One Schedule to Rule them All!


Welcome to the "One Schedule to Rule them All!". Thank you for your interest by using this. This is an attempt to make things easier for you, the DEF CON attendee, to figure out the when/what/where during the chaos of DEF CON 26.

It started out simple. I had a Kindle and wanted an ebook of the schedule so I didn't have to wear out the paper pamphlet by pulling it out after every talk to figure out where to go next. Back then there was only the main DEF CON tracks, not really any Villages, and production of the ebooks were easy. Over time the Village system developed with a resulting multiplication in complexity, both for attendees and for my production. The offerings have expanded from epub and mobi formats and now include html, csv, ical, public Google calendar, and mysql dump format files. Hopefully you'll find something of use.

The intent is still to be a resource to answer the question at the end of an hour of "What's next?"

As a general rule I do not include:

Be sure to check out the Links section at the bottom of this. Most all of the events listed here were derived from these links. There is much more going on at DEF CON than what is listed here. In particular check out the Villages, Parties & Meetups, Contest & Events, and defconparties pages.

Check out the Guides/Tips/FAQs links if you're new to Las Vegas.
Notable suggestions are:

And finally, this is only as good as the ideas and information used to generate it. I welcome your constructive suggestions and comments. Please send them to qumqats@outel.org

Have a good time at DEF CON 26!


Index of DEF CON 26 Activities


Venue Maps
Locations Legends and Info
Schedule   - Thursday  - Friday  - Saturday  - Sunday
Speaker List
Talk Title List
Talk Descriptions
DEF CON News
DEF CON 26 FAQ
DEF CON FAQ
Links to DEF CON 26 related pages

Venue Maps



Full Size PDF from defcon.org

Full Size PDF from defcon.org

Full Size PDF from defcon.org

Linq Workshops


Far end of hall from Casino escalators

View Full Caesars Page to see where this is.


Near end of hall from Casino escalators

View Full Caesars Page to see where this is.


Far end of hall from Casino escalators

View Full Caesars Page to see where this is.


Near end of hall from Casino escalators

View Full Caesars Page to see where this is.


View Full Caesars Page to see where this is.


View Full Caesars Page to see where this is.


View Full Caesars Page to see where this is.


Flamingo Village Wing

View Full Flamingo Page to see where this is.


Flamingo 101 Wing

View Full Flamingo Page to see where this is.


Locations Legends and Info


AIV = Artifical Intellegence Village
     Caesars Promenade Level - Florentine BR 3 - behind Registration

BCOS = Blockchain & Cryptocurrency Open Security Village
     Caesars Promenade Level - Pompeian BR 1 - by Info Booth and Elators

BHV = Bio Hacking Village
     Caesars Promenade Level - Pisa/Palermo/Siena Rms - Middle of long hallway

BTV = Blue Team Village
     Flamingo 3rd Flr - Savoy Rm

CAAD = CAAD Village
     Flamingo Lower Level - Lake Mead Rms

Chip Off Village
     Caesars Pool Level - Tribune Rm - next to Info Booth near escalators

CHV = Car Hacking Village
     Flamingo Lower Level - Red Rock Rm 1-5 - Right Side of hallway

Contest Area
     Caesars Emperor's Level - Agustus BR - far end of long hallway

CPV = Crypto Privacy Village
     Caesars Promenade Level - Milano BR 1,2 - far end of long hallway

DC = DEF CON Talks
     Track 101 - Flamingo 3rd Flr - Sunset BR
     Track    1 - Caesars Emperor's Level - Palace BR - top of escalator
     Track    2 - Caesars Promenade South - Octavius BR 12-24 - far end from escalator
     Track    3 - Caesars Pool Level - Forum BR 1-11,25 - near excalator

Deaf Con Village
     Caesars Pool Level - Patrician Rm - next to Info Booth near escalators

DDV = Data Duplication Village
     Caesars Promenade Level - Capri Rm - Across from Registration

DL = DEF CON DemoLabs
     Caesars Promenade Emperor's Level - Tables outside Track 1

Drone Warz Village
     Caesars Pool Level - Abruzzi Rm - far end from escalators around corner

EHV = Ethics Village
     Caesars Promenade Level - Modena Rm - Middle of long hallway

HHV = Hardware Hacking Village
     Caesars Pool Level - Forum 17-19 - far end from escalators around corner

ICS = Industrial Control Systems Village
     Flamingo Lower Level - Red Rock Rm 6-8 - Left side of hallway

IOT = Internet Of Things Village
     Caesars Promenade Level - Turin/Verona/Trevi Rms - Middle of long hallway

Laser Cutting Village
     Caesars Pool Level - Calibria Rm - far end from escalators around corner

Lockpicking Village
     Caesars Pool Level - Forum 24 - far end from escalators

Mobile Museum
     Caesars Promenade Level - Florentine BR 4 - behind Registration

RCV = Recon Village
     Caesars Promenade Level - Florentine BR 1,2 - behind Registration

Rootz Asylum
     Caesars Promenade Level - Milano BR 3,4 - far end of long hallway

SEV = Social Engineering Village
     Caesars Promenade South - Octavius BR 3-8 - near excalator

SKY = 303 SkyTalks
     Flamingo 3rd Flr - Virginia City Rm

Soldering Skills Village
     Caesars Pool Level - Forum 20,21 - far end from escalators around corner

Tamper Evident Village
     Caesars Pool Level - Forum 24 - far end from escalators

PHV, PHW = Packet Hacking Village / Wall of Sheep; Talks and Workshops
     Caesars Promenade Level - Neopolitan BR - far end of long hallway

PPV = Puff Puff Village
     Flamingo Lower Level - Valley Of Fire Rms

Vendors Area
     Caesars Promenade South - Octavius BR 25

WLV = Wireless Village
     Caesars Promenade Level - Milano BR 5,6 - far end of long hallway

WS = DEF CON Workshops - All Workshops are at the Linq Hotel
     Linq 4th Flr - Icon A-G Rms

VMHV = Voting Machine Hacking Village
     Caesars Pool Level - Forum 14-16 - far end from escalators

Talk/Event Schedule


Thursday


This Schedule is tentative and may be changed at any time. Check at an Info Booth for the latest.

 

Thursday - 06:00


Return to Index  -  Locations Legend
Meetup - corner of W Flamingo and Las Vegas Blvd underneath the circular temple structure - Defcon 26 4X5K run -

 

Thursday - 10:00


Return to Index  -  Locations Legend
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - ThinSIM-based Attacks on Mobile Money Systems - Rowan Phipps
WS - Linq 4th Flr - Icon A - Guided Tour to IEEE 802.15.4 and BLE Exploitation - Arun Mane, Rushikesh D. Nandedkar
WS - Linq 4th Flr - Icon B - Pentesting ICS 101 - Alexandrine Torrents, Arnaud SOULLIÉ
WS - Linq 4th Flr - Icon C - Where's My Browser? Learn Hacking iOS and Android WebViews - David Turco, Jon Overgaard Christiansen
WS - Linq 4th Flr - Icon D - Finding Needles in Haystacks - Louis Nyffenegger, Luke Jahnke
WS - Linq 4th Flr - Icon E - Building Autonomous AppSec Test Pipelines with the Robot Framework - Abhay Bhargav, Sharath Kumar Ramadas
WS - Linq 4th Flr - Icon F - Packet Mining for Privacy Leakage - Dave Porcello, Sean Gallagher

 

Thursday - 11:00


Return to Index  -  Locations Legend
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Pwning "the toughest target": the exploit chain of winning the largest bug bounty in the history of ASR program - Guang Gong, Wenlin Yang, Jianjun Dai
WS - Linq 4th Flr - Icon A - cont...(10:00-13:59) - Guided Tour to IEEE 802.15.4 and BLE Exploitation - Arun Mane, Rushikesh D. Nandedkar
WS - Linq 4th Flr - Icon B - cont...(10:00-13:59) - Pentesting ICS 101 - Alexandrine Torrents, Arnaud SOULLIÉ
WS - Linq 4th Flr - Icon C - cont...(10:00-13:59) - Where's My Browser? Learn Hacking iOS and Android WebViews - David Turco, Jon Overgaard Christiansen
WS - Linq 4th Flr - Icon D - cont...(10:00-13:59) - Finding Needles in Haystacks - Louis Nyffenegger, Luke Jahnke
WS - Linq 4th Flr - Icon E - cont...(10:00-13:59) - Building Autonomous AppSec Test Pipelines with the Robot Framework - Abhay Bhargav, Sharath Kumar Ramadas
WS - Linq 4th Flr - Icon F - cont...(10:00-13:59) - Packet Mining for Privacy Leakage - Dave Porcello, Sean Gallagher

 

Thursday - 12:00


Return to Index  -  Locations Legend
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Ring 0/-2 Rootkits: bypassing defenses - Alexandre Borges
Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South - Friends of Bill W -
Night Life - Caesars Palace, Queercon Lounge Suite, Rm TBA - Promether, 1st Party of Defcon -
WS - Linq 4th Flr - Icon A - cont...(10:00-13:59) - Guided Tour to IEEE 802.15.4 and BLE Exploitation - Arun Mane, Rushikesh D. Nandedkar
WS - Linq 4th Flr - Icon B - cont...(10:00-13:59) - Pentesting ICS 101 - Alexandrine Torrents, Arnaud SOULLIÉ
WS - Linq 4th Flr - Icon C - cont...(10:00-13:59) - Where's My Browser? Learn Hacking iOS and Android WebViews - David Turco, Jon Overgaard Christiansen
WS - Linq 4th Flr - Icon D - cont...(10:00-13:59) - Finding Needles in Haystacks - Louis Nyffenegger, Luke Jahnke
WS - Linq 4th Flr - Icon E - cont...(10:00-13:59) - Building Autonomous AppSec Test Pipelines with the Robot Framework - Abhay Bhargav, Sharath Kumar Ramadas
WS - Linq 4th Flr - Icon F - cont...(10:00-13:59) - Packet Mining for Privacy Leakage - Dave Porcello, Sean Gallagher

 

Thursday - 13:00


Return to Index  -  Locations Legend
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - A Journey Into Hexagon: Dissecting a Qualcomm Baseband - Seamus Burke
Night Life - Caesars Palace, Queercon Lounge Suite, Rm TBA - cont...(12:00-14:30) - Promether, 1st Party of Defcon -
WS - Linq 4th Flr - Icon A - cont...(10:00-13:59) - Guided Tour to IEEE 802.15.4 and BLE Exploitation - Arun Mane, Rushikesh D. Nandedkar
WS - Linq 4th Flr - Icon B - cont...(10:00-13:59) - Pentesting ICS 101 - Alexandrine Torrents, Arnaud SOULLIÉ
WS - Linq 4th Flr - Icon C - cont...(10:00-13:59) - Where's My Browser? Learn Hacking iOS and Android WebViews - David Turco, Jon Overgaard Christiansen
WS - Linq 4th Flr - Icon D - cont...(10:00-13:59) - Finding Needles in Haystacks - Louis Nyffenegger, Luke Jahnke
WS - Linq 4th Flr - Icon E - cont...(10:00-13:59) - Building Autonomous AppSec Test Pipelines with the Robot Framework - Abhay Bhargav, Sharath Kumar Ramadas
WS - Linq 4th Flr - Icon F - cont...(10:00-13:59) - Packet Mining for Privacy Leakage - Dave Porcello, Sean Gallagher

 

Thursday - 14:00


Return to Index  -  Locations Legend
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - WAGGING THE TAIL—COVERT PASSIVE SURVEILLANCE AND HOW TO MAKE THEIR LIFE DIFFICULT - Si, Agent X
Night Life - Caesars Palace, Queercon Lounge Suite, Rm TBA - cont...(12:00-14:30) - Promether, 1st Party of Defcon -
WS - Linq 4th Flr - Icon A - (14:30-18:30) - Forensic Investigation for the Non-Forensic Investigator - Gary Bates
WS - Linq 4th Flr - Icon B - (14:30-18:30) - Introduction to Cryptographic Attacks - Matt Cheung
WS - Linq 4th Flr - Icon C - (14:30-18:30) - Advanced Wireless Attacks Against Enterprise Networks - Gabriel Ryan, Justin Whitehead
WS - Linq 4th Flr - Icon D - (14:30-18:30) - Fuzzing FTW - Bryce Kunz, Kevin Lustic
WS - Linq 4th Flr - Icon E - (14:30-18:30) - Playing with RFID - Vinnie Vanhoecke, Lorenzo Bernardi
WS - Linq 4th Flr - Icon F - (14:30-18:30) - The Truth is in the Network: Reverse Engineering Application-Layer Protocols Via PCAP - David Pearson

 

Thursday - 15:00


Return to Index  -  Locations Legend
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Building the Hacker Tracker - Whitney Champion, Seth Law
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - (15:30-17:15) - DEF CON 101 Panel - HighWiz, Nikita, Roamer, Chris "Suggy" Sumner, Jericho, Wiseacre, Shaggy
WS - Linq 4th Flr - Icon A - cont...(14:30-18:30) - Forensic Investigation for the Non-Forensic Investigator - Gary Bates
WS - Linq 4th Flr - Icon B - cont...(14:30-18:30) - Introduction to Cryptographic Attacks - Matt Cheung
WS - Linq 4th Flr - Icon C - cont...(14:30-18:30) - Advanced Wireless Attacks Against Enterprise Networks - Gabriel Ryan, Justin Whitehead
WS - Linq 4th Flr - Icon D - cont...(14:30-18:30) - Fuzzing FTW - Bryce Kunz, Kevin Lustic
WS - Linq 4th Flr - Icon E - cont...(14:30-18:30) - Playing with RFID - Vinnie Vanhoecke, Lorenzo Bernardi
WS - Linq 4th Flr - Icon F - cont...(14:30-18:30) - The Truth is in the Network: Reverse Engineering Application-Layer Protocols Via PCAP - David Pearson

 

Thursday - 16:00


Return to Index  -  Locations Legend
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - cont...(15:30-17:15) - DEF CON 101 Panel - HighWiz, Nikita, Roamer, Chris "Suggy" Sumner, Jericho, Wiseacre, Shaggy
Meetup - (off Site)Sunset Park, Pavilion F, (36.0636, -115.1178) - Toxic BBQ -
Meetup - Caesars - Promenade Level - Livorno/Village Talks Rm - BruCamp -
Meetup - Caesars Palace, Queercon Lounge Suite, Rm TBA - Queercon Mixer -
WS - Linq 4th Flr - Icon A - cont...(14:30-18:30) - Forensic Investigation for the Non-Forensic Investigator - Gary Bates
WS - Linq 4th Flr - Icon B - cont...(14:30-18:30) - Introduction to Cryptographic Attacks - Matt Cheung
WS - Linq 4th Flr - Icon C - cont...(14:30-18:30) - Advanced Wireless Attacks Against Enterprise Networks - Gabriel Ryan, Justin Whitehead
WS - Linq 4th Flr - Icon D - cont...(14:30-18:30) - Fuzzing FTW - Bryce Kunz, Kevin Lustic
WS - Linq 4th Flr - Icon E - cont...(14:30-18:30) - Playing with RFID - Vinnie Vanhoecke, Lorenzo Bernardi
WS - Linq 4th Flr - Icon F - cont...(14:30-18:30) - The Truth is in the Network: Reverse Engineering Application-Layer Protocols Via PCAP - David Pearson

 

Thursday - 17:00


Return to Index  -  Locations Legend
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - cont...(15:30-17:15) - DEF CON 101 Panel - HighWiz, Nikita, Roamer, Chris "Suggy" Sumner, Jericho, Wiseacre, Shaggy
Meetup - (off Site)Sunset Park, Pavilion F, (36.0636, -115.1178) - cont...(16:00-21:59) - Toxic BBQ -
Meetup - Caesars - Cafe Americano - [Networking/Social] Blackhat/DefCon Meet-up at Cafe Americano -
Meetup - Caesars - Promenade Level - Anzio Rm past Registration - Hacking for Special Needs -
Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South - Friends of Bill W -
Meetup - Caesars Palace, Queercon Lounge Suite, Rm TBA - cont...(16:00-17:59) - Queercon Mixer -
Night Life - Flamingo - 3rd floor - Track 101 Sunset BR - n00b Party -
WS - Linq 4th Flr - Icon A - cont...(14:30-18:30) - Forensic Investigation for the Non-Forensic Investigator - Gary Bates
WS - Linq 4th Flr - Icon B - cont...(14:30-18:30) - Introduction to Cryptographic Attacks - Matt Cheung
WS - Linq 4th Flr - Icon C - cont...(14:30-18:30) - Advanced Wireless Attacks Against Enterprise Networks - Gabriel Ryan, Justin Whitehead
WS - Linq 4th Flr - Icon D - cont...(14:30-18:30) - Fuzzing FTW - Bryce Kunz, Kevin Lustic
WS - Linq 4th Flr - Icon E - cont...(14:30-18:30) - Playing with RFID - Vinnie Vanhoecke, Lorenzo Bernardi
WS - Linq 4th Flr - Icon F - cont...(14:30-18:30) - The Truth is in the Network: Reverse Engineering Application-Layer Protocols Via PCAP - David Pearson

 

Thursday - 18:00


Return to Index  -  Locations Legend
Meetup - (off Site)Sunset Park, Pavilion F, (36.0636, -115.1178) - cont...(16:00-21:59) - Toxic BBQ -
Meetup - Caesars - Cafe Americano - cont...(17:00-18:59) - [Networking/Social] Blackhat/DefCon Meet-up at Cafe Americano -
Night Life - Flamingo - 3rd floor - Track 101 Sunset BR - cont...(17:00-18:59) - n00b Party -
WS - Linq 4th Flr - Icon A - cont...(14:30-18:30) - Forensic Investigation for the Non-Forensic Investigator - Gary Bates
WS - Linq 4th Flr - Icon B - cont...(14:30-18:30) - Introduction to Cryptographic Attacks - Matt Cheung
WS - Linq 4th Flr - Icon C - cont...(14:30-18:30) - Advanced Wireless Attacks Against Enterprise Networks - Gabriel Ryan, Justin Whitehead
WS - Linq 4th Flr - Icon D - cont...(14:30-18:30) - Fuzzing FTW - Bryce Kunz, Kevin Lustic
WS - Linq 4th Flr - Icon E - cont...(14:30-18:30) - Playing with RFID - Vinnie Vanhoecke, Lorenzo Bernardi
WS - Linq 4th Flr - Icon F - cont...(14:30-18:30) - The Truth is in the Network: Reverse Engineering Application-Layer Protocols Via PCAP - David Pearson

 

Thursday - 19:00


Return to Index  -  Locations Legend
Meetup - (off Site)Sunset Park, Pavilion F, (36.0636, -115.1178) - cont...(16:00-21:59) - Toxic BBQ -

 

Thursday - 20:00


Return to Index  -  Locations Legend
Meetup - (off Site)Sunset Park, Pavilion F, (36.0636, -115.1178) - cont...(16:00-21:59) - Toxic BBQ -
Meetup - Caesars Palace Forum Tower Duplex Suite, Diana Initiative Suite Rm TBA - Quiet Party -
Night Life - Rockhouse Bar 3370 S Las Vegas Blvd - DEF CON 26: Bugcrowd House Party -

 

Thursday - 21:00


Return to Index  -  Locations Legend
Meetup - (off Site)Sunset Park, Pavilion F, (36.0636, -115.1178) - cont...(16:00-21:59) - Toxic BBQ -
Meetup - Caesars Palace Forum Tower Duplex Suite, Diana Initiative Suite Rm TBA - cont...(20:00-23:45) - Quiet Party -
Night Life - Caesars Emperor's Level - Track 1 Palace BR - Party Music - YurkMeister -
Night Life - Rockhouse Bar 3370 S Las Vegas Blvd - cont...(20:00-23:59) - DEF CON 26: Bugcrowd House Party -

 

Thursday - 22:00


Return to Index  -  Locations Legend
Meetup - Caesars Palace Forum Tower Duplex Suite, Diana Initiative Suite Rm TBA - cont...(20:00-23:45) - Quiet Party -
Night Life - Caesars Emperor's Level - Track 1 Palace BR - Party Music - OS System -
Night Life - Rockhouse Bar 3370 S Las Vegas Blvd - cont...(20:00-23:59) - DEF CON 26: Bugcrowd House Party -

 

Thursday - 23:00


Return to Index  -  Locations Legend
Meetup - Caesars Palace Forum Tower Duplex Suite, Diana Initiative Suite Rm TBA - cont...(20:00-23:45) - Quiet Party -
Night Life - Caesars Emperor's Level - Track 1 Palace BR - Party Music - Icetre Normal -
Night Life - Rockhouse Bar 3370 S Las Vegas Blvd - cont...(20:00-23:59) - DEF CON 26: Bugcrowd House Party -

 

Thursday - 24:00


Return to Index  -  Locations Legend
Night Life - Caesars Emperor's Level - Track 1 Palace BR - Party Music - DJ v.27 -

 

Thursday - 25:00


Return to Index  -  Locations Legend
Night Life - Caesars Emperor's Level - Track 1 Palace BR - Party Music - Acid-T -

 

Thursday - 26:00


Return to Index  -  Locations Legend
Night Life - Caesars Emperor's Level - Track 1 Palace BR - Party Music - Tineh Nimjeh -

Friday


This Schedule is tentative and may be changed at any time. Check at an Info Booth for the latest.

 

Friday - 06:00


Return to Index  -  Locations Legend
Meetup - corner of W Flamingo and Las Vegas Blvd underneath the circular temple structure - Defcon 26 4X5K run -
Meetup - Local Bikeshop - 8th Defcon Bike Ride -

 

Friday - 09:00


Return to Index  -  Locations Legend
SKY - Flamingo 3rd Flr - Virginia City Rm - Story Time - Biggest ITSec fuck-ups I've seen over the past 25 years. - Uncle G.

 

Friday - 10:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - Opening Remarks - AI Village Organizers
AIV - Caesars Promenade Level - Florentine BR 3 - (10:20-10:40) - Adversarial Patches - Sven Cattell
AIV - Caesars Promenade Level - Florentine BR 3 - (10:40-11:20) - Stop and Step Away from the Data: Rapid Anomaly Detection via Ransom Note File Classification - Mark Mager
BCOS - Caesars Promenade Level - Pompeian BR 1 - Welcome to the BCOS Monero Village - To be announced
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - WELCOME TO BHV! - Staff
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (10:15-11:30) - Keynote Presentation: Avoiding Trauma, Drama and FUD in Medical Device Disclosure - Jen Ellis
BTV - Flamingo 3rd Flr- Savoy Rm - Automating DFIR: The Counter Future - @rainbow_tables
BTV - Flamingo 3rd Flr- Savoy Rm - (10:40-11:30) - Cloud Security Myths - Xavier Ashe
Contest - Contest Stage - GeekPwn -
CPV - Caesars Promenade Level - Milano BR 1,2 - Welcome
CPV - Caesars Promenade Level - Milano BR 1,2 - (10:30-11:00) - "Won't Somebody Think of the Children?" Examining COPPA Compliance at Scale - Irwin Reyes, Amit Elazari Bar On
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Synfuzz: Building a Grammar Based Re-targetable Test Generation Framework - Joe Rozner
DC - Track 1 - Caesars Emperor's Level - Palace BR - Welcome To DEF CON & Badge Maker Talk - The Dark Tangent
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - De-anonymizing Programmers from Source Code and Binaries - Rachel Greenstadt, Dr. Aylin Caliskan
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Securing our Nation's Election Infrastructure - Jeanette Manfra
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - (10:30-10:50) - Please do not Duplicate: Attacking the Knox Box and Other Keyed Alike Systems - m010ch_
HHV - Caesars Pool Level - Forum 17-21 - Applied Physical Attacks on Embedded Systems, Introductory Version - Joe FitzPatriclk, @arinerron, and @pixieofchaos
ICS - Flamingo Lower Level - Red Rock Rm 6-8 - (10:40-11:10) - How can industrial IioT be protected from the great unwashed masses of IoT devices - Ken Keiser, Ben Barenz
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - (10:15-10:59) - Internet of Medicine : The ultimate key to Rooting the human being - Veronica Schmitt @Po1Zon_P1x13
PHV - Caesars Promenade Level - Neopolitan BR - Mallet: A Proxy for Arbitrary Traffic - Rogan Dawes
PPV - Flamingo Lower Level - Valley Of Fire Rms - (10:30-10:59) - How to Microdose Yourself - a nurse
Service - Caesars - Promenade Level - Anzio Rm past Registration - Ham Radio Exams -
SKY - Flamingo 3rd Flr - Virginia City Rm - Stalker In A Haystack - MasterChen
WS - Linq 4th Flr - Icon A - Bypassing Windows Driver Signature Enforcement - Csaba Fitzl
WS - Linq 4th Flr - Icon B - Reverse Engineering with OpenSCAD and 3D Printing - Nick Tait
WS - Linq 4th Flr - Icon C - Attacking Active Directory and Advanced Defense Methods in 2018 - Adam Steed, James Albany
WS - Linq 4th Flr - Icon D - ARM eXploitation 101 - Sneha Rajguru
WS - Linq 4th Flr - Icon E - Attacking & Auditing Docker Containers Using Open Source - Madhu Akula
WS - Linq 4th Flr - Icon F - Crypto Hero - Sam Bowne, Dylan James Smith, Elizabeth Biddlecome

 

Friday - 11:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - cont...(10:40-11:20) - Stop and Step Away from the Data: Rapid Anomaly Detection via Ransom Note File Classification - Mark Mager
AIV - Caesars Promenade Level - Florentine BR 3 - (11:20-11:59) - JMPgate: Accelerating reverse engineering into hyperspace using AI - Rob Brandon
BCOS - Caesars Promenade Level - Pompeian BR 1 - Keynote Speech: Inside Monero - Howard (hyc) Chu
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - cont...(10:15-11:30) - Keynote Presentation: Avoiding Trauma, Drama and FUD in Medical Device Disclosure - Jen Ellis
BTV - Flamingo 3rd Flr- Savoy Rm - cont...(10:40-11:30) - Cloud Security Myths - Xavier Ashe
BTV - Flamingo 3rd Flr- Savoy Rm - (11:50-12:10) - Effective Log & Events Management - Russell Mosley
Contest - Contest Stage - cont...(10:00-12:59) - GeekPwn -
CPV - Caesars Promenade Level - Milano BR 1,2 - Hamilton's Private Key: American Exceptionalism and the Right to Anonymity - Jeff Kosseff
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - An Attacker Looks at Docker: Approaching Multi-Container Applications - Wesley McGrew
DC - Track 1 - Caesars Emperor's Level - Palace BR - NSA Talks Cybersecurity - Rob Joyce
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - One-liners to Rule Them All - egypt, William Vu
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Lora Smart Water Meter Security Analysis - Yingtao Zeng, Lin Huang, Jun Li
HHV - Caesars Pool Level - Forum 17-21 - cont...(10:00-12:59) - Applied Physical Attacks on Embedded Systems, Introductory Version - Joe FitzPatriclk, @arinerron, and @pixieofchaos
ICS - Flamingo Lower Level - Red Rock Rm 6-8 - cont...(10:40-11:10) - How can industrial IioT be protected from the great unwashed masses of IoT devices - Ken Keiser, Ben Barenz
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - (11:30-11:59) - IoT Village Keynote - Tales of a SOHOpeful Journey: Where our Research Started and Where it's Going - Rick Ramgattie @RRamgattie and Jacob Holcomb @rootHak42
PHV - Caesars Promenade Level - Neopolitan BR - Rethinking Role-Based Security Education - Kat Sweet
PHW - Caesars Promenade Level - Neopolitan BR - Reverse Engineering Malware 101 - Malware Unicorn
PPV - Flamingo Lower Level - Valley Of Fire Rms - Weed Hacking: A Pragmatic Primer For Home Grows - Cristina Munoz
Service - Caesars - Promenade Level - Anzio Rm past Registration - cont...(10:00-15:59) - Ham Radio Exams -
SKY - Flamingo 3rd Flr - Virginia City Rm - Deconstructing DeFeNeStRaTe.C: The first public buffer overflow on a mainframe? - Soldier of FORTRAN
VMHV - Caesars Pool Level - Forum 14-16 - Lessons Learned: DEFCON Voting Village 2017 - Jake Braun, Hari Hursti, Matt Blaze
WLV - Caesars Promenade Level - Milano BR 5,6 - Goodwatch Update - Travis Goodspeed
WS - Linq 4th Flr - Icon A - cont...(10:00-13:59) - Bypassing Windows Driver Signature Enforcement - Csaba Fitzl
WS - Linq 4th Flr - Icon B - cont...(10:00-13:59) - Reverse Engineering with OpenSCAD and 3D Printing - Nick Tait
WS - Linq 4th Flr - Icon C - cont...(10:00-13:59) - Attacking Active Directory and Advanced Defense Methods in 2018 - Adam Steed, James Albany
WS - Linq 4th Flr - Icon D - cont...(10:00-13:59) - ARM eXploitation 101 - Sneha Rajguru
WS - Linq 4th Flr - Icon E - cont...(10:00-13:59) - Attacking & Auditing Docker Containers Using Open Source - Madhu Akula
WS - Linq 4th Flr - Icon F - cont...(10:00-13:59) - Crypto Hero - Sam Bowne, Dylan James Smith, Elizabeth Biddlecome

 

Friday - 12:00


Return to Index  -  Locations Legend
BCOS - Caesars Promenade Level - Pompeian BR 1 - Contests, Challenges, and free giveaways - MSvB and midipoet
BCOS - Caesars Promenade Level - Pompeian BR 1 - (12:30-12:59) - Open Source Hardware and the Monero Project - Parasew
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Just what the Doctor Ordered: 2nd Opinions on Medical Device Security - Christian "quaddi" Dameff MD
BTV - Flamingo 3rd Flr- Savoy Rm - cont...(11:50-12:10) - Effective Log & Events Management - Russell Mosley
BTV - Flamingo 3rd Flr- Savoy Rm - (12:30-13:20) - Evolving security operations to the year 2020 - @IrishMASMS
Contest - Contest Stage - cont...(10:00-12:59) - GeekPwn -
CPV - Caesars Promenade Level - Milano BR 1,2 - Cryptography, Codes, and Secret Writing: An Introduction to Secret Communications - Tess Schrodinger
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - It's Assembler, Jim, but not as we know it: (ab)using binaries from embedded devices for fun and profit - Morgan ``indrora'' Gangwere
DC - Track 1 - Caesars Emperor's Level - Palace BR - Vulnerable Out of the Box: An Evaluation of Android Carrier Devices - Ryan Johnson, Angelos Stavrou
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Breaking Parser Logic: Take Your Path Normalization Off and Pop 0days Out! - Orange Tsai
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Who Controls the Controllers—Hacking Crestron IoT Automation Systems - Ricky "HeadlessZeke" Lawshae
EHV - Caesars Promenade Level - Modena Rm - Asking for a Friend - Speaker TBA
HHV - Caesars Pool Level - Forum 17-21 - cont...(10:00-12:59) - Applied Physical Attacks on Embedded Systems, Introductory Version - Joe FitzPatriclk, @arinerron, and @pixieofchaos
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - (12:30-12:59) - NEST: Securing the Home - Matt Mahler and Kat Mansourimoaied
Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South - Friends of Bill W -
PHV - Caesars Promenade Level - Neopolitan BR - PacketWhisper: Stealthily Exfiltrating Data and Defeating Attribution Using DNS and Text-Based Steganography - TryCatchHCF
PHW - Caesars Promenade Level - Neopolitan BR - cont...(11:00-12:30) - Reverse Engineering Malware 101 - Malware Unicorn
RCV - Caesars Promenade Level - Florentine BR 1,2 - Opening Note - Shubham Mittal / Sudhanshu Chahuhan
RCV - Caesars Promenade Level - Florentine BR 1,2 - Keynote - From Breach to Bust: A short story of graphing and grey data - Andrew Macpherson
RCV - Caesars Promenade Level - Florentine BR 1,2 - (12:55-13:35) - Emergent Recon - fresh methodology and tools for hackers in 2018 - Jason Haddix
Service - Caesars - Promenade Level - Anzio Rm past Registration - cont...(10:00-15:59) - Ham Radio Exams -
Service - Vendors Area - No Starch Press Table - Book Signing - Craig Smith - The Car Hacker's Handbook - Craig Smith
SKY - Flamingo 3rd Flr - Virginia City Rm - When Incident Response Meets Reality - Magg
VMHV - Caesars Pool Level - Forum 14-16 - Lunch Keynote: State and Local Perspectives on Election Security - Jake Braun(moderator), Neal Kelley, Jeanette Manfra, Amber McReynolds, Alex Padilla, Noah Praetz
WLV - Caesars Promenade Level - Milano BR 5,6 - BSSI [Brain Signal Strength Indicator] - finding foxis with acoustic help (piClicker) - steve0
WLV - Caesars Promenade Level - Milano BR 5,6 - (12:30-12:55) - RFNoC: Accelerating the Spectrum with the FPGA - Neel Pandeya and Nate Temple
WS - Linq 4th Flr - Icon A - cont...(10:00-13:59) - Bypassing Windows Driver Signature Enforcement - Csaba Fitzl
WS - Linq 4th Flr - Icon B - cont...(10:00-13:59) - Reverse Engineering with OpenSCAD and 3D Printing - Nick Tait
WS - Linq 4th Flr - Icon C - cont...(10:00-13:59) - Attacking Active Directory and Advanced Defense Methods in 2018 - Adam Steed, James Albany
WS - Linq 4th Flr - Icon D - cont...(10:00-13:59) - ARM eXploitation 101 - Sneha Rajguru
WS - Linq 4th Flr - Icon E - cont...(10:00-13:59) - Attacking & Auditing Docker Containers Using Open Source - Madhu Akula
WS - Linq 4th Flr - Icon F - cont...(10:00-13:59) - Crypto Hero - Sam Bowne, Dylan James Smith, Elizabeth Biddlecome

 

Friday - 13:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - IntelliAV: Building an Effective On-Device Android Malware Detector - Mansour Ahmadi
AIV - Caesars Promenade Level - Florentine BR 3 - (13:20-13:59) - Identifying and correlating anomalies in Internet-wide scan traffic to newsworthy security events - Andrew Morris
BCOS - Caesars Promenade Level - Pompeian BR 1 - A Rundown of Security Issues in Crypto Software Wallets - Marko Bencun
BCOS - Caesars Promenade Level - Pompeian BR 1 - (13:30-13:59) - We Don't Need No Stinkin Badges - Michael Schloh
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (13:30-14:15) - Blue Team Bio: Using Kill-Chain Methodology to Stop Bioterrorism - Mr. Br!ml3y
BTV - Flamingo 3rd Flr- Savoy Rm - cont...(12:30-13:20) - Evolving security operations to the year 2020 - @IrishMASMS
BTV - Flamingo 3rd Flr- Savoy Rm - (13:40-14:30) - Hacking Your Dev Job to Save the World - Where Programming and Hacking Meet - @jtpereyda
CPV - Caesars Promenade Level - Milano BR 1,2 - cont...(12:00-13:30) - Cryptography, Codes, and Secret Writing: An Introduction to Secret Communications - Tess Schrodinger
CPV - Caesars Promenade Level - Milano BR 1,2 - (13:30-14:00) - Opportunistic Onion: More Protection Some of the Time - Mahrud Sayrafi
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Dissecting the Teddy Ruxpin: Reverse Engineering the Smart Bear - zenofex
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - (13:30-13:50) - You can run, but you can't hide. Reverse engineering using X-Ray. - George Tarnovsky
DC - Track 1 - Caesars Emperor's Level - Palace BR - Compromising online accounts by cracking voicemail systems - Martin Vigo
DC - Track 1 - Caesars Emperor's Level - Palace BR - (13:30-13:50) - Dragnet—Your Social Engineering Sidekick - Truman Kain
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Finding Xori: Malware Analysis Triage with Automated Disassembly - Amanda Rousseau, Rich Seymour
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - (13:30-13:50) - Hacking the Brain: Customize Evil Protocol to Pwn an SDN Controller - Feng Xiao, Jianwei Huang, Peng Liu
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - One-Click to OWA - William Martin
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - (13:30-13:50) - Fasten your seatbelts: We are escaping iOS 11 sandbox! - Min (Spark) Zheng, Xiaolong Bai
EHV - Caesars Promenade Level - Modena Rm - Ethics for Security Practitioners - Speaker TBA
ICS - Flamingo Lower Level - Red Rock Rm 6-8 - (13:50-14:20) - Behavior-Based Defense in ICS Environments: Leveraging Minor Incidents to Protect Against Major Attacks - Joe Slowik
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - (13:15-13:59) - Exploiting the IoT hub : What happened to my home? - Hwiwon Lee and Changhyun Park
PHV - Caesars Promenade Level - Neopolitan BR - Target-Based Security Model - Garett Montgomery
PHW - Caesars Promenade Level - Neopolitan BR - Advanced APT Hunting with Splunk - Ryan Kovar and John Stoner
PPV - Flamingo Lower Level - Valley Of Fire Rms - Cruising the Cannabis Highway: Major Breaches in Cannabis Software - Rex
RCV - Caesars Promenade Level - Florentine BR 1,2 - cont...(12:55-13:35) - Emergent Recon - fresh methodology and tools for hackers in 2018 - Jason Haddix
Service - Caesars - Promenade Level - Anzio Rm past Registration - cont...(10:00-15:59) - Ham Radio Exams -
Service - Vendors Area - No Starch Press Table - Book Signing - Travis Goodspeed - PoC || GTFO - Travis Goodspeed
SKY - Flamingo 3rd Flr - Virginia City Rm - Practical attack simulations in Critical National Infrastructure (CNI): Oh the perils, or oh the fun? - William Knowles and James Coote
SKY - Flamingo 3rd Flr - Virginia City Rm - (13:30-13:59) - penetration testing sex toys: "I've seen things you people wouldn't believe" - Renderman
VMHV - Caesars Pool Level - Forum 14-16 - Assessments of Election Infrastructure and Our Understanding and sometimes whY - Robert Karas, Jason Hill
WLV - Caesars Promenade Level - Milano BR 5,6 - Can you hear me now, DEF CON? - Wasabi
WS - Linq 4th Flr - Icon A - cont...(10:00-13:59) - Bypassing Windows Driver Signature Enforcement - Csaba Fitzl
WS - Linq 4th Flr - Icon B - cont...(10:00-13:59) - Reverse Engineering with OpenSCAD and 3D Printing - Nick Tait
WS - Linq 4th Flr - Icon C - cont...(10:00-13:59) - Attacking Active Directory and Advanced Defense Methods in 2018 - Adam Steed, James Albany
WS - Linq 4th Flr - Icon D - cont...(10:00-13:59) - ARM eXploitation 101 - Sneha Rajguru
WS - Linq 4th Flr - Icon E - cont...(10:00-13:59) - Attacking & Auditing Docker Containers Using Open Source - Madhu Akula
WS - Linq 4th Flr - Icon F - cont...(10:00-13:59) - Crypto Hero - Sam Bowne, Dylan James Smith, Elizabeth Biddlecome

 

Friday - 14:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - It’s a Beautiful Day in the Malware Neighborhood - Matt
AIV - Caesars Promenade Level - Florentine BR 3 - (14:30-15:20) - Malware Panel - @drhyrum, @gradient_janitor, @malwareunicorn, @rharang, @bwall (Moderator)
BCOS - Caesars Promenade Level - Pompeian BR 1 - Hack On The BitBox Hardware Wallet - Stephanie Stroka and Marko Bencun
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - cont...(13:30-14:15) - Blue Team Bio: Using Kill-Chain Methodology to Stop Bioterrorism - Mr. Br!ml3y
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (14:15-16:15) - Panel Discussion: The Internet of Bodies - Prof Andrea M. Matwyshyn, Professor of Law, NUSL
BTV - Flamingo 3rd Flr- Savoy Rm - cont...(13:40-14:30) - Hacking Your Dev Job to Save the World - Where Programming and Hacking Meet - @jtpereyda
BTV - Flamingo 3rd Flr- Savoy Rm - (14:50-15:40) - How not to suck at Vulnerability Management [at Scale] - @Plug and mwguy
CPV - Caesars Promenade Level - Milano BR 1,2 - "Probably": an Irreverent Overview of the GDPR - Brendan OConnor
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - UEFI exploitation for the masses - Mickey Shkatov , Jesse Michael
DC - Track 1 - Caesars Emperor's Level - Palace BR - GOD MODE UNLOCKED: Hardware Backdoors in [redacted] x86 CPUs - Christopher Domas
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - 4G—Who is paying your cellular phone bill? - Dr. Silke Holtmanns, Isha Singh
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Revolting Radios - Michael Ossmann, Dominic Spill
EHV - Caesars Promenade Level - Modena Rm - Accountability without accountability: A censorship measurement case study - Speaker TBA
HHV - Caesars Pool Level - Forum 17-21 - Getting to Blinky: #badgelife begins with a single blink - Chris Gammell
ICS - Flamingo Lower Level - Red Rock Rm 6-8 - cont...(13:50-14:20) - Behavior-Based Defense in ICS Environments: Leveraging Minor Incidents to Protect Against Major Attacks - Joe Slowik
ICS - Flamingo Lower Level - Red Rock Rm 6-8 - (14:30-14:59) - How We Cost Our Client £1.2M with 4 lines of code and less than 2 Hours ($2M) - Mike Godfrey
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - (14:30-15:15) - Internet of Laws: Navigating to IoT Hacking Legal Landscape - Amit Elazari @amitelazari & Jamie Williams @jamieleewi
PHV - Caesars Promenade Level - Neopolitan BR - Protecting Crypto Exchanges From a New Wave of Man-in-the-Browser Attacks - Pedro Fortuna
PHW - Caesars Promenade Level - Neopolitan BR - cont...(13:00-14:59) - Advanced APT Hunting with Splunk - Ryan Kovar and John Stoner
PPV - Flamingo Lower Level - Valley Of Fire Rms - The Real History of Marijuana Prohibition - Annie Rouse
RCV - Caesars Promenade Level - Florentine BR 1,2 - (14:40-15:10) - Prebellico - 100% Passive Pre-Engagement and Post Compromise Network Reconnaissance Tool - William Suthers
Service - Caesars - Promenade Level - Anzio Rm past Registration - cont...(10:00-15:59) - Ham Radio Exams -
Service - Vendors Area - No Starch Press Table - cont...(13:00-14:30) - Book Signing - Travis Goodspeed - PoC || GTFO - Travis Goodspeed
Service - Vendors Area - No Starch Press Table - (14:30-15:59) - Book Signing - Tarah Wheeler, with Keren Elazari - Women in Tech - Tarah Wheeler, Keren Elazari
Service - Vendors Area - No Starch Press Table - (14:30-15:59) - Book Signing - Violet Blue - The Smart Girls's Guide to Privacy - Violet Blue
Service - Vendors Area - No Starch Press Table - (14:30-15:59) - Book Signing - Georgia Weidman - Penetration Testing - Georgia Weidman
Service - Vendors Area - No Starch Press Table - (14:30-15:59) - Book Signing - Elissa Shevinsky - Lean Out - Elissa Shevinsky
SKY - Flamingo 3rd Flr - Virginia City Rm - From MormonLeaks to FaithLeaks - Ethan Gregory Dodge
VMHV - Caesars Pool Level - Forum 14-16 - Current Policy Responses to Election Security Concerns - J. Alex Halderman
VMHV - Caesars Pool Level - Forum 14-16 - (14:30-14:59) - A Comprehensive Forensic Analysis of WINVote Voting Machines - Carsten Schurmann
WS - Linq 4th Flr - Icon A - (14:30-18:30) - Hacking Thingz Powered By Machine Learning - Clarence Chio, Anto Joseph
WS - Linq 4th Flr - Icon B - (14:30-18:30) - Buzzing Smart Devices: Smart Band Hacking - Arun Magesh
WS - Linq 4th Flr - Icon C - (14:30-18:30) - Threat Hunting with ELK - Ben Hughes, Fred Mastrippolito, Jeff Magloire
WS - Linq 4th Flr - Icon D - (14:30-18:30) - JWAT...Attacking JSON Web Tokens - Louis Nyffenegger, Luke Jahnke
WS - Linq 4th Flr - Icon E - (14:30-18:30) - Penetration Testing Environments: Client & Test Security - Wesley McGrew, Kendall Blaylock
WS - Linq 4th Flr - Icon F - (14:30-18:30) - Deploying, Attacking, and Securing Software Defined Networks - Jon Medina

 

Friday - 15:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - cont...(14:30-15:20) - Malware Panel - @drhyrum, @gradient_janitor, @malwareunicorn, @rharang, @bwall (Moderator)
AIV - Caesars Promenade Level - Florentine BR 3 - (15:20-15:59) - Detecting Web Attacks with Recurrent Neural Networks - Fedor Sakharov
BCOS - Caesars Promenade Level - Pompeian BR 1 - cont...(14:00-15:59) - Hack On The BitBox Hardware Wallet - Stephanie Stroka and Marko Bencun
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - cont...(14:15-16:15) - Panel Discussion: The Internet of Bodies - Prof Andrea M. Matwyshyn, Professor of Law, NUSL
BTV - Flamingo 3rd Flr- Savoy Rm - cont...(14:50-15:40) - How not to suck at Vulnerability Management [at Scale] - @Plug and mwguy
CPV - Caesars Promenade Level - Milano BR 1,2 - Hiding in plain sight: Disguising HTTPS traffic with domain-fronting - Matt Urquhart
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Weaponizing Unicode: Homographs Beyond IDNs - The Tarquin
DC - Track 1 - Caesars Emperor's Level - Palace BR - Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010 - Gabriel Ryan
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Playback: a TLS 1.3 story - Alfonso García Alguacil, Alejo Murillo Moya
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Privacy infrastructure, challenges and opportunities - yawnbox
EHV - Caesars Promenade Level - Modena Rm - Responsible Disclosure Panel - Speaker TBA
HHV - Caesars Pool Level - Forum 17-21 - cont...(14:00-17:59) - Getting to Blinky: #badgelife begins with a single blink - Chris Gammell
ICS - Flamingo Lower Level - Red Rock Rm 6-8 - A CTF That Teaches: Challenging the Next Generation of ICS Ethical Hackers - Brandon Workentin
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - cont...(14:30-15:15) - Internet of Laws: Navigating to IoT Hacking Legal Landscape - Amit Elazari @amitelazari & Jamie Williams @jamieleewi
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - (15:45-16:30) - The Sound of a Targeted Attack: Attacking IoT Speakers - Stephen Hilt @sjhilt
Meetup - Caesars - Palace Suites - Women, Wisdom, & Wine @ DEF CON 26 by IOActive -
PHV - Caesars Promenade Level - Neopolitan BR - Freedom of Information: Hacking the Human Black Box - Elliott Brink
PHW - Caesars Promenade Level - Neopolitan BR - (15:30-16:59) - Finding and Attacking Undocumented APIs with Python - Ryan Mitchell
PPV - Flamingo Lower Level - Valley Of Fire Rms - About the Open Cannabis Project - Beth Schechter
RCV - Caesars Promenade Level - Florentine BR 1,2 - cont...(14:40-15:10) - Prebellico - 100% Passive Pre-Engagement and Post Compromise Network Reconnaissance Tool - William Suthers
RCV - Caesars Promenade Level - Florentine BR 1,2 - (15:15-15:45) - Adventures in the dark web of government data - Marc DaCosta
RCV - Caesars Promenade Level - Florentine BR 1,2 - (15:50-16:10) - How WHOIS Data Uncovered $32 Billion Connected to the Mormon Church - Ethan Gregory Dodge
Service - Caesars - Promenade Level - Anzio Rm past Registration - cont...(10:00-15:59) - Ham Radio Exams -
Service - Vendors Area - No Starch Press Table - cont...(14:30-15:59) - Book Signing - Tarah Wheeler, with Keren Elazari - Women in Tech - Tarah Wheeler, Keren Elazari
Service - Vendors Area - No Starch Press Table - cont...(14:30-15:59) - Book Signing - Violet Blue - The Smart Girls's Guide to Privacy - Violet Blue
Service - Vendors Area - No Starch Press Table - cont...(14:30-15:59) - Book Signing - Georgia Weidman - Penetration Testing - Georgia Weidman
Service - Vendors Area - No Starch Press Table - cont...(14:30-15:59) - Book Signing - Elissa Shevinsky - Lean Out - Elissa Shevinsky
SEV - Caesars Promenade South - Octavius BR 3-8 - (15:30-15:59) - My Stripper Name is Bubbles - Hannah Silvers
SKY - Flamingo 3rd Flr - Virginia City Rm - OSINT IS FOR SOCCER MOMS - Laura H
VMHV - Caesars Pool Level - Forum 14-16 - Lightning Talks - A Crash Course on Election Security - Matthew Bernhard
VMHV - Caesars Pool Level - Forum 14-16 - (15:15-15:30) - Lightning Talks - Mechanics & Pitfalls of Auditing with Scanners - Margaret MacAlpine
VMHV - Caesars Pool Level - Forum 14-16 - (15:30-15:45) - Lightning Talks - The Return of Software Vulnerabilities in the Brazilian Voting Machine - Diego Aranha
WLV - Caesars Promenade Level - Milano BR 5,6 - WEP and WPA Cracking 101 - Zero_Chaos and Tay-Tay fanboi Wasabi
WS - Linq 4th Flr - Icon A - cont...(14:30-18:30) - Hacking Thingz Powered By Machine Learning - Clarence Chio, Anto Joseph
WS - Linq 4th Flr - Icon B - cont...(14:30-18:30) - Buzzing Smart Devices: Smart Band Hacking - Arun Magesh
WS - Linq 4th Flr - Icon C - cont...(14:30-18:30) - Threat Hunting with ELK - Ben Hughes, Fred Mastrippolito, Jeff Magloire
WS - Linq 4th Flr - Icon D - cont...(14:30-18:30) - JWAT...Attacking JSON Web Tokens - Louis Nyffenegger, Luke Jahnke
WS - Linq 4th Flr - Icon E - cont...(14:30-18:30) - Penetration Testing Environments: Client & Test Security - Wesley McGrew, Kendall Blaylock
WS - Linq 4th Flr - Icon F - cont...(14:30-18:30) - Deploying, Attacking, and Securing Software Defined Networks - Jon Medina

 

Friday - 16:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - Machine Learning for Network Security Hands-on Workshop: DIYML - Sebastian Garcia
AIV - Caesars Promenade Level - Florentine BR 3 - Using AI to Create Music - dj beep code
AIV - Caesars Promenade Level - Florentine BR 3 - Machine Learning as a Service in Your Pocket - Evan Yang
AIV - Caesars Promenade Level - Florentine BR 3 - Deep Exploit - Isao Takaesu
BCOS - Caesars Promenade Level - Pompeian BR 1 - Scaling and Economic Implications of the Adaptive Blocksize in Monero - Francisco "ArticMine" Cabañas
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - cont...(14:15-16:15) - Panel Discussion: The Internet of Bodies - Prof Andrea M. Matwyshyn, Professor of Law, NUSL
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (16:15-16:59) - Hey Bro, I Got Your Fitness Right Here (and your PHI). - Nick - GraphX
BTV - Flamingo 3rd Flr- Savoy Rm - SAEDAY: Subversion and Espionage Directed Against You - Judy Towers
Contest - Contest Stage - EFF Tech Trivia -
CPV - Caesars Promenade Level - Milano BR 1,2 - Cicada: What the Puzzles Can Teach Us About Cryptography and Privacy. - Nox
DDV - Caesars Promenade Level - Capri Rm - The Beginner’s Guide to the Musical Scales of Cyberwar - Jessica “Zhanna” Malekos Smith
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Automated Discovery of Deserialization Gadget Chains - Ian Haken
DC - Track 1 - Caesars Emperor's Level - Palace BR - Your Peripheral Has Planted Malware—An Exploit of NXP SOCs Vulnerability - Yuwei Zheng, Shaokun Cao, Yunding Jian, Mingchuang Qun
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Practical & Improved Wifi MitM with Mana - singe
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Your Voice is My Passport - _delta_zero, Azeem Aqil
EHV - Caesars Promenade Level - Modena Rm - Ethical Disclosure and the Reduction of Harm - Speaker TBA
HHV - Caesars Pool Level - Forum 17-21 - cont...(14:00-17:59) - Getting to Blinky: #badgelife begins with a single blink - Chris Gammell
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - cont...(15:45-16:30) - The Sound of a Targeted Attack: Attacking IoT Speakers - Stephen Hilt @sjhilt
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - (16:45-17:30) - I'm the One Who Doesn't Knock: Unlocking Doors from the Network - David Tomaschik @Matir
Meetup - Caesars - Palace Suites - cont...(15:00-16:59) - Women, Wisdom, & Wine @ DEF CON 26 by IOActive -
PHV - Caesars Promenade Level - Neopolitan BR - Car Infotainment Hacking Methodology and Attack Surface Scenarios - Jay Turla
PHW - Caesars Promenade Level - Neopolitan BR - cont...(15:30-16:59) - Finding and Attacking Undocumented APIs with Python - Ryan Mitchell
PPV - Flamingo Lower Level - Valley Of Fire Rms - Diagnosing Sick Plants with Computer Vision - Harry Moreno
RCV - Caesars Promenade Level - Florentine BR 1,2 - cont...(15:50-16:10) - How WHOIS Data Uncovered $32 Billion Connected to the Mormon Church - Ethan Gregory Dodge
RCV - Caesars Promenade Level - Florentine BR 1,2 - (16:15-16:45) - Hacking the international RFQ Process #killthebuzzwords - Dino Covotsos
RCV - Caesars Promenade Level - Florentine BR 1,2 - (16:50-17:20) - Introducing YOGA: Your OSINT Graphical Analyzer - Micah Hoffman
SEV - Caesars Promenade South - Octavius BR 3-8 - From Introvert to SE: The Journey - Ryan MacDougall
SEV - Caesars Promenade South - Octavius BR 3-8 - (16:55-17:45) - Mr. Sinatra Will Hack You Now - Neil Fallon
SKY - Flamingo 3rd Flr - Virginia City Rm - Robots and AI: What scares the experts? - Brittany "Straithe" Postnikoff, Sara-Jayne Terp
VMHV - Caesars Pool Level - Forum 14-16 - Trustworthy Elections - Joseph Kiniry
VMHV - Caesars Pool Level - Forum 14-16 - (16:30-16:59) - Keynote Address: Alejandro Mayorkas - Alejandro Mayorkas
WLV - Caesars Promenade Level - Milano BR 5,6 - SirenJack: Cracking a 'Secure' Emergency Waring Siren System - Balint Seeber
WS - Linq 4th Flr - Icon A - cont...(14:30-18:30) - Hacking Thingz Powered By Machine Learning - Clarence Chio, Anto Joseph
WS - Linq 4th Flr - Icon B - cont...(14:30-18:30) - Buzzing Smart Devices: Smart Band Hacking - Arun Magesh
WS - Linq 4th Flr - Icon C - cont...(14:30-18:30) - Threat Hunting with ELK - Ben Hughes, Fred Mastrippolito, Jeff Magloire
WS - Linq 4th Flr - Icon D - cont...(14:30-18:30) - JWAT...Attacking JSON Web Tokens - Louis Nyffenegger, Luke Jahnke
WS - Linq 4th Flr - Icon E - cont...(14:30-18:30) - Penetration Testing Environments: Client & Test Security - Wesley McGrew, Kendall Blaylock
WS - Linq 4th Flr - Icon F - cont...(14:30-18:30) - Deploying, Attacking, and Securing Software Defined Networks - Jon Medina

 

Friday - 17:00


Return to Index  -  Locations Legend
BCOS - Caesars Promenade Level - Pompeian BR 1 - Hacking a Crypto Payment Gateway - Devin "Bearded Warrior" Pearson and Felix "Crypto_Cat" Honigwachs
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Nature’s source code is vulnerable and cannot be patched - Jeffrey Ladish
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (17:45-18:30) - Remote Sensing, Distributed Computing, BigData and 3D Epidemiology: Today’s Public Health Opportunity - Debra Laefer
BTV - Flamingo 3rd Flr- Savoy Rm - Stop, Drop, and Assess your SOC - Andy Applebaum
Contest - Contest Stage - cont...(16:00-17:59) - EFF Tech Trivia -
CPV - Caesars Promenade Level - Milano BR 1,2 - Revolutionizing Authentication with Oblivious Cryptography - Dr Adam Everspaugh
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Your Bank's Digital Side Door - Steven Danneman
DC - Track 1 - Caesars Emperor's Level - Palace BR - I'll See Your Missile and Raise You A MIRV: An overview of the Genesis Scripting Engine - Alex Levinson, Dan Borges
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - The L0pht Testimony, 20 Years Later (and Other Things You Were Afraid to Ask) - L0pht Heavy Industries, Elinor Mills, DilDog, Joe Grand, Kingpin, Space Rogue, Mudge, Silicosis , John Tan, Weld Pond
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Reverse Engineering, hacking documentary series - Michael Lee Nirenberg, Dave Buchwald
EHV - Caesars Promenade Level - Modena Rm - (17:30-18:29) - Patching the CFAA: The New CIAA and “Ethical” Conduct in Security Research - Speaker TBA
HHV - Caesars Pool Level - Forum 17-21 - cont...(14:00-17:59) - Getting to Blinky: #badgelife begins with a single blink - Chris Gammell
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - cont...(16:45-17:30) - I'm the One Who Doesn't Knock: Unlocking Doors from the Network - David Tomaschik @Matir
Meetup - Caesars - Circle Bar - DEFCON 909 Meet Up -
Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South - Friends of Bill W -
PHV - Caesars Promenade Level - Neopolitan BR - Swiss Cheese Holes in the Foundation of Modern Security - CERT VU#919801 - Chris Hanlon
PHW - Caesars Promenade Level - Neopolitan BR - (17:30-18:59) - Serious Intro to Python for Admins - Davin Potts
PPV - Flamingo Lower Level - Valley Of Fire Rms - THC Producing, Genetically Modified Yeast - Kevin Chen
PPV - Flamingo Lower Level - Valley Of Fire Rms - (17:30-18:15) - An Overview of Hydroponic Grow Techniques - Adrian, Alex
RCV - Caesars Promenade Level - Florentine BR 1,2 - cont...(16:50-17:20) - Introducing YOGA: Your OSINT Graphical Analyzer - Micah Hoffman
RCV - Caesars Promenade Level - Florentine BR 1,2 - (17:25-17:55) - Using Deep Learning to uncover darkweb malicious actors and their close circle - Rod Soto / Joseph Zadeh
SEV - Caesars Promenade South - Octavius BR 3-8 - cont...(16:55-17:45) - Mr. Sinatra Will Hack You Now - Neil Fallon
SEV - Caesars Promenade South - Octavius BR 3-8 - (17:50-18:40) - In-N-Out - That’s What It’s All About - Billy Boatright
SKY - Flamingo 3rd Flr - Virginia City Rm - The Least Common Denominator Strategy (AKA Don't make DevOps too easy) - Daniel Williams (fbus)
VMHV - Caesars Pool Level - Forum 14-16 - Keynote Address: TBA -
WLV - Caesars Promenade Level - Milano BR 5,6 - Hunting Rogue APs: Hard Lessons - toddpar0dy
WLV - Caesars Promenade Level - Milano BR 5,6 - (17:30-17:55) - Exploring the 802.15.4 Attack Surface - Faz
WS - Linq 4th Flr - Icon A - cont...(14:30-18:30) - Hacking Thingz Powered By Machine Learning - Clarence Chio, Anto Joseph
WS - Linq 4th Flr - Icon B - cont...(14:30-18:30) - Buzzing Smart Devices: Smart Band Hacking - Arun Magesh
WS - Linq 4th Flr - Icon C - cont...(14:30-18:30) - Threat Hunting with ELK - Ben Hughes, Fred Mastrippolito, Jeff Magloire
WS - Linq 4th Flr - Icon D - cont...(14:30-18:30) - JWAT...Attacking JSON Web Tokens - Louis Nyffenegger, Luke Jahnke
WS - Linq 4th Flr - Icon E - cont...(14:30-18:30) - Penetration Testing Environments: Client & Test Security - Wesley McGrew, Kendall Blaylock
WS - Linq 4th Flr - Icon F - cont...(14:30-18:30) - Deploying, Attacking, and Securing Software Defined Networks - Jon Medina

 

Friday - 18:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - INTRO TO DATA MASTERCLASS: Graphs & Anomalies - Leo Meyerovich & Eugene Teo
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - cont...(17:45-18:30) - Remote Sensing, Distributed Computing, BigData and 3D Epidemiology: Today’s Public Health Opportunity - Debra Laefer
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (18:30-18:59) - Custodial Responsibilities in the Connected Age: Digital Specimens and Social Contracts - Andy Coravos
BTV - Flamingo 3rd Flr- Savoy Rm - (18:20-18:59) - Open Source Endpoint Monitoring - Rik van Duijn and Leandro Velasco
Contest - Contest Stage - DEF CON Beard and Moustache Contest -
CPV - Caesars Promenade Level - Milano BR 1,2 - Announcing the Underhanded Crypto Contest Winners - Adam Caudill, Taylor Hornby
CPV - Caesars Promenade Level - Milano BR 1,2 - (18:30-19:00) - Closing Time
EHV - Caesars Promenade Level - Modena Rm - cont...(17:30-18:29) - Patching the CFAA: The New CIAA and “Ethical” Conduct in Security Research - Speaker TBA
EHV - Caesars Promenade Level - Modena Rm - (18:30-19:29) - Discussion - Speaker TBA
Meetup - Caesars - Circle Bar - cont...(17:00-18:59) - DEFCON 909 Meet Up -
Meetup - Stage Door 4000 Linq Ln., Las Vegas (Right across the street from Caesars Palace) - /R/defcon redit Meetup -
Meetup - The Park on Las Vegas Blvd. by TMobile Arena - (18:30-20:30) - DEF CON Dinner Con -
PHV - Caesars Promenade Level - Neopolitan BR - Mapping Wi-Fi Networks and Triggering on Interesting Traffic Patterns - Caleb Madrigal
PHW - Caesars Promenade Level - Neopolitan BR - cont...(17:30-18:59) - Serious Intro to Python for Admins - Davin Potts
PPV - Flamingo Lower Level - Valley Of Fire Rms - cont...(17:30-18:15) - An Overview of Hydroponic Grow Techniques - Adrian, Alex
PPV - Flamingo Lower Level - Valley Of Fire Rms - (18:15-18:59) - Vulnerabilities in Cannabis Software - Project Nexus
RCV - Caesars Promenade Level - Florentine BR 1,2 - I fought the law and law lost - Mauro Caseres
SEV - Caesars Promenade South - Octavius BR 3-8 - cont...(17:50-18:40) - In-N-Out - That’s What It’s All About - Billy Boatright
SEV - Caesars Promenade South - Octavius BR 3-8 - (18:40-19:30) - The Art of Business Warfare - Wayne Ronaldson
SKY - Flamingo 3rd Flr - Virginia City Rm - Real Simple Blue Team Shit - @wornbt
WLV - Caesars Promenade Level - Milano BR 5,6 - Blue_Sonar - Zero_Chaos and Rick "Captain Marko Ramius" Mellendick
WS - Linq 4th Flr - Icon A - cont...(14:30-18:30) - Hacking Thingz Powered By Machine Learning - Clarence Chio, Anto Joseph
WS - Linq 4th Flr - Icon B - cont...(14:30-18:30) - Buzzing Smart Devices: Smart Band Hacking - Arun Magesh
WS - Linq 4th Flr - Icon C - cont...(14:30-18:30) - Threat Hunting with ELK - Ben Hughes, Fred Mastrippolito, Jeff Magloire
WS - Linq 4th Flr - Icon D - cont...(14:30-18:30) - JWAT...Attacking JSON Web Tokens - Louis Nyffenegger, Luke Jahnke
WS - Linq 4th Flr - Icon E - cont...(14:30-18:30) - Penetration Testing Environments: Client & Test Security - Wesley McGrew, Kendall Blaylock
WS - Linq 4th Flr - Icon F - cont...(14:30-18:30) - Deploying, Attacking, and Securing Software Defined Networks - Jon Medina

 

Friday - 19:00


Return to Index  -  Locations Legend
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (19:15-19:15) - Take two of these and syscall execve() in the morning: A retrospective and primer on medical device security research - Robert Portvliet
Contest - Contest Stage - cont...(18:00-19:59) - DEF CON Beard and Moustache Contest -
EHV - Caesars Promenade Level - Modena Rm - cont...(18:30-19:29) - Discussion - Speaker TBA
Meetup - Flamingo - 3rd Floor - Carson City Rm - Lawyer Meet -
Meetup - Stage Door 4000 Linq Ln., Las Vegas (Right across the street from Caesars Palace) - cont...(18:00-20:30) - /R/defcon redit Meetup -
Meetup - The Park on Las Vegas Blvd. by TMobile Arena - cont...(18:30-20:30) - DEF CON Dinner Con -
Night Life - Caesars - Location printed on badges - Cubcon 2018 -
SEV - Caesars Promenade South - Octavius BR 3-8 - cont...(18:40-19:30) - The Art of Business Warfare - Wayne Ronaldson
SEV - Caesars Promenade South - Octavius BR 3-8 - (19:35-20:10) - Swarm Intelligence and Augmented Reality Gaming - Nancy Eckert

 

Friday - 20:00


Return to Index  -  Locations Legend
Contest - Caesars - Track 3 - Pool Level - Forum BR 1-11,25 - Hacker Jeopardy -
Contest - Contest Stage - Whose Slide is it Anyway? -
DC - Octavius 13 - Disrupting the Digital Dystopia or What the hell is happening in computer law? - Nathan White, Nate Cardozo
DC - Octavius 9 - D0 N0 H4RM: A Healthcare Security Conversation - Christian"quaddi" Dameff MD, Jeff "r3plicant" Tully MD, Kirill Levchenko PhD, Beau Woods, Roberto Suarez, Jay Radcliffe, Joshua
DC - Roman Chillout - Oh Noes!—A Role Playing Incident Response Game - Bruce Potter, Robert Potter
Meetup - Caesars Palace Forum Tower Duplex Suite, Diana Initiative Suite Rm TBA - (20:30-23:45) - Loud Party -
Meetup - Flamingo - 3rd Floor - Chillout Rm - (20:30-23:59) - /R/defcon redit Meetup -
Meetup - Stage Door 4000 Linq Ln., Las Vegas (Right across the street from Caesars Palace) - cont...(18:00-20:30) - /R/defcon redit Meetup -
Meetup - The Park on Las Vegas Blvd. by TMobile Arena - cont...(18:30-20:30) - DEF CON Dinner Con -
Night Life - Caesars - Emperors Level - Chillout Rm - Hacker Karaoke -
Night Life - Caesars - Location printed on badges - cont...(19:00-23:59) - Cubcon 2018 -
Night Life - Caesars - Track 2 - Promenade South - Octavius BR 12-24 - Movie Night -
Night Life - Flamingo - 3rd Floor - Mesquite Rm - (20:30-25:59) - Arcade Party -
Night Life - Flamingo - 3rd floor - Track 101 Scenic BR - (20:30-23:59) - GeekPwn Party -
Night Life - Flamingo - 3rd Floor - Track 101 Twilight BR - (20:30-23:59) - House of Kenzo -
Night Life - Flamingo - Lower Level - Red Rock RM 6 - (20:30-25:59) - Vet Con -
Night Life - Forum Tower Duplex Hangover Suite - 503 Party 2018 -
SEV - Caesars Promenade South - Octavius BR 3-8 - cont...(19:35-20:10) - Swarm Intelligence and Augmented Reality Gaming - Nancy Eckert

 

Friday - 21:00


Return to Index  -  Locations Legend
Contest - Caesars - Track 3 - Pool Level - Forum BR 1-11,25 - cont...(20:00-21:59) - Hacker Jeopardy -
Contest - Contest Stage - cont...(20:00-21:59) - Whose Slide is it Anyway? -
Meetup - Caesars Palace Forum Tower Duplex Suite, Diana Initiative Suite Rm TBA - cont...(20:30-23:45) - Loud Party -
Meetup - Flamingo - 3rd Floor - Chillout Rm - cont...(20:30-23:59) - /R/defcon redit Meetup -
Night Life - Caesars - Emperors Level - Chillout Rm - cont...(20:00-25:59) - Hacker Karaoke -
Night Life - Caesars - Location printed on badges - cont...(19:00-23:59) - Cubcon 2018 -
Night Life - Caesars - Track 2 - Promenade South - Octavius BR 12-24 - cont...(20:00-23:59) - Movie Night -
Night Life - Caesars Emperor's Level - Track 1 Palace BR - Party Music - JG & The Robots -
Night Life - Flamingo - 3rd Floor - Mesquite Rm - cont...(20:30-25:59) - Arcade Party -
Night Life - Flamingo - 3rd floor - Track 101 Scenic BR - cont...(20:30-23:59) - GeekPwn Party -
Night Life - Flamingo - 3rd Floor - Track 101 Twilight BR - cont...(20:30-23:59) - House of Kenzo -
Night Life - Flamingo - 3rd Floor - Track 101 Vista BR - Live Band Karaoke -
Night Life - Flamingo - Lower Level - Red Rock RM 6 - cont...(20:30-25:59) - Vet Con -
Night Life - Forum Tower Duplex Hangover Suite - cont...(20:00-23:59) - 503 Party 2018 -

 

Friday - 22:00


Return to Index  -  Locations Legend
Meetup - Caesars Palace Forum Tower Duplex Suite, Diana Initiative Suite Rm TBA - cont...(20:30-23:45) - Loud Party -
Meetup - Flamingo - 3rd Floor - Chillout Rm - cont...(20:30-23:59) - /R/defcon redit Meetup -
Night Life - Caesars - Emperors Level - Chillout Rm - cont...(20:00-25:59) - Hacker Karaoke -
Night Life - Caesars - Location printed on badges - cont...(19:00-23:59) - Cubcon 2018 -
Night Life - Caesars - Track 2 - Promenade South - Octavius BR 12-24 - cont...(20:00-23:59) - Movie Night -
Night Life - Caesars Emperor's Level - Track 1 Palace BR - Party Music - YT Cracker -
Night Life - Caesars Emperor's Level - Track 1 Palace BR - (22:45-23:30) - Party Music - Dualcore -
Night Life - Flamingo - 3rd Floor - Mesquite Rm - cont...(20:30-25:59) - Arcade Party -
Night Life - Flamingo - 3rd floor - Track 101 Scenic BR - cont...(20:30-23:59) - GeekPwn Party -
Night Life - Flamingo - 3rd Floor - Track 101 Twilight BR - cont...(20:30-23:59) - House of Kenzo -
Night Life - Flamingo - 3rd Floor - Track 101 Vista BR - cont...(21:00-23:59) - Live Band Karaoke -
Night Life - Flamingo - Lower Level - Red Rock RM 6 - cont...(20:30-25:59) - Vet Con -
Night Life - Forum Tower Duplex Hangover Suite - cont...(20:00-23:59) - 503 Party 2018 -
SKY - Flamingo 3rd Flr - Virginia City Rm - skytalks (303) FRIDAY PARTY - Read the Details - @wornbt

 

Friday - 23:00


Return to Index  -  Locations Legend
Meetup - Caesars Palace Forum Tower Duplex Suite, Diana Initiative Suite Rm TBA - cont...(20:30-23:45) - Loud Party -
Meetup - Flamingo - 3rd Floor - Chillout Rm - cont...(20:30-23:59) - /R/defcon redit Meetup -
Night Life - Caesars - Emperors Level - Chillout Rm - cont...(20:00-25:59) - Hacker Karaoke -
Night Life - Caesars - Location printed on badges - cont...(19:00-23:59) - Cubcon 2018 -
Night Life - Caesars - Track 2 - Promenade South - Octavius BR 12-24 - cont...(20:00-23:59) - Movie Night -
Night Life - Caesars Emperor's Level - Track 1 Palace BR - cont...(22:45-23:30) - Party Music - Dualcore -
Night Life - Caesars Emperor's Level - Track 1 Palace BR - (23:30-24:15) - Party Music - MC Frontalot -
Night Life - Flamingo - 3rd Floor - Mesquite Rm - cont...(20:30-25:59) - Arcade Party -
Night Life - Flamingo - 3rd floor - Track 101 Scenic BR - cont...(20:30-23:59) - GeekPwn Party -
Night Life - Flamingo - 3rd Floor - Track 101 Twilight BR - cont...(20:30-23:59) - House of Kenzo -
Night Life - Flamingo - 3rd Floor - Track 101 Vista BR - cont...(21:00-23:59) - Live Band Karaoke -
Night Life - Flamingo - Lower Level - Red Rock RM 6 - cont...(20:30-25:59) - Vet Con -
Night Life - Forum Tower Duplex Hangover Suite - cont...(20:00-23:59) - 503 Party 2018 -
SKY - Flamingo 3rd Flr - Virginia City Rm - cont...(22:00-25:59) - skytalks (303) FRIDAY PARTY - Read the Details - @wornbt

 

Friday - 24:00


Return to Index  -  Locations Legend
Night Life - Caesars - Emperors Level - Chillout Rm - cont...(20:00-25:59) - Hacker Karaoke -
Night Life - Caesars Emperor's Level - Track 1 Palace BR - cont...(23:30-24:15) - Party Music - MC Frontalot -
Night Life - Caesars Emperor's Level - Track 1 Palace BR - (24:15-25:15) - Party Music - TBD -
Night Life - Flamingo - 3rd Floor - Mesquite Rm - cont...(20:30-25:59) - Arcade Party -
Night Life - Flamingo - Lower Level - Red Rock RM 6 - cont...(20:30-25:59) - Vet Con -
SKY - Flamingo 3rd Flr - Virginia City Rm - cont...(22:00-25:59) - skytalks (303) FRIDAY PARTY - Read the Details - @wornbt

 

Friday - 25:00


Return to Index  -  Locations Legend
Night Life - Caesars - Emperors Level - Chillout Rm - cont...(20:00-25:59) - Hacker Karaoke -
Night Life - Caesars Emperor's Level - Track 1 Palace BR - cont...(24:15-25:15) - Party Music - TBD -
Night Life - Caesars Emperor's Level - Track 1 Palace BR - (25:15-26:15) - Party Music - Scotch & Bubbles -
Night Life - Flamingo - 3rd Floor - Mesquite Rm - cont...(20:30-25:59) - Arcade Party -
Night Life - Flamingo - Lower Level - Red Rock RM 6 - cont...(20:30-25:59) - Vet Con -
SKY - Flamingo 3rd Flr - Virginia City Rm - cont...(22:00-25:59) - skytalks (303) FRIDAY PARTY - Read the Details - @wornbt

 

Friday - 26:00


Return to Index  -  Locations Legend
Night Life - Caesars Emperor's Level - Track 1 Palace BR - cont...(25:15-26:15) - Party Music - Scotch & Bubbles -
Night Life - Caesars Emperor's Level - Track 1 Palace BR - (26:15-26:59) - Party Music - Circuit Static -

Saturday


This Schedule is tentative and may be changed at any time. Check at an Info Booth for the latest.

 

Saturday - 06:00


Return to Index  -  Locations Legend
Meetup - corner of W Flamingo and Las Vegas Blvd underneath the circular temple structure - Defcon 26 4X5K run -

 

Saturday - 09:00


Return to Index  -  Locations Legend
PHW - Caesars Promenade Level - Neopolitan BR - (09:30-13:30) - Kali Dojo Workshop - Johnny Long
SKY - Flamingo 3rd Flr - Virginia City Rm - What happened behind the closed doors at MS - Dimitri
SKY - Flamingo 3rd Flr - Virginia City Rm - (09:30-09:59) - http2 and you - security panda

 

Saturday - 10:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - The current state of adversarial machine learning - infosecanon
AIV - Caesars Promenade Level - Florentine BR 3 - (10:20-10:40) - Chatting with your programs to find vulnerabilities - Chris Gardner
AIV - Caesars Promenade Level - Florentine BR 3 - (10:40-11:20) - The great power of AI: Algorithmic mirrors of society - Aylin Caliskan
BCOS - Caesars Promenade Level - Pompeian BR 1 - BCOS keynote speech - Philip Martin (VP Security, COINBASE)
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - WELCOME TO DAY 2 of BHV! - Staff
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (10:15-10:15) - WaterBot - Hackable Scientific Plant Bot - BiaSciLab
Contest - Contest Stage - D(Struction)20 CTF -
CPV - Caesars Promenade Level - Milano BR 1,2 - Welcome
CPV - Caesars Promenade Level - Milano BR 1,2 - (10:30-11:30) - Cloud Encryption: How to not suck at securing your encryption keys - Marie Fromm
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Through the Eyes of the Attacker: Designing Embedded Systems Exploits for Industrial Control Systems - Jos Wetzels, Marina Krotofil
DC - Track 1 - Caesars Emperor's Level - Palace BR - It WISN't me, attacking industrial wireless mesh networks - Erwin Paternotte, Mattijs van Ommeren
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - You're just complaining because you're guilty: A DEF CON Guide to Adversarial Testing of Software Used In the Criminal Justice System - Dr. Jeanna N. Matthews:, Nathan Adams, Jerome Greco
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - You may have paid more than you imagine—Replay Attacks on Ethereum Smart Contracts - Zhenxuan Bai, Yuwei Zheng, Senhua Wang, Kunzhe Chai
DL - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1 - #WiFiCactus - Mike Spicer
DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - Archery—Open Source Vulnerability Assessment and Management - Anand Tiwari
DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - firstorder - Utku Sen, Gozde Sinturk
DL - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1 - Orthrus - Nick Sayer
DL - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1 - Local Sheriff - Konark Modi
DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - Halcyon IDE - Sanoop Thomas
HHV - Caesars Pool Level - Forum 17-21 - Hacking your HackRF - Mike Davis
ICS - Flamingo Lower Level - Red Rock Rm 6-8 - Securing Critical Infrastructure through Side-Channel Monitoring - James Harris, Carlos Aguayo
ICS - Flamingo Lower Level - Red Rock Rm 6-8 - (10:40-11:10) - Analyzing VPNFilter's Modbus Module - Patrick DeSantis, Carlos Pacho
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - (10:15-10:59) - FPGA’s: a new attack surface for embedded adversaries. - John Dunlap @JohnDunlap2
PHV - Caesars Promenade Level - Neopolitan BR - Ducky-in-the-Middle: Injecting Keystrokes into Plaintext Protocols - Esteban Rodriguez
PHV - Caesars Promenade Level - Neopolitan BR - (10:30-10:59) - How to Tune Automation to Avoid False Positives - Gita Ziabari
PHW - Caesars Promenade Level - Neopolitan BR - cont...(09:30-13:30) - Kali Dojo Workshop - Johnny Long
RCV - Caesars Promenade Level - Florentine BR 1,2 - Building visualisation platforms for OSINT data using open source solutions - Bharath Kumar / Madhu
SKY - Flamingo 3rd Flr - Virginia City Rm - Don't Bring Me Down: Weaponizing botnets - @3ncr1pted
WS - Linq 4th Flr - Icon A - Joe Grand's Hardware Hacking Basics - Joe Grand
WS - Linq 4th Flr - Icon B - Fuzzing with AFL (American Fuzzy Lop) - Jakub Botwicz, Wojciech Rauner
WS - Linq 4th Flr - Icon C - Advanced Custom Network Protocol Fuzzing - Joshua Pereyda, Timothy Clemans
WS - Linq 4th Flr - Icon D - Adventures in Radio Scanning: Advanced Scanning Techniques with SDR - Richard Henderson, Bryan Passifiume
WS - Linq 4th Flr - Icon E - Attack & Defense in AWS Environments - Vaibhav Gupta, Sandeep Singh
WS - Linq 4th Flr - Icon F - Decentralized Hacker Net - Eijah

 

Saturday - 11:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - cont...(10:40-11:20) - The great power of AI: Algorithmic mirrors of society - Aylin Caliskan
AIV - Caesars Promenade Level - Florentine BR 3 - (11:20-11:40) - DeepPhish: Simulating the Malicious Use of AI - Ivan Torroledo
BCOS - Caesars Promenade Level - Pompeian BR 1 - Prize winners, awards, and announcements - midipoet and MSvB
BCOS - Caesars Promenade Level - Pompeian BR 1 - (11:30-11:59) - Monero's Emerging Applications - Fluffy Pony
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - cont...(10:00-11:15) - WELCOME TO DAY 2 of BHV! - Staff
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (11:15-11:59) - Technology Enabled Prosthetic Environments - Gerry Scott
Contest - Contest Stage - cont...(10:00-11:59) - D(Struction)20 CTF -
CPV - Caesars Promenade Level - Milano BR 1,2 - cont...(10:30-11:30) - Cloud Encryption: How to not suck at securing your encryption keys - Marie Fromm
CPV - Caesars Promenade Level - Milano BR 1,2 - (11:30-12:00) - Green Locks for You and Me - Wendy Knox Everette
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Hacking PLCs and Causing Havoc on Critical Infrastructures - Thiago Alves
DC - Track 1 - Caesars Emperor's Level - Palace BR - Exploiting Active Directory Administrator Insecurities - Sean Metcalf
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Compression Oracle Attacks on VPN Networks - Nafeez
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Jailbreaking the 3DS through 7 years of hardening - smea
DL - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(10:00-11:50) - #WiFiCactus - Mike Spicer
DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(10:00-11:50) - Archery—Open Source Vulnerability Assessment and Management - Anand Tiwari
DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(10:00-11:50) - firstorder - Utku Sen, Gozde Sinturk
DL - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(10:00-11:50) - Orthrus - Nick Sayer
DL - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(10:00-11:50) - Local Sheriff - Konark Modi
DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(10:00-11:50) - Halcyon IDE - Sanoop Thomas
EHV - Caesars Promenade Level - Modena Rm - Ethics of Technology in Humanitarian and Disaster Response - Speaker TBA
HHV - Caesars Pool Level - Forum 17-21 - Disabling Intel ME in Firmware - Brian Milliron
ICS - Flamingo Lower Level - Red Rock Rm 6-8 - cont...(10:40-11:10) - Analyzing VPNFilter's Modbus Module - Patrick DeSantis, Carlos Pacho
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - (11:15-11:59) - Your Smart Scale is Leaking More than Your Weight - Erez Yalon @ErezYalon
PHV - Caesars Promenade Level - Neopolitan BR - wpa-sec: The Largest Online WPA Handshake Database - Alex Stanev
PHV - Caesars Promenade Level - Neopolitan BR - (11:30-11:59) - Capturing in Hard to Reach Places - Silas Cutler
PHW - Caesars Promenade Level - Neopolitan BR - cont...(09:30-13:30) - Kali Dojo Workshop - Johnny Long
PPV - Flamingo Lower Level - Valley Of Fire Rms - The Cantankerous Cannabis Cryptocurrency Kerfuffle - Octet In Triplicate
RCV - Caesars Promenade Level - Florentine BR 1,2 - cont...(10:00-11:59) - Building visualisation platforms for OSINT data using open source solutions - Bharath Kumar / Madhu
SKY - Flamingo 3rd Flr - Virginia City Rm - The Abyss is Waving Back - Sidragon
WLV - Caesars Promenade Level - Milano BR 5,6 - Learning to Listen: Machine Learning for Adaptive Wireless Adversary Detection - John Dunlap
WS - Linq 4th Flr - Icon A - cont...(10:00-13:59) - Joe Grand's Hardware Hacking Basics - Joe Grand
WS - Linq 4th Flr - Icon B - cont...(10:00-13:59) - Fuzzing with AFL (American Fuzzy Lop) - Jakub Botwicz, Wojciech Rauner
WS - Linq 4th Flr - Icon C - cont...(10:00-13:59) - Advanced Custom Network Protocol Fuzzing - Joshua Pereyda, Timothy Clemans
WS - Linq 4th Flr - Icon D - cont...(10:00-13:59) - Adventures in Radio Scanning: Advanced Scanning Techniques with SDR - Richard Henderson, Bryan Passifiume
WS - Linq 4th Flr - Icon E - cont...(10:00-13:59) - Attack & Defense in AWS Environments - Vaibhav Gupta, Sandeep Singh
WS - Linq 4th Flr - Icon F - cont...(10:00-13:59) - Decentralized Hacker Net - Eijah

 

Saturday - 12:00


Return to Index  -  Locations Legend
BCOS - Caesars Promenade Level - Pompeian BR 1 - We Program Our Stinkin Badges! - Michael Schloh
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - No Firewall Can Save You At The Intersection Of Genetics and Privacy - Almost Human
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (12:45-13:30) - Mother Natures Development Lifecycles… OR Why the T-Rex didn’t get extenders. - siDragon
CPV - Caesars Promenade Level - Milano BR 1,2 - No Way JOSE! Designing Cryptography Features for Mere Mortals - Scott Arciszewski
DC - 101 Track - Building Absurd Christmas Light Shows - Rob Joyce
DC - Track 1 - Caesars Emperor's Level - Palace BR - Tineola: Taking a Bite Out of Enterprise Blockchain - Stark Riedesel, Parsia Hakimian
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - You'd better secure your BLE devices or we'll kick your butts ! - Damien "virtualabs" Cauquil
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Ridealong Adventures—Critical Issues with Police Body Cameras - Josh Mitchell
DL - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1 - trackerjacker - Caleb Madrigal
DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - Cloud Security Suite—One stop tool for AWS, GCP & Azure Security Audit - Jayesh Singh Chauhan
DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - GreyNoise - Andrew Morris
DL - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1 - WHID Injector: Hot To Bring HID Attacks to the Next Level - Luca Bongiorni
DL - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1 - BLEMystique—Affordable custom BLE target - Nishant Sharma, Jeswin Mathai
DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - ADRecon: Active Directory Recon - Prashant Mahajan
HHV - Caesars Pool Level - Forum 17-21 - NFC Payments: The Art of Relay & Replay Attacks - Salvador Mendoza
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - (12:30-12:59) - Panel Q&A – IoT Manufacturers: Answers on Security Straight from the Source - Panel
Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South - Friends of Bill W -
Meetup - Chill Out Lounge - Deaf Con Meet Up -
PHV - Caesars Promenade Level - Neopolitan BR - An OSINT Approach to Third Party Cloud Service Provider Evaluation - Lokesh Pidawekar
PHV - Caesars Promenade Level - Neopolitan BR - (12:30-12:59) - Bitsquatting: Passive DNS Hijacking - Ed Miles
PHW - Caesars Promenade Level - Neopolitan BR - cont...(09:30-13:30) - Kali Dojo Workshop - Johnny Long
RCV - Caesars Promenade Level - Florentine BR 1,2 - Cartoons, Sketchnotes, Bullet Journals and Other Data Visualization Tricks - Raye Keslensky
RCV - Caesars Promenade Level - Florentine BR 1,2 - Bug Bounty Hunting on Steroids - Anshuman Bhartiya / Glen Grant
Service - Caesars - Promenade Level - Anzio Rm past Registration - Ham Radio Exams -
SKY - Flamingo 3rd Flr - Virginia City Rm - Cloud Security Myths - Xavier Ashe
WLV - Caesars Promenade Level - Milano BR 5,6 - Attacking Gotenna Networks - recompiler
WS - Linq 4th Flr - Icon A - cont...(10:00-13:59) - Joe Grand's Hardware Hacking Basics - Joe Grand
WS - Linq 4th Flr - Icon B - cont...(10:00-13:59) - Fuzzing with AFL (American Fuzzy Lop) - Jakub Botwicz, Wojciech Rauner
WS - Linq 4th Flr - Icon C - cont...(10:00-13:59) - Advanced Custom Network Protocol Fuzzing - Joshua Pereyda, Timothy Clemans
WS - Linq 4th Flr - Icon D - cont...(10:00-13:59) - Adventures in Radio Scanning: Advanced Scanning Techniques with SDR - Richard Henderson, Bryan Passifiume
WS - Linq 4th Flr - Icon E - cont...(10:00-13:59) - Attack & Defense in AWS Environments - Vaibhav Gupta, Sandeep Singh
WS - Linq 4th Flr - Icon F - cont...(10:00-13:59) - Decentralized Hacker Net - Eijah

 

Saturday - 13:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - Machine Learning Model Hardening For Fun and Profit - Ariel Herbert-Voss
AIV - Caesars Promenade Level - Florentine BR 3 - (13:20-13:59) - Automated Planning for the Automated Red Team - Andy Applebaum
BCOS - Caesars Promenade Level - Pompeian BR 1 - cont...(12:00-13:59) - We Program Our Stinkin Badges! - Michael Schloh
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - cont...(12:45-13:30) - Mother Natures Development Lifecycles… OR Why the T-Rex didn’t get extenders. - siDragon
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (13:30-14:15) - DNA Encryption: Bioencryption to Store Your Secrets in living organisms - John Dunlap
CPV - Caesars Promenade Level - Milano BR 1,2 - Sluts, Bullies, and Best Selves: Rethinking Digital Privacy Education - Caroline D. Hardin, Jen Dalsen
CPV - Caesars Promenade Level - Milano BR 1,2 - (13:30-14:00) - Building a Cryptographic Backdoor in OpenSSL - Lei Shi, Allen Cai
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - One Step Ahead of Cheaters -- Instrumenting Android Emulators - Nevermoe (@n3v3rm03)
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - (13:30-13:50) - House of Roman—a "leakless" heap fengshui to achieve RCE on PIE Binaries - Sanat Sharma
DC - Track 1 - Caesars Emperor's Level - Palace BR - In Soviet Russia Smartcard Hacks You - Eric Sesterhenn
DC - Track 1 - Caesars Emperor's Level - Palace BR - (13:30-13:50) - The ring 0 façade: awakening the processor's inner demons - Christopher Domas
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Reaping and breaking keys at scale: when crypto meets big data - Yolan Romailler, Nils Amiet
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - (13:30-13:50) - Detecting Blue Team Research Through Targeted Ads - 0x200b
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Looking for the perfect signature: an automatic YARA rules generation algorithm in the AI-era - Andrea Marcelli
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - (13:30-14:15) - Infecting The Embedded Supply Chain - Zach, Alex
DL - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(12:00-13:50) - trackerjacker - Caleb Madrigal
DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(12:00-13:50) - Cloud Security Suite—One stop tool for AWS, GCP & Azure Security Audit - Jayesh Singh Chauhan
DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(12:00-13:50) - GreyNoise - Andrew Morris
DL - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(12:00-13:50) - WHID Injector: Hot To Bring HID Attacks to the Next Level - Luca Bongiorni
DL - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(12:00-13:50) - BLEMystique—Affordable custom BLE target - Nishant Sharma, Jeswin Mathai
DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(12:00-13:50) - ADRecon: Active Directory Recon - Prashant Mahajan
EHV - Caesars Promenade Level - Modena Rm - Nations and Nationalism and Cyber Security - Navigating Difficult Relationships in the Private Infosec Space - Speaker TBA
ICS - Flamingo Lower Level - Red Rock Rm 6-8 - (13:15-13:45) - Disassembly and Hacking of Firmware Where You Least Expect It: In Your Tools- with live hacking demonstration - Monta Elkins
ICS - Flamingo Lower Level - Red Rock Rm 6-8 - (13:55-14:25) - TOR for The IOT aka TORT Reform - Bryson Bort
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - (13:15-13:59) - Worms that fight back: Nematodes as an antidote for IoT malware - Matt Wixey @darkartlab
PHV - Caesars Promenade Level - Neopolitan BR - Turning Deception Outside-In: Tricking Attackers with OSINT - Hadar Yudovich, Tom Kahana, Tom Sela
PHV - Caesars Promenade Level - Neopolitan BR - (13:30-13:59) - Defense in Depth: The Path to SGX at Akamai - Sam Erb
PHW - Caesars Promenade Level - Neopolitan BR - cont...(09:30-13:30) - Kali Dojo Workshop - Johnny Long
PPV - Flamingo Lower Level - Valley Of Fire Rms - How Compliance Affects the Surface Area of Cannabis POS - WeedAnon
RCV - Caesars Promenade Level - Florentine BR 1,2 - Targeted User Analytics and Human Honeypotss - Mbis0n Shadoru
RCV - Caesars Promenade Level - Florentine BR 1,2 - (13:25-13:55) - Skiptracer - ghetto OSINT for broke hackers - illwill
Service - Caesars - Promenade Level - Anzio Rm past Registration - cont...(12:00-17:59) - Ham Radio Exams -
Service - Vendors Area - No Starch Press Table - Book Signing - Nick Cano - Game Hacking - Nick Cano
SKY - Flamingo 3rd Flr - Virginia City Rm - Exploiting IoT Communications - A Cover within a Cover - Mike Raggo & Chet Hosmer
WLV - Caesars Promenade Level - Milano BR 5,6 - Wardrivers Anonymous - Aadvark and Darkmatter and elkentaro and Zero_Chaos and Rick "Ward River" Mellendick
WS - Linq 4th Flr - Icon A - cont...(10:00-13:59) - Joe Grand's Hardware Hacking Basics - Joe Grand
WS - Linq 4th Flr - Icon B - cont...(10:00-13:59) - Fuzzing with AFL (American Fuzzy Lop) - Jakub Botwicz, Wojciech Rauner
WS - Linq 4th Flr - Icon C - cont...(10:00-13:59) - Advanced Custom Network Protocol Fuzzing - Joshua Pereyda, Timothy Clemans
WS - Linq 4th Flr - Icon D - cont...(10:00-13:59) - Adventures in Radio Scanning: Advanced Scanning Techniques with SDR - Richard Henderson, Bryan Passifiume
WS - Linq 4th Flr - Icon E - cont...(10:00-13:59) - Attack & Defense in AWS Environments - Vaibhav Gupta, Sandeep Singh
WS - Linq 4th Flr - Icon F - cont...(10:00-13:59) - Decentralized Hacker Net - Eijah

