...

A cartoon in a color-limited palette (beiges, reds, and dark blues) depicting a smiling brunette woman with red highlights, wearing a red Summercon volunteer shirt, standing at a table in the Locksport Station area of Summercon. The table has training locks and lockpicks on it. She is holding a transparent training lock and placing a lockpick in the hand of a person who is just off to the left of the image -- we can only see their left hand reaching for the pick.

Less than four weeks!

We can always use a few more volunteers for all aspects of Summercon, even at our lockpick village at Lucky 13 (with our gratitude to www.lockpickextreme.com for their gracious support)!

Volunteer now! docs.google.com/forms/d/e/1F...

summercon.org/volunteer/

Guanxing Wen is a security researcher who’s tested DePIN claims in the real world.

He'll walk through of attack surface, threat propagation, and how crypto infra can collapse like IoT did, but bigger.

www.summercon.org/presentation...

Join us.
www.eventbrite.com/e/summercon-...

When 62,000 GPUs start obeying code from an unauthenticated update server, that’s not decentralization.

That’s faith-based computing.

It’s all the fragility of IoT with the scale of crypto--and none of the threat modeling. No controls. Huge financial incentives for abuse.

DePIN was meant to decentralize infrastructure. Instead, it's repeating every mistake from IoT with more nodes, more money, and fewer defenses. Learn more from: Guanxin Wen CRACKING DEPIN: DECENTRALIZED DEVICES, CENTRALIZED DISASTERS [Summercon Horizontal Logo]

Decentralized Physical Infrastructure Networks (DePIN) are designed to manage and govern physical infrastructure assets in a decentralized manner.

And it sounds promising... but there’s a problem.
www.summercon.org/presentation...

Summercon 2025 Join us for the 38th installment of America's longest-running Hacker conference in Brooklyn, NY!

This isn't a thought experiment. Caleb Gross is an offensive security engineer who built and tested it.

He’ll present the results at Summercon: www.summercon.org/presentation...

Join us.
www.eventbrite.com/e/summercon-...

A good parasite doesn't kill the host.

Caleb's system writes tiny fragments across many writable buckets--barely noticeable, hard to detect, and more resilient than you'd think.

RAID-5 with plausible deniability.

Misconfigured buckets are rare. But there are so many S3 instances that even a tiny percentage is a big number.

Treat each one as an unreliable, low-capacity disk--just like early RAID systems did--and you have something novel: parasitic storage at cloud scale.

Everyone worries about reading from S3 buckets? What if you could write to them? And then: what if you built a distributed, fault-tolerant storage array out of them? Learn how from: Caleb Gross PARASITIC STORAGE: BUILDING RAID ON EXPOSED S3 BUCKETS [SUMMERCON HORIZONTAL LOGO]

Everyone worries about reading from world-open S3 buckets.

Caleb Gross asked: what about when you can write to them?

And then: what if you built a distributed, fault-tolerant storage array out of them?

www.summercon.org/presentation...

A vintage-style propaganda poster features a solemn sailor in glasses holding a can of Jolt Cola. The text on the can reads: “The soft drink of the elite hacker.” Behind him waves a distressed American flag, and to his side is a pixelated outline of a computer terminal. Bold text across the top and bottom reads: “NEVER FORGET — THE COLA WARS — SUMMERCON 2025” The image evokes a parody of patriotic military remembrance, with reverent nods to 1990s hacker culture and Memorial Day motifs.

Memorial Day Weekend. Fleet Week in NYC. The Jolt is ice-cold. The troops are caffeinated.

Some say the Cola Wars ended in ’91. But those of us who lived through Operation Sundevil know better.

Summercon: America’s oldest hacker conference. Est. 1987.

Sam the CFP Eagle, a stern bald eagle wearing gold-rimmed glasses, clutches a clipboard labeled ‘CFP REVIEW – SUMMERCON 2025’ while eyeing a towering stack of anonymous paper proposals. USA - USA - USA

The CFP is closed, the reviews are done, and notifications—both acceptances and regrets—are out. Thanks to everyone who submitted—the depth and creativity on display made this year’s decisions especially tough.

Sam the CFP Eagle will see you in Brooklyn. 🦅

A vintage-style propaganda poster promoting volunteerism at Summercon. The illustration features a diverse group of four volunteers in bold red "SUMMERCON" shirts, each mid-action: scanning badges, coiling cables, taking notes on a clipboard, and managing audio equipment. The background is a warm beige with red rays and angular design elements. Large, bold text reads “WE DO OUR PART” at the top and “SERVICE GUARANTEES ADMISSION” at the bottom, evoking a heroic, collaborative tone. Includes the link https://summercon.org/volunteer

Summercon 2025 needs you.
Volunteer. Earn your way in. Rock the red shirt.

“Service Guarantees Admission.”
→ summercon.org/volunteer
📧 volunteer@summercon.org

Gazing across the throngs at this month’s NYSEC, all we can think is: can’t wait to see you all again in July.

Summercon 2025
July 11–12 @ Littlefield, Brooklyn
Tickets: www.eventbrite.com/e/summercon-...

A Windows 11-style Blue Screen of Death, that looks like this: :( Your 401k ran into retaliatory tariffs and is plummeting in value. 13% loss in three days For more information about this issue and possible fixes, visit https://summercon.org/stopcode If you call a support person, give them this info: Stop Code: CRITICAL TARIFF 0xFEE12025

Every time we try to check the Summercon Schwab account, we get this BSOD.

I know it is kinda silly we all continue to work as if nothing was going on but the 2025 Verizon DBIR is going to be out in a couple of weeks, so some publicity is warranted.

We have worked so hard on this one and I believe this is the best one by far I’ve ever been a part of.

verizon.com/dbir