 

Saturday - 14:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - Beyond Adversarial Learning -- Security Risks in AI Implementations - Kang Li
AIV - Caesars Promenade Level - Florentine BR 3 - (14:30-15:20) - (Responsible?) Offensive Machine Learning - @bodaceacat, @filar, @Straithe, @_delta_zero (Moderating)
BCOS - Caesars Promenade Level - Pompeian BR 1 - Examining Monero's Ring Signatures - Justin Ehrenhofer
BCOS - Caesars Promenade Level - Pompeian BR 1 - (14:30-14:59) - Some Mining Related Attacks - Zhiniang Peng
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - cont...(13:30-14:15) - DNA Encryption: Bioencryption to Store Your Secrets in living organisms - John Dunlap
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (14:15-16:15) - DEF CON Biohacking Village Badge Talk - Joel Murphy
CPV - Caesars Promenade Level - Milano BR 1,2 - CATs - A Tale of Scalable Authentication - Yueting Lee
CPV - Caesars Promenade Level - Milano BR 1,2 - (14:30-15:00) - Jailed by a Google Search: the Surveillance State's War on Self-induced Abortion - Pigeon
DDV - Caesars Promenade Level - Capri Rm - The Memory Remains - Cold drive memory forensics 101 - Lior Kolnik
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Having fun with IoT: Reverse Engineering and Hacking of Xiaomi IoT Devices - Dennis Giese
DC - Track 1 - Caesars Emperor's Level - Palace BR - SMBetray—Backdooring and breaking signatures - William Martin
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Digital Leviathan: a comprehensive list of Nation-State Big Brothers (from huge to little ones - Eduardo Izycki, Rodrigo Colli
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - (14:30-14:50) - Sex Work After SESTA/FOSTA - Maggie Mayhem
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - cont...(13:30-14:15) - Infecting The Embedded Supply Chain - Zach, Alex
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Playing Malware Injection with Exploit thoughts - Sheng-Hao Ma
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - (14:30-14:50) - Fire & Ice: Making and Breaking macOS Firewalls - Patrick Wardle
DL - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1 - EAPHammer - Gabriel Ryan
DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - Sh00t—An open platform for manual security testers & bug hunters - Pavan Mohan
DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - ioc2rpz - Vadim Pavlov
DL - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1 - HealthyPi—Connected Health - Ashwin K Whitchurch
DL - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1 - Walrus - Daniel Underhay, Matthew Daley
DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - LHT (Lossy Hash Table) - Steve Thomas
ICS - Flamingo Lower Level - Red Rock Rm 6-8 - cont...(13:55-14:25) - TOR for The IOT aka TORT Reform - Bryson Bort
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - (14:30-15:15) - Attacking Commercial Smart Irrigation Systems - Ben Nassi @ben_nassi
PHV - Caesars Promenade Level - Neopolitan BR - Building a Teaching SOC - Andrew Johnson
PHV - Caesars Promenade Level - Neopolitan BR - (14:30-14:59) - Normalizing Empire's Traffic to Evade Anomaly-Based IDS - Utku Sen, Gozde Sinturk
PHW - Caesars Promenade Level - Neopolitan BR - Intense Introduction to Modern Web Application Hacking - Omar Santos and Ron Taylor
PPV - Flamingo Lower Level - Valley Of Fire Rms - Hacking Phenotypic Pathways In Cannabis - Mark Lewi
RCV - Caesars Promenade Level - Florentine BR 1,2 - Applied OSINT For Politics: Turning Open Data Into News - Lloyd Miller
RCV - Caesars Promenade Level - Florentine BR 1,2 - (14:45-15:05) - 1983: I’m born. 2018: I’m taking on the bad guys - Jennifer Roderick
Service - Caesars - Promenade Level - Anzio Rm past Registration - cont...(12:00-17:59) - Ham Radio Exams -
SKY - Flamingo 3rd Flr - Virginia City Rm - Hacking the Technical Interview - Marcelle & Kelley
WLV - Caesars Promenade Level - Milano BR 5,6 - (14:30-15:25) - SDR Basics Class - Balint Seeber
WS - Linq 4th Flr - Icon A - (14:30-18:30) - Build Your Own OpticSpy Receiver Module - Joe Grand
WS - Linq 4th Flr - Icon B - (14:30-18:30) - Weapons Training for the Empire - Jeremy Johnson
WS - Linq 4th Flr - Icon C - (14:30-18:30) - Building Environmentally Responsive Implants with Gscript - Dan Borges, Alex Levinson
WS - Linq 4th Flr - Icon D - (14:30-18:30) - Lateral Movement 101: 2018 Update - Walter Cuestas, Mauricio Velazco
WS - Linq 4th Flr - Icon E - (14:30-18:30) - Analyzing Malscripts: Return of the Exploits! - Sergei Frankoff, Sean Wilson
WS - Linq 4th Flr - Icon F - (14:30-18:30) - Securing Big Data in Hadoop - Miguel Guirao

 

Saturday - 15:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - cont...(14:30-15:20) - (Responsible?) Offensive Machine Learning - @bodaceacat, @filar, @Straithe, @_delta_zero (Moderating)
AIV - Caesars Promenade Level - Florentine BR 3 - (15:20-15:59) - Towards a framework to quantitatively assess AI safety – challenges, open questions and opportunities. - Ram Shankar Siva Kumar
BCOS - Caesars Promenade Level - Pompeian BR 1 - An Introduction to Kovri - Anonimal
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - cont...(14:15-16:15) - DEF CON Biohacking Village Badge Talk - Joel Murphy
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Torrent More Pharmaceutical Drugs. File Sharing Still Saves Lives. - Mixæl Laufer
Contest - Contest Stage - Spell Check: The Hacker Spelling Bee -
CPV - Caesars Promenade Level - Milano BR 1,2 - JARVIS never saw it coming: Hacking machine learning (ML) in speech, text and face recognition - and frankly, everywhere else - Guy Barnhart-Magen, Ezra Caltum
DDV - Caesars Promenade Level - Capri Rm - Owning Gluster FS with GEVAUDAN - Mauro Cáseres
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Project Interceptor: avoiding counter-drone systems with nanodrones - David Melendez Cano
DC - Track 1 - Caesars Emperor's Level - Palace BR - All your math are belong to us - sghctoma
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Reverse Engineering Windows Defender's Emulator - Alexei Bulazel
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Booby Trapping Boxes - Ladar Levison, hon1nbo
DL - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(14:00-15:50) - EAPHammer - Gabriel Ryan
DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(14:00-15:50) - Sh00t—An open platform for manual security testers & bug hunters - Pavan Mohan
DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(14:00-15:50) - ioc2rpz - Vadim Pavlov
DL - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(14:00-15:50) - HealthyPi—Connected Health - Ashwin K Whitchurch
DL - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(14:00-15:50) - Walrus - Daniel Underhay, Matthew Daley
DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(14:00-15:50) - LHT (Lossy Hash Table) - Steve Thomas
EHV - Caesars Promenade Level - Modena Rm - Hack Back: Not An Option, But A Necessity? (A Mini-Workshop) - David Scott Lewis
HHV - Caesars Pool Level - Forum 17-21 - Breaking In: Building a home lab without having to rob a bank - Bryan Austin
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - cont...(14:30-15:15) - Attacking Commercial Smart Irrigation Systems - Ben Nassi @ben_nassi
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - (15:45-16:30) - How-to modify ARM Cortex-M based firmware: A step-by-step approach for Xiaomi devices - Dennis Giese
PHV - Caesars Promenade Level - Neopolitan BR - Grand Theft Auto: Digital Key Hacking - Huajiang "Kevin2600" Chen, Jin Yang
PHW - Caesars Promenade Level - Neopolitan BR - cont...(14:00-15:59) - Intense Introduction to Modern Web Application Hacking - Omar Santos and Ron Taylor
PPV - Flamingo Lower Level - Valley Of Fire Rms - The Invisible Hands Tending the Secret Greens - Keith Conway (@algirhythm), Frank (@cosmovaltran
RCV - Caesars Promenade Level - Florentine BR 1,2 - cont...(14:45-15:05) - 1983: I’m born. 2018: I’m taking on the bad guys - Jennifer Roderick
RCV - Caesars Promenade Level - Florentine BR 1,2 - Core OSINT: Keeping Track of and Reporting All the Things - Micah Hoffman
Service - Caesars - Promenade Level - Anzio Rm past Registration - cont...(12:00-17:59) - Ham Radio Exams -
SEV - Caesars Promenade South - Octavius BR 3-8 - (15:30-15:59) - Social Engineering from a CISO's Perspective - Kathleen Mullen
SKY - Flamingo 3rd Flr - Virginia City Rm - Leveling the Bug Bounty Playfield - Introducing the #LEGALBUGBOUNTY project - Amit Elazari & Keren Elazari
WLV - Caesars Promenade Level - Milano BR 5,6 - cont...(14:30-15:25) - SDR Basics Class - Balint Seeber
WLV - Caesars Promenade Level - Milano BR 5,6 - (15:30-15:55) - BLE CTF - Ryan Holeman
WS - Linq 4th Flr - Icon A - cont...(14:30-18:30) - Build Your Own OpticSpy Receiver Module - Joe Grand
WS - Linq 4th Flr - Icon B - cont...(14:30-18:30) - Weapons Training for the Empire - Jeremy Johnson
WS - Linq 4th Flr - Icon C - cont...(14:30-18:30) - Building Environmentally Responsive Implants with Gscript - Dan Borges, Alex Levinson
WS - Linq 4th Flr - Icon D - cont...(14:30-18:30) - Lateral Movement 101: 2018 Update - Walter Cuestas, Mauricio Velazco
WS - Linq 4th Flr - Icon E - cont...(14:30-18:30) - Analyzing Malscripts: Return of the Exploits! - Sergei Frankoff, Sean Wilson
WS - Linq 4th Flr - Icon F - cont...(14:30-18:30) - Securing Big Data in Hadoop - Miguel Guirao

 

Saturday - 16:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - StuxNNet: Practical Live Memory Attacks on Machine Learning Systems - Raphael Norwitz
AIV - Caesars Promenade Level - Florentine BR 3 - (16:20-16:59) - Hunting the Ethereum Smart Contract: Color-inspired Inspection of Potential Attacks - TonTon Huang
BCOS - Caesars Promenade Level - Pompeian BR 1 - cont...(15:00-16:59) - An Introduction to Kovri - Anonimal
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - cont...(14:15-16:15) - DEF CON Biohacking Village Badge Talk - Joel Murphy
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (16:15-16:59) - Hacking Human Fetuses - Erin Hefley
Contest - Contest Stage - cont...(15:00-16:59) - Spell Check: The Hacker Spelling Bee -
CPV - Caesars Promenade Level - Milano BR 1,2 - Anonymous rate-limiting in services with Direct Anonymous Attestation - Alex Catarineu, Philipp Claen, Konark Modi, Josep M. Pujol
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Outsmarting the Smart City - Daniel "unicornFurnace" Crowley, Mauro Paredes, Jen "savagejen" Savage
DC - Track 1 - Caesars Emperor's Level - Palace BR - 80 to 0 in under 5 seconds: Falsifying a medical patient's vitals - Douglas McKee
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - All your family secrets belong to us—Worrisome security issues in tracker apps - Dr. Siegfried Rasthofer, Stephan Huber, Dr. Steven Arzt
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Inside the Fake Science Factory - Dr Cindy Poppins - Computer Scientist (AKA Svea Eckert), Dr Dade Murphy - Reformed Hacker (AKA Suggy), Professor Dr Edgar Munch
DL - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1 - WiPi-Hunter—It Strikes against Illegal Wireless Network Activities (Detect and active response) - Besim Altinok, Mehmet Kutlay Kocer, M.Can KURNAZ
DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - Angad: A Malware Detection Framework using Multi-Dimensional Visualization - Ankur Tyagi
DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - Honeycomb—An extensible honeypot framework - Omer Cohen, Imri Goldberg
DL - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1 - Swissduino—Stealthy USB HID Networking & Attack - Mike Westmacott
DL - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1 - boofuzz - Joshua Pereyda
DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - PA Toolkit—Wireshark plugins for Pentesters - Nishant Sharma, Jeswin Mathai
HHV - Caesars Pool Level - Forum 17-21 - The Cactus: 6502 Blinkenlights 40 Years Late - Commodore Z
ICS - Flamingo Lower Level - Red Rock Rm 6-8 - (16:55-17:25) - Reverse Engineering Physical Processes in Industrial Control Systems - Marina Krotofi, Alexander Winnicki
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - cont...(15:45-16:30) - How-to modify ARM Cortex-M based firmware: A step-by-step approach for Xiaomi devices - Dennis Giese
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - (16:45-17:30) - Hacking U-Boot - Srinivas Rao @srini0x00 and Abhijeth D @abhijeth
PHV - Caesars Promenade Level - Neopolitan BR - Ridealong Adventures: Critical Issues with Police Body Cameras - Josh Mitchell
PHW - Caesars Promenade Level - Neopolitan BR - (16:30-17:59) - Mallet, An Intercepting Proxy for Arbitrary Protocols - Rogan Dawes
PPV - Flamingo Lower Level - Valley Of Fire Rms - The Ongoing Federal Lawsuit Against Jeff Sessions - Michael Hiller
RCV - Caesars Promenade Level - Florentine BR 1,2 - WhiteRabbit: Combining Threat Intelligence Public Blockchain Data and Machine Learning to go Down the “Dirty Money” Rabbit Hole - Olivia Thet / Nicolas Kseib
Service - Caesars - Promenade Level - Anzio Rm past Registration - cont...(12:00-17:59) - Ham Radio Exams -
SEV - Caesars Promenade South - Octavius BR 3-8 - The Abyss is Waving Back… - Chris Roberts
SEV - Caesars Promenade South - Octavius BR 3-8 - (16:55-17:45) - Hunting Predators: SE Style - Chris Hadnagy
SKY - Flamingo 3rd Flr - Virginia City Rm - Healthcare Exposure on Public Internet - Shawn Merdinger
WLV - Caesars Promenade Level - Milano BR 5,6 - Introduction to Railroad Telemetry - Eric Reuter
WS - Linq 4th Flr - Icon A - cont...(14:30-18:30) - Build Your Own OpticSpy Receiver Module - Joe Grand
WS - Linq 4th Flr - Icon B - cont...(14:30-18:30) - Weapons Training for the Empire - Jeremy Johnson
WS - Linq 4th Flr - Icon C - cont...(14:30-18:30) - Building Environmentally Responsive Implants with Gscript - Dan Borges, Alex Levinson
WS - Linq 4th Flr - Icon D - cont...(14:30-18:30) - Lateral Movement 101: 2018 Update - Walter Cuestas, Mauricio Velazco
WS - Linq 4th Flr - Icon E - cont...(14:30-18:30) - Analyzing Malscripts: Return of the Exploits! - Sergei Frankoff, Sean Wilson
WS - Linq 4th Flr - Icon F - cont...(14:30-18:30) - Securing Big Data in Hadoop - Miguel Guirao

 

Saturday - 17:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - Holy BATSense! Deploying TBATS Machine Learning Algorithm to Detect Security Events - Pranshu Bajpai
BCOS - Caesars Promenade Level - Pompeian BR 1 - Moderator Justin Ehrenhofer's Greatest Questions - Shamiq (App Sec Manager, COINBASE), Paul Shapiro, A., Fluffy Pony
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Biohacking the Disability - Gabriel Bergel
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (17:45-18:30) - Batman, Brain Hacking, and Bank Accounts - Katherine Pratt
CPV - Caesars Promenade Level - Milano BR 1,2 - Prototyping Cryptographic Protocols With Charm - Matt Cheung
DC - Track 1 - Caesars Emperor's Level - Palace BR - The Road to Resilience: How Real Hacking Redeems this Damnable Profession - Richard Thieme, a.k.a. neural cowboy
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Relocation Bonus: Attacking the Windows Loader Makes Analysts Switch Careers - Nick Cano
DL - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(16:00-17:50) - WiPi-Hunter—It Strikes against Illegal Wireless Network Activities (Detect and active response) - Besim Altinok, Mehmet Kutlay Kocer, M.Can KURNAZ
DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(16:00-17:50) - Angad: A Malware Detection Framework using Multi-Dimensional Visualization - Ankur Tyagi
DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(16:00-17:50) - Honeycomb—An extensible honeypot framework - Omer Cohen, Imri Goldberg
DL - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(16:00-17:50) - Swissduino—Stealthy USB HID Networking & Attack - Mike Westmacott
DL - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(16:00-17:50) - boofuzz - Joshua Pereyda
DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(16:00-17:50) - PA Toolkit—Wireshark plugins for Pentesters - Nishant Sharma, Jeswin Mathai
EHV - Caesars Promenade Level - Modena Rm - Diversity and Equality in Infosec - Speaker TBA
HHV - Caesars Pool Level - Forum 17-21 - WiFi Beacons will give you up - John Aho
ICS - Flamingo Lower Level - Red Rock Rm 6-8 - cont...(16:55-17:25) - Reverse Engineering Physical Processes in Industrial Control Systems - Marina Krotofi, Alexander Winnicki
ICS - Flamingo Lower Level - Red Rock Rm 6-8 - (17:35-17:59) - A SOC in the Village - Thomas VanNorman
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - cont...(16:45-17:30) - Hacking U-Boot - Srinivas Rao @srini0x00 and Abhijeth D @abhijeth
Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South - Friends of Bill W -
PHV - Caesars Promenade Level - Neopolitan BR - IoT Data Exfiltration - Mike Raggo, Chet Hosmer
PHW - Caesars Promenade Level - Neopolitan BR - cont...(16:30-17:59) - Mallet, An Intercepting Proxy for Arbitrary Protocols - Rogan Dawes
PPV - Flamingo Lower Level - Valley Of Fire Rms - Primer On Dealing w/ Local Gov. for Legal Cannabis - Mayor Chad Wanke
RCV - Caesars Promenade Level - Florentine BR 1,2 - Mapping wifi networks and triggering on interesting traffic patterns - Caleb Madrigal
RCV - Caesars Promenade Level - Florentine BR 1,2 - (17:40-17:59) - OpenPiMap - Hacking the hackers with OSINT, Raspberry Pis, and Data Analysis - Mark Klink
Service - Caesars - Promenade Level - Anzio Rm past Registration - cont...(12:00-17:59) - Ham Radio Exams -
SEV - Caesars Promenade South - Octavius BR 3-8 - cont...(16:55-17:45) - Hunting Predators: SE Style - Chris Hadnagy
SEV - Caesars Promenade South - Octavius BR 3-8 - (17:50-18:40) - On the Hunt: Hacking the Hunt - Chris Silvers and Taylor Banks
SKY - Flamingo 3rd Flr - Virginia City Rm - The challenge of building an secure and safe digital environment in the healthcare - @_j3lena_
WLV - Caesars Promenade Level - Milano BR 5,6 - It's not wifi: Stories in Wireless Reverse Engineering - Dominic Spill and Russ Handorf
WS - Linq 4th Flr - Icon A - cont...(14:30-18:30) - Build Your Own OpticSpy Receiver Module - Joe Grand
WS - Linq 4th Flr - Icon B - cont...(14:30-18:30) - Weapons Training for the Empire - Jeremy Johnson
WS - Linq 4th Flr - Icon C - cont...(14:30-18:30) - Building Environmentally Responsive Implants with Gscript - Dan Borges, Alex Levinson
WS - Linq 4th Flr - Icon D - cont...(14:30-18:30) - Lateral Movement 101: 2018 Update - Walter Cuestas, Mauricio Velazco
WS - Linq 4th Flr - Icon E - cont...(14:30-18:30) - Analyzing Malscripts: Return of the Exploits! - Sergei Frankoff, Sean Wilson
WS - Linq 4th Flr - Icon F - cont...(14:30-18:30) - Securing Big Data in Hadoop - Miguel Guirao

 

Saturday - 18:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - INTRO TO DATA MASTERCLASS: Tour-de-ML - Leo Meyerovich & Eugene Teo
BCOS - Caesars Promenade Level - Pompeian BR 1 - Instructions and invitations to party - Cinnamonflower and pwrcycle
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - cont...(17:45-18:30) - Batman, Brain Hacking, and Bank Accounts - Katherine Pratt
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (18:30-19:15) - Building a Better Bedside - The Blue Team Needs a Plan B - Nick Delewski and Saurabh Harit
Contest - Contest Stage - DEF CON Blitz Chess Tournament -
CPV - Caesars Promenade Level - Milano BR 1,2 - (Not Recorded) Ask Me Anything about Tor: AMA with Roger Dingledine - Roger Dingledine
CPV - Caesars Promenade Level - Milano BR 1,2 - (18:30-19:00) - Closing
EHV - Caesars Promenade Level - Modena Rm - Discussion - Speaker TBA
HHV - Caesars Pool Level - Forum 17-21 - Building Drones the Hard Way - David Melendez Cano
PPV - Flamingo Lower Level - Valley Of Fire Rms - Panel on digital & Physical Security in Cannabis - OCP (by proxy), Michael Hiller, Project Nexus, Weed Anon, Mark Lewis, Chad Wanke
RCV - Caesars Promenade Level - Florentine BR 1,2 - Supercharge Your Web Recon With Commonspeak and Evolutionary Wordlists - Michael Gianarakis / Shubham Shah
SEV - Caesars Promenade South - Octavius BR 3-8 - cont...(17:50-18:40) - On the Hunt: Hacking the Hunt - Chris Silvers and Taylor Banks
SEV - Caesars Promenade South - Octavius BR 3-8 - (18:40-19:30) - Social Engineering Course Projects for Undergraduate Students - Aunsuhl Rege
SKY - Flamingo 3rd Flr - Virginia City Rm - Macabre stories of a hacker in the public health sector (Chile) - Philippe Delteil
WLV - Caesars Promenade Level - Milano BR 5,6 - Little Fluffy Pineapple Clouds - Commanding a Fleet of Wireless Fruit - Darren Kitchen and Seb Kinne
WS - Linq 4th Flr - Icon A - cont...(14:30-18:30) - Build Your Own OpticSpy Receiver Module - Joe Grand
WS - Linq 4th Flr - Icon B - cont...(14:30-18:30) - Weapons Training for the Empire - Jeremy Johnson
WS - Linq 4th Flr - Icon C - cont...(14:30-18:30) - Building Environmentally Responsive Implants with Gscript - Dan Borges, Alex Levinson
WS - Linq 4th Flr - Icon D - cont...(14:30-18:30) - Lateral Movement 101: 2018 Update - Walter Cuestas, Mauricio Velazco
WS - Linq 4th Flr - Icon E - cont...(14:30-18:30) - Analyzing Malscripts: Return of the Exploits! - Sergei Frankoff, Sean Wilson
WS - Linq 4th Flr - Icon F - cont...(14:30-18:30) - Securing Big Data in Hadoop - Miguel Guirao

 

Saturday - 19:00


Return to Index  -  Locations Legend
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - cont...(18:30-19:15) - Building a Better Bedside - The Blue Team Needs a Plan B - Nick Delewski and Saurabh Harit
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (19:15-19:15) - Lightning Talks - Maybe you?
Contest - Contest Stage - cont...(18:00-19:59) - DEF CON Blitz Chess Tournament -
PPV - Flamingo Lower Level - Valley Of Fire Rms - cont...(18:00-19:15) - Panel on digital & Physical Security in Cannabis - OCP (by proxy), Michael Hiller, Project Nexus, Weed Anon, Mark Lewis, Chad Wanke
SEV - Caesars Promenade South - Octavius BR 3-8 - cont...(18:40-19:30) - Social Engineering Course Projects for Undergraduate Students - Aunsuhl Rege

 

Saturday - 20:00


Return to Index  -  Locations Legend
Contest - Caesars - Track 3 - Pool Level - Forum BR 1-11,25 - Hacker Jeopardy -
DC - Octavius 13 - Privacy Is Equality—And It's Far from Dead - Sarah St. Vincent
DC - Octavius 9 - Beyond the Lulz: Black-Hat Trolling, White-Hat Trolling, Attacking and Defending Our Attention Landscape - Matt Goerzen, Dr. Jeanna Matthews, Joan Donovan
DC - Roman Chillout - EFF Fireside Hax (AKA Ask the EFF) - Kurt Opsahl, Nate Cardozo, Jamie Lee Williams, Andrés Arrieta, Katiza Rodriguez, Nathan 'nash' Sheard
Meetup - Flamingo - 3rd floor - Chillout Rm - (20:30-23:59) - Hacker Flairgrounds -
Night Life - Caesars - Emperors Level - Chillout Rm - Hacker Karaoke -
Night Life - Caesars - Track 2 - Promenade South - Octavius BR 12-24 - Movie Night -
Night Life - Caesars Palace, Queercon Lounge Suite, Rm TBA - Queercon Rainbow Ball -
Night Life - Flamingo - 3rd Floor - Carson City Rm - (20:30-26:30) - BlanketFortCon -
Night Life - Flamingo - 3rd Floor - El Dorado BR - (20:30-23:59) - Lonely Hackers Club Party -
Night Life - Flamingo, Rm # after registration - Cobalt DEF CON Party 2018 -

 

Saturday - 21:00


Return to Index  -  Locations Legend
Contest - Caesars - Track 3 - Pool Level - Forum BR 1-11,25 - cont...(20:00-21:59) - Hacker Jeopardy -
Contest - Contest Stage - Drunk Hacker History -
Meetup - Flamingo - 3rd floor - Chillout Rm - cont...(20:30-23:59) - Hacker Flairgrounds -
Night Life - Caesars - Emperors Level - Chillout Rm - cont...(20:00-25:59) - Hacker Karaoke -
Night Life - Caesars - Track 2 - Promenade South - Octavius BR 12-24 - cont...(20:00-23:59) - Movie Night -
Night Life - Caesars Emperor's Level - Track 1 Palace BR - (21:30-22:30) - Party Music - Skittish & Bus -
Night Life - Caesars Palace Forum Tower, Rm TBA - Defcon Monero Party 2018 -
Night Life - Caesars Palace, Queercon Lounge Suite, Rm TBA - cont...(20:00-26:59) - Queercon Rainbow Ball -
Night Life - Flamingo - 3rd Floor - Carson City Rm - cont...(20:30-26:30) - BlanketFortCon -
Night Life - Flamingo - 3rd Floor - El Dorado BR - cont...(20:30-23:59) - Lonely Hackers Club Party -
Night Life - Flamingo, Rm # after registration - cont...(20:00-23:59) - Cobalt DEF CON Party 2018 -
Night Life - Off-site party, Register and receive adddress from IOT VIllage - IoT Village Manson Party -

 

Saturday - 22:00


Return to Index  -  Locations Legend
Contest - Contest Stage - cont...(21:00-22:59) - Drunk Hacker History -
Meetup - Flamingo - 3rd floor - Chillout Rm - cont...(20:30-23:59) - Hacker Flairgrounds -
Night Life - Caesars - Emperors Level - Chillout Rm - cont...(20:00-25:59) - Hacker Karaoke -
Night Life - Caesars - Track 2 - Promenade South - Octavius BR 12-24 - cont...(20:00-23:59) - Movie Night -
Night Life - Caesars Emperor's Level - Track 1 Palace BR - cont...(21:30-22:30) - Party Music - Skittish & Bus -
Night Life - Caesars Emperor's Level - Track 1 Palace BR - (22:30-23:30) - Party Music - Zebbler Encanti -
Night Life - Caesars Palace Forum Tower, Rm TBA - cont...(21:00-25:59) - Defcon Monero Party 2018 -
Night Life - Caesars Palace, Queercon Lounge Suite, Rm TBA - cont...(20:00-26:59) - Queercon Rainbow Ball -
Night Life - Flamingo - 3rd Floor - Carson City Rm - cont...(20:30-26:30) - BlanketFortCon -
Night Life - Flamingo - 3rd Floor - El Dorado BR - cont...(20:30-23:59) - Lonely Hackers Club Party -
Night Life - Flamingo - 3rd Floor - Mesquite Rm - SecKC the World -
Night Life - Flamingo, Rm # after registration - cont...(20:00-23:59) - Cobalt DEF CON Party 2018 -
Night Life - Location TBA - DC801 Party -
Night Life - Off-site party, Register and receive adddress from IOT VIllage - cont...(21:00-25:59) - IoT Village Manson Party -
SKY - Flamingo 3rd Flr - Virginia City Rm - skytalks (303) PARTY - FLAMINGO POOL PARTY Open to All - Flamingo

 

Saturday - 23:00


Return to Index  -  Locations Legend
Meetup - Flamingo - 3rd floor - Chillout Rm - cont...(20:30-23:59) - Hacker Flairgrounds -
Night Life - Caesars - Emperors Level - Chillout Rm - cont...(20:00-25:59) - Hacker Karaoke -
Night Life - Caesars - Lobby bar - (23:55-24:59) - DC 26 GothCon -
Night Life - Caesars - Track 2 - Promenade South - Octavius BR 12-24 - cont...(20:00-23:59) - Movie Night -
Night Life - Caesars Emperor's Level - Track 1 Palace BR - cont...(22:30-23:30) - Party Music - Zebbler Encanti -
Night Life - Caesars Emperor's Level - Track 1 Palace BR - (23:30-24:59) - Party Music - Juno Reactor -
Night Life - Caesars Palace Forum Tower, Rm TBA - cont...(21:00-25:59) - Defcon Monero Party 2018 -
Night Life - Caesars Palace, Queercon Lounge Suite, Rm TBA - cont...(20:00-26:59) - Queercon Rainbow Ball -
Night Life - Flamingo - 3rd Floor - Carson City Rm - cont...(20:30-26:30) - BlanketFortCon -
Night Life - Flamingo - 3rd Floor - El Dorado BR - cont...(20:30-23:59) - Lonely Hackers Club Party -
Night Life - Flamingo - 3rd Floor - Mesquite Rm - cont...(22:00-25:59) - SecKC the World -
Night Life - Flamingo, Rm # after registration - cont...(20:00-23:59) - Cobalt DEF CON Party 2018 -
Night Life - Location TBA - cont...(22:00-25:59) - DC801 Party -
Night Life - Off-site party, Register and receive adddress from IOT VIllage - cont...(21:00-25:59) - IoT Village Manson Party -
SKY - Flamingo 3rd Flr - Virginia City Rm - cont...(22:00-25:59) - skytalks (303) PARTY - FLAMINGO POOL PARTY Open to All - Flamingo

 

Saturday - 24:00


Return to Index  -  Locations Legend
Night Life - Caesars - Emperors Level - Chillout Rm - cont...(20:00-25:59) - Hacker Karaoke -
Night Life - Caesars - Lobby bar - cont...(23:55-24:59) - DC 26 GothCon -
Night Life - Caesars Emperor's Level - Track 1 Palace BR - cont...(23:30-24:59) - Party Music - Juno Reactor -
Night Life - Caesars Palace Forum Tower, Rm TBA - cont...(21:00-25:59) - Defcon Monero Party 2018 -
Night Life - Caesars Palace, Queercon Lounge Suite, Rm TBA - cont...(20:00-26:59) - Queercon Rainbow Ball -
Night Life - Flamingo - 3rd Floor - Carson City Rm - cont...(20:30-26:30) - BlanketFortCon -
Night Life - Flamingo - 3rd Floor - Mesquite Rm - cont...(22:00-25:59) - SecKC the World -
Night Life - Location TBA - cont...(22:00-25:59) - DC801 Party -
Night Life - Off-site party, Register and receive adddress from IOT VIllage - cont...(21:00-25:59) - IoT Village Manson Party -
SKY - Flamingo 3rd Flr - Virginia City Rm - cont...(22:00-25:59) - skytalks (303) PARTY - FLAMINGO POOL PARTY Open to All - Flamingo

 

Saturday - 25:00


Return to Index  -  Locations Legend
Night Life - Caesars - Emperors Level - Chillout Rm - cont...(20:00-25:59) - Hacker Karaoke -
Night Life - Caesars Emperor's Level - Track 1 Palace BR - Party Music - Miss Jackalope -
Night Life - Caesars Palace Forum Tower, Rm TBA - cont...(21:00-25:59) - Defcon Monero Party 2018 -
Night Life - Caesars Palace, Queercon Lounge Suite, Rm TBA - cont...(20:00-26:59) - Queercon Rainbow Ball -
Night Life - Flamingo - 3rd Floor - Carson City Rm - cont...(20:30-26:30) - BlanketFortCon -
Night Life - Flamingo - 3rd Floor - Mesquite Rm - cont...(22:00-25:59) - SecKC the World -
Night Life - Location TBA - cont...(22:00-25:59) - DC801 Party -
Night Life - Off-site party, Register and receive adddress from IOT VIllage - cont...(21:00-25:59) - IoT Village Manson Party -
SKY - Flamingo 3rd Flr - Virginia City Rm - cont...(22:00-25:59) - skytalks (303) PARTY - FLAMINGO POOL PARTY Open to All - Flamingo

 

Saturday - 26:00


Return to Index  -  Locations Legend
Night Life - Caesars Emperor's Level - Track 1 Palace BR - Party Music - s7a73farm -
Night Life - Caesars Palace, Queercon Lounge Suite, Rm TBA - cont...(20:00-26:59) - Queercon Rainbow Ball -
Night Life - Flamingo - 3rd Floor - Carson City Rm - cont...(20:30-26:30) - BlanketFortCon -

Sunday


This Schedule is tentative and may be changed at any time. Check at an Info Booth for the latest.

 

Sunday - 06:00


Return to Index  -  Locations Legend
Meetup - corner of W Flamingo and Las Vegas Blvd underneath the circular temple structure - Defcon 26 4X5K run -

 

Sunday - 09:00


Return to Index  -  Locations Legend
SKY - Flamingo 3rd Flr - Virginia City Rm - Master Baiting! Dont Click Bait, Click Yourself - BACE16

 

Sunday - 10:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - Generating Labeled Data From Adversary Simulations With MITRE ATT&CK - Brian Genz
AIV - Caesars Promenade Level - Florentine BR 3 - (10:40-10:59) - AI DevOps: Behind the Scenes of a Global Anti-Virus Company's Machine Learning Infrastructure - Alex Long
BCOS - Caesars Promenade Level - Pompeian BR 1 - The Good, the Bad, and the Private: Building and Breaking Safe Cryptocurrencies - Sarang Noether
BCOS - Caesars Promenade Level - Pompeian BR 1 - (10:45-10:59) - Contest winners, prizes, showcase and awards - Michael Schloh
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - WELCOME TO THE LAST DAY OF BHV! - Staff
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (10:15-10:59) - Exploiting immune defences - can malware learn from biological viruses? - Guy Propper
CPV - Caesars Promenade Level - Milano BR 1,2 - Welcome
CPV - Caesars Promenade Level - Milano BR 1,2 - (10:30-11:00) - Geolocation and Homomorphic Encryption - Nicholas Doiron
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - The Mouse is Mightier than the Sword - Patrick Wardle
DC - Track 1 - Caesars Emperor's Level - Palace BR - Rock appround the clock: Tracking malware developers by Android "AAPT" timezone disclosure bug - Sheila A. Berta, Sergio De Los Santos
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Defending the 2018 Midterm Elections from Foreign Adversaries - Joshua M Franklin , Kevin Franklin
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - For the Love of Money: Finding and exploiting vulnerabilities in mobile point of sales systems - Leigh-Anne Galloway, Tim Yunusov
DL - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1 - nzyme - Lennart Koopmann
DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - GyoiThon - Isao Takaesu, Masuya Masafumi, Toshitsugu Yoneyama,
DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - CHIRON - Rod Soto, Joseph Zadeh
DL - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1 - PCILeech - Ulf Frisk, Ian Vitek
DL - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1 - Passionfruit - Zhi Zhou, Yifeng Zhang
DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - Conformer - Mikhail Burshteyn
Meetup - HHV - Caesars Pool Level - Forum 17-19 - (10:30-10:59) - Breakfast at Defcon -
RCV - Caesars Promenade Level - Florentine BR 1,2 -   - HackaThon Product(s) Shocase by Participants
RCV - Caesars Promenade Level - Florentine BR 1,2 - (10:50-11:20) - Winning a SANS 504 CTF without winning a SANS CTF - Wbbigdave
SKY - Flamingo 3rd Flr - Virginia City Rm - Facial Recognition - Let me let you in on a secret - Stumbles The Drunk

 

Sunday - 11:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - GAN to the dark side: A case study of attacking machine-learning systems to empower defenses - Li Chen
BCOS - Caesars Promenade Level - Pompeian BR 1 - Monero's Differentiated Community - Justin Ehrenhofer
BCOS - Caesars Promenade Level - Pompeian BR 1 - (11:30-11:59) - Privacy and Blockchain: A Boundary Object Perspective - Robin "midipoet" Renwick
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Jumping the Epidermal Barrier - Vlad Gostomelsky and Dr. Stan Naydin
CPV - Caesars Promenade Level - Milano BR 1,2 - Two-Steps to Owning MFA - Sherrie Cowley, Dennis Taggart
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Searching for the Light: Adventures with OpticSpy - Joe Grand
DC - Track 1 - Caesars Emperor's Level - Palace BR - Breaking Extreme Networks WingOS: How to own millions of devices running on Aircrafts, Government, Smart cities and more. - Josep Pi Rodriguez
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Politics and the Surveillance State. The story of a young politician's successful efforts to fight surveillance and pass the nation's strongest privacy bills. - Daniel Zolnikov
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Demystifying MS17-010: Reverse Engineering the ETERNAL Exploits - zerosum0x0
DL - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(10:00-11:50) - nzyme - Lennart Koopmann
DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(10:00-11:50) - GyoiThon - Isao Takaesu, Masuya Masafumi, Toshitsugu Yoneyama,
DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(10:00-11:50) - CHIRON - Rod Soto, Joseph Zadeh
DL - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(10:00-11:50) - PCILeech - Ulf Frisk, Ian Vitek
DL - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(10:00-11:50) - Passionfruit - Zhi Zhou, Yifeng Zhang
DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(10:00-11:50) - Conformer - Mikhail Burshteyn
PHV - Caesars Promenade Level - Neopolitan BR - Microcontrollers and Single Board Computers for Hacking, Fun and Profit - gh057
PHW - Caesars Promenade Level - Neopolitan BR - Advanced APT Hunting with Splunk - Ryan Kovar and John Stoner
RCV - Caesars Promenade Level - Florentine BR 1,2 - cont...(10:50-11:20) - Winning a SANS 504 CTF without winning a SANS CTF - Wbbigdave
RCV - Caesars Promenade Level - Florentine BR 1,2 - (11:25-12:55) - Stalker In A Haystack - MasterChen
SKY - Flamingo 3rd Flr - Virginia City Rm - Sex Work After SESTA - Maggie Mayhem

 

Sunday - 12:00


Return to Index  -  Locations Legend
BCOS - Caesars Promenade Level - Pompeian BR 1 - Stealing Crypto 2 Factor Isn't a Factor - Rod Soto and Jason Malley
BCOS - Caesars Promenade Level - Pompeian BR 1 - (12:30-12:59) - Monero Project's Vulnerability Response Process - Anonimal
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - cont...(11:00-12:15) - Jumping the Epidermal Barrier - Vlad Gostomelsky and Dr. Stan Naydin
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (12:15-12:59) - Selfie or Mugshot? - Anne Kim
CPV - Caesars Promenade Level - Milano BR 1,2 - Implementing a Library for Pairing-based Transform Cryptography - Bob Wall, Colt Frederickson
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Breaking Smart Speakers: We are Listening to You. - Wu HuiYu, Qian Wenxiang
DC - Track 1 - Caesars Emperor's Level - Palace BR - Last mile authentication problem: Exploiting the missing link in end-to-end secure communication - Thanh Bui, Siddharth Rao
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Attacking the macOS Kernel Graphics Driver - Yu Wang
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Designing and Applying Extensible RF Fuzzing Tools to Expose PHY Layer Vulnerabilities - Matt Knight, Ryan Speers
DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - Expl-iot—IoT Security Testing and Exploitation framework - Aseem Jakhar
DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - DejaVU—An Open Source Deception Framework - Bhadreshkumar Patel, Harish Ramadoss
DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - GUI Tool for OpenC2 Command Generation - Efrain Ortiz
Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South - Friends of Bill W -
PHV - Caesars Promenade Level - Neopolitan BR - Fishing for Phishers. The Enterprise Strikes Back! - Joseph Muniz, Aamir Lakhani
PHW - Caesars Promenade Level - Neopolitan BR - cont...(11:00-12:59) - Advanced APT Hunting with Splunk - Ryan Kovar and John Stoner
RCV - Caesars Promenade Level - Florentine BR 1,2 - cont...(11:25-12:55) - Stalker In A Haystack - MasterChen
RCV - Caesars Promenade Level - Florentine BR 1,2 - Mapping Social Media with Facial Recognition - Jacob Wilkin
RCV - Caesars Promenade Level - Florentine BR 1,2 - (12:25-12:40) - Hackathon and CTF Prizes, and a Group Photo - Recon Village Team
RCV - Caesars Promenade Level - Florentine BR 1,2 - (12:45-12:59) - Closing Note - Shubham Mittal / Sudhanshu Chauhan
SKY - Flamingo 3rd Flr - Virginia City Rm - JARVIS never saw it coming: Hacking machine learning (ML) in speech, text and face recognition - and frankly, everywhere else - Guy Barnhart-Magen and Ezra Caltum

 

Sunday - 13:00


Return to Index  -  Locations Legend
BCOS - Caesars Promenade Level - Pompeian BR 1 - Village summary - Diego "rehrar" Salazar
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Getting Skin in the Game: Biohacking & Business - Cyberlass
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (13:45-13:45) - PWN to OWN my own Heart. Journey into hacking my own pacemake - Veronica Schmit
CPV - Caesars Promenade Level - Milano BR 1,2 - Integrating post-quantum crypto into real-life applications - Christian Paquin
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Trouble in the tubes: How internet routing security breaks down and how you can do it at home - Lane Broadbent
DC - Track 1 - Caesars Emperor's Level - Palace BR - Man-In-The-Disk - Slava Makkaveev
DC - Track 1 - Caesars Emperor's Level - Palace BR - (13:30-13:50) - Asura: A huge PCAP file analyzer for anomaly packets detection using massive multithreading - Ruo Ando
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Micro-Renovator: Bringing Processor Firmware up to Code - Matt King
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - (13:30-13:50) - Lost and Found Certificates: dealing with residual certificates for pre-owned domains - Ian Foster, Dylan Ayrey
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - barcOwned—Popping shells with your cereal box - Michael West, magicspacekiwi (Colin Campbell)
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - (13:30-13:50) - Edge Side Include Injection: Abusing Caching Servers into SSRF and Transparent Session Hijacking - ldionmarcil
DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(12:00-13:50) - Expl-iot—IoT Security Testing and Exploitation framework - Aseem Jakhar
DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(12:00-13:50) - DejaVU—An Open Source Deception Framework - Bhadreshkumar Patel, Harish Ramadoss
DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - cont...(12:00-13:50) - GUI Tool for OpenC2 Command Generation - Efrain Ortiz
PHV - Caesars Promenade Level - Neopolitan BR - What Do You Want to be When You Grow Up? - Damon "ch3f" Small
SKY - Flamingo 3rd Flr - Virginia City Rm - Game Runner 2049: The Battles Fought by the King of the Replicants - Nick Cano

 

Sunday - 14:00


Return to Index  -  Locations Legend
CPV - Caesars Promenade Level - Milano BR 1,2 - (Not Recorded) Closing Remarks
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Betrayed by the keyboard: How what you type can give you away - Matt Wixey
DC - Track 1 - Caesars Emperor's Level - Palace BR - Your Watch Can Watch You! Gear Up for the Broken Privilege Pitfalls in the Samsung Gear Smartwatch - Dongsung Kim, Hyoung-Kee Choi
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Hacking BLE Bicycle Locks for Fun and a Small Profit - Vincent Tan
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - One bite and all your dreams will come true: Analyzing and Attacking Apple Kernel Drivers - Xiaolong Bai, Min (Spark) Zheng

 

Sunday - 15:00


Return to Index  -  Locations Legend
DC - Track 1 - Caesars Emperor's Level - Palace BR - PANEL: DEF CON GROUPS - Brent White (B1TK1LL3R), Jeff Moss (The Dark Tangent), Jayson E. Street, S0ups, Tim Roberts (byt3boy), Casey Bourbonnais, April
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - What the Fax!? - Yaniv Balmas, Eyal Itkin
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Fuzzing Malware For Fun & Profit. Applying Coverage-guided Fuzzing to Find and Exploit Bugs in Modern Malware - Maksim Shudrak

 

Sunday - 16:00


Return to Index  -  Locations Legend
DC - Track 1 - Caesars Emperor's Level - Palace BR - DEF CON Closing Ceremonies - The Dark Tangent

 

Sunday - 17:00


Return to Index  -  Locations Legend
DC - Track 1 - Caesars Emperor's Level - Palace BR - cont...(16:00-17:45) - DEF CON Closing Ceremonies - The Dark Tangent

Speaker List


_delta_zero
@_delta_zero
@_j3lena_
@3ncr1pted
@arinerron
@bodaceacat
@bwall (Moderator)
@drhyrum
@filar
@gradient_janitor
@IrishMASMS
@jtpereyda
@malwareunicorn
@pixieofchaos
@Plug
@rainbow_tables
@rharang
@Straithe
@wornbt
0x200b
a nurse
A.
Aadvark
Aamir Lakhani
Abhay Bhargav
Abhijeth D
Adam Caudill
Adam Steed
Adrian, Alex
Agent X
AI Village Organizers
Alejandro Mayorkas
Alejo Murillo
Alex Catarineu
Alex Levinson
Alex Levinson
Alex Long
Alex Padilla
Alex Stanev
Alex
Alexander Winnicki
Alexandre Borges
Alexandrine Torrents
Alexei Bulazel
Alfonso García
Allen Cai
Almost Human
Amanda Rousseau
Amber McReynolds
Amit Elazari Bar On
Amit Elazari
Amit Elazari
Anand Tiwari
Andrés Arrieta
Andrea Marcelli
Andrew Johnson
Andrew Macpherson
Andrew Morris
Andrew Morris
Andy Applebaum
Andy Applebaum
Andy Coravos
Angelos Stavrou
Ankur Tyagi
Anne Kim
Annie Rouse
Anonimal
Anonimal
Anshuman Bhartiya
Anto Joseph
April Wright
Ariel Herbert-Voss
Arnaud SOULLIÉ
Arun Magesh
Arun Mane
Aseem Jakhar
Ashwin K Whitchurch
Aunsuhl Rege
Aylin Caliskan
Azeem Aqil
BACE16
Balint Seeber
Balint Seeber
Beau Woods
Ben Barenz
Ben Hughes
Ben Nassi
Besim Altinok
Beth Schechter
Bhadreshkumar Patel
Bharath Kumar
BiaSciLab
Billy Boatright
Bob Wall
Brandon Workentin
Brendan OConnor
Brent White (B1TK1LL3R)
Brian Genz
Brian Milliron
Brittany "Straithe" Postnikoff
Bruce Potter
Bryan Austin
Bryan Passifiume
Bryce Kunz
Bryson Bort
Caleb Madrigal
Caleb Madrigal
Caleb Madrigal
Carlos Aguayo
Carlos Pacho
Caroline D. Hardin
Carsten Schurmann
Casey Bourbonnais
Chad Wanke
Changhyun Park
Chet Hosmer
Chet Hosmer
Chris Gammell
Chris Gardner
Chris Hadnagy
Chris Hanlon
Chris Roberts
Chris Silvers
Chris"Suggy" Sumner
Christian "quaddi" Dameff MD
Christian Paquin
Christian"quaddi" Dameff MD
Christopher Domas
Christopher Domas
Cinnamonflower
Clarence Chio
Colt Frederickson
Commodore Z
Craig Smith
Cristina Munoz
Csaba Fitzl
Cyberlass
Damien "virtualabs" Cauquil
Damon "ch3f" Small
Dan Borges
Dan Borges
Daniel "unicornFurnace" Crowley
Daniel Underhay
Daniel Williams (fbus)
Daniel Zolnikov
Darkmatter
Darren Kitchen
Dave Buchwald
Dave Porcello
David Melendez Cano
David Melendez Cano
David Nathans
David Pearson
David Scott Lewis
David Tomaschik
David Turco
Davin Potts
Debra Laefer
Dennis Giese
Dennis Giese
Dennis Taggart
Devin "Bearded Warrior" Pearson
Diego "rehrar" Salazar
Diego Aranha
DilDog
Dimitri
Dino Covotsos
dj beep code
Dominic Spill
Dominic Spill
Dongsung Kim
Douglas McKee
Dr Adam Everspaugh
Dr. Aylin Caliskan
Dr. Siegfried Rasthofer
Dr. Silke Holtmanns
Dr. Stan Naydin
Dr. Stan Naydin
Dr. Stan Naydin
Dr. Stan Naydin
Dr. Steven Arzt
Dylan Ayrey
Dylan James Smith
Ed Miles
Eduardo Izycki
Efrain Ortiz
egypt
Eijah
Elinor Mills
Elissa Shevinsky
Elizabeth Biddlecome
elkentaro
Elliott Brink
Erez Yalon
Eric Reuter
Eric Sesterhenn
Erin Hefley
Erwin Paternotte
Esteban Rodriguez
Ethan Gregory Dodge
Ethan Gregory Dodge
Evan Yang
Eyal Itkin
Ezra Caltum
Ezra Caltum
Faz
Fedor Sakharov
Felix "Crypto_Cat" Honigwachs
Feng Xiao
Flamingo
Fluffy Pony
Fluffy Pony
Francisco "ArticMine" Cabañas
Frank (@cosmovaltran
Fred Mastrippolito
Gabriel Bergel
Gabriel Ryan
Gabriel Ryan
Gabriel Ryan
Garett Montgomery
Gary Bates
George Tarnovsky
Georgia Weidman
Gerry Scott
gh057
Gita Ziabari
Glen Grant
Gozde Sinturk
Gozde Sinturk
Guang Gong
Guy Barnhart-Magen
Guy Barnhart-Magen
Guy Propper
HackaThon Product(s) Shocase by Participants
Hadar Yudovich
Hannah Silvers
Hari Hursti
Harish Ramadoss
Harry Moreno
HighWiz
hon1nbo
Howard (hyc) Chu
Huajiang "Kevin2600" Chen
Hwiwon Lee
Hyoung-Kee Choi
Ian Foster
Ian Haken
Ian Vitek
illwill
Imri Goldberg
infosecanon
Irwin Reyes
Isao Takaesu
Isao Takaesu
Isha Singh
Ivan Torroledo
J. Alex Halderman
Jacob Holcomb
Jacob Wilkin
Jake Braun
Jake Braun(moderator)
Jakub Botwicz
James Albany
James Coote
James Harris
Jamie Lee Williams
Jamie Williams
Jason Haddix
Jason Hill
Jason Malley
Jay Radcliffe
Jay Turla
Jayesh Singh Chauhan
Jayson E. Street
Jeanette Manfra
Jeanette Manfra
Jeanna Matthews
Jeanna Matthews
Jeff Kosseff
Jeff Magloire
Jeff"r3plicant" Tully MD
Jeffrey Ladish
Jen "savagejen" Savage
Jen Dalsen
Jen Ellis
Jennifer Roderick
Jeremy Johnson
Jericho
Jerome Greco
Jesse Michael
Jessica “Zhanna” Malekos Smith
Jeswin Mathai
Jeswin Mathai
Jianjun Dai
Jianwei Huang
Jin Yang
Joan Donovan
Joe FitzPatriclk
Joe Grand (Kingpin)
Joe Grand (Kingpin)
Joe Grand
Joe Grand
Joe Rozner
Joe Slowik
Joel Murphy
John Aho
John Dunlap
John Dunlap
John Dunlap
John Stoner
John Stoner
John Stoner
John Stoner
John Tan
Johnny Long
Jon Medina
Jon Overgaard Christiansen
Jos Wetzels
Josep M. Pujol
Josep Pi Rodriguez
Joseph Kiniry
Joseph Muniz
Joseph Zadeh
Joseph Zadeh
Josh Mitchell
Josh Mitchell
Joshua Corman
Joshua M Franklin
Joshua Pereyda
Joshua Pereyda
Judy Towers
Jun Li
Justin Ehrenhofer
Justin Ehrenhofer
Justin Whitehead
Kang Li
Kat Mansourimoaied
Kat Sweet
Katherine Pratt
Kathleen Mullen
Katiza Rodriguez
Keith Conway (@algirhythm)
Kelley
Ken Keiser
Kendall Blaylock
Keren Elazari
Keren Elazari
Kevin Chen
Kevin Franklin
Kevin Lustic
Kirill Levchenko PhD
Konark Modi
Konark Modi
Kunzhe Chai
Kurt Opsahl
L0pht Heavy Industries
Ladar Levison
Lane Broadbent
Laura H
ldionmarcil
Leandro Velasco
Lei Shi
Leigh-Anne Galloway
Lennart Koopmann
Leo Meyerovich & Eugene Teo
Leo Meyerovich & Eugene Teo
Li Chen
Lin Huang
Lior Kolnik
Lloyd Miller
Lokesh Pidawekar
Lorenzo Bernardi
Louis Nyffenegger
Louis Nyffenegger
Luca Bongiorni
Luke Jahnke
Luke Jahnke
M.Can KURNAZ
m010ch_
Madhu Akula
Madhu
Magg
Maggie Mayhem
Maggie Mayhem
magicspacekiwi (Colin Campbell)
Mahrud Sayrafi
Maksim Shudrak
Malware Unicorn
Mansour Ahmadi
Marc DaCosta
Marcelle
Margaret MacAlpine
Marie Fromm
Marina Krotofi
Marina Krotofil
Mark Klink
Mark Lewi
Mark Lewis
Mark Mager
Marko Bencun
Marko Bencun
Martin Vigo
MasterChen
MasterChen
Masuya Masafumi
Matt
Matt Blaze
Matt Cheung
Matt Cheung
Matt Goerzen
Matt King
Matt Knight
Matt Mahler
Matt Urquhart
Matt Wixey
Matt Wixey
Matthew Bernhard
Matthew Daley
Mattijs van Ommeren
Mauricio Velazco
Mauro Cáseres
Mauro Caseres
Mauro Paredes
Mayor Chad Wanke
Mbis0n Shadoru
Mehmet Kutlay Kocer
Micah Hoffman
Micah Hoffman
Michael Gianarakis
Michael Hiller
Michael Hiller
Michael Lee Nirenberg
Michael Ossmann
Michael Schloh
Michael Schloh
Michael Schloh
Michael West
Mickey Shkatov
midipoet
midipoet
Miguel Guirao
Mike Davis
Mike Godfrey
Mike Raggo
Mike Raggo
Mike Spicer
Mike Westmacott
Mikhail Burshteyn
Min (Spark) Zheng
Min (Spark) Zheng
Mingchuang Qun
Mixæl Laufer
Monta Elkins
Morgan "indrora" Gangwere
Mr. Br!ml3y
MSvB
MSvB
Mudge
mwguy
Nafeez
Nancy Eckert
Nate Cardozo
Nate Cardozo
Nate Temple
Nathan 'nash' Sheard
Nathan Adams
Nathan White
Neal Kelley
Neel Pandeya
Neil Fallon
Nevermoe (@n3v3rm03)
Nicholas Doiron
Nick - GraphX
Nick Cano
Nick Cano
Nick Cano
Nick Delewski
Nick Sayer
Nick Tait
Nicolas Kseib
Nikita
Nils Amiet
Nishant Sharma
Nishant Sharma
Noah Praetz
Nox
OCP (by proxy)
Octet In Triplicate
Olivia Thet
Omar Santos
Omer Cohen
Orange Tsai
Panel
Parasew
Parsia Hakimian
Patrick DeSantis
Patrick Wardle
Patrick Wardle
Paul Shapiro
Pavan Mohan
Pedro Fortuna
Peng Liu
Philip Martin
Philipp Claen
Philippe Delteil
Pigeon
Pranshu Bajpai
Prashant Mahajan
Prof Andrea M. Matwyshyn, Professor of Law, NUSL
Project Nexus
Project Nexus
pwrcycle
Qian Wenxiang
Rachel Greenstadt
Ram Shankar Siva Kumar
Raphael Norwitz
Raye Keslensky
recompiler
Recon Village Team
Renderman
Rex
Rich Seymour
Richard Henderson
Richard Thieme
Rick "Captain Marko Ramius" Mellendick
Rick "Ward River" Mellendick
Rick "Ward River" Mellendick
Rick "Ward River" Mellendick
Rick "Ward River" Mellendick
Rick Ramgattie
Ricky "HeadlessZeke" Lawshae
Rik van Duijn
Roamer
Rob Brandon
Rob Joyce
Rob Joyce
Robert Karas
Robert Portvliet
Robert Potter
Roberto Suarez
Robin "midipoet" Renwick
Rod Soto
Rod Soto
Rod Soto
Rodrigo Colli
Rogan Dawes
Rogan Dawes
Roger Dingledine
Ron Taylor
Rowan Phipps
Ruo Ando
Rushikesh D. Nandedkar
Russ Handorf
Russell Mosley
Ryan Holeman
Ryan Johnson
Ryan Kovar
Ryan Kovar
Ryan Kovar
Ryan Kovar
Ryan MacDougall
Ryan Mitchell
Ryan Speers
S0ups
Salvador Mendoza
Sam Bowne
Sam Erb
Sanat Sharma
Sandeep Singh
Sanoop Thomas
Sara-Jayne Terp
Sarah St. Vincent
Sarang Noether
Saurabh Harit
Saurabh Harit
Saurabh Harit
Saurabh Harit
Scott Arciszewski
Seamus Burke
Sean Gallagher
Sean Metcalf
Sean Wilson
Seb Kinne
Sebastian Garcia
security panda
Senhua Wang
Sergei Frankoff
Sergio De Los Santos
Seth Law
sghctoma
Shaggy
Shamiq
Shaokun Cao
Sharath Kumar Ramadas
Shawn Merdinger
Sheila A. Berta
Sheng-Hao Ma
Sherrie Cowley
Shubham Mittal
Shubham Mittal
Shubham Shah
Si
Siddharth Rao
Sidragon
siDragon
Silas Cutler
Silicosis
singe
Slava Makkaveev
smea
Sneha Rajguru
Soldier of FORTRAN
Space Rogue
Srinivas Rao
Stark Riedesel
Stephan Huber
Stephanie Stroka
Stephen Hilt
Steve Thomas
steve0
Steven Danneman
Stumbles The Drunk
Sudhanshu Chahuhan
Sudhanshu Chauhan
Svea Eckert
Sven Cattell
Tarah Wheeler
Tay-Tay fanboi Wasabi
Taylor Banks
Taylor Hornby
Tess Schrodinger
Thanh Bui
The Dark Tangent
The Dark Tangent
The Tarquin
Thiago Alves
Thomas VanNorman
Till Krause
Tim Roberts (byt3boy)
Tim Yunusov
Timothy Clemans
To be announced
toddpar0dy
Tom Kahana
Tom Sela
TonTon Huang
Toshitsugu Yoneyama,
Travis Goodspeed
Travis Goodspeed
Truman Kain
TryCatchHCF
Ulf Frisk
Uncle G.
Utku Sen
Utku Sen
Vadim Pavlov
Vaibhav Gupta
Veronica Schmit
Veronica Schmitt
Vincent Tan
Vinnie Vanhoecke
Violet Blue
Vlad Gostomelsky
Walter Cuestas
Wasabi
Wayne Ronaldson
Wbbigdave
Weed Anon
WeedAnon
Weld Pond
Wendy Knox Everette
Wenlin Yang
Wesley McGrew
Wesley McGrew
Whitney Champion
William Knowles
William Martin
William Martin
William Suthers
William Vu
Wiseacre
Wojciech Rauner
Wu HuiYu
Xavier Ashe
Xavier Ashe
Xiaolong Bai
Xiaolong Bai
Yaniv Balmas
yawnbox
Yifeng Zhang
Yingtao Zeng
Yolan Romailler
Yu Wang
Yueting Lee
Yunding Jian
Yuwei Zheng
Yuwei Zheng
Zach
zenofex
Zero_Chaos
Zero_Chaos
Zero_Chaos
Zero_Chaos
Zero_Chaos
Zero_Chaos
zerosum0x0
Zhenxuan Bai
Zhi Zhou
Zhiniang Peng

Talk List


Reverse Engineering with OpenSCAD and 3D Printing - WS - Linq 4th Flr - Icon B
"Probably": an Irreverent Overview of the GDPR - CPV - Caesars Promenade Level - Milano BR 1,2
"Won't Somebody Think of the Children?" Examining COPPA Compliance at Scale - CPV - Caesars Promenade Level - Milano BR 1,2
(Not Recorded) Ask Me Anything about Tor: AMA with Roger Dingledine - CPV - Caesars Promenade Level - Milano BR 1,2
(Responsible?) Offensive Machine Learning - AIV - Caesars Promenade Level - Florentine BR 3
[Networking/Social] Blackhat/DefCon Meet-up at Cafe Americano - Meetup - Caesars - Cafe Americano
/R/defcon redit Meetup - Meetup - Stage Door 4000 Linq Ln., Las Vegas (Right across the street from Caesars Palace)
/R/defcon redit Meetup - Meetup - Flamingo - 3rd Floor - Chillout Rm
#WiFiCactus - DL - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1
1983: I’m born. 2018: I’m taking on the bad guys - RCV - Caesars Promenade Level - Florentine BR 1,2
4G—Who is paying your cellular phone bill? - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
503 Party 2018 - Night Life - Forum Tower Duplex Hangover Suite
80 to 0 in under 5 seconds: Falsifying a medical patient's vitals - DC - Track 1 - Caesars Emperor's Level - Palace BR
8th Defcon Bike Ride - Meetup - Local Bikeshop
  - RCV - Caesars Promenade Level - Florentine BR 1,2
A Comprehensive Forensic Analysis of WINVote Voting Machines - VMHV - Caesars Pool Level - Forum 14-16
A CTF That Teaches: Challenging the Next Generation of ICS Ethical Hackers - ICS - Flamingo Lower Level - Red Rock Rm 6-8
A Journey Into Hexagon: Dissecting a Qualcomm Baseband - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
A Rundown of Security Issues in Crypto Software Wallets - BCOS - Caesars Promenade Level - Pompeian BR 1
A SOC in the Village - ICS - Flamingo Lower Level - Red Rock Rm 6-8
About the Open Cannabis Project - PPV - Flamingo Lower Level - Valley Of Fire Rms
Accountability without accountability: A censorship measurement case study - EHV - Caesars Promenade Level - Modena Rm
ADRecon: Active Directory Recon - DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1
Advanced APT Hunting with Splunk - PHW - Caesars Promenade Level - Neopolitan BR
Advanced APT Hunting with Splunk - PHW - Caesars Promenade Level - Neopolitan BR
Advanced Custom Network Protocol Fuzzing - WS - Linq 4th Flr - Icon C
Advanced Wireless Attacks Against Enterprise Networks - WS - Linq 4th Flr - Icon C
Adventures in Radio Scanning: Advanced Scanning Techniques with SDR - WS - Linq 4th Flr - Icon D
Adventures in the dark web of government data - RCV - Caesars Promenade Level - Florentine BR 1,2
Adversarial Patches - AIV - Caesars Promenade Level - Florentine BR 3
AI DevOps: Behind the Scenes of a Global Anti-Virus Company's Machine Learning Infrastructure - AIV - Caesars Promenade Level - Florentine BR 3
All your family secrets belong to us—Worrisome security issues in tracker apps - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
All your math are belong to us - DC - Track 1 - Caesars Emperor's Level - Palace BR
An Attacker Looks at Docker: Approaching Multi-Container Applications - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
An Introduction to Kovri - BCOS - Caesars Promenade Level - Pompeian BR 1
An OSINT Approach to Third Party Cloud Service Provider Evaluation - PHV - Caesars Promenade Level - Neopolitan BR
An Overview of Hydroponic Grow Techniques - PPV - Flamingo Lower Level - Valley Of Fire Rms
Analyzing Malscripts: Return of the Exploits! - WS - Linq 4th Flr - Icon E
Analyzing VPNFilter's Modbus Module - ICS - Flamingo Lower Level - Red Rock Rm 6-8
Angad: A Malware Detection Framework using Multi-Dimensional Visualization - DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1
Announcing the Underhanded Crypto Contest Winners - CPV - Caesars Promenade Level - Milano BR 1,2
Anonymous rate-limiting in services with Direct Anonymous Attestation - CPV - Caesars Promenade Level - Milano BR 1,2
Applied OSINT For Politics: Turning Open Data Into News - RCV - Caesars Promenade Level - Florentine BR 1,2
Applied Physical Attacks on Embedded Systems, Introductory Version - HHV - Caesars Pool Level - Forum 17-21
Arcade Party - Night Life - Flamingo - 3rd Floor - Mesquite Rm
Archery—Open Source Vulnerability Assessment and Management - DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1
ARM eXploitation 101 - WS - Linq 4th Flr - Icon D
Asking for a Friend - EHV - Caesars Promenade Level - Modena Rm
Assessments of Election Infrastructure and Our Understanding and sometimes whY - VMHV - Caesars Pool Level - Forum 14-16
Asura: A huge PCAP file analyzer for anomaly packets detection using massive multithreading - DC - Track 1 - Caesars Emperor's Level - Palace BR
Attack & Defense in AWS Environments - WS - Linq 4th Flr - Icon E
Attacking & Auditing Docker Containers Using Open Source - WS - Linq 4th Flr - Icon E
Attacking Active Directory and Advanced Defense Methods in 2018 - WS - Linq 4th Flr - Icon C
Attacking Commercial Smart Irrigation Systems - IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms
Attacking Gotenna Networks - WLV - Caesars Promenade Level - Milano BR 5,6
Attacking the macOS Kernel Graphics Driver - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Automated Discovery of Deserialization Gadget Chains - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
Automated Planning for the Automated Red Team - AIV - Caesars Promenade Level - Florentine BR 3
Automating DFIR: The Counter Future - BTV - Flamingo 3rd Flr- Savoy Rm
barcOwned—Popping shells with your cereal box - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Batman, Brain Hacking, and Bank Accounts - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
BCOS keynote speech - BCOS - Caesars Promenade Level - Pompeian BR 1
Behavior-Based Defense in ICS Environments: Leveraging Minor Incidents to Protect Against Major Attacks - ICS - Flamingo Lower Level - Red Rock Rm 6-8
Betrayed by the keyboard: How what you type can give you away - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
Beyond Adversarial Learning -- Security Risks in AI Implementations - AIV - Caesars Promenade Level - Florentine BR 3
Beyond the Lulz: Black-Hat Trolling, White-Hat Trolling, Attacking and Defending Our Attention Landscape - DC - Octavius 9
Biohacking the Disability - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
Bitsquatting: Passive DNS Hijacking - PHV - Caesars Promenade Level - Neopolitan BR
BlanketFortCon - Night Life - Flamingo - 3rd Floor - Carson City Rm
BLE CTF - WLV - Caesars Promenade Level - Milano BR 5,6
BLEMystique—Affordable custom BLE target - DL - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1
Blue Team Bio: Using Kill-Chain Methodology to Stop Bioterrorism - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
Blue_Sonar - WLV - Caesars Promenade Level - Milano BR 5,6
Booby Trapping Boxes - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
boofuzz - DL - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1
Book Signing - Craig Smith - The Car Hacker's Handbook - Service - Vendors Area - No Starch Press Table
Book Signing - Elissa Shevinsky - Lean Out - Service - Vendors Area - No Starch Press Table
Book Signing - Georgia Weidman - Penetration Testing - Service - Vendors Area - No Starch Press Table
Book Signing - Nick Cano - Game Hacking - Service - Vendors Area - No Starch Press Table
Book Signing - Tarah Wheeler, with Keren Elazari - Women in Tech - Service - Vendors Area - No Starch Press Table
Book Signing - Travis Goodspeed - PoC || GTFO - Service - Vendors Area - No Starch Press Table
Book Signing - Violet Blue - The Smart Girls's Guide to Privacy - Service - Vendors Area - No Starch Press Table
Breakfast at Defcon - Meetup - HHV - Caesars Pool Level - Forum 17-19
Breaking Extreme Networks WingOS: How to own millions of devices running on Aircrafts, Government, Smart cities and more. - DC - Track 1 - Caesars Emperor's Level - Palace BR
Breaking In: Building a home lab without having to rob a bank - HHV - Caesars Pool Level - Forum 17-21
Breaking Parser Logic: Take Your Path Normalization Off and Pop 0days Out! - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Breaking Smart Speakers: We are Listening to You. - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
BruCamp - Meetup - Caesars - Promenade Level - Livorno/Village Talks Rm
BSSI [Brain Signal Strength Indicator] - finding foxis with acoustic help (piClicker) - WLV - Caesars Promenade Level - Milano BR 5,6
Bug Bounty Hunting on Steroids - RCV - Caesars Promenade Level - Florentine BR 1,2
Build Your Own OpticSpy Receiver Module - WS - Linq 4th Flr - Icon A
Building a Better Bedside - The Blue Team Needs a Plan B - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
Building a Cryptographic Backdoor in OpenSSL - CPV - Caesars Promenade Level - Milano BR 1,2
Building a Teaching SOC - PHV - Caesars Promenade Level - Neopolitan BR
Building Absurd Christmas Light Shows - DC - 101 Track
Building Autonomous AppSec Test Pipelines with the Robot Framework - WS - Linq 4th Flr - Icon E
Building Drones the Hard Way - HHV - Caesars Pool Level - Forum 17-21
Building Environmentally Responsive Implants with Gscript - WS - Linq 4th Flr - Icon C
Building the Hacker Tracker - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
Building visualisation platforms for OSINT data using open source solutions - RCV - Caesars Promenade Level - Florentine BR 1,2
Buzzing Smart Devices: Smart Band Hacking - WS - Linq 4th Flr - Icon B
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010 - DC - Track 1 - Caesars Emperor's Level - Palace BR
Bypassing Windows Driver Signature Enforcement - WS - Linq 4th Flr - Icon A
Can you hear me now, DEF CON? - WLV - Caesars Promenade Level - Milano BR 5,6
Capturing in Hard to Reach Places - PHV - Caesars Promenade Level - Neopolitan BR
Car Infotainment Hacking Methodology and Attack Surface Scenarios - PHV - Caesars Promenade Level - Neopolitan BR
Cartoons, Sketchnotes, Bullet Journals and Other Data Visualization Tricks - RCV - Caesars Promenade Level - Florentine BR 1,2
CATs - A Tale of Scalable Authentication - CPV - Caesars Promenade Level - Milano BR 1,2
Chatting with your programs to find vulnerabilities - AIV - Caesars Promenade Level - Florentine BR 3
CHIRON - DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1
Cicada: What the Puzzles Can Teach Us About Cryptography and Privacy. - CPV - Caesars Promenade Level - Milano BR 1,2
Closing Note - RCV - Caesars Promenade Level - Florentine BR 1,2
Cloud Encryption: How to not suck at securing your encryption keys - CPV - Caesars Promenade Level - Milano BR 1,2
Cloud Security Myths - BTV - Flamingo 3rd Flr- Savoy Rm
Cloud Security Myths - SKY - Flamingo 3rd Flr - Virginia City Rm
Cloud Security Suite—One stop tool for AWS, GCP & Azure Security Audit - DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1
Cobalt DEF CON Party 2018 - Night Life - Flamingo, Rm # after registration
Compression Oracle Attacks on VPN Networks - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Compromising online accounts by cracking voicemail systems - DC - Track 1 - Caesars Emperor's Level - Palace BR
Conformer - DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1
Contest winners, prizes, showcase and awards - BCOS - Caesars Promenade Level - Pompeian BR 1
Contests, Challenges, and free giveaways - BCOS - Caesars Promenade Level - Pompeian BR 1
Core OSINT: Keeping Track of and Reporting All the Things - RCV - Caesars Promenade Level - Florentine BR 1,2
Cruising the Cannabis Highway: Major Breaches in Cannabis Software - PPV - Flamingo Lower Level - Valley Of Fire Rms
Crypto Hero - WS - Linq 4th Flr - Icon F
Cryptography, Codes, and Secret Writing: An Introduction to Secret Communications - CPV - Caesars Promenade Level - Milano BR 1,2
Cubcon 2018 - Night Life - Caesars - Location printed on badges
Current Policy Responses to Election Security Concerns - VMHV - Caesars Pool Level - Forum 14-16
Custodial Responsibilities in the Connected Age: Digital Specimens and Social Contracts - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
D(Struction)20 CTF - Contest - Contest Stage
D0 N0 H4RM: A Healthcare Security Conversation - DC - Octavius 9
DC 26 GothCon - Night Life - Caesars - Lobby bar
DC801 Party - Night Life - Location TBA
De-anonymizing Programmers from Source Code and Binaries - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Deaf Con Meet Up - Meetup - Chill Out Lounge
Decentralized Hacker Net - WS - Linq 4th Flr - Icon F
Deconstructing DeFeNeStRaTe.C: The first public buffer overflow on a mainframe? - SKY - Flamingo 3rd Flr - Virginia City Rm
Deep Exploit - AIV - Caesars Promenade Level - Florentine BR 3
DeepPhish: Simulating the Malicious Use of AI - AIV - Caesars Promenade Level - Florentine BR 3
DEF CON 101 Panel - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
DEF CON 26: Bugcrowd House Party - Night Life - Rockhouse Bar 3370 S Las Vegas Blvd
DEF CON Beard and Moustache Contest - Contest - Contest Stage
DEF CON Biohacking Village Badge Talk - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
DEF CON Blitz Chess Tournament - Contest - Contest Stage
DEF CON Closing Ceremonies - DC - Track 1 - Caesars Emperor's Level - Palace BR
DEF CON Dinner Con - Meetup - The Park on Las Vegas Blvd. by TMobile Arena
Defcon 26 4X5K run - Meetup - corner of W Flamingo and Las Vegas Blvd underneath the circular temple structure
Defcon 26 4X5K run - Meetup - corner of W Flamingo and Las Vegas Blvd underneath the circular temple structure
Defcon 26 4X5K run - Meetup - corner of W Flamingo and Las Vegas Blvd underneath the circular temple structure
Defcon 26 4X5K run - Meetup - corner of W Flamingo and Las Vegas Blvd underneath the circular temple structure
DEFCON 909 Meet Up - Meetup - Caesars - Circle Bar
Defcon Monero Party 2018 - Night Life - Caesars Palace Forum Tower, Rm TBA
Defending the 2018 Midterm Elections from Foreign Adversaries - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Defense in Depth: The Path to SGX at Akamai - PHV - Caesars Promenade Level - Neopolitan BR
DejaVU—An Open Source Deception Framework - DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1
Demystifying MS17-010: Reverse Engineering the ETERNAL Exploits - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Deploying, Attacking, and Securing Software Defined Networks - WS - Linq 4th Flr - Icon F
Designing and Applying Extensible RF Fuzzing Tools to Expose PHY Layer Vulnerabilities - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Detecting Blue Team Research Through Targeted Ads - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Detecting Web Attacks with Recurrent Neural Networks - AIV - Caesars Promenade Level - Florentine BR 3
Diagnosing Sick Plants with Computer Vision - PPV - Flamingo Lower Level - Valley Of Fire Rms
Digital Leviathan: a comprehensive list of Nation-State Big Brothers (from huge to little ones - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Disabling Intel ME in Firmware - HHV - Caesars Pool Level - Forum 17-21
Disassembly and Hacking of Firmware Where You Least Expect It: In Your Tools- with live hacking demonstration - ICS - Flamingo Lower Level - Red Rock Rm 6-8
Discussion - EHV - Caesars Promenade Level - Modena Rm
Discussion - EHV - Caesars Promenade Level - Modena Rm
Disrupting the Digital Dystopia or What the hell is happening in computer law? - DC - Octavius 13
Dissecting the Teddy Ruxpin: Reverse Engineering the Smart Bear - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
Diversity and Equality in Infosec - EHV - Caesars Promenade Level - Modena Rm
DNA Encryption: Bioencryption to Store Your Secrets in living organisms - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
Don't Bring Me Down: Weaponizing botnets - SKY - Flamingo 3rd Flr - Virginia City Rm
Dragnet—Your Social Engineering Sidekick - DC - Track 1 - Caesars Emperor's Level - Palace BR
Drunk Hacker History - Contest - Contest Stage
Ducky-in-the-Middle: Injecting Keystrokes into Plaintext Protocols - PHV - Caesars Promenade Level - Neopolitan BR
EAPHammer - DL - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1
Edge Side Include Injection: Abusing Caching Servers into SSRF and Transparent Session Hijacking - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
EFF Fireside Hax (AKA Ask the EFF) - DC - Roman Chillout
EFF Tech Trivia - Contest - Contest Stage
Effective Log & Events Management - BTV - Flamingo 3rd Flr- Savoy Rm
Emergent Recon - fresh methodology and tools for hackers in 2018 - RCV - Caesars Promenade Level - Florentine BR 1,2
Ethical Disclosure and the Reduction of Harm - EHV - Caesars Promenade Level - Modena Rm
Ethics for Security Practitioners - EHV - Caesars Promenade Level - Modena Rm
Ethics of Technology in Humanitarian and Disaster Response - EHV - Caesars Promenade Level - Modena Rm
Evolving security operations to the year 2020 - BTV - Flamingo 3rd Flr- Savoy Rm
Examining Monero's Ring Signatures - BCOS - Caesars Promenade Level - Pompeian BR 1
Expl-iot—IoT Security Testing and Exploitation framework - DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1
Exploiting Active Directory Administrator Insecurities - DC - Track 1 - Caesars Emperor's Level - Palace BR
Exploiting immune defences - can malware learn from biological viruses? - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
Exploiting IoT Communications - A Cover within a Cover - SKY - Flamingo 3rd Flr - Virginia City Rm
Exploiting the IoT hub : What happened to my home? - IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms
Exploring the 802.15.4 Attack Surface - WLV - Caesars Promenade Level - Milano BR 5,6
Facial Recognition - Let me let you in on a secret - SKY - Flamingo 3rd Flr - Virginia City Rm
Fasten your seatbelts: We are escaping iOS 11 sandbox! - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Finding and Attacking Undocumented APIs with Python - PHW - Caesars Promenade Level - Neopolitan BR
Finding Needles in Haystacks - WS - Linq 4th Flr - Icon D
Finding Xori: Malware Analysis Triage with Automated Disassembly - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Fire & Ice: Making and Breaking macOS Firewalls - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
firstorder - DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1
Fishing for Phishers. The Enterprise Strikes Back! - PHV - Caesars Promenade Level - Neopolitan BR
For the Love of Money: Finding and exploiting vulnerabilities in mobile point of sales systems - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Forensic Investigation for the Non-Forensic Investigator - WS - Linq 4th Flr - Icon A
FPGA’s: a new attack surface for embedded adversaries. - IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms
Freedom of Information: Hacking the Human Black Box - PHV - Caesars Promenade Level - Neopolitan BR
Friends of Bill W - Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South
Friends of Bill W - Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South
Friends of Bill W - Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South
Friends of Bill W - Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South
Friends of Bill W - Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South
Friends of Bill W - Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South
Friends of Bill W - Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South
From Introvert to SE: The Journey - SEV - Caesars Promenade South - Octavius BR 3-8
From MormonLeaks to FaithLeaks - SKY - Flamingo 3rd Flr - Virginia City Rm
Fuzzing FTW - WS - Linq 4th Flr - Icon D
Fuzzing Malware For Fun & Profit. Applying Coverage-guided Fuzzing to Find and Exploit Bugs in Modern Malware - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Fuzzing with AFL (American Fuzzy Lop) - WS - Linq 4th Flr - Icon B
Game Runner 2049: The Battles Fought by the King of the Replicants - SKY - Flamingo 3rd Flr - Virginia City Rm
GAN to the dark side: A case study of attacking machine-learning systems to empower defenses - AIV - Caesars Promenade Level - Florentine BR 3
GeekPwn Party - Night Life - Flamingo - 3rd floor - Track 101 Scenic BR
GeekPwn - Contest - Contest Stage
Generating Labeled Data From Adversary Simulations With MITRE ATT&CK - AIV - Caesars Promenade Level - Florentine BR 3
Geolocation and Homomorphic Encryption - CPV - Caesars Promenade Level - Milano BR 1,2
Getting Skin in the Game: Biohacking & Business - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
Getting to Blinky: #badgelife begins with a single blink - HHV - Caesars Pool Level - Forum 17-21
GOD MODE UNLOCKED: Hardware Backdoors in [redacted] x86 CPUs - DC - Track 1 - Caesars Emperor's Level - Palace BR
Goodwatch Update - WLV - Caesars Promenade Level - Milano BR 5,6
Grand Theft Auto: Digital Key Hacking - PHV - Caesars Promenade Level - Neopolitan BR
Green Locks for You and Me - CPV - Caesars Promenade Level - Milano BR 1,2
GreyNoise - DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1
GUI Tool for OpenC2 Command Generation - DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1
Guided Tour to IEEE 802.15.4 and BLE Exploitation - WS - Linq 4th Flr - Icon A
GyoiThon - DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1
Hack Back: Not An Option, But A Necessity? (A Mini-Workshop) - EHV - Caesars Promenade Level - Modena Rm
Hack On The BitBox Hardware Wallet - BCOS - Caesars Promenade Level - Pompeian BR 1
Hackathon and CTF Prizes, and a Group Photo - RCV - Caesars Promenade Level - Florentine BR 1,2
Hacker Flairgrounds - Meetup - Flamingo - 3rd floor - Chillout Rm
Hacker Jeopardy - Contest - Caesars - Track 3 - Pool Level - Forum BR 1-11,25
Hacker Jeopardy - Contest - Caesars - Track 3 - Pool Level - Forum BR 1-11,25
Hacker Karaoke - Night Life - Caesars - Emperors Level - Chillout Rm
Hacker Karaoke - Night Life - Caesars - Emperors Level - Chillout Rm
Hacking a Crypto Payment Gateway - BCOS - Caesars Promenade Level - Pompeian BR 1
Hacking BLE Bicycle Locks for Fun and a Small Profit - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Hacking for Special Needs - Meetup - Caesars - Promenade Level - Anzio Rm past Registration
Hacking Human Fetuses - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
Hacking Phenotypic Pathways In Cannabis - PPV - Flamingo Lower Level - Valley Of Fire Rms
Hacking PLCs and Causing Havoc on Critical Infrastructures - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
Hacking the Brain: Customize Evil Protocol to Pwn an SDN Controller - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Hacking the international RFQ Process #killthebuzzwords - RCV - Caesars Promenade Level - Florentine BR 1,2
Hacking the Technical Interview - SKY - Flamingo 3rd Flr - Virginia City Rm
Hacking Thingz Powered By Machine Learning - WS - Linq 4th Flr - Icon A
Hacking U-Boot - IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms
Hacking Your Dev Job to Save the World - Where Programming and Hacking Meet - BTV - Flamingo 3rd Flr- Savoy Rm
Hacking your HackRF - HHV - Caesars Pool Level - Forum 17-21
Halcyon IDE - DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1
Ham Radio Exams - Service - Caesars - Promenade Level - Anzio Rm past Registration
Ham Radio Exams - Service - Caesars - Promenade Level - Anzio Rm past Registration
Hamilton's Private Key: American Exceptionalism and the Right to Anonymity - CPV - Caesars Promenade Level - Milano BR 1,2
Having fun with IoT: Reverse Engineering and Hacking of Xiaomi IoT Devices - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
Healthcare Exposure on Public Internet - SKY - Flamingo 3rd Flr - Virginia City Rm
HealthyPi—Connected Health - DL - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1
Hey Bro, I Got Your Fitness Right Here (and your PHI). - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
Hiding in plain sight: Disguising HTTPS traffic with domain-fronting - CPV - Caesars Promenade Level - Milano BR 1,2
Holy BATSense! Deploying TBATS Machine Learning Algorithm to Detect Security Events - AIV - Caesars Promenade Level - Florentine BR 3
Honeycomb—An extensible honeypot framework - DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1
House of Kenzo - Night Life - Flamingo - 3rd Floor - Track 101 Twilight BR
House of Roman—a "leakless" heap fengshui to achieve RCE on PIE Binaries - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
How can industrial IioT be protected from the great unwashed masses of IoT devices - ICS - Flamingo Lower Level - Red Rock Rm 6-8
How Compliance Affects the Surface Area of Cannabis POS - PPV - Flamingo Lower Level - Valley Of Fire Rms
How not to suck at Vulnerability Management [at Scale] - BTV - Flamingo 3rd Flr- Savoy Rm
How to Microdose Yourself - PPV - Flamingo Lower Level - Valley Of Fire Rms
How to Tune Automation to Avoid False Positives - PHV - Caesars Promenade Level - Neopolitan BR
How We Cost Our Client £1.2M with 4 lines of code and less than 2 Hours ($2M) - ICS - Flamingo Lower Level - Red Rock Rm 6-8
How WHOIS Data Uncovered $32 Billion Connected to the Mormon Church - RCV - Caesars Promenade Level - Florentine BR 1,2
How-to modify ARM Cortex-M based firmware: A step-by-step approach for Xiaomi devices - IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms
http2 and you - SKY - Flamingo 3rd Flr - Virginia City Rm
Hunting Predators: SE Style - SEV - Caesars Promenade South - Octavius BR 3-8
Hunting Rogue APs: Hard Lessons - WLV - Caesars Promenade Level - Milano BR 5,6
Hunting the Ethereum Smart Contract: Color-inspired Inspection of Potential Attacks - AIV - Caesars Promenade Level - Florentine BR 3
I fought the law and law lost - RCV - Caesars Promenade Level - Florentine BR 1,2
I'll See Your Missile and Raise You A MIRV: An overview of the Genesis Scripting Engine - DC - Track 1 - Caesars Emperor's Level - Palace BR
I'm the One Who Doesn't Knock: Unlocking Doors from the Network - IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms
Identifying and correlating anomalies in Internet-wide scan traffic to newsworthy security events - AIV - Caesars Promenade Level - Florentine BR 3
Implementing a Library for Pairing-based Transform Cryptography - CPV - Caesars Promenade Level - Milano BR 1,2
In Soviet Russia Smartcard Hacks You - DC - Track 1 - Caesars Emperor's Level - Palace BR
In-N-Out - That’s What It’s All About - SEV - Caesars Promenade South - Octavius BR 3-8
Infecting The Embedded Supply Chain - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Inside the Fake Science Factory - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Instructions and invitations to party - BCOS - Caesars Promenade Level - Pompeian BR 1
Integrating post-quantum crypto into real-life applications - CPV - Caesars Promenade Level - Milano BR 1,2
IntelliAV: Building an Effective On-Device Android Malware Detector - AIV - Caesars Promenade Level - Florentine BR 3
Intense Introduction to Modern Web Application Hacking - PHW - Caesars Promenade Level - Neopolitan BR
Internet of Laws: Navigating to IoT Hacking Legal Landscape - IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms
Internet of Medicine : The ultimate key to Rooting the human being - IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms
INTRO TO DATA MASTERCLASS: Graphs & Anomalies - AIV - Caesars Promenade Level - Florentine BR 3
INTRO TO DATA MASTERCLASS: Tour-de-ML - AIV - Caesars Promenade Level - Florentine BR 3
Introducing YOGA: Your OSINT Graphical Analyzer - RCV - Caesars Promenade Level - Florentine BR 1,2
Introduction to Cryptographic Attacks - WS - Linq 4th Flr - Icon B
Introduction to Railroad Telemetry - WLV - Caesars Promenade Level - Milano BR 5,6
ioc2rpz - DL - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1
IoT Data Exfiltration - PHV - Caesars Promenade Level - Neopolitan BR
IoT Village Keynote - Tales of a SOHOpeful Journey: Where our Research Started and Where it's Going - IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms
IoT Village Manson Party - Night Life - Off-site party, Register and receive adddress from IOT VIllage
It WISN't me, attacking industrial wireless mesh networks - DC - Track 1 - Caesars Emperor's Level - Palace BR
It's Assembler, Jim, but not as we know it: (ab)using binaries from embedded devices for fun and profit - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
It's not wifi: Stories in Wireless Reverse Engineering - WLV - Caesars Promenade Level - Milano BR 5,6
It’s a Beautiful Day in the Malware Neighborhood - AIV - Caesars Promenade Level - Florentine BR 3
Jailbreaking the 3DS through 7 years of hardening - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Jailed by a Google Search: the Surveillance State's War on Self-induced Abortion - CPV - Caesars Promenade Level - Milano BR 1,2
JARVIS never saw it coming: Hacking machine learning (ML) in speech, text and face recognition - and frankly, everywhere else - SKY - Flamingo 3rd Flr - Virginia City Rm
JARVIS never saw it coming: Hacking machine learning (ML) in speech, text and face recognition - and frankly, everywhere else - CPV - Caesars Promenade Level - Milano BR 1,2
JMPgate: Accelerating reverse engineering into hyperspace using AI - AIV - Caesars Promenade Level - Florentine BR 3
Joe Grand's Hardware Hacking Basics - WS - Linq 4th Flr - Icon A
Jumping the Epidermal Barrier - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
Just what the Doctor Ordered: 2nd Opinions on Medical Device Security - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
JWAT...Attacking JSON Web Tokens - WS - Linq 4th Flr - Icon D
Kali Dojo Workshop - PHW - Caesars Promenade Level - Neopolitan BR
Keynote - From Breach to Bust: A short story of graphing and grey data - RCV - Caesars Promenade Level - Florentine BR 1,2
Keynote Address: Alejandro Mayorkas - VMHV - Caesars Pool Level - Forum 14-16
Keynote Address: TBA - VMHV - Caesars Pool Level - Forum 14-16
Keynote Presentation: Avoiding Trauma, Drama and FUD in Medical Device Disclosure - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
Keynote Speech: Inside Monero - BCOS - Caesars Promenade Level - Pompeian BR 1
Last mile authentication problem: Exploiting the missing link in end-to-end secure communication - DC - Track 1 - Caesars Emperor's Level - Palace BR
Lateral Movement 101: 2018 Update - WS - Linq 4th Flr - Icon D
Lawyer Meet - Meetup - Flamingo - 3rd Floor - Carson City Rm
Learning to Listen: Machine Learning for Adaptive Wireless Adversary Detection - WLV - Caesars Promenade Level - Milano BR 5,6
Lessons Learned: DEFCON Voting Village 2017 - VMHV - Caesars Pool Level - Forum 14-16
Leveling the Bug Bounty Playfield - Introducing the #LEGALBUGBOUNTY project - SKY - Flamingo 3rd Flr - Virginia City Rm
LHT (Lossy Hash Table) - DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1
Lightning Talks - A Crash Course on Election Security - VMHV - Caesars Pool Level - Forum 14-16
Lightning Talks - Mechanics & Pitfalls of Auditing with Scanners - VMHV - Caesars Pool Level - Forum 14-16
Lightning Talks - The Return of Software Vulnerabilities in the Brazilian Voting Machine - VMHV - Caesars Pool Level - Forum 14-16
Lightning Talks - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
Little Fluffy Pineapple Clouds - Commanding a Fleet of Wireless Fruit - WLV - Caesars Promenade Level - Milano BR 5,6
Live Band Karaoke - Night Life - Flamingo - 3rd Floor - Track 101 Vista BR
Local Sheriff - DL - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1
Lonely Hackers Club Party - Night Life - Flamingo - 3rd Floor - El Dorado BR
Looking for the perfect signature: an automatic YARA rules generation algorithm in the AI-era - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Lora Smart Water Meter Security Analysis - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Lost and Found Certificates: dealing with residual certificates for pre-owned domains - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Loud Party - Meetup - Caesars Palace Forum Tower Duplex Suite, Diana Initiative Suite Rm TBA
Lunch Keynote: State and Local Perspectives on Election Security - VMHV - Caesars Pool Level - Forum 14-16
Macabre stories of a hacker in the public health sector (Chile) - SKY - Flamingo 3rd Flr - Virginia City Rm
Machine Learning as a Service in Your Pocket - AIV - Caesars Promenade Level - Florentine BR 3
Machine Learning for Network Security Hands-on Workshop: DIYML - AIV - Caesars Promenade Level - Florentine BR 3
Machine Learning Model Hardening For Fun and Profit - AIV - Caesars Promenade Level - Florentine BR 3
Mallet, An Intercepting Proxy for Arbitrary Protocols - PHW - Caesars Promenade Level - Neopolitan BR
Mallet: A Proxy for Arbitrary Traffic - PHV - Caesars Promenade Level - Neopolitan BR
Malware Panel - AIV - Caesars Promenade Level - Florentine BR 3
Man-In-The-Disk - DC - Track 1 - Caesars Emperor's Level - Palace BR
Mapping Social Media with Facial Recognition - RCV - Caesars Promenade Level - Florentine BR 1,2
Mapping Wi-Fi Networks and Triggering on Interesting Traffic Patterns - PHV - Caesars Promenade Level - Neopolitan BR
Mapping wifi networks and triggering on interesting traffic patterns - RCV - Caesars Promenade Level - Florentine BR 1,2
Master Baiting! Dont Click Bait, Click Yourself - SKY - Flamingo 3rd Flr - Virginia City Rm
Micro-Renovator: Bringing Processor Firmware up to Code - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Microcontrollers and Single Board Computers for Hacking, Fun and Profit - PHV - Caesars Promenade Level - Neopolitan BR
Moderator Justin Ehrenhofer's Greatest Questions - BCOS - Caesars Promenade Level - Pompeian BR 1
Monero Project's Vulnerability Response Process - BCOS - Caesars Promenade Level - Pompeian BR 1
Monero's Differentiated Community - BCOS - Caesars Promenade Level - Pompeian BR 1
Monero's Emerging Applications - BCOS - Caesars Promenade Level - Pompeian BR 1
Mother Natures Development Lifecycles… OR Why the T-Rex didn’t get extenders. - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
Movie Night - Night Life - Caesars - Track 2 - Promenade South - Octavius BR 12-24
Movie Night - Night Life - Caesars - Track 2 - Promenade South - Octavius BR 12-24
Mr. Sinatra Will Hack You Now - SEV - Caesars Promenade South - Octavius BR 3-8
My Stripper Name is Bubbles - SEV - Caesars Promenade South - Octavius BR 3-8
n00b Party - Night Life - Flamingo - 3rd floor - Track 101 Sunset BR
Nations and Nationalism and Cyber Security - Navigating Difficult Relationships in the Private Infosec Space - EHV - Caesars Promenade Level - Modena Rm
Nature’s source code is vulnerable and cannot be patched - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
NEST: Securing the Home - IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms
NFC Payments: The Art of Relay & Replay Attacks - HHV - Caesars Pool Level - Forum 17-21
No Firewall Can Save You At The Intersection Of Genetics and Privacy - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
No Way JOSE! Designing Cryptography Features for Mere Mortals - CPV - Caesars Promenade Level - Milano BR 1,2
Normalizing Empire's Traffic to Evade Anomaly-Based IDS - PHV - Caesars Promenade Level - Neopolitan BR
NSA Talks Cybersecurity - DC - Track 1 - Caesars Emperor's Level - Palace BR
nzyme - DL - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1
Oh Noes!—A Role Playing Incident Response Game - DC - Roman Chillout
On the Hunt: Hacking the Hunt - SEV - Caesars Promenade South - Octavius BR 3-8
One bite and all your dreams will come true: Analyzing and Attacking Apple Kernel Drivers - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
One Step Ahead of Cheaters -- Instrumenting Android Emulators - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
One-Click to OWA - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
One-liners to Rule Them All - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Open Source Endpoint Monitoring - BTV - Flamingo 3rd Flr- Savoy Rm
Open Source Hardware and the Monero Project - BCOS - Caesars Promenade Level - Pompeian BR 1
Opening Note - RCV - Caesars Promenade Level - Florentine BR 1,2
Opening Remarks - AIV - Caesars Promenade Level - Florentine BR 3
OpenPiMap - Hacking the hackers with OSINT, Raspberry Pis, and Data Analysis - RCV - Caesars Promenade Level - Florentine BR 1,2
Opportunistic Onion: More Protection Some of the Time - CPV - Caesars Promenade Level - Milano BR 1,2
Orthrus - DL - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1
OSINT IS FOR SOCCER MOMS - SKY - Flamingo 3rd Flr - Virginia City Rm
Outsmarting the Smart City - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
Owning Gluster FS with GEVAUDAN - DDV - Caesars Promenade Level - Capri Rm
PA Toolkit—Wireshark plugins for Pentesters - DL - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1
Packet Mining for Privacy Leakage - WS - Linq 4th Flr - Icon F
PacketWhisper: Stealthily Exfiltrating Data and Defeating Attribution Using DNS and Text-Based Steganography - PHV - Caesars Promenade Level - Neopolitan BR
Panel Discussion: The Internet of Bodies - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
Panel on digital & Physical Security in Cannabis - PPV - Flamingo Lower Level - Valley Of Fire Rms
Panel Q&A – IoT Manufacturers: Answers on Security Straight from the Source - IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms
PANEL: DEF CON GROUPS - DC - Track 1 - Caesars Emperor's Level - Palace BR
Party Music - Acid-T - Night Life - Caesars Emperor's Level - Track 1 Palace BR
Party Music - Circuit Static - Night Life - Caesars Emperor's Level - Track 1 Palace BR
Party Music - DJ v.27 - Night Life - Caesars Emperor's Level - Track 1 Palace BR
Party Music - Dualcore - Night Life - Caesars Emperor's Level - Track 1 Palace BR
Party Music - Icetre Normal - Night Life - Caesars Emperor's Level - Track 1 Palace BR
Party Music - JG & The Robots - Night Life - Caesars Emperor's Level - Track 1 Palace BR
Party Music - Juno Reactor - Night Life - Caesars Emperor's Level - Track 1 Palace BR
Party Music - MC Frontalot - Night Life - Caesars Emperor's Level - Track 1 Palace BR
Party Music - Miss Jackalope - Night Life - Caesars Emperor's Level - Track 1 Palace BR
Party Music - OS System - Night Life - Caesars Emperor's Level - Track 1 Palace BR
Party Music - s7a73farm - Night Life - Caesars Emperor's Level - Track 1 Palace BR
Party Music - Scotch & Bubbles - Night Life - Caesars Emperor's Level - Track 1 Palace BR
Party Music - Skittish & Bus - Night Life - Caesars Emperor's Level - Track 1 Palace BR
Party Music - TBD - Night Life - Caesars Emperor's Level - Track 1 Palace BR
Party Music - Tineh Nimjeh - Night Life - Caesars Emperor's Level - Track 1 Palace BR
Party Music - YT Cracker - Night Life - Caesars Emperor's Level - Track 1 Palace BR
Party Music - YurkMeister - Night Life - Caesars Emperor's Level - Track 1 Palace BR
Party Music - Zebbler Encanti - Night Life - Caesars Emperor's Level - Track 1 Palace BR
Passionfruit - DL - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1
Patching the CFAA: The New CIAA and “Ethical” Conduct in Security Research - EHV - Caesars Promenade Level - Modena Rm
PCILeech - DL - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1
Penetration Testing Environments: Client & Test Security - WS - Linq 4th Flr - Icon E
penetration testing sex toys: "I've seen things you people wouldn't believe" - SKY - Flamingo 3rd Flr - Virginia City Rm
Pentesting ICS 101 - WS - Linq 4th Flr - Icon B
Playback: a TLS 1.3 story - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Playing Malware Injection with Exploit thoughts - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Playing with RFID - WS - Linq 4th Flr - Icon E
Please do not Duplicate: Attacking the Knox Box and Other Keyed Alike Systems - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Politics and the Surveillance State. The story of a young politician's successful efforts to fight surveillance and pass the nation's strongest privacy bills. - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Practical & Improved Wifi MitM with Mana - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Practical attack simulations in Critical National Infrastructure (CNI): Oh the perils, or oh the fun? - SKY - Flamingo 3rd Flr - Virginia City Rm
Prebellico - 100% Passive Pre-Engagement and Post Compromise Network Reconnaissance Tool - RCV - Caesars Promenade Level - Florentine BR 1,2
Primer On Dealing w/ Local Gov. for Legal Cannabis - PPV - Flamingo Lower Level - Valley Of Fire Rms
Privacy and Blockchain: A Boundary Object Perspective - BCOS - Caesars Promenade Level - Pompeian BR 1
Privacy infrastructure, challenges and opportunities - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Privacy Is Equality—And It's Far from Dead - DC - Octavius 13
Prize winners, awards, and announcements - BCOS - Caesars Promenade Level - Pompeian BR 1
Project Interceptor: avoiding counter-drone systems with nanodrones - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
Promether, 1st Party of Defcon - Night Life - Caesars Palace, Queercon Lounge Suite, Rm TBA
Protecting Crypto Exchanges From a New Wave of Man-in-the-Browser Attacks - PHV - Caesars Promenade Level - Neopolitan BR
Prototyping Cryptographic Protocols With Charm - CPV - Caesars Promenade Level - Milano BR 1,2
PWN to OWN my own Heart. Journey into hacking my own pacemake - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
Pwning "the toughest target": the exploit chain of winning the largest bug bounty in the history of ASR program - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
Queercon Mixer - Meetup - Caesars Palace, Queercon Lounge Suite, Rm TBA
Queercon Rainbow Ball - Night Life - Caesars Palace, Queercon Lounge Suite, Rm TBA
Quiet Party - Meetup - Caesars Palace Forum Tower Duplex Suite, Diana Initiative Suite Rm TBA
Real Simple Blue Team Shit - SKY - Flamingo 3rd Flr - Virginia City Rm
Reaping and breaking keys at scale: when crypto meets big data - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Relocation Bonus: Attacking the Windows Loader Makes Analysts Switch Careers - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Remote Sensing, Distributed Computing, BigData and 3D Epidemiology: Today’s Public Health Opportunity - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
Responsible Disclosure Panel - EHV - Caesars Promenade Level - Modena Rm
Rethinking Role-Based Security Education - PHV - Caesars Promenade Level - Neopolitan BR
Reverse Engineering Malware 101 - PHW - Caesars Promenade Level - Neopolitan BR
Reverse Engineering Physical Processes in Industrial Control Systems - ICS - Flamingo Lower Level - Red Rock Rm 6-8
Reverse Engineering Windows Defender's Emulator - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Reverse Engineering, hacking documentary series - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Revolting Radios - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Revolutionizing Authentication with Oblivious Cryptography - CPV - Caesars Promenade Level - Milano BR 1,2
RFNoC: Accelerating the Spectrum with the FPGA - WLV - Caesars Promenade Level - Milano BR 5,6
Ridealong Adventures: Critical Issues with Police Body Cameras - PHV - Caesars Promenade Level - Neopolitan BR
Ridealong Adventures—Critical Issues with Police Body Cameras - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Ring 0/-2 Rootkits: bypassing defenses - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
Robots and AI: What scares the experts? - SKY - Flamingo 3rd Flr - Virginia City Rm
Rock appround the clock: Tracking malware developers by Android "AAPT" timezone disclosure bug - DC - Track 1 - Caesars Emperor's Level - Palace BR
SAEDAY: Subversion and Espionage Directed Against You - BTV - Flamingo 3rd Flr- Savoy Rm
Scaling and Economic Implications of the Adaptive Blocksize in Monero - BCOS - Caesars Promenade Level - Pompeian BR 1
SDR Basics Class - WLV - Caesars Promenade Level - Milano BR 5,6
Searching for the Light: Adventures with OpticSpy - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
SecKC the World - Night Life - Flamingo - 3rd Floor - Mesquite Rm
Securing Big Data in Hadoop - WS - Linq 4th Flr - Icon F
Securing Critical Infrastructure through Side-Channel Monitoring - ICS - Flamingo Lower Level - Red Rock Rm 6-8
Securing our Nation's Election Infrastructure - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Selfie or Mugshot? - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
Serious Intro to Python for Admins - PHW - Caesars Promenade Level - Neopolitan BR
Sex Work After SESTA - SKY - Flamingo 3rd Flr - Virginia City Rm
Sex Work After SESTA/FOSTA - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Sh00t—An open platform for manual security testers & bug hunters - DL - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1
SirenJack: Cracking a 'Secure' Emergency Waring Siren System - WLV - Caesars Promenade Level - Milano BR 5,6
Skiptracer - ghetto OSINT for broke hackers - RCV - Caesars Promenade Level - Florentine BR 1,2
skytalks (303) FRIDAY PARTY - Read the Details - SKY - Flamingo 3rd Flr - Virginia City Rm
skytalks (303) PARTY - FLAMINGO POOL PARTY Open to All - SKY - Flamingo 3rd Flr - Virginia City Rm
Sluts, Bullies, and Best Selves: Rethinking Digital Privacy Education - CPV - Caesars Promenade Level - Milano BR 1,2
SMBetray—Backdooring and breaking signatures - DC - Track 1 - Caesars Emperor's Level - Palace BR
Social Engineering Course Projects for Undergraduate Students - SEV - Caesars Promenade South - Octavius BR 3-8
Social Engineering from a CISO's Perspective - SEV - Caesars Promenade South - Octavius BR 3-8
Some Mining Related Attacks - BCOS - Caesars Promenade Level - Pompeian BR 1
Spell Check: The Hacker Spelling Bee - Contest - Contest Stage
Stalker In A Haystack - RCV - Caesars Promenade Level - Florentine BR 1,2
Stalker In A Haystack - SKY - Flamingo 3rd Flr - Virginia City Rm
Stealing Crypto 2 Factor Isn't a Factor - BCOS - Caesars Promenade Level - Pompeian BR 1
Stop and Step Away from the Data: Rapid Anomaly Detection via Ransom Note File Classification - AIV - Caesars Promenade Level - Florentine BR 3
Stop, Drop, and Assess your SOC - BTV - Flamingo 3rd Flr- Savoy Rm
Story Time - Biggest ITSec fuck-ups I've seen over the past 25 years. - SKY - Flamingo 3rd Flr - Virginia City Rm
StuxNNet: Practical Live Memory Attacks on Machine Learning Systems - AIV - Caesars Promenade Level - Florentine BR 3
Supercharge Your Web Recon With Commonspeak and Evolutionary Wordlists - RCV - Caesars Promenade Level - Florentine BR 1,2
Swarm Intelligence and Augmented Reality Gaming - SEV - Caesars Promenade South - Octavius BR 3-8
Swiss Cheese Holes in the Foundation of Modern Security - CERT VU#919801 - PHV - Caesars Promenade Level - Neopolitan BR
Swissduino—Stealthy USB HID Networking & Attack - DL - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1
Synfuzz: Building a Grammar Based Re-targetable Test Generation Framework - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
Take two of these and syscall execve() in the morning: A retrospective and primer on medical device security research - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
Target-Based Security Model - PHV - Caesars Promenade Level - Neopolitan BR
Targeted User Analytics and Human Honeypotss - RCV - Caesars Promenade Level - Florentine BR 1,2
Technology Enabled Prosthetic Environments - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
THC Producing, Genetically Modified Yeast - PPV - Flamingo Lower Level - Valley Of Fire Rms
The Abyss is Waving Back - SKY - Flamingo 3rd Flr - Virginia City Rm
The Abyss is Waving Back… - SEV - Caesars Promenade South - Octavius BR 3-8
The Art of Business Warfare - SEV - Caesars Promenade South - Octavius BR 3-8
The Beginner’s Guide to the Musical Scales of Cyberwar - DDV - Caesars Promenade Level - Capri Rm
The Cactus: 6502 Blinkenlights 40 Years Late - HHV - Caesars Pool Level - Forum 17-21
The Cantankerous Cannabis Cryptocurrency Kerfuffle - PPV - Flamingo Lower Level - Valley Of Fire Rms
The challenge of building an secure and safe digital environment in the healthcare - SKY - Flamingo 3rd Flr - Virginia City Rm
The current state of adversarial machine learning - AIV - Caesars Promenade Level - Florentine BR 3
The Good, the Bad, and the Private: Building and Breaking Safe Cryptocurrencies - BCOS - Caesars Promenade Level - Pompeian BR 1
The great power of AI: Algorithmic mirrors of society - AIV - Caesars Promenade Level - Florentine BR 3
The Invisible Hands Tending the Secret Greens - PPV - Flamingo Lower Level - Valley Of Fire Rms
The L0pht Testimony, 20 Years Later (and Other Things You Were Afraid to Ask) - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
The Least Common Denominator Strategy (AKA Don't make DevOps too easy) - SKY - Flamingo 3rd Flr - Virginia City Rm
The Memory Remains - Cold drive memory forensics 101 - DDV - Caesars Promenade Level - Capri Rm
The Mouse is Mightier than the Sword - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
The Ongoing Federal Lawsuit Against Jeff Sessions - PPV - Flamingo Lower Level - Valley Of Fire Rms
The Real History of Marijuana Prohibition - PPV - Flamingo Lower Level - Valley Of Fire Rms
The ring 0 façade: awakening the processor's inner demons - DC - Track 1 - Caesars Emperor's Level - Palace BR
The Road to Resilience: How Real Hacking Redeems this Damnable Profession - DC - Track 1 - Caesars Emperor's Level - Palace BR
The Sound of a Targeted Attack: Attacking IoT Speakers - IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms
The Truth is in the Network: Reverse Engineering Application-Layer Protocols Via PCAP - WS - Linq 4th Flr - Icon F
ThinSIM-based Attacks on Mobile Money Systems - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
Threat Hunting with ELK - WS - Linq 4th Flr - Icon C
Through the Eyes of the Attacker: Designing Embedded Systems Exploits for Industrial Control Systems - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
Tineola: Taking a Bite Out of Enterprise Blockchain - DC - Track 1 - Caesars Emperor's Level - Palace BR
TOR for The IOT aka TORT Reform - ICS - Flamingo Lower Level - Red Rock Rm 6-8
Torrent More Pharmaceutical Drugs. File Sharing Still Saves Lives. - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
Towards a framework to quantitatively assess AI safety – challenges, open questions and opportunities. - AIV - Caesars Promenade Level - Florentine BR 3
Toxic BBQ - Meetup - (off Site)Sunset Park, Pavilion F, (36.0636, -115.1178)
trackerjacker - DL - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1
Trouble in the tubes: How internet routing security breaks down and how you can do it at home - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
Trustworthy Elections - VMHV - Caesars Pool Level - Forum 14-16
Turning Deception Outside-In: Tricking Attackers with OSINT - PHV - Caesars Promenade Level - Neopolitan BR
Two-Steps to Owning MFA - CPV - Caesars Promenade Level - Milano BR 1,2
UEFI exploitation for the masses - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
Using AI to Create Music - AIV - Caesars Promenade Level - Florentine BR 3
Using Deep Learning to uncover darkweb malicious actors and their close circle - RCV - Caesars Promenade Level - Florentine BR 1,2
Vet Con - Night Life - Flamingo - Lower Level - Red Rock RM 6
Village summary - BCOS - Caesars Promenade Level - Pompeian BR 1
Vulnerabilities in Cannabis Software - PPV - Flamingo Lower Level - Valley Of Fire Rms
Vulnerable Out of the Box: An Evaluation of Android Carrier Devices - DC - Track 1 - Caesars Emperor's Level - Palace BR
WAGGING THE TAIL—COVERT PASSIVE SURVEILLANCE AND HOW TO MAKE THEIR LIFE DIFFICULT - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
Walrus - DL - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1
Wardrivers Anonymous - WLV - Caesars Promenade Level - Milano BR 5,6
WaterBot - Hackable Scientific Plant Bot - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
We Don't Need No Stinkin Badges - BCOS - Caesars Promenade Level - Pompeian BR 1
We Program Our Stinkin Badges! - BCOS - Caesars Promenade Level - Pompeian BR 1
Weaponizing Unicode: Homographs Beyond IDNs - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
Weapons Training for the Empire - WS - Linq 4th Flr - Icon B
Weed Hacking: A Pragmatic Primer For Home Grows - PPV - Flamingo Lower Level - Valley Of Fire Rms
WELCOME TO BHV! - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
WELCOME TO DAY 2 of BHV! - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
Welcome To DEF CON & Badge Maker Talk - DC - Track 1 - Caesars Emperor's Level - Palace BR
Welcome to the BCOS Monero Village - BCOS - Caesars Promenade Level - Pompeian BR 1
WELCOME TO THE LAST DAY OF BHV! - BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms
WEP and WPA Cracking 101 - WLV - Caesars Promenade Level - Milano BR 5,6
What Do You Want to be When You Grow Up? - PHV - Caesars Promenade Level - Neopolitan BR
What happened behind the closed doors at MS - SKY - Flamingo 3rd Flr - Virginia City Rm
What the Fax!? - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
When Incident Response Meets Reality - SKY - Flamingo 3rd Flr - Virginia City Rm
Where's My Browser? Learn Hacking iOS and Android WebViews - WS - Linq 4th Flr - Icon C
WHID Injector: Hot To Bring HID Attacks to the Next Level - DL - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1
WhiteRabbit: Combining Threat Intelligence Public Blockchain Data and Machine Learning to go Down the “Dirty Money” Rabbit Hole - RCV - Caesars Promenade Level - Florentine BR 1,2
Who Controls the Controllers—Hacking Crestron IoT Automation Systems - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Whose Slide is it Anyway? - Contest - Contest Stage
WiFi Beacons will give you up - HHV - Caesars Pool Level - Forum 17-21
Winning a SANS 504 CTF without winning a SANS CTF - RCV - Caesars Promenade Level - Florentine BR 1,2
WiPi-Hunter—It Strikes against Illegal Wireless Network Activities (Detect and active response) - DL - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1
Women, Wisdom, & Wine @ DEF CON 26 by IOActive - Meetup - Caesars - Palace Suites
Worms that fight back: Nematodes as an antidote for IoT malware - IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms
wpa-sec: The Largest Online WPA Handshake Database - PHV - Caesars Promenade Level - Neopolitan BR
You can run, but you can't hide. Reverse engineering using X-Ray. - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
You may have paid more than you imagine—Replay Attacks on Ethereum Smart Contracts - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
You'd better secure your BLE devices or we'll kick your butts ! - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
You're just complaining because you're guilty: A DEF CON Guide to Adversarial Testing of Software Used In the Criminal Justice System - DC - Track 2 - Caesars Promenade South - Octavius BR 12-24
Your Bank's Digital Side Door - DC - Track 101 - Flamingo 3rd Flr - Sunset BR
Your Peripheral Has Planted Malware—An Exploit of NXP SOCs Vulnerability - DC - Track 1 - Caesars Emperor's Level - Palace BR
Your Smart Scale is Leaking More than Your Weight - IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms
Your Voice is My Passport - DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25
Your Watch Can Watch You! Gear Up for the Broken Privilege Pitfalls in the Samsung Gear Smartwatch - DC - Track 1 - Caesars Emperor's Level - Palace BR

Talk/Event Descriptions


 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon B - Friday - 10:00-13:59


Reverse Engineering with OpenSCAD and 3D Printing

Friday, 1000-1400 in Icon B

Nick Tait

The main focus of this class is a software tool and programming language OpenSCAD. Through a specific example we will learn to reproduce physical objects. We'll cover the entire workflow from measurement, sketching, modeling, and manufacturing. Additional hints for optimizing your design for 3D printing will enable rapid product iteration. All modeling in OpenSCAD is through writing commands which brings many powerful properties of software such as parameterization, version control, and reusable components to CAD modeling. Ultimately with the combination of these skills you'll be equipped to repair and improve your stuff.

Prerequisites: No previous programming experience required, but it will help you get more out of this workshop.

Materials: A laptop with an up to date:
* Operating system (Linux/OS X/Win)
* OpenSCAD (free and open source) http://www.openscad.org/
* Cura (free and open source) https://ultimaker.com/en/products/ultimaker-cura-software

Max students: 30

Registration: -CLASS FULL- https://www.eventbrite.com/e/digital-manufacturing-using-reverse-engineering-open-source-3d-printers-and-software-icon-b-tickets-47194008550
(Opens July 8, 2018 at 15:00 PDT)

Nick Tait
nickthetait (government name Nicholas Tait) is a software engineer and fixer of things currently living in Fort Collins, Colorado. His most recent job focused on producing numbers to coax 3D printers to do the user's bidding. Before that he helped route packages for a multinational corporation that rhymes with annex.

Lately he's been in training for his next job - attending any cyber security event physically (and sometimes digitally) possible, contributing to a bunch of open source projects, learning to pick locks and talking about encryption to anyone that will listen. Rock climbing and mountain biking are long time passions that keep the blood pumping and ideas flowing.


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Friday - 14:00-15:00


Title:
"Probably": an Irreverent Overview of the GDPR

2:00pm

"Probably": an Irreverent Overview of the GDPR
When
Fri, August 10, 2pm 3pm
Description
Speaker
------
Brendan OConnor

Abstract
--------
If you work in privacy, technology, marketing, or the law, or if you have an email account, you've heard of the GDPR. But what is it really? Why is your in-house lawyer grumpy all the time? Why is your marketing team walking around with stickers that say "legitimate business use of data" and trying to slap them on random objects to see if they stick? Why, legally, can't you remember anyone's names anymore? This presentation will attempt to take a look at the GDPR from the perspective of a confused outsider who can't quite believe what's going on (as opposed to a burned-out practitioner), without getting too worked up about it. We'll cover why the GDPR exists, what it does, why some people are freaked out about it, why to be concerned and/or unconcerned, and whether kittens or puppies make the better reference animal for GDPR compliance memes. Relax! It's all going to be fine! Probably.


Bio
-----------------
Described by coworkers as not the lawyer we need, but the lawyer we deserve (and he's pretty sure that wasn't meant as a compliment), Brendan OConnor is a security researcher, consultant, and attorney based in Seattle. His day job is building security programs, but at night, he transforms into a person who spends too much time arguing with people who are wrong on the Internet. If caught, his companies will deny all knowledge of this presentation.

Twitter handle of presenter(s)
------------------------------
USSJoin

Website of presenter(s) or content
----------------------------------
https://ussjoin.com

Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Friday - 10:30-11:00


Title:
"Won't Somebody Think of the Children?" Examining COPPA Compliance at Scale

10:30am

"Won't Somebody Think of the Children?" Examining COPPA Compliance at Scale
When
Fri, August 10, 10:30am 11:00am
Description

Speakers
-------
Irwin Reyes
Amit Elazari Bar On

Abstract
--------
We present a scalable dynamic analysis framework that allows for the automatic evaluation of the privacy behaviors of Android apps. We use our system to analyze mobile apps' compliance with the Children's Online Privacy Protection Act (COPPA), one of the few stringent privacy laws in the U.S. Based on our automated analysis of 5,855 of the most popular free children's apps, we found that a majority are potentially in violation of COPPA, mainly due to their use of third-party SDKs. While many of these SDKs offer configuration options to respect COPPA by disabling tracking and behavioral advertising, our data suggest that a majority of apps either do not make use of these options or incorrectly propagate them across mediation SDKs. Worse, we observed that 19% of children's apps collect identifiers or other personally identifiable information (PII) via SDKs whose terms of service outright prohibit their use in child-directed apps. Finally, we show that efforts by Google to limit tracking through the use of a resettable advertising ID have had little success: of the 3,454 apps that share the resettable ID with advertisers, 66% transmit other, non-resettable, persistent identifiers as well, negating any intended privacy-preserving properties of the advertising ID.

Bio
-----------------
Irwin is a researcher in the Usable Security and Privacy Group at the International Computer Science Institute (ICSI) affiliated with the University of California at Berkeley. He earned Bachelor's and Master's degrees from the University of Virginia in 2009 and 2011, respectively. Irwin has held positions developing ballistic missile defense systems at the Johns Hopkins University Applied Physics Laboratory and applying usable security concepts to commercial products at Dell. His research interests include measuring the privacy risks of everyday consumer products, user perceptions of security issues, and the online advertising ecosystem.

Amit is a doctoral law candidate at UC Berkeley School of Law and a Berkeley Center for Long-Term Cybersecurity Grantee. Her work has been published in leading technology law journals, presented in conferences such as RSA, USENIX Enigma, BsidesLV, BsidesSF, DEF CON-Skytalks and Black Hat, and featured in leading news sites such as the Wall Street Journal, Washington Post, The Guardian and the Verge. Additionally, Amit teaches at UC Berkeleys School of Information Master of Information and Cybersecurity (MICS) program and serves as the submissions editor of BTLJ, the worlds leading Tech Law Journal. On 2018, Amit was granted a CLTC grant for her work on private ordering regulating information security

Twitter handle of presenter(s)
------------------------------
irwinreyescom

Website of presenter(s) or content
----------------------------------
https://appcensus.mobi

Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Saturday - 18:00-18:30


Title:
(Not Recorded) Ask Me Anything about Tor: AMA with Roger Dingledine

6:00pm

(Not Recorded) Ask Me Anything about Tor: AMA with Roger Dingledine
When
Sat, August 11, 6:00pm 6:30pm
Description
Speaker
------
Roger Dingledine

Abstract
--------
Roger Dingledine, president and co-founder of the Tor Project, a nonprofit that develops free and open source software to protect people from tracking, censorship, and surveillance online, will give an overview of several aspects of Tor, including new developments since he last spoke at DEF CON. The majority of the session will be devoted to questions from the audience, AMA style.

Bio
-----------------
Roger Dingledine is president and co-founder of the Tor Project, a nonprofit that develops free and open source software to protect people from tracking, censorship, and surveillance online. Wearing one hat, Roger works with journalists and activists on nearly every continent to help them understand and defend against the threats they face. Wearing another hat, he is a lead researcher in the online anonymity field, coordinating and mentoring academic researchers working on Tor-related topics, and, since 2002, has helped to organize the yearly international Privacy Enhancing Technologies Symposium (PETS). Among his achievements, Roger was chosen by the MIT Technology Review as one of its top 35 innovators under 35, he co-authored the Tor design paper that won the Usenix Security "Test of Time" award, and he has been recognized by Foreign Policy magazine as one of its top 100 global thinkers.

Twitter handle of presenter(s)
------------------------------
@RogerDingledine, @TorProject

Website of presenter(s) or content
----------------------------------
torproject.org

Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Saturday - 14:30-15:20


(Responsible?) Offensive Machine Learning

No description available


Return to Index    -    Add to    -    ics Calendar file

 

Meetup - Caesars - Cafe Americano - Thursday - 17:00-18:59


Title:
[Networking/Social] Blackhat/DefCon Meet-up at Cafe Americano

BlackHat/DEFCON Annual Meet-up - August 9th

Join Women's Society of Cyberjutsu at Cafe Americano inside Caesars Palace for our Annual Blackhat/DefCon Meet-up.

Meet like minded security professionals from around the world for free appetizers and drinks

Thank you to our event sponsors and partners:

More Info: https://womenscyberjutsu.org/events/EventDetails.aspx?id=1121627&group=
Contact: events@womenscyberjutsu.org

Return to Index    -    Add to    -    ics Calendar file

 

Meetup - Stage Door 4000 Linq Ln., Las Vegas (Right across the street from Caesars Palace) - Friday - 18:00-20:30


Title:
/R/defcon redit Meetup

Do you participate in the DEF CON subreddit? This Meetup is for you! A gathering of the denizens of /r/DEF CON while at DEF CON to mingle and meet face to face. Newcomers and veterans alike are welcome to meet and greet while sharing the DEF CON experience.
More Info: DEF CON 26 Meetup for /r/defcon

Return to Index    -    Add to    -    ics Calendar file

 

Meetup - Flamingo - 3rd Floor - Chillout Rm - Friday - 20:30-23:59


Title:
/R/defcon redit Meetup

Do you participate in the DEF CON subreddit? This Meetup is for you! A gathering of the denizens of /r/DEF CON while at DEF CON to mingle and meet face to face. Newcomers and veterans alike are welcome to meet and greet while sharing the DEF CON experience.
More Info: DEF CON 26 Meetup for /r/defcon

Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 10:00-11:50


#WiFiCactus

Saturday 08/11/18 from 1000-1150 at Table One
Offense, defense, hardware

Mike Spicer

The newly upgraded #WiFiCactus for DEF CON 26 is a passive wireless monitoring backpack that listens to 60 channels of 2.4 and 5 gHz WiFi at the same time. New this year is the ability to capture 802.11AC traffic and upgrades to remove bandwidth bottlenecks. This tool uses Kismet to capture the data from the each radio and aggregates them into a single searchable web interface. This tool is also capable of identifying wireless threats, troubleshooting complex wireless environments and helping with correlation analysis between Bluetooth and WiFi.

http://palshack.org/the-hashtag-wifi-cactus-wificactus-def-con-25/

Mike Spicer
d4rkm4tter is a mad scientist who likes to hack hardware and software. He is particularly obsessed with wireless. He has a degree in computer science which he has put to use building and breaking a wide variety of systems.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Saturday - 14:45-15:05


1983: I’m born. 2018: I’m taking on the bad guys - Jennifer Roderick

“I’m not a programmer. I’m not a hacker‚Ķin the traditional sense. But yet I was born in 1983, so surely that makes me a perfect fit for the DEF CON theme this year. Not enough? Ok, well how about the fact that I’m currently using open source tools, techniques and methodologies to combat modern slavery, wildlife trafficking, terrorism and just about every serious organized crime the world is currently battling from a desk in the middle of the London financial district. Interested in hearing from a different viewpoint and perspective, then this is your talk. While you might not walk away with a new tool for your toolbox, you will gain an understanding into how the smallest contribution can end up the most profound and how combining open source resources can take on much bigger problems that you’ve maybe never considered.

During my talk, I will cover a few examples of recent Open Source investigations conducted by myself, including details regarding the methodologies and tools which were used. We actively follow the person not the digital fingerprint to begin to understand and put a face to some of the most prevalent and serious organized crimes facing the world today.

When I was in the forces I knew what I was facing and had to deal with, as Head of Research at a FinTech company I never expected that transferring my skills would end up uncovering individuals within the financial industry who I’ve had to report for terrorist activity, human trafficking, wildlife trafficking, drug smuggling, violent crime, fraud (international and domestic), revenge porn, and stalking.

And while I’m not here to save the world, I think we can all do a little bit to contribute to a counter-future in which the good guys are empowered by technology and the bad guys have nowhere to hide.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Friday - 14:00-14:45


4G—Who is paying your cellular phone bill?

Friday at 14:00 in Track 2
45 minutes | Demo, Exploit

Dr. Silke Holtmanns Distinguished Member of Technical Staff, Security Expert, Nokia Bell Labs

Isha Singh Master student, Aalto University in Helsinki (Finland

Cellular networks are connected with each other through a worldwide private, but not unaccessible network, called IPX network. Through this network user related information is exchanged for roaming purposes or for cross-network communication. This private network has been breached by criminals and nation states. Cellular networks are extremely complex and many attacks have been already been found e.g. DoS, location tracking, SMS interception, data interception. Many attacks have been seen in practice, but not all attack are understood and not all attack avenues using the IPX network have been explored. This presentation shows how a S9 interface in 4G networks, which is used for charging related user information exchange between operators can be exploited to perform fraud attacks. A demonstration with technical details will be given and guidance on practical countermeasures.

Dr. Silke Holtmanns
Silke is a security expert at Nokia Bell Labs (Research branch of Nokia). She holds a PhD in Mathematics and has 18 years of experience in mobile security research and standardization. In her current research she investigates new and existing mobile network security attacks using SS7, Diameter and GTP protocols via the interconnection network and how to counter those attacks in 4G/5G networks. She found many 4G related IPX attacks and countermeasures e.g. Location Tracking (NATO CyCon), DoS (Black Hat EU 2016), cellular data interception (34C3 Chaos Computer Congress). She drives in the operator association GSMA the security of cellular network and being responsible there for the Diameter Signaling Security Specification. She served as a special matter expert on cellular security to the US Federal Communication Commission and to the European Union Agency for Network and Information Security. She is rapporteur of ten 3GPP security specifications and has a long track record of security publications.

Currently, she is actively supporting the 5G Roaming security developments. For her the interesting part is fixing problems in world wide network without breaking it, not finding an issue.

@SHoltmanns

Isha Singh
Isha is a master student at Aalto University in Helsinki (Finland) and doing her Thesis research work at Nokia Bell Labs under supervision of Professor Raimo Kantola. She is completing her Master's in Wireless Communication as major subject and Machine Learning as minor. Her research covers smart city environmental perception from ambient cellular signals and 5G Ubiquitous sensing. She is passionate about IoT devices and their security in 5G scenario. She has experiences on embedded devices (Arduino, Raspberry Pi) for multiple projects like Analog to Digital converter used in optical communication. Presently she is exploring Cybersecurity, starting from the mobile communication core network security. Testing for vulnerabilities and loopholes and providing solutions using Machine Learning.


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Forum Tower Duplex Hangover Suite - Friday - 20:00-23:59


Title:
503 Party 2018

It's 2018, and it's time again for another 503 Party!

This year we'll be re-introducing the music, but keeping the drink focus on local microbrews. We've got the Hangover suite in Caesars Palace for the entire weekend, Thursday through Sunday, so we're going to be running the 503 Suite again this year like we did in 2016, which means we may have some random events during the day throughout the weekend. This also means we need to raise a bit more money, so I've set the goal this year to 15k. The room is already paid for, so it's happening even if the goal isn't reached. Top donors (100ish dollars?) will get fun prizes and early admission to the Friday night party. All funds raised will of course be going to the party/suite. Further details will be posted on https://503.party .
More Info: 503.party
More Info: gofundme

Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Saturday - 16:00-16:45


80 to 0 in under 5 seconds: Falsifying a medical patient's vitals

Saturday at 16:00 in Track 1
45 minutes | Demo

Douglas McKee Senior Security Researcher for the McAfee Advanced Threat Research team

It seems each day that passes brings new technology and an increasing dependence upon it. The medical field is no exception; medical professionals rely upon technology to provide them with accurate information and base life-changing decisions on this data.

In recent years there has been more attention paid to the security of medical devices; however, there has been little research done on the unique protocols used by these devices. In large, health care systems medical personnel take advantage of to make decisions on patient treatment and other critical care, use central monitoring stations. This information is gathered from many devices on the network using uncommon networking protocols. What if this information wasn't accurate when a doctor prescribed medication? What if a patient was thought to be peacefully resting, when in fact they are under cardiac arrest?

McAfee's Advanced Threat Research team has discovered a weakness in the RWHAT protocol, one of the networking protocols used by medical devices to monitor a patient's condition. This protocol is utilized in some of the most critical systems used in hospitals. This weakness allows the data to be modified by an attacker in real-time to provide false information to medical personnel. Lack of authentication also allows rogue devices to be placed onto the network and mimic patient monitors.

This presentation will include a technical dissection of the security issues inherent in this relatively unknown protocol. It will describe real-world attack scenarios and demonstrate the ability to modify the communications in-transit to directly influence the receiving devices. We will also explore the general lack of security mitigations in the medical devices field, the risks they pose, and techniques to address them. The talk will conclude with a demonstration using actual medical device hardware and a live modification of a patient's critical data.

Douglas McKee
Douglas McKee is a Senior Security Researcher for the McAfee Advanced Threat Research team, focused on finding new vulnerabilities in both software and hardware. Douglas has an extensive background in penetration testing, reverse engineering, malware analysis and forensics and throughout his career has provided software exploitation training to many audiences, including law enforcement.


Return to Index    -    Add to    -    ics Calendar file

 

Meetup - Local Bikeshop - Friday - 06:00-06:59


Title:
8th Defcon Bike Ride

At 6am on Friday, the @cycle_override crew will be hosting the 8th Defcon Bikeride. We'll meet at a local bikeshop, get some rental bicycles, and about 7am will make the ride out to Red Rocks. It's about a 15 mile ride, all downhill on the return journey. So, if you are crazy enough to join us, get some water, and head over to cycleoverride.org for more info. See at 6am Friday! @jp_bourget @gdead @heidishmoo. Go to cycleoverride.org for more info.

More Info: @Cycle_Override    http://cycleoverride.org/

Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Sunday - 10:00-10:50


 

No description available


Return to Index    -    Add to    -    ics Calendar file

 

VMHV - Caesars Pool Level - Forum 14-16 - Friday - 14:30-14:59


Title:
A Comprehensive Forensic Analysis of WINVote Voting Machines

No description available
Return to Index    -    Add to    -    ics Calendar file

 

ICS - Flamingo Lower Level - Red Rock Rm 6-8 - Friday - 15:10-15:40


A CTF That Teaches: Challenging the Next Generation of ICS Ethical Hackers

August 10, 2018 3:10 PM

Today's evolving threat landscape makes training new talent to defend critical infrastructure networks more important than ever. One way to both help people build their technical skills and introduce new people to the world of ICS security is with Capture-the-Flag exercises (CTFs). This presentation will analyze the development of a real-life CTF, including some of the problems faced and how to solve them, to show how you can create challenging, yet educational, CTFs to train the next generation of ICS defenders.

Speaker Information

Brandon Workentin

SecurityMatters

Brandon Workentin joined SecurityMatters as an ICS Security Engineer in early 2017. Prior to that, Brandon worked for EnergySec, where he started as an intern in 2014 and finished as a Cybersecurity Analyst II. At EnergySec, Brandon focused on security regulations, including the NERC CIP cybersecurity standards, as well as threats, research, and news affecting the electric industry. He was also involved in the creation of the EnergySec Information Sharing and Analysis Organization (ISAO), as well as a member of multiple ISAO Standards Organization Working Groups. Prior to joining the cybersecurity field, Brandon spent several years teaching math and English in Idaho and Oregon. Brandon also enjoys public speaking, highlighted by having presented on ICS security at multiple BSides events. He has a BA in Mathematics and English Education from Northwest Nazarene University and an AS in Cybersecurity and Networking from Mt. Hood Community College.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Thursday - 13:00-13:45


A Journey Into Hexagon: Dissecting a Qualcomm Baseband

Thursday at 13:00 in 101 Track, Flamingo
45 minutes |

Seamus Burke Hacker

Mobile phones are quite complicated and feature multiple embedded processors handling wifi, cellular connectivity, bluetooth, and other signal processing in addition to the application processor. Have you ever been curious about how your phone actually makes calls and texts on a low level? Or maybe you want to learn more about the internals of the baseband but have no clue where to start. We will dive into the internals of a qualcomm baseband, tracing it's evolution over the years until its current state. We will discuss the custom, in-house DSP architecture they now run on, and the proprietary RTOS running on it. We will also cover the architecture of the cellular stack, likely places vulnerabilities lie, and exploit mitigations in place. Finally we will cover debugging possibilities, and how to get started analyzing the baseband firmware—how to differentiate between RTOS and cellular functions, how to find C std library functions, and more.

Seamus Burke
Seamus Burke is an undergraduate student at UMBC pursing a degree in CS, he has been working in the security field field since he was 16 and has held a variety of positions from SOC analyst to malware analyst, to vulnerability researcher. Currently his research focus is on cellular baseband and kernel rootkits. When he's not staring at IDA, he likes to spend his time wrenching on cars and racing.

@AlternateAdmin


Return to Index    -    Add to    -    ics Calendar file

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Friday - 13:00-13:30


Title: A Rundown of Security Issues in Crypto Software Wallets

Speakers: Marko Bencun

Description:
No description available



Return to Index    -    Add to    -    ics Calendar file

 

ICS - Flamingo Lower Level - Red Rock Rm 6-8 - Saturday - 17:35-17:59


A SOC in the Village

August 11, 2018 5:35 PM

Security operation centers (SOC) have a been around on the enterprise networks for a while now, but what about OT SOCS? This talk will cover some technologies that are available for the plant floor that works with your SOC. After the talk, a live demonstration will take place in the ICS Village.

Speaker Information

Thomas VanNorman

Dragos

Thomas has been working in Operational Technology field for more than two decades. He is currently the Director of Engineering Services at Dragos, and a Founding Member of ICS Village. Thomas is also retired from the Air National Guard where he worked in Cyber Warfare Operations. For over the past 10 years Thomas focus area has been working on securing Industrial Control Systems and the networking of such systems leveraging his operational knowledge of such systems. Thomas currently holds a Certified Information Systems Security Professional (CISSP) through ISC(2), Global Industrial Cyber Security Professional (GICSP) and GIAC Certified Incident Handler (GCIH) both through GIAC.


Return to Index    -    Add to    -    ics Calendar file

 

PPV - Flamingo Lower Level - Valley Of Fire Rms - Friday - 15:00-15:45


Title:
About the Open Cannabis Project

Open sourcing the full sequence of genomes of many strains
Return to Index    -    Add to    -    ics Calendar file

 

EHV - Caesars Promenade Level - Modena Rm - Friday - 14:00-14:59


Title: Accountability without accountability: A censorship measurement case study

Speakers: Speaker TBA

Description:

Protecting volunteers from retribution, and why the fear of unknown unknowns is paralyzing to the academic measurement community.


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 12:00-13:50


ADRecon: Active Directory Recon

Saturday 08/11/18 from 1200-1350 at Table Six
Security professionals (Blue Team, Red Team), system administrators, etc.

Prashant Mahajan

ADRecon is a tool which extracts various artifacts (as highlighted below) out of an AD environment in a specially formatted Microsoft Excel report that includes summary views with metrics to facilitate analysis. The report can provide a holistic picture of the current state of the target AD environment. The tool is useful to various classes of security professionals like system administrators, security professionals, DFIR, etc. It can also be an invaluable post-exploitation tool for a penetration tester. It can be run from any workstation that is connected to the environment, even hosts that are not domain members. Furthermore, the tool can be executed in the context of a non-privileged (i.e. standard domain user) accounts. Fine Grained Password Policy, LAPS and BitLocker may require Privileged user accounts. The tool will use Microsoft Remote Server Administration Tools (RSAT) if available, otherwise it will communicate with the Domain Controller using LDAP.

The following information is gathered by the tool: Forest; Domain; Trusts; Sites; Subnets; Default Password Policy; Fine Grained Password Policy (if implemented); Domain Controllers, SMB versions, whether SMB Signing is supported and FSMO roles; Users and their attributes; Service Principal Names (SPNs); Groups and memberships; Organizational Units (OUs); ACLs for the Domain, OUs, Root Containers and GroupPolicy objects; Group Policy Object details; DNS Zones and Records; Printers; Computers and their attributes; LAPS passwords (if implemented); BitLocker Recovery Keys (if implemented); and GPOReport (requires RSAT).

https://github.com/sense-of-security/ADRecon

Prashant Mahajan
Prashant Mahajan is a Security Consultant at Sense of Security Pty Ltd. He has experience with various aspects of Information Security including penetration testing, vulnerability analysis, digital forensics and incident response. Prashant is a founding member of Null—The Open Security Community and frequent speaker at industry events.


Return to Index    -    Add to    -    ics Calendar file

 

PHW - Caesars Promenade Level - Neopolitan BR - Friday - 13:00-14:59


Advanced APT Hunting with Splunk

You wanna learn how to hunt the APTs? This is the workshop for you. Using a real-worldish dataset, this workshop will teach you how to hunt the "fictional" APT group Taedonggang. We discuss the Diamond model, hypothesis building, LM Kill Chain, and Mitre Att&ck framework and how these concepts can frame your hunting. Then we look deep in the data using Splunk and OSINT to find the APT activity riddling a small startup's network. We walk you through detecting lateral movement, the P of APT, and even PowerShell Empire. Then at the end, we give you a similar dataset and tools to take home and try newly learned techniques yourself.

Ryan Kovar fought in the cyberwars and has been doing cybery things for almost 20 years. Now he is a Principal Security Strategist at Splunk building cool stuff, talking about security thingies, and helping other people fight their battles. He hates printers.

John Stoner is a Principal Security Strategist at Splunk. During his career he has worked in operations, consulting and solutions engineering. In his current role, he leverages his many years of experience in log management, SIEM, security operations and threat intelligence to provide solutions that drive greater situational awareness for organizations.


Return to Index    -    Add to    -    ics Calendar file

 

PHW - Caesars Promenade Level - Neopolitan BR - Sunday - 11:00-12:59


Advanced APT Hunting with Splunk

You wanna learn how to hunt the APTs? This is the workshop for you. Using a real-worldish dataset, this workshop will teach you how to hunt the "fictional" APT group Taedonggang. We discuss the Diamond model, hypothesis building, LM Kill Chain, and Mitre Att&ck framework and how these concepts can frame your hunting. Then we look deep in the data using Splunk and OSINT to find the APT activity riddling a small startup's network. We walk you through detecting lateral movement, the P of APT, and even PowerShell Empire. Then at the end, we give you a similar dataset and tools to take home and try newly learned techniques yourself.

Ryan Kovar fought in the cyberwars and has been doing cybery things for almost 20 years. Now he is a Principal Security Strategist at Splunk building cool stuff, talking about security thingies, and helping other people fight their battles. He hates printers.

John Stoner is a Principal Security Strategist at Splunk. During his career he has worked in operations, consulting and solutions engineering. In his current role, he leverages his many years of experience in log management, SIEM, security operations and threat intelligence to provide solutions that drive greater situational awareness for organizations.


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon C - Saturday - 10:00-13:59


Advanced Custom Network Protocol Fuzzing

Saturday, 1000-1400 in Icon C

Joshua Pereyda Software Engineer

Timothy Clemans Software Engineer

Get hands on experience writing custom network protocol fuzzers. This class will cover the basics of network protocol "smart fuzzing." Exercises will utilize the open source network protocol fuzzing framework, boofuzz. Attendees will gain practice reverse engineering a network protocol, implementing and iterating on a custom fuzzer, and identifying vulnerabilities.

After:
1. You will know the basics of fuzzing.
2. You will know how to write custom network protocol fuzzers using state of the art open source tools.
3. You will have hands on experience with this widely-discussed but still largely mysterious test method.

Before:
1.You should be comfortable doing some programming in Python.
2. You should understand basic network protocol concepts.
3. You should be familiar with WireShark and how to use it.

What you won't learn:
1. Exploit development.
2. Python programming. Because you can already do that (see above).

Prerequisites:
- Some basic Python programming experience (some programming ability is REQUIRED).
- Basic understanding of network protocols.
- Basic familiarity with Wireshark.
- Optional: Fuzzing experience.

Materials:
- Laptop with physical Ethernet port -- strongly recommended: configure for secure Wi-Fi access beforehand.
- Python 2.7 and pip installed and updated.
- Linux recommended but Windows OK.

Max students: 66

Registration: -CLASS FULL- https://www.eventbrite.com/e/advanced-custom-network-protocol-fuzzing-icon-c-tickets-47194829004
(Opens July 8, 2018 at 15:00 PDT)

Joshua Pereyda
Joshua is a software engineer specializing in information and network security. He has worked in the critical infrastructure and cloud computing industries with employers heavily invested in software and hardware security. Among his passions are hacking, teaching kids to program, listening to upper-crust orchestral performances with his wife, and figuring out how he can get paid to do it all... legally. Joshua is the maintainer of the boofuzz network protocol fuzzing framework. He has written fuzzers for fun, and profit (literally).

Timothy Clemans
Tim is a software engineer working in information security. He has worked for a startup and data analytics companies. He currently works in critical infrastructure with a focus on security and fuzzing. He cringes at the thought of insecure systems and so he seeks to improve the security of anyone who will listen. He enjoys a good hike, ice cream, and long walks on the beach.


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon C - Thursday - 14:30-18:30


Advanced Wireless Attacks Against Enterprise Networks

Thursday, 1430-1830 in Icon C

Gabriel Ryan Co-Founder & Principle Security Consultant, Digital Silence

Justin Whitehead CEO & Co-Founder, Digital Silence

This workshop will instruct attendees on how to carry out sophisticated wireless attacks against corporate infrastructure. Attendees will learn how to attack and gain access to WPA2-Enterprise networks, bypass network access controls, and perform replay attacks to gain administrative control over an Active Directory environment. External wireless adapters and additional required equipment will be provided to all workshop attendees, and material learned in the lectures will be practiced within a realistic lab environment.

Areas of focus include:

* Wireless reconnaissance and target identification within a red team environment
* Attacking and gaining entry to WPA2-EAP wireless networks
* LLMNR/NBT-NS Poisoning
* Firewall and NAC Evasion Using Indirect Wireless Pivots
* MITM and SMB Relay Attacks
* Downgrading modern SSL/TLS implementations using partial HSTS bypasses

Prerequisites: None

Materials: Students will need to bring a laptop with at least 8 gigs of RAM, a 64-bit operating system, at least 100 gigs of hard drive space (external drives are fine), and at least one free USB port. Students will also be required to download and install a virtual lab environment prior to participating in the workshop. Everything else will be provided by the instructor team.

Max students: 66

Registration: -CLASS FULL- https://www.eventbrite.com/e/advanced-wireless-attacks-against-enterprise-networks-icon-c-tickets-47086648433
(Opens July 8, 2018 at 15:00 PDT)

Gabriel Ryan
Gabriel Ryan is a penetration tester and researcher with a passion for wireless and infrastructure testing. He currently serves a co-founder and principle security consultant for Digital Silence, a Denver based consulting firm that specializes in impact driven penetration testing and red team engagements.

Prior to joining Digital Silence, Gabriel worked as a penetration tester and researcher for Gotham Digital Silence, contributing heavily to their wireless security practice and regularly performing large scale infrastructure assessments and red teams for Fortune 500 companies. Some of Gabriel's most recent work includes the development of EAPHammer, an 802.11ac focused tool for breaching WPA2-EAP networks. On the side, he serves as a member of the BSides Las Vegas senior staff, coordinating wireless security for the event. In his spare time, he enjoys producing music, exploring the outdoors, and riding motorcycles.

Justin Whitehead
Justin is an Army infantry veteran with over a decade of service. After retiring from the military, he went on to have a successful 7 year career in computer forensics and incident response. In 2015, he became a penetration tester at One World Labs, working under renowned security researcher Chris Roberts. He now serves as CEO and Co-Founder of Digital Silence, bringing a unique attention to detail and blend of blue and red team experience to the company. When he's not focused on his role as a security professional, Justin happily pursues his hobby of synchronized figure skating.


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon D - Saturday - 10:00-13:59


Adventures in Radio Scanning: Advanced Scanning Techniques with SDR

Saturday, 1000-1400 in Icon D

Richard Henderson

Bryan Passifiume

Many cities around the world have implemented multi-million dollar "trunked" radio systems for their transit, municipal, public safety, police, fire and EMS radio networks. Large commercial organizations (like Caesar's) also use frequency sharing trunked radio systems due to the hundreds (if not thousands) of staff... all requiring radio access. This workshop will walk you through the basics of trunked radio systems, how they work, and how you can set up a listening post to decode these systems and listen in. This workshop will cover setting up and using the Trunk88 scanning software, and how to scan other conventional (non-trunked) radio systems such as MOTOTRBO, Tetra, EDACS, and other systems. Live interception and decoding of a trunked system and a DMR/TRBO system will be done by students. We will also quickly walk through scanning popular archaic pager systems like POCSAG.

Prerequisites: A basic understanding of SDR scanning would be incredibly helpful, but is not essential. We can walk students through it.

Materials: In this case, we will require each student to bring a Windows laptop (not a Surface tablet please) and *at least* 2 USB DVB-T RTL2832U+R820T sticks in order to properly intercept and decode trunked radio systems. The more sticks students bring, the more voice channels they will be able to simultaneously monitor and record. A very limited number of additional sticks will be available to borrow. Please make sure you have them!

Max students: 33

Registration: -CLASS FULL- https://www.eventbrite.com/e/adventures-in-radio-scanning-advanced-scanning-techniques-with-sdr-icon-d-tickets-47194754782
(Opens July 8, 2018 at 15:00 PDT)

Richard Henderson
Richard Henderson is a writer, researcher, and ham radio/electronics nerd who has worked in infosec and technology for well over a decade. Richard is currently co-authoring a book on cybersecurity for ICS/Scada systems.

Bryan Passifiume
Bryan Passifiume is a journalist, writer and photographer who writes for one of Toronto's largest newspapers. A National Newspaper Awards nominee, and a co-founder of the alt-amateur radio group Hamsexy, he's been involved in the monitoring and radio hacking scene for nearly twenty years.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Friday - 15:15-15:45


Adventures in the dark web of government data - Marc DaCosta

Government bureaucracy is your friend. The US federal government alone produces tens of thousands of different forms that collect information on everything from the owner and location of every oil well in the country, to the VIN number of every car that’s imported, the location and height of every cell phone tower, and much more. While most of this data is locked behind clunky 1990s-era search forms, or in exports of antiquated database formats, the enterprising researcher will find a treasure trove that exists outside the indexes of Google and LexisNexis.

I have written scrapers and parsers for 100s of these databases and will share with you what I’ve learned about coaxing OSINT out of some of the messiest and hard to find data out there.

The talk will specifically feature a deep dive into the data produced by the US Federal Communications Commission. The FCC has issued over 20 million licenses for transmitting on regulated parts of the electromagnetic spectrum. The data residue of this process can be used for everything from geo-locating electronic border surveillance infrastructure to discovering the location and transmission frequency of every McDonald’s drive-thru radio. In the second portion of the talk, I will discuss how various protocols for data transmission can be decoded and joined with other contextual public data. For instance, every cargo ship emits an ““Automated Identification System”” signal that can be joined with shipping records to understand what the ship is carrying.

By the end of the talk, I hope attendees will develop new intuitions and techniques for finding and working with government data, and specifically have the tools to run their own investigations using FCC data.


Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Friday - 10:20-10:40


Adversarial Patches

Sven Cattell

Adversarial examples fooling machine learning field are a burgeoning field. We propose applications to fool self driving cars or facial recognition systems but most of the techniques are purely academic. They require minute manipulations to the bit values of the pixels entering a system. Adversarial patches are an attack that could actually work. This talk will cover how to make them and further applications

I got my Ph.D. in algebraic topology in 2016 and immediately moved into machine learning to work on something useful to people. I then completed a post-doc in mathematical machine learning where I worked on medical data. I now work at endgame.


Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Sunday - 10:40-10:59


AI DevOps: Behind the Scenes of a Global Anti-Virus Company’s Machine Learning Infrastructure

Alex Long

“Thus far, the security community has treated machine learning as a research problem. The painful oversight here is in thinking that laboratory results would translate easily to the real world, and as such, not devoting sufficient focus to bridging that gap. Researchers enjoy the luxuries of neat bite-sized datasets to experiment upon, but the harsh reality of millions of potentially malicious files streaming in daily soon hits would-be ML-practitioners in the face like a tsunami-sized splash of ice water. And while in research there’s no such thing as ““too much”” data, dataset sizes challenge real-world cyber security professionals with tough questions: ““How will we store these files efficiently without hampering our ability to use them for day-to-day operations?”” or ““How do we satisfy competing use-cases such as the need to analyze specific files and the need to run analyses across the entire dataset?”” Or maybe most importantly: ““Will my boss have a heart-attack when he sees my AWS bill?””

In this talk, we will provide a live demonstration of the system we’ve built using a variety of AWS services including DynamoDB, Kinesis, Lambda, as well as some more cutting edge AWS services such as Redshift and ECS Fargate. We will go into depth about how the system works and how it answers the difficult questions of real world ML such as the ones listed above. This talk will provide a rare look into the guts of a large-scale machine learning production system. As a result, it will give audience members the tools and understanding to confidently tackle such problems themselves and ultimately give them a bedrock of immediately practical knowledge for deploying large-scale on-demand deep learning in the cloud.”

Alex Long is currently working as a programmer on the Sophos Datascience Team where he builds tools, scalable backends, and cool visualizations to support the team’s research. His latest work has been on creating an online platform for researchers to publish, evaluate, and distribute their latest AI models, thus streamlining the process of productizing AI breakthroughs.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Saturday - 16:00-16:45


All your family secrets belong to us—Worrisome security issues in tracker apps

Saturday at 16:00 in Track 2
45 minutes | Demo, Exploit

Dr. Siegfried Rasthofer Fraunhofer SIT

Stephan Huber Hacker

Dr. Steven Arzt Hacker

Google Play Store provides thousands of applications for monitoring your children/family members. Since these apps deal with highly sensitive information, they immediately raise questions on privacy and security. Who else can track the users? Is this data properly protected? To answer these questions, we analyzed a selection of the most popular tracking apps from the Google Play Store.

Many apps and services suffer from grave security issues. Some apps use self-made algorithms instead of proper cryptography for data storage and transmission. Others do not even attempt to protect their communication at all and make use of the unprotected http protocol, or even give an attacker full access to a vulnerable backend system. Hard coded database credentials in apps allowed access to all stored user locations. We would be able to extract hundreds of thousands of tracking profiles, even in real time. In others, this wasn't even necessary, because the user authentication could be bypassed altogether. Flaws in server API allowed us to extract all user credentials (1.7m plain text passwords), further we saw full communication histories containing messages, pictures and location data.

In total, the state of tracker apps is worrisome, effectively leading to users unknowingly installing espionage software on their devices.

Dr. Siegfried Rasthofer
Siegfried is the head of department Secure Software Engineering at Fraunhofer SIT (Germany) and his main research focus is on

applied software security. He has received a PhD, master's degree and bachelor's degree in computer science and IT-security. He is the founder of the CodeInspect reverse engineering tool and founded TeamSIK.

During his research, he develops tools that combine static and dynamic code analysis for security purposes. Most of his research is published at top tier academic conferences and industry conferences

like DEF CON, BlackHat, AVAR or VirusBulletin.

Stephan Huber
Stephan is a security researcher at the Testlab mobile security group at the Fraunhofer Institute for Secure Information Technology (SIT).

His main focus is Android application security testing and developing new static and dynamic analysis techniques for app security evaluation.

He found different vulnerabilities in well-known Android applications and the AOSP. He gave talks on conferences like DEF CON, HITB, AppSec or VirusBulletin. In his spare time he enjoys teaching students in Android hacking.

Dr. Steven Arzt
Steven is currently a researcher at the Fraunhofer Institute for Secure Information Technology (SIT) in Darmstadt.

He has received a PhD, a master's degree in computer science, and a master's degree in IT Security from Technische Universität Darmstadt.

Steven is one of the core maintainers of the Soot open-source compiler framework that is now used for static analysis and program instrumentation by various research groups around the world. He is also actively maintaining the FLOWDROID open-source static data flow tracker.

His main research interests center on (mobile) security and static and dynamic program analysis applied to real-world security problems, an area in which he has published various research papers over the last years.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Saturday - 15:00-15:45


All your math are belong to us

Saturday at 15:00 in Track 1
45 minutes | Demo, Tool, Exploit, Audience Participation

sghctoma Lead security researcher @ PR-Audit Ltd., Hungary

First of all, it's math. Not meth. So everybody be cool, I'm not gonna touch your central nervous system stimulant substances. Now that this is established, I can start telling my story. And this story, like all good stories, begins where it ends.

Wait, no, not really.

It begins at a birthday party where the sister of a friend asked if I could help her with MATLAB. No matter how horrible memories I had about MATLAB, I just couldn't say no. So the next day, there was I, sitting in my room, installing the trial. And that's when the hacking started...

Believe me, there were a lot to hack in this case! Several gigabytes of installed materials, a few web servers, cloud integration, clustering capabilities, you name it. These software are bloated, they are basically their own little operating systems.

Yup, I used plural. Because I thought why discriminate MATLAB? I should really give a chance to Maple and Mathematica to fail too!. I did, and they did fail, and these failures gave the material for my talk. Basically this will be a dump of exploits (RCEs, file disclosures, etc.), and if you use any of those software and you are at least a bit security conscious, you should definitely listen to it.

sghctoma
Toma is the lead IT security researcher at PR-Audit Ltd., a company focusing mainly on penetration testing and SIEM software development. Previously he participated in a cooperation between ELTE Department of Meteorology and the Paks Nuclear Power Plant Ltd., the goal of which was to develop TREX, a toxic waste emission simulator using CUDA.

The scene from RoboCop where Nikko defeats the ED-209 with just a laptop and a serial cable made a huge impression on him, and after seeing the movie, his path was set: he was bound to be a hacker. His first experiences in this field involved poking around various copy protection schemes, and to this day his favorite areas of expertise are the ones that require some mangling of binary files. Besides computer security he also loves mountain biking, flight simulators, and builds and flies acro quadcopters.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Friday - 11:00-11:45


An Attacker Looks at Docker: Approaching Multi-Container Applications

Friday at 11:00 in 101 Track, Flamingo
45 minutes | Demo

Wesley McGrew Director of Cyber Operations, HORNE Cyber

Containerization, such as that provided by Docker, is becoming very popular among developers of large-scale applications. The good news: this is likely to make your life easier as an attacker.

While exploitation and manipulation of traditional monolithic applications might require specialized experience and training in the target languages and execution environment, applications made up of services distributed among multiple containers can be effectively explored and exploited "from within" using many of the system- and network-level techniques that attackers, such as penetration testers, already know.

The goal of this talk is to provide a hacker experienced in exploitation and post-exploitation of networks and systems with an exposure to containerization and the implications it has on offensive operations. Docker is used as a concrete example for the case study. A hacker can expect to leave this presentation with a practical exposure to multi-container application post-exploitation.

Wesley McGrew
Wesley currently oversees and participates in offense-oriented operations as Director of Cyber Operations for HORNE Cyber. He has presented on topics of penetration testing and and malware analysis at DEF CON and Black Hat USA. He teaches a self-designed course on reverse engineering to students at Mississippi State University, using real-world, high-profile malware samples. Wesley has a Ph.D. in Computer Science from Mississippi State University for his research in vulnerability analysis of SCADA HMI systens.


Return to Index    -    Add to    -    ics Calendar file

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Saturday - 15:00-16:59


Title: An Introduction to Kovri

Speakers: Anonimal

Description:
No description available



Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Saturday - 12:00-12:30


An OSINT Approach to Third Party Cloud Service Provider Evaluation

Lokesh Pidawekar, Senior Cloud and Application Security Engineer at Cisco

In the era of third party cloud service providers where enterprise critical data is hosted and shared with various vendors, third party security reviews have become essential part of Information Security. It has become a challenge for security teams to ensure parity is maintained between security controls that are available on premise, to those offered by the cloud provider. Typically, companies send a word document or excel sheet to get answers from cloud providers, however, this process is done only once and the review is point in time. In this talk, the attendees will learn about various methods of identifying security posture of the third-party cloud service using information available on Internet, how to use this information for performing cloud service review and improve their own cloud offerings. This can also supplement the tedious questionnaire process and provide an option to fast track the vendor reviews.

Lokesh Pidawekar (Twitter: @MaverickRocky02) work as Senior Cloud and Application Security Engineer in Cisco InfoSec team where he is responsible for designing secure architecture for applications, evaluating third party cloud service providers, and providing training to enterprise architects. He has Master's in Information Assurance & Cyber Security from Northeastern University, Boston. Previously, he has spoken at BSides Las Vegas, DEFCON Packet Hacking Village talks, OWASP Boston chapter and CarolinaCon. He likes to read about application vulnerabilities in free time and has reported security bugs to vendors as part of their bug bounty program.


Return to Index    -    Add to    -    ics Calendar file

 

PPV - Flamingo Lower Level - Valley Of Fire Rms - Friday - 17:30-18:15


Title:
An Overview of Hydroponic Grow Techniques

No description available
Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon E - Saturday - 14:30-18:30


Analyzing Malscripts: Return of the Exploits!

Saturday, 1430-1830 in Icon E

Sergei Frankoff Co-Founder, Open Analysis

Sean Wilson Co-Founder, Open Analysis

In recent years malscripts and file based exploits have become a main delivery method for malware. Malscripts are often heavily obfuscated and they can take many different forms including WScript, Javascript, macros, and PowerShell. There has also been been a rise in document based exploits used to deliver and execute these malscripts. As a result incident responders and malware analysts need to be comfortable analyzing different document formats, identifying potential exploits, and analyze malscripts.

In this workshop you will work through the triage of a live malware delivery chain that includes a malicious document, malicious scripts, and a final malware payload. During this process you will be exposed to different document based exploits, and you will practice the skills required to manually analyze malscripts. This workshop focuses on the fundamental analysis techniques used when identifying, deobfuscating, and analyzing maldocs and malscripts. However, we will also provide an introduction to automation tools and techniques that can be used to speed up the analysis process.

This workshop is aimed at junior incident responders, hobby malware analysts, and general security or IT practitioners who are interested in learning more about the malware triage process. If you have no experience with malware analysis but you have a good understanding of scripting languages like VBScript, and Javascript, and you are familiar with windows internals you should have no problem completing the workshop. You will be provided with a VirtualMachine to use during the workshop, please make sure to bring a laptop that meets the following requirements. Your laptop must have VirtualBox installed and working (VMWare is not supported). Your laptop must have at least 60GB of disk space free, preferably 100GB. Your laptop must be able to mount USB storage devices. Make sure you have the appropriate dongle if you need one.

Prerequisites: None

Materials: Students will be provided with a VirtualMachine to use during the workshop. They will need to bring a laptop that meets the following requirements:

- The laptop must have VirtualBox installed and working (VMWare is not supported).
- The laptop must have at least 60GB of disk space free, preferably 100GB.
- The laptop must be able to mount USB storage devices (ensure you have the appropriate dongle if you need one).

Max students: 33

Registration: -CLASS FULL- https://www.eventbrite.com/e/analyzing-malscripts-return-of-the-exploits-icon-e-tickets-47194482969
(Opens July 8, 2018 at 15:00 PDT)

Sergei Frankoff
Sergei is a co-founder of Open Analysis, and volunteers as a malware researcher. When he is not reverse engineering malware Sergei is focused on building automation tools for malware analysis. Sergei is a strong believer in taking an open, community approach to combating cyber crime. He actively contributes to open source tools and tries to publish as much analysis as possible. With over a decade of experience Sergei has held roles both as the manager of an incident response team, and as a malware researcher.

YouTube: https://www.youtube.com/oalabs

Sean Wilson
Sean is a co-founder of Open Analysis, and volunteers as a malware researcher. He splits his time between reverse engineering malware and building automation tools for incident response. He is an active contributor to open source security tools focused on incident response and analysis. Sean brings over a decade of experience working in a number of incident response and application security roles with a focus on security testing and threat modeling. In his free time Sean loves fly fishing.

YouTube: https://www.youtube.com/oalabs


Return to Index    -    Add to    -    ics Calendar file

 

ICS - Flamingo Lower Level - Red Rock Rm 6-8 - Saturday - 10:40-11:10


Analyzing VPNFilter's Modbus Module

August 11, 2018 10:40 AM

Since May of 2018 Cisco Talos has been releasing information to the public detailing the capabilities of a nation-state sponsored malware campaign known as VPNFilter. This global, multi-year campaign targets numerous network routing devices which range from low-end small office, home office (SOHO) WiFi routers to rack-mount enterprise-grade network appliances. Of special interest to the ICS community is the existence of a post-exploitation module focused specifically on identifying a subset of Modbus traffic while also capturing credentials transmitted via HTTP. For our talk, we will discuss some background on the VPNFilter campaign, malware analysis, capabilities, and cover some hypothetical scenarios in which the Modbus module would be useful.

Speaker Information

Patrick DeSantis

Cisco Talos

As security researchers with Cisco Talos, Carlos Pacho (@carlosmpacho) and Patrick DeSantis (@pat_r10t) focus on discovering new and exploitable vulnerabilities in Industrial Control Systems (ICS) and other computing devices that have an impact on the physical world. The Talos ICS team has been responsible for the coordinated disclosure of dozens of ICS-related security vulnerabilities in devices ranging from secure industrial routers to programmable logic controllers (PLCs). They also built an ICS-controlled kegerator.

Carlos Pacho

Cisco Talos


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 16:00-17:50


Angad: A Malware Detection Framework using Multi-Dimensional Visualization

Saturday 08/11/18 from 1600-1750 at Table Two
Defense, Forensics, Network, Malware

Ankur Tyagi

Angad is a framework to automate classification of an unlabelled malware dataset using multi-dimensional modelling. The input dataset is analyzed to collect various attributes which are then arranged in a number of feature vectors. These vectors are then individually visualized, indexed and then queried for each new input file. Matching vectors are labelled as per their AV detection categories for now but this could be changed to a heuristics approach if needed. If dynamic behavior or network traffic details are available, vectors are also converted into activity graphs that depict evolution of activity with a predefined time scale. This results into an animation of malware/malware category's behavior traits and is also useful in identifying activity overlaps across the input dataset.

Malware detection is a challenging task as the landscape is ever-evolving. Every other day, a new variant or a known malware family is reported and signature driven tools race against time to add detection. The process worsens when the rate of incoming samples is in thousands on a daily basis, making static/dynamic analysis alone of no use.

Angad tries to address this issue by leveraging well-known data classification techniques to the malware domain. It tries to provide a known interface to the multi-dimensional modelling approach within a standalone package.

https://github.com/7h3rAm/angad

Ankur Tyagi
Bio: Ankur Tyagi is a Sr. Malware Research Engineer at Qualys Inc., where he analyzes malicious code and applies statistical modelling to identify suspicious patterns and evolving trends. His research interests include structural visualization techniques for classifying large collections of uncategorized samples. He has completed MS in Software Systems with focus on Applied Security.


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Friday - 18:00-18:30


Title:
Announcing the Underhanded Crypto Contest Winners

6:00pm

Announcing the Underhanded Crypto Contest Winners
When
Fri, August 10, 6:00pm 6:30pm
Description
Speakers
-------
Adam Caudill
Taylor Hornby

Abstract
--------
This session announces the winners of the 5th annual Underhanded Crypto Contest.

Bio
-----------------
Adam Caudill and Taylor Hornby are the founders and organizers of Underhanded Crypto Contest; a contest dedicated to research in how to undermine cryptography in unusual and hard to detect ways.

Twitter handle of presenter(s)
------------------------------
@adamcaudill @DefuseSec

Website of presenter(s) or content
----------------------------------
https://underhandedcrypto.com

Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Saturday - 16:00-17:00


Title:
Anonymous rate-limiting in services with Direct Anonymous Attestation

4:00pm

Anonymous rate-limiting in services with Direct Anonymous Attestation
When
Sat, August 11, 4pm 5pm
Description
Authors
-------
Alex Catarineu
Philipp Claen
Konark Modi
Josep M. Pujol

Abstract
--------
Anonymous data collection systems allows users to contribute the data necessary to build services and applications while preserving their privacy.

Anonymity, however, can be abused by malicious agents, injecting fabricated data, aiming to subvert or to sabotage the data collection.

At Cliqz we deal with the same challenge. Our data collection systems in Cliqz Browser and Extension which power our search engine[1], anti-tracking systems[2] are designed in a way that server cannot link that two messages are from the same user.
But if the user is fully anonymous, how can the system prevent an attacker
from polluting the data collection?

We will showcase an efficient mechanism to block an attacker without compromising the privacy and anonymity of the users.
This system builds on top of Direct Anonymous Attestation, a proven cryptographic primitive to implement service rate-limiting in a scenario where messages between users and the service are sent anonymously and message unlinkability is to be preserved.
Rate-limiting constraints for a service are defined as an arbitrary mapping from every possible valid message to a 'rate-limiting tag' string, in such a way that the constraints can be enforced if the service never accepts more than one message from the same user with same tag.
Under this definition, we employ DAA protocol to enforce these 'message quotas' without being able to link user messages. If authorized, users receive credentials issued by the service. These can be used to sign messages with respect to a 'basename' string, in such a way that two signatures performed with the same credentials are unlinkable if and only if their basenames are different. By forcing the mentioned rate-limiting tag to be in the signature basename the rate-limiting constraints can be enforced.
Service will verify the signature according to the DAA protocol and accept the message if and only if the tag that maps to the rate-limiting basename has still not been seen.

We present all components needed to build and deploy such protection on existing
data collection systems with little overhead.

This system which is running in production for Cliqz browser is however not limited to browsers or extensions, it has been implemented in a scenario where user code is running in a web browser, thanks to WebAssembly and asm.js.

References:
1. Human-web Overview: https://gist.github.com/solso/423a1104a9e3c1e3b8d7c9ca14e885e5
2. Anti-tracking: https://static.cliqz.com/wp-content/uploads/2016/07/Cliqz-Studie-Tracking-the-Trackers.pdf


Bio
-----------------
Speaker 1: Alex Catarineu
Alex works with Cliqz GmbH as a Software Engineer developing privacy-focused search engine and browser. He works on projects ranging across Privacy by design, Human-web, Human-web proxy network, Connect etc. Prior to Cliqz, he started working in a mobile analytics startup in Barcelona. After that, Alex and some colleagues won an entrepreneurship grant to build a web application for helping people better organize their trips.He is interested in many fields, such as algorithms and data structures, cryptography, machine learning, graphics and video games. He is also a decent chess player and enjoys playing and improving at it.

Speaker 2: Konark Modi
Konark works as a Tech lead with Cliqz GmbH developing privacy-focused search engine and browser. He works on projects ranging across Privacy by design, Anonymous Data collection like Human Web, Anti-Tracking etc.

Prior to Cliqz, Konark was working with one of the largest e-commerce website in India(Makemytrip.com) in data platform and security team, solving interesting challenges related to DWH, BI and data security.

His recent personal projects, in an endeavor to help organizations fix vulnerabilities have spanned across browsers, health trackers, Government services, travel mobile apps etc.

Twitter handle of presenter(s)
------------------------------
Speaker 2: @konarkmodi

Website of presenter(s) or content
----------------------------------
Speaker 1: http://github.com/acatarineu/ , Speaker 2: https://medium.com/@konarkmodi

Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Saturday - 14:00-14:40


Applied OSINT For Politics: Turning Open Data Into News - Lloyd Miller

“How do you apply open source intelligence techniques to politicians, candidates, and others holding the public trust? It’s easier than you think. This talk will outline the general principles for investigating public figures, how to take information and data and turn it into a news story even when the story is (often) incomplete, and then review several case studies that demonstrate the effectiveness of combining these techniques.


Return to Index    -    Add to    -    ics Calendar file

 

HHV - Caesars Pool Level - Forum 17-21 - Friday - 10:00-12:59


Applied Physical Attacks on Embedded Systems, Introductory Version

Joe FitzPatriclk, @arinerron, and @pixieofchaos

Abstract

This workshop introduces several different relatively accessible interfaces on embedded systems. Attendees will get hands-on experience with UART, SPI, and JTAG interfaces on a MIPS-based wifi development board. After a brief architectural overview of each interface, hands-on labs will guide through the process understanding, observing, interacting with, and exploiting the interface to potentially access a root shell on the target.

What to Bring

No hardware or electrical background is required. Computer architecture knowledge, Linux internals, command-line familiarity, and low-level programming experience all very helpful but not actually required.

All equipment, including laptops, will be provided for use in the class. Students will be provided with a lab manual that includes an equipment list of all materials used for the class.

Max size: 24, first come first serve basis.

Bio

Joe (@securelyfitz) is an Instructor and Researcher at https://SecuringHardware.com (@securinghw). Joe has spent over a decade working on low-level silicon debug, security validation, and penetration testing of CPUS, SOCs, and microcontrollers. He has spent the past 5 years developing and leading hardware security related training, instructing hundreds of security researchers, pen testers, hardware validators worldwide. When not teaching Applied Physical Attacks training, Joe is busy developing new course content or working on contributions to the NSA Playset and other misdirected hardware projects, which he regularly presents at all sorts of fun conferences.

@arinerron is a student, security enthusiast, CTF player, bug bounty hunter, software developer, and ham radio operator (K1ARE). He’s interested in many aspects of security, though most of his experience is in web and binary exploitation.

Chaos Pixie (@pixieofchaos) works for the man doing embedded systems security.


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Flamingo - 3rd Floor - Mesquite Rm - Friday - 20:30-25:59


Title:
Arcade Party

Ever had the awesome experience of seeing the renowned @dualcoremusic or maybe you've heard the mad mixing skills of @KeithMyers - Well imagine BOTH of them, at one party! The EPIC #defcon26 @CarHackVillage and @ICS_Village Party will be Sat Night 10:30-2 Hope to see you there!

Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 10:00-11:50


Archery—Open Source Vulnerability Assessment and Management

Saturday 08/11/18 from 1000-1150 at Table Two
Offense

Anand Tiwari

Archery is an opensource vulnerability assessment and management tool which helps developers and pentesters to perform scans and manage vulnerabilities. Archery uses popular opensource tools to perform comprehensive scanning for web application and network. It also performs web application dynamic authenticated scanning and covers the whole applications by using selenium. The developers can also utilize the tool for implementation of their DevOps CI/CD environment.

https://github.com/archerysec/archerysec/

Anand Tiwari
Anand Tiwari is an information security professional with nearly 5 years of experience in offensive security, with expertise in Mobile and Web Application Security. Currently working with Philips Healthcare on securing medical devices. He has authored Archery—open source tool and has presented at Black Hat Asia 2018. In his free time, he enjoys coding and experimenting with various open source security tools. Twitter handle: @anandtiwarics


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon D - Friday - 10:00-13:59


ARM eXploitation 101

Friday, 1000-1400 in Icon D

Sneha Rajguru Security Consultant, Payatu Software Labs LLP

ARM architecture based systems are on the rise and seen in almost every hand-held or embedded device. The increasing popularity and growth of the Internet of Things (IoT) have allowed widespread use of ARM architecture. As with any other thing in this world, increasing popularity and usage brings new security challenges and attacks. This workshop aims to provide an introduction to ARM architecture, assembly and explore intermediate level exploitation techniques on ARM along with hands-on examples and challenges.

This session is aimed at security professionals and personnel who possess general security knowledge and wish to enter the field of ARM exploitation.

The attendees will walk away with basic knowledge and skills of ARM Architecture, Assembly, and Exploitation techniques.

The workshop will provide a base for the attendees to develop exploit research expertise on the ARM based platforms

Topics Covered:

Introduction to ARM CPU Architecture
Registers
Modes of Operations
ARM Assembly Language Instruction Set
Introduction to ARM functions and working
Debugging on ARM
Stack Overflow on ARM
How to write a shellcode
How to reverse a shellcode

Prerequisites: The participants are not expected to have any prior knowledge about ARM architectures whereas familiarity with C and Linux Command line will be useful.

Materials: Hardware Requirements: Minimum 4GB RAM and more than 20 GB Free Hard Disk Space
Software Requirements:Windows 7/8, *Nix, Mac OS X 10.5, Administrative privileges on your machines, Virtualbox or VMPlayer, SSH Client

Max students: 33

Registration: -CLASS FULL- https://www.eventbrite.com/e/arm-exploitation-101-icon-d-tickets-47194115871
(Opens July 8, 2018 at 15:00 PDT)

Sneha Rajguru
Sneha works as Senior Security Consultant with Payatu Software Labs LLP. Her interests lies in web, mobile application security and fuzzing. She has discovered various security flaws within various open source applications such as PDFLite, Jobberbase, Lucidchart and more. She has spoken and provided trainings at various conferences such as DEFCON, BSides LV, BSidesVienna, OWASP AppSec USA, DeepSec, DefCamp, FUDCon, and Nullcon. Sneha is passionate about promoting and encouraging Women in Security and has founded an initiative called WINJA-CTF through which she hosts women-only CTFs and Workshops at conferences and other events. Sneha is also active in the local security community and hosts local security meet-ups in Pune. She leads the Pune chapter of null community.


Return to Index    -    Add to    -    ics Calendar file

 

EHV - Caesars Promenade Level - Modena Rm - Friday - 12:00-12:59


Title: Asking for a Friend

Speakers: Speaker TBA

Description:
No description available



Return to Index    -    Add to    -    ics Calendar file

 

VMHV - Caesars Pool Level - Forum 14-16 - Friday - 13:00-13:59


Title:
Assessments of Election Infrastructure and Our Understanding and sometimes whY

No description available
Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Sunday - 13:30-13:50


Asura: A huge PCAP file analyzer for anomaly packets detection using massive multithreading

Sunday at 13:30 in Track 1
20 minutes | Tool

Ruo Ando Center for Cybersecurity Research and Development, National Institute of Informatics, Japan

Recently, the inspection of huge traffic log is imposing a great burden on security analysts. Unfortunately, there have been few research efforts focusing on scalablility in analyzing very large PCAP file with reasonable computing resources. Asura is a portable and scalable PCAP file analyzer for detecting anomaly packets using massive multithreading. Asura's parallel packet dump inspection is based on task-based decomposition and therefore can handle massive threads for large PCAP file without considering tidy parameter selection in adopting data decomposition. Asura is designed to scale out in processing large PCAP file by taking as many threads as possible.

Asura takes two steps. First, Asura extracts feature vector represented by associative containers of <sourceIP, destIP> pair. By doing this, the feature vector can be drastically small compared with the size of original PCAP files. In other words, Asura can reduce packet dump data into the size of unique <sourceIP, destIP> pairs (for example, in experiment, Asura's output which is reduced in first step is about 2% compared with the size of original libpcap files). Second, a parallel clustering algorithm is applied for the feature vector which is represented as {<sourceIP, destIP>, V[i]} where V[i] is aggregated flow vector. In second step, Asura adopts an enhanced Kmeans algorithm. Concretely, two functions of Kmeans which are (1)calculating distance and (2)relabeling points are improved for parallel processing.

In experiment, in processing public PCAP datasets, Asura can identified 750 packets which are labeled as malicious from among 70 million (about 18GB) normal packets. In a nutshell, Asura successfully found 750 malicious packets in about 18GB packet dump. For Asura to inspect 70 million packets, it took reasonable computing time of around 350-450 minutes with 1000-5000 multithreading by running commodity workstation. Asura will be released under MIT license and available at author's GitHub site on the first day of DEF CON 26.

Ruo Ando
Ruo Ando is associate professor of NII (National Institute of Informatics) by special appointment in Japan. He has Ph.D of computer science. Before joining NII, he was engaged in research project supported by US AFOSR in 2003 (Grant Number AOARD 03-4049). He has presented his researches in PacSec2011 (BitTorrent crawler) and GreHack2013 (DNS security). He was co-presenter of SysCan2009 and FrHack2009 (Virtual machine instrospection). His current research interest is network security.


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon E - Saturday - 10:00-13:59


Attack & Defense in AWS Environments

Saturday, 1000-1400 in Icon E

Vaibhav Gupta Security Researcher, Adobe Systems

Sandeep Singh Security Managing Consultant, NotSoSecure

AWS is the most widely used cloud environments today and almost every security professional have to encounter this environment whether you are attacking an organization or defending it. In this fast-paced workshop we will teach participants with some neat tools, techniques and procedures to attack the most widely used AWS services as well as to defend them.

- Recon / Information Gathering on AWS Services
- Attacking S3 buckets
- Exploiting web application flaws to compromise AWS services (IAM/KMS)
- Attacking Serverless applications
- Disrupting AWS Logging
- Attacking Misconfigured Cloud SDN

Takeaways: Students will be able to understand and appreciate the delta in attack surface which gets added due to moving to cloud. And subsequently design architecture and develop applications to defend them.

What will participants be provided?
- PDF copy of slide deck
- Lab VM
- Workshop lab manual
- Bonus labs

Target Audience:
- Cloud Security Engineers
- DevOps engineers
- Security Analyst
- Penetration Testers
- Anyone else who is interested in Cloud Security
- If you are an Expert or Advanced user, you may join us as co-trainers! :-)

Prerequisites: - Need to have AWS account (Free-tier) - Basic understanding of AWS

Materials: - Machine with at least 8 GB RAM and 20 GB free HD space - VirtualBox [VMs will be provided]

Max students: 33

Registration: -CLASS FULL- https://www.eventbrite.com/e/attack-defense-in-aws-environments-icon-e-tickets-47194715665
(Opens July 8, 2018 at 15:00 PDT)

Vaibhav Gupta
Vaibhav is working as a Security Researcher with Adobe Systems. His expertise lies in infusing design and architecture level security in applications hosted in-house and on cloud environments. With ~9 years of diverse InfoSec exposure, he has strong experience in attacking and defending applications including the ones hosted on the cloud. He is co-leading the OWASP and Null community in Delhi region and has delivered multiple sessions at the local and global stage. Vaibhav is also co-organizer for BSides Delhi.

Sandeep Singh
Sandeep is a Security Managing Consultant with NotSoSecure. He has over 5 years of experience in delivering high end security consulting services to clients across the globe. Sandeep has also worked in Detection and Response teams in the past. He is the co-lead of OWASP Delhi chapter and Community Manager of null community and actively contributes to the local security community. He has conducted and delivered many talks and workshops for the local community in the past. Sandeep is also one of the organizers of BSides Delhi.


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon E - Friday - 10:00-13:59


Attacking & Auditing Docker Containers Using Open Source

Friday, 1000-1400 in Icon E

Madhu Akula Security & DevOps Researcher, Appsecco

Developers and Operations teams (DevOps) have moved towards containers and modern technologies. Attackers are catching up with these technologies and finding security flaws in them. In this workshop, we will look at how we can test for security issues and vulnerabilities in Dockerised environments . Throughout the workshop we will learn how we can find security misconfigurations, insecure defaults and container escape techniques to gain access to host operating system (or) clusters. In the workshop, we will look at real world scenarios where attackers compromised containers to gain the access to applications, data and other assets.

By the end of workshop participants will be able to:

- Understand Docker security architecture
- Audit containerised environments
- Perform container escapes to get access to host environments

The participants will get the following:

- A Gitbook(pdf, epub, mobi) with complete workshop content
- Virtual machines to learn & practice
- Other references to learn more about topics covered in the workshop

Prerequisites: Basic familiarity with Linux and Docker

Materials: A laptop with administrator privileges
10 GB of free Hard Disk Space
Ideally 8 GB of RAM but minimum 4 GB
Laptop should support hardware-based virtualization
If your laptop can run a 64-bit virtual machine in Oracle VirtualBox it should work
Other virtualisation software might work but we will not be able to provide support for that.

Max students: 33

Registration: -CLASS FULL- https://www.eventbrite.com/e/attacking-auditing-docker-containers-using-open-source-icon-e-tickets-47194085781
(Opens July 8, 2018 at 15:00 PDT)

Madhu Akula
Madhu is a security ninja and published author, security and devops researcher with extensive experience in the industry ranging from client facing assignments building scalable and secure infrastructure, to publishing industry leading research to running training sessions for companies and governments alike.

Madhu's research papers are frequently selected for major security industry conferences including Defcon 24, Blackhat USA 2018, All Day DevOps (2016, 2017), DevSecCon (London, Singapore, Boston), DevOpsDays India, c0c0n, Serverless Summit, ToorCon, DefCamp, SkydogCon, NolaCon and null, etc. Madhu was a keynote speaker for the National Cyber Security conference at Dayananda Sagar College in Feb 2016.

When he's not working with Appsecco's clients or speaking at events he's actively involved in researching vulnerabilities in open source products/platforms such as WordPress, Ntop, Opendocman etc. and is also a contributing bug hunter with Code Vigilant (a project to Secure Open Source Software). His research has identified many vulnerabilities in over 200 organisations including US Department of Homeland Security, Google, Microsoft, Yahoo, Adobe, LinkedIn, Ebay, At&t, Blackberry, Cisco, Barracuda etc. He is also an active member with Bugcrowd, Hackerone, Synack etc.

Madhu has trained over 5000 people in information security for companies and organisations including the Indian Navy and the Ministry of e-services in a leading Gulf state. He is co-author of Security Automation with Ansible2 book published by Packt Publishing in December 2017, which is listed as a resource by the RedHat Ansible itself.


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon C - Friday - 10:00-13:59


Attacking Active Directory and Advanced Defense Methods in 2018

Friday, 1000-1400 in Icon C

Adam Steed Security Consultant, Protiviti

James Albany Senior Consultant, Protiviti

This hands-on workshop teaches you how to both attack and defend Active Directory. We will start by deploying an Active Directory environment using the typical security settings found in most medium to large organizations. Participants will then learn current common methods and tools used to exploit Active Directory against a lab environment. Participants will create a hardened Active Directory environment using advanced methods to secure domain controllers from attack and then try to compromise their hardened environments.

Prerequisites: Some basic background in Active Directory

Materials: Need a laptop running a hypervisor that would support the import and running of multiple prebuilt virtual images.

Max students: 66

Registration: -CLASS FULL- https://www.eventbrite.com/e/attacking-active-directory-and-advanced-defense-methods-in-2018-icon-c-tickets-47194199120
(Opens July 8, 2018 at 15:00 PDT)

Adam Steed
Adam Steed prides himself in not just being an Information Security professional, but has been part of the culture that has defined Defcon for the last two decades. He has over 20 years of experience in working for Financial, Websites and Healthcare organizations. Currently Adam is a Associate Director at Protiviti as part of the Security and Privacy practice, leading Active Directory assessments and remediation work for Protiviti's clients. He has also spoken at Defcon, Bsides and other events across the United States.

James Albany
James is a Senior Consultant in the Security and Privacy practice at Protiviti. He received a B.S. in Security and Risk Analysis with a specialization in Cyber Security from Penn State University. He currently provides information security services for a wide range of clients in various industries to identify and communicate business risks.


Return to Index    -    Add to    -    ics Calendar file

 

IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - Saturday - 14:30-15:15



Return to Index    -    Add to    -    ics Calendar file

 

WLV - Caesars Promenade Level - Milano BR 5,6 - Saturday - 12:00-12:55


recompiler

Bio

Vlad is a driven security researcher with a passion for securing technology that makes civilized life possible. He is particularly focused on automotive security, satellite systems security, SCADA systems supporting the critical infrastructure and wireless networks. He specializes in the intersection of physical and network security. He has worked on DARPA projects, established and lead penetration testing teams for Fortune 50 organizations, performed incident response and forensics on sensitive production systems within controlled environments, reverse engineered security devices, and participated in countless red team engagements for banks, critical infrastructure, pharmaceutical companies, law firms and research organizations. Vlad has spoken at various security conferences including Bsides, DEFCON, Black Hat USA, HOPE, and ShmooCon. Vlad was a board member for NYC OWASP and remains committed to the security community working together to improve the security posture through developer education, end user training, peer- reviewed code and rigorous standardized testing methodologies.

@recompiler

Attacking Gotenna Networks

Abstract

"Talk will focus on privacy (or lack thereof) of gotenna networks. We will cover traditional attacks which have only been available to state sponsored prior to popularization and wide availability of software defined radios. We will cover signal analysis, triangulation, protocol analysis, deanonimization, cryptanalysis, spoofing and selective jamming. Since the gotenna ecosystem also includes an app we will cover the vulnerabilities in the underlying crypto libraries, weak token generation, broken API segregation as well as other vulnerabilities. You too can learn how to analyze, snoop on and exploit RF networks like a pro with a hackrf, laptop and some elbow grease, sweat and sleep deprivation. "


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Sunday - 12:00-12:45


Attacking the macOS Kernel Graphics Driver

Sunday at 12:00 in Track 2
45 minutes | Demo, Exploit

Yu Wang Senior Staff Engineer at Didi Research America

Just like the Windows platform, graphic drivers of macOS kernel are complicated and provide a large promising attack surface for EoPs and sandbox escapes from low-privileged processes. After auditing part of the binaries, I discovered a number of vulnerabilities last year. Including, NULL pointer dereference, stack-based buffer overflow, arbitrary kernel memory read and write, use-after-free, etc. Some of these vulnerabilities were reported to Apple Inc., such as the CVE-2017-7155, CVE-2017-7163, CVE-2017-13883.

In this presentation, I will share with you the detailed information about these vulnerabilities. Furthermore, from the attacker's perspective, I will also reveal some new exploit techniques and zero-days.

Yu Wang
Yu Wang is a senior staff engineer at Didi Research America. He has previously presented on Syscan360 2012/2013, Hitcon 2013, Black Hat USA 2014, Black Hat ASIA 2016, Black Hat USA Arsenal 2018 and other conferences.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Friday - 16:00-16:45


Automated Discovery of Deserialization Gadget Chains

Friday at 16:00 in 101 Track, Flamingo
45 minutes | Tool

Ian Haken Senior Security Software Engineer, Netflix

Although vulnerabilities stemming from the deserialization of untrusted data have been understood for many years, unsafe deserialization continues to be a vulnerability class that isn't going away. Attention on Java deserialization vulnerabilities skyrocketed in 2015 when Frohoff and Lawrence published an RCE gadget chain in the Apache Commons library and as recently as last year's Black Hat, Muñoz and Miroshis presented a survey of dangerous JSON deserialization libraries. While much research and automated detection technology has so far focused on the discovery of vulnerable entry points (i.e. code that deserializes untrusted data), finding a "gadget chain" to actually make the vulnerability exploitable has thus far been a largely manual exercise. In this talk, I present a new technique for the automated discovery of deserialization gadget chains in Java, allowing defensive teams to quickly identify the significance of a deserialization vulnerability and allowing penetration testers to quickly develop working exploits. At the conclusion we will also be releasing a FOSS toolkit which utilizes this methodology and has been used to successfully develop many deserialization exploits in both internal applications and open source projects.

Ian Haken
Ian Haken is a senior security software engineer at Netflix where he works on the platform security team to develop tools and services that defend the Netflix platform. Before working at Netflix, he spent two years as security researcher at Coverity where he developed defensive application security tools and helped to develop automated discovery of security vulnerabilities through static software analysis. He received his Ph.D. in mathematics from the University of California, Berkeley in 2014 with a focus in computability theory and algorithmic information theory.


Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Saturday - 13:20-13:59


Automated Planning for the Automated Red Team

Andy Applebaum

“Offensive assessments – i.e., penetration testing, adversary emulation, red teaming – have become a key component of maintaining a secure network. Unfortunately, offensive assessments require significant resources, and can vary in quality and structure based on who specifically is conducting the assessment. In the past few years, we’ve seen people try to remedy this problem by creating automated offensive assessment tools, but the capabilities and goals of these tools are highly variable, and many either require personnel to manage them or lack the ability to conduct dynamic or end-to-end tests.

We believe that automated offensive assessments can be done better using automated planning. One of the older branches of AI, automated planning seeks to solve problems where an autonomous agent must determine how to compose a sequence of actions together to achieve an objective. Problems in this space can range from constructing offline deterministic plans, to planning under probabilistic conditions, or to planning in scenarios where the world and underlying model are un- or partially-known. Planning techniques have been applied to solve problems in a variety of domains, including controlling unmanned vehicles and designing intelligent agents in computer games.

In this talk, we’ll describe how we’ve leveraged concepts from the automated planning community to help us design CALDERA, a free, open source automated adversary emulation system. Using these concepts, CALDERA dynamically strings techniques – taken from MITRE ATT&CK™ – together to achieve objectives and conduct end-to-end tests. In addition to describing CALDERA itself, we’ll also discuss more generally some of the challenges and advantages of deploying automated planning to automated offensive assessments, discussing alternate approaches that we as well as others have considered in tackling this problem. Attendees should walk away with both an understanding of how they can use CALDERA as well as how planning can be used for automated offensive assessments.”

Andy Applebaum is a Lead Cyber Security Engineer at MITRE where he works on applied and theoretical security research problems, primarily in the realms of cyber defense, security automation, and automated adversary emulation. Andy has contributed to MITRE’s ATT&CK framework and CALDERA adversary emulation platform, as well as other projects within MITRE’s internal research and development portfolio. Prior to working at MITRE, Andy received his PhD in computer science from the University of California Davis, where his dissertation topic was using argumentation logic for reasoning in cyber security. Andy’s work has been published in multiple conferences and workshops and has most recently spoken at Black Hat Europe. In addition to his PhD, Andy holds a BA in computer science from Grinnell College and the OSCP certification.


Return to Index    -    Add to    -    ics Calendar file

 

BTV - Flamingo 3rd Flr- Savoy Rm - Friday - 10:00-10:20


Automating DFIR: The Counter Future

Friday at 10:00-10:20
20 minutes

@rainbow_tables

Automation has been the forefront of almost every tool or talk in the recent years. The DFIR industry has been moving rapidly towards automating everything! With some great work being done in the area of integrating workflows and various toolsets to make things easier for analysts, automation has really taken off. While that sounds like a worthwhile solution to help SOC analysts weed out the run of the mill adware/PUPs or phishing expeditions, can we really automate a response to the more sophisticated or targeted attack on our company’s crown jewels?

The current argument being made, is that -- rather than building in house Incident Response teams, we should utilize automation to substitute analysts and use third party retainers for skilled analysis. Large investments in automation technologies, rather than resource development reflect this strategy. What does this mean for career progression for budding DFIR analysts? With security engineering taking the forefront, is analysis as a career in DFIR a dying star? Is automation moving us towards click forensics rather than intelligent analysis? I’d like to challenge groupthink, and debate where automation will lead the industry trends. Additionally, I will share some of my experiences in the changing face of DFIR.

@rainbow_tables
Rainbow_Tables is an experienced incident responder and forensic investigator. She enjoys her forays in various industries - media, telecom and software. She finds that her most intriguing experiences stem from the application of DFIR to those industries. Her passion lies within automating analysis methodologies to streamline the incident response process. She believes in innovating simple and innovative solutions to the challenges poised to incident responders by proliferation of advancing technologies.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Sunday - 13:00-13:30


barcOwned—Popping shells with your cereal box

Sunday at 13:00 in Track 3
20 minutes | Demo

Michael West Technical Advisor at CyberArk

magicspacekiwi (Colin Campbell) Web Developer

Barcodes and barcode scanners are ubiquitous in many industries and work with untrusted data on labels, boxes, and even phone screens. Most scanners also allow programming via barcodes to manipulate and inject keystrokes. See the problem? By scanning a few programming barcodes, you can infect a scanner and access the keyboard of the host device, letting you type commands just like a Rubber Ducky. This culminates in barcOwned—a small web app that allows you to program scanners and execute complex, device-agnostic payloads in seconds. Possible applications include keystroke injection (including special keys), infiltration and exfiltration of data on air-gapped systems, and good ol' denial of service attacks.

Michael West
Michael West, aka T3h Ub3r K1tten, is a National Technical Advisor at CyberArk who likes cats. His homelab has over 640 kilobytes of RAM. Michael presents regularly at Dallas Hackers Association and enjoys combining his software dev background with infosec to build tools for others. His interests include OSINT, amateur radio, and scanning long barcodes on the beach.

@t3hub3rk1tten, https://mwe.st, https://barcowned.com

magicspacekiwi (Colin Campbell)
magicspacekiwi, aka Colin Campbell, is a Web Developer with a focus on user experience and considers security an important (but often neglected) part of that experience. They've managed to log over 1500 hours in Overwatch while being stuck in plat. Ask them about their nginx configs.


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Saturday - 17:45-18:30


Title: Batman, Brain Hacking, and Bank Accounts

Speaker: Katherine Pratt
About Katherine:
Katherine Pratt received her B.S. in aerospace engineering from MIT in 2008, where she received the MIT Women’s League Laya Weisner Award for public service to the university, and the MIT Aero/Astro James Means Memorial Award for Space Systems Engineering. She completed several internships with the private space venture Blue Origin, working in systems and propulsion engineering. After graduation, she served four years in the United States Air Force, working primarily as an operational flight test engineer on the F-35 Joint Strike Fighter. She is now a PhD Candidate in the BioRobotics Lab in the Electrical Engineering department of the University of Washington, and currently spending six months in Congress as a Congressional Innovation Scholar. Her work focuses on the privacy, ethics, and policy of neural data. In addition to research, Katherine is passionate about getting younger students, especially girls and minorities, interested in science and technology. She also competes in triathlons as a member of the Husky Triathlon Club and iracelikeagirl teams.
Abstract:
The advancement of technology means more data are being collected from a wider range of sources. Of particular concern is data collected using a Brain Computer Interface (BCI): a device that records neural signals and allows them to control objects external to the body. Applications for this
technology range from therapeutic (e.g. controlling a prosthetic arm) to entertainment (e.g. playing a video game). These cases provide malicious entities the ability to intercept, manipulate, or hack neural signals and the devices they control: it is the plot of Batman Forever (1995) come to life.
This talk will outline research in the field of neural security and information elicitation, as well as the corresponding ethical and policy implications.

Return to Index    -    Add to    -    ics Calendar file

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Saturday - 10:00-10:59


Title: BCOS keynote speech

Speakers: Philip Martin (VP Security, COINBASE)

Description:
No description available



Return to Index    -    Add to    -    ics Calendar file

 

ICS - Flamingo Lower Level - Red Rock Rm 6-8 - Friday - 13:50-14:20


Behavior-Based Defense in ICS Environments: Leveraging Minor Incidents to Protect Against Major Attacks

August 10, 2018 1:50 PM

Successful cyber-attacks against cyber-physical systems require expert knowledge about the dynamic behavior of the underlying physical process (yes, it is actually required). This information is a crucial part during the attack preparation. Previous work has shown manual acquisition of knowledge about process dynamics to be prohibitively laborious (we will show why). This talk will present first insights into automated process-aware system discovery that goes beyond IT-related trivia and focuses on the physical core of an industrial plant. We will share the results of 12 months’ worth of work, which approaches worked and which did not (and why). Notably, our work already had a follow up work at S4x2017, we will share the insights into that work too. Reverse engineering of the physical processes es is a novel topic for which we yet to find workable/standardized approaches. We encourage you to be a part of the process.

Speaker Information

Joe Slowik

Dragos

Joe Slowik currently hunts ICS adversaries for Dragos, pursuing threat activity groups through their malware, their communications, and any other data available. Prior to his time at Dragos, Joe ran the Incident Response team at Los Alamos National Laboratory, and served as an Information Warfare Officer in the US Navy. Throughout his career in network defense, Joe has consistently worked to 'take the fight to the adversary' by applying forward-looking, active defense measures to constantly keep threat actors off balance. An important part of this strategy is understanding adversary techniques and actions: good defense requires knowing (and at times practicing) offense.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Sunday - 14:00-14:45


Betrayed by the keyboard: How what you type can give you away

Sunday at 14:00 in 101 Track, Flamingo
45 minutes |

Matt Wixey Vulnerability R&D Lead, PwC

Attribution is hard. Typically, the most useful identifiers—IP addresses, email address, domains, and so on—are also the easiest things to spoof, obfuscate, or anonymise. Whilst more advanced techniques, such as correlating malicious activity with timezones, or linking attacks through the use of similar techniques or malware, can be useful, they tend to take investigators further away from the individuals responsible; at best, some inference about the country or specific actor group/collective can be made.

In this talk, I present a method for linking incidents to individual attackers with a high degree of accuracy, based on extremely fine-grained behavioural characteristics. This involves an investigatory technique known as "case linkage analysis" (CLA), which uses granular aspects of crime scene behaviours to link common offenders together through statistical comparison. It's been applied to some crime types before, but never to cyber attacks.

I'll cover how CLA works, its advantages and disadvantages, and how it has previously been applied to a range of crimes, from burglary to homicide. I'll place it within the context of personality psychology, biometrics, forensic criminology, offender profiling, and forensic linguistics; and will walk through applying it practically.

I'll then show the results of a novel experiment I conducted applying CLA to network intrusion attacks, which involved logging the keystrokes of volunteer attackers across different simulated intrusions, breaking these down into specific behaviours and syntax, and using these to link individuals to their offences. The end result: the way you type commands, including your choice and order of syntax, switches, and options, can form distinctive behavioural signatures, which can be used to link attackers together. Linking accuracy rates as high as 99% were achieved.

Finally, I'll talk about the implications for both defenders and everyone else (particularly focusing on the privacy implications), explore ways in which these techniques could be defeated, and outline some ideas for future research in these areas.

Matt Wixey
Matt leads technical research for the PwC Cyber Security practice in the UK, works on its Ethical Hacking team, and is a PhD candidate at University College London. Prior to joining PwC, Matt led a technical R&D team for a law enforcement agency in the UK. His research interests include antivirus and sandboxing technologies, unconventional attack vectors, side-channels, and radio security.

@darkartlab


Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Saturday - 14:00-14:30


Beyond Adversarial Learning – Security Risks in AI Implementations

Kang Li

A year after we discovered and reported a bunch of CVEs related to deep learning frameworks, many security and AI researchers have started to pay more attention to the software security of AI systems. Unfortunately, many deep learning developers are still unaware of the risks buried in AI software implementations. For example, by inspecting a set of newly developed AI applications, such as image classification and voice recognition, we found that they make strong assumptions about the input format used by training and classifications. Attackers can easily manipulate the classification and recognition without putting any effort in adversarial learning. In fact the potential danger introduced by software bugs and lack of input validation is much more severe than a weakness in a deep learning model. This talks will show threat examples that produce various attack effects from evading classifications, to data leakage, and even to whole system compromises. We hope by demonstrate such threats and risks, we can draw developers’ attention to software implementations and call for community collaborative effort to improve software security of deep learning frameworks and AI applications.

Kang Li is a professor of computer science and the director of the Institute for Cybersecurity and Privacy at the University of Georgia.  His research results have been published at academic venues, such as IEEE S&P, ACM CCS and NDSS, as well as industrial conferences, such as BlackHat, SyScan, and ShmooCon.  Dr. Kang Li is the founder and mentor of multiple CTF security teams, including SecDawg and Blue-Lotus.  He was also a founder and player of the Team Disekt, a finalist team in the 2016 DARPA Cyber Grand Challenge.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Octavius 9 - Saturday - 20:00-19:59


Beyond the Lulz: Black-Hat Trolling, White-Hat Trolling, Attacking and Defending Our Attention Landscape

Saturday at 20:00 in Octavius 9
Fireside Hax |

Matt Goerzen Researcher, Data & Society

Dr. Jeanna Matthews Fellow at Data & Society, Associate Professor of Computer Science at Clarkson University

Joan Donovan Media Manipulation/Platform Accountability Research Lead, Data and Society in Manhattan

White hat or critical grey hat trolling? Trolling as art? Trolling as hybrid warfare? Trolling as propaganda? In this Fireside Hax, we will challenge your assumptions about trolling. Trolls are attention hackers, using social and technical means to bait journalists, set agendas, game media gatekeepers, and direct audiences. Sometimes they also have fun. We will discuss a range of trolling techniques like sockpuppeting, dogpiling, doxing, attention honeypots, and cognitive denial of service attacks that we have not seen concisely catalogued elsewhere. We will also discuss high-profile examples of trolling such as"training" the Microsoft Tay chatbot, fake Antifa accounts, Russian sockpuppet accounts, and Phineas Fisher's use of Hacking Team's twitter account--and ask attendees to consider each as black hat attacks or grey hat attempts to point out critical societal vulnerabilities that should be"patched." We will also talk about"troll the troll" accounts like ImposterBuster and YesYoureRacist and the role"white hat trolls" might play in auditing platforms or proposing platform-based controls. Time permitting, we will discuss art projects that trollishly critiqued the European Commission, Google AdSense, and the NSA. This will not be a lecture and it will not shy away from controversy. Join two members of the Media Manipulation Team at Data & Society to collectively consider the role trolling can play in pointing out the flaws in our attention/media landscape.

Matt Goerzen
Matt Goerzen studies trolling techniques and cultures as part of the Media Manipulation team at Data & Society. He's also applied many of the techniques in the art world, for example by once developing an absurdist AdSense campaign ostensibly designed to sell a hideous sculpture to art collector Shaquille O'Neal, but more accurately designed to piggyback off of free clickbait media attention to inform readers about psychometric ad tech practices. He has written an academic study of contemporary artists who function as what he calls"critical trolls," arguing that trolling can be seen as an extension of the politicized attentional strategies used by the 20th-century avant-garde. His current work at Data & Society focuses on mapping the way white supremacists and state actors have appropriated trolling techniques for use in influence operations as a form of"bottom-up agenda setting."

Dr. Jeanna Matthews
Jeanna Matthews is an associate professor of Computer Science at Clarkson University and a 2017-18 fellow at Data and Society where she has been collaborating with the Media Manipulation team. She was a speaker and DEF CON 23 and 24, both times on the topic of vulnerabilities in virtual networks. Her broader research interests include virtualization, cloud computing, computer security, computer networks, operating systems and algorithmic accountability and transparency. Jeanna received her Ph.D. in Computer Science from the University of California at Berkeley and is an ACM Distinguished Speaker.

@jeanna_matthews

Joan Donovan
Joan Donovan is the Media Manipulation/Platform Accountability Research Lead at Data and Society in Manhattan. After completing her PhD in Sociology and Science Studies at the University of California San Diego, she was a postdoctoral fellow at the UCLA Institute for Society and Genetics, where she researched white supremacists' use of DNA ancestry tests, social movements, and technology. For several years, Joan has conducted action research with different networked social movements in order to map and improve the communication infrastructures built by protesters. In her role as a participant, she identifies information bottlenecks, decodes algorithmic behavior, and connects organizations with other like-minded networks.


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Saturday - 17:00-17:45


Title: Biohacking the Disability

Speaker: Gabriel Bergel
About Gabriel:
Gabriel Bergel is a System Engineer, Master in Cybersecurity from the IMF Business School and the Camilo José Cela University (Spain) and has 15 years
of experience in different areas of information security. He regularly speakers in courses, workshops and forums on information security in different
institutions, universities and national and international events. Currently he is Chief Executive Officer (CEO) of Vulnscope, Chief Strategy Officer (CSO)
of Dreamlab Technologies, and Chief Security Ambassador (CSA) of Eleven Paths, Director of Public Policies in Whilolab and Founder and Organizer of 8.8 Computer
Security Conference.
Speaker: Rodrigo Quevedo:
About Rodrigo:
Specialist in technological architecture and management, entrepreneur, teacher, inventor and mentor of scientific talents, with a high social and service vocation, fully dedicated to the development of mechatronics and robotics technology in different fields, for 10 years he has trained more than 3000 young people in Chile, Peru, Bolivia and Colombia,
allowing more than 700 young people to travel to the USA to compete in robotic tournaments, forming 34 teams that have competed in national and international tournaments, obtaining various awards in Japan, USA and Chile. Speaker at various universities, colleges, innovation and entrepreneurship events, national and international. Interviewed by different
means of print and television, national and international. Guest writer of technological columns in various specialized magazines. Inventor of 14 products, including MIVOS, bidirectional automatic translator of signlanguage for deaf people.
Abstract:
"The talk is about the project “Over Mind”. That it is a neuro wheelchair control software developed to help people with different physical abilities who have reduced mobility and use wheelchairs, by capturing data provided by neuro sensors or other sources of information, the software converts them into an order of movement to one or several engines, allowing the movement of a wheelchair. “Over Mind” will allow you to control any adapted electric wheelchair. You can also control an exoskeleton or other mechanism that facilitates the mobility of people. We have managed to control a high-tech robot using our Over Mind software and using a sensor provided by Neurosky
The Problem:
The 1% of the world population cannot move by itself, for various reasons such as Amyotrophic lateral sclerosis (ALS), accidents and others, 50,000,000 people.
Over Mind is a a low-cost technology/system developed in Chile, designed to give mobility to 1% of the world population, increasing its available physical capacities allowing people with zero or reduced mobility to MOVE and carry out activities on their own, granting freedom and autonomy.
The year 2016 Over Mind participated in the contest ""An idea to change history"", organized by History Channel together with 5,800 projects and it was the only Chilean project that finished among the four finalists."

Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Saturday - 12:30-12:59


Bitsquatting: Passive DNS Hijacking

Ed Miles, Security Researcher at DiDi Labs

The Domain Name System is one of the foundational technologies that allow the internet to function, but unfortunately, DNS is surprisingly brittle to certain issues, such as bitsquatting.

Lookups to names that are a "bitflip" away from well-known sites (like 'amczon.com' instead of 'amazon.com' since 'c' and 'a have a single bit difference) can be caused by memory failing due to defect or overheating situations, rogue cosmic rays, or even (allegedly) radiation caused by nuclear reactions.

I was curious how realistic the last case really was - can we 'detect' active nuclear tests based solely on bitsquatting data? To find out, I revisited bitsquatting. First I'll briefly introduce the key concepts required for understanding bitsquatting (including ASCII, DNS and HTTP, Internet infrastructure, and memory error scenarios). I'll show the tools and techniques used to identify and register over 30 newly identified bitsquat domains, monitor DNS and HTTP requests, and process, enrich, and investigate the data. Finally, I will discuss any observations gathered from the data, with a focus on regional trends, specific devices, and current events - and try and see if I could prove any correlation.

In the end, attendees should leave with knowledge of the prevalence of bitsquatting and how it has evolved since the phrase was coined 8 years ago, as well as a few techniques for analyzing bitsquatting data and drawing some interesting conclusions.

Ed Miles (Twitter: @criznash) is a researcher at DiDi Chuxing's California-based DiDi Labs. Working in technology professionally since 2001, and as a hobbyist since 1991, Ed has been focused on forensics, incident response, malware analysis, reverse engineering, and detection since 2010.


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Flamingo - 3rd Floor - Carson City Rm - Saturday - 20:30-26:30


Title:
BlanketFortCon

Check your ego at the door, grab some building materials and join in the celebration of the creativity and originality that is the pillow fort! A host of DJs will be spinning from a pirate ship as you share and create your own unique environment. All aboard!
More Info: BlanketFortCon.com

Return to Index    -    Add to    -    ics Calendar file

 

WLV - Caesars Promenade Level - Milano BR 5,6 - Saturday - 15:30-15:55


Ryan Holeman

Bio

Ryan Holeman resides in Austin Texas where he works as the Global Head of Security Intelligence for Atlassian's Security team. He is also an advisor for the endpoint security software company Ziften Technologies. He received a Masters of Science in Software Engineering from Kent State University. His graduate research and masters thesis focused on C++ template metaprograming. He has spoken at many respected venues such as Black Hat, DEF CON, Lockdown, BSides, Ruxcon, Notacon, and Shmoocon. He has also published papers though venues such as ICSM and ICPC . You can keep up with his current activity, open source contributions and general news on his blog. His spare time is mostly spent digging into various network protocols, random hacking, creating art, and shredding local skateparks.

@hackgnar

BLE CTF

Abstract

The purpose of BLE CTF (https://github.com/hackgnar/ble_ctf) is to teach the core concepts of Bluetooth low energy client and server interactions. While it has also been built to be fun, it was built with the intent to teach and reinforce core concepts that are needed to plunge into the world of Bluetooth hacking. After completing this CTF, you should have everything you need to start fiddling with any BLE GATT device you can find.


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 12:00-13:50


BLEMystique—Affordable custom BLE target

Saturday 08/11/18 from 1200-1350 at Table Five
Attack and Defence

Nishant Sharma

Jeswin Mathai

BLEMystique is an ESP32 based custom BLE target which can be configured by the user to behave like one of the multiple BLE devices. BLEMystique allows a pentester to play with the BLE side of different kind of smart devices with a single piece of affordable ESP32 chip. BLEMystique contains multiple device profiles, for example, Smart Lock, Smart health band, Smart bulb, Heart rate monitor, Smart Bottle and more.

The BLEMystique code and manuals will be released to general public. So, apart from using the pre-configured devices, the users can also add support for devices for their choice and use their ESP32 board for target practice. In this manner, this tool can improve the overall experience of learning BLE pentesting.

Nishant Sharma
Nishant Sharma is a Technical Manager at Pentester Academy and Hacker Arsenal where he leads the development of multiple gadgets for WiFi pentesting such as WiMonitor, WiNX, WiMini and course/training content. He has presented/published his work at Blackhat Arsenal, Wireless Village, IoT village and Demo labs (DEFCON). Prior to joining Pentester Academy, he worked as a firmware developer at Mojo Networks where he contributed in developing new features for the enterprise-grade WiFi APs and maintaining the WIPS solution. He has a Master degree in Information Security from IIIT Delhi. He has also published peer-reviewed academic research on HMAC security. His areas of interest include WiFi and IoT security, AD security, forensics and cryptography.

Jeswin Mathai
Jeswin Mathai is a Researcher at Pentester Academy. He has a Bachelor degree from IIIT Bhubaneswar. He was the team lead at InfoSec Society IIIT Bhubaneswar in association with CDAC and ISEA, which performed security auditing of government portals and conducted awareness workshops for government institutions. He was also the part of team Pied Piper who won Smart India Hackathon 2017, a national level competition organized by GoI. His area of interest includes Malware Analysis and Reverse Engineering, Cryptography, WiFi security and Web Application Security.


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Friday - 13:30-14:15


Title: Blue Team Bio: Using Kill-Chain Methodology to Stop Bioterrorism

Speaker: Mr. Br!ml3y
Abstract:
Editing genes is getting easier as knowledge of various genomes and technology advance. Malicious actors creating novel or custom infectious agents are a growing concern. This presentation explores use of Cyber Kill Chain methodology
to detect and disrupt potential bioterrorist activities. Each link in the chain is defined and examined to identify potential attack indicators and countermeasures, discussing notable bottlenecks in each step. The goal is to
apply existing information security knowledge and paradigms to counter the would-be bioterrorist. This talk will include brief discussions of current gene editing methods (CRISPR-CAS9, ZINCFINGER) for the lay person. Familiarity with the Cyber Kill Chain would be useful.

Return to Index    -    Add to    -    ics Calendar file

 

WLV - Caesars Promenade Level - Milano BR 5,6 - Friday - 18:00-18:55


Blue_Sonar

Abstract

BlueTooth is everywhere, it is in all of our pockets and the only protection most use is not being in discoverable mode. This will be a talk on enumeration, tracking non-discoverable Bluetooth devices, as well as an operators perspective on some awesome use cases for Blue_Sonar. Of course it is already in Pentoo. This talk is imperative for those in the WCTF, because you will need this tool to find many of the BlueTooth foxes.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Saturday - 15:00-15:45


Booby Trapping Boxes

Saturday at 15:00 in Track 3
45 minutes | Demo, Tool

Ladar Levison Founder, Lavabit LLC

hon1nbo Proprietor, Hacking & Coffee LLC

Ever worry about the hardware you leave behind? In a world where servers are co-located, and notebooks get left in hotel rooms, the ability to resist tampering, and if necessary actively respond to attack, has become increasingly important. And of course everybody knows the best booby traps are the ones you don't know are there. This talk will prepare you for life in 1984, where the maids are evil, and step brothers can't be trusted. Whether your running servers as a high value target, or simply want to protect your Monero private key, this talk will show you to achieve FIPS 140-2 level 4 security, without the FIPS 140-2 level 4 price tag. Specifically, we'll cover acquisition considerations, physical hardening, firmware mitigation, tamper detection and more.

Ladar Levison
Ladar Levison serves as the founder, president, and chief executive of Lavabit, where he has worked the past 14 years. Founded in 2004 (and originally called Nerdshack), Lavabit was created because Mr. Levison believes that privacy is a fundamental, necessary right for a functioning, free and fair democratic society. Presently, Mr. Levison is focused on Lavabit's Dark Mail Initiative, which aims to make end-to-end email encryption automatic and ubiquitous, while continuing to vigorously advocate for the privacy and free speech rights of all. Mr. Levison’s involvement in the internet can be traced to the early days of the world wide web, when he built his first website, in the early nineties for the fledgling Mosiac web browser (from the National Center for Supercomputing Applications).

Prior, Mr. Levison operated a dialup bulletin board service, and worked as a computer technician assembling custom computer systems. With more than 10 years of experience as an independent consultant, Mr. Levison has brought to bear his skills as a project manager, business analyst, systems engineer, software developer, database administrator, systems administrator, and information security specialist.

Mr. Levison’s career has involved working with several dozen multinational companies in the financial, consumer electronics, and retail sectors. The websites Mr. Levison built have drawn millions of visitors, and the software he's written has touched, albeit behind the scenes, the lives of millions more. Over the years, Mr. Levison has written and published numerous technical specifications and authored several editorial pieces. Mr. Levison frequently speaks at a variety of conferences, has appeared as an expert on numerous network television shows, and appeared in several documentaries; including the Oscar winning film, /Citizenfour/.

Mr. Levison has also been involved with several popular free open source software projects. Mr. Levison holds fifteen certifications, with the vast majority from Microsoft and International Business Machines. Mr. Levison received his Bachelor of Arts and Bachelor of Science degrees from Southern Methodist University, where he studied finance, English, political science and computer science. Additionally, Mr. Levison spent a year studying international relations at Georgetown University. A native of San Francisco, California, he currently resides in Dallas, Texas where he lives with his best friend, and principal cheerleader, Princess, the Italian Greyhound he rescued in 2010.

Twitter: @kingladar
Facebook: kingladar
Website: https://lavabit.com

hon1nbo
Hon1nbo is a hacker who tinkers for fun and to satisfy the basic human need to light things on fire. Hon1nbo allegedly has a job, where they get paid to take selfies in other people’s secure vaults in the middle of the night. We don’t know if this job is real, or merely a cover story. This possible delusion has taken them around the world entering into some of the largest organizations in both people size and technical expanse, using every possible entry method at their disposal. No domain left without an admin, no email left without a phish, and every office a wolf tail hiding in the air vents.

In addition to their night job, Hon1nbo runs Hacking & Coffee, a small hosting firm in Texas, where excess network capacity abounds, to perform security research and mirror F/OSS repositories. They also provide infrastructure support to a variety community projects, small businesses, and student groups.

A wild Hon1nbo can be spotted at DEF CON, its natural habitat, and identified via their purple tail, ears, and getting into shenanigans.

Twitter: @hon1nbo
Facebook: hon1nbo
Website: https://hackingand.coffee
Species: Wolf-Dog
Pronouns: them/their/schlee/generalisimo whatever be consistent


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 16:00-17:50


boofuzz

Saturday 08/11/18 from 1600-1750 at Table Five
Vulnerability Analysis, AppSec, Offense.

Joshua Pereyda

boofuzz is an open source network protocol fuzzing framework, competing with closed source commercial products like Defensics and Peach.

Inheriting from the open source tools Spike and Sulley, boofuzz improves on a long line of block-based fuzzing frameworks.

The framework allows hackers to specify protocol formats, and boofuzz does the heavy lifting of generating mutations specific to the format. boofuzz makes developing protocol-specific "smart" fuzzers relatively easy. Make no mistake, designing a smart network protocol fuzzer is no trivial task, but boofuzz provides a solid foundation for producing quality fuzzers.

Written in Python, boofuzz builds on its predecessor, Sulley, with key features including:

https://github.com/jtpereyda/boofuzz

Joshua Pereyda
Joshua is a software engineer specializing in information and network security. He has worked in the critical infrastructure and cloud computing industries with employers heavily invested in software and hardware security. He currently hunts vulnerabilities full time. Among his passions are hacking, teaching kids to program, listening to upper-crust orchestral performances with his wife, and figuring out how he can get paid to do it all... legally.


Return to Index    -    Add to    -    ics Calendar file

 

Service - Vendors Area - No Starch Press Table - Friday - 12:00-12:59


Title:
Book Signing - Craig Smith - The Car Hacker's Handbook

No description available
Return to Index    -    Add to    -    ics Calendar file

 

Service - Vendors Area - No Starch Press Table - Friday - 14:30-15:59


Title:
Book Signing - Elissa Shevinsky - Lean Out

No description available
Return to Index    -    Add to    -    ics Calendar file

 

Service - Vendors Area - No Starch Press Table - Friday - 14:30-15:59


Title:
Book Signing - Georgia Weidman - Penetration Testing

No description available
Return to Index    -    Add to    -    ics Calendar file

 

Service - Vendors Area - No Starch Press Table - Saturday - 13:00-13:59


Title:
Book Signing - Nick Cano - Game Hacking

No description available
Return to Index    -    Add to    -    ics Calendar file

 

Service - Vendors Area - No Starch Press Table - Friday - 14:30-15:59


Title:
Book Signing - Tarah Wheeler, with Keren Elazari - Women in Tech

No description available
Return to Index    -    Add to    -    ics Calendar file

 

Service - Vendors Area - No Starch Press Table - Friday - 13:00-14:30


Title:
Book Signing - Travis Goodspeed - PoC || GTFO

Travis Goodspeed
Return to Index    -    Add to    -    ics Calendar file

 

Service - Vendors Area - No Starch Press Table - Friday - 14:30-15:59


Title:
Book Signing - Violet Blue - The Smart Girls's Guide to Privacy

No description available
Return to Index    -    Add to    -    ics Calendar file

 

Meetup - HHV - Caesars Pool Level - Forum 17-19 - Sunday - 10:30-10:59


Title:
Breakfast at Defcon

Sunday's cure for the @defcon hangover is our annual #BreakfastAtDefcon. Join @Hackaday and @Tindie in the Hardware Hacking Village on Sunday at 10:30!
More Info: https://hackaday.com/2018/08/08/sunday-breakfast-at-def-con-2/

Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Sunday - 11:00-11:45


Breaking Extreme Networks WingOS: How to own millions of devices running on Aircrafts, Government, Smart cities and more.

Sunday at 11:00 in Track 1
45 minutes | Demo, Exploit

Josep Pi Rodriguez Senior security consultant, IOActive

Extreme network's embedded WingOS (Originally created by Motorola) is an operating system used in several wireless devices such as access points and controllers. This OS is being used in Motorola devices, Zebra devices and Extreme network's devices. This research started focusing in an access point widely used in many Aircrafts by several worldwide airlines but ended up in something bigger in terms of devices affected as this embedded operating system is not only used in AP's for Aircrafts but also in Healthcare, Government, Transportation, Smart cities, small to big enterprises... and more.

Based on public information, we will see how vulnerable devices are actively used (outdoors) in big cities around the world. But also in Universities, Hotels,Casinos, Big companies, Mines, Hospitals and provides the Wi-Fi access for places such as the New york City Subway.

In this presentation we will show with technical details how several critical vulnerabilities were found in this embedded OS. First we will introduce some internals and details about the OS and then we will show the techniques used to reverse engineering the mipsN32 ABI code for the Cavium Octeon processor. It will be discussed how some code was emulated to detect how a dynamic password is generated with a cryptographic algorithm for a root shell backdoor. Besides, it will be shown how some protocols used by some services were reverse engineered to find unauthenticated heap and stack overflow vulnerabilities that could be exploitable trough Wireless or Ethernet connection.

This OS also uses a proprietary layer 2/3 protocol called MiNT. This protocol is used for communication between WingOS devices through VLAN or IP. This protocol was also reverse engineered and remote heap/stack overflow vulnerabilities were found on services using this protocol and will be shown. As a live demonstration, 2 devices will be used to exploit a remote stack overflow chaining several vulnerabilities as the attacker could do inside an aircraft (or other scenarios) through the Wi-Fi. As there are not public shellcodes for mipsN32 ABI, the particularities of creating a Shellcode for mipsN32 ABI will be also discussed.

Josep Pi Rodriguez
Josep Pi Rodriguez is experienced in network penetration and web application testing, reverse engineering, industrial control systems, transportation, RF, embedded systems, vulnerability research, exploit development, and malware analysis. As a senior consultant at IOActive, Mr. Rodriguez performs penetration testing, identifies system vulnerabilities and researches cutting-edge technologies. Mr. Rodriguez has performed security services and penetration tests for numerous global organizations and a wide range of financial, technical, and educational institutions. He has presented at international conferences including Immunity infiltrate, Hack in paris and Japan CCDS iot conference.


Return to Index    -    Add to    -    ics Calendar file

 

HHV - Caesars Pool Level - Forum 17-21 - Saturday - 15:00-15:30


Breaking In: Building a home lab without having to rob a bank

Bryan Austin

Abstract

Building a home lab is critical to making you as a hacker better, but between space, hardware costs and learning it can quickly become an expensive habit. This talk will aim to show you some of the low cost options to learning the skills of the trade, and a bit of the mindset you need to finish that project.

Bio

Bryan Austin is an information security researcher with a background in electronics, threat analysis, social engineering, working with at-risk children, mentorship and research. He is also the co-founder of Through the Hacking Glass, a free mentorship community partnered with Peerlyst. By day, he secures people and organizations against scammers and hackers but by night he works with children with behavioral issues and a variety of other challenges. When not crusading against internet evil doers, he enjoys hiking, Taekwondo, and hacking with his beautiful wife and 3 amazing children.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Friday - 12:00-12:45


Breaking Parser Logic: Take Your Path Normalization Off and Pop 0days Out!

Friday at 12 in Track 2
45 minutes | Demo, Tool, Exploit

Orange Tsai Security Researcher from DEVCORE

We propose a new exploit technique that brings a whole-new attack surface to defeat path normalization, which is complicated in implementation due to many implicit properties and edge cases. This complication, being under-estimated or ignored by developers for a long time, has made our proposed attack vector possible, lethal, and general. Therefore, many 0days have been discovered via this approach in popular web frameworks written in trending programming languages, including Python, Ruby, Java, and JavaScript.

Being a very fundamental problem that exists in path normalization logic, sophisticated web frameworks can also suffer. For example, we've found various 0days on Java Spring Framework, Ruby on Rails, Next.js, and Python aiohttp, just to name a few. This general technique can also adapt to multi-layered web architecture, such as using Nginx or Apache as a proxy for Tomcat. In that case, reverse proxy protections can be bypassed. To make things worse, we're able to chain path normalization bugs to bypass authentication and achieve RCE in real world Bug Bounty Programs. Several scenarios will be demonstrated to illustrate how path normalization can be exploited to achieve sensitive information disclosure, SMB-Relay and RCE.

Understanding the basics of this technique, the audience won't be surprised to know that more than 10 vulnerabilities have been found in sophisticated frameworks and multi-layered web architectures aforementioned via this technique.

Orange Tsai
Cheng-Da Tsai, also as known as Orange Tsai, is member of DEVCORE and CHROOT from Taiwan. He has spoken at conferences such as Black Hat USA, Black Hat ASIA, DEF CON, HITCON, HITB, CODEBLUE and WooYun. He participates in numerous Capture-the-Flags (CTF), and won 2nd place in DEF CON 22/25 as team member of HITCON.

Currently, he is focusing on vulnerability research and web application security. Orange enjoys finding vulnerabilities and participating in Bug Bounty Programs. He is enthusiastic about Remote Code Execution (RCE), and uncovered RCEs in several vendors, such as Facebook, Uber, Apple, GitHub, Amazon, Yahoo and Imgur.

@orange_8361, Blog: http://blog.orange.tw/


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Sunday - 12:00-12:45


Breaking Smart Speakers: We are Listening to You.

Sunday at 12:00 in 101 Track, Flamingo
45 minutes | Demo, Exploit

Wu HuiYu Security Researcher At Tencent Blade Team

Qian Wenxiang Security Researcher At Tencent Blade Team

In the past two years, smart speakers have become the most popular IoT device, Amazon_ Google and Apple have introduced their own smart speaker products. Most of these smart speakers have natural language recognition, chat, music playback, IoT device control, shopping, and so on. Manufacturers use artificial intelligence technology to make smart speakers have similar human capabilities in the chat conversation. However, with the smart speakers coming into more and more homes, and the function is becoming more powerful, its security has been questioned by many people. People are worried that smart speakers will be hacked to leak their privacy, and our research proves that this concern is very necessary.

In this talk, we will present how to use multiple vulnerabilities to achieve remote attack some of the most popular smart speakers. Our final attack effects include silent listening, control speaker speaking content and other demonstrations. And we're also going to talk about how to extract firmware from BGA packages Flash chips such as EMMC, EMCP, NAND Flash, etc. In addition, it contains how to turn on debug interfaces and get root privileges by modifying firmware content and Re-soldering Flash chips, which can be of great help for subsequent vulnerability analysis and debugging. Finally, we will play several demo videos to demonstrate how we can remotely access some Smart Speaker Root permissions and use smart speakers for eavesdropping and playing voice.

Wu HuiYu
Wu HuiYu is a security researcher at Tencent Blade Team of Tencent Security Platform Department. Now his job is mainly focus on IoT security research and mobile security research. He is also a bug hunter, winner of GeekPwn 2015, and speaker of HITB 2018 AMS & POC2017.

Qian Wenxiang
Qian Wenxiang is a security researcher at the Tencent Blade Team of Tencent Security Platform Department. His is focusing on security research of IoT devices. He also performed security audits for web browsers. He was on the top 100 of annual MSRC list (2016 & 2017 ). He published a book called "Whitehat Talk About Web Browser Security ".


Return to Index    -    Add to    -    ics Calendar file

 

Meetup - Caesars - Promenade Level - Livorno/Village Talks Rm - Thursday - 16:00-16:59


Title:
BruCamp

A play within a play, this Meetup is for conference organizers to come together and share their best ideas, tips and methods of running their cons in a social environment. The goal is to help improve teh conference experiences for all and to help take away some of the headaches in running a con. A great gathering for con organization veterans as well as anyone looking to start their own con.

Return to Index    -    Add to    -    ics Calendar file

 

WLV - Caesars Promenade Level - Milano BR 5,6 - Friday - 12:00-12:25


stev0

Bio

Ops guy and security hobbyist

@_stevo
piClicker Github

BSSI [Brain Signal Strength Indicator] - finding foxes with acoustic help (piClicker)

Abstract

Present, and (hopefully) Demo using a raspberry pi to detect wifi signal strength via audio click frequency.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Saturday - 12:10-12:55


Bug Bounty Hunting on Steroids - Anshuman Bhartiya and Glenn ‘devalias’ Grant

Bug bounty programs are a hot topic these days. More and more companies are realizing the benefits of running a program, and researchers are jumping at the opportunity to grab some swag and make some extra cash from the bugs they find. Reporting security issues has never been as easy, open, and risk-free as it is right now. Everybody wins!

Though that doesn’t mean we should stop there. As researchers, we spend a lot of time doing the same menial tasks for each program: monitoring for new targets, checking for common issues, remembering just which flags you needed to pass to that tool (or even which tool is best for that job). We build new tools, hack together shell scripts, and generally make small incremental changes to our process. But surely there’s a better approach?

Are you sick of repeating the same tedious tasks over and over? Wouldn’t it be nice to have your own bug hunting machine? One that -

We call this approach Bug Bounty Hunting on Steroids. We will discuss our research and approach to building such a machine, sharing some of the lessons we learned along the way. x


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon A - Saturday - 14:30-18:30


Build Your Own OpticSpy Receiver Module

Saturday, 1430-1830 in Icon A

Joe Grand Grand Idea Studio

OpticSpy is an open source hardware module for experimenting with optical data transmissions. It captures, amplifies, and converts an optical signal from a visible or infrared light source into a digital form that can be analyzed or decoded with a computer. With OpticSpy, electronics hobbyists and hardware hackers can search for covert channels, which intentionally exfiltrate data in a way undetectable to the human eye, add data transfer functionality to a project, or explore signals from remote controls and other systems that send information through light waves.

In this workshop, creator Joe Grand will present a brief history of the project and then guide you through the process of building, calibrating, and testing your own kit version of OpticSpy.

Prerequisites: None. No prior soldering experience necessary.

Materials: None

Max students: 12

Registration: -CLASS FULL- https://www.eventbrite.com/e/build-your-own-opticspy-receiver-module-icon-a-tickets-47193834028
(Opens July 8, 2018 at 15:00 PDT)

Joe Grand
Joe Grand (@joegrand), also known as Kingpin, is a computer engineer, hardware hacker, former DEFCON badge designer, teacher, advisor, runner, daddy, honorary doctor, TV host, member of legendary hacker group L0pht Heavy Industries, and the proprietor of Grand Idea Studio (grandideastudio.com). He has been creating, exploring, and manipulating electronic systems since the 1980s.


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Saturday - 18:30-19:15


Title: Building a Better Bedside - The Blue Team Needs a Plan B

Speaker: Nick Delewski and Saurabh Harit
Abstract:
While important changes may be afoot in the US regulatory environment for medical devices, which should hopefully allow more people to make informed decisions regarding patient safety, many CISOs, security engineers, and network admins have to live day to day in the world we have, not the world we wish for. There have been multiple presentations in the last few years about the details of medical device security that have rightly put the onus on manufacturers to provide long term fixes. However, we wonder if there are ways to create a more defensible and hardened hospital room until the notoriously slow regulatory process gains traction.We’ve done deep dives into specific medical devices and we’ve done pentests in several hospital systems. In our experience, we have noticed broad classes of common vulnerabilities across bedside equipment that transcend any one device or class of device. Input validation errors, buggy network stacks, and low-bandwidth links can be found in systems that monitor vitals, administer medications, or in components that glue disparate systems together. A long awaited patch may fix one vulnerability only for the hospital to bring in a different device for clinical or financial reasons, and wash-rinse-repeat. It’s not enough for one or two manufacturers to step up the security game if they are feeding data into other unreliable systems, and it will be a while before everyone is at the same level. We are dedicated red teamers, and we may feel the pain of those in the blue team trying to do the right thing, but we don’t know what it’s like to live in your shoes. In this talk, we will explain, in broad terms, vulnerabilities that we have seen and how we recommend remediating them. But we don’t want you to leave this session feeling that we are talking down to the defenders. We want you to have a seat at the table and share how you handle the unknown in your environment.

Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Saturday - 13:30-14:00


Title:
Building a Cryptographic Backdoor in OpenSSL

1:30pm

Building a Cryptographic Backdoor in OpenSSL
When
Sat, August 11, 1:30pm 2:00pm
Description
Speakers
-------
Lei Shi
Allen Cai

Abstract
--------
Unlike common examples of a backdoor, cryptographic backdoors are the field of surreptitiosly weakening cryptographic systems such as deliberately inserting vulnerabilities to a pseudorandom number gen-erator to make cryptanalysis easier. OpenSSL as become since many years ago, the defacto library/tool for implementing cryptographic protocols into our applications and secure them. In this talk, we will try to modify the code of OpenSSL to bulid a new method of cryptographic backdoor, and then the attacker can easy decrypt the encryption data by RSA or ECC.

Bio
-----------------
Lei Shi is a security researcher of 360-CERT, mainly focus on cryptography security and vulnerability discovery. He has discovered 100+ bugs and gained 20+ CVEs(E.g: SSL Death Alert) from OpenSSL, OpenSSH, VMware. He obsesses with math and computer security, and currently is working on Windows Search protocol security, Linux kernel security and development of vulnerability discovery tools. He has made talks at BlueHat2017, SysCAN.

Twitter handle of presenter(s)
------------------------------
cyg0x7

Website of presenter(s) or content
----------------------------------
https://cert.360.cn

Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Saturday - 14:00-14:30


Building A Teaching SOC

Andrew Johnson, Information Security Officer at Carnegie Mellon University

Effective security monitoring is an ongoing process. How do you get everyone participating? How do you on-board junior colleagues to continuous improvement? The purpose of this presentation is to show methods for encouraging participation from all members of the security monitoring team as well as tactics for communicating effective with the organization.

Andrew Johnson (Twitter: @pierogipowered) is implementing a dedicated security operations team at Carnegie Mellon University. The security operations group has a dual focus on both the traditional aspect of securing the university as well as a focus on training student colleagues on the practical application of their degree. Prior to Carnegie Mellon University, Andrew was with HM Health Solutions. He had been responsible for creating a security operations platform in the heavily regulated health insurance/provider space. Andrew is a co-organizer for the BSides Pittsburgh (@bsidespgh) conference and enjoys recreational cycling and cooking when not participating in information security related activities.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - 101 Track - Saturday - 12:00-12:45


Building Absurd Christmas Light Shows

Saturday at 12:00 in 101 Track
45 minutes

Rob Joyce

Learn about the elements that go into a computerized light display and how you outfit your own house with dazzling blinking lights set to music.  Components of the show are individually explained and live demonstrations of the technology are on display.  Come get inspired to computerize your  own holiday cheer!

Rob Joyce
Rob Joyce (@RGB_Lights) has been with the Nation Security Agency (NSA) for 29 years and has led organizations doing both foreign intelligence and cybersecurity work.  He is the Senior Advisor for Cybersecurity, having recently returned from the White House as the Cybersecurity Coordinator where he worked national policy, synchronizing activity across the government and partners.  His previous assignment was leading Tailored Access Operations (TAO), the organization developing tools, techniques and capabilities to exploit computers for NSA's foreign intelligence mission.  Prior to that, he was the Deputy Director for Information Assurance, overseeing the protection of national security systems, which includes the nation's cryptographic key material, classified networks and warfighting networks.  In his spare time, Rob builds a computerized Christmas light show.  His most recent display was likely visible from the International Space Station. In addition to an infatuation with Christmas light displays, he helped a Boy Scout troop built catapults for the annual Punkin Chunkin competition until lawyers ruined it for all of us.


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon E - Thursday - 10:00-13:59


Building Autonomous AppSec Test Pipelines with the Robot Framework

Thursday, 1000-1400 in Icon E

Abhay Bhargav CTO, we45

Sharath Kumar Ramadas Senior Solutions Engineer, we45

It is common knowledge that automating security testing, especially for rapid-release applications is an essential requirement from multiple perspectives. One perspective is that of security testing in a Continuous Delivery Pipeline (as part of CI/CD) and the other is the perspective of a Penetration Tester. In a CI/CD Pipeline, one would like security tests to be triggered in an automated manner. These tests should provide information related to application vulnerabilities to engineering teams, early in the SDL (Software Development Lifecycle), preferably before these apps are deployed to production. From the perspective of the Pentester, there is the obvious shortage of time and resources. Pentesters spend a lot of time repeating standard manual processes, thereby losing out on time to perform more deep, insightful analysis of the target application to uncover serious security flaws. Targeted Automation, can be very useful for a Pentester as well.

Prerequisites: Basic Knowledge of Application Security Testing Techniques

Materials: Laptop with Virtualbox loaded - VM will be provided

Max students: 33

Registration: -CLASS FULL- https://www.eventbrite.com/e/building-autonomous-appsec-test-pipelines-with-the-robot-framework-icon-e-tickets-47086284344
(Opens July 8, 2018 at 15:00 PDT)

Abhay Bhargav
Abhay Bhargav is the CTO of we45, a focused Application Security company. Abhay is the author of two international publications. "Secure Java for Web Application Development" and "PCI Compliance: A Definitive Guide". Abhay is a builder and breaker of applications, and has authored multiple applications in Django and NodeJS. He is the Chief Architect of "Orchestron", a leading Application Vulnerability Correlation and Orchestration Framework. He is a passionate Pythonista and loves the idea of automation in security. This passion prompted him to author the world's first hands-on Security in DevOps training that has been delivered in multiple locations, and recently as a highly successful training programs at the OWASP AppSecUSA 2016, OWASP AppSec EU and USA 2017. Abhay recently delivered a workshop on SecDevOps at DEFCON 25. In addition , Abhay speaks regularly at industry events including OWASP, ISACA, Oracle OpenWorld, JavaOne, and others.

Sharath Kumar Ramadas
Sharath is a Senior Solutions Engineer at we45. As part of his role, Sharath has architected and developed multiple solutions around security engineering, including an Application Vulnerability Correlation tool called Orchestron. As part of his experience with Application Security, Sharath has developed integrations for multiple security products including DAST, SAST, SCA and Cloud environments, In addition, Sharath has extensive experience with Cloud Deployments and Container Native Deployments. As part of his role in a security organization, Sharath has led teams that have created intentionally vulnerable apps for CTF competitions both inside and outside the organization.


Return to Index    -    Add to    -    ics Calendar file

 

HHV - Caesars Pool Level - Forum 17-21 - Saturday - 18:00-18:45


Building Drones the Hard Way

No description available


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon C - Saturday - 14:30-18:30


Building Environmentally Responsive Implants with Gscript

Saturday, 1430-1830 in Icon C

Dan Borges

Alex Levinson Senior Security Engineer, Uber

Attendees to this workshop will experience a step by step walk through in setting up a Gscript build environment (which will include the Golang programing language as a requirement, along with the required libraries). Subsequently, attendees will obtain a basic overview of the Gscript capabilities in using conditional logic to navigate within, and deploy persistence mechanisms upon, target hosts.

Upon completion, each attendee will depart with a laptop (whichever one they brought _)containing a full Gscript build & testing environment, and at least 1 custom Gscript of their own design and purpose.

Prerequisites:
1. A general understanding of what an implant is, and how to use one.
2. Experience with Javascript
3. Experience with Metasploit and or meterpreter is a plus
4. Experience with the Golang programing language is also a plus

Materials: A laptop with an ethernet port

Max students: 66

Registration: -CLASS FULL- https://www.eventbrite.com/e/building-environmentally-responsive-implants-with-gscript-icon-c-tickets-47194616368
(Opens July 8, 2018 at 15:00 PDT)

Dan Borges
Dan Borges is an information security professional with over 15 years in computer science. Dan participates in a number of cyber security competitions each year, from being on the National CCDC Red Team, to leading a Blue Team in Pros Versus Joes, and helping run the Collegiate Penetration Testing Competition (CPTC). He has been publishing a blog on infosec education for more than 10 years.

Alex Levinson
Alex Levinson is a Senior Security Engineer at Uber with experience in red teaming, software engineering, and incident response. Outside of Uber, he is a core member of the red team for the National Collegiate Cyber Defense Competition (CCDC), as well as the Competition Director for the Collegiate Penetration Testing Competition (CPTC). Previously, Alex worked as a Senior Consultant and Development Manager at Lares Consulting.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Thursday - 15:00-15:30


Building the Hacker Tracker

Thursday at 15:00 in 101 Track, Flamingo
20 minutes |

Whitney Champion Senior Systems Engineer

Seth Law Application Security Consultant, Redpoint Security

In 2012, back when DEF CON still fit in the Riviera (RIP), I recognized a gap to fill. I wanted to create a mobile version of the paper DEF CON booklet that everyone could use at the con.

I was unable to attend the conference that year. I was 8 months pregnant with my first child, and because I couldn't be there in person, I spent a lot of time wishing I was.

So I built it. I spent countless hours pouring my heart into what became the Hacker Tracker, shiny graphics and all, and was committing code up until the minute I went into labor.

Fast forward a few years: Seth was frustrated with the lack of a mobile app for iOS while attending DEF CON. Subsequently, he found the Android version of Hacker Tracker and reached out to me about creating an iOS version. I was thrilled that someone wanted to join me and help grow the project. Not long after that, I recruited Chris to work on the app as well.

Now, 6 years since its inception, a small team supports the app development across iOS and Android and the apps are being used by half a dozen different conferences, representing several thousand users.

From nothing to something, we've experienced quite a bit in 6 years. Join us as we share our moments of joy, fear, and panic,"things not to do", and more.

Whitney Champion
Whitney is a systems architect in South Carolina. She has held several roles throughout her career- security engineer, systems engineer, mobile developer, cloud architect, consulting architect, to name a few. In the last 15 years, she has worked on operations teams, support teams, development teams, and consulting teams, in both the private and public sector, supporting anywhere from a handful of users to hundreds of thousands. No matter the role, security has always been an area of passion and focus.

@shortxstack

Seth Law
Seth is an independent security consultant with Redpoint Security in Salt Lake City, where he performs security research and consulting for a various clients. He spends the majority of his time thinking up ways to exploit and secure applications, but has been known to pull out an IDE as the need arises. Over the course of his career, Seth has honed application security skills using offensive and defensive techniques, including tool development and research. He has an (un)healthy obsession with all things security related and regularly heads down the rabbit hole to research the latest vulnerability or possible exposures. Seth can regularly be found at developer meetups and security get-togethers, whether speaking or learning.

@sethlaw


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Saturday - 10:00-11:59


Building visualisation platforms for OSINT data using open source solutions

No description available


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon B - Friday - 14:30-18:30


Buzzing Smart Devices: Smart Band Hacking

Friday, 1430-1830 in Icon B

Arun Magesh IoT Security Researcher, Payatu Software Labs, LLP

With the recent advancement in connected/smart device and availability of ready-made framework for both hardware and software development. Companies want to rapidly get into smart device market. it is necessary to look at the security feature of these smart device as our digital lives are connected with these devices.

Bluetooth has been around for almost a decade and with the need of low power wireless network and interoperability. Bluetooth has been used in vast majority of the device because of its low power footprint and interoperability as most of our smartphones have Bluetooth

In this workshop, we will be learning on how to fuzz the Bluetooth LE functionality of smart devices and exploit it. In the process, we will learn about how the Bluetooth low energy protocol works and various tools involved in reversing a smart band. We will also introduce a Bluetooth fuzzing framework called as Buzz and use it to crash or find other information in the smart band.

By the end of the class, we will also touch base on the hardware level exploits like accessing the serial port, debugging port and bypass Flash Read protection to extract the firmware from the smart band and demos on the same.

Prerequisites: Knowledge of Linux OS, Basic knowledge of programming (C, python) would be a plus

Materials: Laptop with at least 50 GB free space , 8+ GB minimum RAM (4+GB for the VM), External USB access (min. 2 USB ports)
Administrative privileges on the system
Virtualization software & Latest VirtualBox (5.2.X) (including Virtualbox extension pack)
Linux host machines should have exfat-utils and exfat-fuse installed (ex: sudo apt-get install exfat-utils exfat-fuse).
Virtualization (Vx-t) option enabled in the BIOS settings for VirtualBox to work
Tools will be provided by the instructor and to be returned.
You can also buy the hardware yourself.
SmartBand: https://www.banggood.com/No_1-F4-Blood-Pressure-Heart-Rate-Monitor-Pedometer-IP68-Waterproof-Smart-Wristband-For-iOS-Android-p-1182728.html
Bluetooth Dongle: https://www.amazon.com/DayKit-Bluetooth-Adapter-Windows-Raspberry/dp/B01IM8YKPW/

Max students: 30

Registration: -CLASS FULL- https://www.eventbrite.com/e/buzzing-smart-devices-smart-band-hacking-icon-b-tickets-47193534131
(Opens July 8, 2018 at 15:00 PDT)

Arun Magesh
Arun Magesh works as IoT Security Researcher at Payatu Software labs and has worked on numerous smart devices pentest in the past couple of years. With an electrical engineering academic background, he serves as a core committee member for several IoT local chapters and hackerspaces in India, where he regularly delivers talks and hands-on workshops. He has 5+ years hands-on experience in both building and breaking IoT devices and has been previously awarded for India's Top 25 under 25 technologists and Intel Software Innovator. He has delivered training to numerous governmental and private organizations around the world. He is also a speaker and trainer at several conferences like nullcon18, zer0con18, RISC17, Intel Devfest and EFY17 and His main focus area in IoT is embedded device and SDR security. He has also built and contributed to a number of projects such as Brain-Computer interfacing and Augment Reality solutions.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Friday - 15:00-15:45


Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010

Friday at 15:00 in Track 1
45 minutes | Demo, Tool

Gabriel Ryan Co-Founder / Principal Security Consultant @ Digital Silence

Existing techniques for bypassing wired port security are limited to attacking 802.1x-2004, which does not provide encryption or the ability to perform authentication on a packet-by-packet basis [1][2][3][4]. The development of 802.1x-2010 mitigates these issues by using MacSEC to provide Layer 2 encryption and packet integrity check to the protocol [5]. Since MacSEC encrypts data on a hop-by-hop basis, it successfully protects against the bridge-based attacks pioneered by the likes of Steve Riley, Abb, and Alva Duckwall [5][6].

In addition to the development of 802.1x-2010, improved 802.1x support by peripheral devices such as printers also poses a challenge to attackers. Gone are the days in which bypassing 802.1x was as simple as finding a printer and spoofing address, as hardware manufacturers have gotten smarter.

In this talk, we will introduce a novel technique for bypassing 802.1x-2010 by demonstrating how MacSEC fails when weak forms of EAP are used. Additionally, we will discuss how improved 802.1x support by peripheral devices does not necessarily translate to improved port-security due to the widespread use of weak EAP. Finally, we will consider how improvements to the Linux kernel have made bridge-based techniques easier to implement and demonstrate an alternative to using packet injection for network interaction. We have packaged each of these techniques and improvements into an open source tool called Silent Bridge, which we plan on releasing at the conference.

Gabriel Ryan
Gabriel Ryan is a penetration tester and researcher with a passion for wireless and infrastructure testing. He currently serves a co-founder and principal security consultant for Digital Silence, a Denver based consulting firm that specializes in impact driven penetration testing and red team engagements.

Prior to joining Digital Silence, Gabriel worked as a penetration tester and researcher for Gotham Digital Silence, contributing heavily to their wireless security practice and regularly performing large scale infrastructure assessments and red teams for Fortune 500 companies. Some of Gabriel's most recent work includes the development of EAPHammer, an 802.11ac focused tool for breaching WPA2-EAP networks. On the side, he serves as a member of the BSides Las Vegas senior staff, coordinating wireless security for the event. In his spare time, he enjoys producing music, exploring the outdoors, and riding motorcycles.

@s0lst1c3, https://digitalsilence.com, solstice.sh


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon A - Friday - 10:00-13:59


Bypassing Windows Driver Signature Enforcement

Friday, 1000-1400 in Icon A

Csaba Fitzl

Microsoft does a great effort to harden the Windows kernel and limit attackers to load their custom drivers (kernel rootkits) with the introduction of Driver Signature Enforcement in Win7x64. In this 4 hour workshop we will learn the limitation of this enforcement and practice how we can bypass it. We will explore 4 different methods (from very easy to difficult) on various versions of Windows, including Windows 10. We will see how and why they work, and which malware used them in the past. First we will see how we can use leaked certificates to overcome DSE as well as how we can turn it OFF by design, and what are its limitations. Then we will use WinDBG to look into the kernel and find the various flags used to control DSE and use the HackSysExtremeVulnerableDriver to do kernel exploitation for setting those to the value we require. We will use a simple dummy driver to demonstrate unsigned driver loading.

Prerequisites: Some experience with WinDBG, assembly or kernel exploitation can be helpful, but not required. Basic Python scripting knowledge will be needed.

Materials: For the full experience students will require 2 Windows virtual machines (Windows 7 and Windows 10) (optionally Windows 8) with WinDBG, Python installed on all of them, and one of them will require Visual Studio with Driver development tools. Guide for setting up VMs will be provided prior the workshop.

Max students: 24

Registration: -CLASS FULL- https://www.eventbrite.com/e/bypassing-windows-driver-signature-enforcement-icon-a-tickets-47194788884
(Opens July 8, 2018 at 15:00 PDT)

Csaba Fitzl
Csaba graduated in 2006 as a computer engineer. He worked for 6 years as a network engineer, troubleshooting and designing big Cisco networks. After that he started to work as a blue teamer, focusing on network forensics, malware analysis and kernel exploitation. Recently he joined a red team, where he spends most of his time simulating adversary techniques. He gave talks / workshops on various international IT security conferences, including Hacktivity, hack.lu, hek.si, SecurityFest and BSidesBUD. He currently holds OSWP / OSCP / OSCE / OSEE certifications. He is the author of the 'kex' kernel exploitation Python toolkit.


Return to Index    -    Add to    -    ics Calendar file

 

WLV - Caesars Promenade Level - Milano BR 5,6 - Friday - 13:00-13:55


wasabi

Bio

wasabi is a security researcher who loves to experiment with embedded devices, signals, and really anything electrical.

@spieceywasabi

Can you hear me now, DEF CON?

Abstract

Using cheap commodity RF hardware to act as secure or backchannel communications for security research and pen tests. Wireless communication is getting cheaper and hobby projects are integrating long range low powered communication to link devices in all sorts of unique ways. But what about in the world of information security? This talk will cover the acronym soup of current communication systems including LoRA, RFM, Satellite, ASK, and many others to identify what protocols make sense when you are trying to communicate either stealthily or in remote areas. In addition, this talk will cover how to improve reliability of wireless communication and the costs associated with making your super pen test box. Or perhaps even what evil things can be done with these and how to protect yourself. The aim for this talk is to be interactive, and allow people to share experiences.


Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Saturday - 11:30-11:59


Capturing in Hard to Reach Places

Silas Cutler, Senior Security Researcher at CrowdStrike

It's easy for us to take for granted when tools allow us to start capturing network traffic without any real hardships. However, what happens when the data you want isn't so easy to capture. This talk will look at two cases in which environments needed to be bent in order to capture the data needed for analysis.

Silas Cutler (Twitter: @silascutler) is a Senior Security Researcher at CrowdStrike, Project Director for MalShare and DEFCON 21 Black Badge (from Capture the Packet). Endorsed on LinkedIn by [REDACTED] for "tcpdump". His prior managers have described him as "a guy" and "meeting necessary skills to perform job functions."


Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Friday - 16:00-16:59


Car Infotainment Hacking Methodology and Attack Surface Scenarios

Jay Turla, Application Security Engineer at Bugcrowd

The battle for supremacy for the control of the dashboard display or infotainment systems has always been a race. Most of these systems run on Linux, Android, Windows (customized dashboards - perhaps Windows ME or CE) and Blackberry's QNX. In-Vehicle Infotainment (IVI) or In-car entertainment (ICE) Systems are indeed fun consoles where you can play media, movies, or work with your car's navigational system. But somehow it also comes with a risk of being hacked or attacked because they have also been plagued with vulnerabilities. In this talk, join Jay as he presents his own Car Hacker's Methodology in finding security bugs in order to pwn a car's infotainment system without having to do a drive by wire or CANbus hacking tools but will simply point out the common attack surfaces e.g WiFi, Bluetooth, USB Ports, etc. and some scenarios on how to exploit it just like how he popped a shell or issue an arbitrary command in his car which he tweeted in Twitter before.

Jay Turla (Twitter: @shipcod3) is an application security engineer at Bugcrowd Inc., and one of the goons of ROOTCON. He has been acknowledged and rewarded by Facebook, Adobe, Yahoo, Microsoft, Mozilla, etc. for his responsible disclosures. He has also contributed auxiliary and exploit modules to the Metasploit Framework and presented at ROOTCON, Nullcon, and TCON. He used to work for HP Fortify where he performs Vulnerability Assessment, Remediation and Advance Testing.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Saturday - 12:00-12:25


Cartoons, Sketchnotes, Bullet Journals and Other Data Visualization Tricks - Raye Keslensky

“When it comes to presenting data, it’s not WHAT you present, it’s HOW you present it! Combining words with pictures has been around for ages. Picking up an understanding of sequential art and how you can use it in your day-to-day life is critical!

This talk covers a crash course of data science and visualization. Learn what parts of the information you’re supposed to keep an eye on! Make better line breaks with your text! Bring clarity to your writing! Good for software design, scrapbooking, OSINT, or keeping your shit together! “


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Saturday - 14:00-14:30


Title:
CATs - A Tale of Scalable Authentication

2:00pm

CATs - A Tale of Scalable Authentication
When
Sat, August 11, 2:00pm 2:30pm
Description
Speaker
------
Yueting Lee

Abstract
--------
Crypto Auth Tokens (CATs) are used in Facebooks scalable, token-based authentication backend infrastructure. They were created to deal with an ever growing, large-scale, multi-system organization. CATs are flexible, performant, and reliable. They support authentication at scope and scale for Facebooks backend infrastructure.

Bio
-----------------
Yueting Lee is a software engineer at Facebook, building security infrastructure within Facebooks infrastructure. Yueting is originally from Hong Kong but went on to study at the Georgia Institute of Technology, where she graduated with a degree in Computer Science.

Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Saturday - 10:20-10:40


Chatting with your programs to find vulnerabilities

Chris Gardner

During the Cyber Grand Challenge, an automated vulnerability exploitation competition, all the teams used the same approach: use a fuzzer to find bugs, and symbolic execution to generate an exploit for any bugs found. Fuzzers are great at triggering bugs, but their effectiveness is often limited by the quality of the initial testcase corpus that is fed to them. Testcases are easy for humans to create, but hard to generate automatically. Teams used a wide variety of techniques to generate initial seeds: from using very slow symbolic execution techniques to find inputs that triggered execution paths, to just using the word “fuzz” as the seed and hoping for the best. However, many of the programs in the CGC are console programs designed to be used by humans: meaning they give a prompt in English and expect a response. For this research we trained a chatbot Recurrent Neural Network on a set of testcases generated by humans, and ran the RNN against the test set with the goal of finding testcases that had higher code coverage than random guessing and could be used with a fuzzer to find bugs.

Chris recently graduated from UMBC, where he found a passion for malware analysis and binary exploitation. In his spare time he plays CTFs and bikes his way around Washington DC.


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - Sunday - 10:00-11:50


CHIRON

Sunday 08/12/18 from 1000-1150 at Table Three
Defense

Rod Soto

Joseph Zadeh

Home-based open source network analytics and machine learning threat detection

CHIRON is a home analytics based on ELK stack combined with Machine Learning threat detection framework AKTAION. CHIRON parses and displays data from P0f, Nmap, and BRO IDS. CHIRON is designed for home use and will give great visibility to home internet devices (IOT, Computers, Cellphones, Tablets, etc). CHIRON is integrated with AKTAION which detects exploit delivery ransomware/phishing.

https://github.com/jzadeh/chiron-elk

Rod Soto
Rod Soto. Director of Security Research at JASK.AI Founder Pacific Hackers Conference, Co-founder Hack The Valley

Joseph Zadeh
Joseph Zadeh. Director of Data science at JASK.AI Co-founder Hack the Valley


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Friday - 16:00-17:00


Title:
Cicada: What the Puzzles Can Teach Us About Cryptography and Privacy.

4:00pm

Cicada: What the Puzzles Can Teach Us About Cryptography and Privacy.
When
Fri, August 10, 4pm 5pm
Description
Speaker
------
Nox

Abstract
--------
The online cryptography challenge that's been sometimes called by the mainstream "the hardest puzzle on the internet" and "one of the greatest online mysteries" certainly earned those titles. Though mostly completed now for some years, there's a number of valuable things to be learned from how they handled and presented cryptography for both the well-versed as well as the uninitiated. A staggering number of individuals found themselves trying to study cryptography for the first time because of the pull the puzzles had on anyone who came across them, and somehow despite a massive online undertaking to find the creators, the question of their identity remains unanswered now 6 years later. The strategies and the attitudes used in the creation of these challenges could teach us all something about how we approach cryptography teaching and study, as well as how modern approaches to privacy actually fare against interested threats.

Bio
-----------------
I've long had a love for online cryptography challenges and puzzles, even before being one of a small number to finish the 2013 Cicada puzzle. I run a series on YouTube explaining puzzle steps and solutions, as well as tutorials on the skills required to approach these problems for people that want to learn. I'm also a Canadian, a Computing Science student, and an obsessive fan of online privacy and the tools that allow for it.

Twitter handle of presenter(s)
------------------------------
@NoxPopuli3301

Website of presenter(s) or content
----------------------------------
youtube.com/c/noxpopuli

Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Sunday - 12:45-12:59


Closing Note

No description available


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Saturday - 10:30-11:30


Title:
Cloud Encryption: How to not suck at securing your encryption keys

10:30am

Cloud Encryption: How to not suck at securing your encryption keys
When
Sat, August 11, 10:30am 11:30am
Description
Speaker
------
Marie Fromm

Abstract
--------
Common Cloud Data Encryption patterns are not preventing data breaches because many are doing encryption key management wrong. There is a tendency to apply "compliance checkbox" encryption, which does nothing to protect data against common threats. In many cases, it's like buying a strong FIPS140-2 certified deadbolt but leaving the key in the door.

We'll roll up our sleeves and take a deep dive at the problem and explore practical, actionable ways a security practitioner can get better control of encryption keys used in cloud solutions. Finally, we'll discuss new ways of detecting when Bad Things are happening, and ways of using cloud automation to stop the bleeding.


Bio
-----------------
Marie leads a Cryptography team in a large global company, helping to design encryption solutions for I.T. as well as specialized cryptographic designs used in products and systems. Marie is passionate about both coffee and computer security and has 20 years experience in a variety of Infosec roles. Marie is a happy #RealLiveTransAdult

Twitter handle of presenter(s)
------------------------------
@msfromm

Website of presenter(s) or content
----------------------------------
http://www.mariefromm.com

Return to Index    -    Add to    -    ics Calendar file

 

BTV - Flamingo 3rd Flr- Savoy Rm - Friday - 10:40-11:30


Cloud Security Myths

Friday at 10:40-11:30
50 minutes

Xavier Ashe@XavierAshe

Cloud Security is a magical world of as-a-service miracles. Just spin up your intrusion-detection- as-a-service, SOC-as-a-service, incident-response-as-a-service, and start feeding it security- intelligence-as-a-service. Come hear from this CISO-as-a-service unwrap the onion of cloud access security brokers (CASB), cloud workload protection platforms (CWPP), microsegmentation, cloud security posture management (CSPM), software-defined perimeters (SDP), and bunch of other cloud related topics. What do they do? Do they really work? What do you with all those security appliances you’ve accumulated?

Xavier Ashe
Xavier Ashe is a Georgia Institute of Technology alumnus and has 25 years of hands-on experience in information security. Working for various security vendors and consulting firms for the last 15 years, including IBM, Gartner, and Carbon Black, Xavier has been focused on helping secure companies of all sizes. Xavier was the first hire at the startup Drawbridge Networks, where he was instrumental in bringing the first microsegmentation solution for servers and workstations to market. Xavier served on the IBM Security Architecture Board and published several papers. Mr. Ashe holds many industry certifications, including CISM, CISSP, ITIL, SOA, and others. Xavier is currently running Xavier Enterprises, an information security consulting firm.


Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Saturday - 12:00-12:59


Title:
Cloud Security Myths

Xavier Ashe
@xavierashe

Cloud Security Myths

Cloud Security is a magical world of as-a-service miracles. Just spin up your intrusion-detection-as-a-service, SOC-as-a-service, incident-response-as-a-service, and start feeding it security-intelligence-as-a-service. Come hear from this CISO-as-a-service unwrap the onion of cloud access security brokers (CASB), cloud workload protection platforms (CWPP), microsegmentation, cloud security posture management (CPSM), and software-defined perimeters (SDP). What do they do? Do they really work? What do you with all those security appliances youve accumulated?


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 12:00-13:50


Cloud Security Suite—One stop tool for AWS, GCP & Azure Security Audit

Saturday 08/11/18 from 1200-1350 at Table Two
Defense, Cloud professionals

Jayesh Singh Chauhan

Nowadays, cloud infrastructure is pretty much the de-facto service used by large/small companies. Most of the organisations have partially or entirely moved to cloud. With more and more companies moving to cloud, the security of cloud becomes a major concern. While AWS, GCP & Azure provide you protection with traditional security methodologies and have a neat structure for authorisation/configuration, their security is as robust as the person in-charge of creating/assigning these configuration policies. We all know, human error is inevitable and any such human mistake could lead to catastrophic damage to the environment.

Knowing this, audit of cloud infrastructure becomes a hectic task! There are a few open source tools which help in cloud auditing but none of them have an exhaustive checklist. Also, collecting, setting up all the tools and looking at different result sets is a painful task. Moreover, while maintaining big infrastructures, system audit of server instances is a major task as well.

CS Suite is a one stop tool for auditing the security posture of the AWS/GCP/Azure infrastructures and does OS audits as well. CS Suite leverages current open source tools capabilities and has custom checks added into one tool to rule them all.

https://github.com/SecurityFTW/cs-suite

Jayesh Singh Chauhan
Jayesh Singh Chauhan is a security professional with 7 years of experience in the security space. In past, he has been part of security teams of PayPal, PwC and currently works as the senior security engineer for Sprinklr. He has authored CS-Suite, OWASP Skanda, RFID_Cloner and CSRF PoC generator and has presented in BlackHat Asia, BlackHat EU, hackmiami, c0c0n, GES and Ground Zero Summit. He is the project leader for OWASP Skanda and leads the NULL Bangalore chapter.


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Flamingo, Rm # after registration - Saturday - 20:00-23:59


Title:
Cobalt DEF CON Party 2018

Another year, another DEF CON Party. Start your night at the Flamingo Hotel with the Cobalt team. Join us for a night of drinks, music, and good company.

Drinks + Music + Snacks provided
Meet the Cobalt Team and the Cobalt Core
Network with others in the security space
Bring your InfoSec peers

Register: https://event.cobalt.io/def-con-party-2018

Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Saturday - 11:00-11:45


Compression Oracle Attacks on VPN Networks

Saturday at 11:00 in Track 2
45 minutes | Demo, Tool

Nafeez Security Researcher

Security researchers have done a good amount of practical attacks in the past using chosen plain-text attacks on compressed traffic to steal sensitive data. In spite of how popular CRIME and BREACH were, little was talked about how this class of attacks was relevant to VPN networks. Compression oracle attacks are not limited to just TLS protected data. In this talk, we try these attacks on browser requests and responses which usually tunnel their HTTP traffic through VPNs. We also show a case study with a well-known VPN server and their plethora of clients. We then go into practical defenses and how mitigations in HTTP/2's HPACK and other mitigation techniques are the way forward rather than claiming 'Thou shall not compress traffic at all.' One of the things that we would like to showcase is how impedance mismatches in these different layers of technologies affect security and how they don't play well together.

Nafeez
Ahamed Nafeez has a varied offensive security background with some emphasis on browsers, web services, and cryptography. He believes defending is much harder than attacking most of the time and appreciates the variables and challenges defenders have. These days he is interested in writing secure frameworks, automating attacks and more or less trying to learn to write good code.

He has spoken at a few security conferences in the past around web apps, browsers and security analysis of javascript. He tweets at @skeptic_fx and builds his side project assetwatch.io in free time, an automated asset discovery/monitoring service.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Friday - 13:00-13:30


Compromising online accounts by cracking voicemail systems

Friday at 13:00 in Track 1
20 minutes | Demo, Audience Participation, Tool

Martin Vigo Hacker

Voicemail systems have been with us since the 80s. They played a big role in the earlier hacking scene and re-reading those e-zines, articles and tutorials paints an interesting picture. Not much has changed. Not in the technology nor in the attack vectors. Can we leverage the last 30 years innovations to further compromise voicemail systems? And what is the real impact today of pwning these?

In this talk I will cover voicemail systems, it's security and how we can use oldskool techniques and new ones on top of current technology to compromise them. I will discuss the broader impact of gaining unauthorized access to voicemail systems today and introduce a new tool that automates the process.

Martin Vigo
Martin Vigo is a Lead Product Security Engineer and Researcher responsible for Mobile security, Identity and Authentication. He helps design secure systems and applications, conducts security reviews, penetration testing and generally helps keep "the cloud" secure. Martin is also involved in educating developers on security essentials and best practices.

Martin has presented several topics including breaking password managers, exploiting Apple's Facetime to create a spy program and mobile app development best practices. These were given at conferences such as Blackhat EU, Ekoparty, Kaspersky Security Analyst Summit and Shakacon.

Outside the office, Martin enjoys research, bug bounties, gin tonics and scuba diving.

@martin_vigo


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - Sunday - 10:00-11:50


Conformer

Sunday 08/12/18 from 1000-1150 at Table Six
Offense, AppSec

Mikhail Burshteyn

Conformer is a penetration testing tool, mostly used for external assessments to perform password based attacks against common webforms. Conformer was created from a need for password guessing against new web forms, without having to do prior burp work each time, and wanting to automate such attacks. Conformer is modular with many different parameters and options that can be customized to make for a powerful attack. Conformer has been used in countless assessments to obtain valid user credentials for accessing the internal environment through VPN, other internal resources or data to further the assessment.

https://github.com/mikhbur/conformer

Mikhail Burshteyn
Mikhail Burshteyn is a security consultant at CDW, performing Penetration Tests. Mikhail currently performs External, Internal, Wireless, and Social Engineering assessments, testing the capabilities for wide range of clients and industries. He is interested in research in various security topics, including Networking, Web Apps, and Active Directory.


Return to Index    -    Add to    -    ics Calendar file

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Sunday - 10:45-10:59


Title: Contest winners, prizes, showcase and awards

Speakers: Michael Schloh

Description:
No description available



Return to Index    -    Add to    -    ics Calendar file

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Friday - 12:00-12:30


Title: Contests, Challenges, and free giveaways

Speakers: MSvB and midipoet

Description:
No description available



Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Saturday - 15:10-15:50


Core OSINT: Keeping Track of and Reporting All the Things - Micah Hoffman

“Your client gives you their requirement, ““find the social media accounts of the target person and any friends they may have””. Simple enough. You execute your Standard Operating Procedures (you DO have a SOP, right?) and begin running tools, using your sock puppets, scraping web sites, and finding a ton of data. You’ve got CSVs, text output, images, URLs….OH MY! How do you keep track of all this data and, more importantly, how do you ensure that you can report on it and have covered all the pivot points for the OSINT investigation?

As OSINTers, pentesters, defenders, PIs, and others, we can easily get swamped in data. Join me as we look at some bad, some good, and some amazing methods of keeping your investigation on track.”


Return to Index    -    Add to    -    ics Calendar file

 

PPV - Flamingo Lower Level - Valley Of Fire Rms - Friday - 13:00-13:45


Title:
Cruising the Cannabis Highway: Major Breaches in Cannabis Software

The context & implications of several breaches in 2017
Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon F - Friday - 10:00-13:59


Crypto Hero

Friday, 1000-1400 in Icon F

Sam Bowne Instructor, City College San Francisco

Dylan James Smith

Elizabeth Biddlecome Security Consultant

Protect data with strong cryptography (AES, RSA, SHA) and attack these systems (Existential Forgery, Padding Oracle, and more). Apply these techniques to blockchains including Bitcoin, Ethereum, and Multichain.

This is a hands-on workshop with a series of CTF-style challenges, beginning with simple data conversions and extending to advanced methods appropriate for experts. We will briefly explain and demonstrate the techniques, and trainers will help participants individually with the challenges.

Prerequisites: Prior experience with cryptography is helpful but not required.

Materials: A laptop capable of running VMware virtual machines

Max students: 84

Registration: -CLASS FULL- https://www.eventbrite.com/e/crypto-hero-icon-f-tickets-47194055691
(Opens July 8, 2018 at 15:00 PDT)

Sam Bowne
Sam Bowne is an instructor at City College San Francisco, and has been teaching hacking and security classes for ten years. He has presented talks and workshops at Defcon, HOPE, RSA, BSidesLV, BSidesSF, and many other conferences. He has a CISSP and a PhD and is like, really smart.

Dylan James Smith
Dylan James Smith has assisted Sam Bowne with classes as a tutor and TA and at hands-on workshops at DEF CON, RSA, B-Sides LV and other conferences. He has worked in and around the computer support and network administration industries since adolescence. Now he's old(er.) Currently tearing things apart and putting them back together and seeking opportunities to practice and teach "the cybers".

Elizabeth Biddlecome
Elizabeth Biddlecome is a consultant and instructor, delivering technical training and mentorship to students and professionals. She leverages her enthusiasm for architecture, security, and code to design and implement comprehensive information security solutions for business needs. Elizabeth enjoys wielding everything from soldering irons to scripting languages in cybersecurity competitions, hackathons, and CTFs.


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Friday - 12:00-13:30


Title:
Cryptography, Codes, and Secret Writing: An Introduction to Secret Communications

12:00pm

Cryptography, Codes, and Secret Writing: An Introduction to Secret Communications
When
Fri, August 10, 12:00pm 1:30pm
Description
Speaker
------
Tess Schrodinger

Abstract
--------
What's the difference between a code and a cipher? What is the earliest known use of cryptography? Are there any codes that have never been solved? Whether you are new to the subject or a seasoned pro, this talk will have something for you. We will journey from the beginnings of secret writing to the future of secure communications in a post quantum world.

Bio
-----------------
Zero Point Field Operative and Cyber Shaman

Twitter handle of presenter(s)
------------------------------
@TessSchrodinger

Website of presenter(s) or content
----------------------------------
https://www.patreon.com/TessSchrodinger

Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Caesars - Location printed on badges - Friday - 19:00-23:59


Title:
Cubcon 2018

Welcome to Cubcon 2018

A one night event celebrating newcomers to DEFCON and the industry.
Creating a space where veterans and newcomers alike can meet, talk, and form personal and professional support networks.

Caesar's Palace
Friday August 10, 2018 at 7 pm

Exact location will be printed on our badges, which we will be handing out in person at DEFCON.
For more information, please reach out to us at @_cubcon.

More Info: https://cubcon.party/

Return to Index    -    Add to    -    ics Calendar file

 

VMHV - Caesars Pool Level - Forum 14-16 - Friday - 14:00-14:30


Title:
Current Policy Responses to Election Security Concerns

No description available
Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Friday - 18:30-18:59


Title: Custodial Responsibilities in the Connected Age: Digital Specimens and Social Contracts

Speaker: Andy Coravos
@andreacoravos
Abstract:
"Healthcare is enamored with data. We have more data than we know what to do with (e.g., constant flows of data from wearables, new and cheaper ways to sequence genomes, digital phenotypes expressed through social media interactions) and there is a rush to deploy this data in clinical research and care. As we combine this “data”, we start to build a digital replica of each human. Our healthcare data carries new weight, new responsibilities. The rise in data means that we are gaining a greater body of knowledge as we assemble a digital representation of a person. We are getting closer to full understanding of someone’s biology, brain structure, how and why they think and do what they do. We are entering into a world where precision medicine and “N of 1” studies is (finally) becoming possible. On the flipside, we are also entering into a period of unprecedented monitoring and surveillance. As a society, we have standards for how we handle human blood, tissue and other human specimens. It’s now time for us to talk more about how we are to handle our digital specimens. In the talk, we’ll discuss the proliferation of our biometric and psychographic data, use cases, and the new ethical and custodial responsibilities that arise for individuals, regulators and companies."

Return to Index    -    Add to    -    ics Calendar file

 

Contest - Contest Stage - Saturday - 10:00-11:59


Title:
D(Struction)20 CTF

Part CTF, part lemon race, part game show, part demolition derby, the D(struction)20 CTF is a contest best played with a low-cost, usable, rugged, and powerful hacking platform! Bring your "indestructible" phones, your single-board computers with welded cases, or just take that old clunker gathering dust in the closet and put it to good (and possibly hilarious) use! Periodically during the competition, a random contestant from the leaderboard will roll the d20 of Destruction to decide what will happen to their rig. If they're very lucky, they roll a natural 20 and no damage will be inflicted! Otherwise, the d20 of Destruction will decide what type of damage will be done to their rig, be it physical impact, intense vibration, or something else! If the rig survives their chosen fate, the contestant may continue playing, but either way, rolling the d20 of Destruction results in a big point bonus that may make the difference between winning and losing, even if the rig is destroyed in the process!

More Info: @d20ctf

Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Octavius 9 - Friday - 20:00-19:59


D0 N0 H4RM: A Healthcare Security Conversation

Friday at 20:00 in Octavius 9
Fireside Hax

Christian"quaddi" Dameff MD Emergency physician, Clinical Informatics fellow at The University of California San Diego.

Jeff "r3plicant" Tully MD Pediatrician, Anesthesiologist, University of California Davis

Kirill Levchenko PhD Associate Professor of Computer Science, University of California San Diego

Beau Woods Hacker

Roberto Suarez Hacker

Jay Radcliffe Hacker

Joshua Corman Hacker

David Nathans Hacker

Healthcare cybersecurity is in critical condition. That's not FUD, that's the bottom line from the Congressionally mandated Health Care Industry Cybersecurity Task Force report released just last year, a year which also saw the twin specters of WannaCry and NotPetya take down entire hospital systems while over half a million implanted pacemakers were recalled in the fallout of one of the most (ir?)responsible disclosures in recent memory. It's enough to make any concerned white hat reach for a stiff drink. And that's where we come in. After an incredibly successful, near-fire-code-violating jam packed session at DC25 as an Evening Lounge, 'D0 N0 H4rm' is diving deeper and going longer as it transforms into a Fireside Hax, assembling an even larger and more distinguished panel of expert hackers, policymakers, wonks, and health care providers to continue discussing, dissecting, and most importantly, debating the ways to keep patients safe in an increasingly perilous space. Featuring continuous audience interaction and with the same loose and informal flow that characterized the initial, libation rich hotel room gatherings, moderators quaddi and r3plicant invite you to add your voice to this incredibly important conversation. Pin this one down quickly, pre-registration is going to go fast.

Christian "quaddi" Dameff MD
Christian (quaddi) Dameff MD is an emergency medicine doctor, former open capture the flag champion, prior DEF CON speaker, and researcher. Published works include topics such as therapeutic hypothermia after cardiac arrest, novel drug targets for myocardial infarction patients, and other Emergency Medicine related works with an emphasis on CPR optimization. Security research topics including hacking critical healthcare infrastructure, medical devices and the effects of malware on patient care. This is his fourteenth DEF CON.

@cdameffmd

Jeff "r3plicant" Tully MD
Jeff (r3plicant) Tully MD is an anesthesiologist, pediatrician, and researcher with an interest in understanding the ever-growing intersections between healthcare and technology. Prior to medical school he worked on"hacking" the genetic code of Salmonella bacteria to create anti-cancer tools, and throughout medical training has remained involved in the conversations and projects that will secure healthcare and protect our patients as we face a brave new world of remote care, implantable medical devices, and biohacking.

@jefftullymd

Kirill Levchenko PhD

Beau Woods
Beau Woods is a leader with the I Am The Cavalry grassroots initiative, an Entrepreneur in Residence at the US Food and Drug Administration, a Cyber Safety Innovation Fellow with the Atlantic Council, and Founder/CEO of Stratigos Security. Beau has consulted with Global 100 corporations, the White House, members of Congress, foreign governments, and NGOs on some of the most critical cybersecurity issues of our time. Beau's focus is on Internet of Things (IoT) technologies where cybersecurity intersects public safety and human life issues, including healthcare, automotive, energy, oil and gas, aviation, transportation, and other sectors. Beau is a published author, frequent public speaker, often quoted in media, and is often engaged for public or private speaking venues.

Roberto Suarez
Roberto Suarez is a product security and privacy professional in the medical device and healthcare IT industry. At BD, Roberto is responsible for developing a Product Security Center of Excellence that drives process, capability and maturity to build products that are secure by design with transparency and control in mind. Giving product teams exposure to cyber security training and events, building their in-house expertise and promoting a company-wide community for product security is what Roberto is passionate about.

Jay Radcliffe
Jay Radcliffe is a Senior Security Consultant and Researcher. He is an offensive penetration tester with a knack for hardware hacking and embedded device security. He has given dozens of presentations at conferences around the world including DEF CON and Blackhat including several on the security of insulin pumps.

Joshua Corman
Joshua Corman is a Founder of I am The Cavalry (dot org) and CSO for PTC. Corman previously served as Director of the Cyber Statecraft Initiative for the Atlantic Council, CTO for Sonatype, Director of Security Intelligence for Akamai, and in senior research & strategy roles for The 451 Group and IBM Internet Security Systems. He co-founded RuggedSoftware and IamTheCavalry to encourage new security approaches in response to the world's increasing dependence on digital infrastructure. Josh's unique approach to security in the context of human factors, adversary motivations and social impact has helped position him as one of the most trusted names in security. He also serves as an adjunct faculty for Carnegie Mellon's Heinz College and on the 2016 HHS Cybersecurity Task Force.

David Nathans
David Nathans currently serves as a Product Security Manager for Siemens Healthcare, where he specializes in building cybersecurity programs and Security Operation Centers. Having previously held prominent positions in the defense, retail, managed security and healthcare industries, Nathans has a wealth of cybersecurity knowledge which he shares to help protect companies from this growing threat. His experiences and lessons learned also stem from his time building security programs at one of the largest breached retail companies in history as well as working all over the world as a cyber-operations officer for the U.S. Air Force


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Caesars - Lobby bar - Saturday - 23:55-24:59


Title:
DC 26 GothCon

Yes! Join us! Follow #DCGothCon for updates. Saturday night at 11:55pm we're flashmobbing the lobbycon bar for the witching hour. Wear your favorite things. (All goths, goth-adjacent, and friends allowed.) If you want in on the ad-hoc planning, dm me your email for the slack.
More Info: https://twitter.com/clevrcat/status/1022851252349284353
More Info: @ClevrCat

Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Location TBA - Saturday - 22:00-25:59


Title:
DC801 Party

DC801 group Party
More Info: https://www.dc801.org/party2018/

Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Friday - 10:00-10:45


De-anonymizing Programmers from Source Code and Binaries

Friday at 10:00 in Track 2
45 minutes |

Rachel Greenstadt Associate Professor, Drexel University

Dr. Aylin Caliskan Assistant professor of Computer Science, George Washington University

Many hackers like to contribute code, binaries, and exploits under pseudonyms, but how anonymous are these contributions really? In this talk, we will discuss our work on programmer de-anonymization from the standpoint of machine learning. We will show how abstract syntax trees contain stylistic fingerprints and how these can be used to potentially identify programmers from code and binaries. We perform programmer de-anonymization using both obfuscated binaries, and real-world code found in single-author GitHub repositories and the leaked Nulled.IO hacker forum.

Rachel Greenstadt
Dr. Rachel Greenstadt (PI) is an Associate Professor of Computer Science at Drexel University where she teaches graduate-level courses in computer security, privacy, and machine learning. She founded the Privacy, Security, and Automation Laboratory at Drexel University in 2008. Dr. Greenstadt was among the first to explore the effect of adversarial attacks on stylometric methods, and the first to demonstrate empirically how stylometric methods can fail in adversarial settings while succeeding in non-adversarial settings.

She has a history of speaking at hacker conferences including DEF CON 14, ShmooCon 2009, 31C3, and 32C3.

Dr. Greenstadt's scholarship has been recognized by the privacy research community. She is an alum of the DARPA Computer Science Study Group and a recipient of the NSF CAREER Award. Her work has received the PET Award for Outstanding Research in Privacy Enhancing Technologies and the Andreas Pfitzmann Best Student Paper Award. She currently serves as co-editor-in-chief of the journal Proceedings on Privacy Enhancing Technologies (PoPETs). Her research has been featured in the New York Times, the New Republic, Der Spiegel, and other local and international media outlets.

@ragreens

Dr. Aylin Caliskan
Aylin Caliskan is an assistant professor of computer science at George Washington University. Her research interests include the emerging science of bias in machine learning, fairness in artificial intelligence, data privacy, and security. Her work aims to characterize and quantify aspects of natural and artificial intelligence using a multitude of machine learning and language processing techniques. In her recent publication in Science, she demonstrated how semantics derived from language corpora contain human-like biases. In addition, she developed novel privacy attacks to de-anonymize programmers using code stylometry. Her presentations on both de-anonymization and bias in machine learning are the recipients of best talk awards. Her work on semi-automated anonymization of writing style furthermore received the Privacy Enhancing Technologies Symposium Best Paper Award. Her research has received extensive press coverage across the globe. Aylin holds a PhD in Computer Science from Drexel University and a Master of Science in Robotics from the University of Pennsylvania. She has previously spoken at 29C3, 31C3, 32C3, and 33C3.

@aylin_cim


Return to Index    -    Add to    -    ics Calendar file

 

Meetup - Chill Out Lounge - Saturday - 12:00-12:59


Title:
Deaf Con Meet Up

DEAF CON is a California 501 (c)(3) Non-profit organization. We provide outreach to the Deaf and HH community and information security community. We encourage Deaf and HH information security professionals to attend conferences, like Defcon. We help to provide communication services and spaces for professionals to meet and network with others. Anyone can come and attend our meet up and hangout!

More Info: https://www.deafconinc.org/    @_DEAFCON_

Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon F - Saturday - 10:00-13:59


Decentralized Hacker Net

Saturday, 1000-1400 in Icon F

Eijah Founder, Promether

As hackers, sometimes we need to send data without anybody knowing anything. We don't want anybody to know what we're sending, so we use encryption. That's the easy part. We also don't want anybody to know that we're sending any data. That's the hard part. The observation of our presence on the network could be enough to get us in trouble. And that's just not acceptable. We need to figure out a way to hide in plain sight.

Creating an environment where data can be sent securely and our presence on the network is hidden, is not an easy thing to do. We can't rely on centralized technologies, which means we need to build a decentralized network. The network should be adaptive and flexible enough to send any type of data to any number of users. But how do we inject anonymity into a network while still supporting the verification of identity between parties? Can we establish trust without having to trust?

This workshop takes you through the process of creating a decentralized network that allows you to circumvent detection by governments and corporations. You'll be able to securely communicate and share data while masking your online identity. You'll create an adaptive, node-based infrastructure where data is shared via Distributed Hash Tables (DHT) backed by real-time asymmetric Elliptic-curve cryptography (ECC). If you've ever wanted to punch a hole through a great (or not-so-great) firewall, this workshop is for you.

Please note that this is a medium-level, technical workshop and requires that attendees have prior experience in at least one programming language, preferably C or C++. Bring your laptop, a USB flash drive, and your favorite C/C++ 11 compiler (>= gcc/g++ 4.9.2 or msvc 2015).

Prerequisites: Previous experience in at least one programming language is required. Previous experience with C/C++ and cryptography is helpful, but not required.

Materials: Laptop with Windows, Linux, or OSX. USB flash drive for saving their progress.

Max students: 84

Registration: -CLASS FULL- https://www.eventbrite.com/e/decentralized-hacker-net-icon-f-tickets-47194682566
(Opens July 8, 2018 at 15:00 PDT)

Eijah
Eijah is the founder of Promether and has 20+ years of software development and security experience. He is also the creator of Demonsaw, an encrypted communications platform that allows you to chat, message, and transfer files without fear of data collection or surveillance. Before that Eijah was a Lead Programmer at Rockstar Games where he created games like Grand Theft Auto V. He has been a faculty member at multiple colleges, has spoken about security and development at DEFCON and other security conferences, and holds a master's degree in Computer Science. Eijah is an active member of the hacking community and is an avid proponent of Internet freedom.


Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Friday - 11:00-11:59


Title:
Deconstructing DeFeNeStRaTe.C: The first public buffer overflow on a mainframe?

Soldier of FORTRAN
@mainframed767
Deconstructing DeFeNeStRaTe.C: The first public buffer overflow on a mainframe?

In 2012 hackers were running rampant in Swedens federal mainframes. During the course of the investigation it was thought it might be a good idea to release *ALL* the investigation documentation to the public. Included in these public files were snippets (or full programs) of the tools the hackers developed to work on an IBM z/OS mainframe (see: https://wikileaks.org/gottfrid-docs/). But not every tool developed were included in those papers. Shortly after the documents were released, your speaker was sent a DM out of the blue with a link to a pastebin (https://pastebin.com/Apk5zWDj) and two simple questions: "was this an exploit? how did it work?" Why did they contact the speaker? Because it was thought he originally was the one who did the breach. This talk will go over the breach in a high level before diving DEEP in to the unix part of a mainframe, looking at exactly what this C program was doing (or attempting to do) and how it accomplished it. This talks got it all when it comes to mainframe privilege escalation, APF authorized unix programs (a special attribute on z/OS), buffer overflows, hijacking return addresses, debugging C programs and changing ACEEs. All of these will be peppered with demos to show how it worked. After this talk you'll be able to know exactly what DeFeNeStRaTe.C was (trying?) to do and see it in action!


Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Friday - 16:00-16:59


Deep Exploit

Isao Takaesu

DeepExploit is fully automated penetration tool linked with Metasploit. It identifies the status of all opened ports on the target server and executes the exploit at pinpoint using Machine Learning.

Isao Takaesu is CISSP. He is working in Mitsui Bussan Secure Directions, Inc. as security engineer and researcher. He found many vulnerabilities in client’s server and proposed countermeasures to client. He thinks that there’s more and wants to find vulnerabilities. Therefore, he is focused on artificial intelligence technology for cyber security. Now, he is developing the penetration test tool using machine learning.


Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Saturday - 11:20-11:40


DeepPhish: Simulating the Malicious Use of AI

Ivan Torroledo

Machine Learning and Artificial Intelligence have become essential to any effective cyber security and defense strategy against unknown attacks. In the battle against cybercriminals, AI-enhanced detection systems are markedly more accurate than traditional manual classification. Through intelligent algorithms, detection systems have been able to identify patterns and detect phishing URLs with 98.7% accuracy, giving the advantage to defensive teams. However, if AI is being used to prevent attacks, what is stopping cyber criminals from using the same technology to defeat both traditional and AI-based cyber-defense systems? This hypothesis is of urgent importance - there is a startling lack of research on the potential consequences of the weaponization of Machine Learning as a threat actor tool. In this talk, we are going to review how threat actors could exponentially improve their phishing attacks using AI to bypass machine-learning-based phishing detection systems. To test this hypothesis, we designed an experiment in which, by identifying how threat actors deploy their attacks, we took on the role of an attacker in order to test how they may use AI in their own way. In the end, we developed an AI algorithm, called DeepPhish, that learns effective patterns used by threat actors and uses them to generate new, unseen, and effective attacks based on attacker data. Our results show that, by using DeepPhish, two uncovered attackers were able to increase their phishing attacks effectiveness from 0.69% to 20.9%, and 4.91% to 36.28%, respectively.

Ivan Torroledo is the lead data scientist in the Cyxtera Research organization. In this role, he develops and implements Machine and Deep Learning algorithms to enhance phishing detection, network security, fraud detection, and malware mitigation. Ivan is also highly interested in research on the application of Machine and Deep Learning in high energy physics and astrophysics. Before joining Cyxtera, he worked at the Central Bank of Colombia, applying high performance computing tools to monetary policy analysis. He is passionate about applying the most advanced scientific knowledge to cyber security industry. Ivan holds degrees in Economics and Physics.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Thursday - 15:30-17:15


DEF CON 101 Panel

Thursday at 15:30 in 101 Track, Flamingo
105 minutes | Audience Participation

HighWiz Founder, DC 101

Nikita Director of Content & Coordination, DEF CON

Roamer CFP Vocal Antagonizer

Chris "Suggy" Sumner Co-Founder, Online Privacy Foundation

Jericho "Squirrel"

Wiseacre Former Doer Of Things

Shaggy The Mountain

Ten years ago, DEF CON 101 was founded by HighWiz as a way to introduce n00bs to DEF CON. The idea was to help attendees get the best experience out of DEF CON (and also tell them how to survive the weekend!). The DEF CON 101 panel has been a way for people who have participated in making DEF CON what it is today to share those experiences and, hopefully, inspire attendees to expand their horizons. DEF CON offers so much more than just talks and the DEF CON 101 panel is the perfect place to learn about all things DEF CON so you, dear reader, can get the best experience possible. The panel will end with the time honored tradition of "Name the n00b" where lucky attendees will be brought up on stage to introduce themselves to you and earn the coveted 101 n00b handle. Don't worry if you don't make it on to the stage, there will be plenty of other prizes for you to enjoy!

HighWiz
HighWiz is born of glitter and moon beams and he has all the right moves. He is the things that sweet dreams are made of and nightmares long to be... Years ago, with the help of some very awesome people*, he set about to create an event that would give the n00bs of DEF CON a place to feel welcomed and further their own pursuit of knowledge. For years he has held onto the simple tenet that "You get out of DEF CON what you put into it". HighWiz is the fabled Man on the Mountain whom people seek to gain a taste of his forbidden knowledge. He is a rare sighting at DEF CON only to be glimpsed by those lucky few. HighWiz is a member of the DEF CON CFP Review Board and Security Tribe.

*Some (but not all) of the people HighWiz would like to thank for helping to make 101 into what it is today : Runnerup, Wiseacre, Nikita, Roamer, Shaggy, Lockheed, Pyr0, Zac, V3rtgio, 1o57, Neil, Sethalump, AlxRogan, Jenn, Zant, MalwareUnicorn, Clutch, TheDarkTangent, Siviak, Ripshy, Valkyrie, Xodia, Flipper and all the members of Security Tribe.

@highwiz

Nikita
For over 15 years, Nikita has worked to ensure DEF CON runs as smoothly as one can expect from a hacker conference. In addition to planning a vast array of details prior to DEF CON and thwarting issues while onsite, she also serves as the Director of Content for the CFP Review Board.

@niki7a

Roamer
Appearing in a cloud of (cigarette) smoke, Roamer is a man full of whiskey and ideas. He has appeared at DEF CON since before (almost) the beginning. He is a renown author, speaker, pontificator and is famous for giving the most entertaining Worldwide Wardrive talk. He is also the Grand Vizier of All Things Vendor—you are welcome. When Roamer speaks, people listen. And often fall in love.

Chris "Suggy" Sumner
Chris "Suggy" Sumner is the polite one. He is a co-founder of the not-for-profit Online Privacy Foundation, who contribute to the field of online behavioural research. Suggy is also the CFP review board's undisputed fence sitting champion.

@5uggy

Jericho
Since 1992, Jericho has been poking about the hacker/security scene. His experience has allowed him to develop (and deliver—often in the form of rants) a great perspective on many topics, mostly security related. He has been a speaker at security conferences worldwide, primarily for the free travel to exotic locales. A founding member of Attrition.org, he was also the content manager for the Open Source Vulnerability Database (OSVDB) and an officer in the Open Security Foundation (OSF). He is a champion of security industry integrity and small misunderstood creatures. He epitomizes the saying, "Why be a pessimist? It won't work, anyway."

@attritionorg

Wiseacre
Wiseacre was introduced to DEF CON by Roamer. Though he appeared at his first DEF CON because of the Capture the Flag contest, Roamer and HighWiz showed him how to make DEF CON so much more than simply attending the talks. From then on he made a point to participate in as much as he could. Of course, this was all within the limits of social anxiety so, if it allowed participation as a wallflower, he was in! Now, he wants to make sure everyone else gets to know as much as possible about this year's conference. In his private life, Mike hacks managers and is happy anyone listens to him at all.

wiseacre_mike

Shaggy
Shaggy has the Voice of Barry White, the brains of Albert Einstein and the soul of Bea Arthur. He has a few philosophies on life: He believes that while the righteous keep moving forward, those with clean hands become stronger and stronger . That the field of battle between God and Satan is the human soul. It is in the soul that the battle rages every moment of life. He also believes that one should Start by doing what's necessary; then do what's possible; and suddenly you are doing the impossible. Because You learn to speak by speaking, to study by studying, to run by running, to work by working, and just so, you learn to love by loving. All those who think to learn in any other way deceive themselves.


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Rockhouse Bar 3370 S Las Vegas Blvd - Thursday - 20:00-23:59


Title:
DEF CON 26: Bugcrowd House Party

Dont miss out on Bugcrowds 2nd annual House Party at the Rockhouse Bar! Join us for an epic night of live-action chefs, flair bartenders, games and a live performance by DualCore.

There are only a few spots left so register now!

When: Thursday, August 9, 2018: 8:00PM Midnight

Where: Rockhouse Bar | 3377 S Las Vegas Blvd, Las Vegas, NV

More Info: https://ww2.bugcrowd.com/2018-defcon-house-party.html

Return to Index    -    Add to    -    ics Calendar file

 

Contest - Contest Stage - Friday - 18:00-19:59


Title:
DEF CON Beard and Moustache Contest

Held every year since DEF CON 19 in 2011 (R.I.P. Riviera), the DEF CON Beard and Moustache Contest highlights the intersection of facial hair and hacker culture.

More Info: http://www.dcbeard.com/    @DCBeardContest

Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Saturday - 14:15-16:15


Title: DEF CON Biohacking Village Badge Talk

Speaker: Joel Murphy
Abstract:
Joel will talk about how the DEF CON Biohacking Village came together in all its wonderful glory

Return to Index    -    Add to    -    ics Calendar file

 

Contest - Contest Stage - Saturday - 18:00-19:59


Title:
DEF CON Blitz Chess Tournament

The first-ever DEF CON Chess Tournament, in Blitzkrieg format, in which there will be just 5 minutes on each players clock. During the tournament, each player will play every other player one time. A victory is 1 point, a draw 1/2, and a loss 0. At the end of the tournament, the player with the highest score wins the grand prize (tbd) and a trophy. In the event of a tie, there will be a sudden death playoff between the highest scorers to determine the champion.
More Info: @DefconChess

Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Sunday - 16:00-17:45


DEF CON Closing Ceremonies

Sunday at 16:00 in Track 1
105 minutes | Audience Particption

The Dark Tangent

DEF CON Closing Ceremonies

The Dark Tangent


Return to Index    -    Add to    -    ics Calendar file

 

Meetup - The Park on Las Vegas Blvd. by TMobile Arena - Friday - 18:30-20:30


Title:
DEF CON Dinner Con

Who's ready for @defcon ? Rumors going around that it's been cancelled once again. Even if it is, you gotta eat so come to @DEFCONDinner on Friday, August 10th 2018 at The Park 3782 S Las Vegas Blvd. by @TMobile Arena. 6:30 pm until about 8:00 pm. Then off to your parties!
Return to Index    -    Add to    -    ics Calendar file

 

Meetup - corner of W Flamingo and Las Vegas Blvd underneath the circular temple structure - Thursday - 06:00-06:59


Title:
Defcon 26 4X5K run

"Good Livin" is returning to DefCon 26, because maybe you want a little more! Maybe you feel like getting up at 5:30 in Vegas. Maybe you didn't stop the night before. Maybe because 6 AM is the coolest time for a run in Vegas (It's only 80!) Who cares let's go for a run!
We hit all the hot spots on the 4x5K @defcon with @whereiskurt ! Details here. https://www.reddit.com/r/Defcon/comments/8rcc5m/defcon_26_4_x_5k_is_on_again/ . . .
Also don't forget a World Run by Hackers https://www.eventbrite.com/e/world-run-by-hackers-5th-edition-registration-47811111321 . . . for even more running.
More info: @Agent__X__ tweet

Return to Index    -    Add to    -    ics Calendar file

 

Meetup - corner of W Flamingo and Las Vegas Blvd underneath the circular temple structure - Friday - 06:00-06:59


Title:
Defcon 26 4X5K run

"Good Livin" is returning to DefCon 26, because maybe you want a little more! Maybe you feel like getting up at 5:30 in Vegas. Maybe you didn't stop the night before. Maybe because 6 AM is the coolest time for a run in Vegas (It's only 80!) Who cares let's go for a run!
We hit all the hot spots on the 4x5K @defcon with @whereiskurt ! Details here. https://www.reddit.com/r/Defcon/comments/8rcc5m/defcon_26_4_x_5k_is_on_again/ . . .
Also don't forget a World Run by Hackers https://www.eventbrite.com/e/world-run-by-hackers-5th-edition-registration-47811111321 . . . for even more running.
More info: @Agent__X__ tweet

Return to Index    -    Add to    -    ics Calendar file

 

Meetup - corner of W Flamingo and Las Vegas Blvd underneath the circular temple structure - Saturday - 06:00-06:59


Title:
Defcon 26 4X5K run

"Good Livin" is returning to DefCon 26, because maybe you want a little more! Maybe you feel like getting up at 5:30 in Vegas. Maybe you didn't stop the night before. Maybe because 6 AM is the coolest time for a run in Vegas (It's only 80!) Who cares let's go for a run!
We hit all the hot spots on the 4x5K @defcon with @whereiskurt ! Details here. https://www.reddit.com/r/Defcon/comments/8rcc5m/defcon_26_4_x_5k_is_on_again/ . . .
Also don't forget a World Run by Hackers https://www.eventbrite.com/e/world-run-by-hackers-5th-edition-registration-47811111321 . . . for even more running.
More info: @Agent__X__ tweet

Return to Index    -    Add to    -    ics Calendar file

 

Meetup - corner of W Flamingo and Las Vegas Blvd underneath the circular temple structure - Sunday - 06:00-06:59


Title:
Defcon 26 4X5K run

"Good Livin" is returning to DefCon 26, because maybe you want a little more! Maybe you feel like getting up at 5:30 in Vegas. Maybe you didn't stop the night before. Maybe because 6 AM is the coolest time for a run in Vegas (It's only 80!) Who cares let's go for a run!
We hit all the hot spots on the 4x5K @defcon with @whereiskurt ! Details here. https://www.reddit.com/r/Defcon/comments/8rcc5m/defcon_26_4_x_5k_is_on_again/ . . .
Also don't forget a World Run by Hackers https://www.eventbrite.com/e/world-run-by-hackers-5th-edition-registration-47811111321 . . . for even more running.
More info: @Agent__X__ tweet

Return to Index    -    Add to    -    ics Calendar file

 

Meetup - Caesars - Circle Bar - Friday - 17:00-18:59


Title:
DEFCON 909 Meet Up

More Info: https://twitter.com/defcon909/status/1026524118164750336?s=03

Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Caesars Palace Forum Tower, Rm TBA - Saturday - 21:00-25:59


Title:
Defcon Monero Party 2018

For immediate release

From: The Monero Enterprise Alliance

Last year, the Monero Enterprise Alliance reached out to the privacy loving hackers of Defcon and hosted an open house gathering of a few hundred friends and supporters at the first Defcon Monero Party. It brought people together, and everyone had a blast.

The event was such a success, that we're doing it again, and we're going bigger. Once again at Caesar's Palace; once again, YTcracker is kicking off the event on Saturday night at 9pm. DJ KSODIP spins at 10pm and FuzzyNop slices 11pm. The room is bigger, the music is bolder.
. . .
More info: Defcon Monero Party 2018 reddit announcment
More info: @cinnamonflower

Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Sunday - 10:00-10:45


Defending the 2018 Midterm Elections from Foreign Adversaries

Sunday at 10:00 in Track 2
45 minutes | Demo, Tool

Joshua M Franklin Hacker

Kevin Franklin Hacker

Election Buster is an open source tool created in 2014 to identify malicious domains masquerading as candidate webpages and voter registration systems. During 2016, fake domains were used to compromise credentials of a Democratic National Committee (DNC) IT services company, and foreign adversaries probed voter registration systems. The tool now cross-checks domain information against open source threat intelligence feeds, and uses a semi-autonomous scheme for identifying phundraising and false flag sites via ensembled data mining and deep learning techniques. We identified Russian nationals registering fake campaign sites, candidates deploying defensive—and offensive—measures against their opponents, and candidates unintentionally exposing sensitive PII to the public. This talk provides an analysis of our 2016 Presidential Election data, and all data recently collected during the 2018 midterm elections. The talk also details technological and procedural measures that government offices and campaigns can use to defend themselves.

Joshua M Franklin
Joshua Franklin has over a decade of experience working with election technology, and is a security engineer at the National Institute of Standards and Technology (NIST) focusing on cellular and electronic voting security. Prior to NIST, Joshua worked at the U.S. Election Assistance Commission gathering hands-on experience with a variety of voting technologies. Joshua managed federal certification efforts and alongside election officials, labs, and manufacturers across the United States. Joshua recently co-chaired the Election Cybersecurity Working Group, and was the principal author for the security portions of the next generation of federal voting system standards.

Kevin Franklin
Kevin Franklin has several decades of technology experience in big data. He possesses an undergraduate degree in Engineering from Mississippi State University and a masters degree in Computer Science from Southern Polytechnic University.


Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Saturday - 13:30-13:59


Defense in Depth: The Path to SGX at Akamai

Sam Erb, Software Engineer at Akamai Technologies

In this presentation you will learn how Akamai has spent the past 4 years working toward preventing the next TLS heartbleed incident. Nothing hypothetical --only deployed defense-in-depth systems will be discussed. This talk will include how we deployed Intel SGX at scale in our network.

Sam Erb (Twitter: @erbbysam) is a 2x black badge winner with Co9 in the Badge Challenge and is working to make the Internet a safer place.


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - Sunday - 12:00-13:50


DejaVU—An Open Source Deception Framework

Sunday 08/12/18 from 1200-1350 at Table Three
Offense/Defense

Bhadreshkumar Patel

Harish Ramadoss

Deception techniques—if deployed well—can be very effective for organizations to improve network defense and can be a useful arsenal for blue teams to detect attacks at very early stage of cyber kill chain. But the challenge we have seen is deploying, managing and administering decoys across large networks. Although there are lot of commercial tools in this space, we haven't come across open source tools which can achieve this.

With this in mind, we have developed DejaVu which is an open source deception framework which can be used to deploy, configure and administer decoys centrally across the infrastructure. A web-based management console can be used by the defender to deploy multiple interactive decoys (HTTP Servers,SQL,SMB,FTP,SSH,client side–NBNS) strategically across their network on different VLANs. Logging and alerting dashboard displays detailed information about the alerts generated and can be further configured to generate high accuracy alert; and how these alerts should be handled.

Decoys can also be placed on the client VLANs to detect client side attacks such as responder/LLMNR attacks using client side decoys. Additionally, common attacks which the adversary uses to compromise such as abusing Tomcat/SQL server for initial foothold can be deployed as decoys, luring the attacker and enabling detection.

https://github.com/bhdresh/Dejavu

Bhadreshkumar Patel
Bhadreshkumar Patel is a Reverse Engineer by nature and Security Specialist/Pentester by profession with 10 years of experience in offensive and defensive side of security. Likes to code, break stuff, play with controllers. Got lucky in finding zero days in Facebook, NGFW, wireless routers, HMS etc. Dejavu is Bhadresh's first conference submission, but not his first contribution to the security community.

Harish Ramadoss
Harish Ramadoss has over seven years of experience in offensive security space focusing on application and infrastructure security assessments. Led large scale penetration testing engagements for various clients across Finance, Government and Defense.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Sunday - 11:00-11:45


Demystifying MS17-010: Reverse Engineering the ETERNAL Exploits

Sunday at 11:00 in Track 3
45 minutes | Demo, Tool, Exploit, Audience Participation

zerosum0x0 Hacker

MS17-010 is the most important patch in the history of operating systems, fixing remote code execution vulnerabilities in the world of modern Windows. The ETERNAL exploits, written by the Equation Group and dumped by the Shadow Brokers, have been used in the most damaging cyber attacks in computing history: WannaCry, NotPetya, Olympic Destroyer, and many others.

Yet, how these complicated exploits work has not been made clear to most. This is due to the ETERNAL exploits taking advantage of undocumented features of the Windows kernel and the esoteric SMBv1 protocol.

This talk will condense years of research into Windows internals and the SMBv1 protocol driver. Descriptions of full reverse engineering of internal structures and all historical background info needed to understand how the exploit chains for ETERNALBLUE, ETERNALCHAMPION, ETERNALROMANCE, and ETERNALSYNERGY work will be provided.

This talk will also describe how the MS17-010 patch fixed the vulnerabilities, and identify additional vulnerabilities that were patched around the same time.

zerosum0x0
zerosum0x0 is the author of all MS17-010 ETERNAL Metasploit exploit modules and was the first to reverse engineer the DOUBLEPULSAR backdoor. He has taught workshops on Windows internals at DEF CON and to government agencies.

@zerosum0x0


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon F - Friday - 14:30-18:30


Deploying, Attacking, and Securing Software Defined Networks

Friday, 1430-1830 in Icon F

Jon Medina Security Architect, Protiviti
Megha Kalsi Security Manager, Protiviti

Let's get our hands dirty in Software Defined Networking! Whether you're a network engineer or just a netsec enthusiast, this workshop will provide you with tools and guidance to set up, attack, and secure a software defined network from scratch using open-source tools and cloud-based switching software. Each attendee will be given access to a lab environment where they can deploy, test, configure, break, and secure a software defined network. All scripts and deployment instructions will be provided at the end, so you can continue your testing and research back home, or use it to make friends and win bets at the pub.

Prerequisites: Basic networking, knowledge of the OSI model, and basic *nix shell familiarity.

Materials: Laptop with internet access, web browser with HTML5 capability

Max students: 84

Registration: -CLASS FULL- https://www.eventbrite.com/e/deploying-attacking-and-securing-software-defined-networks-icon-f-tickets-47193792905
(Opens July 8, 2018 at 15:00 PDT)

Jon Medina
Jon is a security nerd who has worked in networking and security capacities for everything from the Department of Defense, to the Fortune 500, to state and local government. He currently works for Protiviti providing security consulting for a wide variety of clients and industries. His interests outside of security include traveling, hockey, strange beers, and his bulldog. He's spoken at Shmoocon, BSides, and many other security events and conferences.

Megha Kelsi
Megha is an Orlando-based security geek who’s worked in consulting across a wide variety of industries and solutions. She works extensively in security architecture, network security, vulnerability assessments, social engineering (Ferris Bueller style), incident response, and security operations. She enjoys spending time with her family, dancing, boxing / kickboxing (beating the crap out of punching bags is a hobby right?), and keeping up with the latest security news.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Sunday - 12:00-12:45


Designing and Applying Extensible RF Fuzzing Tools to Expose PHY Layer Vulnerabilities

Sunday at 12:00 in Track 3
45 minutes | Demo, Tool, Exploit

Matt Knight Senior Security Engineer, Cruise Automation

Ryan Speers Director of Research, Ionic Security

In this session, we introduce an open source hardware and software framework for fuzzing arbitrary RF protocols, all the way down to the PHY. While fuzzing has long been relied on by security researchers to identify software bugs, applying fuzzing methodologies to RF and hardware systems has historically been challenging due to siloed tools and the limited capabilities of commodity RF chipsets.

We created the TumbleRF fuzzing orchestration framework to address these shortfalls by defining core fuzzing logic while abstracting a hardware interface API that can be mapped for compatibility with any RF driver. Thus, supporting a new radio involves merely extending an API, rather than writing a protocol-specific fuzzer from scratch.

Additionally, we introduce Orthrus, a low-cost 2.4 GHz offensive radio tool that provides PHY-layer mutability to offer Software Defined Radio-like features in a flexible and low-latency embedded form factor. By combining the two, researchers will be able to fuzz and test RF protocols with greater depth and precision than ever before.

Attendees can expect to leave this talk with an understanding of how RF and hardware physical layers actually work, and how to identify security issues that lie latent in these designs.

Matt Knight
Matt Knight (@embeddedsec) is a Senior Security Engineer with Cruise Automation, where he works on securing autonomous cars and the infrastructure that supports them. Matt also leads the RF practice at River Loop Security, an embedded systems security and design consultancy. With specific interests in RF networks and physical layers, he notably reverse engineered the LoRa PHY based on blind signal analysis, and has run several trainings on RF reverse engineering fundamentals. Matt holds a BE in Electrical Engineering from Dartmouth College.

@embeddedsec

Ryan Speers
Ryan Speers (@rmspeers) is a security researcher and developer who enjoys embedded systems, low-power radio protocols, and reversing proprietary systems. He has worked in offensive and defensive roles on networks, Windows, micro controllers, and many things in-between. As co-founder at River Loop Security, he tests embedded systems for security issues, and helps clients build more secure systems. He is also Director of Research for Ionic Security where he leads system and cryptographic research. He has previously spoken at a number of security conferences and written some articles for journals ranging from peer-reviewed academic publications to PoC||GTFO.

@rmspeers


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Saturday - 13:30-13:50


Detecting Blue Team Research Through Targeted Ads

Saturday at 13:30 in Track 2
20 minutes |

0x200b Hacker

When my implant gets discovered how will I know? Did the implant stop responding for some benign reason or is the IR team responding? With any luck they'll upload the sample somewhere public so I can find it, but what if I can find out if they start looking for specific bread crumbles in public data sources? At some point without any internal data all blue teams turn to OSINT which puts their searches within view of the advertising industry. In this talk I will detail how I was able to use online advertising to detect when a blue team is hot on my trail.

0x200b
I'm just a Security researcher who's always using tools in unintended ways. I'm a defender by trade, I work on understating the adversary then designing the mitigations based on what I've learned. Currently I work at the intersection of healthcare and the cloud, designing systems that make it harder for the adversary to operate.


Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Friday - 15:20-15:59


Detecting Web Attacks with Recurrent Neural Networks

Fedor Sakharov

“Classic Web Application Firewalls (WAFs) mostly use rule-based approach for attack detection. This approach is known to have its pros and cons. Despite offering decent protection from automated attacks and predictable detection results rule-based approach has and always will have certain disadvantages. We all know that it’s useless against 0-day attacks or that even the most sophisticated rules are easily evaded by skilled professionals. That is why a more effective approach should involve some kind of heuristics. Let’s give a chance to artificial intelligence to find something non-obvious for human perception in raw data and try to explain its results.

To this day AI has been more often used for cat classification rather than for detecting application-level attacks on HTTP applications. Our team decided to test the hypothesis that Deep Learning is able to detect web-based attacks effectively. We started with very simple neural network architectures and tried to use them for classification. After some experiments it became clear that we needed more complex networks so we abandoned our attempts to use classification shifting to anomaly detection. Eventually, we ended up using seq2seq model with attention mechanisms which is able to detect zero-day web attacks with minimal number of false positives.”

Irina Stepanyuk is a data scientist from Moscow, Russia. For some time Irina is a researcher in Positive Technologies. She develops data analysis algorithms in relation to information security. Moreover, Irina is a Master’s student in the Faculty of Computer Science at the Higher School of Economics, where she also participates in data science projects and research.

Arseny Reutov is a web application security researcher from Moscow, Russia. Arseny is the Head of Application Security Research at Positive Technologies Ltd where he specializes in penetration testing, the analysis of web applications, and application security research. He is the author of research papers and blog posts on web security published in such magazines as Hacker (Xakep) and HITB Magazine as well as in his blog raz0r.name. He was a speaker at ZeroNights, CONFidence, PHDays and OWASP conferences. Arseny loves making web security challenges (#wafbypass on Twitter) as well as solving them. His passion are modern web technologies and finding vulnerabilities in them.

Fedor is a software developer from Moscow, Russia. He takes interest in various aspects of low-level programming and information security. For some time he has contributed to opensource reverse-engineering framework radare2, his diploma thesis is about transparent application CFG control in runtime and he has a solid experience with Linux kernel programming, drivers as well as kernel subsystems. That’s not all, since recently he leads the security-focused machine learning research at Positive Technologies.”


Return to Index    -    Add to    -    ics Calendar file

 

PPV - Flamingo Lower Level - Valley Of Fire Rms - Friday - 16:00-16:30


Title:
Diagnosing Sick Plants with Computer Vision

Machine Learning + webcam = auto-diagnosing of Cannabis
Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Saturday - 14:00-14:30


Digital Leviathan: a comprehensive list of Nation-State Big Brothers (from huge to little ones

Saturday at 14:00 in Track 2
20 minutes |

Eduardo Izycki Hacker

Rodrigo Colli Hacker

In his notorious book Leviathan, the XVII century English philosopher Thomas Hobbes stated that: we should give our obedience to an unaccountable sovereign otherwise what awaits us is a state of nature that closely resembles civil war—a situation of universal insecurity. It looks like a lot of current political leaders have red and found the teachings of Hobbes applicable to modern day online life.

We witness the rise of the Digital Leviathan. The same apps and applications that people use to connect, express opinions and dissatisfaction are used by governments (even democratic ones) to perform surveillance and censorship.

This talk will focus on evidence of Nation-State spying, performing surveillance, and censorship. The aim is to present a systematical approach of data regarding cyber attacks against political targets (NGO/political groups/media outlets/opposition), acquisition and/or use of spywares from private vendors, requested content/metadata from social media/content providers, and blocking of websites/censorship reported by multiple sources.

The findings of the research imply that:
- 25 nations that have already used cyber offensive capabilities against political targets.
- 60 nations acquired/developed spyware.
- 117 nations requested content/metadata from social media/content providers.
- 21 countries perform some level of censorship to online content.

Eduardo Izycki
Eduardo Izycki and Rodrigo Colli are both independent researchers with experience on information security and incident response. They worked in private-public task force for threat and risk assessment to major events in Brazil during the Confederations Cup 2013, World Cup 2014 and Olympic Games 2016.

Rodrigo Colli


Return to Index    -    Add to    -    ics Calendar file

 

HHV - Caesars Pool Level - Forum 17-21 - Saturday - 11:00-11:30


Disabling Intel ME in Firmware

Brian Milliron

Abstract

Modern OSes have consistently raised the bar in regards to security with each revision, largely due to the efforts of the security community to find and report bugs. Because of this the OS layer is reasonably secure at this point. However the security of the hardware layer has fallen far behind and now represents the biggest threat. In particular, the Intel Management Engine is a huge security hole which Intel has put great effort into forcing users to accept blindly. No more. This talk will present a how to on permanently disabling Intel ME by reflashing the BIOS using a Raspberry Pi. Take back control of your own hardware and give Big Brother’s Backdoor the boot.

Bio

Brian Milliron works as a freelance penetration tester for ECR Security. He has been monkeying around with security since his teens and has worked as a pentester for the last 8 years, working primarily with the Energy/Utility sector. Besides popping shells and defeating Big Brother technology, he also enjoys exploring the RF spectrum, finding new uses for Raspberry Pis, studying malware, nature and off-grid living.


Return to Index    -    Add to    -    ics Calendar file

 

ICS - Flamingo Lower Level - Red Rock Rm 6-8 - Saturday - 13:15-13:45


Disassembly and Hacking of Firmware Where You Least Expect It: In Your Tools- with live hacking demonstration

August 11, 2018 1:15 PM

In this session we'll cover: Why EVERYTHING is a computer running software and can be attacked Vulnerability and capability assessment of firmware attacks Physical ramifications of tool attacks Finding and verifying firmware Some instances where "less security" is better Safety / Security tips for firmware Screen reader support enabled.

Speaker Information

Monta Elkins

FoxGuard Solutions

Monta Elkins is currently Hacker-in-Chief for FoxGuard Solutions, an ICS patch provider. Considered by many of his friends to be the Chuck Norris of ICS Cybersecurity, Rackspace enjoyed his tenure as Security Architect. Monta has been a speaker at more security conferences than even his enormous ego can remember including: DEFCON, EnergySec, ICSJWG, GridSecCon, CIP Emerging Technology Roundtable, ICS CyberSecurity, SANS ICS Summit, and Nuke CIP Pyongyang. In his spare time, Monta is the totally-safe-for-work "Coke and Strippers" YouTube channel creator, solving all the world's problems using Cold War era electronic technologies. https://tinyurl.com/y6vpmbw4 Known for having once discovered ALL the devices on an ICS network, Monta has served as a guest lecturer for colleges, universities and elsewhere teaching Arduino programming/circuit design, SDR, and rapid prototyping techniques. As a small child, he entertained himself by memorizing Pi -- backwards.


Return to Index    -    Add to    -    ics Calendar file

 

EHV - Caesars Promenade Level - Modena Rm - Friday - 18:30-19:29


Title: Discussion

Speakers: Speaker TBA

Description:




Return to Index    -    Add to    -    ics Calendar file

 

EHV - Caesars Promenade Level - Modena Rm - Saturday - 18:00-18:59


Title: Discussion

Speakers: Speaker TBA

Description:




Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Octavius 13 - Friday - 20:00-19:59


Disrupting the Digital Dystopia or What the hell is happening in computer law?

Friday at 20:00 in Octavius 13
Fireside Hax | Audience Participation

Nathan White Senior Legislative Manager, Access Now

Nate Cardozo Senior Staff Attorney, EFF

1984 didn't just happen because of a calendar. The world of 1984 was built by politicians who used the rule of law to change society into an oppressive surveillance state. In Washington D.C., politicians today are making decisions about what technologies we're permitted to use and how they'll be used in society. In this talk we'll break down 4-5 bills currently under discussion in Congress and explain who they'll impact the DEF CON community.

Nathan White
Nathan White spent five years working for the U.S. congress before starting a political consulting firm as a registered lobbyist. He now serves as the Senior Legislative Manager for Access Now, where he works to defend our digital rights. He has run political and issue campaigns from Maui to Maryland to Melbourne. He helped advocacy campaigns including the fight to save Net Neutrality at the FCC (2015) and the USA FREEDOM Act in Congress. At Access Now he co-organized the Crypto Summit and Crypto Summit 2.0. He worked to build the SaveCrypto.org campaign and helped create the international coalition to Secure The Internet (securetheinternet.org). He works everyday to educate Washington D.C. beltway types about our community.

@NathanielDWhite

Nate Cardozo
Nate Cardozo is a Senior Staff Attorney on EFF's civil liberties team where he focuses on cybersecurity policy and defending coders' rights. Nate has litigated cases involving electronic surveillance, freedom of information, digital anonymity, online free expression, and government hacking. His other projects include defending encryption, fighting software export controls, preserving automotive privacy, and assisting surveillance law reform efforts. As an expert in technology law and civil liberties, Nate works on EFF's Who Has Your Back report and regularly assists companies in crafting rights-preserving policies and advising on compliance with legal process. When he's not brewing beer with his EFF colleagues, Nate serves on the boards of directors of the First Amendment Coalition and the South Asian Film Preservation Society. Nate has a B.A. in Anthropology and Politics from U.C. Santa Cruz and a J.D. from U.C. Hastings where he has taught first-year legal writing and moot court.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Friday - 13:00-13:30


Dissecting the Teddy Ruxpin: Reverse Engineering the Smart Bear

Friday at 13:00 in 101 Track, Flamingo
20 minutes | Demo, Audience Participation, Tool

zenofex Hacker

The Teddy Ruxpin is an iconic toy from the 1980's featuring an animatronic teddy bear that reads stories from cassette tapes to children. In late 2017, a new model of the toy was released with improvements including Bluetooth connectivity, LCD eyes, and a companion mobile application. While the new bear features a number of improvements, the Teddy Ruxpin's original ability to add new stories by replacing the included cassettes is no longer applicable, and it requires users to supply files to the bear in a proprietary format.

This presentation aims to show how the new Teddy Ruxpin was reverse engineered down to a very low level in order to create new content. I will reveal the inner workings of the hardware and software within the bear and document the process used to reverse engineer it. I will then examine the communication between the mobile application and Teddy Ruxpin as well as the custom structure of the digital books read by the bear. I will end the presentation by releasing a toolset that allows users to create their own stories followed by a demo showcasing the Teddy Ruxpin greeting the DEF CON audience.

zenofex
Zenofex (@zenofex) is a senior research scientist at Cylance. Zenofex founded the Exploitee.rs which is a public research group that has released exploits for over 65 devices including the Amazon FireTV, Roku Media Player and the Google Chromecast. Zenofex is also a member of Austin Hackers (AHA) and has spoken at a number of security conferences including BlackHat and DEF CON.

@zenofex


Return to Index    -    Add to    -    ics Calendar file

 

EHV - Caesars Promenade Level - Modena Rm - Saturday - 17:00-17:59


Title: Diversity and Equality in Infosec

Speakers: Speaker TBA

Description:

As the field of Infosec continues to grow in numbers, it is also growing in terms of diversity. Arguably the field needs bring in as many diverse perspectives as possible in order to face ever escalating technological and non-technological challenges. We seek to discuss the ethics of promoting diversity and equality, the ethics of the current methods in promoting diversity and equality, and what can be done to ethically promote diversity and equality in infosec.




Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Saturday - 13:30-14:15


Title: DNA Encryption: Bioencryption to Store Your Secrets in living organisms

Speaker: John Dunlap
Abstract:
Recent advances in genetic sequencing and modification technology have made the goal of storing data in living cells an attainable goal. In this talk John Dunlap will cover the history of attempting to encrypt secrets into living cells, and discuss his own experiments encrypting secrets in living cells with affordable lab equipment. John will discuss lab methods, suitable encryption algorithms, and methods for detecting data tucked away in innocuous model organisms, as well as potential issues with the concept of DNA as data storage. John will also present his own software tool for converting data into a suitable form for storage in Living organisms.

Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Saturday - 10:00-10:59


Title:
Don't Bring Me Down: Weaponizing botnets


@3ncr1pted

Don't Bring Me Down: Weaponizing botnets

"We're seeing an evolution in botnets. The impact of Mirai bringing down a huge swath of the internet two years ago raised awareness but the release of the Mirai code has raised a new army of botnets that are capable of more than just DDOS on basic systems. But Mirai isnt the only botnet in town. There are some serious contenders with unexpected enhancements looking for new recruits to work in the bitcoin mines.


Routers and cameras and toasters oh my! The ongoing deluge of devices that connect to the Internet is an IoT nightmare, and an attackers dream. Default credentials and weak passwords are only the beginning. Especially with a bevy of unpatched, vulnerable systems on which to unleash some substantial exploits. Persistence and lateral movement ftw!
DDoS isnt just childs play when attacks are in the realm of terabytes. What happens when we move past outages, and into destructive payloads? And what happens when weaponization meets automation? In this talk, well explore what may come next when nation states move into the turf once held by script kiddies, and build-a-bot gets leveled up in a very bad way."


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Friday - 13:30-13:50


Dragnet—Your Social Engineering Sidekick

Friday at 13:30 in Track 1
20 minutes | Demo, Tool

Truman Kain Security Associate, Tevora

First, Dragnet collects dozens of OSINT data points on past and present social engineering targets. Then, using conversion data from previous engagements, Dragnet provides recommendations for use on your current targets: phishing templates, vishing scripts and physical pretexts- all to increase conversions with minimal effort. Finally, features like landing page cloning and domain registration (alongside your standard infrastructure deployment, call scheduling and email delivery) make Dragnet one hell of a catch.

Truman Kain
Truman Kain has taken everything he has learned as a web designer, internet marketer and mobile developer, and applied these insights directly into the development and experience of Dragnet. Why shouldn't your go-to social-engineering tool be as smooth and intuitive as your favorite mobile app?


Return to Index    -    Add to    -    ics Calendar file

 

Contest - Contest Stage - Saturday - 21:00-22:59


Title:
Drunk Hacker History

One night only at DEF CON 26, Drunk Hacker History is back by popular demand for a 4th historic year! The past three years proved to the entire galaxy that in the game of intoxicated nostalgic recall, there are no losers and those who won, lost. The DEF CON community has a history of sorts. It is a history is filled with mephitic adventures, quarter-truths, poor life choices, incontinence, and various forms of C2H6O. This year, we will connect our stacks to extract some of the most celebrated, exaggerated and entertaining moments in Hacker History through the interpretation of a group of well-trained participants. In the end, we will, again, crown the Drunkest Hacker in History and you, the audience, will rejoice! Hosted by c7five & jaku, if you like eating from an 80s candy cannon, Cats the musical, and feats of strength, you wont want to miss the return of Drunk Hacker History! Presented in DEF CON 4D and made possible by a grant from monkeyhelpers.org.

More Info: @DrunkHackerHist

Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Saturday - 10:00-10:30


Ducky-in-the-Middle: Injecting Keystrokes into Plaintext Protocols

Esteban Rodriguez, Security Consultant at Coalfire Labs

This talk will cover the basics of protocol analysis using Wireshark and lead into analyzing two custom application protocols used for extending the mouse and keyboard of a remote system. The two applications covered are HippoRemote, and iOS app to use a iPhone as a trackpad and keyboard, and Synergy, an application to allow for control of multiple operating systems with one mouse and keyboard. By performing a MITM attack, an attacker can abuse this protocols to send keystokes to a remote machine to gain remote code execution similar to a USB rubber ducky attack. The talk will also discuss mitigations and open source code will be provided for exploitation. The target audience should have a basic understanding of Wireshark, ARP spoofing, and reverse shells.

Esteban Rodriguez (Twitter: @n00py1) a Security Consultant at Coalfire Labs. He primarily perform network and web application penetration testing. Esteban worked previously at Apple Inc performing intrusion analysis and incident response. Outside of work, Esteban blog at n00py.io and perform independent security research. He have authored multiple penetration testing tools and have presented at BSides Puerto Rico covering penetration testing techniques.


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 14:00-15:50


EAPHammer

Saturday 08/11/18 from 1400-1550 at Table One
Offensive security professionals, red teamers, penetration testers, researchers.

Gabriel Ryan

EAPHammer is a toolkit for performing targeted evil twin attacks against WPA2-Enterprise networks. It is designed to be used in full scope wireless assessments and red team engagements. As such, focus is placed on providing an easy-to-use interface that can be leveraged to execute powerful wireless attacks with minimal manual configuration. To illustrate how fast this tool is, here's an example of how to setup and execute a credential stealing evil twin attack against a WPA2-EAP network in just two commands:

# generate certificates
./eaphammer --cert-wizard

# launch attack
./eaphammer -i wlan0 --channel 4 --auth wpa --essid CorpWifi --creds

EAPHammer’s userbase has doubled since its debut in early 2017, and the project has matured substantially to meet this demand. It is now the first rogue AP attack tool to offer out-of-the-box support for attacks against 802.11n/ac. Most of the added complexity associated with these protocols is managed automatically by EAPHammer.

We’ve also added some cool feature like Hashcat support, Karma, and SSID cloaking, as well as an extended UI and config management system for advanced users who require granular control over their rogue access points.

To check out the codebase, head to https://github.com/s0lst1c3/eaphammer

Gabriel Ryan
Gabriel Ryan is a penetration tester and researcher with a passion for wireless and infrastructure testing. He currently serves a co-founder and managing security consultant for Digital Silence, a Denver-based consulting firm that specializes in impact driven testing and red team engagements. Prior to joining Digital Silence, Gabriel worked in penetration tester for security services firm Gotham Digital Science as well as OGSystems, a Virginia-based geospatial intelligence contractor. On the side, he serves as a member of the BSides Las Vegas senior staff, coordinating wireless security for the event. In his spare time, he enjoys writing music and riding motorcycles.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Sunday - 13:30-13:50


Edge Side Include Injection: Abusing Caching Servers into SSRF and Transparent Session Hijacking

Sunday at 13:30 in Track 3
20 minutes | Demo

ldionmarcil Pentester at GoSecure

When caching servers and load balancers became an integral part of the Internet's infrastructure, vendors introduced "Edge Side Includes" (ESI), a technology allowing malleability in caching systems. This legacy technology, still implemented in nearly all popular HTTP surrogates (caching/load balancing services), is dangerous by design and brings a yet unexplored vector for web-based attacks.

The ESI language consists of a small set of instructions represented by XML tags, served by the backend application server, which are processed on the Edge servers (load balancers, reverse proxies). Due to the upstream-trusting nature of Edge servers, ESI engines are not able to distinguish between ESI instructions legitimately provided by the application server and malicious instructions injected by a malicious party. We identified that ESI can be used to perform SSRF, bypass reflected XSS filters (Chrome), and perform Javascript-less cookie theft, including HTTPOnly cookies.

Identified affected vendors include Akamai, Varnish, Squid, Fastly, WebSphere, WebLogic, F5, and countless language-specific solutions (NodeJS, Ruby, etc.). This presentation will start by introducing ESI and visiting typical infrastructures leveraging it. We will then delve into identification, exploitation of popular ESI engines, and mitigation.

ldionmarcil
Louis is a Security Analyst working at GoSecure in Montreal where he specializes in offensive appsec and pentest on medium to large scale organizations. Seasoned CTF participant and sometimes finalist with the DCIETS team, he has also written challenges for various competitions. Having recently obtained his Software Engineering degree, he dabbles in various research engagements between pentests.

@ldionmarcil


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Roman Chillout - Saturday - 20:00-19:59


EFF Fireside Hax (AKA Ask the EFF)

Saturday at 20:00 in Roman Chillout
Fireside Hax | Audience Participation

Kurt Opsahl Deputy Executive Director & General Counsel, Electronic Frontier Foundation

Nate Cardozo EFF Senior Staff Attorney

Jamie Lee Williams EFF Staff Attorney

Andrés Arrieta Technology Products Manager

Katiza Rodriguez International Rights Director

Nathan 'nash' Sheard Grassroots Advocacy Organizer

Relax and enjoy a Fireside Hax chat while you get the latest information about how the law is racing to catch up with technological change from staffers at the Electronic Frontier Foundation, the nation's premiere digital civil liberties group fighting for freedom and privacy in the computer age. This Fireside Hax discussion will include updates on current EFF issues such as the government's effort to undermine encryption (and add backdoors), the fight for network neutrality, discussion of our technology projects to spread encryption across the Web and emails, updates on cases and legislation affecting security research, and much more. Half the session will be given over to question-and-answer, so it's your chance to ask EFF questions about the law and technology issues that are important to you.

Kurt Opsahl
Kurt Opsahl is the Deputy Executive Director and General Counsel of the Electronic Frontier Foundation. In addition to representing clients on civil liberties, free speech and privacy law, Opsahl counsels on EFF projects and initiatives. Opsahl is the lead attorney on the Coders' Rights Project. Before joining EFF, Opsahl worked at Perkins Coie, where he represented technology clients with respect to intellectual property, privacy, defamation, and other online liability matters, including working on Kelly v. Arribasoft, MGM v. Grokster and CoStar v. LoopNet. For his work responding to government subpoenas, Opsahl is proud to have been called a "rabid dog" by the Department of Justice. Prior to Perkins, Opsahl was a research fellow to Professor Pamela Samuelson at the U.C. Berkeley School of Information Management & Systems. Opsahl received his law degree from Boalt Hall, and undergraduate degree from U.C. Santa Cruz. Opsahl co-authored "Electronic Media and Privacy Law Handbook." In 2007, Opsahl was named as one of the "Attorneys of the Year" by California Lawyer magazine for his work on the O'Grady v. Superior Court appeal. In 2014, Opsahl was elected to the USENIX Board of Directors.

@kurtopsahl

Nate Cardozo
Nate Cardozo is a Senior Staff Attorney on the Electronic Frontier Foundation's digital civil liberties team. In addition to his focus on free speech and privacy litigation, Nate works on EFF's Who Has Your Back? report and Coders' Rights Project. Nate has projects involving cryptography and the law, automotive privacy, government transparency, hardware hacking rights, anonymous speech, electronic privacy law reform, Freedom of Information Act litigation, and resisting the expansion of the surveillance state. A 2009-2010 EFF Open Government Legal Fellow, Nate spent two years in private practice before returning to his senses and to EFF in 2012. Nate has a B.A. in Anthropology and Politics from U.C. Santa Cruz and a J.D. from U.C. Hastings where he has taught first-year legal writing and moot court. He brews his own beer, has been to India four times, and watches too much Bollywood.

Jamie Lee Williams
Jamie Williams is a staff attorney at the Electronic Frontier Foundation, where she is part of EFF's civil liberties team. Jamie focuses on the First and Fourth Amendment implications of new technologies, and is part of EFF's Coder's Rights Project, which protects programmers and developers engaged in cutting-edge exploration of technology. Jamie joined EFF in 2014. Prior to joining EFF, Jamie clerked for Judge Saundra Brown Armstrong in the Northern District of California, and practiced at Paul Hastings LLP, as an associate in the firms' litigation department. Jamie was also a law clerk at the Alameda County Public Defender. Jamie has a J.D. from the University of California, Berkeley School of Law (Boalt Hall) and a B.A. in journalism from the University of Wisconsin, Madison.

Andrés Arrieta
Andrés Arrieta is the Technology Projects Manager for the Electronic Frontier Foundation. A Telecom and Electronics Engineer, he previously worked for Mobile Operators managing and developing projects from the Radio and Core networks to IT systems like Spotify Premium for Movistar. Seeing the state of privacy in the digital world from previous experiences, he joins the EFF to help develop tools that address these issues.

Katiza Rodriguez
Katitza Rodriguez is EFF's international rights director. She concentrates on comparative policy of international privacy issues, with special emphasis on law enforcement, government surveillance, and cross border data flows. Her work in EFF's International Program also focuses on cybersecurity at the intersection of human rights. Katitza also manages EFF's growing Latin American programs. She was an advisor to the UN Internet Governance Forum (2009-2010). Before joining EFF, Katitza was director of the international privacy program at the Electronic Privacy Information Center in Washington D.C., where amongst other things, she worked on The Privacy and Human Rights Report,an international survey of privacy law and developments. Katitza is well known to many in global civil society and in international policy venues for her work at the U.N. Internet Governance Forum and her pivotal role in the creation and ongoing success of the Civil Society Information Society Advisory Council at the Organisation for Economic Co-operation and Development, for which she served as the civil society liaison while at EPIC from 2008 to March 2010. Katitza holds a Bachelor of Law degree from the University of Lima, Peru. Katitza's twitter handle is @txitua.

Nathan 'nash' Sheard
Nathan 'nash' Sheard is EFF's Grassroots Advocacy Organizer. nash works directly with community members and organizations to take advantage of the full range of tools provided by access to tech, while engaging in empowering action toward the maintenance of digital privacy and information security.


Return to Index    -    Add to    -    ics Calendar file

 

Contest - Contest Stage - Friday - 16:00-17:59


Title:
EFF Tech Trivia

EFF's team of technology experts have crafted challenging trivia about the fascinating, obscure, and trivial aspects of digital security, online rights, and Internet culture. Competing teams will plumb the unfathomable depths of their knowledge, but only the champion hive mind will claim the First Place Tech Trivia Cup and EFF swag pack. The second and third place teams will also win great EFF gear.
Judged by Jack Adniel, Alex Stamos, Noise, and Gritty Grease

More Info: @EFF   https://eff.org/

Return to Index    -    Add to    -    ics Calendar file

 

BTV - Flamingo 3rd Flr- Savoy Rm - Friday - 11:50-12:10


Effective Log & Events Management

Friday at 11:50-12:10
20 minutes

Russell Mosley@sm0kem

Logs, right? Do you run an expensive SIEM? If not, this talk is for you. An effective process for managing logs and security events with built-in and open-source tools will be detailed. I'll share reports and tickets from our organization and describe how we analyze them to improve IT operations, situational awareness, security posture, and pass audits.

Russell Mosley
Russell is an IT Infrastructure & Security Director for a DC-area software services company and an organizer with BSides Charm. Russell has seventeen years' experience in IT operations and Enterprise Defense and is responsible for the organization's compliance with SOC and FISMA requirements. He holds degrees from UMBC, UMUC, and Towson University as well as CISSP and several vendor certifications.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Friday - 12:55-13:35


Emergent Recon - fresh methodology and tools for hackers in 2018 - Jason Haddix

Recon is an art AND an science. The landscape for methods of finding hosts to attack is constantly changing. Whether you call it “Asset Discovery” or something else, it remains a core part of bounty hunter and red teaming life. Join Jason as he expands on his ever changing recon methodology.

This talk will focus on what tools to incorporate (and which tools not to). It will outline new methods coined in 2018, plus frameworks to automate and document your workflow. Topics include: brand/TLD discovery, host enumeration, application threat modeling, and more!


Return to Index    -    Add to    -    ics Calendar file

 

EHV - Caesars Promenade Level - Modena Rm - Friday - 16:00-16:59


Title: Ethical Disclosure and the Reduction of Harm

Speakers: Speaker TBA

Description:

How does a researcher become empowered to influence business and marketing leaders to balance coordinated disclosure, opsec protection, and tradecraft protection, with corporate interests? This talk examines use cases gone wrong, and opportunities for all groups to work together to make it right.




Return to Index    -    Add to    -    ics Calendar file

 

EHV - Caesars Promenade Level - Modena Rm - Friday - 13:00-13:59


Title: Ethics for Security Practitioners

Speakers: Speaker TBA

Description:

While at the first glance infosec might seem to be a mainly technical domain you might encounter ethical dilemmas very soon once you start working in the field (namely when you do offensive stuff). In this talk I'll provide an introduction how to tackle such situations in a structured way and on the basis of common approaches and values.




Return to Index    -    Add to    -    ics Calendar file

 

EHV - Caesars Promenade Level - Modena Rm - Saturday - 11:00-11:59


Title: Ethics of Technology in Humanitarian and Disaster Response

Speakers: Speaker TBA

Description:

How do we combat the moral dilemmas technology brings to humanitarian and disaster response? Ethically based decision making can improve the influence of technology during a crisis.




Return to Index    -    Add to    -    ics Calendar file

 

BTV - Flamingo 3rd Flr- Savoy Rm - Friday - 12:30-13:20


Evolving security operations to the year 2020

Friday at 12:30-13:20
50 minutes

@IrishMASMS

The security operations aspect of your Information Security risk management program is where the “rubber meets the road” — the tools and people you have to implement the process and procedures you put together to find the badness and put out the fires. How has the concept of security operations evolved, and where are we headed? There is plenty of buzzword bingo: UBA, UEBA, machine learning and artificial intelligence, network abnormality detection, the marketing conversations of evolving to that SOC of 2020 — what do all these really mean to you and your operations and which can be useful in your efforts to find the badness?

@IrishMASMS
IrishMASMS is an old school hacker, fighting the good fight in Computer Network Defense (CND)/blue team efforts for more than 18 years. He has been lurking about since DEFCON 10, a panel member at HOPE 5, a presenter at a couple of Notacons, and a few other conferences where it may be hard to remember what really occurred. Having progressed through the ranks from a Security Operations Center (SOC) analyst to manager and director of Information Security risk management programs, he has experienced the wide opportunities for pain in our industry — and desires to help improve rather than perpetuate, nurture rather than exclude.


Return to Index    -    Add to    -    ics Calendar file

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Saturday - 14:00-14:30


Title: Examining Monero's Ring Signatures

Speakers: Justin Ehrenhofer

Description:
No description available



Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - Sunday - 12:00-13:50


Expl-iot—IoT Security Testing and Exploitation framework

Sunday 08/12/18 from 1200-1350 at Table Two
IoT Testers- Pentesters- IoT developers- Offense- Hardware

Aseem Jakhar

Expl-iot is an open source flexible and extendable framework for IoT Security Testing and exploitation. It will provide the building block for writing exploits and other IoT security assessment test cases with ease. Expliot will support most IoT communication protocols, firmware analysis, hardware interfacing functionality and test cases that can be used from within the framework to quickly map and exploit an IoT product or IoT Infrastructure.It will help the security community in writing quick IoT test cases and exploits. The objectives of the framework are: 1. Easy of use 2. Extendable 3. Support for hardware, radio and IoT protocol analysisWe released Expl-iot ruby version in 2017. Once we started implementing hardware and radio functionality, we realized that ruby does not have much support for hardware and radio analysis which led us to deprecate it and re-write it in python to support more functionality. We are currently working on the python3 version and will release it in a month. The new beta release is envisioned to have support for UART(serial), ZigBee, BLE, MQTT, CoAP (next version will have support for JTAG, I2C and SPI) and few miscellaneous test cases.

https://bitbucket.org/aseemjakhar/expliot_framework

Aseem Jakhar
Aseem Jakhar is the Director, research at Payatu Software Labs http://payatu.com a boutique security testing company specializing in IoT, Embedded, cloud, mobile security testing. He is the founder of null-The open security community, registered not-for-profit organization http://null.co.in and also the founder of nullcon security conference http://nullcon.net and hardwear.io security conference. He has worked on various security software including UTM appliances, messaging/security appliances, anti-spam engine, anti-virus software, bayesian engine to name a few. He currently spends his time researching on IoT security and hacking things. He is an active speaker and trainer at security conferences like AusCERT, Black Hat, Brucon, Defcon, Hack.lu, Hack in Paris, Hack In The Box, PHDays and many more. He has authored various open source security software including


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Saturday - 11:00-11:45


Exploiting Active Directory Administrator Insecurities

Saturday at 11:00 in Track 1
45 minutes | Demo

Sean Metcalf CTO, Trimarc

Defenders have been slowly adapting to the new reality: Any organization is a target. They bought boxes that blink and software that floods the SOC with alerts. None of this matters as much as how administration is performed: Pop an admin, own the system. Admins are being dragged into a new paradigm where they have to more securely administer the environment. What does this mean for the pentester or Red Teamer?

Admins are gradually using better methods like two-factor and more secure administrative channels. Security is improving at many organizations, often quite rapidly. If we can quickly identify the way that administration is being performed, we can better highlight the flaws in the admin process.

This talk explores some common methods Active Directory administrators (and others) use to protect their admin credentials and the flaws with these approaches. New recon methods will be provided on how to identify if the org uses an AD Red Forest (aka Admin Forest) and what that means for one hired to test the organization's defenses, as well as how to successfully avoid the Red Forest and still be successful on an engagement.

Some of the areas explored in this talk:

If you are wondering how to pentest/red team against organizations that are improving their defenses, this talk is for you. If you are a blue team looking for inspiration on effective defenses, this talk is also for you to gain better insight into how you can be attacked.

Sean Metcalf
Sean Metcalf is founder and principal consultant at Trimarc (www.TrimarcSecurity.com) a consulting company which focuses on improving enterprise Active Directory security. He is one of about 100 people in the world who holds the Microsoft Certified Master Directory Services (MCM) certification, is a former Microsoft MVP, and has presented on Active Directory attack and defense at Black Hat, BSides, DEF CON, DerbyCon, BlueHat, & Shakacon security conferences. He currently provides security consulting services to customers and regularly posts interesting Active Directory security information on his blog, ADSecurity.org.


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Sunday - 10:15-10:59


Title: Exploiting immune defences - can malware learn from biological viruses?

Speaker: Guy Propper
Abstract:
Biological viruses have existed and evolved for millions of years, maliciously exploiting host cells for survival. How have they done this, and what can we learn from it?
Extremely advanced mechanisms for privilege escalation, persistence, and defence evasion have been used by biological viruses long before malware was first written.
This talk will provide an understanding of what mechanisms are used by biological viruses to exploit immune defences, persist, and survive in the arms race with the immune system.
Surprising differences between malware and virus actions will be shown, and some mechanisms which are used by viruses, but have not been adopted, or even attempted by malware, will be revealed.
No biological background is needed, only an open mind.

Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Saturday - 13:00-13:59


Title:
Exploiting IoT Communications - A Cover within a Cover

Mike Raggo & Chet Hosmer
@MikeRaggo & @ChetHosmer

Exploiting IoT Communications - A Cover within a Cover

As IoT continues to introduce new operating systems, protocols, and frequencies the attack surface available for hidden communications increases substantially. In this presentation we explore the fundamental flaws in many of these IoT designs to identify methods of exploiting these communications by hiding data and riding these channels to deliver data and messages between devices and networks. Well cover M2M carrier packets, IoT Hub out-of-band communications, and IoT dead-drops in the cloud. Then with proof of concept code well demonstrate these exploits for the audience, and provide the basis for enhancing ones forensic strategy by looking deeper into these mysterious IoT communications.


Return to Index    -    Add to    -    ics Calendar file

 

IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - Friday - 13:15-13:59



Return to Index    -    Add to    -    ics Calendar file

 

WLV - Caesars Promenade Level - Milano BR 5,6 - Friday - 17:30-17:55


Faz

Bio

Edward Farrell (AKA Faz) runs his own cybersecurity practice in Sydney (Australia) & lectures at UNSW Canberra in wireless security.

Exploring the 802.15.4 attack surface

Abstract

Whilst 802.15.4 technologies such as Zigbee have been around for some time, our understanding of threats and risks associated with it have been lacking. As new use cases evolve, so have the opportunities for attack and exploitation. The purpose of this talk is to provide a real world exploration of where I've been finding zigbee devices with a purpose built war driving kit, some of the live collection I've done as well as an exploration of risks and what can be done. By the end of this talk, audience members will have an appreciation for cool technologies floating around their environments, an appreciation the issues associated with the 802.15.4 protocol, and how to plan and prepare from a security standpoint.


Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Sunday - 10:00-10:59


Title:
Facial Recognition - Let me let you in on a secret

Stumbles The Drunk

@stumblesthedrunk

Facial Recognition - Let me let you in on a secret

Facial Recognition is being inserted in to the authentication and verification process of our Driver Licences, Passports, and other unimportant government documents. Let's talk about how it short falls and how to #$@! with it.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Friday - 13:30-13:50


Fasten your seatbelts: We are escaping iOS 11 sandbox!

Friday at 13:30 in Track 3
20 minutes | Demo, Exploit

Min (Spark) Zheng Security Expert, Alibaba Inc.

Xiaolong Bai Security Engineer, Alibaba Inc.

Apple's sandbox was introduced as "SeatBelt" in macOS 10.5 which provided the first full-fledged implementation of the MACF policy. After a successful trial on macOS, Apple applied sandbox mechanism to iOS 6. In its implementation, the policy hooked dozens of operations. The number of hooks has been growing steadily when new system calls or newly discovered threats appeared. In the beginning, Apple's sandbox used a black list approach which means Apple originally concentrated on the known dangerous APIs and blocked them, allowing all others by default. However, with the evolution of Apple's sandbox, it applies a white list approach that denies all APIs and only allows secure ones that Apple trusts.

In this talk, we will first introduce Apple's sandbox mechanism and profiles in the latest iOS. Then, we discuss iOS IPC mechanism and review several old classic sandbox escape bugs. Most importantly, we show two new zero-day sandbox escape vulnerabilities we recently discovered in the latest iOS 11.4. Besides, we share our experience of exploiting vulnerabilities in system services through OOL msg heap spray and ROP (Return-oriented programming). In addition, we discuss a task port exploit technique which can be used to control the whole remote process through Mach messages. By using these techniques, security researchers could find and exploit sandbox escape bugs to control iOS user mode system services and further attack the kernel.

Min (Spark) Zheng
Min (Spark) Zheng (twitter@SparkZheng, github@zhengmin1989) is a security expert in Alibaba Orion Security Lab. He received his Ph.D. degree in the CSE department of the CUHK. His research focuses on malware analysis, smartphone (Android & iOS) security, system design and implementation. Before receiving Alibaba A-Star offer award in 2015, he worked in FireEye, Baidu and Tencent. He was the champion of GeekPwn 2014 and AliCTF 2015. He won the"best security researcher" award in FIT 2016 for detecting the iOS/macOS vulnerabilities, XcodeGhost virus and WormHole RCE vulnerability. He is a member of the OverSky team for private jailbreaking development. He presented his research in DEF CON, HITB, BlackHat, RUXCON, etc.

@SparkZheng

Xiaolong Bai
Xiaolong Bai (twitter@bxl1989, github@bxl1989) is a security engineer in Alibaba Orion Security Lab. Before joining Alibaba, he received his Ph.D. degree in Tsinghua University. He has published several research papers on top conferences including IEEE S&P, Usenix Security, CCS, NDSS, and presented his research in Black Hat USA and Hack In The Box. He has been acknowledged by famous vendors, including Apple, Google, Facebook, Evernote, and Tencent for his contribution in discovering the vulnerabilities in their systems and improving the security of their products. He is a member of the OverSky team for private jailbreaking development.

@bxl1989


Return to Index    -    Add to    -    ics Calendar file

 

PHW - Caesars Promenade Level - Neopolitan BR - Friday - 15:30-16:59


Finding and Attacking Undocumented APIs with Python

Write Python web bots using Selenium and BrowserMob Proxy to crawl the Internet looking for non-public APIs. We will look at several ways to identify vulnerabilities in discovered APIs as a means for penetration testing and large scale data gathering. Participants should have some Python experience, as well as a familiarity with HTTP requests.

Ryan Mitchell is a senior software engineer at HedgeServ in Boston, where she develops APIs and data analytics tools for hedge fund managers. She is a graduate of Olin College of Engineering and Harvard University Extension School with a master's in software engineering and certificate in data science. Since 2012 she has regularly consulted, lectured, and run workshops around the country on the topics of web scraping, Python automation tools, and data science.


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon D - Thursday - 10:00-13:59


Finding Needles in Haystacks

Thursday, 1000-1400 in Icon D

Louis Nyffenegger Security Engineer, Pentester Lab

Luke Jahnke Security Researcher, Elttam

With more and more teams moving to Agile, security engineers need to be ready to find bugs by just looking at a diff in Stash or Github. This workshop will give you the basics to get started and know what to look for. Based on 3 exercises in 3 different languages (PHP, Golang and Ruby), we will cover simple to more advanced issues and show you where to look and what you can find. After this workshop, you will be ready to start doing code review for fun or as a way to get further as part of a post-exploitation.

Prerequisites: The students should be able to use a text editor and navigate source code. Basic knowledge of Git, PHP, Ruby and Go will definitely help but is not mandatory.

Materials: A laptop with 4Gb of RAM. Internet access during the class.

Max students: 33

Registration: -CLASS FULL- https://www.eventbrite.com/e/finding-needles-in-haystacks-icon-d-tickets-47086263281
(Opens July 8, 2018 at 15:00 PDT)

Louis Nyffenegger
Louis Nyffenegger is a security engineer and entrepreneur based in Melbourne, Australia. He performs pentest, architecture and code review on a daily basis. Louis is the founder of PentesterLab, a learning platform for web penetration testing.

Luke Jahnke
Luke Jahnke is a Security Researcher at Elttam. He has extensive experience performing security assessments and running training. He enjoys working on interest vulnerabilities and runs the biennial BitcoinCTF competition.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Friday - 13:00-13:30


Finding Xori: Malware Analysis Triage with Automated Disassembly

Friday at 13:00 in Track 2
20 minutes | Demo, Tool

Amanda Rousseau Senior Malware Researcher at Endgame Inc.

Rich Seymour Senior Data Scientist at Endgame Inc

In a world of high volume malware and limited researchers we need a dramatic improvement in our ability to process and analyze new and old malware at scale. Unfortunately what is currently available to the community is incredibly cost prohibitive or does not rise to the challenge. As malware authors and distributors share code and prepackaged tool kits, the corporate sponsored research community is dominated by solutions aimed at profit as opposed to augmenting capabilities available to the broader community. With that in mind, we are introducing our library for malware disassembly called Xori as an open source project. Xori is focused on helping reverse engineers analyze binaries, optimizing for time and effort spent per sample.

Xori is an automation-ready disassembly and static analysis library that consumes shellcode or PE binaries and provides triage analysis data. This Rust library emulates the stack, register states, and reference tables to identify suspicious functionality for manual analysis. Xori extracts structured data from binaries to use in machine learning and data science pipelines.

We will go over the pain-points of conventional open source disassemblers that Xori solves, examples of identifying suspicious functionality, and some of the interesting things we've done with the library. We invite everyone in the community to use it, help contribute and make it an increasingly valuable tool for researchers alike.

Amanda Rousseau
Amanda Rousseau absolutely loves malware. She works as a Senior Malware Researcher at Endgame who focuses on dynamic behavior detection both on Windows and OSX platforms. She worked as a malware researcher at FireEye before joining Endgame. She previously worked a reverse engineer and computer forensic examiner working for DoD forensic investigations and commercial incident response engagements. She received her MS in Information Systems Engineering from Johns Hopkins University. Research interests include malware evasion techniques, dynamic behavior classification, and developing runtime detections.

@malwareunicorn

Rich Seymour
Rich Seymour is a senior data scientist at Endgame, where he works on integrating R&D successes into the company's platform and experimenting with new techniques to make security sensible. He's currently working on improving natural language understanding in the Artemis chatbot in the Endgame platform and understanding how to catch adversary tradecraft. He holds a PhD in materials science and an MS in computer science, both from the University of Southern California, where he worked on high-performance computing simulations of nanoscale materials under stress. He has spoken at USENIX SOUPS, Shmoocon and O'Reilly Security.

@rseymour


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Saturday - 14:30-14:50


Fire & Ice: Making and Breaking macOS Firewalls

Saturday at 14:30 in Track 3
20 minutes | Demo, Tool, Exploit

Patrick Wardle Chief Research Officer, Digita Security

In the ever raging battle between malicious code and anti-malware tools, firewalls play an essential role. Many a malware has been generically thwarted thanks to the watchful eye of these products.

However on macOS, firewalls are rather poorly understood. Apple's documentation surrounding it's network filter interfaces is rather lacking and all commercial macOS firewalls are closed source.

This talk aims to take a peek behind the proverbial curtain revealing how to both create and 'destroy' macOS firewalls.

In this talk, we'll first dive into what it takes to create an effective firewall for macOS. Yes we'll discuss core concepts such as kernel-level socket filtering—but also how to communicate with user-mode components, install privileged code in a secure manner, and simple ways to implement self-defense mechanisms (including protecting the UI from synthetic events).

Of course any security tool, including firewalls, can be broken. After looking at various macOS malware specimens that proactively attempt to detect such firewalls, we'll don our 'gray' (black?) hats to discuss various attacks against these products. And while some attacks are well known, others are currently undisclosed and can generically bypass even today's most vigilant Mac firewalls.

But all is not lost. By proactively discussing such attacks, combined with our newly-found understandings of firewall internals, we can improve the existing status quo, advancing firewall development. With a little luck, such advancements may foil, or at least complicate the lives of tomorrow's sophisticated Mac malware!

Patrick Wardle
Patrick Wardle is the Chief Research Officer at Digita Security and founder of Objective-See. Having worked at NASA and the NSA, as well as presented at countless security conferences, he is intimately familiar with aliens, spies, and talking nerdy. Patrick is passionate about all things related to macOS security and thus spends his days finding Apple 0days, analyzing macOS malware and writing free open-source security tools to protect Mac users.

@patrickwardle


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 10:00-11:50


firstorder

Saturday 08/11/18 from 1000-1150 at Table Three
Offense

Utku Sen

Gozde Sinturk

Perimeter defenses are holding an important role in computer security. However, when we check the method of APT groups, a single spear-phishing usually enough to gain a foothold on the network. Therefore, red teams are mostly focused on "assume breach" type of scenarios. In these scenarios, testers need to use a post-exploitation framework. Besides that, testers also need to hide the server-agent communication from NIDS (Network Intrusion Detection Systems). firstorder is designed to evade Empire's C2-Agent communication from anomaly-based intrusion detection systems. It takes a traffic capture file (pcap) of the network and tries to identify normal traffic profile. According to results, it creates an Empire HTTP listener with appropriate options.

Utku Sen
Utku Sen is a security researcher who is mostly focused on following areas: application security, network security, tool development. He presented his tool, Leviathan Framework in Black Hat USA Arsenal and DEF CON Demo Labs in 2017. He also nominated for Pwnie Awards on "Best Backdoor" category in 2016.". He currently works in Tear Security.

Gozde Sinturk
Gozde Sinturk is Security Researcher and Python Developer who involved in projects related to machine learning, natural language processing, and big data. She is developing security tools in her current position. She currently works in Tear Security.


Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Sunday - 12:00-12:59


Fishing for Phishers. The Enterprise Strikes Back!

Joseph Muniz, Cisco
Aamir Lakhani, Fortinet

Phishing and social engineering has been around since Han Solo has flown the Millennium Flacon. The typically response is deleting the messages and giving the middle finger however, what more could be done to strike back? This talk will cover how to build an artificial environment and develop anti phishing tools used to respond to phishing attempts. Results could include owning the attacker's box "hypothetically" since some legal boundaries could be crossed.

Joseph Muniz is an architect at Cisco Systems. Aamir Lakhani (Twitter: @SecureBlogger) is a lead researcher at Fortinet. Together, they have spoken at various conferences including the infamous Social Media Deception RSA talk quoted by many sources found by searching "Emily Williams Social Engineering." They are also making their fourth appearance for the DEF CON Wall of Sheep. Both speakers have written books together including a recent title Digital Forensics for Network Engineers released on Cisco Press late February 2018. They have been friends for years and continue to collaborate on research and other projects.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Sunday - 10:00-10:45


For the Love of Money: Finding and exploiting vulnerabilities in mobile point of sales systems

Sunday at 10:00 in Track 3
45 minutes | Demo, Tool

Leigh-Anne Galloway Cyber Security Resilience Lead, Positive Technologies

Tim Yunusov Hacker

These days it's hard to find a business that doesn't accept faster payments. Mobile Point of Sales (mPOS) terminals have propelled this growth lowering the barriers for small and micro-sized businesses to accept non-cash payments. Older payment technologies like mag-stripe still account for the largest majority of all in-person transactions. This is complicated further by the introduction of new payment standards such as NFC. As with each new iteration in payment technology, inevitably weaknesses are introduced into this increasingly complex payment eco-system.

In this talk, we ask, what are the security and fraud implications of removing the economic barriers to accepting card payments; and what are the risks associated with continued reliance on old card standards like mag-stripe? In the past, testing for payment attack vectors has been limited to the scope of individual projects and to those that have permanent access to POS and payment infrastructure. Not anymore!

In what we believe to be the most comprehensive research conducted in this area, we consider four of the major mPOS providers spread across the US and Europe; Square, SumUp, iZettle and Paypal. We provide live demonstrations of new vulnerabilities that allow you to MitM transactions, send arbitrary code via Bluetooth and mobile application, modify payment values for mag-stripe transactions, and a vulnerability in firmware; DoS to RCE. Using this sampled geographic approach, we are able to show the current attack surface of mPOS and, to predict how this will evolve over the coming years.

For audience members that are interested in integrating testing practices into their organization or research practices, we will show you how to use mPOS to identify weaknesses in payment technologies, and how to remain undetected in spite of anti-fraud and security mechanisms.

Leigh-Anne Galloway
Leigh-Anne Galloway is a Security Researcher who specializes in the areas of application and payment security. Leigh-Anne started her career in incident response, leading investigations into payment card data breaches. This is where she discovered her passion for security advisory and payment technologies. She has presented and authored research on ATM security, application security and payment technology vulnerabilities, and has previously spoken at DevSecCon, BSides, Hacktivity, 8dot8, OWASP, and Troopers.

@L_AGalloway

Tim Yunusov
Tim Yunusov is a Senior Expert in the area of banking security and application security. He has authored multiple research in these areas including "Apple Pay replay attacks" (Black Hat USA 2017), "7 sins of ATM protection against logical attacks" (PacSec, POC), "Bruteforce of PHPSESSID", "XML Out-Of-Band" (Black Hat EU), and is rated in the Top Ten Web Hacking Techniques by WhiteHat Security. He regularly speaks at conferences and has previously spoken at CanSecWest, Black Hat USA, Black Hat EU, HackInTheBox, Nullcon, NoSuchCon, Hack In Paris, ZeroNights and Positive Hack Days.

@a66at


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon A - Thursday - 14:30-18:30


Forensic Investigation for the Non-Forensic Investigator

Thursday, 1430-1830 in Icon A

Gary Bates Technology Director

This workshop will provide a foundation to attendees on the basics of performing a forensic investigation on a corporate or SOHO network. The course will primarily discuss forensics on a Windows system and network, but, Linux and Mac systems will be briefly discusses during the workshop where applicable. Attendees will learn techniques on how to properly collect possible evidentiary data, how to store the collected data, how to analyze the information and evaluate the data. Topics that will be covered include: - Pre-incident.. Setting up your forensic analysis toolkit. - First contact with an incident. What should you do and not do. - Collecting volatile data. Tools and techniques - Collecting and storing non-volatile data. - Utilizing open source software to analyze the data - Making a determination and writing the report based on the analyzed data. - What to do with the collected and analyzed information. This workshop is intended to provide a basic overview of how to properly collect and handle data in a corporate or enterprise network. The course will cover several tools and provide labs for the students to complete to familiarize themselves with how the tools work and the proper procedures to use. However, this class will not make a deep dive into any of the tools. Nor is this class intended for the professional forensic investigator.

Prerequisites: Students need to have a knowledgeable background in IT Administration, basic knowledge of file structures and how the Windows OS works. Students should be knowledgeable in utilizing VirtualBox and how to setup VMs and attach virtual hard drives.

Materials: Students will need to bring a laptop capable of running no more than 3 VMs. The latest version of VirtualBox should be installed.

Max students: 24

Registration: -CLASS FULL- https://www.eventbrite.com/e/forensic-investigation-for-the-non-forensic-investigator-icon-a-tickets-47086683538
(Opens July 8, 2018 at 15:00 PDT)

Gary Bates
Gary works as the Technology Director for a medium size city in Texas. This job requires him to wear many hats to include performing forensic analysis on enterprise systems. In addition, he has helped the City's police department with several criminal cases that involved the collection of network and stored data from systems under investigation. Additionally, he teaches information security classes at the local junior college to include a forensic investigation course for IT security students. Besides 15 years of experience in the IT field, he has a BS in Network Administration and a Masters in Information Security Assurance. He, also, holds several industry certifications to include a Certified Ethical Forensic Investigator Certification. Since he is easily distracted and always curious, he has a wide-range of interest and off-hour projects that run the gambit from in-depth study about cyber security to data analysis programming to electronic projects that use the Raspberry Pi and Arduino chips.


Return to Index    -    Add to    -    ics Calendar file

 

IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - Saturday - 10:15-10:59



Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Friday - 15:00-15:59


Freedom of Information - Hacking the Human Black Box

Elliott Brink, Senior Penetration Tester at RSM US LLP

FOIA (otherwise known as the Freedom of Information Act or FOI/Freedom of Information in Australia) are government-based initiatives to permit the public to request information on various government records. In practice, these acts enable transparency of the operations of government to the masses with relative ease. In reality, submitting FOI requests can be a cumbersome and frustrating process for citizens.

For two years now I have been hacking this human black box - finding out what you can/cannot ask for and more importantly how to ask for information and get it! Have you ever asked the government for a log file, Cisco IOS running config or Active Directory group policies? Do you ever wonder if a government employee would provide you with such information if you asked really really nicely? Let's find out together! For the past couple of years I have been performing various technology-focused FOI requests in an attempt to answer one simple argument: Can you utilize freedom of information to enumerate technical information from government agencies? I present my research, findings and results of multiple years of submitting FOIA requests to various USA and Australian government institutions including multiple intelligence agencies. We will discover the fun times and challenges when performing such requests.

Attendees will gain practical knowledge about: what FOIA is, the caveats of FOIA, how you can utilize FOIA on red team engagements and other open source intelligence gathering activities and finally the results of my research in multiple requests to intelligence agencies.

Elliott Brink (Twitter: @ebrinkster) is an information security consultant based out of NYC. He specializes in internal/external pentesting, security architecture and social engineering. He loves computer history, tracking bad guys, honeypots, an expertly crafted bloody mary, and traveling the globe.


Return to Index    -    Add to    -    ics Calendar file

 

Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South - Thursday - 12:00-12:59


Title:
Friends of Bill W

For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon &5pm Thurs-Sat, Noon Sun. The location is Office 4 Behind the @dcib.

Stop by, refresh yourself.

We\x92ll be here.

Return to Index    -    Add to    -    ics Calendar file

 

Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South - Thursday - 17:00-17:59


Title:
Friends of Bill W

For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon &5pm Thurs-Sat, Noon Sun. The location is Office 4 Behind the @dcib.

Stop by, refresh yourself.

We\x92ll be here.

Return to Index    -    Add to    -    ics Calendar file

 

Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South - Friday - 12:00-12:59


Title:
Friends of Bill W

For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon &5pm Thurs-Sat, Noon Sun. The location is Office 4 Behind the @dcib.

Stop by, refresh yourself.

We\x92ll be here.

Return to Index    -    Add to    -    ics Calendar file

 

Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South - Friday - 17:00-17:59


Title:
Friends of Bill W

For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon &5pm Thurs-Sat, Noon Sun. The location is Office 4 Behind the @dcib.

Stop by, refresh yourself.

We\x92ll be here.

Return to Index    -    Add to    -    ics Calendar file

 

Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South - Saturday - 12:00-12:59


Title:
Friends of Bill W

For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon &5pm Thurs-Sat, Noon Sun. The location is Office 4 Behind the @dcib.

Stop by, refresh yourself.

We\x92ll be here.

Return to Index    -    Add to    -    ics Calendar file

 

Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South - Saturday - 17:00-17:59


Title:
Friends of Bill W

For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon &5pm Thurs-Sat, Noon Sun. The location is Office 4 Behind the @dcib.

Stop by, refresh yourself.

We\x92ll be here.

Return to Index    -    Add to    -    ics Calendar file

 

Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South - Sunday - 12:00-12:59


Title:
Friends of Bill W

For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon &5pm Thurs-Sat, Noon Sun. The location is Office 4 Behind the @dcib.

Stop by, refresh yourself.

We\x92ll be here.

Return to Index    -    Add to    -    ics Calendar file

 

SEV - Caesars Promenade South - Octavius BR 3-8 - Friday - 16:00-16:50


Friday August 10 1600 50 Mins

From Introvert to SE: The Journey

In 20 years I learned how to step outside my introverted personality to explore the world in a more successful way, but not without bumps and bruises which taught me valuable lessons.

This is my story of that journey which I hope to convey to those listening that being a deep introvert should not prevent them from trying and achieving goals in life up to and including being a professional social engineer and beyond. I wrap up with the specific lessons I learned over the course of that time, so others can reap the benefits of those lessons in a much shorter time frame.

Ryan MacDougall: @joemontmania

Ryan MacDougall is a Senior Social Engineer Pentester for Social-Engineer LLC, who has over 20 years’ experience in the information technology world and 5 years in the security space specifically. Naturally a deep introvert, he has achieved goals and experienced life that early on did not seem possible or even imaginable. With the help of professionals and experts in the field of psychology, he amassed techniques to navigate the social world to achieve goals he wanted and some he never knew he wanted.


Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Friday - 14:00-14:59


Title:
From MormonLeaks to FaithLeaks

Ethan Gregory Dodge
@Mormon_Leaks @FaithLeaks @egd_io
From MormonLeaks to FaithLeaks

Last year Ethan spoke as Privacy P. Pratt, the anonymous technical mind behind the whistle-blowing organization MormonLeaks and chronicled its history and impact up to that point. Since then, he has abandoned the pseudonym, FaithLeaks has been born, and MormonLeaks has uncovered a great deal more. Join Ethan in this sequel to last year and hear about Skytalks-2017-inspired FaithLeaks, exposed sexual and ecclesiastical abuse, financial information the Mormon Church went through great lengths to hide, mistakes made along the way, and how this model is promoting increased transparency in a part of society that desperately needs it.


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon D - Thursday - 14:30-18:30


Fuzzing FTW

Thursday, 1430-1830 in Icon D

Bryce Kunz President, Stage 2 Security

Kevin Lustic Information Security Researcher

Join us in this hands-on introduction to fuzzing workshop, where we will explore how common fuzzing tools (e.g. AFL, libFuzzer, BooFuzz, etc..) are used to discover previously unknown bugs within applications.

We will first cover a general process to follow when fuzzing a targeted application and then provide hands-on labs where students will be able to apply this fuzzing process to quickly discover bugs within applications.

Several different fuzzing techniques will be covered including fuzzing file inputs via blind mutations (e.g. radamsa), fuzzing specific functions within an application via in-process evolutionary fuzzing (e.g. libFuzzer), compile-time instrumentation based fuzzing (e.g. AFL), and fuzzing of network services via generation based fuzzing (e.g. BooFuzz aka Sulley).

Prerequisites: Students need to be comfortable in Kali Linux which includes navigating the OS via the terminal. An understanding of basic networking concepts (i.e TCP/IP) and the HTTP protocol is highly recommended. Some knowledge of the Python scripting language is highly recommended.R26

Materials:

Max students: 33

Registration: -CLASS FULL- https://www.eventbrite.com/e/fuzzing-ftw-icon-d-tickets-47086572205
(Opens July 8, 2018 at 15:00 PDT)

Bryce Kunz
Bryce Kunz (@TweekFawkes) craves righteous red team hacks. Currently, the President of Stage 2 Security. Previously he supported the NSA (network exploitation & vulnerability research), Adobe (built red teaming program for cloud services), and DHS (incident response). Bryce holds numerous certifications (e.g. OSCP, etc...), and has spoken at various security conferences (i.e. BlackHat, DerbyCon, etc...).

Kevin Lustic
Kevin Lustic is an InfoSec researcher located just outside Salt Lake City, Utah. He is currently a red-teamer for Adobe in Lehi, performing offensive security testing against the various Adobe Digital Experience solutions. Prior to joining Adobe, Kevin spent five years in the Intelligence Community as a global network vulnerability analyst, cryptanalyst, and developer in various positions. He earned his Bachelor's degree in Mathematics from Ohio University, then his Master's degree in Cyberspace Operations from the Air Force Institute of Technology under a full NSF-funded CyberCorps scholarship.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Sunday - 15:00-15:45


Fuzzing Malware For Fun & Profit. Applying Coverage-guided Fuzzing to Find and Exploit Bugs in Modern Malware

Sunday at 15:00 in Track 3
45 minutes | Demo, Tool, Exploit

Maksim Shudrak Senior Offensive Security Researcher, Salesforce

Practice shows that even the most secure software written by the best engineers contain bugs. Malware is not an exception. In most cases their authors do not follow the best secure software development practices thereby introducing an interesting attack scenario which can be used to stop or slow-down malware spreading, defend against DDoS attacks and take control over C&Cs and botnets. Several previous researches have demonstrated that such bugs exist and can be exploited. To find those bugs it would be reasonable to use coverage-guided fuzzing.

This talk aims to answer the following two questions: ___ we defend against malware by exploiting bugs in them ? How can we use fuzzing to find those bugs automatically ?

The author will show how we can apply coverage-guided fuzzing to automatically find bugs in sophisticated malicious samples such as botnet Mirai which was used to conduct one of the most destructive DDoS in history and various banking trojans. A new cross-platform tool implemented on top of WinAFL will be released and a set of 0day vulnerabilities will be presented.

Do you want to see how a small addition to HTTP-response can stop a large-scale DDoS attack or how a smart bitflipping can cause RCE in a sophisticated banking trojan? If the answer is yes, this is definitely your talk.

Maksim Shudrak
Maksim is a security researcher, hacker who loves vulnerabilities hunting, fuzzing acrobatics and complex malicious samples reversing. Maksim had a change to work on binary instrumentation, Windows operating system emulators and malware analysis at large cyber security companies around the world.

https://github.com/mxmssh, https://www.linkedin.com/in/mshudrak


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon B - Saturday - 10:00-13:59


Fuzzing with AFL (American Fuzzy Lop)

Saturday, 1000-1400 in Icon B

Jakub Botwicz Primary Security Engineer, Samsun Poland R&D Center

Wojciech Rauner Security Engineer, Samsung Research

This workshop will give participants information how to use afl (American fuzzy lop) to identify vulnerabilities in different applications and modules. afl is a security-oriented fuzzer, that allows to efficiently and automatically test software components allowing to find interesting security issues. It is one of leading tools and essential component in the toolbox of security researcher and hacker (penetration tester). List of afl trophies (issues found using afl) can be read at: http://lcamtuf.coredump.cx/afl/ Participants will have possibility to learn how afl works and how to use it successfully based on real life cases - vulnerabilities found by trainers in different open source components. During the training multiple cases and tips will be presented (see detailed outline for more complete list).

Prerequisites: None

Materials: To participate in the hands-on sections, attendees need to bring a laptop with minimum 2 GB RAM which can run a virtual machine or a Docker container. Virtual machine and Docker container with all necessary tools will be provided before the workshop.

Max students: 30

Registration: -CLASS FULL- https://www.eventbrite.com/e/fuzzing-with-afl-american-fuzzy-lop-icon-b-tickets-47194653479
(Opens July 8, 2018 at 15:00 PDT)

Jakub Botwicz
Jakub works as Primary Security Engineer in Samsung Poland R&D Center leading a team of security researchers. He has more than 15 years of experience in information security and previously worked e.g. in: one of world leading payment card service providers, Big4 consulting company and vendor of network encryption devices. Jakub holds PhD degree of Warsaw University of Technology and security community certificates including: GWAPT, CISSP, ECSA. Currently he works providing security assessments (static and dynamic analysis) of different mobile and IoT components. afl helped him find numerous vulnerabilities, also in open source components.

Wojciech Rauner
Wojciech has background as a full-stack developer, currently works as a Security Engineer for Samsung Research Poland. His current area of research is IoT and mobile devices. Likes to talk about cryptography and higher level languages. Loves to take things apart, build new things (because old ones got irreversibly broken in the process) and make stuff work (again). Plays in CTF Samsung R&D PL team (crypto/net/programming).


Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Sunday - 13:00-13:59


Title:
Game Runner 2049: The Battles Fought by the King of the Replicants

Nick Cano
@nickcano93

Game Runner 2049: The Battles Fought by the King of the Replicants

"XenoBot is an engineered player, provided to cheaters for use in-game. It's enhanced reaction speed and inability to tire made it ideal for power leveling.

After a series of technological breakthroughs, it's use became ubiquitous and Tibia became a botter haven.

The collapse of fair play in the early 2000's led to the rise of DarkstaR, as his bot masked it's synthetic properties and averted detection.

Through XenoBot, DarkstaR acquired the keys to a line of botted characters that would silently obey and benefit him.

Many usurpers in-game guilds, software crackers, and DDoSers came forth. They hunted him to prove themselves.

Those he defeated still know him by the name... Game Runner

This is a talk for gamers and hackers about the battles I fought during a decade selling an MMORPG bot. I'll talk about what it was like to wield a surveillance system comprised of thousands of botted characters providing me with military-grade in-game intelligence. I'll outline the lessons I learned fighting off massive DDoS attacks on my own, including how I turned the laser on a mirror. I'll share a funny story about how serendipity convinced a forum that I had hacked them, as well as the the time I actually mass-hacked hundreds of users on a forum where child-porn was talked about with normalcy. I'll go into how CloudFlare doxxed me to that forum and how I hacked my way to the top of the situation without anyone being the wiser. After these and other tales, I hope you'll walk away from this talk laughing at my shenanigans while also having learned a few things about game development, hacking, and how to outmaneuver your opposition."


Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Sunday - 11:00-11:40


GAN to the dark side: A case study of attacking machine-learning systems to empower defenses

Li Chen

“There has been a surge of interest in using machine learning (ML) to automatically detect malware through their dynamic behaviors. These approaches indeed have achieved much higher accurate detection rate and lower false positive rate. ML in threat detection has demonstrated to be a good cop to guard platform security. However should we fully trust ML-powered security? Here, we juxtapose the resiliency and trustworthiness of ML algorithms for security, in the case study of ransomware detection. We propose RD-Fool, an AI-based system to bypass ML-based ransomware detection.

In this talk, we examine the perspectives of ML assuming the role of both a good cop and a bad cop. We first train a variety of deep learning and classical machine learning classifiers for ransomware detection using data collected from file I/O and registry events. We show the classifiers can achieve great performance in terms of classification accuracy and false positive rate for ransomware detection. Then we examine the resiliency of these classifiers using our proposed system RD-Fool. RD-Fool uses random forest and generative adversarial networks (GAN) to generate samples which can bypass the ransomware detectors. We demonstrate both exploratory and causative attacks using RD-Fool, where exploratory attack aims at bypassing the ransomware detector during inference phase, and causative attack aims at poisoning the training data to perturb the ML decision boundary.

The key advantages of RD-Fool include quick identification of the blind spots of the victim ML model and efficient generation of realistic and evasive samples. We examine the quality of the crafted sample using the perturbation distance and the Silhouette score. Our results and discoveries pose interesting and alarming issues such as how much should we trust or utilize ML for better security. “

Li Chen is a data scientist and research scientist in the Security and Privacy Lab at Intel Labs, where she focuses on developing state-of-the-art robust machine learning and deep learning algorithms for security analytics including applications in malware detection and image classification in the adversarial setting. She is also the co-primary investigator (PI) and research lead at the Intel Science & Technology Center for Adversary-Resilient Security Analytics. She designs the roadmaps with Intel and Georgia Tech PIs to jointly meet both industrial and academic research objectives. She provides research direction and in-depth technical guidance to advance the ARSA research agenda. Prior to joining Intel Labs, Li was a Data Scientist in Software and Services Group at Intel, where she focused on developing advanced and principled machine learning methods for cloud workload characterization and cloud computing performance. Li Chen received her Ph.D. degree in Applied Mathematics and Statistics from Johns Hopkins University. Her research interests primarily include machine learning, statistical pattern recognition, random graph inference, data mining, and inference for high-dimensional data. Her research has been featured in a number of pioneering scientific and engineering journals and conferences including IEEE Transactions on Pattern Analysis and Machine Intelligence, Annals of Applied Statistics, Parallel Computing, AAAI Conference on Artificial Intelligence and SPIE. She has given more than 30 technical presentations, including at the Joint Statistical Meeting (the largest statistics conference in North America), AAAI conference, International Joint Conference on Artificial Intelligence, and Spring Research Conference on Statistics and Industry Technology.


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Flamingo - 3rd floor - Track 101 Scenic BR - Friday - 20:30-23:59


Title:
GeekPwn Party

Part contest, part open discussion of security, part talent show and 100% fun! Join the folks from GEEKPWN for a evening of entertainment with a focus on information security from China. Expect contests, serious discussion, music, and an enviroment open to your ideas.

Return to Index    -    Add to    -    ics Calendar file

 

Contest - Contest Stage - Friday - 10:00-12:59


Title:
GeekPwn

Started by KEEN - and the first in 2014, GeekPwn enables security geeks around the world to exchange their thoughts and research findings. As the international intelligence security community, GeekPwn tries to create secure life with secure techniques. In GeekPwn, YOU are encouraged to exploit unknown vulnerabilities of the cyber world. And together, WE aim to help manufacturers develop their security systems and create a better world.

The most unique and extraordinary character of a GeekPwn attendee is his/her open-minding and rich variety of PWN.

Security researchers are welcomed to GeekPwn if they are able to take control or obtain data without authorization under reasonable, realistic conditions (without tampering, pre-implanted Trojans or certain pre-granted privileges), and target software and protocols of mobile phones, smart devices, Internet of Things, new I/O modules (gesture capture, VR, AR, etc.), AI-featured modules and services (robots, visual recognition and voice recognition), etc.

More Info: http://www.geekpwn.org/

Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Sunday - 10:00-10:40


Generating Labeled Data From Adversary Simulations With MITRE ATT&CK 

Brian Genz

“Attackers have a seemingly endless arsenal of tools and techniques at their disposal, while defenders must continuously strive to improve detection capabilities across the full spectrum of possible vectors. The MITRE ATT&CK Framework provides a useful collection of attacker tactics and techniques that enables a threat-focused approach to detection. 

This technical talk will highlight key lessons learned from an internal adversary simulation at a Fortune 100 company that evolved into a series of data science experiments designed to improve threat detection. ”

Brian Genz is a Security Engineer focused on threat hunting, security data science, threat intelligence, and security orchestration, automation & response. He brings experience in the defense intelligence, manufacturing, and financial sectors in the areas of incident response, digital forensics, vulnerability management, and security architecture consulting. He has presented at Derby Con, Circle City Con, CypherCon, the ISSA International Conference, ISACA, InfraGard, and other venues. Brian also serves as adjunct faculty in the information security program at Milwaukee Area Technical College.


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Sunday - 10:30-11:00


Title:
Geolocation and Homomorphic Encryption

10:30am

Geolocation and Homomorphic Encryption
When
Sun, August 12, 10:30am 11:00am
Description
Speaker
------
Nicholas Doiron

Abstract
--------
How often are apps asking for your location? Lat/lng coordinates reveal a lot about you, but we share them every day with web services to look up our location and find nearby businesses.

What if it were possible to encrypt the coordinates which we were searching, and a web service could find results for us anyway? This talk shows sample code of homomorphic encryption being used in geo/location searches (Paillier cryptosystem, JavaScript and Python), and potential futures for private geodata.

Bio
-----------------
Nick is a web developer and mapmaker currently at McKinsey & Company's New York City office. Previously he worked at One Laptop per Child, Code for America, and the Museum of Modern Art.

Twitter handle of presenter(s)
------------------------------
@mapmeld

Website of presenter(s) or content
----------------------------------
https://github.com/georeactor/crypto-geofence

Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Sunday - 13:00-12:59


Title: Getting Skin in the Game: Biohacking & Business

Speaker: Cyberlass
About Cyberlass:
As an IT professional and biohacker Amanda Plimpton is delighted by the surge of citizen scientists who are driven to investigate, experiment and seek answers. She is interested in how the biohacking/body augmenting community can help its growing pool of talented, passionate individuals contribute to their fields from the commercial, academic or non-profit sectors. As Chief Operating Officer at Livestock Labs she is helping build a company that showcases one way biohackers can enter commercial spaces. Hoping to bring back lessons learned, she wants to keep helping grow a community that supports each other and promotes successes.
Abstract:
Let’s talk biohacking, technology and business. We are a community that is innovating and creating — mostly in non-profit and academic spaces. As we have grown so have the business opportunities, sometimes in unexpected places. My company, Livestock Labs, is bringing its biometric implant to market — in cows first. Started by grinders, the company is proving what we all know — that when we get funding and dedicated time our projects take off. This session tries to shed some light on learning to business as a biohacker and encourages other body augmenters and diyBio folks to take the leap and see what amazing things they can accomplish.

Return to Index    -    Add to    -    ics Calendar file

 

HHV - Caesars Pool Level - Forum 17-21 - Friday - 14:00-17:59


Chris Gammell

Abstract

This is an in-person, hands-on version of “Getting To Blinky”, an online course series that has taught thousands to use the free and open source electronics CAD program, KiCad. This would be a “DEFCON badge” version of that course which showcases how to add a blinking circuit, get acquainted with the tool and also add customizable artwork to a Printed Circuit Board (PCB). By the end, attendees will be able to actually order a low cost PCB from online sources.

What to Bring

Please come to this session with a computer with KiCad set up and running. Course is aimed at KiCad 4.0.7, slightly earlier is fine but 5.0.0 is not advised. Install assistance can be given during the beginning of the presentation if needed.

Max size: 24, first come first serve basis.

Bio

Chris Gammell is the host of The Amp Hour Electronics podcast and the owner of Contextual Electronics, an online apprenticeship program. He has been teaching people to design and build electronics online for 8 years, including 5 as an online instructor. His interests are in hands on education and making the electronics learning process easier. He also focuses on low cost and no cost tools, like the open source CAD program KiCad. Prior to teaching online, Chris was an electronics designer for 15 years in various industrial settings.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Friday - 14:00-14:45


GOD MODE UNLOCKED: Hardware Backdoors in [redacted] x86 CPUs

Friday at 14:00 in Track 1
45 minutes | Demo, Tool, Exploit

Christopher Domas

Complexity is increasing. Trust eroding. In the wake of Spectre and Meltdown, when it seems that things cannot get any darker for processor security, the last light goes out. This talk will demonstrate what everyone has long feared but never proven: there are hardware backdoors in some x86 processors, and they're buried deeper than we ever imagined possible. While this research specifically examines a third-party processor, we use this as a stepping stone to explore the feasibility of more widespread hardware backdoors.

Christopher Domas
Christopher Domas is a security researcher and embedded systems engineer, currently investigating scalable IoT security. He is best known for releasing impractical solutions to non-existent problems, including the world's first single instruction C compiler (M/o/Vfuscator), toolchains for generating images in program control flow graphs (REpsych), showing that all programs can be reduced to the same instruction stream (reductio), and the branchless DOOM meltdown mitigations. His more relevant work includes the sandsifter processor fuzzer, the binary visualization tool ..cantor.dust.., and the memory sinkhole x86 privilege escalation exploit.

@xoreaxeaxeax


Return to Index    -    Add to    -    ics Calendar file

 

WLV - Caesars Promenade Level - Milano BR 5,6 - Friday - 11:00-11:55


Travis Goodspeed

Bio

The REAL Travis Goodspeed

@travisgoodspeed

Goodwatch Update

Abstract

Goodwatch


Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Saturday - 15:00-15:59


Grand Theft Auto: Digital Key Hacking

Huajiang "Kevin2600" Chen, Security Research at Ingeek
Jin Yang, Independent Security Researcher

The security of automobiles accesses control system is a topic often discussed. Today's vehicles rely on key-fob control modules, to ensure the vehicle is accessible to authorized users only. While most traditional automobile key-fob systems have been shown to be insecure in the past, here comes a game changer. Instead of the regular key-fob system, some car owners will be able to access their vehicle by having their smartphone authenticates as a digital car key.In this talk, we will reveal the research and attacks for one of digital car keys system in the current market. By investigating how these features work, and how to exploit it through different possibles of attack vectors, we will demonstrate the security limitations of such system. By the end of this talk, the attendees will not only understand how to exploit these systems also which tools can be used to achieve our goals.

Huajiang "Kevin2600" Chen (Twitter: @kevin2600) is a security researcher at Ingeek. And a member of Team-Trinity. The Team-Trinity is a Non-profit group of security researchers, mainly focus on wireless and embedded systems vulnerability research. Team members have worked extensively with binary reverse engineering, mobile security, and hardware security. Kevin2600 has spoken at various conferences including XCON, KCON, OZSecCon, BSides, and Alibaba-Cloud-Zcon.

Jin Yang is a member of Team-Trinity. The Team-Trinity is a Non-profit group of security researchers, mainly focus on wireless and embedded systems vulnerability research. He work in network security industry for over 10 years and focus on the Automated Virus Analysis, IoT Security, Threat Intelligence and Rootkits. Jin has spoken at XCon; AVAR and KCon.


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Saturday - 11:30-12:00


Title:
Green Locks for You and Me

11:30am

Green Locks for You and Me
When
Sat, August 11, 11:30am 12:00pm
Description



Speaker
------
Wendy Knox Everette

Abstract
--------
How do you give your personal domain a green "Secure" lock? Can you prevent your domain from being used for spam and phishing emails?

This talk is a little different from most "crypto" talks - it's not about how some neat new encryption algorithm works, or writing code. Instead, it's about how to use the awesome crypto tools already available to make your online presence more secure. This talk came out of my frustration with tutorials online for setting up my personal website domain with TLS and my email domain with DMARC/DKIM/SPF. We'll walk through how to use free services to serve a website over TLS and how to configure a personal email domain to block it from being used to send spam and phishing emails.

Bio
-----------------
Wendy Knox Everette (@wendyck) is a hacker lawyer who began her career as a software developer, before going to law school, where she focused on national security law and computer security issues. Currently she lives in Washington State where she advises companies on risk and security regulations. She created and hosted the first student webserver to host personal homepages at her undergrad in 1995, and registered her personal domain in 2000, but only recently got it moved to TLS.

Twitter handle of presenter(s)
------------------------------
@wendyck

Website of presenter(s) or content
----------------------------------
https://www.wendyk.org

Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 12:00-13:50


GreyNoise

Saturday 08/11/18 from 1200-1350 at Table Three
Defenders, blue teamers, SOC and network analysts

Andrew Morris

GreyNoise is a system that collects all of the background noise of the Internet. Using a large network of geographically and logically dispersed passive collector nodes, GreyNoise collects, labels, and analyzes all of the omnidirectional, indiscriminate Internet-wide scan and attack traffic. GreyNoise data can be used to filter pointless alerts in the SOC, identify compromised devices, pinpoint targeted reconnaissance, track emerging threats, and quantify vulnerability weaponization timelines.

https://greynoise.io/

Andrew Morris
Andrew Morris is the founder of GreyNoise Intelligence, a DC-based cyber security company, and likely holds the world record for amount of time spent staring at Internet-wide scan traffic. Prior to founding GreyNoise, Andrew worked as a researcher, red team operator, and consultant for several large cyber security firms including Endgame, NCC group, and KCG. Outside of work, Andrew enjoys playing fingerstyle acoustic guitar and tries to figure out what his dreams mean.


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - Sunday - 12:00-13:50


GUI Tool for OpenC2 Command Generation

Sunday 08/12/18 from 1200-1350 at Table Six
Defense

Efrain Ortiz

The tool is a stand alone web self service application that graphically represents all the evolving OpenC2 commands to allow OpenC2 application developers to click and generate OpenC2 commands. The tool makes it extremely easy for even beginners to work on the creation of OpenC2 commands. The tool provides the OpenC2 command output in JSON and in curl, nodejs and python code to be easily integrate into Incident Response or Orchestration platforms.

https://github.com/netcoredor/openc2-cmdgen

Efrain Ortiz
Efrain is a Director in the Office of the CTO at Symantec Corporation. Prior to his Director role, he worked 15 years as a field pre-sales systems engineer. Efrain started his digital life on a TRS-80 Color Computer II in the 1980s. Previous to his 15 years at Symantec, he worked in various roles, from pen testing to network and systems administration. His current favorite project is working on the OpenC2 language specification.


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon A - Thursday - 10:00-13:59


Guided Tour to IEEE 802.15.4 and BLE Exploitation

Thursday, 1000-1400 in Icon A

Arun Mane Principle Researcher, SecureLayer7

Rushikesh D. Nandedkar Security Analyst

The workshop aims at delivering hands on experience to pentest 802.15.4 and BLE commercial devices. By design and purpose, IoT was meant to serve the whims of human, taking human laziness to next level. Hence in this due effort, there was least || no attention paid towards the state of security of IoT. However, this doesn't mean, the motives of users are deterred to use insecure IoT devices/setups.

Due to high demand for automation in M2M communication, the IoT concept took a position in the industrial sector for better and fast work ignoring security aspect. Absence of this aspect in the production is making all IoT communications and wireless communications vulnerable largely.

On the other hand, BLE devices have been used everywhere. They are being used in home automation, healthcare, SensorTags and Bluetooth Password Manager etc. As a matter of fact, these BLE devices are equally vulnerable as that of IEEE 802.15.4 based devices. The impact is huge as these technologies are used in industrial applications like water dams and other ICS systems.

Prebuilt VM with lab manuals will be provided to attendees. The workshop is structured for beginner to intermediate level attendees who do not have any experience in IoT wireless communication.

Prerequisites:
1. Basic knowledge of web and mobile security
2. Basic knowledge of Linux OS
3. Basic knowledge of programming (C, python) would be a plus

Materials:
1. Laptop with at least 50 GB free space
2. 8+ GB minimum RAM (4+GB for the VM)
3. External USB access
4. Administrative privileges on the system
5. Virtualization software - VirtualBox 5.X (including Virtualbox extension pack)/VMware player/VMware workstation/VMware Fusion
6. Linux machines should have exfat-utils and exfat-fuse installed (ex: sudo apt-get install exfat-utils exfat-fuse).
7. Virtualization (Vx-t) option enabled in the BIOS settings for virtualbox to work
8. Latest OS on the host machines (For ex. Windows 7 is known to cause issues)

Max students: 24

Registration: -CLASS FULL- https://www.eventbrite.com/e/guided-tour-to-ieee-802154-and-ble-exploitation-icon-a-tickets-47085983444
(Opens July 8, 2018 at 15:00 PDT)

Arun Mane
Arun: is a Hardware, IOT and ICS Security Researcher. His areas of interest are Hardware Security, SCADA, Fault Injection, RF protocols and Firmware Reverse Engineering. He also has experience in performing Security Audits for both Government and private clients. He has presented a talk at the nullcon 2016,2017,2018 Goa, GNUnify 2017, Defcamp 2017,BsidesDelhi 2017, c0c0n x 2017,EFY 2018,X33fcon2018 Also Trainer for Practical Industrial Control Systems (ICS) hacking training, delivered in X33fcon2018 and was co-Trainer for Practical IoT hacking which was delivered in HITB 2017, HIP 2017, BlackHat Asia 2018 and private clients in London, Australia, Sweden, Netherlands etc. He is an active member of null - The open Security community and G4H community.

Rushikesh D. Nandedkar
Rushikesh: is a security analyst. Having more than six years of experience under his belt, his assignments have always been pointed towards reducing the state of insecurity for information. His research papers were accepted at NCACNS 2013, nullcon 2014, HITCON 2014, Defcamp 2014, BruCON 2015, DEFCON 24, BruCON 2016, x33fcon 2017, c0c0n-x 2017, BruCON 2017, BSides Delhi 2017, nullcon 2018, HITB Amsterdam 2018 and x33fcon 2018, as well he is a co-author of an intelligent evil twin tool "DECEPTICON". Being an avid CTF player, for him solace is messing up with packets, frames and shell codes.


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - Sunday - 10:00-11:50


GyoiThon

Sunday 08/12/18 from 1000-1150 at Table Two
Offense

Isao Takaesu

Masuya Masafumi

Toshitsugu Yoneyama,

GyoiThon is a fully automated penetration testing tool against web server. GyoiThon nondestructively identifies the software installed on web server (OS, Middleware, Framework, CMS, etc...) using multiple methods such as machine learning, Google Hacking, pattern matching. After that, GyoiThon executes valid exploits for the identified software. Finally, GyoiThon generates report of scan results. GyoiThon executes the above processing fully automatically.

GyoiThon consists of three engines:

Traditional penetration testing tools are very inefficient because they execute all signatures. On the other hand, GyoiThon is very efficient because it executes only valid exploits for the identified software. As a result, the user's burden will be greatly reduce, and GyoiThon will greatly contribute to the security improvement of many web servers.

https://github.com/gyoisamurai/GyoiThon

Isao Takaesu
Isao Takaesu is working in Mitsui Bussan Secure Directions, Inc. as security engineer and researcher. In the past, he found out numerous vulnerabilities in server of client and he proposed countermeasures to client. He thinks that there's more and want to efficiently find out vulnerabilities. Therefore, He's focusing on artificial intelligence technology and developing fully automated penetration testing tool using machine learning.

Masuya Masafumi
Masafumi Masuya is a security engineer on the Mitsui Bussan Secure Directions, Inc. He loves network security assessment, so he found many vulnerabilities in various servers of enterprises. He is always thinking about a method to efficiently perform network security assessment, even while sleeping. He especially loves cURL and Japanese word 'Gyoi'. "Gyoi" means that there is nothing you cannot do!

Toshitsugu Yoneyama
Toshitsugu Yoneyama is a Security Researcher and Manager on the Mitsui Bussan Secure Directions, Inc. He has reported several vulnerabilities in Juniper, Nessus, Amazon, Apache and various routers. He participated alone in Hack2win which is a hacking competition in CodeBlue 2017, and he pwned several devices by remote attack and get the 3rd prize.


Return to Index    -    Add to    -    ics Calendar file

 

EHV - Caesars Promenade Level - Modena Rm - Saturday - 15:00-15:59


Title: Hack Back: Not An Option, But A Necessity? (A Mini-Workshop)

Speakers: David Scott Lewis

Description:

David Scott Lewis
“They don’t fear us.” This was General Nakasone’s response to Senator Sullivan’s remark that “we’re the world’s cyber punching bag” during Mr. Nakasone's confirmation hearings as NSA Director and USCYBERCOM Commander. This talk will present hack back as a form of offensive cyber going beyond active defense, persistent engagement, and the cyber kill chain, yet consistent with proposed legislation, and will put forth the claim that nextgen hack back will evolve into a hyperwar battlespace deterrent.
Concerns such as attribution and escalation will be addressed, as will the potential role of AI, cybernetics, and quantum computing. A working framework for hack back will be presented – HBaaS/ADaaS (Hack Back-as-a-Service/Active Defense-as-a-Service), as will reasons why culture must play a key role in developing policy options.
For illustrative purposes, China and Chinese culture will be examined in depth. This examination will begin with a look at China’s Mearsheimerian foreign relations practices, and will then review how Chinese culture and cultural norms should guide U.S. hack back policies specific to China.




Return to Index    -    Add to    -    ics Calendar file

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Friday - 14:00-15:59


Title: Hack On The BitBox Hardware Wallet

Speakers: Stephanie Stroka and Marko Bencun

Description:
No description available



Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Sunday - 12:25-12:40


Hackathon and CTF Prizes, and a Group Photo

No description available


Return to Index    -    Add to    -    ics Calendar file

 

Meetup - Flamingo - 3rd floor - Chillout Rm - Saturday - 20:30-23:59


Title:
Hacker Flairgrounds

This is the Meetup destination for badge collectors, designers, and prototypers that you have been waiting for! A social environment to show off you custom badges, discuss projects to make you own badges and to talk to collectors who cherish your work. Flashing LEDs, crafting time, trading, and the celebration of badge craft all in one.

Return to Index    -    Add to    -    ics Calendar file

 

Contest - Caesars - Track 3 - Pool Level - Forum BR 1-11,25 - Friday - 20:00-21:59


Title:
Hacker Jeopardy

Hacker Jeopardy is back for its 24th unbelievable year! Three teams of three battle each round to face last year's champion in the final. 100 points for every beer consumed makes the answers, well, less predictable as the game goes on. Antics, swag, and audience participation -- how can you go wrong? WARNING: 18+ only due to adult language and innuendo. We're offended if you're not offended.

More Info: http://www.hackerjeopardy.org

Return to Index    -    Add to    -    ics Calendar file

 

Contest - Caesars - Track 3 - Pool Level - Forum BR 1-11,25 - Saturday - 20:00-21:59


Title:
Hacker Jeopardy

Hacker Jeopardy is back for its 24th unbelievable year! Three teams of three battle each round to face last year's champion in the final. 100 points for every beer consumed makes the answers, well, less predictable as the game goes on. Antics, swag, and audience participation -- how can you go wrong? WARNING: 18+ only due to adult language and innuendo. We're offended if you're not offended.

More Info: http://www.hackerjeopardy.org

Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Caesars - Emperors Level - Chillout Rm - Friday - 20:00-25:59


Title:
Hacker Karaoke

Do you like to sing? Do you want to perform? Ever wanted to sing in front of others? Come on down to the 10th Annual Hacker Karaoke, DEFCON's on-site karaoke experience. You can be a star, or if you don't want to be a star, you can also take pride in making an utter fool of yourself.

More Info: https://hackerkaraoke.org/   @HackerKaraoke

Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Caesars - Emperors Level - Chillout Rm - Saturday - 20:00-25:59


Title:
Hacker Karaoke

Do you like to sing? Do you want to perform? Ever wanted to sing in front of others? Come on down to the 10th Annual Hacker Karaoke, DEFCON's on-site karaoke experience. You can be a star, or if you don't want to be a star, you can also take pride in making an utter fool of yourself.

More Info: https://hackerkaraoke.org/   @HackerKaraoke

Return to Index    -    Add to    -    ics Calendar file

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Friday - 17:00-17:59


Title: Hacking a Crypto Payment Gateway

Speakers: Devin "Bearded Warrior" Pearson and Felix "Crypto_Cat" Honigwachs

Description:
No description available



Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Sunday - 14:00-14:45


Hacking BLE Bicycle Locks for Fun and a Small Profit

Sunday at 14:00 in Track 2
45 minutes | Demo, Tool

Vincent Tan Senior Security Consultant, MWR InfoSecurity

Hack a lock and get free rides! (No free beer yet though...). This talk will explore the ever growing ride sharing economy and look at how the BLE "Smart" locks on shared bicycles work. The entire solution will be deconstructed and examined, from the mobile application to its supporting web services and finally communications with the lock. We will look at how to go about analysing communications between a mobile device and the lock, what works, what doesn't.

Previous talks on attacking BLE targeted the protocol itself using various hardware and software such as Ubertooth and Wireshark, which could be potentially difficult for someone new wanting to explore BLE and the ever connected IoT world. I'll simplify and stupidify the entire process such that anyone with a mobile phone and basic experience with Frida can go about breaking locks and hacking BLE the world over.

Vincent Tan
Vincent is a Senior Security Consultant at MWR Labs (the forefront of innovation and research in cyber security). He has a passion for all things"mobile" and anything"wireless". Vincent spends most of his free time focused on reverse engineering esoteric protocols, mobile devices and all things IOT to make the real(cyber)world a better and (where possible) a safer place to be for all. (All this while trying to survive by getting free rides.) Singaporean by birth, Vincent defies the local stereotype of accepting "cannot" for an answer and lives in a world of only pure possibility.


Return to Index    -    Add to    -    ics Calendar file

 

Meetup - Caesars - Promenade Level - Anzio Rm past Registration - Thursday - 17:00-17:59


Title:
Hacking for Special Needs

A Meetup for parents of children and individuals with special needs within the DEF CON community. The meeting is not only social but also a exchange of information and helpful tips to help improve the lives of families and individuals and to celebrate their place in the DEF CON community.

Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Saturday - 16:15-16:59


Title: Hacking Human Fetuses

Speaker: Erin Hefley
@erintoxicating
About Erin:
Erin Hefley is a resident physician in her final year of training with the Phoenix Integrated Residency in Obstetrics & Gynecology. She has a background in public health and women's health, and obtained a Master of Public Health degree from the University of Northern Colorado prior to attending medical school at the University of Arizona - Phoenix. This is her 6th Defcon attendance over the past decade, and she is thrilled to have witnessed the development and expansion of the Biohacking Village. Her current interests include reproductive health technology, women's health policy, running, and vampire erotica
Abstract:
"As prenatal testing and ultrasound technology have greatly improved, so has our ability to diagnose birth defects and genetic diseases earlier and earlier in pregnancy. Until recently, our only available options were to offer pregnancy termination or wait to see if the baby survived long enough to be treated after birth. But what if we had the capability to intervene before those genetic mutations had a chance to cause their harmful effects, sparing parents from the agony of uncertain pregnancy outcomes and saving children from debilitating diseases? In last year’s “Designer Babies: Hacking Human Embryos” we discussed pre-implantation genetic testing and embryo modification as a means to identify and treat heritable diseases, by correcting harmful gene mutations before a pregnancy even begins. Since then, exciting new research has shown that even after a pregnancy is under way, opportunities still exist for hacking the biological machinery of the fetus to alter its developmental course.This talk will review new and rapidly evolving strategies to treat genetic disease in utero – while the baby is still in the womb - by hijacking the embryologic mechanisms responsible for fetal growth and development.
Examples include:
- injection of a critical protein into the amniotic fluid surrounding babies with X-linked hypohydrotic ectodermal dysplasia, a genetic condition causing a lack of sweat glands and the life-threatening inability to regulate temperature
- transfusion of mesenchymal stem cells into the fetal umbilical cord to treat osteogenesis imperfecta or “brittle bone disease”
- in utero blood and bone marrow transplant to treat the fatal hemoglobin disorder alpha-thalessemia major
- correcting deformities such as cleft lip and palate by triggering cell signaling pathways ""knocked out"" by genetic mutation "

Return to Index    -    Add to    -    ics Calendar file

 

PPV - Flamingo Lower Level - Valley Of Fire Rms - Saturday - 14:00-14:59


Title:
Hacking Phenotypic Pathways In Cannabis

Notes from a Cannabis breeder
Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Saturday - 11:00-11:45


Hacking PLCs and Causing Havoc on Critical Infrastructures

Saturday at 11:00 in 101 Track, Flamingo
45 minutes | Demo, Exploit

Thiago Alves Ph.D. Student and Graduate Research Assistant at the University of Alabama in Huntsville

Programmable Logic Controllers (PLCs) are devices used on a variety of industrial plants, from small factories to critical infrastructures like nuclear power plants, dams and wastewater systems. Although PLCs were made robust to sustain tough environments, little care was taken to raise defenses against potential cyber threats. As a consequence, threats started pouring in and causing havoc. During this presentation I will talk about the architecture of a PLC and how it can be p0wned. There will be some live demonstration attacks against 3 different brands of PLCs (if the demo demons allow it, if not I will just show a video). Additionally, I will demonstrate two vulnerabilities I recently discovered, affecting the Rockwell MicroLogix 1400 series and the Schneider Modicon M221 controllers.

Thiago Alves
Thiago Alves received his B.S. degree in electrical engineering from the"Pontifícia Universidade Católica" (PUC) in 2013. In 2014 he created OpenPLC, the world's first open source industrial controller. OpenPLC is being used as a valuable tool for control system research and education. The OpenPLC project has contributions from several universities and private companies, such as Johns Hopkins and FreeWave Technologies. In 2017 Thiago won first place in CSAW, the world's largest student-run cybersecurity competition, with his innovative embedded security solution for OpenPLC. Currently Thiago is a Ph.D. student at the University of Alabama in Huntsville. His research interests include cybersecurity for SCADA systems, industrial controllers and embedded systems.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Friday - 13:30-13:50


Hacking the Brain: Customize Evil Protocol to Pwn an SDN Controller

Friday at 13:30 in Track 2
20 minutes | Demo, Exploit

Feng Xiao Hacker

Jianwei Huang Hacker

Peng LiuRaymond G. Tronzo, M.D. Professor of Cybersecurity

Software-Defined Networking (SDN) is now widely deployed in production environments with an ever-growing community. Though SDN's software-based architecture enables network programmability, it also introduces dangerous code vulnerabilities into SDN controllers. However, the decoupled SDN control plane and data plane only communicate with each other with pre-defined protocol interactions, which largely increases the difficulty of exploiting such security weaknesses from the data plane.

In this talk, we extend the attack surface and introduce Custom Attack, a novel attack against SDN controllers that leverages legitimate SDN protocol messages (i.e., the custom protocol field) to facilitate Java code vulnerability exploitation. Our research shows that it was possible for a weak adversary to execute arbitrary command or manipulate data in the SDN controller without accessing the SDN controller or any applications, but only controlling a host or a switch.

To the best of our knowledge, Custom Attack is the first attack that can remotely compromise SDN software stack to simultaneously cause multiple kinds of attack effects in SDN controllers. Till now we have tested 5 most popular SDN controllers and their applications and found all of them are vulnerable to Custom Attack in some degree. 14 serious vulnerabilities are discovered, all of which can be exploited remotely to launch advanced attacks against controllers (e.g., executing arbitrary commands, exfiltrating confidential files, crashing SDN service, etc.).

This presentation will include:

Feng Xiao
Feng Xiao will be a Ph.D. student at The Pennsylvania State University soon. He enjoys hacking all kinds of systems as well as finding vulnerabilities. He received his B.S. in Computer Science from Wuhan University in 2018.

He has published three papers (including posters) in well-known security conferences like CCS, MobiCom, ICICS etc. He was also the recipient of First Prize in 2016 China Undergraduate Security Contest, First Prize of 2015 BCTF, and Third Prize of 2015 0CTF.

http://fxiao.me

Jianwei Huang
Jianwei Huang is a researcher at Wuhan University. He is interested in finding and solving security related problems.

Peng Liu
Dr. Liu is a professor at The Pennsylvania State University. His research interests are in computer security. He has published a monograph and over 270 refereed technical papers.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Friday - 16:15-16:45


Hacking the international RFQ Process #killthebuzzwords - Dino Covotsos

Thanks to the “boom” in the information security industry combined with the latest buzzwords, more and more large corporate companies are looking for the latest “next gen” anti-haxor services and technologies. In doing so they often go out publicly on tender and / or issue an RFP/RFQ in order to obtain the best possible solution to meet their requirements and budget (usually cost wins).

Due to this and a lack of maturity in the field, companies issue public RFQs / RFPs that contain classified and confidential / secret information such as network diagrams, architectural designs, software versions etc. This type of information would usually require that an attacker spend an extensive amount of time performing enumeration and / or gaining access to the internal network first and taking a significant amount of time to learn about that environment. Targeting the procurement process of an organisation exposes a largely unexplored attack surface.

This new research and presentation aims to demystify the above and give practical examples of large international organisations, which unfortunately fail at the RFP/RFQ process badly. This opens a “free and easy” attack vector for attackers to exploit without even conducting extensive enumeration and fingerprinting, or anything close to intrusive attacks. As a result, an attacker often has access to an extensive amount confidential information about the organisation, which could be utilised to launch more targeted attacks. Depending on the type of information gathered, such attacks, could be likened to an attacker that has insider knowledge.

I will also be demonstrating, via real world examples, the dangers of going out blindly and looking for specific services and products in the information security industry, with real life networks being shown on stage.

A short breakdown of what will be presented is as follows:


Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Saturday - 14:00-14:59


Title:
Hacking the Technical Interview

Marcelle & Kelley
@marcelle_fsg & @ccsleuth

Hacking the Technical Interview

"Marcelle and Kelley will provide tips to the audience on how to survive a technical interview and possibly even shine in one! We are not recruiters or HR professionals. We have, however, a LOT of experience as interviewees and have developed some strategies that wed like to share. Our industry experience lies in various technical arenas, including public sector, private sector, and law enforcement. Topics will include the not-so-subtle art of salary negotiation, how to best prepare for questions (TCP 3-way handshake, anyone?), recognizing the roles of different interviewers, and how to keep your cool. We are also not attorneys, but will touch on illegal interview questions and how to handle them, as well as new laws about salary history. Also featured will be tales from the trenches, hopefully amusing and/or illuminating. Time permitting, we will cover some resume best practices."


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon A - Friday - 14:30-18:30


Hacking Thingz Powered By Machine Learning

Friday, 1430-1830 in Icon A

Clarence Chio Security Researcher

Anto Joseph Security Engineer, Tindr

"HACKING THINGZ POWERED BY MACHINE LEARNING" is a hands-on workshop that gives attendees a crash course in performing practical adversarial attacks on modern technology powered by machine learning. This will NOT be an intro to ML class - do that on your own time online before or after the class - deep ML knowledge is definitely *not* required. We will perform mischief on ML systems that most tech-savvy people interact with on a daily basis: face recognition, (smartphone authentication) speech recognition, (home assistants) and web application firewalls (need we say more?) ;) We won't just be explaining the theory and tomfoolery behind these attacks - we'll walk you through each step of each attack and show you how *absolutely anyone* can hack systems like these with just a little bit* of background in ML hacking.

* This is an intermediate technical class suitable for attendees with some ability to read and write basic Python code. To get the most out of this workshop, surface-level understanding of machine learning is good. (i.e. be able to give a one-line answer to the question "What is machine learning?")

Prerequisites: Basic familiarity with Linux Python scripting knowledge is a plus, but not essential

Materials:
No fee required
Latest version of virtualbox Installed
Administrative access on your laptop with external USB allowed
At least 20 GB free hard disk space
At least 4 GB RAM (the more the merrier)

Max students: 24

Registration: -CLASS FULL- https://www.eventbrite.com/e/hacking-thingz-powered-by-machine-learning-icon-a-tickets-47194541143
(Opens July 8, 2018 at 15:00 PDT)

Clarence Chio
Clarence Chio has shared his research on ML and security at hacking events around the world. He has taught dozens of training classes and workshops to conference attendees and security teams at large tech companies. He wrote the new O'Reilly Book "Machine Learning & Security: Protecting Systems with Data and Algorithms", and organizes the AI Village at DEF CON. Clarence has a B.S. and M.S. in Computer Science from Stanford, specializing in data mining and artificial intelligence.

Anto Joseph
Anto Joseph is a Security Engineer for Tinder. He is involved in developing and advocating security in Machine Learning Systems & Application Security Research. Previously, he has worked at Intel, Citrix, and E&Y in multiple information security roles. He is very passionate about exploring new ideas in these areas and has been a presenter and trainer at various security conferences including BH USA, Defcon, BruCon, HackInParis, HITB Amsterdam, HackLu, Hacktivity, PHdays, X33fCon, NullCon, c0c0n and more. He is an active contributor to many open-source projects and some of his work is available at https://github.com/antojoseph.


Return to Index    -    Add to    -    ics Calendar file

 

IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - Saturday - 16:45-17:30



Return to Index    -    Add to    -    ics Calendar file

 

BTV - Flamingo 3rd Flr- Savoy Rm - Friday - 13:40-14:30


Hacking Your Dev Job to Save the World - Where Programming and Hacking Meet

Friday at 13:40-14:30
50 minutes

@jtpereyda

Have you wondered whether developers can play any significant role in the security world? Come hear from a diehard programmer and hacker who loves to break and loves to build, and learn how a regular programmer can make major contributions to security from the trenches. This presentation will dive into the intersection between development and security. You will learn about the SDL -- Secure Development Lifecycle, and why in the world a hacker would care about processes and procedures. You will learn how "processes" and "lifecycles" can be useful -- and how they can be a complete waste of time. Included are real world success stories of organizational hacking -- getting other engineers to change their practices -- and real world fail stories. Attendees will come away with knowledge of how development and security intersect, and how they can use their programming day job to save the world. If you are a developer who cares deeply about security, enjoys exploits, and wants to make the world a better place, this is for you.

@jtpereyda
Joshua is a software engineer specializing in information and network security. He has worked in the critical infrastructure and cloud computing industries with employers heavily invested in software and hardware security. While he currently hunts vulnerabilities full time, his roles have evolved from programmer to hacker to organizational hacker to regular hacker again. Not only has Joshua found vulnerabilities in safety critical software, he has started long term security programs, changing the way an entire business works. Joshua has written software, hacked software, and hacked companies. In his free time, Joshua enjoys improving open source software, teaching kids to program, attending orchestral concerts with his wife, and figuring out how he can get paid to do it all... legally.


Return to Index    -    Add to    -    ics Calendar file

 

HHV - Caesars Pool Level - Forum 17-21 - Saturday - 10:00-10:40


Hacking your HackRF

Mike Davis

Abstract

The HackRF isn’t just an SDR - it’s an open-source, open-hardware device that’s designed to be modified. In this talk I walk through the basics of how to open and modify the hardware and software. I also show all the mods and hacks I’ve done to/with my HackRFs, including physical synchronisation between HackRFs, quadcopter transmitter adaptation, audio encoding/decoding, quadcopter vtx and a future project to add USB3

Bio

Software/hardware developer, currently studying an MSc Computer Science (infosec), not yet a cyborg


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 10:00-11:50


Halcyon IDE

Saturday 08/11/18 from 1000-1150 at Table Six
Offense, Defense, AppSec, Network Security, Nmap Scanners & Developers

Sanoop Thomas

Halcyon IDE lets you quickly and easily develop Nmap scripts for performing advanced scans on applications and infrastructures with a wide range capabilities from recon to exploitation. It is the first IDE released exclusively for Nmap script development. Halcyon IDE is free and open source project (always will be) released under MIT license to provide an easier development interface for rapidly growing information security community around the world. The project was initially started as an evening free time "coffee shop" project and has taken a serious step for its developer/contributors to spend dedicated time for its improvements very actively. More information and source code: https://halcyon-ide.org

https://halcyon-ide.org

Sanoop Thomas
Sanoop Thomas (@s4n7h0) is a seasoned security professional with diverse background in consulting, teaching, research and product-based industries with a passion to solve complex security problems. Today, Sanoop works as information security specialist focusing on application security and secure coding. His field of interest includes reverse engineering, malware analysis, application security and automating security pentest/analysis methodologies. He is moderating null open community chapter in Singapore and organised over 60 events & workshops to spread security awareness across country. Sanoop is also the author of Halcyon IDE (https://halcyon-ide.org) an IDE that is focused to develop Nmap scripts. He has spoken at security conferences like Nullcon, OWASP India, HITBGSEC, Rootcon, and Blackhat Arsenal.


Return to Index    -    Add to    -    ics Calendar file

 

Service - Caesars - Promenade Level - Anzio Rm past Registration - Friday - 10:00-15:59


Title:
Ham Radio Exams

Take HAM Radio Exams at DEF CON 26!
Return to Index    -    Add to    -    ics Calendar file

 

Service - Caesars - Promenade Level - Anzio Rm past Registration - Saturday - 12:00-17:59


Title:
Ham Radio Exams

Take HAM Radio Exams at DEF CON 26!
Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Friday - 11:00-12:00


Title:
Hamilton's Private Key: American Exceptionalism and the Right to Anonymity

11:00am

Hamilton's Private Key: American Exceptionalism and the Right to Anonymity
When
Fri, August 10, 11am 12pm
Description
Speaker
------
Jeff Kosseff

Abstract
--------
In the Sixteenth Century, English Puritan preacher John Udal published a series of pamphlets criticizing the Anglican Church. He signed the pamphlets under a pseudonym, Martin Marprelate. The Bishops soon determined his identity, and Udal was sent to prison, where he died. Such prosecutions for political views were common throughout in England throughout the Sixteenth, Seventeenth, and Eighteenth centuries.

So it was not surprising that once the British colonies in America had achieved independence and were determining the future of their government, much of the debate occurred without real names. When Alexander Hamilton, James Madison, and John Jay published the Federalist Papers, they did so under a single pseudonym, Publius.

Although the First Amendment does not explicitly require anonymity, U.S. courts repeatedly have held that that its free speech protections guarantee a strong (but not absolute) right to speak anonymously. In 1960, the Supreme Court struck down a Los Angeles ordinance that prohibited the distribution of anonymous handbills, and it invalidated a similar Ohio law in 1995. Since the mid 90s, state and federal courts have relied on this right to anonymity in rejecting defamation plaintiffs attempts to use the court discovery process to unmask the identities of anonymous Internet posters. Although the United States is not the only nation to protect anonymity, its anonymity protections are among the strongest in the world, and have helped establish the robust online debate that we know today.

Legal and policy debates surrounding encryption often focus on privacy rights and the Fourth Amendment. While these discussions are vital, that they too often overlook the free speech-based anonymity rights that have been fundamental to the United States since its founding. In this presentation, I present the research conducted to date for my book-in-progress, United States of Anonymity, tracing the history of this First Amendment-based right to speak anonymously. I explain how this strong history of ensuring the right to speak anonymously applies to the current encryption debates, as well as the distinct but related issue of anonymity tools such as Tor. I argue that encryption and anonymity are essential for Twenty-First Century free speech, and explain how the legal protection of pamphleteers extends to encryption and anonymity.

To be sure, some efforts to weaken encryption may not necessarily threaten an individuals anonymity. And encryption is not the only protection for anonymity. However, there is significant overlap between the values underlying the First Amendment anonymity opinions and some justifications for encryption. Moreover, encryption has been an essential component of many of the most innovative anonymity tools (such as the techniques that newsrooms have adopted to receive anonymous tips).


Bio
-----------------
Jeff Kosseff is an assistant professor of cybersecurity law at the U.S. Naval Academy. He is the author of Cybersecurity Law, a textbook, and his latest book, The Twenty-Six Words That Created the Internet, a history of Section 230 of the Communications Decency Act, will be published early next year by Cornell University Press. He previously practiced cybersecurity law at Covington & Burling, and clerked for Judges Milan Smith on the Ninth Circuit and Leonie Brinkema in the Eastern District of Virginia. Before becoming a lawyer, he was a technology journalist for The Oregonian and finalist for the Pulitzer Prize.

Twitter handle of presenter(s)
------------------------------
@jkosseff

Website of presenter(s) or content
----------------------------------
www.jeffkosseff.com

Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Saturday - 14:00-14:45


Having fun with IoT: Reverse Engineering and Hacking of Xiaomi IoT Devices

Saturday at 14:00 in 101 Track, Flamingo
45 minutes | Demo, Tool, Exploit

Dennis Giese Hacker

While most IoT accessory manufacturers have a narrow area of focus, Xiaomi, an Asian based vendor, controls a vast IoT ecosystem, including smart lightbulbs, sensors, cameras, vacuum cleaners, network speakers, electric scooters and even washing machines. In addition, Xiaomi also manufactures smartphones. Their products are sold not only in Asia, but also in Europe and North America. The company claims to have the biggest IoT platform worldwide.

In my talk, I will give a brief overview of the most common, Wi-Fi based, Xiaomi IoT devices. Their devices may have a deep integration in the daily life (like vacuum cleaners, smart toilet seats, cameras, sensors, lights).

I will focus on the features, computational power, sensors, security and ability to root the devices. Let’s explore how you can have fun with the devices or use them for something useful, like mapping Wi-Fi signal strength while vacuuming your house. I will also cover some interesting things I discovered while reverse engineering Xiaomi's devices and discuss which protections were deployed by the developers (and which not).

Be prepared to see the guts of many of these devices. We will exploit them and use them to exploit other devices.

Dennis Giese
Dennis is a grad student at TU Darmstadt and a researcher at Northeastern University. He was a member of one european ISP's CERT for several years.

While being interested in physical security and lockpicking, he enjoys applied research and reverse engineering malware and all kind of devices.

His latest victim is the Xiaomi IoT cloud. Hehas presented at the Chaos Communication Congress and the REcon BRX.


Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Saturday - 16:00-16:59


Title:
Healthcare Exposure on Public Internet

Shawn Merdinger
Healthcare Exposure on Public Internet

Real-world healthcare exposure of hospitals, patient records, medical devices


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 14:00-15:50


HealthyPi—Connected Health

Saturday 08/11/18 from 1400-1550 at Table Four
Hardware and biohacking

Ashwin K Whitchurch

We (at ProtoCentral) developed the HealthyPi HAT for the Raspberry Pi as a way of opening up the healthcare and open source medical to anyone. The HealthyPi is made of the same "medical-grade" components found in regular vital sign monitors, for a fraction of the cost of such system. This is our way of democratizing medical hardware to develop new areas of research.

Our objective when we began developing the HealthyPi was to make a simple vital sign monitoring system which is simple, affordable, open-source (important !) and accessible. HealthyPI is completely open-source and is our way of "hacking" patient monitoring systems by getting data that you need, in the way that you need and extending on that without getting involved in sticky proprietary NDAs and such.

*Demo will allow people to come, check out and play with (and possibly hack) the HealthyPi device while getting their vital signs monitored.*

https://github.com/Protocentral/protocentral-healthypi-v3

Ashwin K Whitchurch
Ashwin K Whitchurch is the CEO of ProtoCentral (Circuitects Electronics Solutions Pvt Ltd) based out of Bangalore in India. The company makes, sells and supprts open source hardware products, most of them for healthcare and medical applications. Ashwin has published research papers, book chapters and reviews in well-known international journals and conferences. ProtoCentral (and Ashwin) has been present in many hardware gatherings including Maker Faire ( New York & Rome), Hackaday Superconference, OSHWA Summit and has given talks on his projects with open source hardware.


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Friday - 16:15-16:59


Title: Hey Bro, I Got Your Fitness Right Here (and your PHI).

Speakers: Nick - GraphX
Abstract:
This is a journey into fitness. My fitness and more importantly your fitness. Or rather the information that I've been collecting every day at the gym while getting ready for bikini season. This a look at my journey to become the sexy stud muffin you see before you (google image search "sexy stud muffin" for reference) and my quest to do bad things through various means, up to and including compromising cardio equipment, fitness apps, and changing delivery addresses for fitness equipment to my house instead of your gym. No zero days and nothing overly technical provided here, but the intended takeaway is awareness of who is collecting your PHI and from where. Just like on Maury, the results will shock and amaze. Or maybe you'll just get a good laugh at my journey to lose 100 pounds.

Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Friday - 15:00-16:00


Title:
Hiding in plain sight: Disguising HTTPS traffic with domain-fronting

3:00pm

Hiding in plain sight: Disguising HTTPS traffic with domain-fronting
When
Fri, August 10, 3pm 4pm
Description
Speaker
------
Matt Urquhart

Abstract
--------
Domain-fronting is a technique used to disguise HTTPS traffic as being destined for one service, but actually communicating with a different service. It relies on an implementation detail of HTTPS stacks which share infrastructure between customers. Recently, there has been a large amount of media attention surrounding a popular instant-messaging app using this technique to evade censorship. What is domain fronting and how does it work? This talk aims to give you everything you need to fully understand domain fronting, try it yourself, and understand how domain-fronting can also open a path to DoS and IP spoofing attacks.

Bio
-----------------
Matt is a software developer from Australia who first became interested in Infosec after hearing of hilarious pranks played during the early days of the Internet. In his spare time he enjoys playing the drums.

Twitter handle of presenter(s)
------------------------------
@arrtchiu

Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Saturday - 17:00-17:59


Holy BATSense! Deploying TBATS Machine Learning Algorithm to Detect Security Events

Pranshu Bajpai

Our “BATSense” security event detection methodology has been running at Michigan State University’s campus for a year and is successfully detecting security anomalies across 300k devices. In this presentation, we will describe the use machine learning, specifically the TBATS forecasting algorithm, to predict future trends for the number of events per second for a variety of device types. The forecasted values are compared against actual observations to alert security personnel of significant deviations. Anomalies are detected based on logs relevant to security events; they may be system modifications, system failures or a football game. Forecasts are never perfect, but when measured over extended use, we have shown that false positives are manageable (1 per week) for true positives of 1 per day. The result a methodology that has been developed and tweaked over time to effectively detect security events, and lessons learned over a year. All arguments presented in this talk will be backed by real world (anonymized) data collected at our university shared with the audience.

Pranshu Bajpai is a security researcher working towards his PhD in Computer Science and Engineering at Michigan State University. His research interests lie in computer and network security, malware analysis, machine learning, privacy, digital forensics, and cyber crimes. In the past, he worked as an independent penetration tester for clients. He has authored several research papers in security magazines and journals and has served as a technical reviewer for books within the security domain. He enjoys working in the security industry and the challenge of testing new technologies for potential weaknesses. In his spare time, he likes solving CTF challenges while listening to classic rock. Connect with him on Twitter: @amirootyet


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 16:00-17:50


Honeycomb—An extensible honeypot framework

Saturday 08/11/18 from 1600-1750 at Table Three
Incident Responders, Security Researchers, Developers

Omer Cohen

Imri Goldberg

We present Honeycomb—A repository of honeypot services and integrations for the information security community. Our vision: Honeycomb will be the pip or apt-get for honeypots.

While working hard to create various honeypots for several high profile vulnerabilities, we realized we were repeating some of the underlying work that’s involved in creating a honeypot—a useful honeypot is easy to deploy, configure and collects reports. We have these capabilities in Cymmetria’s commercial deception product but we wanted to open source this functionality to the community so everyone could benefit from it.

Eventually came the idea for honeycomb—an extensible platform for writing honeypots which comes with a repository of useful honeypots which makes it super easy to create new honeypots. Honeycomb and the honeypot repository together form a powerful tool for security professionals looking to gain threat intelligence on the latest threats.

We are currently in the process of finalizing the release of the project and working on releasing additional plugins. Join us to learn how to utilize existing honeycomb capabilities as well as writing honeypot services and integrations on your own!

https://github.com/Cymmetria/honeycomb

Omer Cohen
As an experienced Incident Response investigator and team leader, Omer has a wealth of knowledge and experience in the areas of cyber security, security research, software development and system administration, as well as network architecture and design. Omer has delivered and implemented numerous projects involving cutting edge technologies for multiple security related applications in addition to providing accurate and appropriate information security consulting and incident response services to Fortune 500 companies and other leading organization. Omer currently manages Customer Success in EMEA and APAC at Demisto, the leading Security Orchestration, Automation and Response (SOAR) solution provider.

Imri Goldberg
An experienced technical entrepreneur, Imri has significant experience in development, architecture and security. Before joining Cymmetria as VP R&D, Imri was the founder & CTO of Desti, a travel startup that was acquired by Nokia-HERE in 2014. Today Imri serves as the CTO of Cymmetria, heading innovation and research and working on product and architecture. Cymmetria is the leading Cyber Deception vendor with its main product MazeRunner® used by Fortune 500 companies in multiple verticals including finance, insurance, health, government, retail, etc.


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Flamingo - 3rd Floor - Track 101 Twilight BR - Friday - 20:30-23:59


Title:
House of Kenzo

Come celebrate teh culture of DIY or die! The future has not been written yet so come and mingle with the authors of the time to come and celebrate creating a culture of global communication and culture. Live music and open minds will meet your ideas and help you trailblazer the next century.

Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Saturday - 13:30-13:50


House of Roman—a "leakless" heap fengshui to achieve RCE on PIE Binaries

Saturday at 13:30 in 101 Track, Flamingo
20 minutes | Demo, Exploit

Sanat Sharma Hacker

Regarding ptmalloc2, many heap exploitation techniques have been invented in the recent years, well documented on the famous how2heap repository, or as writeups of famous CTF challenges (like House of Orange). However, most of them require atleast a libc/heap leak , or fail in non-PIE binaries. My new technique titled House of Roman leverages a single bug to gain shell leaklessly on a PIE enabled Binary. I shall showcase the ease of aligning the heap to perform this attack, thus demonstrating its versatility.

Since this a 20 mins talk, attendees should be aware of basic heap exploitation techniques, like fastbin attacks and unsorted bin attacks, and have a general idea of how the ptmalloc2 algorithm works. As a bonus, I also discuss how to land a fastbin chunk in memory regions with no size alignment (like __free_hook ).

Sanat Sharma
Sanat (@romanking98) is a 19 y o Junior Security Engineer at GoRoot GmbH in Berlin, Germany. He regularly plays CTFs with "dcua" , globally ranked in the world top 10 teams on ctftime.org , qualified for multiple prestigious onsite finals, including an invitation for DEF CON China offline CTF.

@romanking98


Return to Index    -    Add to    -    ics Calendar file

 

ICS - Flamingo Lower Level - Red Rock Rm 6-8 - Friday - 10:40-11:10


How can industrial IioT be protected from the great unwashed masses of IoT devices

August 10, 2018 10:40 AM

IoT and IIot devices are more prevalent in homes and industry. When these two areas share the same space, malware could move from one domain to another. For example, smart meters used by an electric utility could be compromised by other smart devices in the home. How can an electric utility protect their industrial equipment and ensure that home based IoT devices stay in their place? Join us in a demonstration of techniques that could be used to cloak an electric meter from the wild west of commercial-off-the-shelf IoT devices

Speaker Information

Ken Keiser

Parsons

Ken Keiser is the Director of Operational Technology Cybersecurity at Parsons Corporation, focusing on critical infrastructure protection risk analysis, and mitigation in the transportation, oil &amp; Gas, water, steel, automotive, and chemical industries. He has over 30 years of industrial control system experience in distributed control systems with Bailey Controls, ABB, and Siemens. Most recently, Ken was the interim Chief Information Security Officer for Amtrak as part of a Parsons project. He holds a Certified Information Systems Security Professional certification as well as a Payment Card Industry Qualified Security Assessor certification. Ken holds a Bachelor of Science in Electrical Engineering from Drexel University, and a Bachelor of Business Administration from Temple University.

Ben Barenz

Parsons

Ben Barenz is a Systems Engineer at Parsons Corporation, focusing on critical asset protection and critical infrastructure protection. He has over 8 years of industry experience in critical asset protection under DoD contracts and has recently moved under critical infrastructure protection. Ben holds a Bachelors of Science in Electrical Engineering from the University of Nebraska and numerous industry related certifications. ​


Return to Index    -    Add to    -    ics Calendar file

 

PPV - Flamingo Lower Level - Valley Of Fire Rms - Saturday - 13:00-13:59


Title:
How Compliance Affects the Surface Area of Cannabis POS

No description available
Return to Index    -    Add to    -    ics Calendar file

 

BTV - Flamingo 3rd Flr- Savoy Rm - Friday - 14:50-15:40


How not to suck at Vulnerability Management [at Scale]

Friday at 14:50-15:40
50 minutes

@Plug and mwguy

In the current cyber landscape several vulnerabilities are discovered every day. The volume of information and multiple sources to consume this information create interesting challenges for any security team. In the recent months several organizations have been prey of bad actors, exposing private data of millions of users, many times from month old vulnerabilities.

Vulnerability management is often disregarded, improperly staffed and rarely discuss in the infosec community, yet is one of the single point of failures allowing for breaches to take place. Under this circumstance, are you prepared to deal with vulnerabilities accordingly?

In this talk, we’ll share our experiences dealing vulnerabilities at scale. What works, what does not and why. More importantly, what actions you should consider improving or build your Vulnerability program. In the process, we’ll introduce some of the custom tools created internally to automate and enhance the program.

Unlike most Vulnerability Management talks, this talk is about the hands-on portion and day-to- day activities that must take place. Whether you are a seasoned infosec professional or new to the field, there is something for you to take away, especially at scale.

@Plug
Plug is currently a Senior Security Analyst at Verizon Digital Media Services. He started his journey in computer security back in 1996 when he discovered a 2600 magazine that eventually that lead him to his first LA2600 meeting in 1998. From that point forward, he has been involved in computer security. With over 16 years of IT experience, he has worked as Systems Administrator, Security Analyst and Security Engineer in the Finance and Telecom sector. In his free time, he enjoys building Legos, playing with synthesizers and modular systems, when possible he volunteers his time to computer security events.

mwguy
Chris is currently a Senior Security Engineer at Verizon Digital Media Services (formerly EdgeCast). Started working with computers in High School, and having older slower computers quickly made the move to Linux and BSD's to improve performance. From then on, he's worked with *nix systems almost exclusively, and a couple of years ago made the switch from being a Systems Administrator to working exclusively in Security. When not working, Chris enjoys crypto-currencies, his dogs, and putting wacky stuff on various Raspberry Pis.


Return to Index    -    Add to    -    ics Calendar file

 

PPV - Flamingo Lower Level - Valley Of Fire Rms - Friday - 10:30-10:59


Title:
How to Microdose Yourself

primer on microdosing yourself for fun and performance, from a nurse (though not medical advice)
Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Saturday - 10:30-10:59


How to Tune Automation to Avoid False Positives

Gita Ziabari, Senior Consultant Engineer at Verizon

Every SOC is deluged by massive amounts of logs, suspect files, alerts and data that make it impossible to respond to everything. It is essential to deploy automation to accelerate response time, consistency, scalability and efficiency. This talk will cover techniques to design a reliable automated tool in security. We will discuss about techniques of tunning the automation to avoid false positives and the many struggles we have had in creating appropriate whitelists. We will walk through steps of creating an automated tool and the essential factors to be considered to avoid any false positive.

Gita Ziabari (Twitter: @gitaziabri) is working at as a Senior Consultant Engineer at Verizon. She has more than 14 years of experience in threat research, networking, testing and building automated tools. Her main focus is creating automated tools in cybersecurity for mining data.


Return to Index    -    Add to    -    ics Calendar file

 

ICS - Flamingo Lower Level - Red Rock Rm 6-8 - Friday - 14:30-14:59


How We Cost Our Client £1.2M with 4 lines of code and less than 2 Hours ($2M)

August 10, 2018 2:30 PM

Hacking SCADA, or more commonly ICS is serious business - unlike other areas of offensive security one mistake can cost lives. Mike and Matt will present their ICS research which was carried out at one of the UKs top Industrial training facilities, walk through caveats, protocols and show some demos. They will also show how one can start researching industrial systems safely and cover what one needs to know to not get someone killed. They will also share the story and method behind how they cost a company £1.2M+ ($2M+) in lost earnings in under 5 seconds with only 4 lines of code. We will not be showing exploit code as we believe given what's at stake, it's highly irresponsible, but what we will do is give responsible researchers the knowledge they need to get involved and start helping to secure critical infrastructure. We’ll also show process, insight and what exploiting this kit actually means.

Speaker Information

Mike Godfrey

INSINIA

Mike Godfrey is a Network Specialist and Ethical Hacker with over 20 years experience in building and breaking computers. He has enjoyed a successful career in Information Technology, having qualified in Cisco CCNA (Network Associate) over 10 years ago and going on to work on some of the countries largest technological infrastructure. Mike is qualified and experienced in IT but is also a qualified Electro-technical / Electro-mechanical Engineer, specialising in hardware exploitation. Mike’s qualifications and experience have led to INSINIA becoming the only Gas Safe Registered Cyber Security Company in the UK, allowing it to test industrial process and building infrastructure in a unique way. Mike’s skills have also led to the design and production of a range of new products and services, including securing the hardware and fabric of buildings and identifying key vulnerabilities within the buildings “PowerLine” (230V circuit), which can allow an attacker to exfiltrate information undetected, as well as discovering vulnerabilities in key industrial gas systems and controls. Mike was the first ethical hacker to successfully hack Trend’s 963 BMS system back in 2006, the Sentry Safe with a magnet and a sock in 2014, the Philips Hue smart home system in 2017 and many more.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Friday - 15:50-16:10


How WHOIS Data Uncovered $32 Billion Connected to the Mormon Church - Ethan Dodge

It’s always been suspected that the Mormon Church is worth billions of dollars and has a sizable amount of investments in the United States stock market. However their finances are almost entirely opaque. In May 2018, MormonLeaks released a compilation of information connecting the dots between the Mormon Church and $32 billion.

It all started with WHOIS data and was further verified with almost entirely publicly available and open sources. Come hear the entire story in lightning style fashion.


Return to Index    -    Add to    -    ics Calendar file

 

IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - Saturday - 15:45-16:30



Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Saturday - 09:30-09:59


Title:
http2 and you

security panda
@security_panda

http2 and you

"Although not commonly known, HTTP2 was first published in May 2015 as an update to HTTP 1.1. By the end of that year, the majority of major browsers added HTTP2 support; it is now being utilized all across the Internet. Sites such as Google, Twitter, Facebook, and perhaps even your companys site have HTTP2 enabled. If so, you probably do not realize you are using it. In fact, many Web Application Firewalls (WAFs) are not keeping pace with HTTP2 security needs and common AppSec testing tools such Burp, Zap, and other DAST products dont support HTTP2.

This talk will discuss the details of the presenters discovery process in identifying how many site hosts are utilizing HTTP2, and a sample of common vulnerabilities which were found on these sites. Attendees will come away with having a better understanding of the security implications of HTTP2 and how you can detect these potential pitfalls on your network using freely available tools."


Return to Index    -    Add to    -    ics Calendar file

 

SEV - Caesars Promenade South - Octavius BR 3-8 - Saturday - 16:55-17:45



Saturday August 11 2018 1655 50 mins
Hunting Predators: SE Style
It was just about 1 year ago that Chris announced the launching of The Innocent Lives Foundation. What has happened in the last year? What have we accomplished? What are our challenges? What is next in the future? This talk will help the community see what your support, money and love has done to save children and catch predators.

Chris Hadnagy: @humanhacker
Chris is a professional social engineer with over 16 years of experience. His passion is understanding the why not just the what. Chris has had the opportunity to work with some of the world’s greatest minds in learning how to use skills that might not be too common in the infused industry. You can find out more by looking at www.social-engineer.com


Return to Index    -    Add to    -    ics Calendar file

 

WLV - Caesars Promenade Level - Milano BR 5,6 - Friday - 17:00-17:25


t0ddpar0dy

Bio

WiFi hobbyist, member of last year's 4th place team, former fed, curious engineer

@t0ddpar0dy

Hunting Rogue APs: Hard Lessons

Abstract

Given the challenge of locating a static Access Point this presentation highlights our strategy, pitfalls, and success.


Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Saturday - 16:20-16:59


Hunting the Ethereum Smart Contract: Color-inspired Inspection of Potential Attacks

TonTon Huang

Blockchain and Cryptocurrencies are gaining unprecedented popularity and understanding. Meanwhile, Ethereum is gaining a significant popularity in the blockchain community, mainly due to the fact that it is designed in a way that enables developers to write decentralized applications (Dapps) and smart contract. This new paradigm of applications opens the door to many possibilities and opportunities. However, the security of Ethereum smart contracts has not received much attention; several Ethereum smart contracts malfunctioning have recently been reported. Unlike many previous works that have applied static and dynamic analyses to find bugs in smart contracts, we do not attempt to define and extract any features; instead we focus on reducing the expert’s labor costs. We first present a new in-depth analysis of potential attacks methodology and then translate the bytecode of solidity into RGB color code. After that, we transform them to a fixed-sized encoded imag​​e. Finally, the encoded image is fed to convolutional neural network (CNN) for automatic feature extraction and learning, detecting security flaw of Ethereum smart contract.

Hsien-De Huang (a.k.a. TonTon) is working for Leopard Mobile Inc. (Cheetah Mobile Taiwan Agency), and currently a Ph.D. candidate (IKM Lab.) in the Dept. Computer Science and Information Engineering at National Cheng Kung University, Tainan Taiwan. His research interests include Deep Learning, Blockchain, Malware Analysis, Type-2 Fuzzy Logic, and Ontology Applications, and gave talks at RuxCon 2017, OWASP AppSec USA 2017, Hadoop.TW annual conference 2016, TW CSA Summit 2016 and Hackers in Taiwan Conference (HITCON) 2015 & 2014.

Chia-Mu Yu received his Ph.D degree from National Taiwan University in 2012. He is currently an assistant professor at National Chung Hsing University, Taiwan. He was a research assistant in the Institute of Information Science, Academia Sinica. He was a visiting scholar at Harvard University, Imperial College London, Waseda University, and University of Padova. He was a postdoc researcher at IBM Thomas J. Watson Research Center. He serves as an associate editor of IEEE Access and Security and Communication Networks. His research interests include cloud storage security, IoT security, and differential privacy.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Friday - 18:00-18:35


I fought the law and law lost - Mauro Caseres

“I fought the law and the law lost” is a series of talks that aims to collect vulnerabilities in the field of Argentine Security forces. This chapter focuses on both Federal and Buenos Aires City Police, which according to the Head of Government Horacio Rodr√≠guez Larreta, has the ““most modern technology in the world””.

We will analyze four particular cases (two on the lightning talk version), all of them ending in national scandals:

But we’ll do it having in mind a special requirement: passive action. We’ll use Recon & OSINT at it’s best in order to reconstruct how the leaks were carried from start to end. A police chief using his daughter’s name as a password? A Police CIO using his own National ID Number as recovery question? Public databases exposing too much information? Reused passwords across every site on the internet? Sure, but it’s not the worst. We’ll use hand crafted DIY tools and without compromising a single system, reveal a lot of bugs and vulns. This talk is heavily focused on obtaining OSINT from public sources (specially in countries with weak or ambiguous laws, like Argentina)

This talk aims to demonstrate various flaws with a critical, technical and impartial approach to bring to the public a prevailing reality: First, argentine law allows a lot of compromising data to be used as ““public”” (thus leaving the place for OSINT based attacks to occur), and second… we are not safe against computer threats, and those who take care of us, neither are.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Friday - 17:00-17:45


I'll See Your Missile and Raise You A MIRV: An overview of the Genesis Scripting Engine

Friday at 17:00 in Track 1
45 minutes | Demo, Audience Participation, Tool

Alex Levinson Senior Security Engineer

Dan Borges Hacker

Typically, the activities of a malware attack occur on an execution timeline that generally consists of 3 segments—the vector, the stage, and the persistence. First, a vector, or method of exploitation is identified. This could be anything from logging in over a credentialed method like RDP or SSH and running a malicious payload directly, to exploiting a memory corruption vulnerability remotely. Second, that access is leveraged into running malicious code that prepares the victim for the deployment of persistence (commonly "implant"). While segments one and three have been extensively automated, a effective automated utility for deploying persistence in a dynamic and unified context has yet to present itself.

Enter the Genesis Scripting Engine.

The Genesis Scripting Engine, or Gscript for short, is a framework for building multi-tenant executors for several implants in a stager. The engine works by embedding runtime logic (powered by the V8 Javascript Virtual Machine) for each persistence technique. This logic gets run at deploy time on the victim machine, in parallel for every implant contained with the stager. The Gscript engine leverages the multi-platform support of Golang to produce final stage one binaries for Windows, Mac, and Linux.

This talk will consist of an overview of the origins of the project, a technical deep dive into the inner workings including the modified Javascript VM, a walk through of the CLI utility, and examples of how we've leveraged Gscript in the real world.

Multiple demos involving practical application scenarios will be presented, as well as an opportunity for audience members to submit their own implants and have them built into a hydra on stage in a matter of minutes.

Alex Levinson
Alex Levinson is a Senior Security Engineer at Uber with experience in red teaming, software engineering, and incident response. Outside of Uber, he is a core member of the red team for the National Collegiate Cyber Defense Competition (CCDC), as well as the Competition Director for the Collegiate Penetration Testing Competition (CPTC). Previously, Alex worked as a Senior Consultant and Development Manager at Lares Consulting.

@alexlevinson, github.com/gen0cide, alexlevinson.wordpress.com

Dan Borges
Dan Borges is an information security professional with over 15 years in computer science. Dan participates in a number of cyber security competitions each year, from being on the National CCDC Red Team, to leading a Blue Team in Pros Versus Joes, and helping run the Collegiate Penetration Testing Competition (CPTC). He has been publishing a blog on infosec education for more than 10 years.

@1jection


Return to Index    -    Add to    -    ics Calendar file

 

IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - Friday - 16:45-17:30



Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Friday - 13:20-13:59


Identifying and correlating anomalies in Internet-wide scan traffic to newsworthy security events

Andrew Morris

In this presentation, we will discuss using GreyNoise, a geographically and logically distributed system of passive Internet scan traffic collector nodes, to identify statistical anomalies in global opportunistic Internet scan traffic and correlate these anomalies with publicly disclosed vulnerabilities, large-scale DDoS attacks, and other newsworthy events. We will discuss establishing (and identifying any deviations away from) a “standard” baseline of Internet scan traffic. We will discuss successes and failures of different methods employed over the past six months. We will explore open questions and future work on automated anomaly detection of Internet scan traffic. Finally, we will provide raw data and a challenge as an exercise to the attendees.

Andrew Morris is the founder and CEO of GreyNoise Intelligence, a DC-based cyber security company, and likely holds the world record for amount of time staring at Internet-wide scan traffic. Prior to founding GreyNoise, Andrew worked as a researcher, red team operator, and consultant for several large cyber security firms including Endgame, NCC group, and KCG. Outside of work, Andrew enjoys playing fingerstyle acoustic guitar and tries to figure out what his dreams mean.


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Sunday - 12:00-13:00


Title:
Implementing a Library for Pairing-based Transform Cryptography

12:00pm

Implementing a Library for Pairing-based Transform Cryptography
When
Sun, August 12, 12pm 1pm
Description
Speakers
-------
Bob Wall
Colt Frederickson

Abstract
--------
We will present background on transform cryptography, also known as proxy re-encryption, We start with an overview of elliptic curves over finite fields and pairings using bilinear maps and discuss how they can be used to implement cryptographic primitives. We next describe the idea of transform cryptography and enumerate desirable properties of transform cryptography schemes, then examine in more detail a specific multi-hop transform encryption scheme.

We will then describe how we implemented a library to provide the primitives required for that multi-hop transform encryption scheme. Finally, we discuss the security implications of recent advances in evaluating discrete logarithms using the special number field sieve, and why that led us to increase the key length of the scheme from 256 bits to 480 bits.

Bio
-----------------
Bob: Co-founder & CTO of IronCore Labs, a startup focused on building products to help app developers build strong security into their offerings.

Colt: Senior software engineer at IronCore Labs. Functional programming guru with a strong background in big data.

Twitter handle of presenter(s)
------------------------------
@bithead_bob, @coltfred

Website of presenter(s) or content
----------------------------------
https://github.com/IronCoreLabs/recrypt, http://ironcorelabs.com

Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Saturday - 13:00-13:30


In Soviet Russia Smartcard Hacks You

Saturday at 13:00 in Track 1
20 minutes | Demo, Tool, Exploit

Eric Sesterhenn Principal Security Consultant at X41, D-Sec GmbH

The classic spy movie hacking sequence: The spy inserts a magic smartcard provided by the agency technicians into the enemy's computer, ...the screen unlocks... What we all laughed about is possible!

Smartcards are secure and trustworthy. This is the idea smartcard driver developers have in mind when developing drivers and smartcard software. The work presented in this talk not only challenges, but crushes this assumption by attacking smartcard drivers using malicious smartcards.

A fuzzing framework for *nix and Windows is presented along with some interesting bugs found by auditing and fuzzing smartcard drivers and middleware. Among them classic stack and heap buffer overflows, double frees, but also a replay attack against smartcard authentication.

Since smartcards are used in the authentication process, a lot of vulnerabilities can be triggered by an unauthenticated user, in code running with high privileges. During the authors research, bugs were discovered in OpenSC (EPass, PIV, OpenPGP, CAC, Cryptoflex,...), YubiKey drivers, pam_p11, pam_pkc11, Apple smartcardservices...

Eric Sesterhenn
Eric Sesterhenn is working as an IT Security consultant for more than 15 years, working mostly in the areas of source code auditing and penetration testing. His experience in the field includes:


Return to Index    -    Add to    -    ics Calendar file

 

SEV - Caesars Promenade South - Octavius BR 3-8 - Friday - 17:50-18:40



Friday August 10 2018 1750 50 mins

In-N-Out – That’s What It’s All About
Without the right tools the engagement can be over before it begins, as upfront resistance can prevent you from entering with your tools. Billy Boatright demonstrates and discusses how to use social engineering tactics to get in without any difficulty. While most think outside of the box, Billy shows us how to think inside the box and embrace your own handicaps to arm yourself with advanced tactics and unfair advantages. Billy shows us how handicaps and familiar objects can be used to covertly carry your toolbox into an engagement, increasing your success. Rather than dealing with a perceived disadvantage, use it to exploit the world around you.

Billy Boatright: @fuzzy_l0gic
Billy began his social engineering career without even knowing it. He was a bartender on the Las Vegas Strip for the better part of a decade. He won numerous awards from all over the world as a Top-ranked Flair Bartender. He has taken the skills he learned behind the bar to the Information Security world. Billy has been a Judge for the Social Engineering Capture the Flag event at Def Con. He is also the namesake for the BSides Las Vegas Social Engineering Capture the Flag Championship Belt. Billy also volunteers time and expertise to the Las Vegas ISSA Chapter as a Board Member. He is also a member of the BSides Las Vegas Senior Staff.

Billy has multiple degrees and numerous certifications. However, when asked about them he will gladly quote George Moriarty, “The shining trophies on our shelves can never win tomorrow’s game.”


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Saturday - 13:30-14:15


Infecting The Embedded Supply Chain

Saturday at 13:30 in Track 3
45 minutes | Demo, Exploit

Zach Security Researcher at Somerset Recon

Alex Security Researcher at Somerset Recon

With a surge in the production of internet of things (IoT) devices, embedded development tools are becoming commonplace and the software they run on is often trusted to run in escalated modes. However, some of the embedded development tools on the market contain serious vulnerabilities that put users at risk. In this talk we discuss the various attack vectors that these embedded development tools expose users to, and why users should not blindly trust their tools. This talk will detail a variety reverse engineering, fuzzing, exploit development and protocol analysis techniques that we used to analyze and exploit the security of a common embedded debugger.

Zach
Zach is a security researcher with Somerset Recon, a security consulting firm in San Diego. In this role he focuses on reverse engineering and web application penetration testing. In his free time Zach loves reading and long walks through the PE file format. Prior to working at Somerset Recon, Zach was a goat farmer in Maryland.

Alex
Alex is a security researcher with Somerset Recon, a security consulting firm in San Diego. In this role he focuses on hardware security and reverse engineering.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Saturday - 16:00-16:45


Inside the Fake Science Factory

Saturday at 16:00 in Track 3
45 minutes |

Dr Cindy Poppins - Computer Scientist (AKA Svea Eckert)

Dr Dade Murphy - Reformed Hacker (AKA Suggy)

Professor Dr Edgar Munchhausen – Struwwelpeter Fellow (AKA Till Krause)

Fake News has got a sidekick and it's called Fake Science. This talk presents the findings and methodology from a team of investigative journalists, hackers and data scientists who delved into the parallel universe of fraudulent pseudo-academic conferences and journals; Fake science factories, twilight companies whose sole purpose is to give studies an air of scientific credibility while cashing in on millions of dollars in the process. Until recently, these fake science factories have remained relatively under the radar, with few outside of academia aware of their presence; but the highly profitable industry is growing significantly and with it, so are the implications. To the public, fake science is indistinguishable from legitimate science, which is facing similar accusations itself. Our findings highlight the prevalence of the pseudo-academic conferences, journals and publications and the damage they can and are doing to society.

Svea Eckert
Svea is a freelance journalist for Germany’s main public service broadcaster “Das Erste” (ARD). She is researching and reporting investigative issues with main focus on new technology, computer and network security, digital economics and data protection. Svea’s academic alter ego is Dr Cindy Poppins, a well-known computer scientist from the University of Applied Sciences of Lower Saxony at Wiepenkathen, Germany. Dr Poppin’s main focus lies on novel solutions for the analysis of agents. She recently discovered COP, an algorithm which improves compact technology and suffix trees, winning her the best presentation award at an international conference.

@sveckert

Chris "Suggy" Sumner
Suggy is the lead researcher and co-founder of the not-for-profit Online Privacy Foundation, who contribute to the field of psychological research in online contexts. He has authored papers and spoken on this topic at DEF CON, other noteworthy conferences and a fake conference. For the past five years, Suggy has served as a member of the DEF CON CFP review board. Suggy’s academic alter ego is Dr Dade Murphy, a reformed hacker whose eagerly anticipated work on polymorphic machine learning defences for Gibson mainframe computers was recently accepted at an international cyber security conference.

@5uggy

Till Krause
Till is an editor and investigative reporter at Süddeutsche Zeitung Magazine, the supplement of Germany’s major broadsheet newspaper. Ever since he studied Electronic Communication Arts as a Fulbright Scholar in the Bay Area in 2005, he is interested in all things tech, writing about surveillance, data protection and cybercrime. Till’s academic alter ego is Professor Dr. Edgar Munchhausen, a Struwwelpeter Fellow for Applied Sciences at various universities in Europe and Asia and a renowned researcher who has published his research in countless peer-reviewed journals. He holds a PhD from the University of Wiepenkathen and is a laureate of the Horst Schimanski Award and CEO of IOIR, the Institute of International Research.


Return to Index    -    Add to    -    ics Calendar file

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Saturday - 18:00-18:30


Title: Instructions and invitations to party

Speakers: Cinnamonflower and pwrcycle

Description:
No description available



Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Sunday - 13:00-14:00


Title:
Integrating post-quantum crypto into real-life applications

1:00pm

Integrating post-quantum crypto into real-life applications
When
Sun, August 12, 1pm 2pm
Description
Speaker
------
Christian Paquin

Abstract
--------
Quantum computers pose a grave threat to the public-key cryptography we use today. Many quantum-safe alternatives have been proposed to alleviate this problem. None of these, however, provide a perfect replacement for our conventional algorithms. Indeed, they either result in increased bandwidth, bigger keys, and/or slower runtime, thus greatly impacting their integration into crypto applications.

In this talk, Ill give an overview of the emerging post-quantum cryptography (PQC) schemes. Ill then present the lessons we have learned from our prototype integrations into real-life protocols and applications (such as TLS, SSH, and VPN), and our experiments on a variety of devices, ranging from IoT devices, to cloud servers, to HSMs. Ill discuss the Open Quantum Safe project for PQC development, and related open-source forks of OpenSSL, OpenSSH, and OpenVPN that can be used to experiment with PQC today. Ill present a demo of a full (key exchange + authentication) PQC TLS 1.3 connection.

This work sheds lights on the practicality of PQC, encouraging early adoption and experimentation by the security community.

Bio
-----------------
I am a crypto specialist in MSRs Security and Cryptography team [1]. Im currently involved in projects related to post-quantum cryptography, such as the Open Quantum Safe project [2], and leading the development of the U-Prove technology [3]. Im also interested in privacy-enhancing technologies, smart cloud encryption (e.g., searchable and homomorphic encryption), and the intersection of AI and security.

Prior to joining Microsoft in 2008, I was the Chief Security Engineer at Credentica, a crypto developer at Silanis Technology working on digital signature systems, and a security engineer at Zero-Knowledge Systems working on TOR-like systems.

[1] https://www.microsoft.com/en-us/research/group/security-and-cryptography/
[2] https://github.com/open-quantum-safe
[3] https://microsoft.com/uprove

Twitter handle of presenter(s)
------------------------------
chpaquin

Website of presenter(s) or content
----------------------------------
https://www.microsoft.com/en-us/research/people/cpaquin/

Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Friday - 13:00-13:20


IntelliAV: Building an Effective On-Device Android Malware Detector

Mansour Ahmadi

“ The importance of employing machine learning for malware detection has become explicit to the security community. Several anti-malware vendors have claimed and advertised the application of machine learning in their products in which the inference phase is performed on servers and high-performance machines, but the feasibility of such approaches on mobile devices with limited computational resources has not yet been assessed by the research community, vendors still being skeptical. In this presentation, we aim to show the practicality of devising a learning-based anti-malware on Android mobile devices, first. Furthermore, we aim to demonstrate the significance of such a tool to cease new and evasive malware that can not easily be caught by signature-based or offline learning-based security tools. To this end, we first propose the extraction of a set of lightweight yet powerful features from Android applications. Then, we embed these features in a vector space to build an effective as well as efficient model. Hence, the model can perform the inference on the device for detecting potentially harmful applications. We show that without resorting to any signatures and relying only on a training phase involving a reasonable set of samples, the proposed system, named IntelliAV, provides more satisfying performances than the popular major anti-malware products. Moreover, we evaluate the robustness of IntelliAV against common obfuscation techniques where most of the anti-malware solutions get affected.”

I am a postdoctoral Research Associate at the Northeastern University. I achieved my Ph.D. from the University of Cagliari. I am co-author of more than 10 research papers mostly about the application of machine learning for malware classification. Two of my works received awards from Kaspersky, and the Anti-Virus I developed received media coverage.


Return to Index    -    Add to    -    ics Calendar file

 

PHW - Caesars Promenade Level - Neopolitan BR - Saturday - 14:00-15:59


Intense Introduction to Modern Web Application Hacking

This course starts with an introduction to modern web applications and immediately starts diving directly into the mapping and discovery phase of testing. In this course, you will learn new methodologies used and adopted by many penetration testers and ethical hackers. This is a hands-on training where will use various open source tools and learn how to exploit SQL injection, command injection, cross-site scripting (XSS), XML External Entity (XXE), and cross-site request forgery (CSRF). We will wrap up our two hour fast-paced course by unleashing students on a vulnerable web application with their newly found skills.

Omar Santos (Twitter: @santosomar) is a Principal Engineer in the Cisco Product Security Incident Response Team (PSIRT) within Cisco's Security Research and Operations. He mentors and leads engineers and incident managers during the investigation and resolution of security vulnerabilities in all Cisco products, including cloud services. Omar has been working with information technology and cyber security since the mid-1990s. Omar has designed, implemented, and supported numerous secure networks for Fortune 100 and 500 companies and the U.S. government. Prior to his current role, he was a Technical Leader within the World Wide Security Practice and the Cisco Technical Assistance Center (TAC), where he taught, led, and mentored many engineers within both organizations.

Ron Taylor (Twitter: @Gu5G0rman) has been in the Information Security field for almost 20 years. Ten of those years were spent in consulting. In 2008, he joined the Cisco Global Certification Team as an SME in Information Assurance. In 2012, he moved into a position with the Security Research & Operations group, where his focus was mostly on penetration testing of Cisco products and services. He was also involved in developing and presenting security training to internal development and test teams globally. Additionally, he provided consulting support to many product teams as an SME on product security testing. He then spent some time as a Consulting Systems Engineer specializing in Cisco's security product line. His current role is working within the Cisco Product Security Incident Response Team (PSIRT). He has held a number of industry certifications including GPEN, GWEB, GCIA, GCIH, GWAPT, RHCE, CCSP, CCNA, CISSP, and MCSE. Ron is also a Cisco Security Blackbelt, SANS mentor, Cofounder and President of the Raleigh BSides Security Conference, and an active member of the Packet Hacking Village team at DEF CON.


Return to Index    -    Add to    -    ics Calendar file

 

IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - Friday - 14:30-15:15



Return to Index    -    Add to    -    ics Calendar file

 

IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - Friday - 10:15-10:59



Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Friday - 18:00-18:59


INTRO TO DATA MASTERCLASS: Graphs & Anomalies

No description available


Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Saturday - 18:00-18:59


INTRO TO DATA MASTERCLASS: Tour-de-ML

No description available


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Friday - 16:50-17:20


Introducing YOGA: Your OSINT Graphical Analyzer - Micah Hoffman

“If you have ever performed reconnaissance on a target or conducted an OSINT investigation you know that there are a huge number of places to gather OSINT data. One of the biggest challenges is in taking the next steps with that data once you have it. How do you take what you have and transform use it to get more? For instance, if you found email addresses, where do you search to find other data about those accounts? We have excellent resources such as [http://osintframework.com)[http://osintframework.com] and https://bit.ly/technisette that are huge lists of well-organized bookmarks which can be overwhelming. That is why I created YOGA.

Your OSINT Graphical Analyzer (YOGA) seeks to answer that most-common of data-gathering questions, “What do I do now?” It is designed to help when you have one type of data and need to know different actions you can take to get more data. Come to this session and learn how you and your team can use and extend this online tool in your work.”


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon B - Thursday - 14:30-18:30


Introduction to Cryptographic Attacks

Thursday, 1430-1830 in Icon B

Matt Cheung

Using cryptography is often a subtle practice and mistakes can result in significant vulnerabilities. This workshop will cover many of these vulnerabilities which have shown up in the real world. This will be a hands-on workshop where you will implement the attacks after each one is explained. I will provide a VM with Python dependencies and skeleton code included so you can focus on implementing the attack. A good way to determine if this workshop is for you is to look at the challenges at cryptopals.com and see if those look interesting, but you could use in person help understanding the attacks. While not a strict subset of those challenges, there is significant overlap.

Prerequisites: Students should have experience with Python development and comfortable with mathematics such as modular arithmetic.

Materials: A laptop with VMWare or VirtualBox installed and capable of running a VM.

Max students: 30

Registration: -CLASS FULL- https://www.eventbrite.com/e/introduction-to-cryptographic-attacks-icon-b-tickets-47086369599
(Opens July 8, 2018 at 15:00 PDT)

Matt Cheung
Matt Cheung started developing his interest in cryptography during an internship in 2011. He worked on implementation of a secure multi-party protocol by adding elliptic curve support to an existing secure text pattern matching protocol. Implementation weaknesses were not a priority and this concerned Matt. This concern prompted him to learn about cryptographic attacks from Dan Boneh's crypto 1 course offered on Coursera and the Matasano/cryptopals challenges. From this experience he has given talks and workshops at the Boston Application Security Conference and the DEF CON Crypto and Privacy Village.


Return to Index    -    Add to    -    ics Calendar file

 

WLV - Caesars Promenade Level - Milano BR 5,6 - Saturday - 16:00-16:55


Eric Reuter

Bio

"Eric enjoys photographing trains and hardware/RF hacking. The natural overlap of these interests is the exploration of ways to use RF to find trains in the wild. By day, he is an Associate Professor at a Berklee College of Music, where he teaches acoustics and electronics, and runs an acoustical consulting firm in Portsmouth, NH. Eric holds an Amateur Extra license.

@EricReuter

Introduction to Railroad Telemetry

Abstract

North American railroads use several wireless systems for remote control, monitoring, and tracking of locomotives, railcars, signals, and other equipment. This talk will provide an overview of the systems in use, an in-depth look of two of them: The end-of-train (EOT) device contributed to the demise of the caboose 35 years ago, taking over one of its primary functions: monitoring brake pipe pressure. The EOT transmits pressure, its unique ID, and other data, encoded into AFSK packets, to a corresponding head-of-train (HOT) device in the locomotive. A secondary function is venting the line in an emergency braking event, under command of the HOT. BCH error correction is employed for reliability, but there are inherent security flaws. A SDR/GNU Radio/Python workflow for decoding and verifying packets will be demonstrated. Attempts at automatically identifying passing railcars were largely unsuccessful until the introduction of the Automatic Equipment Identification (AEI) system in the early 90s. This 900 MHz RFID system consists of passive tags on each locomotive and car and wayside readers at rail yard entrances and other locations of interest. The author's day job in environmental noise consulting led to a study of the feasibility of using AEI for rail noise studies. It had to be reverse-engineered first, of course. Using a repurposed commercial reader, Raspberry Pi, and cellular modem, a remote monitoring system gathered tag date for 5 weeks. Details of the protocol and monitoring system will be presented, along with video demonstrations.


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 3 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 14:00-15:50


ioc2rpz

Saturday 08/11/18 from 1400-1550 at Table Three
Defence/Network security

Vadim Pavlov

DNS is the control plane of the Internet. Usually DNS is used for good but:

ioc2rpz is a custom DNS server which automatically converts indicators (e.g. malicious FQDNs, IPs) from various sources into RPZ feeds and automatically maintains/updates them. The feeds can be distributed to any open source and/or commercial DNS servers which support RPZ, e.g. ISC Bind, PowerDNS. You can run your own DNS server with RPZ filtering on a router, desktop, server and even Arduino. System memory is the only limitation.

With ioc2rpz you can define your own feeds, actions and prevent undesired communications.

https://github.com/Homas/ioc2rpz

Vadim Pavlov
Vadim Pavlov is passionate about traveling, learning foreign and programming languages, writing scripts/software, integrating solutions, interacting with colleagues and customers to solve complex problems. As a truly lazy person Vadim wants to automate all routine.

Vadim has 15+ years of IT experience and last 5 years Vadim spent at Infoblox and became an expert in DNS and DNS Security: did researches, wrote articles, created custom DNS servers, Infoblox's DNS Data Exfiltration(Infiltration) Demo and Security Assessments portals, created integrations with security solutions. He achieved a masters degree with honors in Computer Science (Software Development) from Russia.


Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Saturday - 17:00-17:59


IoT Data Exfiltration

Mike Raggo, CSO of 802 Secure, Inc.
Chet Hosmer, Owner of Python Forensics

IoT offers new protocols and frequencies over which communication travels. Due to lack of familiarity amongst most enterprises, most organizations are ill-equipped to monitor or detect these mysterious channels. This introduces a plethora of covert channels by which data could be exfiltrated, or malware to be infiltrated into the network. In this session we explore this new frontier by focusing on new methods of IoT protocol exploitation by revealing research conducted over the last 2 years. Detailed examples will be provided, as well as demo of a python tool for exploiting unused portions of protocol fields. From our research, we'll also reveal new methods of detecting aberrant behavior emanating to/from these devices gathered from our lab and real world testing.

Mike Raggo (Twitter: @DataHiding) is Chief Security Officer at 802 Secure and has over 20 years of security research experience. His current focus is wireless IoT threats impacting the enterprise. Michael is the author of "Mobile Data Loss: Threats & Countermeasures" and "Data Hiding" for Syngress Books, and contributing author for "Information Security the Complete Reference 2nd Edition". A former security trainer, Michael has briefed international defense agencies including the FBI and Pentagon, and is a frequent presenter at security conferences, including Black Hat, DEF CON, Gartner, DoD Cyber Crime, OWASP, HackCon, and SANS.

Chet Hosmer is an international author, educator & researcher, and founder of Python Forensics, Inc., a non-profit research institute focused on the collaborative development of open source investigative technologies using the Python programming language. Chet is also a Visiting Professor at Utica College in the Cybersecurity Graduate Program, where his research and teaching is focused on data hiding, active cyber defense and security of industrial control systems. Additionally, Chet is an Adjunct Professor at Champlain College in the Digital Forensics Graduate Program, where his research and teaching is focused on solving hard digital investigation problems using the Python programming language.


Return to Index    -    Add to    -    ics Calendar file

 

IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - Friday - 11:30-11:59



Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Off-site party, Register and receive adddress from IOT VIllage - Saturday - 21:00-25:59


Title:
IoT Village Manson Party

Come party with the Defcon IoT Village organizers! If you enjoy mansions, pools, water slides, waterfall caves, food, and practically unlimited drinks, this is the place to be. Additional excitement to come as well.

To receive the address, please register a waitlist ticket and visit the Defcon IoT Village:

Promenade Level, rooms Verona, Turin, and Trevi
Come between 10am-6pm Friday and Saturday to reserve a spot
Spots are limited so hurry!

More Info: https://www.eventbrite.com/e/iot-village-mansion-party-tickets-48041961801

Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Saturday - 10:00-10:45


It WISN't me, attacking industrial wireless mesh networks

Saturday at 10:00 in Track 1
45 minutes | Demo

Erwin Paternotte Lead security consultant at Nixu

Mattijs van Ommeren principal security consultant at Nixu

Wireless sensor networks are commonly thought of as IoT devices communicating using familiar short-range wireless protocols like Zigbee, MiWi, Thread and OpenWSN. A lesser known fact is that about a decade ago, two industrial wireless protocols (WirelessHART and ISA100.11a) have been designed for industrial applications, which are based on the common IEEE 802.15.4 RF standard. These Wireless Industrial Sensor Networks (WISN) are used in process field device networks to monitor temperature, pressure, levels, flow or vibrations. The petrochemical industry uses WISN in oil and gas fields and plants around the world.

Both IEC ratified standards have been commonly praised by the ICS industry for their security features, including strong encryption on multiple layers within the protocol stack, resistance to RF interference, and replay protection. While the standards in general look safe on paper, there are potential interesting attack vectors that require verification. However, security research so far has not yielded any significant results beyond basic attack vectors. Often these attacks have only been theorized, and not (publically) demonstrated. In addition, vendor implementations have not been thoroughly tested for security by independent third parties, due to protocol complexity and the lack of proper (hardware/software) tools. We strongly believe in Wright's principle,"Security does not improve until practical tools for exploration of the attack surface are made available."

Erwin Paternotte
Erwin works as a lead security consultant at Nixu Benelux. He has 15 years experience conducting penetration tests and security assessments on a wide variety of systems and technology. In the recent years his focus is shifting towards more advanced tests like red teaming, embedded systems, ICS/SCADA, and telco systems. Within Nixu he is also the practice lead for penetration and security testing.

Mattijs van Ommeren
Mattijs leads the Red Teaming and Hardware Testing team at Nixu Benelux. He has spent most of his career as an information security consultant, both on the offensive as well as the defensive side. Mattijs has a special interest in process automation and industrial systems. Over the years he has discovered numerous vulnerabilities in RTUs, process controllers, industrial firewalls and other equipment. Industrial sensor networks currently have most of his focus, as this is still mainly unexplored terrain.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Friday - 12:00-12:45


It's Assembler, Jim, but not as we know it: (ab)using binaries from embedded devices for fun and profit

Friday at 12:00 in 101 Track, Flamingo
45 minutes | Demo

Morgan ``indrora'' Gangwere Hacker

With the proliferation of Linux-based SoCs -- you've likely got one or two in your house, on your person or in your pocket -- it is often useful to look "under the hood" at what is running; Additionally, in-situ debugging may be unavailable due to read-only filesystems, memory is often limited, and other factors keep us from attacking a live device. This talk looks at attacking binaries outside their native environment using QEMU, the Quick Emulator, as well as techniques for extracting relevant content from devices and exploring them.

Morgan ``indrora'' Gangwere
Morgan is a student at the University of New Mexico where he studies an unrelated topic entirely, but does network security because it's interesting. Previously, he's spoken on subjects such as web proxies, community engagement, and typesetting. He started working with computers when he was a young child and hasn't given them up since, even if his wrists seem to disagree.


Return to Index    -    Add to    -    ics Calendar file

 

WLV - Caesars Promenade Level - Milano BR 5,6 - Saturday - 17:00-17:55


It's not wifi: Stories in Wireless Reverse Engineering

No description available


Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Friday - 14:00-14:30


It’s a Beautiful Day in the Malware Neighborhood

Matt

“Malware similarity analysis compares and identifies samples with shared static or behavioral characteristics. Identification of similar malware samples provides analysts with more context during triage and malware analysis. Most domain approaches to malware similarity have focused on fuzzy hashing, locality sensitivity hashing, and other approximate matching methods that index a malware corpus on structural features and raw bytes. Ssdeep or sdhash are often utilized for similarity comparison despite known weaknesses and limitations. Signatures and IOCs are generated from static and dynamic analysis to capture features and matched against unknown samples. Incident management systems (RTIR, FIR) store contextual features, e.g. environment, device, and user metadata, which are used to catalog specific sample groups observed.

In the data mining and machine learning communities, the nearest neighbor search (NN) task takes an input query represented as a feature vector and returns the k nearest neighbors in an index according to some distance metric. Feature engineering is used to extract, represent, and select the most distinguishing features of malware samples as a feature vector. Similarity between samples is defined as the inverse of a distance metric and used to find the neighborhood of a query vector. Historically, tree-based approaches have worked for splitting dense vectors into partitions but are limited to problems with low dimensionality. Locality sensitivity hashing attempts to map similar vectors into the same hash bucket. More recent advances make the use of k-nearest neighbor graphs that iteratively navigate between neighboring vertexes representing the samples.

The NN methods reviewed in this talk are evaluated using standard performance metrics and several malware datasets. Optimized ssdeep and selected NN methods are implemented in Rogers, an open source malware similarity tool, that allows analysts to process local samples and run queries for comparison of NN methods. “

Matt Maisel is a data scientist passionate about the intersection of machine learning, software engineering, and computer security domains. He’s currently the manager of Security Data Science at Cylance. Matt recently architected a scalable malware analysis and modeling service used to process customer malware detections. He’s worked in several organization within Cylance including research engineering as a software architect and consulting as the technical director of the incident response practice. Matt holds a M.S. in Computer Science with a focus in machine learning and distributed systems from Johns Hopkins University.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Saturday - 11:00-11:45


Jailbreaking the 3DS through 7 years of hardening

Saturday at 11:00 in Track 3
45 minutes | Demo, Exploit

smea Hacker

The 3DS was one of Nintendo's first serious attempts at security, featuring a cool microkernel based OS and actual exploit mitigations. That didn't stop it from getting hacked pretty hard, making it possible for people to write their own homebrew software for the console. But Nintendo isn't one to back off from a fight and, as a result, has put significant effort into not only fixing vulnerabilities but also introducing new security features targeted specifically at killing exploit techniques used by hackers. This talk will describe hacking the console through all these defensive features by walking through a 0-day exploit chain that takes us all the way from zero access to a full system jailbreak.

smea
smea got his start making video games for closed consoles like the Nintendo DS using whatever hacks were available at the time. At some point consoles started getting actual security features and he transitioned from simply making homebrew software to making the jailbreaks that let people run it. He's best known for his work on the Nintendo 3DS and Wii U but has also done exploitation work against high profile web browsers and virtualization stacks.

@smealum, https://github.com/smealum


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Saturday - 14:30-15:00


Title:
Jailed by a Google Search: the Surveillance State's War on Self-induced Abortion

2:30pm

Jailed by a Google Search: the Surveillance State's War on Self-induced Abortion
When
Sat, August 11, 2:30pm 3:00pm
Description
Speaker
------
Pigeon

Abstract
--------
Far from a chapter in A Handmaids Tale, today those who try, succeed, or even consider ending their own pregnancies are arrested and imprisoned, often incriminated by their own devices. We have the opportunity to lend our security skills to those disproportionately likely to experience surveillance: those seeking to self-induce abortions by ordering medication online. We'll cover what the portal to online care (and resulting digital paper trail) looks like, and why "single-use privacy needs are the next major challenge in protecting our digital reproductive rights.

Bio
-----------------
Pigeon is Director of a security nonprofit and organizer of civic hackathons. A self-professed tech regulatory nerd, she leads a team building technologies for safer abortion access, security research and open data projects to reinforce government and tech company accountability to reproductive rights. In her free time she recreationally files FOIA requests, fundraises for abortions, and builds and plays games.

Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Sunday - 12:00-12:59


Title:
JARVIS never saw it coming: Hacking machine learning (ML) in speech, text and face recognition - and frankly, everywhere else

Guy Barnhart-Magen and Ezra Caltum
@acaltum, @barnhartguy

JARVIS never saw it coming: Hacking machine learning (ML) in speech, text and face recognition - and frankly, everywhere else

"Exploits, Backdoors, and Hacks: words we do not commonly hear when speaking of Machine Learning (ML). In this talk, I will present the relatively new field of hacking and manipulate machine learning systems and the potential these techniques pose for active offensive research.
The study of Adversarial ML allows us to leverage the techniques used by these algorithms to find weak points and exploit them in order to achieve:
* Unexpected consequences (why did it decide this rifle is a banana?),
* Data leakage (how did they know Joe has diabetes)
* Memory corruption and other exploitation techniques (boom! RCE)
* Influence the output (input: virus, output: safe!, as seen on (DEF CON 25 - Hyrum Anderson - Evading next-gen AV using AI)[https://www.youtube.com/watch?v=FGCle6T0Jpc]).
In other words, while ML is great at identifying and classifying patterns, and an attacker can take advantage of this and take control of the system.
This talk is an extension of research made by many people, including presenters at DefCon, CCC, and others - a live demo will be shown on stage!
Garbage In, RCE Out :-)"


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Saturday - 15:00-16:00


Title:
JARVIS never saw it coming: Hacking machine learning (ML) in speech, text and face recognition - and frankly, everywhere else

3:00pm

JARVIS never saw it coming: Hacking machine learning (ML) in speech, text and face recognition - and frankly, everywhere else
When
Sat, August 11, 3pm 4pm
Description
Speakers
-------
Guy Barnhart-Magen
Ezra Caltum

Abstract
--------
Exploits, Backdoors, and Hacks: words we do not commonly hear when speaking of Machine Learning (ML). In this talk, I will present the relatively new field of hacking and manipulate machine learning systems and the potential these techniques pose for active offensive research.
The study of Adversarial ML allows us to leverage the techniques used by these algorithms to find weak points and exploit them in order to achieve:
* Privacy leakage - can we tell if someone was part of the dataset the ML trained on?
* Unexpected consequences (why did it decide this rifle is a banana?),
* Data leakage (how did they know Joe has diabetes)
* Memory corruption and other exploitation techniques (boom! RCE)
* Influence the output (input: virus, output: safe!, as seen on (DEF CON 25 - Hyrum Anderson - Evading next-gen AV using AI)[https://www.youtube.com/watch?v=FGCle6T0Jpc]).
In other words, while ML is great at identifying and classifying patterns, and an attacker can take advantage of this and take control of the system.
This talk is an extension of research made by many people, including presenters at DefCon, CCC, and others - a live demo will be shown on stage!

Garbage In, RCE Out :-)


Bio
-----------------
Guy is a member of the BSidesTLV organizing team and recipient of the Cisco black belt security ninja honor the highest cyber security advocate rank.
With over 15 years of experience in the cyber-security industry, he held various positions in both corporates and start-ups.
He is currently a security research manager at Intel, where he focuses on AI Security, reverse engineering and researching various embedded systems.

Ezra is a cyber-security practitioner, with a passion for reverse engineering, data analysis, and exploitation. He is the leader of the Tel Aviv DC9723 Defcon group and a co-founder and organizer of BSidesTlv.
Currently, he works as a Security Research Manager at Intel.

Twitter handle of presenter(s)
------------------------------
@barnhartguy

Website of presenter(s) or content
----------------------------------
https://productsecurity.info/

Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Friday - 11:20-11:59


JMPgate: Accelerating reverse engineering into hyperspace using AI

Rob Brandon

“One of the most exciting potential applications for artificial intelligence and machine learning is cognitive augmentation of humans. At its best, AI allows humans to handle more information, react faster to complex events, and potentially even sense features of the world that we are currently incapable of perceiving. This has many applications in the security field, such as aiding humans in the task of binary reverse engineering. Reverse engineering binary code is one of the most challenging skill sets in the security field to learn. The ability to look at a block of raw machine code and understand what it does, as well as recognize similarities to code previously seen, often requires years spent doing tedious analysis of large amounts of code.
In this talk I show how we can use machine learning to handle the tedious parts of this process for us. If we show a generative neural network a wide variety of machine code, the network will learn the most relevant features needed to reproduce and describe that code. Once the network is trained, we can show it a new segment of code and capture the state of the neurons at the end of the segment. This neural state is effectively a summary of the entire sequence summarized into a vector.
Comparing these vectors allows easy measurement of the similarity of several code sequences by simply measuring the Euclidean distance between them. These vectors can also be used as inputs to other machine learning models that can perform a variety of tasks, such as identifying compiler settings used to generate the code. As part of the presentation, I will also be releasing a tool, the JMPgate framework, which can be used to accomplish tasks like identifying library code within an executable binary. “

Rob is a threat hunter and data scientist with Booz Allen Hamilton’s Dark Labs group. He has over 20 years of experience in the tech industry and holds a PhD in computer science from the University of Maryland, Baltimore County. His hobbies include studying the ways that complex systems fall apart and building machines that do his thinking for him so that he can spend more time brewing beer and playing bass.


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon A - Saturday - 10:00-13:59


Joe Grand's Hardware Hacking Basics

Saturday, 1000-1400 in Icon A

Joe Grand Grand Idea Studio

Interested in hardware hacking, but don't know where to start? This workshop covers the basic skills you'll need for hacking modern embedded systems, including soldering/desoldering, circuit board modification, signal monitoring/analysis, and memory extraction. It is a subset of Joe Grand's Hands-on Hardware Hacking training class that he has been teaching since 2005.

Prerequisites: None. No prior electronics experience necessary.

Materials: Attendees must bring their own laptop (Windows, macOS, or Linux) with the following software pre-installed:

- Saleae Logic, https://www.saleae.com/downloads
- FTDI Virtual COM Port (VCP) drivers, http://www.ftdichip.com/Drivers/VCP.htm
- PuTTY (or other suitable terminal program), https://www.chiark.greenend.org.uk/~sgtatham/putty/
- libmpsse, https://github.com/l29ah/libmpsse

All other hardware and tools will be provided.

Max students: 24

Registration: -CLASS FULL- https://www.eventbrite.com/e/joe-grands-hardware-hacking-basics-icon-a-tickets-47194166021
(Opens July 8, 2018 at 15:00 PDT)

Joe Grand
Joe Grand (@joegrand), also known as Kingpin, is a computer engineer, hardware hacker, former DEFCON badge designer, teacher, advisor, runner, daddy, honorary doctor, TV host, member of legendary hacker group L0pht Heavy Industries, and the proprietor of Grand Idea Studio (grandideastudio.com). He has been creating, exploring, and manipulating electronic systems since the 1980s.


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Sunday - 11:00-12:15


Title: Jumping the Epidermal Barrier

Speaker: Vlad Gostomelsky and Dr. Stan Naydin
Abstract:
This talk will focus on consumer grade glucose monitors - primarily continuous glucose monitors that are implantable or attach to the skin
for extended length of time and provide readings via bluetooth low energy or have RF/BLE bridges. Research was focused on security/privacy implications.

Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Friday - 12:00-11:59


Title: Just what the Doctor Ordered: 2nd Opinions on Medical Device Security

Moderator: Christian "quaddi" Dameff MD
About Christian:
Christian (quaddi) Dameff MD is an emergency medicine doctor, former open capture the flag champion, prior DEF CON speaker, and researcher. Published works include topics such as therapeutic hypothermia after cardiac arrest, novel drug targets for myocardial infarction patients, and other Emergency Medicine related works with an emphasis on CPR optimization. Security research topics including hacking critical healthcare infrastructure, medical devices and the effects of malware on patient care. This is his fourteenth DEF CON.
Panelist:Beau Woods
About Beau:
Beau Woods is a leader with the I Am The Cavalry grassroots initiative, a Cyber Safety Innovation Fellow with the Atlantic Council, Entrepreneur in Residence at the US Food and Drug Administration, and Founder/CEO of Stratigos Security. Beau has consulted with Global 100 corporations, the White House, members of Congress, foreign governments, and NGOs on some of the most critical cybersecurity issues of our time. Beau's focus is on Internet of Things (IoT) technologies where cybersecurity intersects public safety and human life issues, including healthcare, automotive, energy, oil and gas, aviation, transportation, and other sectors. Beau is a published author, frequent public speaker, often quoted in media, and is often engaged for public or private speaking venues.
Panelist:Dr. Leslie Saxon
About Leslie:
Dr. Leslie Saxon is a Professor of Medicine, Clinical Scholar, at the Keck School of Medicine of USC. Dr. Saxon specializes in the diagnosis and treatment of cardiac arrhythmias and preventing sudden cardiac death. Dr. Saxon received her medical degree from the Ross University School of Medicine. She completed her internship and residency at St. Luke’s Hospital Washington University, and fellowships in cardiology at Rush-Presbyterian-St. Luke’s Medical Center in Chicago and UCLA. Dr. Saxon has completed over 100 publications in various medical journals and is an active member of a multitude of organizations, including the American Heart Association, and the Heart Failure Society of America. She is also a fellow of the American College of Cardiology and the Heart Rhythm Society.
Abstract:
As medical and recreational devices shift from outside to inside the body, challenges arise not only for builders and breakers of these devices, but also for regulators. This panel will introduce the progress of the Internet of Things into the "Internet of Bodies" and explain how existing legal and policy frameworks of
consumer protection and security fit with this next generation of body-attached and body-embedded devices (and how they don't).

Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon D - Friday - 14:30-18:30


JWAT...Attacking JSON Web Tokens

Friday, 1430-1830 in Icon D

Louis Nyffenegger Security Engineer, Pentester Lab

Luke Jahnke Security Researcher, Elttam

Nowadays, JSON Web Tokens are everywhere. They are used as session tokens, Oauth tokens or just to pass information between applications or microservices. By design, JWT contains a high number of security and cryptography pitfalls that creates interesting vulnerabilities. In this workshop, we are going to learn how to exploit some of those issues: the none algorithm, guessing the hmac secret, using a public key as a hmac secret... and finally CVE-2018-0114: a bug in the Cisco's Node JOSE.

Prerequisites: The students should be able to use Burp and write some basic scripts in the language of their choice. They will also need to be familiar with VMWare or the virtualization software of their choice.

Materials: A laptop with 4Gb of RAM and the virtualization software of their choice. Internet access during the class.

Max students: 33

Registration: -CLASS FULL- https://www.eventbrite.com/e/jwatattacking-json-web-tokens-icon-d-tickets-47193664521
(Opens July 8, 2018 at 15:00 PDT)

Louis Nyffenegger
Louis Nyffenegger is a security engineer and entrepreneur based in Melbourne, Australia. He performs pentest, architecture and code review on a daily basis. Louis is the founder of PentesterLab, a learning platform for web penetration testing.

Luke Jahnke
Luke Jahnke is a Security Researcher at Elttam. He has extensive experience performing security assessments and running training. He enjoys working on interest vulnerabilities and runs the biennial BitcoinCTF competition.


Return to Index    -    Add to    -    ics Calendar file

 

PHW - Caesars Promenade Level - Neopolitan BR - Saturday - 09:30-13:30


Kali Dojo Workshop

Kali Linux can be deeply and uniquely customized to specific needs and tasks. In this workshop, we will customize Kali Linux into a very specific offensive tool, and walk you through the process of customization step by step. We will create a custom Kali ISO that will: load very specific toolsets; define a custom desktop environment and wallpaper; leverage customized features and functions; launch custom tools and scripts; install Kali automatically, without user intervention as a custom "OS backdoor". This workshop will guide you through all the aspects of Kali customization and give you the skills to create your own highly-customized Kali ISO, like the much feared Kali "ISO of Doom".

Kali Live USB With Persistence And LUKS (2.5hrs)

In this section we will show you how to deploy your customized Kali ISO to a secure, encrypted, USB device. ➤ We will show you how to add standard and encrypted USB persistence so you can save your data and we will walk you through a custom LUKS "nuke" deployment that will obliterate your encrypted data when presented with a specific kill phrase. We will also will discuss strategies to help you safely and legally cross international borders with your encrypted data without compromising it. When you complete this course, you will have the skills to create a completely customized, powerful, portable Kali ISO or USB with full encryption, persistence and the peace of mind of LUKS nuke. And, to sweeten the deal, we will provide super-cool custom Kali-branded USB drives.

Johnny Long spent his career as a professional hacker. He is the author of numerous security books including No-Tech Hacking and Google Hacking for Penetration Testers and is a contributor to Kali Linux Revealed. He is the founder of Hackers for Charity and currently works with the Offensive Security team.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Friday - 12:10-12:50


Keynote - From Breach to Bust: A short story of graphing and grey data

No description available


Return to Index    -    Add to    -    ics Calendar file

 

VMHV - Caesars Pool Level - Forum 14-16 - Friday - 16:30-16:59


Title:
Keynote Address: Alejandro Mayorkas

No description available
Return to Index    -    Add to    -    ics Calendar file

 

VMHV - Caesars Pool Level - Forum 14-16 - Friday - 17:00-17:59


Title:
Keynote Address: TBA

No description available
Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Friday - 10:15-11:30


Title: Keynote Presentation: Avoiding Trauma, Drama and FUD in Medical Device Disclosure

Speaker: Jen Ellis
About Jen:
Jen Ellis is the vice president of community and public policy at Rapid7, a leading provider of analytics and automation for security and IT operations. Jen’s primary focus is on building productive collaboration between those in the security community and those operating outside it. She works extensively with security researchers, technology providers and operators, and various government entities to help them understand and address cybersecurity challenges. She believes effective collaboration is our only path forward to reducing cybercrime and protecting consumers and businesses. She has testified before Congress and spoken at a number of security industry events including SXSW, RSA, Derbycon, Shmoocon, SOURCE, UNITED, and various BSides.
Abstract:
As medical devices increasingly embrace connected technologies, there's a growing opportunity for malicious actors to interfere with devices for profit or to cause harm. The good news is that many security researchers are working to investigate the security of medical devices. However, for this effort to have a positive impact, researchers and vendors must work together to understand the true risk, address the issues, and educate physicians and patients.
In many cases, the risk may be low and should not outweigh the benefits of the device; however, mismanaged disclosures can cause panic and confusion. In other cases, researchers may struggle to engage vendors on the issue and patients may never hear of it, or they do, but no mitigation is offered. With the stakes so much higher in the healthcare arena, it's essential that we learn lessons from medical device disclosures that have gone well, and those that have not. This talk will investigate a number of public disclosures, and provide actionable guidance on how to disclose security concerns for the best possible outcomes.

Return to Index    -    Add to    -    ics Calendar file

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Friday - 11:00-11:59


Title: Keynote Speech: Inside Monero

Speakers: Howard (hyc) Chu

Description:
No description available



Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Sunday - 12:00-12:45


Last mile authentication problem: Exploiting the missing link in end-to-end secure communication

Sunday at 12:00 in Track 1
45 minutes | Demo, Exploit

Thanh Bui Security Researcher, Aalto University, Finland

Siddharth Rao Security Researcher, Aalto University, Finland

With "Trust none over the Internet" mindset, securing all communication between a client and a server with protocols such as TLS has become a common practice. However, while the communication over Internet is routinely secured, there is still an area where such security awareness is not seen: inside individual computers, where adversaries are often not expected.

This talk discusses the security of various inter-process communication (IPC) mechanisms that local processes and applications use to interact with each other. In particular, we show IPC-related vulnerabilities that allow a non-privileged process to steal passwords stored in popular password managers and even second factors from hardware tokens. With passwords being the primary way of authentication, the insecurity of this "last mile" causes the security of the rest of the communication strands to be obsolete. The vulnerabilities that we demonstrate can be exploited on multi-user computers that may have processes of multiple users running at the same time. The attacker is a non-privileged user trying to steal sensitive information from other users. Such computers can be found in enterprises with centralized access control that gives multiple users access to the same host. Computers with guest accounts and shared computers at home are similarly vulnerable.

Thanh Bui
Thanh Bui is a doctoral candidate in the"Secure systems" group of Aalto University, Finland. His research focuses on analyzing and designing secure network protocols and distributed systems. He is a past Erasmus Mundus fellow and holds double master's degrees from Aalto University, Finland and KTH Royal Institute of Technology, Sweden.

Siddharth Rao
Siddharth (Sid) Rao is a doctoral candidate in the"Secure systems" group of Aalto University, Finland. He specializes in the security analysis of communication protocols, and his current interest lies in pedagogical study of the 'lack of authentication' in different systems. He is a past Erasmus Mundus fellow and holds double master's degrees from Aalto University, Finland and University of Tartu, Estonia. He has been Ford-Mozilla Open Web Fellow at European Digital Rights (EDRi), where helped to define policies related to data protection, surveillance, copyright, and network neutrality. He has previous spoken at security conferences such as Blackhat and Troopers.


Markku Antikainen received the M.Sc. degrees in security and mobile computing from Aalto University, Espoo, Finland, and the Royal Institute of Technology, Stockholm, Sweden, in 2011. In 2017, he received a Ph.D. degree from Aalto University, Espoo, Finland. His doctoral thesis was on the security of Internet-of-things and software-defined networking. He currently works as a post-doctoral researcher at Helsinki Institute for Information Technology, Finland


Tuomas Aura received the M.Sc. and Ph.D. degrees from Helsinki University of Technology, Espoo, Finland, in 1996 and 2000, respectively. His doctoral thesis was on authorization and availability in distributed systems. He is a Professor of computer science and engineering with Aalto University, Espoo, Finland. Before joining Aalto University, he worked with Microsoft Research, Cambridge, U.K. He is interested in network and computer security and the security analysis of new technologies.


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon D - Saturday - 14:30-18:30


Lateral Movement 101: 2018 Update

Saturday, 1430-1830 in Icon D

Walter Cuestas Team Lead, Open-Sec

Mauricio Velazco Threat Management Team Lead

During a targeted penetration test or red team engagement, consultants will have clear engagement goals and targets such as a particular database or access to specific blueprints within the environment. During the engagement, obtaining shells on servers & workstations as standalone devices will not provide access to the target data. The pentesters will need to move from one host to another in order perform reconnaissance and eventually, get to the target. This workshop aims to provide the necessary background knowledge to understand and execute lateral movement techniques on both MS Windows and Linux. More than just showing which tools and parameters to use like Youtube video would, this workshop will dive deep and describe with detail, the specific services of each OS and how they can be abused to achieve lateral movement. This knowledge will allow the students to learn the actual techniques and not just a bunch of tools.

Prerequisites: Knowledge and experience with Microsoft Windows and Linux at network and admin level.

Materials: To participate in the hands-on sections, attendees need to bring a laptop with 2 GB RAM that must be dedicated to a virtual machine running lastest version of Kali Linux (installed and updated before the workshop). Both VirtualBox and VMware player will be okay.

Max students: 33

Registration: -CLASS FULL- https://www.eventbrite.com/e/lateral-movement-101-2018-update-icon-d-tickets-47194431816
(Opens July 8, 2018 at 15:00 PDT)

Walter Cuestas
Walter (@wcu35745) leads the team of pentesters at Open-Sec (Peruvian company dedicated solely to provide pentesting services) since 2006. His work is based on developing attack vectors and his main interest is in the development of scripts for pentesting. He has participated as speaker in events such as LimaHack, Campus Party Quito, CSI Pereira, events of OWASP Latam and as trainer at Ekoparty. He has also published articles in trade magazines such as Hakin9, PenTest Magazine and Hack-in-Sight. During 2016, he was part of the team of instructors approved by the US Northern Command (US Army) for training in cybersecurity (hacking techniques and breach of security controls). Currently holds OSCP certification.

Mauricio Velazco
Mauricio (@mvelazco) is a security geek and python scripter with more than 9 years of experience in computer security developing offensive evaluations and implementing solutions in Latin America and North America. He currently leads the Threat Management team at a financial services organization in New York performing tasks such as Penetration Testing, Incident Response, Vulnerability Management, Application Security, Threat Intelligence, etc. He holds certifications like OSCP and OSCE. Mauricio has presented at conferences like Derbycon and BSides.


Return to Index    -    Add to    -    ics Calendar file

 

Meetup - Flamingo - 3rd Floor - Carson City Rm - Friday - 19:00-19:59


Title:
Lawyer Meet

If you're a lawyer (recently unfrozen or otherwise), a judge or a law student please make a note to join your host Jeff McNamara at 19:00 on Friday, August 10th, for a friendly get-together, followed by dinner/drinks and conversation.

Return to Index    -    Add to    -    ics Calendar file

 

WLV - Caesars Promenade Level - Milano BR 5,6 - Saturday - 11:00-11:55


John Dunlap

Bio

John Dunlap is a NYC cyber security expert. He has given presentations on his exploit development research both at home and abroad, including talks at Defcon, Derbycon, and Australia’s Ruxcon. John Dunlap is a major proponent of hacker culture preservation, and is a supporter of the international demoscene. John Dunlap specializes in reverse engineering, exploit development, social engineering and source code analysis.

@JohnDunlap2

Learning to Listen: Machine Learning for Adaptive Wireless Adversary Detection

Abstract

In 2017 Defcon alumnai Gabrial Ryan presented his research on using statistical analysis to detect rogue wifi signals. In this talk, John Dunlap will expand on Gabe’s research by presenting an extension to Ryan’s tool to use machine learning algorithms to better detect and anticipate rogue wifi signals. A practical demonstration and tool will be presented with this work.


Return to Index    -    Add to    -    ics Calendar file

 

VMHV - Caesars Pool Level - Forum 14-16 - Friday - 11:00-11:59


Title:
Lessons Learned: DEFCON Voting Village 2017

No description available
Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Saturday - 15:00-15:59


Title:
Leveling the Bug Bounty Playfield - Introducing the #LEGALBUGBOUNTY project

Amit Elazari & Keren Elazari

@amitelazari, @k3r3n3

Leveling the Bug Bounty Playfield - Introducing the #LEGALBUGBOUNTY project

Bug Bounties are one of the fastest growing, most popular and cost-effective ways for companies to engage with the security community and find unknown security vulnerabilities. Now its time to make them fair to the most important element in the Internets immune system: the friendly hackers and algorithmic auditors. This talk will showcase how bug bounty programs put hackers at risk, and how to fix a problem that affects all of us, hunters, security practitioners and technology users. #LEGALBUGBOUNTY because Bug Bounties are already popular, its time we make them great again.


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 14:00-15:50


LHT (Lossy Hash Table)

Saturday 08/11/18 from 1400-1550 at Table Six
Offense

Steve Thomas

Cracks passwords or keys from a small key space near instantly. A small key space being a few trillion (40+ bits). It costs about 3 bytes/key and usually <100ms. The largest known deployment (made by a different less efficient program) is 160 TB. It is assumed that people are running similar ones to attack brain wallets.

https://tobtu.com/lhtcalc.php

Steve Thomas
Steve specializes in crypto and password research. Steve was one of the panelists for the Password Hash Completion. "I do stuff... sometimes." Like PAKE to HSM or finding bugs in Signal Protocol, CryptoCat, Adobe ColdFusion 9's password encryption key generator, and password hashing functions (MySQL323 meet in the middle attack, XSHA1 [Blizzard's old hash function], etc).


Return to Index    -    Add to    -    ics Calendar file

 

VMHV - Caesars Pool Level - Forum 14-16 - Friday - 15:00-15:15


Title:
Lightning Talks - A Crash Course on Election Security

No description available
Return to Index    -    Add to    -    ics Calendar file

 

VMHV - Caesars Pool Level - Forum 14-16 - Friday - 15:15-15:30


Title:
Lightning Talks - Mechanics & Pitfalls of Auditing with Scanners

No description available
Return to Index    -    Add to    -    ics Calendar file

 

VMHV - Caesars Pool Level - Forum 14-16 - Friday - 15:30-15:45


Title:
Lightning Talks - The Return of Software Vulnerabilities in the Brazilian Voting Machine

No description available
Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Saturday - 19:15-19:15


Title: Lightning Talks

Speaker: Maybe you?
Abstract:
Come present your own crazy and wacky biohacking talks and projects. You got 10 minutes to strut your stuff!

Return to Index    -    Add to    -    ics Calendar file

 

WLV - Caesars Promenade Level - Milano BR 5,6 - Saturday - 18:00-18:55


Darren Kitchen

Bio

Darren Kitchen is the founder of Hak5, the award winning Internet television show inspiring hackers and enthusiasts since 2005. Breaking out of the 90s phone phreak scene, he has continued contributing to the hacker community as a speaker, instructor, author and developer of leading penetration testing tools.

@hak5darren

Sebastian Kinne

Bio

Sebastian Kinne has lead software development at Hak5 since 2011. His background in embedded systems and reverse engineering has been instrumental in the success of the WiFi Pineapple, the popular WiFi auditing tool. As an instructor and speaker on WiFi security, chances are he's sniffed your packets in a demo or two.

@sebkinne

Little Fluffy Pineapple Clouds - Commanding a Fleet of Wireless Fruit

Abstract

What happens when a Pineapple, a Turtle and a Squirrel get high...up in the clouds? It's been a solid year for Hak5 and we're excited to debut some epic new features! Like a centralized web consoles for all your networked Hak5 Gear, WiFi Pineapple WPA Enterprise harvesting, credential capturing and pass-through, or LIVE reconnaissance and more! Join Sebastian Kinne and Darren Kitchen of famed pentesting tools for a peek into what's right around the corner.


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Flamingo - 3rd Floor - Track 101 Vista BR - Friday - 21:00-23:59


Title:
Live Band Karaoke

Think you have karaoke chops? Kick it up to the next level by performing your favorite songs with a live band! The band with the best name ever , DON'T PANIC provides the music and you provide the vocal talent. You won't need an electronic thumb or the help of the Dentrasi to get into this Party, just bring yourself and your towel. Come early for free swag (towel included!)!

Event info and singer sign up:
ibm.biz/dontpanic

Facebook: https://www.facebook.com/DontPanicReally/
Twitter: @DontPanicReally

Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 10:00-11:50


Local Sheriff

Saturday 08/11/18 from 1000-1150 at Table Five
Target audience would be AppSec, Code Assesments, and privacy researchers.

Konark Modi

Think of Local sheriff as a reconnaissance tool in your browser for gathering information about what companies know about you. While you as a user normally browse the internet it works in the background and helps you identify what sensitive information(PII—Name, Date Of Birth, Email, Passwords, Passport number, Auth tokens.) are being shared/leaked to which all third-parties and by which all websites.

The issues that Local Sheriff helps identify:

Local Sheriff can also be used by organizations to audit:

Local Sheriff is a web-extension that can used with Chrome, Opera, Firefox.

https://github.com/cliqz-oss/local-sheriff

Konark Modi
Konark works as a Tech lead with Cliqz GmbH developing privacy-focused search engine and browser. He works on projects ranging across Privacy by design, Anonymous Data collection like Human Web, Anti-Tracking etc.

Prior to Cliqz, Konark was working with one of the largest e-commerce website in India(Makemytrip.com) in data platform and security team, solving interesting challenges related to DWH, BI and data security.

His recent personal projects, in an endeavor to help organizations fix vulnerabilities have spanned across browsers, health trackers, Government services, travel mobile apps etc.

Konark has been a speaker and presenter at numerous international conferences.

Blog: https://medium.com/@konarkmodi


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Flamingo - 3rd Floor - El Dorado BR - Saturday - 20:30-23:59


Title:
Lonely Hackers Club Party

If only Sergeant Pepper had owned a Commodore 64! Come meet the people you communicate with on a daily basis in person as you dance and chat the night away. Just keep in mind that this IS Las Vegas and when you wake up in the morning those marriage certificates are still binding! Come meet the people you communicate with on a daily basis via telegram in person as you dance and chat the night away. All are welcome!

Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Saturday - 13:00-13:30


Looking for the perfect signature: an automatic YARA rules generation algorithm in the AI-era

Saturday at 13:00 in Track 3
20 minutes | Demo, Tool

Andrea Marcelli PhD Student and Security Researcher. Politecnico di Torino

Given the high pace at which new malware variants are generated, antivirus programs struggle to keep their signatures up-to-date, and AV scanners suffer from a considerable quantity of false negatives. The generation of effective signatures against new malware variants, while avoiding false positive detections, is a highly desirable but challenging task, typically requiring a substantial portion of human expert’s time. Artificial intelligence techniques can be applied to solve the malware signature generation problem.

The ultimate goal is to develop an algorithm able to automatically create a generalized family signature, eventually reducing threat exposure and increasing the quality of the detection. The proposed technique automatically generates an optimal signature to identify a malware family with very high precision and good recall using heuristics, evolutionary and linear programming algorithms.

In this talk I will present YaYaGen (Yet Another YARA Rule Generator), a tool to automatically generate Android malware signatures. Performances have been evaluated on a massive dataset of millions of applications available in the Koodous project, showing that in a few minutes the algorithm can generate precise ruleset able to catch 0-day malware, better than human generated ones.

Andrea Marcelli
Andrea Marcelli is a PhD Student and Security Researcher at Hispasec Sistemas. He received his M.Sc. degree in Computer Engineering from Politecnico of Torino, Italy, in 2015 and he is currently a third year doctoral student in Computer and Control Engineering at the same institute. His research interests include malware analysis, semi-supervised modeling, machine learning and optimization problems, with main applications in computer security. Since the end of 2016 he has been part of the security research team at Hispasec Sistemas, working on the Koodous project, where he develops new AI-based tools to automate large scale Android malware analysis, including malware clustering, network graph analytics and automatic YARA signatures generation.

@_S0nn1_, https://jimmy-sonny.github.io/


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Friday - 11:00-11:45


Lora Smart Water Meter Security Analysis

Friday at 11:00 in Track 3
45 minutes | Tool

Yingtao Zeng Security Researcher at UnicornTeam, Radio Security Research Department of 360 Security Technology

Lin Huang Senior Wireless Security Researcher and SDR technology expert, 360 Security Technology

Jun Li Senior Security Researcher, Radio Security Department of 360 Security Technology

To avoid the tedious task of collecting water usage data by go user's home _ water meters that are equipped with wireless communication modules are now being put into use, in this talk we will take a water meter _which is using Lora wireless protocol_ as an example to analyze the security and privacy risks of this kind of meters_we will explain how to reverse engineer and analyze both the firmware and the hardware of a water meter system, we will be talking about its security risks from multiple perspectives , physical, data link, and sensors. Do notice that LORA is not only used in water meter ,it is being used in a lot of IoT scenarios_so the methods we employed to analyze LORA in this talk are also useful when you do tests of other LORA based systems .

Yingtao Zeng
Yingtao Zeng is a security researcher at UnicornTeam in the Radio Security Research Department of 360 Technology. He mainly focus on the security of Internet of things, car remote control systems and automotive radar safety research. He has found vulnerabilities in a variety of automobile manufacturers including Tesla, Buick, Volvo, Chevrolet, Toyota, Nissan, BYD and more. He has presented his researches at conferences like HITB, DEF CON Car Hacking Village, Black Hat Arsenal etc.

Lin Huang
Lin HUANG is a senior wireless security researcher and the manager of UnicornTeam in 360 Technology. She is also the 360 Technology's 3GPP standard SA3 delegate and a research supervisor for master students in BUPT. Her interests include security issues in wireless communication, especially cellular network security. She was a speaker at BlackHat, DEF CON, and HITB security conferences.

Jun Li
Jun Li is a senior security researcher at the UnicornTeam, Qihoo 360. He is the POC of DEF CON Group 010, and member of the DEF CON Group Global Advisory Board. His researches have been presented at conferences such as Blackhat, DEF CON, HITB, KCon, SyScan360, ISC, etc. His is interested in IoT security and connected car security. Along with his colleagues, has previously found several automobile vulnerabilities in Tesla, GM cars, Volvo, BMW, Audi, Mercedes Benz and BYD. He is the author of <<_________>> ("Connected Car Security Demystified"). He is also the co-author of "Inside Radio: An Attack & Defense Guide".


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Sunday - 13:30-13:50


Lost and Found Certificates: dealing with residual certificates for pre-owned domains

Sunday at 13:30 in Track 2
20 minutes | Demo, Tool

Ian Foster Hacker

Dylan Ayrey Hacker

When purchasing a new domain name you would expect that you are the only one who can obtain a valid SSL certificate for it, however that is not always the case. When the domain had a prior owner(s), even several years prior, they may still possess a valid SSL certificate for it and there is very little you can do about it.

Using Certificate Transparency, we examined millions of domains and certificates and found thousands of examples where the previous owner for a domain still possessed a valid SSL certificate for the domain long after it changed ownership. We will review the results from our ongoing large scale quantitative analysis over past and current domains and certificates. We'll explore the massive scale of the problem, what we can do about it, how you can protect yourself, and a proposed process change to make this less of a problem going forwards.

We end by introducing BygoneSSL, a new tool and dashboard that shows an up to date view of affected domains and certificates using publicly available DNS data and Certificate Transparency logs. BygoneSSL will demonstrate how widespread the issue is, let domain owners determine if they could be affected, and can be used to track the number of affected domains over time.

Ian Foster
Ian enjoys researching systems and networking problems and solutions in an effort to make the world more secure. He has published research papers analyzing the new gTLD land rush and crawling and parsing most WHOIS records. From demonstrating how insecure aftermarket OBD "dongles" can be used to compromise and take over automobiles; to measuring the paths an email traverses online with encryption in an effort to increase integrity, authenticity, and confidentiality; and more. During the day Ian is a Security Engineer fighting for the users.

Dylan Ayrey
Dylan is a security engineer, who in his free time authors lots of open source projects, such as truffleHog. He graduated college in 2015 and has been working in security ever since.


Return to Index    -    Add to    -    ics Calendar file

 

Meetup - Caesars Palace Forum Tower Duplex Suite, Diana Initiative Suite Rm TBA - Friday - 20:30-23:45


Title:
Loud Party

Come dance the night away to some sweet beats dropped by our DJ Tineh Nimjeh
More Info: The Diana Initiative

Return to Index    -    Add to    -    ics Calendar file

 

VMHV - Caesars Pool Level - Forum 14-16 - Friday - 12:00-12:59


Title:
Lunch Keynote: State and Local Perspectives on Election Security

No description available
Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Saturday - 18:00-18:59


Title:
Macabre stories of a hacker in the public health sector (Chile)

Philippe Delteil

@philippedelteil

Macabre stories of a hacker in the public health sector (Chile)

Want to know what happens when a national wide network in the public health sector has no experts on cybersecurity? I will explain how I managed to get over 3 millions files including patients records, people with HIV, abortions and a long etc. And how I managed to get it fixed (spoiler: press was involved).


Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Friday - 16:00-16:59


Machine Learning as a Service in Your Pocket

Evan Yang

“If you struggle with building a machine learning (ML) classifier for the data, this Machine Learning as a Service (MLaaS) is a quick and handy solution for you. Originally designed for security researcher, now this feature packed service was open sourced to public. This service can take time-series data, such as API log etc., to generate ML models with few mouse clicks. The graphic user interface could guide you through the ML pipeline steps, visualize the performance and help to optimize the ML model. The unique feature analysis tool allow to drill down individual samples and to tune the ML model in a security perspective way.”

Evan Yang is a security researcher in Intel Privacy & Security Lab. He had worked on Windows and Android security related topics for past few years. His latest focus is around the deep learning application on Windows ransomware. He also had been a database architect and software developer to provide solutions and build applications in production.


Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Friday - 16:00-16:59


Machine Learning for Network Security Hands-on Workshop: DIYML

Sebastian Garcia

Creating new Machine Learning algorithms with the new frameworks its easier than ever. However, our models still need designing, evaluation, tuning and specially good datasets. In this workshop we will share high-quality and real datasets of normal users working in their computers while being attacked and infected with malware. The goal is to learn to understand the problem, label data, identify features, create your own ML model and finally test it against all the other models in the room! A fast-paced workshop going from traffic understanding to working python ML models in 2hs. Learn why ML is so difficult and so useful. Work in teams to obtain the highest detection performance and improve your knowledge. Python/NetFlows/Bro/SciKit/pandas/TensorFlow, use what you need!

Sebastian is a malware researcher and security teacher that has extensive experience in machine learning applied on network traffic. He created the Stratosphere IPS project, the first machine learning-based, free-software IPS. Its goal its to protect the civil society. As a researcher in the Artificial Intelligence group of the Czech Technical University in Prague, he believes that free software and machine learning tools can help better protect users from the abuse of their digital rights. He has been teaching in several countries and Universities and working on penetration testing for both corporations and governments. He was lucky enough to talk and give workshops in CCC, BSides Budapest, Ekoparty, DeepSec, Hacktivity, Botconf, Hacklu, InBot, SecuritySessions, ECAI, CitizenLab, ArgenCor, Free Software Foundation Europe, VirusBulletin, BSides Vienna, HITB Singapore, CACIC, etc. As a co-founder of the MatesLab hackspace he worked on honeypots, malware detection, distributed scanning (creator of dnmap) keystroke dynamics, Bluetooth analysis, privacy protection, intruder detection, robotics, microphone detection with SDR (Salamandra) and biohacking. He is also a proud co-founder of the Independent Fund for Women in Tech.


Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Saturday - 13:00-13:20


Machine Learning Model Hardening For Fun and Profit

Ariel Herbert-Voss

Machine learning has been widely and enthusiastically applied to a variety of problems to great success and is increasingly used to develop systems that handle sensitive data - despite having seen that for out-of-the-box applications, determined adversaries can extract the training data set and other sensitive information. Suggested techniques for improving the privacy and security of these systems include differential privacy, homomorphic encryption, and secure multi-party computation. In this talk, we’ll take a look at the modern machine learning pipeline and identify the threat models that are solved using these techniques. We’ll evaluate the possible costs to accuracy and time complexity and present practical application tips for model hardening. I will also present some red team tools I developed to easily check black box machine learning APIs for vulnerabilities to a variety of mathematical exploits.

Ariel Herbert-Voss is a PhD student at Harvard University, where she specializes in deep learning, cybersecurity, and mathematical optimization. Like many machine learning researchers, she spent plenty of time thinking about deep learning from a computational neuroscience point of view without realizing that skulls make biological neural networks a lot less hackable than artificial ones. Now she thinks about securing deep learning algorithms and offensive applications.


Return to Index    -    Add to    -    ics Calendar file

 

PHW - Caesars Promenade Level - Neopolitan BR - Saturday - 16:30-17:59


Mallet, an intercepting proxy for arbitrary protocols

Mallet is an intercepting proxy for arbitrary protocols. More accurately, it is a framework for building proxies for arbitrary protocols. Mallet provides the basics required of all proxies: A way to receive the data, a way to send the data, and a user interface to intercept and edit the data. It builds on the Netty project, and as such has access to a large, well-tested suite of protocol implementations that can be used to transform a stream of bytes into useful, high-level protocol objects.

This workshop will introduce attendees to Mallet, and show how to construct pipelines of arbitrary complexity, to successfully decode and intercept messages in various protocols, as well as automating modifications of the various messages.

A basic familiarity with Java will enhance the delegate's understanding of what they are taught, but is not a requirement.

Rogan Dawes is a senior researcher at SensePost and has been hacking since 1998, which, coincidentally, is also the time he settled on a final wardrobe. He used the time he saved on choosing outfits to live up to his colleague's frequent joke that he has an offline copy of the Internet in his head. Rogan spent many years building web application assessment tools, and is credited as having built one of the first and most widely used intercepting proxies, WebScarab.


Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Friday - 10:00-10:59


Mallet: A Proxy for Arbitrary Traffic

Rogan Dawes, Senior Researcher at SensePost

Mallet is an intercepting proxy for arbitrary protocols. More accurately, it is a framework for building proxies for arbitrary protocols. Mallet provides the basics required of all proxies: A way to receive the data, a way to send the data, and a user interface to intercept and edit the data. It builds on the Netty project, and as such has access to a large, well-tested suite of protocol implementations that can be used to transform a stream of bytes into useful, high-level protocol objects. This workshop will introduce attendees to Mallet, and show how to construct pipelines of arbitrary complexity, to successfully decode and intercept messages in various protocols, as well as automating modifications of the various messages. A basic familiarity with Java will enhance the delegate's understanding of what they are taught, but is not a requirement.

Rogan Dawes (Twitter: @RoganDawes) is a Senior Researcher at SensePost and has been hacking since 1998, which, coincidentally, is also the time he settled on a final wardrobe. He used the time he saved on choosing outfits to live up to his colleague's frequent joke that he has an offline copy of the Internet in his head. Rogan spent many years building web application assessment tools, and is credited as having built one of the first and most widely used intercepting proxies, WebScarab.


Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Friday - 14:30-15:20


Malware Panel

No description available


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Sunday - 13:00-13:30


Man-In-The-Disk

Sunday at 13:00 in Track 1
20 minutes | Demo, Tool, Exploit

Slava Makkaveev Security Researcher, Check Point

Most of modern OS are using sandboxing in order to prevent malicious apps from affecting other apps or even harming the OS itself. Google is constantly reinforcing Android’s sandbox protection, introducing new features to prevent any kind of sandbox bypass.

In this talk we want to shed new light on a less known attack surface which affects all Android devices and allows an attacker to hijack the communication between privileged apps and the disk, bypassing Android’s latest sandbox protection.

The problem begins when privileged apps interact with files stored in exposed areas, and even worse, some of them will unintentionally break the sandbox by insecurely appending such data to its confinements.

Can you imagine if someone could execute code in the context of your keyboard, or install an unwanted app without your consent? Well… It’s hardly within the realm of imagination.

The external storage and network based vulnerabilities we discovered, can be leveraged by the attacker to corrupt data, steal sensitive information or even take control of your device.

Slava Makkaveev
Slava Makkaveev is a Security Researcher at Check Point. Holds a PhD in Computer Science. Slava has found himself in the security field more than seven years ago and since then gained a vast experience in reverse engineering and malware analysis. Recently Slava has taken a particularly strong interest in mobile platforms and firmware security.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Sunday - 12:00-12:25


Mapping Social Media with Facial Recognition - Jacob Wilkin

“Performing intelligence gathering on targets is a time consuming process, it typically starts by attempting to find a persons online presence on a variety of social media sites. What if it could be automated and done on a mass scale with hundreds or thousands of targets?

Social Mapper is a Open Source Intelligence Tool that uses facial recognition to correlate social media profiles across different sites on a large scale. It takes an automated approach to searching popular social media sites for targets names and pictures to accurately detect and group a person’s presence, outputting the results into report that a human operator can quickly review.

Social Mapper has a variety of uses in the security industry, for example the automated gathering of large amounts of social media profiles for use on targeted phishing campaigns. Facial recognition aids this process by removing false positives in the search results, so that reviewing this data is quicker for a human operator.

Social Mapper supports the following social media platforms: - LinkedIn - Facebook - Twitter - GooglePlus - Instagram - VKontakte - Weibo - Douban

Social Mapper takes a variety of input types such as: - An organisations name, searching via LinkedIn - A folder full of named images - A CSV file with names and url’s to images online”


Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Friday - 18:00-18:30


Mapping Wi-Fi Networks and Triggering on Interesting Traffic Patterns

Caleb Madrigal, Applied Researcher at Mandiant/FireEye

Sure, WiFi hacking has been around for a while, and everyone knows about tools like airmon-ng, kismet, et al. But what if you just want to view a list of all networks in your area along with all devices connected to them? Or maybe you want to know who's hogging all the bandwidth? Or, what if you want to know when a certain someone's cell phone is nearby. Or perhaps you'd like to know if your Airbnb host's IP Camera is uploading video to the cloud?

For all these use-cases, I've developed a new tool called "trackerjacker". In this talk, we'll use this tool to explore some of the surprisingly-informative data floating around in the radio space, and you'll come away with a new skill point or two in your radio hacking skill tree, as well as a new magical weapon... I mean tool.

Caleb Madrigal (Twitter: @caleb_madrigal) is an Applied Researcher at Mandiant/FireEye.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Saturday - 17:05-17:35


Mapping wifi networks and triggering on interesting traffic patterns - Caleb Madrigal

Sure, WiFi hacking has been around for a while, and everyone knows about tools like airmon-ng, kismet, et al. But what if you just want to view a list of all networks in your area AND see all devices connected to each network? Or maybe you want to know who’s hogging all the bandwidth (and maybe deauth them if they use too much)? Or, what if you want to know when a certain someone’s cell phone is nearby. Or perhaps you’d like to know if your Airbnb host’s IP Camera is uploading video to the cloud?

For all these use-cases, I’ve developed a new tool called ““trackerjacker””. In this talk, we’ll use this tool to explore some of the surprisingly-informative data floating around in the radio space, and you’ll come away with a new skill point or two in your radio hacking skill tree, as well as a new magical weapon… I mean tool.


Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Sunday - 09:00-09:59


Title:
Master Baiting! Dont Click Bait, Click Yourself

BACE16
@bace16_

Master Baiting! Dont Click Bait, Click Yourself

The talk that lives up to its name! Completely self-centered on how to work with your bait and tackle to jerk off the line of stories in your head and get back to reality. Avoid phishing by not falling for the hookers! Even yourself! Social engineering! Deep penetrating psychology mixed with blatant innuendo and enough buzzwords to make a CISO throw BitCoin at it...then make engineers figure out a POC for what this Purple Team Darknet vaporware actually does!


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Sunday - 13:00-13:30


Micro-Renovator: Bringing Processor Firmware up to Code

Sunday at 13:00 in Track 2
20 minutes | Demo, Tool

Matt King Hacker

The mitigations for Spectre highlighted a weak link in the patching process for many users: firmware (un)availability. While updated microcode was made publicly available for many processors, end-users are unable to directly consume it. Instead, platform and operating system vendors need to distribute firmware and kernel patches which include the new microcode. Inconsistent support from those vendors has left millions of users without a way to consume these critical security updates, until now. Micro-Renovator provides the ability to apply microcode updates without modifying either platform firmware or the operating system, through simple (and reversible) modifications to the EFI boot partition.

Matt King
Matt is a security geek responsible for ensuring platform and firmware trust at a cloud service provider, and dedicates an inordinate amount of time to updating firmware as a result. He has pen tested a broad range of systems as a product security validation lead at a prominent processor vendor, and has a history of rendering all manner of computing devices inoperable.


Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Sunday - 11:00-11:59


Microcontrollers and Single Board Computers for Hacking, Fun and Profit

gh057

As security researchers, we are always looking for the next device that will make our jobs easier and our research more effective. In many cases, physical gear can be expensive and limited in capability which can be prohibitive, especially in engagements where dead drops are required. However, with the skyrocketing popularity of microcontrollers and single board computers, that barrier has been reduced significantly and has created a host of new possibilities for everything from dead drops to wired and wireless network intrusion and analysis. gh057 will introduce some of the more popular options in this genre and some live demonstrations of their more fun uses. gh057 will demonstrate three devices he built to solve specific problems and that are based on these platforms: ATtiny85, ESP8266 / ES32, Raspberry Pi Finally, and as a bonus, gh057 will demonstrate a simple technique that uses Applescript and Bash that can be used to create a simple USB trojan and can be useful for end-user training.

gh057 has worked on almost every aspect of the software development lifecycle. For the majority of his career, he worked as a front-end, full stack engineer specializing in UI/UX. During this time, he was involved in development and also testing efforts, which included quality and security best practices. In the last few years, gh057 completed a career transition to application security, most notably through security evangelism roles, where he worked closely with development teams. As an application security engineer, gh057 is responsible for security best practices, which encompasses both digital and physical threat vectors. Most recently, gh057 has been the concept creator and team lead for the Day of Shecurity conference which took place on June 16th in San Francisco, CA. In his free time, he is passionate about promoting equality in the cybersecurity industry and offering mentorship to young technologists. His goal is to leave behind a better industry than the one he found when he first began his career.


Return to Index    -    Add to    -    ics Calendar file

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Saturday - 17:00-17:59


Title: Moderator Justin Ehrenhofer's Greatest Questions

Speakers: Shamiq (App Sec Manager, COINBASE), Paul Shapiro, A., Fluffy Pony

Description:
No description available



Return to Index    -    Add to    -    ics Calendar file

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Sunday - 12:30-12:59


Title: Monero Project's Vulnerability Response Process

Speakers: Anonimal

Description:
No description available



Return to Index    -    Add to    -    ics Calendar file

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Sunday - 11:00-11:30


Title: Monero's Differentiated Community

Speakers: Justin Ehrenhofer

Description:
No description available



Return to Index    -    Add to    -    ics Calendar file

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Saturday - 11:30-11:59


Title: Monero's Emerging Applications

Speakers: Fluffy Pony

Description:
No description available



Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Saturday - 12:45-13:30


Title: Mother Natures Development Lifecycles… OR Why the T-Rex didn’t get extenders.

Speaker: siDragon

Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Caesars - Track 2 - Promenade South - Octavius BR 12-24 - Friday - 20:00-23:59


Title:
Movie Night


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Caesars - Track 2 - Promenade South - Octavius BR 12-24 - Saturday - 20:00-23:59


Title:
Movie Night


Return to Index    -    Add to    -    ics Calendar file

 

SEV - Caesars Promenade South - Octavius BR 3-8 - Friday - 16:55-17:45



Friday August 10 2018 1655 50 mins

Mr. Sinatra Will Hack You Now
Across the globe for millennia upon millennia, a cabal of social engineers have been working to manipulate realities, collective and singular.  They influence decision making processes in a matter of minutes and leave no evidence of their presence.  They’ve made camp in your computers, your cars, your places of worship, and your schools.  They may be doing it right now as you read this. They are everywhere.  They are musicians.

Neil Fallon @npfallon
Neil Fallon is the lyricist, singer, and rhythm guitar player of the rock band Clutch. Since forming in 1991, Clutch has released 11 full length records and has performed numerous times in North America, Europe, South America, Australia, and Japan.

In 2009, Neil, along with his bandmates and manager, created Weathermaker Music, a completely independent record label. To date, Weathermaker Music has had 58 world wide releases. The most recent release, “Psychic Warfare,” reached #11 on the Billboard Top 100 and #1 on Hard Rock & Rock Billboard chart.


Return to Index    -    Add to    -    ics Calendar file

 

SEV - Caesars Promenade South - Octavius BR 3-8 - Friday - 15:30-15:59


Friday August 10 2018 1530 30 Mins

My Stripper Name is Bubbles Sunset: What SEO Meme Marketing Means for Social Engineering
You’re mindlessly scrolling through Facebook when you see your friend share a post and comment, “Mine is Bubbles Sunset!”

You click. It’s a meme that reads: “What’s your stripper name? It’s the name of your first pet and the first street you lived on! Comment with your answers, and share with your friends!”

Are alarm bells going off in your head yet?

Security-savvy internet browsers know to be on the lookout for the digital version of a mustached man in a trench coat, like emails selling discounted Viagra. But as you’ve gotten smarter about avoiding these obvious bids for information, attackers and online marketers have gotten subtler to persuade you to divulge personal information. Every second, users willingly divulge sensitive information in comments on social media memes like the stripper name post because they don’t see them as a threat.

In this talk, Hannah Silvers — social engineer and SEO marketing content strategist —brings the two worlds together. Using (hilarious) real-life examples, she will illustrate how social media memes are hotbeds of valuable PII for marketers and attackers alike, how these memes encourage users to engage with and share them, and the ways attackers can make use of them as an attack vector.

Of course, the talk won’t stop at the doom and gloom. The presenter will discuss implications to the work of security educators and what users can do to mitigate the risk these memes present once they understand how they work.

Hannah Silvers: @hannah_silvers
Hannah Silvers is a writer, editor, and content strategist based in Atlanta, GA. During the day, she writes and presents SEO content marketing strategy for nonprofit service providers. But after the ride home, she moonlights as the director of outreach for CG Silvers Consulting and a lexicographic content contributor for Dictionary.com, charting the course of the English language through definitions of slang, politics, pop culture, and emoji. Hannah is also a veteran of Social-Engineer, LLC, holding corporate technical writing and vishing experience as well as the current record of youngest contestant to enter the SECTF booth at DEF CON.


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Flamingo - 3rd floor - Track 101 Sunset BR - Thursday - 17:00-18:59


Title:
n00b Party

More Info: https://twitter.com/highwiz/status/1026633407848165377?s=03

Return to Index    -    Add to    -    ics Calendar file

 

EHV - Caesars Promenade Level - Modena Rm - Saturday - 13:00-13:59


Title: Nations and Nationalism and Cyber Security - Navigating Difficult Relationships in the Private Infosec Space

Speakers: Speaker TBA

Description:

When talent comes from intelligence agencies, what masters do we server, who takes priority, and how can companies ensure providers are supporting their interests above past masters? And how have companies muddied the waters so that these questions are relevant in the first place? Some exploration of conflicting duties and possible responses.




Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Friday - 17:00-17:45


Title: Nature’s source code is vulnerable and cannot be patched

Speaker: Jeffrey Ladish
Abstract:
"Natural selection can produce marvelous functional systems, but constraints in the evolutionary process can be exploited. By leveraging humanity’s relative advantage in design foresight, we may be able to create synthetic organisms that can out-compete their natural counterparts.
In this talk, I will explore the design limitations of evolved organisms that leave ecosystems permanently vulnerable to attack. In order to protect the natural world and human health, I will advocate we adopt the “biosecurity mindset” and improve our ecological security posture."

Return to Index    -    Add to    -    ics Calendar file

 

IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - Friday - 12:30-12:59



Return to Index    -    Add to    -    ics Calendar file

 

HHV - Caesars Pool Level - Forum 17-21 - Saturday - 12:00-12:50


NFC Payments: The Art of Relay & Replay Attacks

Salvador Mendoza

Abstract

Relay and replay attacks are becoming more common in the payment industry. Getting more complex and sophisticated day by day. We are not just seeing simple skimming techniques but complex attack vectors that are a combination of technologies and implementations involving SDR(Software-Defined Radio), NFC, APDU(Application Protocol Data Unit), hardware emulation design, specialized software, tokenization protocols and social engineering. In this talk, we will discuss what these attacks are, or what kind of hardware or software could be implemented.

Bio

Salvador Mendoza is a security researcher focusing in tokenization processes, magnetic stripe information and embedded prototypes. He has presented on tokenization flaws and payment methods at Black Hat USA, DEF CON 24/25, DerbyCon, Ekoparty, BugCON, 8.8, and Troopers 17/18. Salvador designed different tools to pentest magnetic stripe information and tokenization processes. In his designed toolset includes MagSpoofPI, JamSpay, TokenGet, SamyKam and lately BlueSpoof.


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Saturday - 12:00-12:45


Title: No Firewall Can Save You At The Intersection Of Genetics and Privacy

Speaker: Almost Human
About Almost Human:
Chris currently works at Lares, prior to that he founded or worked with a number of companies specializing in DarkNet research, intelligence gathering, cryptography, deception
technologies, and providers of security services and threat intelligence. Since the late 90’s Chris has been deeply involved with security
R&D, consulting, and advisory services in his quest to protect and defend businesses and individuals against cyber attack. Prior to that he jumped out of planes for a living, visiting all
sorts of interesting countries and cultures while doing his best to avoid getting shot at too often. Roberts is considered one of the world’s foremost experts on counter threat intelligence and vulnerability
research within the Information Security industry.
Abstract:
This talk originally started as a look at the intersection of personal anonymity and personal genetic sequencing. The short version: “Genetic Privacy” is a very tough thing to accomplish; lack of such privacy has potentially “bad” consequences. But there was some hope IF you did everything right. Then we all discovered that the prospects for genetic privacy are even lower than we imagined. You may have heard that the suspected Golden State Killer was found and arrested after decades of terror. The suspect didn’t slip up, other than having relatives who wanted to know more about their own genes. No one is accusing you of murder (I hope), but almost everyone has some aspect of their genetics that they don’t want others to know. So now, not only do you have to get everything right the first time to guard your genetic privacy – you have to hope all your relatives get the genetic privacy stuff right the first time…and every time they get tested. And for those of you who say, “But wait! The laws against genetic discrimination will save us!” consider that various laws also ban other forms of discrimination. How’s that working out these days?

Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Saturday - 12:00-13:00


Title:
No Way JOSE! Designing Cryptography Features for Mere Mortals

12:00pm

No Way JOSE! Designing Cryptography Features for Mere Mortals
When
Sat, August 11, 12pm 1pm
Description
Speaker

------
Scott Arciszewski

Abstract
--------
The past three years of vulnerability research and cryptanalysis has not been kind to the JOSE family of Internet standards (most commonly known as JSON Web Tokens a.k.a. JWT). This has led to many security experts declaring boldly, "Don't use JWT!" but has left many developers in want of a viable alternative. Scott went a step further and designed a safer alternative: PASETO (Platform-Agnostic SEcurity TOkens), which is currently implemented in 10 programming languages.

Bio
-----------------
Scott Arciszewski specializes in security, and not just compliance either. His passion is to encourage companies to get reasonable protection against data breaches. This is why he cofounded Paragon Initiative Enterprises.

Scott has over 15 years of software development, system administration, and of course, application security under his belt. He has a passion for Open Source software and believes no one should be limited by the diversity or quality of their software.

When hes not solving security problems, you can find Scott writing on his company blog, contributing secure code snippets to Stack Overflow, attending security conferences, and educating people about security on Twitter.

Twitter handle of presenter(s)
------------------------------
CiPHPerCoder

Website of presenter(s) or content
----------------------------------
https://paragonie.com/blog/author/scott-arciszewski

Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Saturday - 14:30-14:59


Normalizing Empire's Traffic to Evade Anomaly-based IDS

Utku Sen, Senior R&D Engineer at Tear Security
Gozde Sinturk, R&D Engineer at Tear Security

Perimeter defenses are holding an important role in computer security. However, when we check the method of APT groups, a single spear-phishing usually enough to gain a foothold on the network. Therefore, red teams are mostly focused on "assume breach" type of scenarios. In these scenarios, testers need to use a post-exploitation framework. Besides that, testers also need to hide the server-agent communication from NIDS (Network Intrusion Detection Systems). In this session, we will discuss one of the most famous post-exploitation tool, Empire's situation against payload-based anomaly detection systems. We will explain how to normalize Empire's traffic with polymorphic blending attack (PBA) method. We will also cover our tool, "firstorder" which is designed to evade anomaly-based detection systems. firstorder tool takes a traffic capture file of the network, tries to identify normal profile and configures Empire's listener in such way.

Utku Sen (Twitter: @utkusen) is a security researcher who is mostly focused on following areas: application security, network security, tool development. He presented his tool, Leviathan Framework in Black Hat USA Arsenal and DEF CON Demo Labs in 2017. He also nominated for Pwnie Awards on "Best Backdoor" category in 2016.

Gozde Sinturk is Security Researcher and Python Developer who involved in projects related to machine learning, natural language processing, and big data. She is developing security tools in her current position.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Friday - 11:00-11:45


NSA Talks Cybersecurity

Friday at 11:00 in Track 1
45 minutes |

Rob Joyce

The National Security Agency (NSA) has authorities for both foreign intelligence and cyber security.  This unique position gives NSA insights into the ways networks are exploited and the methods that are effective in defending against threats.  Over time, NSA has adapted the focus of its security efforts and continues to evolve with technologies and the adversaries we face.  The talk will look back at some of the inflection points that have influenced NSA and US Government cybersecurity efforts and look at what is necessary to stay safe in the new environment.

Rob Joyce
Rob Joyce (@RGB_Lights) has been with the Nation Security Agency (NSA) for 29 years and has led organizations doing both foreign intelligence and cybersecurity work.  He is the Senior Advisor for Cybersecurity, having recently returned from the White House as the Cybersecurity Coordinator where he worked national policy, synchronizing activity across the government and partners.  His previous assignment was leading Tailored Access Operations (TAO), the organization developing tools, techniques and capabilities to exploit computers for NSA's foreign intelligence mission.  Prior to that, he was the Deputy Director for Information Assurance, overseeing the protection of national security systems, which includes the nation's cryptographic key material, classified networks and warfighting networks.  In his spare time, Rob builds a computerized Christmas light show.  His most recent display was likely visible from the International Space Station. In addition to an infatuation with Christmas light displays, he helped a Boy Scout troop built catapults for the annual Punkin Chunkin competition until lawyers ruined it for all of us.


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1 - Sunday - 10:00-11:50


nzyme

Sunday 08/12/18 from 1000-1150 at Table One
Defense, RF, WiFi/802.11

Lennart Koopmann

Detecting attackers who use WiFi as a vector is hard because of security issues inherent in the 802.11 protocol, as well as commoditized ways of near-perfect spoofing of WiFi enabled devices.

Security professionals work around this by treating WiFi traffic as insecure and encrypting data on higher layers of the protocol stack. Sophisticated attackers do not limit their efforts to jamming or tapping of wireless communication, but try to use deception techniques to trick human operators of WiFi devices into revealing secrets. The list of attacks that are possible after a user has been convinced to connect to a rogue access point that is under the attacker's control ranges from DNS spoofing to crafted captive portals that can be used for classic phishing attempts.

This is why the new nzyme release introduces its own set of WiFi deception techniques. It is turning the tables and attempts to trick attackers into attacking our own simulated, wireless infrastructure that resembles realistic clients and access points. Together with the general collection of all 802.11 management frames already offered in the existing release, nzyme now replays all relevant communication to and from our decoy transceivers to a log management system like Graylog for analysis and alerting. This combination allows tricking attackers into revealing themselves by leaving easy to identify traces during all exploitation phases.

Applying WiFi deception to defensive perimeters gives the blue team a chance to reveal, delay, and condition attackers.

https://wtf.horse/2017/10/02/introducing-nzyme-wifi-802-11-frame-recording-and-forensics/

Lennart Koopmann
Born and raised in Germany, Lennart founded the Open Source log management project Graylog in 2009 and has since then worked with many organizations on log management and security-related projects. He has an extensive background in software development and architecture. There is a high chance that you will meet Lennart at a LobbyCon somewhere in the country. Once he ran a marathon but was not very Fast.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Roman Chillout - Friday - 20:00-19:59


Oh Noes!—A Role Playing Incident Response Game

Friday at 20:00 in Roman Chillout
Fireside Hax | Demo, Audience Participation, Tool

Bruce Potter Founder, The Shmoo Group

Robert Potter Hacker

The term"incident response exercise" can strike fear in the hearts of even the mostly steely-eyed professional. The idea of sitting around a table, talking through a catastrophic security event can be both simultaneously exhausting and incredibly boring. However, what instead of an participating in an"incident response exercise," you instead got to plan an"incident response role playing game?"

Enter our IR roleplaying game,"Oh Noes! An Adventure Through the Cybers and Shit." As part of our day job, we do quarterly IR exercises. In order to make these exercises more engaging, more fun, and more useful, we turned these exercises into a role playing game. We found it so useful and fun, we're releasing it at DEF CON along with numerous scenarios for your dungeon master to take you through.

At this talk, we will talk about gamifying IR exercises and the rules of Oh Noes! We will equip you with dice and your own character sheet and we will walk you through the character creating process. That's right, in Oh Noes! you create your own character with specific skills and abilities that you level up as you play. A group of us will play through a short scenario so you can see how the game works. We will provide several sample scenarios, some ripped from the headlines (and some cribbed from @badthingsdaily) as well as provide guidance on what makes successful scenarios as you transition to be your own dungeon master.

Bruce Potter
Bruce Potter is the founder of The Shmoo Group, CISO at Expel, and helps run ShmooCon each year in Washington DC. Bruce has over 20 years (yikes!) of experience in hacking and cyber security including working with DoD an Intelligence Community clients as well as numerous finance, healthcare, and transportation companies. Bruce used to do a lot of wireless and network attack and defense work but lately focuses on risk management, threat categorization, and building more secure systems. Bruce has never played D&D but has a son who plays extensively.

@gdead

Robert Potter
Robert Potter is a 16 year old 10th grader who wears Invisalign. He is the son of Mr.Bow-To-My-Firewall and Mrs.Heidi"clever name" Potter. He likes things that begin with M, including but not limited to Math, Music, and his Mother (my mom told me to put that there).

@TauManiac


Return to Index    -    Add to    -    ics Calendar file

 

SEV - Caesars Promenade South - Octavius BR 3-8 - Saturday - 17:50-18:40



Saturday August 11 2018 1750 50 mins
On the Hunt: Hacking the Hunt Group
Dynamic duo DEF CON SECTF black badge winner Chris Silvers and ACE Hackware founder Taylor Banks return to the stage to take audiences on a hunt — of the hunt group, that is.

In this talk, Chris and Taylor will walk through the evolution of the “”you called me!”” vishing attack from 1980s phone pranking and 3-way calling to 2010s perceived phone system glitch exploits. You’ll learn how to engineer a successful “”simultaneous answer”” vishing call through reconnaissance, rapport-building, and attack. Most importantly, you’ll walk away with actionable strategies to prepare yourself and your organization against such attacks.

Oh, and the best part? Chris and Taylor will play real recordings of phone system glitch vishing calls on stage. Listen (and laugh) to what worked and what didn’t, then learn a little something through an interactive analysis of each call with the presenters.

Chris Silvers: @cgsilvers
Taylor Banks: @taylorbanks
Taylor Banks, Founder of ACE Hackware, has spent 15 years in information security. Experienced in applied hacking and countermeasures, Taylor has performed pen-tests and provided training for organizations including the FBI, NSA, US Navy and Marine Corps.

Chris Silvers is founder and CEO of CG Silvers Consulting as well as DEF CON black badge winner. Chris’ passion for education and 20 years of experience in information security have landed him on the presenter’s stage at conferences such as Derby Con and GrrCon.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Sunday - 14:00-14:45


One bite and all your dreams will come true: Analyzing and Attacking Apple Kernel Drivers

Sunday at 14:00 in Track 3
45 minutes | Demo, Tool, Exploit

Xiaolong Bai Security Engineer, Alibaba Inc.

Min (Spark) Zheng Security Expert, Alibaba Inc.

Though many security mechanisms are deployed in Apple's macOS and iOS systems, some old-fashioned or poor-quality kernel code still leaves the door widely open to attackers. Especially, as kernel's critical components, device drivers are frequently exploited to attack Apple systems. In fact, bug hunting in Apple kernel drivers is not easy since they are mostly closed-source and heavily relying on object-oriented programming. In this talk, we will share our experience of analyzing and attacking Apple kernel drivers. In specific, we will introduce a new tool called Ryuk. Ryuk employs static analysis techniques to discover bugs by itself or assist manual review.

In addition, we further combine static analysis with dynamic fuzzing for bug hunting in Apple drivers. In specific, we will introduce how we integrate Ryuk to the state-of-art Apple driver fuzzer, PassiveFuzzFrameworkOSX, for finding exploitable bugs.

Most importantly, we will illustrate Ryuk's power with several new vulnerabilities that are recently discovered by Ryuk. In specific, we will show how we exploit these vulnerabilities for privilege escalation on macOS 10.13.3 and 10.13.2. We will not only explain why these bugs occur and how we find them, but also demonstrate how we exploit them with innovative kernel exploitation techniques.

Xiaolong Bai
Xiaolong Bai (twitter@bxl1989, github@bxl1989) is a security engineer in Alibaba Orion Security Lab. Before joining Alibaba, he received his Ph.D. degree in Tsinghua University. He has published several research papers on top conferences including IEEE S&P, Usenix Security, CCS, NDSS, and presented his research in Black Hat USA and Hack In The Box. He has been acknowledged by famous vendors, including Apple, Google, Facebook, Evernote, and Tencent for his contribution in discovering the vulnerabilities in their systems and improving the security of their products. He is a member of the OverSky team for private jailbreaking development.

@bxl1989

Min (Spark) Zheng
Min (Spark) Zheng (twitter@SparkZheng, github@zhengmin1989) is a security expert in Alibaba Orion Security Lab. He received his Ph.D. degree in the CSE department of the CUHK. His research focuses on malware analysis, smartphone (Android & iOS) security, system design and implementation. Before receiving Alibaba A-Star offer award in 2015, he worked in FireEye, Baidu and Tencent. He was the champion of GeekPwn 2014 and AliCTF 2015. He won the"best security researcher" award in FIT 2016 for detecting the iOS/macOS vulnerabilities, XcodeGhost virus and WormHole RCE vulnerability. He is a member of the OverSky team for private jailbreaking development. He presented his research in DEF CON, HITB, BlackHat, RUXCON, etc.

@SparkZheng


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Saturday - 13:00-13:30


One Step Ahead of Cheaters -- Instrumenting Android Emulators

Saturday at 13:00 in 101 Track, Flamingo
20 minutes | Demo, Tool

Nevermoe (@n3v3rm03) Security Engineer, DeNA Co., Ltd.

Commercial Android emulators such as NOX, BlueStacks and Leidian are very popular at the moment and most games can run on these emulators fast and soundly. The bad news for game vendors is that these emulators are usually shipped with root permission in the first place. On the other hand, cheating tools developers are happy because they can easily distribute their tools to abusers without requiring the abusers to have a physical rooted device, nor do they need to perform laborious tuning for different Android OS / firmware version. However, luckily for game vendors, commercial Android emulators usually use an x86/ARM mixed-mode emulation for speed-up. As a result, a standard native hooking/DBI framework won't work on this kind of platform. This drawback could discourage the cheating developers.

In this talk, I will introduce a native hooking framework on such a kind of mixed-mode emulators. The talk will include the process start routine of both command-line applications and Android JNI applications as well as how these routines differ on an emulator. The different emulation strategies adopted by different emulators and runtime environments (Dalvik/ART) will also be discussed. Based on these knowledge, I will explain why the existing hooking/DBI frameworks do not work on these emulators and how to make one that works.

Lastly, I will present a demo of using this hooking framework to cheat a game on emulator. With this demo, I will discuss how the dark market of mobile game cheating may develop in the foreseeable future.

Nevermoe (@n3v3rm03)
Nevermoe (@n3v3rm03) is a security engineer in DeNA Co., Ltd. His main focuses are web security, game hacking and reverse engineering. He loves writing tools for game hacking / analyzing and publishing them on https://github.com/nevermoe.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Friday - 13:00-13:30


One-Click to OWA

Friday at 13:00 in Track 3
20 minutes | Demo, Tool

William Martin Security & Privacy Senior Associate

With the presense of 2FA/MFA solutions growing, the attack surface for external attackers that have successfully phished/captured/cracked credentials is shrinking. However, many 2FA/MFA solutions leave gaps in their coverage which can allow attackers to leverage those credentials. For example, while OWA may be protected with 2FA, the Exchange Web Services Management API (EWS) offers many of the same features and functionalities without the same protections.

In this talk, I will introduce ExchangeRelayX, an NTLM relay tool that provides attackers with access to an interface that resembles a victim's OWA UI and has many of its functionalities - without ever cracking the relayed credentials.  ExchangeRelayX takes advantage of the gap in some 2FA/MFA solutions protecting Exchange, potentially resulting in a single-click phishing scheme enabling an attacker to exfiltrate sensitive data, perform limited active-directory enumeration, and execute further internal phishing attacks.

William Martin
William Martin is a penetration tester & information security researcher with more than five years of experience in the Information Security Industry. William became an Offensive Security Certified Professional(OSCP) in November of 2015 and is currently a senior associate at RSM US LLP in the Security and Privacy practice with a focus on penetration testing and social engineering. www.linkedin.com/in/william-martin-OSCP

@quickbreach
www.linkedin.com/in/william-martin-OSCP


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Friday - 11:00-11:45


One-liners to Rule Them All

Friday at 11:00 in Track 2
45 minutes | Demo

egypt Security Analyst, Black Hills Information Security

William Vu Security Researcher, Rapid7

It began with the forging of the command line. And some things that should not have been forgotten, were lost. History became legend, legend became myth.

Sometimes you just need to pull out the third column of a CSV file. Sometimes you just need to sort IP addresses. Sometimes you have to pull out IP addresses from the third column and sort them, but only if the first column is a particular string and for some reason the case is random.

In this DEF CON 101 talk, we'll cover a ton of bash one-liners that we use to speed up our hacking. Along the way, we'll talk about the concepts behind each of them and how we apply various strategies to accomplish whatever weird data processing task comes up while testing exploits and attacking a network.

egypt
egypt is a penetration tester for Black Hills Information Security and a contributor to the Metasploit Project. He is not a country.

@egyp7

William Vu
William Vu is a security researcher at Rapid7 who works on the Metasploit Project.


Return to Index    -    Add to    -    ics Calendar file

 

BTV - Flamingo 3rd Flr- Savoy Rm - Friday - 18:20-18:59


Open Source Endpoint Monitoring

Friday at 18:20-19:00
40 minutes

Rik van Duijn and Leandro Velasco

There is a rising trend within Threat actors to find newer, more effective and stealthy ways to attack and gain persistence in a network. One way to achieve this is by abusing legitimate software such as Windows Management Instrumentation and PowerShell. This is the case for Living Off the Land and Fileless threats. By using these techniques, attackers can distribute their malicious code bypassing software whitelisting and avoid antivirus detection. A method to detect these threats is by monitoring endpoints activity. However, this option comes with many challenges that range from getting enough system’s activity information to handle hundreds of events per second.

In our research, we analyze this monitoring method and the design challenges involved in it. Furthermore, we propose a solution that aims to detect and alert when advance threats are identified in a system. In order to provide an endpoint monitoring system free of any vendor lock-in, this solution combines the capabilities of different open source projects as well as free tools. These include, Sysmon for monitoring system activity, Elastic Stack (ELK) to store and search the collected data, ElastAlert to trigger alarms and the Sigma Project to define the rules for the alarms. This highly customizable solution would enable organizations to hunt for threats inside their network or create rules that would automatically detect specific threats upfront.

Rik van Duijn
Rik van Duijn, has over 5 years of experience as a penetration tester. His first job was auditing web application source code for a Dutch bank. Rik holds the OSCP, OSCE certifications, and is currently practicing for the OSEE certification. Rik has spoken at SHA2017, Tweakers Security/DEV Meetups and #whiskyleaks.

Leandro Velasco Leandro Velasco has over 4 years of experience in IT security. After his initial introduction managing SIEM systems Leandro completed the OS3 master. In his current role Leandro is a member of the security research team, analyzing threats and designing detection or mitigating solutions.


Return to Index    -    Add to    -    ics Calendar file

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Friday - 12:30-12:59


Title: Open Source Hardware and the Monero Project

Speakers: Parasew

Description:
No description available



Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Friday - 12:00-12:10


Opening Note

No description available


Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Friday - 10:00-10:20


Opening Remarks

No description available


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Saturday - 17:40-17:59


OpenPiMap is the ultimate home/prosumer network utility in order to detect, analyze, and respond to malicious network traffic on a small home or office network. Get an interactive and dynamic interface to detect and respond to botnets, hackers, and script kiddies on a platform that is powered by just 5v and costs less than $10. Everyday any point of presence on the internet can be faced with thousands of scans, exploit attempts, or malicious probes with almost no signature or notification to the end user. OpenPiMap offers the ability to detect and respond to malicious network traffic that would normally be ignored by traditional anti-virus or consumer firewalls.

OpenPiMap is an open source Netflow protocol analyzer written entirely in Python3, Flask, Javascript, and SQLite that combines open source intelligence with home/SOHO networking and intrusion detection. Running on any version of a Raspberry Pi, Linux OS, or Windows, OpenPiMap consists of two parts: (1) Netflow collection service and (2) Database processing service. The NetFlow service does exactly what it sounds like, it listens on a specified port for Netflow v5 data and logs the data into a local SQL database. The second part is where the magic happens.

All of the traffic, both in and out of the network, is compared to dozens of the top IP blacklists for malicious patterns. Once identified, the malicious suspects are mapped, interrogated via Shodan’s Python API for vulnerable services and ownership information, and then staged for exploitation if a readily available exploit exists. This processing is where the bridge between traditional netflow traffic analyzers and OpenPiMap split. There are plenty of free tools on the market to monitor incoming and outgoing connections, bandwidth utilization, and common port usage. However, none of the existing products leverage open source intelligence to the extent of OpenPiMap by providing you with the open ports and services, ownership information, ISP, geographic location, and publically available exploits for the incoming or outgoing IP addresses.


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Friday - 13:30-14:00


Title:
Opportunistic Onion: More Protection Some of the Time

1:30pm

Opportunistic Onion: More Protection Some of the Time
When
Fri, August 10, 1:30pm 2:00pm
Description
Speaker
------
Mahrud Sayrafi

Abstract
--------
I will present results of a collaboration between the Tor Project, Mozilla, and Cloudflare to deploy onion services in Cloudflare's infrastructure in order to protect the security and privacy of Tor user connections terminating in our network. Leveraging the HTTP Alternative Services, we demonstrate how to defend against passive attacks by malicious Exit Nodes. As a secondary feature, this method enables distinguishing individual Tor circuits, which allows Cloudflare to assign reputation to circuits rather than IP addresses, therefore showing less CAPTCHA to humans.
Additionally, I will introduce an open-source plugin for the Caddy Web Server which allows website admins to enable Opportunistic Onion using an existing HTTPS certificate with a simple configuration, nullifying the need to purchase Extended Validation certificates. Moreover, this plugin enables load balancing for the onion service.

Bio
-----------------
Full-time mathematics student and part-time hacker.

Twitter handle of presenter(s)
------------------------------
mahrudsay

Website of presenter(s) or content
----------------------------------
perfectoid.space

Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 10:00-11:50


Orthrus

Saturday 08/11/18 from 1000-1150 at Table Four
InfoSec

Nick Sayer

Orthrus is a small appliance that allows the user to create a cryptographically secured USB volume from two microSD cards. The data on the two cards is encrypted with AES-256 XEX mode, and all of the key material used to derive the volume key is spread between the two cards. There are no passwords to manage. If you have both cards, you have everything. If you have only one, you have half the data encrypted with a key you cannot reconstruct. This allows for “two-man control” over a dataset. Orthrus itself has no keys of its own and a volume created or written with one Orthrus can be used with any other (or on any other thing that implements the Orthrus open specification). Orthrus is open source hardware and firmware.

https://hackaday.io/project/20772-orthrus

Nick Sayer
Nick Sayer has been a software developer for most of his life and has spent the last ten years specializing in his day job on security and cryptography. He recently rediscovered the hardware hobby he abandoned in his teens and has a store on Tindie full of his creations, all of which are open.


Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Friday - 15:00-15:59


Title:
OSINT IS FOR SOCCER MOMS

Laura H
@h0tdish

OSINT IS FOR SOCCER MOMS

A brief but riveting mini-history of why and how most soccer mom's can out OSINT your collective information security asses any day of the week using actual case studies of two unbelievable unsolved, in real time, homicide investigations, turned SOLVED. This introductory and fast paced talk will take a look at the history of OSINT from "web-sleuthing" to "crowdsourcing" and illustrate how, from the experience of the presenter, OSINT is utilized within modern homicide investigations from & via the internet. We will discover along the way the very real consequences and benefits that can occur when policing entities ignore or include OSINT gathered by well meaning public tipsters. Afterall, the large majority of criminal events are solved by the public sending in information. Finally, we will touch on the truth that OSINT is not actually a career path or even a subset skill specific to information security but rather is a set of ever evolving tools, that was born from curiosity and caring about communities and continues to evolve to this day.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Saturday - 16:00-16:45


Outsmarting the Smart City

Saturday at 16:00 in 101 Track, Flamingo
45 minutes | Demo, Exploit

Daniel "unicornFurnace" Crowley Research Baron, IBM X-Force Red

Mauro Paredes Hacker

Jen "savagejen" Savage Hacker

The term"smart city" evokes imagery of flying cars, shop windows that double as informational touchscreens, and other retro-futuristic fantasies of what the future may hold. Stepping away from the smart city fantasy, the reality is actually much more mundane. Many of these technologies have already quietly been deployed in cities across the world. In this talk, we examine the security of a cross-section of smart city devices currently in use today to reveal how deeply flawed they are and how the implications of these vulnerabilities could have serious consequences.

In addition to discussing newly discovered pre-auth attacks against multiple smart city devices from different categories of smart city technology, this presentation will discuss methods for how to figure out what smart city tech a given city is using, the privacy implications of smart cities, the implications of successful attacks on smart city tech, and what the future of smart city tech may hold.

Daniel "unicornFurnace" Crowley
Daniel has been working in infosec since 2004, is TIME's 2006 Person of the Year, and brews his own beer. Daniel is the primary author of both the Magical Code Injection Rainbow, a configurable vulnerability testbed, and FeatherDuster, an automated cryptanalysis tool.

@dan_crowley

Mauro Paredes
Mauro has many years of experience performing penetration testing and security assessments for clients in Canada, USA, Germany, Mexico and Venezuela. Mauro has experience across several industries, including finance, telecommunication, e-commerce, technology providers, retail, energy, healthcare, logistics and transportation, government; and education.

Jen "savagejen" Savage
Jennifer Savage has over a decade of experience in tech including penetration testing, vulnerability assessment, vulnerability management, software development, technical management, and consulting services for companies ranging from startups to the Fortune 100.

@savagejen


Return to Index    -    Add to    -    ics Calendar file

 

DDV - Caesars Promenade Level - Capri Rm - Saturday - 15:00-15:55


Speaker: Mauro Cáseres

 

Gluster is a free scalable network filesystem. Using common off-the-shelf hardware, it allows the user to create large, distributed storage solution for media streaming, data analysis, and other data and bandwidth intensive tasks, thus providing a nice alternative to create a data replication pool easily. It was acquired by Red Hat in 2011, and merged into Red Hat Storage server in 2012, while still available in the open source world. Gluster itself doesn't have a large vulnerabilities history, having only 6 vulnerabilities reported in the last 6 years (2 of them after being bought by Red Hat). In this talk, we'll focus on the latter two, releasing GEVAUDAN, an exploit for newcomers to the gluster world to learn about it's architecture and security, and the implicancies of proper access managament on replicated data systems. This is a talk for begginers from both fields: data replication schemas and exploits writing, so both fields will have a proper introductory section. A live demo will take place during the talk, and the public can actively participate.


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 6 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 16:00-17:50


PA Toolkit—Wireshark plugins for Pentesters

Saturday 08/11/18 from 1600-1750 at Table Six
Defence

Nishant Sharma

Jeswin Mathai

PA Toolkit is a collection of traffic analysis plugins to extend the functionality of Wireshark from a micro-analysis tool and protocol dissector to the macro analyzer and threat hunter. PA Toolkit contains plugins (both dissectors and taps) covering various scenarios for multiple protocols, including:

The key advantage of using PA toolkit is that any user can check security related summary and detect common attacks just by running Wireshark. And, he can do this on the platform of his choice. Also, as the project is open source and written in newbie-friendly Lua language, one can easily extend existing plugins or reuse the code to write plugins of his own.

Nishant Sharma
Nishant Sharma is a Technical Manager at Pentester Academy and Hacker Arsenal where he leads the development of multiple gadgets for WiFi pentesting such as WiMonitor, WiNX, WiMini and course/training content. He has presented/published his work at Blackhat Arsenal, Wireless Village, IoT village and Demo labs (DEFCON). Prior to joining Pentester Academy, he worked as a firmware developer at Mojo Networks where he contributed in developing new features for the enterprise-grade WiFi APs and maintaining the WIPS solution. He has a Master degree in Information Security from IIIT Delhi. He has also published peer-reviewed academic research on HMAC security. His areas of interest include WiFi and IoT security, AD security, forensics and cryptography.

Jeswin Mathai
Jeswin Mathai is a Researcher at Pentester Academy. He has a Bachelor degree from IIIT Bhubaneswar. He was the team lead at InfoSec Society IIIT Bhubaneswar in association with CDAC and ISEA, which performed security auditing of government portals and conducted awareness workshops for government institutions. He was also the part of team Pied Piper who won Smart India Hackathon 2017, a national level competition organized by GoI. His area of interest includes Malware Analysis and Reverse Engineering, Cryptography, WiFi security and Web Application Security.


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon F - Thursday - 10:00-13:59


Packet Mining for Privacy Leakage

Thursday, 1000-1400 in Icon F

Dave Porcello Founder, Pwnie Express

Sean Gallagher IT & National Security Editor, Ars Technica

Join the packet hunters behind NPR's Project Eavesdrop for an interactive, hands-on workshop where we'll hunt for juicy bits of personal & corporate data on the wire. Using Wireshark, ngrep, tcpflow, xplico and other Linux packet digging tools, you'll learn how to extract PII from a packet capture or live stream, including passwords, emails, photos/images, cookies, session IDs, credit card numbers, SSNs, GPS coordinates, mobile device details, cell carrier info, vulnerable client software, weak SSL sessions, and much more. Useful for detecting privacy/data leakage, passive pentesting, & network forensics, these techniques expose what an intermediary can discern about an individual or organization through passive monitoring of network traffic.

Prerequisites: Students must be comfortable with Linux command line & Wireshark.

Materials: Students wishing to participate in the exercises should bring a laptop running Kali Linux (or a Kali virtual machine).

Max students: 84

Registration: -CLASS FULL- https://www.eventbrite.com/e/packet-mining-for-privacy-leakage-icon-f-tickets-47086301395
(Opens July 8, 2018 at 15:00 PDT)

Dave Porcello
Dave Porcello is the Founder of Pwnie Express and creator of the original Pwn Plug, Power Pwn, and other covert pentesting gadgets featured on NPR, Wired, Ars Technica, Slashdot, and "Mr. Robot". Dave is currently a freelance pentester, packet hunter, researcher, & adjunct professor at Norwich University.

Sean Gallagher
Sean Gallagher is Ars Technica's IT and National Security Editor. He evaluates security tools and conducts privacy and security testing for Ars' Technology Lab.


Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Friday - 12:00-12:59


PacketWhisper: Stealthily Exfiltrating Data and Defeating Attribution Using DNS and Text-Based Steganography

TryCatchHCF

Data exfiltration through DNS typically relies on the use of DNS query fields to exfiltrate data via the attacker's DNS server. This approach has several shortcomings. The first is attribution, since attackers end up creating a trail back to their own infrastructure. The second is awareness, as DFIR analysts have made careful study of DNS fields as exfiltration vectors. The third is access, since companies are increasingly using DNS server whitelisting to prevent or alert on outgoing DNS queries to servers controlled by attackers. But what if data could be transferred using the target's own whitelisted DNS servers, without the communicating systems ever directly connecting to each other or a common endpoint? Even if the network boundary employed data whitelisting to block data exfiltration?

Through a combination of DNS queries and text-based steganography, we'll cover the methods used to transfer data across a network, hidden in plain sight, without direct connectivity between systems, while employing multiple levels of deception to avoid generating alerts as well as to mislead analysis attempts. The presentation will include a demonstration of PacketWhisper, a new tool written in Python, that automates all of these steps for you. PacketWhisper will be made available on GitHub to coincide with this session (https://github.com/TryCatchHCF).

TryCatchHCF (Twitter: @TryCatchHCF) is Red Team Lead at a Fortune 500 company, and creator of the Cloakify Exfiltration and DumpsterFire Incident Automation Toolsets (https://github.com/TryCatchHCF). Previous roles have included Lead Pentester and AppSec Team Lead. He hacked into his first systems in 1981 and wrote his first malware the following year, all while nearly being eaten by a grue. He has 25+ years of security and software engineering experience, and served as an Intelligence Analyst and Counterintelligence Specialist in the United States Marine Corps. Education includes a bachelors degree in Cognitive Science, a masters degree in Information Assurance, and the collective HiveMind of the global hacking community.


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Friday - 14:15-16:15


Title: Panel Discussion: The Internet of Bodies

Moderator: Prof Andrea M. Matwyshyn, Professor of Law, NUSL
About Andrea M. Matwyshyn:
Andrea Matwyshyn is an academic and author whose work focuses on technology and innovation policy, particularly information security and consumer privacy. She is a (tenured full) professor of law / professor of computer science (by courtesy) at Northeastern University, where she is the co-director of
the Center for Law, Innovation, and Creativity (CLIC). Andrea is also a faculty affiliate of the Center for Internet and Society at Stanford Law School. She is a Senior Fellow of the Cyber Statecraft Initiative at the Atlantic Council's Brent Scowcroft Center on International Security and a US-UK Fulbright
Commission Cyber Security Scholar award recipient in 2016-2017. In 2014, she served as the Senior Policy Advisor/ Academic in Residence at the U.S. Federal Trade Commission. Prior to entering academia, she was a corporate attorney in private practice. She is the legal specialty reviewer for the DEFCON CFP board.
Panelist:Prof Stephanie Pell, West Point
About Stephanie Pell:
Stephanie Pell is an Assistant Professor and Cyber Ethics Fellow at West Point’s Army Cyber Institute (ACI). She writes about privacy, surveillance and security law and policy, and is particularly interested in the tensions inherent in enabling traditional law enforcement efforts and making our
communications networks more secure. Prior to joining the ACI faculty, Stephanie served as Counsel to the House Judiciary Committee, where she was lead counsel on Electronic Communications Privacy Act (ECPA) reform and PATRIOT Act reauthorization during the 111th Congress. Stephanie was also a
federal prosecutor for over fourteen years, working as a Senior Counsel to the Deputy Attorney General, as a Counsel to the Assistant Attorney General of the National Security Division, and as an Assistant U.S. Attorney in the U.S. Attorney’s Office for the Southern District of Florida. She was a
lead prosecutor in U.S. v. Jose Padilla (American Citizen detained as an enemy combatant prior to criminal indictment and trial), for which she received the Attorney General’s Exceptional Service Award, and in U.S. v. Conor Claxton (IRA operatives who purchased weapons in South Florida and smuggled
them into Belfast, Northern Ireland during peace process negotiations). Stephanie received her undergraduate, master’s and law degrees from the University of North Carolina at Chapel Hill.
Panelist:Dr. Suzanne Schwartz, U.S. Federal Drug Administration
About Dr. Suzanne Schwartz:
Dr. Suzanne Schwartz is the Associate Director for Science & Strategic Partnerships at FDA’s Center for Devices & Radiological Health (CDRH). In this role, she assists the CDRH Director and Deputy Director for Science in the development, execution and evaluation of the Center’s biomedical science and
engineering programs. Suzanne is passionate about cultivating critical dialogue across sectors and across entities towards advancing innovation in the biomedical space and within healthcare, where complex multifaceted problems exist. Suzanne joined FDA in October 2010. Initially recruited as a Commissioner’s
Fellow, she became a Medical Officer in the Office of Device Evaluation, transitioning in September 2012 to become the Director of CDRH’s Emergency Preparedness/Operations and Medical Countermeasures (EMCM) Program in the Office of the Center Director for the past 4 years. Among other public health concerns,
her portfolio has most notably included medical device cybersecurity, for which she chairs CDRH’s Cybersecurity Working Group. She also co-chairs the Government Coordinating Council for Healthcare & Public Health critical infrastructure sector. Before FDA, Suzanne was a full time surgical faculty member at Weill
Cornell Medical College, New York. Suzanne’s career has spanned the private sector as well, having served as Medical Director & Tissue Bank Director of Ortec International, a development stage medical device company focused on tissue engineering therapeutic approaches to burns and chronic wounds. Suzanne earned
an MD from Albert Einstein College of Medicine, trained in General Surgery & Burn Trauma at the New York Presbyterian Hospital - Weill Cornell Medical Center; an executive MBA from NYU Stern School of Business, and completed the National Preparedness Leadership Initiative – Harvard School of Public Health & Kennedy School of Government.
Panelist:Rebecca Slaughter, U.S. Federal Trade Commission
About Rebecca Slaughter:
Prior to joining the Commission, she served as Chief Counsel to Senator Charles Schumer of New York, the Democratic Leader. A native New Yorker, she advised Leader Schumer on legal, competition, telecom, privacy, consumer protection, and intellectual property matters, among other issues. Prior to joining Senator Schumer's office, Ms.
Slaughter was an associate in the D.C. office of Sidley Austin LLP. Ms. Slaughter received her B.A. in Anthropology magna cum laude from Yale University. She received her J.D. from Yale Law School, where she served as an editor on the Yale Law Journal.
Abstract:
As medical and recreational devices shift from outside to inside the body, challenges arise not only for builders and breakers of these devices, but also for regulators. This panel will introduce the progress of the Internet of Things into the "Internet of Bodies" and explain how existing legal and policy frameworks of
consumer protection and security fit with this next generation of body-attached and body-embedded devices (and how they don't).

Return to Index    -    Add to    -    ics Calendar file

 

PPV - Flamingo Lower Level - Valley Of Fire Rms - Saturday - 18:00-19:15


Title:
Panel on digital & Physical Security in Cannabis

What's the current state of Infosec in Cannabis and what's it lacking? If there is such a deficit, how can it best be resolved?
Return to Index    -    Add to    -    ics Calendar file

 

IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - Saturday - 12:30-12:59



Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Sunday - 15:00-15:45


PANEL: DEF CON GROUPS

Sunday at 15:00 in Track 1
45 minutes | Audience Participation

Brent White (B1TK1LL3R) DEF CON Groups Global Coordinator

Jeff Moss (The Dark Tangent) Founder, DEF CON

Jayson E. Street DEF CON Groups Global Ambassador

S0ups

Tim Roberts (byt3boy)

Casey Bourbonnais

April Wright

Do you love DEF CON? Do you hate having to wait for it all year? Well, thanks to DEF CON groups, you're able to carry the spirit of DEF CON with you year round, and with local people, transcending borders, languages, and anything else that may separate us!

In this special event, your DEF CON groups team who works behind the scenes to make DCG possible will introduce themselves and provide status updates. After we're done talking, the remainder of time will be an informal open floor right there in the room to mingle and talk all things DCG.

There will be a:

Designated area in the room for those wanting to start/join a group
Designated area in the room for those wanting to share project ideas

Brent White (B1TK1LL3R)
Bio Coming Soon

Jeff Moss (The Dark Tangent)
Bio Coming Soon

Jayson E. Street
Bio Coming Soon

S0ups
Bio Coming Soon

Tim Roberts (byt3boy)
Bio Coming Soon

Casey Bourbonnais
Bio Coming Soon

April Wright
Bio Coming Soon


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Caesars Emperor's Level - Track 1 Palace BR - Thursday - 25:00-25:59


Title:
Party Music - Acid-T


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Caesars Emperor's Level - Track 1 Palace BR - Friday - 26:15-26:59


Title:
Party Music - Circuit Static


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Caesars Emperor's Level - Track 1 Palace BR - Thursday - 24:00-24:59


Title:
Party Music - DJ v.27


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Caesars Emperor's Level - Track 1 Palace BR - Friday - 22:45-23:30


Title:
Party Music - Dualcore


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Caesars Emperor's Level - Track 1 Palace BR - Thursday - 23:00-23:59


Title:
Party Music - Icetre Normal


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Caesars Emperor's Level - Track 1 Palace BR - Friday - 21:00-21:59


Title:
Party Music - JG & The Robots


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Caesars Emperor's Level - Track 1 Palace BR - Saturday - 23:30-24:59


Title:
Party Music - Juno Reactor


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Caesars Emperor's Level - Track 1 Palace BR - Friday - 23:30-24:15


Title:
Party Music - MC Frontalot


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Caesars Emperor's Level - Track 1 Palace BR - Saturday - 25:00-25:59


Title:
Party Music - Miss Jackalope


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Caesars Emperor's Level - Track 1 Palace BR - Thursday - 22:00-22:59


Title:
Party Music - OS System


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Caesars Emperor's Level - Track 1 Palace BR - Saturday - 26:00-26:59


Title:
Party Music - s7a73farm


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Caesars Emperor's Level - Track 1 Palace BR - Friday - 25:15-26:15


Title:
Party Music - Scotch & Bubbles


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Caesars Emperor's Level - Track 1 Palace BR - Saturday - 21:30-22:30


Title:
Party Music - Skittish & Bus


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Caesars Emperor's Level - Track 1 Palace BR - Friday - 24:15-25:15


Title:
Party Music - TBD


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Caesars Emperor's Level - Track 1 Palace BR - Thursday - 26:00-26:59


Title:
Party Music - Tineh Nimjeh


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Caesars Emperor's Level - Track 1 Palace BR - Friday - 22:00-22:45


Title:
Party Music - YT Cracker


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Caesars Emperor's Level - Track 1 Palace BR - Thursday - 21:00-21:59


Title:
Party Music - YurkMeister


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Caesars Emperor's Level - Track 1 Palace BR - Saturday - 22:30-23:30


Title:
Party Music - Zebbler Encanti


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1 - Sunday - 10:00-11:50


Passionfruit

Sunday 08/12/18 from 1000-1150 at Table Five
iOS reverse engineer, Mobile security research

Zhi Zhou

Yifeng Zhang

Passionfruit is a cross-platform app analyze tool for iOS. It aims to provide a powerful and user friendly gui for app pentesting and reverse engineering. In this demo we’ll cover the most common tasks in iOS RE, like dumping decrypted apps from AppStore, exploring filesystem and other runtime introspections.

https://github.com/chaitin/passionfruit

Zhi Zhou
AntFinancial Zhi Zhou is a security engineer at AntFinancial LightYear Lab, who mainly focus on applied software security, including both mobile and desktop platforms. He’s been working on blackbox assessment, vulnerability exploit and new attack surface discovery. He was a speaker at BlackHat USA 2017.

Yifeng Zhang
Chaitin Tech Yifeng Zhang is a penetration tester at Chaitin Tech, working in mobile security and financial malware. He has been dedicated to developing security tools to make pen-testing more efficient and effective.


Return to Index    -    Add to    -    ics Calendar file

 

EHV - Caesars Promenade Level - Modena Rm - Friday - 17:30-18:29


Title: Patching the CFAA: The New CIAA and “Ethical” Conduct in Security Research

Speakers: Speaker TBA

Description:

Care about fixing the CFAA? Hear about a new proposal to better protect security research: the Computer Intrusion and Abuse Act. Because the proposal relies on norms/ethics in the security research community, we will debate the hard cases - situations where researcher norms vary.




Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1 - Sunday - 10:00-11:50


PCILeech

Sunday 08/12/18 from 1000-1150 at Table Four
Offense, Hardware, DFIR

Ulf Frisk

Ian Vitek

The PCILeech direct memory access attack toolkit was presented at DEF CON 24 and quickly became popular amongst red teamers and governments alike. Hardware sold out, FPGA support was introduced and devices are once again available! We will demonstrate how to take total control of still vulnerable systems via PCIe DMA code injection. Kernels will be subverted, full disk encryption defeated and shells spawned! Processes will be enumerated and their virtual memory abused—all by using affordable hardware and the open source PCILeech toolkit.

http://github.com/ufrisk/pcileech

Ulf Frisk
Ulf Frisk is a hacker/penetration tester working in the Swedish financial sector. Ulf focuses on penetration testing and it-security audits during daytime and low-level security research during nighttime. Ulf takes a special interest in DMA—direct memory access, and has a dark past as a developer.

Ian Vitek
Ian Vitek has a background as a pentester but now works with information security in the Swedish financial sector. Ian has held presentations at Defcon 8, 10, 12, BSidesLV and over the last years attended as a Defcon DJ (VJ Q.Alba). Interested in web, layer 2, DMA and pin bypass attacks.


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon E - Friday - 14:30-18:30


Penetration Testing Environments: Client & Test Security

Friday, 1430-1830 in Icon E

Wesley McGrew Director of Cyber Operations, HORNE Cyber Solutions

Kendall Blaylock Director of Cyber Intelligence, HORNE Cyber

Penetration testers can have the tables turned on them by attackers, to the detriment of client and tester security. Vulnerabilities exist in widely-used penetration testing tools and procedures. Testing often takes place in hostile environments: across the public Internet, over wireless, and on client networks where attackers may already have a foothold.

In these environments, common penetration testing practices can be targeted by third-party attackers. This can compromise testing teams in the style of "ihuntpineapples", or worse: quietly and over a long period of time. The confidentiality, integrity, and availability of client networks is also put at risk by "sloppy" testing techniques.

In this workshop, we present a comprehensive set of recommendations that can be used to build secure penetration testing operations. This includes technical recommendations, policies, procedures, and guidance on how to communicate and work with client organizations about the risks and mitigations. The goal is to develop testing practices that:

- ...are more professionally sound
- ...protect client organizations
- ...protect penetration testers' infrastructure, and
- ...avoid a negative impact on speed, agility, and creativity of testers

The recommendations are illustrated with entertaining and informative hands-on exercises. For the DEF CON 26 version of this class, the exercises have been updated to take place within Docker containers, and a portion of the class will involve introducing penetration testers to the use (and abuse) of containers.

Exercises include:
- Vulnerability analysis of a penetration testing device's firmware
- Quick and dirty code audits of high-risk testing tools
- Monitoring and hijacking post-exploitation command and control
- Layering security around otherwise insecure tools.

After this workshop, you will walk away with actionable recommendations for improving the maturity and security of your penetration testing operations, as well as an exposure to the technical aspects of protecting the confidentiality of sensitive client data. You will participate in hands-on exercises that illustrate the importance of analyzing your own tools for vulnerabilities, and learn how to think like an attacker that hunts attackers. You'll hear about the challenges that are inherent in performing penetration tests on sensitive client networks, and learn how to layer security around your practices to reduce the risks.

Prerequisites: To get the most out of this class, students should have the ability to read/follow code in many programming languages (C/C++, Python, PHP, etc.). Students should also be familiar with navigation and use of the Linux command line. Experience with penetration testing will be useful, but those new to penetration testing should not be discouraged. The entire point is to pick up good operational security habits.

Materials: Students who wish to participate in the hands-on exercises should bring a laptop with at least 8GB of RAM, and a working installation of Docker (to the point of being able to run "docker run hello-world"). The instructor will be teaching and demonstrating with Linux, and it is recommended as your host operating system, but a Docker installation on Windows should also be able to complete the exercises (16GB RAM recommended for Windows host operating systems). Materials will be provided on USB drives at the workshop.

Max students: 33

Registration: -CLASS FULL- https://www.eventbrite.com/e/penetration-testing-environments-client-test-security-icon-e-tickets-47193713668
(Opens July 8, 2018 at 15:00 PDT)

Wesley McGrew
Wesley McGrew oversees and participates in penetration testing in his role as Director of Cyber Operations for HORNE Cyber Solutions. He has presented on topics of penetration testing, vulnerabilities, and malware analysis at DEF CON and Black Hat USA. He teaches a self-designed course on reverse engineering to students at Mississippi State University, using real-world, high-profile malware samples. Wesley graduated from Mississippi State University's Department of Computer Science and Engineering and previously worked at the Distributed Analytics and Security Institute. He holds a Ph.D. in computer science for his research in vulnerability analysis of SCADA HMI systems.

Kendall Blaylock
Kendall serves as Director of Cyber Intelligence for HORNE Cyber, where his specialty is digital forensics and incident response. Prior to his role at HORNE Cyber, Kendall co-founded the National Forensics Training Center where he served as lead instructor providing training to law enforcement and U.S. military veterans in a wide range of digital forensic skills.


Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Friday - 13:30-13:59


Title:
penetration testing sex toys: "I've seen things you people wouldn't believe"

Renderman
@internetofdongs @ihackedwhat


The Internet of Dongs project took on the branch of IoT that no one wanted to touch; Internet connected sex toys and intimate wearables. Helping vendors and the public understand the unique challenges associated with privacy and security of these devices has had some "interesting" discoveries and revelations along the way. This talk will cover some of the wierd, bizarre, and sometimes intriguing discoveries that have been made along the way that may or may not have required mindbleach afterwards.



Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon B - Thursday - 10:00-13:59


Pentesting ICS 101

Thursday, 1000-1400 in Icon B

Alexandrine Torrents Security Consultant, Wavestone

Arnaud SOULLIÉ Manager, Wavestone

Many people talk about ICS & SCADA security nowadays, but only a few people actually have the opportunity to get their hands dirty and understand how these systems work. Have you ever wanted to know how to make a train derail, or stop a production line? Well, this workshop is made for you! The goal of this workshop is to give you the knowledge required to start attacking SCADA networks and PLCs, and give you hands-on experience on real devices by hacking our model train! In this workshop, we will cover the main components and the commonly associated security flaws of industrial control systems, aka SCADA systems. We will then focus on their key assets, Programmable Logic Controllers (PLCs), and discover how they work, how they communicate, how they can be programmed to learn the methods and tools you can use to p*wn them. Then we will move on to real-world by attacking real PLCs from two major manufacturers on a dedicated setup featuring robot arms and a model train! Let's capture the flag!

Prerequisites: A knowledge of penetration testing is a plus, but we try to make it work for newbies as well.

Materials: A computer with 4gb of RAM, 30GB disk space and Virtualbox. We will provide 2 Virtual Machines for attendees.

Max students: 30

Registration: -CLASS FULL- https://www.eventbrite.com/e/pentesting-ics-101-icon-b-tickets-47086318446
(Opens July 8, 2018 at 15:00 PDT)

Alexandrine Torrents
Alexandrine Torrents is a cybersecurity consultant at Wavestone, a French consulting company. She is specialized in penetration testing, and performed several security assessment on ICS. She worked on a few ICS models to demonstrate attacks on PLCs and she developed a particular tool to request Siemens PLCs. Moreover, she is also working at securing ICS, in the scope of the French military law, enforcing companies offering a vital service to the nation to comply to security rules.

Arnaud SOULLIÉ
Arnaud Soullié is a manager at Wavestone, performing security audits and leading R&D projects. He has a specific interest in Active Directory security as well as ICS, two subjects that tend to collide nowadays. He teaches ICS security and pentests workshops at security conferences (BlackHat Europe 2014, BSides Las Vegas 2015/2016, Brucon 2015/2017, DEFCON 24) as well as full trainings (Hack In Paris 2015).


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Friday - 15:00-15:45


Playback: a TLS 1.3 story

Friday at 15:00 in Track 2
45 minutes | Demo

Alfonso García Alguacil Senior Penetration Tester, Cisco

Alejo Murillo Moya Red Team Lead EMEAR, Cisco

TLS 1.3 is the new secure communication protocol that should be already with us. One of its new features is 0-RTT (Zero Round Trip Time Resumption) that could potentially allow replay attacks. This is a known issue acknowledged by the TLS 1.3 specification, as the protocol does not provide replay protections for 0-RTT data, but proposed countermeasures that would need to be implemented on other layers, not at the protocol level. Therefore, the applications deployed with TLS 1.3 support could end up exposed to replay attacks depending on the implementation of those protections.

This talk will describe the technical details regarding the TLS 1.3 0-RTT feature and its associated risks. It will include Proof of Concepts (PoC) showing real-world replay attacks against TLS 1.3 libraries and browsers. Finally, potential solutions or mitigation controls would be discussed that will help to prevent those attacks when deploying software using a library with TLS 1.3 support.

Alfonso García Alguacil
Alfonso Garcia Alguacil is a penetration tester and security consultant with 7 years of experience. Words like exploit, code or binary would quickly catch his attention. He currently works at Cisco as a senior security consultant.

Alejo Murillo Moya
Alejo Murillo Moya has been always passionate about security with 10+ years of experience as a penetration tester and security consultant, achieving during that journey important technical certifications like CREST and GIAC GSE. He is currently working at Cisco as a red teaming lead and managing security consultant.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Saturday - 14:00-14:30


Playing Malware Injection with Exploit thoughts

Saturday at 14:00 in Track 3
20 minutes | Demo, Tool, Exploit

Sheng-Hao Ma CSIE, NTUST

In the past, when hackers did malicious program code injection, they used to adopt RunPE, AtomBombing, cross-process creation threads, and other approaches. They could forge their own execution program as any critical system service. However with increasing process of anti-virus techniques, these sensitive approaches have been gradually proactively killed. Therefore, hackers began to aim at another place, namely memory-level weakness, due to the breakages of critical system service itself.

This agenda will simply introduce a new memory injection technique that emerged after 2013, PowerLoadEx. Based on this concept, three new injection methods will be disclosed as well. These makes good use of the memory vulnerability in Windows to inject malicious behavior into system critical services. The content will cover Windows reverse analysis, memory weakness analysis, how to use and utilize, and so on. The relevant PoC will be released at the end of the agenda.

Sheng-Hao Ma
Sheng-Hao Ma (aaaddress1) is a core member of CHROOT Security Group and TDOHacker security community in Taiwan, he has over ten years of experience in reverse engineering and machine language, and mastered the intel 8086. He expert in Windows vulnerability, reverse engineering.

Moreover, Sheng-Hao Ma has many papers presented in security conferences such as BlackHat Asia Arsenal, BSidesLV, ICNC, MC2015 and CISC, he was also a speaker at HITCON (Hackers In Taiwan Conference), SITCON (Students In Taiwan Conference), iThome#Chatbot.

@aaaddress1


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon E - Thursday - 14:30-18:30


Playing with RFID

Thursday, 1430-1830 in Icon E

Vinnie Vanhoecke Penetration Tester, Ernst & Young Belgium

Lorenzo Bernardi Cyber Security Consultant, Ernst & Young Belgium

This is a workshop about Radio-frequency Identification (RFID), including a basic introduction and a set of practical hands-on challenges. We will start with explaining the theory behind RFID, including the different types and protocols (e.g. HID, Mifare, �) and how to perform an RFID assessment. Afterwards, the participants can take on several challenges (of increasing difficulty) with RFID readers that we will provide. Our objective is to make this workshop fun and accessible to a wide audience.

Prerequisites: Basic Linux knowledge

Materials: Laptop (preferably Linux based OS)

Max students: 33

Registration: -CLASS FULL- https://www.eventbrite.com/e/playing-with-rfid-icon-e-tickets-47086519046
(Opens July 8, 2018 at 15:00 PDT)

Vinnie Vanhoecke
Vinnie is a penetration tester of web application & mobile application working for EY. During college he wrote a thesis about RFID and now he using his experience to provide a RFID workshop and make people aware of the vulnerabilities within RFID. In his spare time he strengthen his IT security skills by playing CTF's, reading blogs, going to conferences and develop a variety of side projects.

Lorenzo Bernardi
Lorenzo is a cyber security consultant at EY. He mainly focusses on penetration testing and red team exercises. Because of the different physical intrusion he had to perform in the scope of the red teaming activities, he extended his wireless knowledge to the RFID field, where he gained experience over the years. In his spare time Lorenzo likes to learn new topics related to cyber security. He has basic knowledge of wireless signal hacking, in addition of RFID.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Friday - 10:30-10:50


Please do not Duplicate: Attacking the Knox Box and Other Keyed Alike Systems

Friday at 10:30 in Track 3
20 minutes | Demo, Tool

m010ch_ Hacker

Knox Boxes, along with other rapid entry systems are increasing in popularity, as they allow first responders such as police, fire, and paramedics to quickly gain access to a building in the event of an emergency without having to force entry. These devices rely on the security and key control provided by various locks to prevent unauthorized access to buildings. In this talk, I will focus on vulnerabilities of the widely used Knox Box and Medeco cam lock to key duplication attacks. I will demonstrate how a sufficiently skilled attacker could obtain a key that would grant them access to thousands of residential and commercial buildings throughout America, as well as show off new tools designed to streamline the process of duplicating physical keys using CAD and 3D printing. What could possibly go wrong when someone tries to backdoor an entire city?

m010ch_
m010ch_ is a physical security enthusiast and computer science student who spends most of his free time doing terrible things to locks. He enjoys participating in locksport competitions, and can often be found hunched over his desk, poking at small pieces of metal until he gets frustrated.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Sunday - 11:00-11:45


Politics and the Surveillance State. The story of a young politician's successful efforts to fight surveillance and pass the nation's strongest privacy bills.

Sunday at 11:00 in Track 2
45 minutes | Audience Participation

Daniel Zolnikov Montana State Representative

Orwell's concept of 1984 has more to do with government misuse of technology than technology itself. New technology allows for more opportunity, but unchecked, it allows for complete government control.

Representative Daniel Zolnikov is the nation's leading politician regarding privacy and surveillance and has enacted numerous laws safeguarding fourth amendment rights regarding digital communications and technology. Daniel will walk you down the road of how political misuse of technology can and will turn the Federal Government into an unprecedented nanny state that will lead to a suppressed free flow of information and fear of stepping out of line. His story includes insights on how unique left and right coalitions were formed to pass these laws in his home state of Montana, and how he prevailed against law enforcement groups who opposed implementing warrant requirements.

This discussion is aimed at sharing insights no matter your political affiliation. All of Daniel's legislation has passed with overwhelming bi-partisan support through both bodies in Montana's legislature and was signed by the governor of the opposite party. Although most speeches involving politicians tend to lead towards rhetoric, Daniel's goal is to share enough information to be able to understand why change has not taken place yet, and leave you understanding how to remedy that.

His story will give you insights into the politics that states and the nation face when reforming these issues, and his down to earth approach will bring the topic down to a level of humor and easy understanding. There is no need for any technical or political insight to be able to appreciate this topic and the work Daniel has done on behalf of the more technologically savvy enthusiasts.

The theme of DEF CON 26 would be inconsistent without taking into consideration policy and how it ties in closely with technology. Technology relies on policy, and policy has the implications of dictating the use of technology. The two can go hand in hand, or end up squaring up against each other. You are an important, and lesser heard voice in the world of aged politicians with limited vision. The Orwellian state existed due to a mixture of bad policies and technology. Although the theme focuses on technology used to disrupt the surveillance state, the other half of the battle is ensuring this state does not reach the disastrous conclusions of 1984.

Daniel believes we can move forward with technology without living in fear of our government. If you want to have some hope and direction towards the future of policy regarding surveillance and technology, Daniel will leave you with the optimism that there is still a chance that our nation can have a balanced approach that ensures 1984 does not become the norm in the future and will help you understand how to take part in this action.

Daniel Zolnikov
Daniel Zolnikov is a third term liberty-minded State Representative serving in the Montana Legislature. He is a been a strong advocate for civil rights concerning our freedoms and liberties, and limited government, and is working to make Montana the Last Best Place for future generations. As a 31-year-old representative who first served in his mid-20's, Daniel has specialized in 21st Century policy areas addressing the opportunities and risks associated with new technologies. Zolnikov has also lead on energy policy as the Chairman of the House Energy, Technology and Federal Relations Committee.

Daniel is the nation's leading legislator regarding laws protecting digital information and devices. In 2017, he passed leading legislation requiring a warrant for digital communication devices, warrant requirements for digital communications, limits on license plate readers that prevent the DEA from using Montana's information in their national vehicle tracking program and reformed and created strict limits on vehicle spot checks.

He has also successfully passed laws requiring government to get a warrant to access cellphone location information, passing the strongest Freedom of the Press legislation in the nation, protecting reporters' electronic communications from government intrusion, and give immunity from MIP laws to minors who seek emergency medical attention. He also helped lead the effort to revise Montana's outdated transportation laws to allow ride-sharing services like Uber to operate in Montana, which is expected to reduce the drunk driving epidemic in many communities.

Forbes ranked Daniel among the top"30 Under 30" policymakers in the nation, and Red Alert Politics recognized him as one of the country's Top 30 Conservatives under the age of 30. He has also received the Montana Library Association's"Intellectual Freedom Award", along with Responsibility.org's"Advancing Alcohol Responsibility" leadership award.

Daniel is a strong advocate of transparency in government, and has posted his votes on his public Facebook page. He regularly interacts with constituents on his Twitter profile, @DanielZolnikov.

Daniel received his undergraduate degree from the University of Montana where he earned three business majors in Information Systems, Marketing, and Management, along with a minor in Political Science. Outside of the Legislature, Daniel has worked as a small business consultant and is currently obtaining his MBA. Daniel enjoys fishing, swimming, and the freedom that only Big Sky Country can offer.

@DanielZolnikov, www.facebook.com/danielzolnikov, www.linkedin.com/ind/zolnikov, www.danielzolnikov.com


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Friday - 16:00-16:45


Practical & Improved Wifi MitM with Mana

Friday at 16:00 in Track 2
45 minutes | Demo, Audience Participation, Tool

singe CTO @ SensePost

In 2014, we released the mana rogue AP toolkit at DEF CON 22. This fixed KARMA attacks which no longer worked against modern devices, added new capabilities such as KARMA against some EAP networks and provided an easy to use toolkit for conducting MitM attacks once associated.

Since then, several changes in wifi client devices, including MAC randomisation, significant use of the 5GHz spectrum and an increased variety of configurations has made these attacks harder to conduct. Just firing up a vanilla script gets fewer credentials than it used to.

To address this mana will be re-released in this talk with several significant improvements to make it easier to conduct rogue AP MitM attacks against modern devices and networks.

After years of using mana in many security assessments, we've realised rogue AP'ing and MitM'ing is no simple affair. This extended talk will provide an overview of mana, the new capabilities and features, and walk attendees through three scenarios and their nuances:

As a bonus, you'll be able to download a training environment to practise all of this without requiring any wifi hardware (or breaking any laws).

singe
singe has been hacking for 14 years, the last 8 of them at SensePost. He is the primary author of mana-toolkit and has developed wifi hacking training for places like BlackHat.

@singe


Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Friday - 13:00-13:30


Title:
Practical attack simulations in Critical National Infrastructure (CNI): Oh the perils, or oh the fun?

William Knowles and James Coote
@william_knows
Practical attack simulations in Critical National Infrastructure (CNI): Oh the perils, or oh the fun?

"There are two commonly held perceptions when it comes to CNI security: that they are under constant threat, and that any form of practical security testing is a bad idea. So how can we provide demonstrable assurance that these environments are secure?

This talk intends to challenge the perception that practical security testing should be avoided, and will discuss MWR's successes, failures, and lessons learned when conducting goal-oriented CNI attack simulations.

The key topics of discussion will focus on:

- Ignoring theory, what are the technologies being used in real-world CNI environments? Where does IT end and Operational Technology (OT) begin when it comes to assets that a targeted attacker would realistically look to compromise? In particular for affecting the availability and integrity of data sources, or gaining the capability to control physical processes (hint: it is more IT than you would think).

- How can we apply red team methodologies in environments with high stability requirements, while minimising operational risk and testing time?

- Want to know how to turn off the water, stop the gas, or simply control the control room? Commonly found ways of elevating privileges will be discussed, along with paths for moving towards key asset compromise. "


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Friday - 14:40-15:10


Prebellico - 100% Passive Pre-Engagement and Post Compromise Network Reconnaissance Tool - William Suthers

When attacking modern internal networks, intelligence is everything. Understanding the environment you are operating in can be the difference between successfully penetrating your target environment or missing targets of opportunity due to lack of understand about the target environment.

While true, obtaining information about the environment in a stealthy manner, when required, can be difficult within a mature environment. Even during overt engagements, obtaining the information you need within a limited time window can be difficult, especially during engagement delays.

Further complicating things, often testing scope is based off of poor assumptions about the target environment, often leading unrealistic scope reductions a real-world attacker would not operate out of.

Over the years internal testing engagements have been operating on various assumptions within switched networks, often driving engagement execution methods, but what if these assumptions were wrong? What if we could utilize the wasted time, even weeks in advance, between deployment and engagement execution, to take the time to understand the network? What if we could leverage the realities of modern networks and the things customers do to ‚Äòprepare’ for an engagement (backups, security scans, etc.) through 100% passive methods, challenging your assumptions about the network?

Prebellico is pre-engagement and post compromise intelligence gathering mechanism designed to gather as much information about the target environment through 100% passive methods. Utilizing very few resources, Prebellico permits an attacker the ability to understand the target environment by providing information such as the intent of internal systems, internal network address space, hostnames, egress filtering, TCP trust relationships, as well as map open TCP/UDP ports through reverse port scanning using 100% passive techniques.”


Return to Index    -    Add to    -    ics Calendar file

 

PPV - Flamingo Lower Level - Valley Of Fire Rms - Saturday - 17:00-17:59


Title:
Primer On Dealing w/ Local Gov. for Legal Cannabis

No description available
Return to Index    -    Add to    -    ics Calendar file

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Sunday - 11:30-11:59


Title: Privacy and Blockchain: A Boundary Object Perspective

Speakers: Robin "midipoet" Renwick

Description:
No description available



Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Friday - 15:00-15:45


Privacy infrastructure, challenges and opportunities

Friday at 15:00 in Track 3
45 minutes |

yawnbox Executive Director, Emerald Onion

We started our own transit Internet Service Provider (ISP) to safely route anonymized packets across the globe, and you can too. Emerald Onion is a Seattle-based 501(c)3 not-for-profit and we want to help other hacker collectives start their own. Getting your own Autonomous System Number (ASN), managing Internet Protocol (IP) scopes, using Border Gateway Protocol (BGP) in Internet Exchange Points (IXPs), dealing with abuse complaints or government requests for user data -- this is all stuff that you can do. Not every technologist is comfortable with launching and managing a nonprofit organization let alone has all of the technical knowhow to run an ISP. We didn't either when we started. We had a goal, and that was to route unfiltered Tor exit traffic in the Seattle Internet Exchange despite National Security Agency (NSA) wiretaps in the Westin Exchange Building. This talk will cover high level challenges and opportunities surrounding privacy infrastructure in the United States.

yawnbox
yawnbox is the co-founder and executive director for Emerald Onion and has a background in network administration, datacenter operations, and security engineering. He has been running Tor guard and middle relays since 2010 and exit relays since 2012. Being a victim of domestic violence at a young age, yawnbox has been acutely aware of physical location metadata since the age of 8 and has been researching, publishing, and training at-risk communities about threat modeling and operational security since becoming a part of the Tor community. In 2013, yawnbox got involved with political activism through the Seattle Privacy Coalition, and in 2015 performed an internship with the ACLU of Washington where he helped roll out the first instance of SecureDrop in a non-journalist organization. In 2016, yawnbox was brought on as Tor Project's first full time Grant Writer but left shortly after.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Octavius 13 - Saturday - 20:00-19:59


Privacy Is Equality—And It's Far from Dead

Saturday at 20:00 in Octavius 13
Fireside Hax

Sarah St. Vincent Researcher/Advocate on National Security, Surveillance, and Domestic Law Enforcement, Human Rights Watch

A talk at DEF CON 25 claimed that privacy is "gone and never coming back." This talk offers a different view, inviting the audience to see privacy as fundamentally about equality-something we have never fully had but also should never regard as gone.

The speaker is a human rights lawyer and investigator, and will draw on decades of human rights thinking about state surveillance as well as her 2017 revelations about Defense Department monitoring of "homegrown violent extremists." Adopting a feminist and race-conscious perspective and inviting audience participation, the talk will challenge received wisdom about basic concepts such as privacy, national security, the warrant requirement, and online radicalization. With a view to the future, it will also offer a thought-provoking history of the connections between privacy and equality in the United States-and the ways unchecked surveillance operates to categorize us and reinforce divisions between us.

It is easy to forget that _1984_ was partly a story about poverty and economic inequality. This talk embraces Orwell's insight into the connection between the erosion of privacy and a dangerous loss of equality, and carries it forward.

Sarah St. Vincent
Sarah St. Vincent is a researcher and advocate on national security, surveillance, and domestic law enforcement for the US Program at Human Rights Watch. She has investigated and documented the deliberate concealment of surveillance-based and other evidence from US criminal defendants, the Defense Department's monitoring of "homegrown violent extremists," and the potential use of US intelligence surveillance for anti-drug purposes. Before joining Human Rights Watch, she was a legal fellow on international human rights and surveillance at the Center for Democracy & Technology. She writes regularly about surveillance, privacy, and related issues under US and European Union law and is a member of the New York bar.

@SarahStV_HRW


Return to Index    -    Add to    -    ics Calendar file

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Saturday - 11:00-11:30


Title: Prize winners, awards, and announcements

Speakers: midipoet and MSvB

Description:
No description available



Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Saturday - 15:00-15:45


Project Interceptor: avoiding counter-drone systems with nanodrones

Saturday at 15:00 in 101 Track, Flamingo
45 minutes | Demo, Tool, Audience Participation

David Melendez Cano R&D Embedded Systems Engineer. Albalá Ingenieros S.A.

Antidrone system industries have arised. Due to several, and even classic, vulnerabilities in communication systems now used by drones , anti-drone systems are able to take down those drone by means of well documented attacks.

Drone/antidrone competition has already been set into the scene. This talk provides a new vision about drone protection against anti-drone systems, presenting "The Interceptor Project", a hand-sized nano drone based on single-core tiniest Linux Board: Vocore2.

This Linux board manages a WiFi (side/hidden) bidirectional channel communication that cannot be deauthenticated and it is replay-resistant, keeping all 802.11 hacking capabilities and standard utilities as any other WiFi hacker drone, with only the built-in adapter of the tiny Vocore2. Also, a "just in case", fallback control by SDR is implemented taking advantage of all the goods that SDR radio gives. All embedded into a hand-sized aircraft to make detection and mitigation a real and new pain, with a very low budget: About $70.

David Melendez Cano
David Melendez Cano, Spain, works as R&D software engineer for TV Studio manufacturer company, Albalá Ingenieros S.A. in Madrid. He has won several prices in robotic contests and he has been a speaker at Nuit Du Hack, RootedCON, NoConName, Codemotion, HKOSCON, etc. Author of the book "Hacking con Drones" and robot builder.

@taiksontexas


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Caesars Palace, Queercon Lounge Suite, Rm TBA - Thursday - 12:00-14:30


Title:
Promether, 1st Party of Defcon

Badges get you VIP access to the party, free Promether lanyard, and free entries into the raffle for awesome swag during the party. You can preorder a badge at eijah.com Badges aren't necessary to enter the party, people will just need to wait in line, etc. (normal party stuff at defcon) Ytcracker and Dual Core will be performing
More Info: https://promether.com/

Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Friday - 14:00-14:59


Protecting Crypto Exchanges from a New Wave of Man-in-the-Browser Attacks

Pedro Fortuna, CTO and Co-Founder of Jscrambler

In the last year or so, we have seen a massive increase in the value of cryptocurrencies and the emergence of hundreds of new coins and ICOs, getting millions of people into an investment frenzy. A lot of them being non-technical regular consumers that rushed to create new accounts in the most popular crypto exchanges like Coinbase or Bitstamp. Crypto exchanges are naturally appealing for attackers and have been targeted since as long as we can remember. However, since last year, they are also being targeted by Man-in-the-Browser (MITB) attacks. Malware families such as Zeus Panda, Ramnit and Trickbot are already aiming at websites such as Coinbase.com or Blockchain.info. In this talk, we will detail how these attacks work, from account takeover to moving out the coins to attacker-controlled wallets. We'll discuss current defenses e.g. multi-factor authentication or strong SSL encryption and why they are failing to mitigate this type of attacks.

Pedro Fortuna (Twitter: @pedrofortuna) is CTO and Co-Founder of Jscrambler where he leads the technical vision for the product suite and contributes with his cybersecurity knowledge for R&D. Pedro holds a degree in Computing Engineering and a MSc in Computer Networks and Services, having more than a decade of experience researching and working in the application security area. He is a regular speaker at OWASP AppSec events and other cybersecurity conferences but also contributes to web development events. His research interests lie in the fields of Application Security, Reverse Engineering and Malware and Software Engineering. Author of several patents in application security.


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Saturday - 17:00-18:00


Title:
Prototyping Cryptographic Protocols With Charm

5:00pm

Prototyping Cryptographic Protocols With Charm
When
Sat, August 11, 5pm 6pm
Description
Speaker
------
Matt Cheung

Abstract
--------
Modern cryptographic research uses a variety of lesser known primitives like homomorphic encryption, sigma protocols, oblivious transfer, and bilinear groups. Charm is a Python framework that implements many of these primitives and makes it easy to implement your own. In this workshop, I will discuss the primitives and demonstrate how they can be used. If you would like to follow along you can clone the charm repo from https://github.com/JHUISI/charm

Bio
-----------------
Matt Cheung started developing his interest in cryptography during an internship in 2011. He worked on implementation of a secure multi-party protocol by adding elliptic curve support to an existing secure text pattern matching protocol. From this experience he has given talks and workshops at the Boston Application Security Conference, DEF CON, and the DEF CON Crypto and Privacy Village.

Twitter handle of presenter(s)
------------------------------
nullpsifer

Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Sunday - 13:45-13:45


Title: PWN to OWN my own Heart. Journey into hacking my own pacemake

Speaker: Veronica Schmit
About Veronica:
Veronica or Vee is a Partner at DFIRLABS. She is a forensicator, avid researcher and quite literally the superglue that holds DFIRLABS together. She was previously in charge of the Free State Cyber Forensic Laboratory of the Special Investigating Unit. After deciding that this title on its own wasn’t already too much of a mouthful, she departed the SIU in order to add Malware (Reverse) Engineer, Photographer, Seamstress, Super Mom and Sleep-deprived MSc Chaser to her list. She PWN’s to own her own medical device which aids her broken heart beats, into a different rhythm, sometimes this beat is much like that of drums beating. She is passionate about medical device security and does not believe in security through obscurity. In between attending Metallica concerts and being converted into a cyborg (no really, ask her about her metal bits sometime), she completed a Diploma in Criminal Justice and Forensic Investigation from the University of Johannesburg. Deciding to brave foreign climes and curiosities, she went on to receive training in Europe on digital forensics and cyber crime investigation from the United States Department of Homeland Security. She is an Associate Member of a number of professional bodies, including the Institute of Information Technology of Professionals of South Africa, the Association of Certified Fraud Examiners, and the International Association of Computer Investigative Specialists. Veronica has contributed to several publications, including the ISC2 CCFP : Certified Computer Forensic Practitioner. She is currently juggling a Master’s thesis on ransomware, several digital forensics cases, getting a quality forensics training company off the ground, and reverse engineering ransomware whilst also keeping her two year old from walking into things. You can contact her by lighting up the night sky with the P10z0n_P1x13 beacon mounted on the top of the Twitter police department, or alternatively by email.
Abstract:
The increase of pace in the technology field has left the race for manufacturers to increase the security in medical devices. There is the theoretically possibility that your heart can be pwned. Pacemakers have become part of the internet of things. We are putting our hearts on display. This is my journey from regular hacker to gen-one cyborg to pwning my own heart that I can own the vulnerabilities to fix it. We forget that these are devices connected to flesh and blood, a person who depends on this device to have just one more heart beat. This is a journey into the inner sanctum of living with a vulnerable device in a time where technology progression has left behind security. We can no longer have security by obscurity when it comes to devices which cyborg’s like me depend on.We should not be in the business of sacrificing security for convenience or power. As a patient, I would rather sleep knowing my device has been hardened and have the inconvenience of replacing it more regularly than the converse. I feel that we, as the security community, should be addressing and assisting medical manufacturers with the security vulnerabilities in the devices that literally keep people alive. There should be more effort placed on addressing the security vulnerabilities. The simple fact is we are not dealing with just ones and zeroes. This is, for some, a life or death situation.

Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Thursday - 11:00-11:45


Pwning "the toughest target": the exploit chain of winning the largest bug bounty in the history of ASR program

Thursday at 11:00 in 101 Track, Flamingo
45 minutes |

Guang Gong Alpha Team at Qihoo 360

Wenlin Yang Alpha Team at Qihoo 360

Jianjun Dai Security researcher of Qihoo360 Alpha Team

In recent years, Google has made many great efforts in exploit mitigation and attack surface reduction to strengthen the security of android system. It is becoming more and more difficult to remotely compromise Android phones especially Google’s Pixel phone.

The Pixel phone is protected by many layers of security. It was the only device that was not pwned in the 2017 Mobile Pwn2Own competition. But our team discovered a remote exploit chain—the first of its kind since the Android Security Rewards (ASR) program expansion, which could compromise The Pixel phone remotely. The exploit chain was reported to Android security team directly. They took it seriously and patched it quickly. Because of the severity and our detailed report, we were awarded the highest reward ($112,500) in the history of the ASR program.

In this talk we will detail how we used the exploit chain to inject arbitrary code into system_server process and get system user permissions. The exploit chain includes two bugs, CVE-2017-5116 and CVE-2017-14904. CVE-2017-5116 is a V8 engine bug related with Webassembly and SharedArrayBuffer. It is used to get remote code execution in sandboxed Chrome render process. CVE-2017-14904 is a bug in Android's libgralloc module that is used to escape from the sandbox. The way we used for sandbox escaping is very interesting, rarely talked about before. All details of vulnerabilities and mitigation bypassing techniques will be given in this talk.

Guang Gong
Guang Gong (@oldfresher) is a senior security researcher of Qihoo360 and the team leader of 360 Alpha Team. His research interests included Windows rootkits, virtualization and cloud computing. He currently focuses on mobile security, especially on hunting and exploiting Android's vulnerabilities. He has spoken at several security conferences such as Black Hat, CanSecWest, PHDays, SyScan360, MOSEC, PacSec and so on. He is the winner of Mobile Pwn2Own 2015(the target: Nexus 6), Pwn0Rama 2016 (the category of mobile devices), Pwn2Own 2016 (the target: Chrome), PwnFest 2016(the target: Pixel XL), Mobile Pwn2Own 2017(the target: Galaxy S8).

@oldfresher

Wenlin Yang
Wenlin Yang is a junior researcher of Qihoo 360 and the team member of 360 Alpha Team. He currently focuses on Android's vulnerabilities. He has submitted multiple bugs to Google and several other vendors in China and received some acknowledgments.

Jianjun Dai
Jianjun Dai (@Jioun_dai) is a security researcher of Qihoo360 Alpha Team, he focus on Android system security research, vulnerability hunting and exploiting development. Previously, he is a security developer, major work include network protocol analysis, vulnerability detection, botnet and backdoor detection, sandbox technology research and development, etc. He have been in Android vulnerability research for more than two years, he found lots of vulnerabilities in AOSP, and won the Bug Bounty. He is a speaker at the CanSecWest conference.


Return to Index    -    Add to    -    ics Calendar file

 

Meetup - Caesars Palace, Queercon Lounge Suite, Rm TBA - Thursday - 16:00-17:59


Title:
Queercon Mixer

Join us in the Queercon Lounge for the first Queercon Mixer of DEF CON. Come find old friends, and make some new ones, in the Queercon Lounge at Caesars. No DEF CON badge required; Open to all LGBTQ, as well as friends and allies.
More Info: https://queercon.org/blog/2018/07/13/queercon-15-schedule/

Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Caesars Palace, Queercon Lounge Suite, Rm TBA - Saturday - 20:00-26:59


Title:
Queercon Rainbow Ball

Who needs a black and white ball when we have a Rainbow Ball?! The Queercon Lounge turns into the biggest dance party, and keeps going all night long.
More Info: https://queercon.org/blog/2018/07/13/queercon-15-schedule/

Return to Index    -    Add to    -    ics Calendar file

 

Meetup - Caesars Palace Forum Tower Duplex Suite, Diana Initiative Suite Rm TBA - Thursday - 20:00-23:45


Title:
Quiet Party

Come join us for a night of quiet networking and game play. We will have a variety of board and card games available.
More Info: The Diana Initiative

Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Friday - 18:00-18:59


Title:
Real Simple Blue Team Shit

@wornbt
Real Simple Blue Team Shit

"N00b friendly! While the vuln of the week club keeps finding new and fascinating technical exploits all the time, malicious actors keep using old and surprisingly uncomplicated methods; old and simple stuff still works. This talk, well explore real shit aimed at a financial institution and whats been effective at mitigating these old and simple attacks. If youre starting out in blue team defense, youll come away real simple shit you can do to raise the cost to attackers doing the same old credential stuffing, phishing, and script-kiddie RCE attempts.

While new technical vulnerabilities are found continuously, malicious actors often rely on tried and true methods to exploit. These exploits are surprisingly uncomplicated. In this talk, well share attempts weve seen from malicious actors. Well break down actual attacks and share whats been most effective in mitigating credential stuffing, phishing, and common RCE attempts. At the end of this talk, youll walk away with simple takeaways to raise the cost to attackers for these simple attacks."


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Saturday - 13:00-13:30


Reaping and breaking keys at scale: when crypto meets big data

Saturday at 13:00 in Track 2
20 minutes | Demo, Audience Participation, Tool

Yolan Romailler Security Researcher at Kudelski Security

Nils Amiet Security Engineer at Kudelski Security

Public keys are everywhere, after all, they are public. These keys are waiting to be reaped by those who know their real value. Hidden behind this public face lurks some potentially dangerous issues which could lead to a compromise of data and privacy.

Leveraging hundreds of minion devices, we built a public key reaping machine (which we are open sourcing) and operated it on a global scale. Collected keys are tested for vulnerabilities such as the recent ROCA vulnerability or factorization using batch-GCD. We've collected over 300 million keys so far and built a database 4 to 10 times bigger than previous public works.

Performing the initial computation on over 300 million keys took about 10 days on a 280 vCPU cluster. Many optimizations allow our tool to incrementally test new RSA keys for common prime factors against the whole dataset in just a few minutes.

As a result of our research, we could have impersonated hundreds of people by breaking their PGP keys, mimicked thousands of servers thanks to their factored SSH keys and performed MitM attacks on over 200k websites relying on vulnerable X509 certificates.

In the end, we were able to do this in an entirely passive way. Going further is possible, but it would lead us to the dark side. Would big brother hesitate to go there?

Yolan Romailler
Yolan Romailler is a Security Researcher at Kudelski Security, where he delves into (and dwells on) cryptography, crypto code, blockchains and other fun things. He has spoken at Black Hat USA, BSidesLV and DEF CON's Cryptovillage on automation in cryptography, vulnerability research, and presented at FDTC 2017 the first known practical fault attack against EdDSA. Yolan tweets as @anomalroil.

Nils Amiet
Nils Amiet is a Security Engineer at Kudelski Security, where he performs big data analytics, leveraging Spark, Hadoop and Chapel clusters to analyze large datasets. He designed a data pipeline to snapshot the whole IPv4 address space for selected network protocols, allowing automated and reproducible offline data analysis. He also built an automated country security ranking. Nils likes open source software, data analytics, distributed systems and data processing.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Saturday - 17:00-17:45


Relocation Bonus: Attacking the Windows Loader Makes Analysts Switch Careers

Saturday at 17:00 in Track 2
45 minutes | Demo, Tool

Nick Cano Senior Security Architect @ Cylance

The arbiters of defense wield many static analysis tools; disassemblers, PE viewers, and anti-viruses are among them. When you peer into their minds, these tools reveal their perilous implementations of PE file parsing. They assume PE files come as-is, but the Windows Loader actually applies many mutations (some at the command of the PE itself) before execution ever begins. This talk is about bending that loader to one's whim with the Relocations Table as a command spell. It will demonstrate how the loader can be instrumented into a mutation engine capable of transforming an utterly mangled PE file into a valid executable. This method starts with multiple ASLR Preselection attacks that force binary mapping at a predictable address. It then mangles the PE file, garbling any byte not required prior to relocation. Finally, it embeds a new Relocations Table which, when paired with a preselected base address, causes the loader to reconstruct the PE and execute it with ease. This isn't a packer or a POC, it is a PE rebuilder which generates completely valid, stable, and vastly tool-breaking executables. This talk will show you how this attack twists the protocols of a machine against the controls meant to protect it. It flexes on tools with various look-what-I-can-break demonstrations and, if you write similar tools, it'll make you rethink how you do it.

Nick Cano
Nick is a self-taught software engineer, hacker, and an avid CTFer. He started coding when he was 11 and planted his roots in video game hacking by 14. His game hacking endeavors lead to a profitable business which became the foothold for his career. Nick is the author of"Game Hacking: Developing Autonomous Bots for Online Games," and has spoken about topics such as malware analysis, Windows internals, game hacking, and memory forensics at DEF CON, DerbyCon, HOPE, and other prestigious conferences. Previously a Senior Engineer at Bromium and currently a Senior Architect at Cylance, he's using his Windows internals experience to help make advances with endpoint protection, detection, and response.

https://twitter.com/nickcano93, https://nickcano.com/, https://github.com/nickcano


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Friday - 17:45-18:30


Title: Remote Sensing, Distributed Computing, BigData and 3D Epidemiology: Today’s Public Health Opportunity

Speaker: Debra Laefer
Abstract:
Recent advances in remote sensing, drones, distributed computing, bigdata, and environmental DNA offer an unprecedented opportunity to push epidemiology beyond its traditional, two-dimensional (i.e. map-based) approach and harness the full availability and power of three-dimensional data and novel investigation methods to explore such data. This talk will present an extremely technology-specific vision for achieving this.
Examples of the potential usefulness of this approach will be demonstrated with respect to three scenarios: (1) avian flu, (2) asthma, and post-flooding fecal contamination. The current state of the art of the component technologies will be presented as well as the remaining challenges for their seamless integration.

Return to Index    -    Add to    -    ics Calendar file

 

EHV - Caesars Promenade Level - Modena Rm - Friday - 15:00-15:59


Title: Responsible Disclosure Panel

Speakers: Speaker TBA

Description:

In today's climate of data breaches and information leaks, how do we in the infosec community disclose the vulnerabilities we discover responsibly? Who are we responsible to? Can we set a standard practice that is ethical, fair and effective? These and other questions will be discussed by some familiar faces on our Responsible Disclosure Panel.




Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Friday - 11:00-11:59


Rethinking Role-Based Security Education

Kat Sweet, Duo Security

How do we scale a deeper level of security awareness training without sacrificing efficacy? This talk will explore strategies and tactics for developing security education based on employees' roles, access, and attack surface while designing not only for efficiency but also for effectiveness. By prioritizing the highest-risk teams, pooling teams to collaboratively threat-model, and contextualizing universal truths of security hygiene to those threat models, we can deliver training that leverages employees' roles, fosters retention via active participation, and eases the burden on trainers within the security team. Attendees will walk away with a roadmap for building scalable, contextual, and collaborative role-based employee security education within their organizations.

Kat Sweet (Twitter: @TheSweetKat) works for Duo Security's corporate security team as an information security analyst (and senior pun architect). A passionate security educator, she is heavily involved in building her team's employee security awareness and engagement program, and is frequently the first security team member that new Duo employees meet. She also serves as the lockpick village coordinator for BSides Las Vegas, a mentor for the SANS Women's Immersion Academy, and a teaching assistant for the Ann Arbor chapter of Girl Develop It. When she's not in security mode, you can often find her bursting into song or picking unsuspecting locks.


Return to Index    -    Add to    -    ics Calendar file

 

PHW - Caesars Promenade Level - Neopolitan BR - Friday - 11:00-12:30


Reverse Engineering Malware 101

This workshop provides the fundamentals of reversing engineering (RE) Windows malware using a hands-on experience with RE tools and techniques. Attendees will be introduced to RE terms and processes, followed by basic x86 assembly, and reviewing RE tools and malware techniques. It will conclude by attendees performing a hands-on malware analysis that consists of Triage, Static, and Dynamic analysis.
 Prerequisites: Basic understanding of programming C/C++, Python, or Java
. Provided: A virtual machine and tools will be provided.
 Features: 5 Sections in 1.5 hours:

Amanda (Twitter: @malwareunicorn) absolutely loves malware. She works as a Senior Malware Researcher at Endgame who focuses on threat research focusing in dynamic behavior detection both on Windows and OSX platforms.



Return to Index    -    Add to    -    ics Calendar file

 

ICS - Flamingo Lower Level - Red Rock Rm 6-8 - Saturday - 16:55-17:25


Reverse Engineering Physical Processes in Industrial Control Systems

August 11, 2018 4:55 PM

Successful cyber-attacks against cyber-physical systems require expert knowledge about the dynamic behavior of the underlying physical process (yes, it is actually required). This information is a crucial part during the attack preparation. Previous work has shown manual acquisition of knowledge about process dynamics to be prohibitively laborious (we will show why). This talk will present first insights into automated process-aware system discovery that goes beyond IT-related trivia and focuses on the physical core of an industrial plant. We will share the results of 12 months’ worth of work, which approaches worked and which did not (and why). Notably, our work already had a follow up work at S4x2017, we will share the insights into that work too. Reverse engineering of the physical processes es is a novel topic for which we yet to find workable/standardized approaches. We encourage you to be a part of the process :-)

Speaker Information

Marina Krotofi

FireEye

Marina Krotofil is an experienced ICS/SCADA professional who specializes on offensive Industrial Control Systems (ICS) security: discovering and weaponizing unique attack vectors, engineering damage scenarios and understanding attacker techniques when exploiting ICS. She previously worked as a Principal Analyst in Cyber-Physical group at FireEye (USA), Lead Cyber Security Researcher at Honeywell (USA) and as a Senior Security Consultant at the European Network for Cyber Security (Netherlands). She authored more than 20 academic/white papers and 3 book chapters on ICS security and is a frequent speaker at the leading security events around the world. She holds MBA in Technology Management, MSc in Telecommunication and MSc in Information and Communication Systems.

Alexander Winnicki

Silver Atena

Alexander Winnicki is a Security Integrator ICS at Airbus CyberSecurity (Germany). He previously worked as a security engineer at SILVER ATENA Electronics Systems Engineering GmbH (Germany) where he was involved with the embedded systems security. His interest for ICS security has started through Bachelor and Master Theses at Hamburg University of Technology (Germany). Alexander's research contributions were presented at Black Hat and Def Con 2015 as well as published at few top ranking academic conference proceedings.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Saturday - 15:00-15:45


Reverse Engineering Windows Defender's Emulator

Saturday at 15:00 in Track 2
45 minutes | Demo, Tool

Alexei Bulazel Hacker

Windows Defender Antivirus's mpengine.dll implements the core of Defender's functionality in an enormous ~11 MB, 30,000+ function DLL.

In this presentation, we'll look at Defender's emulator for analysis of potentially malicious Windows binaries on the endpoint. To the best of my knowledge, there has never been a conference talk or publication on reverse engineering any antivirus binary emulator before.

We'll cover a range of topics including emulator internals—machine code to intermediate language translation and execution; memory management; Windows API emulation; NT kernel emulation; file system and registry emulation; integration with Defender's antivirus features; the virtual environment; etc.—building custom tooling for instrumenting the emulator; tricks that binaries can use to evade or subvert analysis; and attack surface within the emulator.

Attendees will leave with an understanding of how modern antivirus software conducts emulation-based dynamic analysis on the endpoint, and how attackers might go about subverting or attacking these systems. I'll publish code for a binary for exploring the emulator from within, patches that I developed for instrumenting Defender built on top of Tavis Ormandy's loadlibrary project, and IDA scripts to help with analyzing mpengine.dll and Defender's "VDLLs"

Alexei Bulazel
Alexei Bulazel (@0xAlexei) is a security researcher at ForAllSecure. He also provides expertise on reverse engineering and cyber policy at River Loop Security. Alexei has previously presented his research at venues such as Black Hat, REcon, and ShmooCon, among many others, and has published scholarly work at USENIX WOOT and ROOTS. Alexei is a proud alumnus of RPISEC.

@0xAlexei


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Friday - 17:00-17:45


Reverse Engineering, hacking documentary series

Friday at 17:00 in Track 3
45 minutes | Demo

Michael Lee Nirenberg Director, Restraining Order, Ltd

Dave Buchwald Producer

We will present a sample scene and panel talk on our documentary series Reverse Engineering to the hacking community, which has been in the works for 4 years. We have dozens of interviews spanning the first 3 decades of computer hacking, ultimately there will be hundreds. It's a big story, but for the purposes of DEF CON, we've put together a 17 min. Scene covering the 80s WarGames/Legion of Doom-era of computer hacking in the US.

We've spoken to great people, but there are other viewpoints—this is a history that needs to be told by 1st person accounts. The accuracy and strength of our completed series is tantamount to the quality of who we interview and the questions that get asked. Accuracy is particularly important, there's been no shortage of media hype and lies regarding hacking since the 1980s.

Our vision for this film series is inclusive and collaborative. We'd like to hear from attendees how to best tell the origin story of hacking to new generations, and more so the outside world who've been fed a lot of myths by the media. Those are the lawmakers and citizens of tomorrow that we need to reach. Little attention has been paid to the pioneering hacker spirit that has literally changed every aspect of life. We want to address and correct that.

Michael Lee Nirenberg
Michael Lee Nirenberg—documentary director (Back Issues: The Hustler Magazine Story), writer, blogger, commercial artist for movies and TV

Dave Buchwald
Dave Buchwald—former hacker in the mid-80s ("Bill from RNOC"), film editor (Love Simple, Urchin), film consultant (Hackers) and 2600 Magazine cover artist


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Friday - 14:00-14:45


Revolting Radios

Friday at 14:00 in Track 3
45 minutes | Demo, Tool

Michael Ossmann Great Scott Gadgets

Dominic Spill Great Scott Gadgets

There are many Software Defined Radios (SDRs) available, with a great deal of time and effort having gone in to their design. These are not those radios. We present four radios that we have designed using crude, novel, and sometimes ridiculous methods for transmitting and receiving signals.

The arrival of SDR allowed more hackers than ever to experiment with radio protocols, but we're still using hardware built by other people. In the time honored hacker tradition of rolling our own tools, we'll demonstrate four simple radios that can be home-built using commonly available parts for little to no cost.

Michael Ossmann
Michael is a wireless security researcher who makes hardware for hackers. Best known for the open source HackRF, Ubertooth, and GreatFET projects, he founded Great Scott Gadgets in an effort to put open source hardware into the hands of innovative people.

@michaelossmann

Dominic Spill
Dominic is a senior security researcher at Great Scott Gadgets, where he builds tools and investigates communications protocols.

@dominicgs


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Friday - 17:00-18:00


Title:
Revolutionizing Authentication with Oblivious Cryptography

5:00pm

Revolutionizing Authentication with Oblivious Cryptography
When
Fri, August 10, 5pm 6pm
Description
Speaker
------
Dr Adam Everspaugh

Abstract
--------
Current schemes to protect user passwords like bcrypt, scrypt, and iterative hashing are insufficient to resist offline dictionary attacks when password databases are stolen. We present a modern cloud service, called Pythia, which protects passwords using a cryptographically keyed pseudorandom function (PRF). Unlike existing schemes like HMAC, Pythia permits key updates as a response to compromises. Key updates nullify stolen password digests, enable digests to be updated to the new key, and don't require users to change their passwords. The keystone of is a new cryptographic construction called a partially-oblivious PRF that provides these new features.

Pythia was originally unveiled at Usenix Security 2015. In 2018, a production implementation of Pythia was created and open sourced via GitHub by Virgil Security. In addition to a presenting the Pythia construction, and demonstrating it's unique security features and performance advantage over the state of the art, we will provide a live demonstration of Virgil Security's Pythia client tool from installation through protecting and checking passwords.


Bio
-----------------
Dr Adam Everspaugh is a principal engineer and cryptographer for Uptake Technologies, an industrial predictive analytics company in Chicago. He holds a PhD in computer science from the University of Wisconsin where he researched applied cryptography for internet-scale systems.

Website of presenter(s) or content
----------------------------------
http://pages.cs.wisc.edu/~ace/

Return to Index    -    Add to    -    ics Calendar file

 

WLV - Caesars Promenade Level - Milano BR 5,6 - Friday - 12:30-12:55


Neel Pandeya

Bio

Neel Pandeya is a Senior Software Engineer and Manager of the Technical Support Group at Ettus Research, a National Instruments Company, in Santa Clara, California, USA. His background and interests are in open-source software development, kernel and embedded software development, wireless and cellular communications, DSP and signal processing, and software-defined radio (SDR). Prior to joining Ettus Research in 2014, he worked at several start-up and mid-sized companies, such as Envoy Networks, Range Networks, Draper Laboratory, and Texas Instruments. He is a co-founder and co-organizer of the New England Workshop for SDR (NEWSDR), and is a co-organizer of the GNU Radio Conference. He holds a Bachelor's Degree in electrical engineering (BSEE) from Worcester Polytechnic Institute (WPI), and a Master's Degree in electrical engineering (MSEE) from Northeastern University. He has an Amateur Radio License, and is aspiring to obtain a private pilot license.

Nate Temple

Bio

Nate Temple is a Software Engineer at Ettus Research, a National Instruments Company, in Santa Clara, California, USA, working in the areas of product support and software development. His background is in Embedded Linux Development, Micro-controller Development, Web Application Development and Security. He is passionate about SDR technology and is an Officer of the free and open-source software development toolkit, GNU Radio. His general interests are programming, wireless security, amateur radio, radio direction finding, and SATCOM hunting/hacking. He has contributed to many open-source SDR software projects over the years.

RFNoC: Accelerating The Spectrum with the FPGA

Abstract

This presentation will introduce RFNoC (RF Network-On-Chip), a network-distributed heterogeneous processing framework that enables FPGA processing for USRP software-defined radios (SDR). It provides a way to leverage FPGA processing capabilities and IP in your SDR application. RFNoC and FPGA-based systems provide low latencies and deterministic throughput for large bandwidths. A demonstration of RFNoC running the Fosphor real-time spectrum monitoring application will be presented.


Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Saturday - 16:00-16:59


Ridealong Adventures: Critical Issues with Police Body Cameras

Josh Mitchell, Principal cybersecurity Consultant at Nuix

The police body camera market has been growing in popularity over the last few years. A recent (2016) Johns Hopkins University market survey found 60 different models have been produced specifically for law enforcement use. Rapid adoption is fueling this meteoric increase in availability and utilization. Additionally, device manufactures are attempting to package more and more technology into these devices. This has caused a deficiency in local municipalities' skills and budget to accurately assess the attack surface and exposure to the organization. Furthermore, departmental policies and procedures governing the secure deployment of these devices is largely insufficient.

At DEF CON, we will be introducing tactics, techniques, and procedures to assess the security of these devices. We will cover attacks against the physical devices, RF components, smartphone app's, and desktop software. The capabilities demonstrated and discussed will encompass publicly and privately available technologies. Additionally, the talk will cover multiple products and vendors, shedding light on industry wide issues and trends. Finally, we will be releasing software to detect and track various devices and tie these issues into real world events.

Josh Mitchell has more than a decade's experience as an information security researcher. He has authored numerous technical documents and presented his findings at conferences, academic discussions, and in the classroom. Josh is an expert at discovering and exploiting vulnerabilities and writing code to protect operating systems and programs. He holds patents in classifying computer files and executable files as malware or whiteware. Josh has served in the United States Air Force and held numerous defense contracting roles covering electronic signals intelligence exploitation, electronic warfare, malware analysis, exploit development, and reverse engineering. He also provided security services for General Dynamics Advanced Information Systems, Endgame, and Accuvant and assisted multiple computer emergency response teams with investigations vital to national security.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Saturday - 12:00-12:45


Ridealong Adventures—Critical Issues with Police Body Cameras

Saturday at 12:00 in Track 3
45 minutes | Demo, Tool, Exploit

Josh Mitchell Principal cybersecurity Consultant, Nuix

The police body camera market has been growing in popularity over the last few years. A recent (2016) Johns Hopkins University market survey found 60 different models have been produced specifically for law enforcement use. Rapid adoption is fueling this meteoric increase in availability and utilization. Additionally, device manufactures are attempting to package more and more technology into these devices. This has caused a deficiency in local municipalities' skills and budget to accurately assess the attack surface and exposure to the organization. Furthermore, departmental policies and procedures governing the secure deployment of these devices is largely insufficient.

At DEF CON, we will be introducing tactics, techniques, and procedures to assess the security of these devices. We will cover attacks against the physical devices, RF components, smartphone app's, and desktop software. The capabilities demonstrated and discussed will encompass publicly and privately available technologies. Additionally, the talk will cover multiple products and vendors, shedding light on industry wide issues and trends. Finally, we will be releasing software to detect and track various devices and tie these issues into real world events.

Josh Mitchell
Josh Mitchell (Twitter: @bx_lr) has more than a decade's experience as an information security researcher. He has authored numerous technical documents and presented his findings at conferences, academic discussions, and in the classroom. Josh is an expert at discovering and exploiting vulnerabilities and writing code to protect operating systems and programs. Josh has served in the United States Air Force and held numerous defense contracting roles covering electronic signals intelligence exploitation, electronic warfare, malware analysis, exploit development, and reverse engineering

@bx_lr


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Thursday - 12:00-12:45


Ring 0/-2 Rootkits: bypassing defenses

Thursday at 12:00 in 101 Track, Flamingo
45 minutes |

Alexandre Borges Malware and Security Researcher at Blackstorm Security

Advanced malware such as TDL4, Rovnix, Gapz, Omasco, Mebromi and others have exposed in recent years various techniques used to circumvent the usual defenses and have shown how much companies are not prepared to deal with these sophisticated threats.

Although the industry has implemented new protections such as Virtualized Based Security, Windows SMM Security Mitigation Table (WSMT), Kernel Code Signing, HVCI, ELAM, Secure Boot, Boot Guard, BIOS Guard, and many others, it is still unknown the professionals of the architecture of these protections, what are the components attacked by these contemporary malwares in the context of BIOS / UEFI and what are the tricks used by them. Precisely because of the lack of adequate understanding, most machines (BIOS / UEFI + operating system) remain vulnerable in the same way as a few years ago.

In addition, there are a growing number of malwares that have used kernel drivers to circumvent limitations and protections in order to gain full access to the operating system and data. Exactly for these reasons, it is necessary to understand the way that malwares act as device drivers and what are the mechanisms used by these threats to infect an operating system.

The purpose of this presentation is to show clearly and without too much details that often hinders understanding, how these threats act, which components are attacked, what are the techniques used by these advanced malware to subvert the system and how existing protections work .

Alexandre Borges
Alexandre has been working as Malware and Security researcher at Blackstorm Security, where he is daily involved with malware analysis cases, forensic and fraud investigations, reverse engineering and exploit development projects. In the past, Alexandre worked as instructor at Sun Microsystems for ten years and Symantec for six years.

Nowadays, he is reviewer of"The Journal of Digital Forensics, Security and Law", referee on "Digital Investigation—The International Journal of Digital Forensics & Incident Response" and member of the Digital Law and Compliance Committee at OAB/SP.

Slides and articles written by Alexandre are available on: http://www.blackstormsecurity.com/bs/en/en_articles.html

@ale_sp_brazil, http://www.linkedin.com/in/aleborges, http://www.blackstormsecurity.com


Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Friday - 16:00-16:59


Title:
Robots and AI: What scares the experts?

Brittany "Straithe" Postnikoff, Sara-Jayne Terp
@straithe, @bodaceacat

Robots and AI: What scares the experts?

The potential for robots and AI to shake up our lives has scared people for generations, just look at the scenarios put out by sci-fi. A number of these issues, plus many others, have made it to the real world. Cambridge Analytica anyone? How about surveillance robots such as Knight? Our researchers have been investigating and preparing defenses to combat against these artificial beings, but it is a continuous battle. Come participate in a discussion of the concerns, efforts, and gaps that are present in this space.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Sunday - 10:00-10:45


Rock appround the clock: Tracking malware developers by Android "AAPT" timezone disclosure bug

Sunday at 10:00 in Track 1
45 minutes | Demo

Sheila A. Berta Security Researcher at Eleven Paths

Sergio De Los Santos Head of Innovation and Lab at Eleven Paths

Are you a malware developer for Android devices? We have very bad news for you: the Android-SDK packager (aapt) is leaking your time zone! We have found a bug inside this Android-SDK's component that relies in not properly setting the value of a variable used as an argument for localtime() function, when setting the "Last Modified" field for the Android App's files. Because of this, the time zone of anyone using the Android-SDK packager to generate their APKs is leaked. The curious thing is that, despite of this bug inside aapt, the problem goes even beyond aapt itself: its roots goes deep into an incorrect handling errors in the operative system functions localtime() (Windows) and localtime_r() (UNIX).

Because of in the world of Threat Intelligence determining the attacker's geographical location of is one of the most valuable data for attribution techniques, we focused our research in taking advantage of this bug for tracking Android malware developers. In addition to this, we have discovered another very effective way to find out the developer's time zone, based on a calculation of times extracting the GMT timestamp from the Android's app files and the UTC timestamp of the self-signed,"disposable" certificate added to the application (most common cases in malware developers). This is what we call: Rock appround the clock! Using these two different techniques, we have crunched some numbers with our 10 million apps database to determine how these leaked time zones (with one or another technique) are related with malware and which are the countries that generate more Android malicious applications, what is the possible relation between time zone and"malware likelihood" among other interesting numbers.

But that's not all, we have another bad news for malware developers: no IDE (even Android Studio) removes metadata from the files added to the Android app. We will show examples with real cases in which, after analyzing the metadata of files inside the .apk, we got to know country, language, or even more specific geographical location of the developer and -in some cases- the name of the suppose-to-be-anonymous developer! Finally, we will share the scripts we have built to get all this information with just a simple click.

Sheila A. Berta
Sheila Ayelen Berta is an Information Security Specialist and Developer, who started at 12 years-old by herself. At the age of 15, she wrote her first book about Web Hacking, published by RedUSERS Editorial in several countries. Over the years, she has discovered lots of vulnerabilities in popular web applications, softwares and given courses of Hacking Techniques in universities and private institutes. Sheila currently works at Eleven Paths as Security Researcher who specializes in offensive techniques, reverse engineering and exploit writing. She is also a developer in ASM (microcontrollers, x32/x64), C/C++ and Python. Sheila is an international speaker who has spoken at important security conferences such as Black Hat EU 2017, DEF CON 25 CHV, HITBSecConf, Ekoparty Security Conference, IEEE ArgenCon, Hack.Lu, OWASP Latam Tour and others.

@UnaPibaGeek

Sergio De Los Santos
Sergio De Los Santos is currently head of innovation and labs in Eleven Paths, responsible for researching, creating new projects, tools and prototypes. In the past (2005-2013), he was a Technical consultant in Hispasec (where VirusTotal was developed for 10 years), responsible for antifraud, vulnerabilities alert and other services mostly bank industry oriented. Sergio is responsible for the most veteran security newsletter in spanish. Since 2000 he has worked as an auditor and technical coordinator, written three technical security books and one about the history of security. He has an informatics degree, a master in software engineering and artificial intelligence and has been awarded with Microsoft MVP Consumer Security title in 2013-2017. He is a teacher and director of different courses, masters and lectures in universities and private companies.

@ssantosv


Return to Index    -    Add to    -    ics Calendar file

 

BTV - Flamingo 3rd Flr- Savoy Rm - Friday - 16:00-16:40


SAEDAY: Subversion and Espionage Directed Against You

Friday at 16:00-16:40
40 minutes

Judy Towers@LadyRed_6

Industrial espionage is the practice of secretly gathering information about competing corporation or business interest, with the objective of placing one’s own organization at a strategic or financial advantage. A common practice to achieve this advantage is to elicit information from unwitting individuals through what today is called social engineering (SE). We all hear the term SE so often that we become desensitized to it, thereby INCREASING the effectiveness of it against ourselves and organizations. Thus, will call it what it is - Human Intelligence, also known as HUMINT.

Presenting personal experiences as an Army counterintelligence agent with examples of military and industrial espionage, will examine tradecraft employed against individuals every day. We will apply lessons learned from the US military and the intelligence community by using two acronyms taught to Army counterintelligence agents: SAEDA (Subversion and Espionage Directed against the Army) and MICE (Money, Ideology, Coercion, Ego). By presenting different aspects of HUMINT collection efforts will enable individuals to possibly detect, deflect, and protect oneself from such actions.

Judy Towers
As an active duty US Army Counterintelligence Agent (6 yrs), Judy provided weekly SAEDAY briefings for new incoming unit soldiers and for yearly awareness training requirements. Judy received an Army award for the presentation’s effectiveness in engaging the audience, thereby enhancing self-awareness of the threat. Her experiences include training in traditional espionage tradecraft, along with supervising and conducting counterintelligence investigations of individuals, organizations, installations and activities in order to detect, assess and counter threats to national security. After leaving the Army, Judy started a civilian career in information security as: domain admin for a global company, an IT manager implementing incident response system, Fraud department investigating people stealing company services, and now a Cyber Threat Intelligence Analyst, augmented by a 2nd Master’s Degree in Cybersecurity and Computer Forensics.


Return to Index    -    Add to    -    ics Calendar file

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Friday - 16:00-16:59


Title: Scaling and Economic Implications of the Adaptive Blocksize in Monero

Speakers: Francisco "ArticMine" Cabañas

Description:
No description available



Return to Index    -    Add to    -    ics Calendar file

 

WLV - Caesars Promenade Level - Milano BR 5,6 - Saturday - 14:30-15:25


SDR Basics Class

No description available


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Sunday - 11:00-11:45


Searching for the Light: Adventures with OpticSpy

Sunday at 11:00 in 101 Track, Flamingo
45 minutes | Demo

Joe Grand Hacker

In the counter-future where we, the dissidents and hackers, have control of technology, sending secret messages through blinkenlights can let us exchange information without being detected by dystopian leaders. By modulating light in a way that the human eye cannot see, this simple, yet clever, covert channel lets us hide in plain sight. To decode such transmissions, we must employ some sort of optical receiver.

Enter OpticSpy, an open source hardware module that captures, amplifies, and converts an optical signal from a visible or infrared light source into a digital form that can be analyzed or decoded with a computer. This presentation provides a brief history of covert channels and optical communications, explores the development process and operational details of OpticSpy, and gives a variety of demonstrations of the unit in action.

Joe Grand
Joe Grand (@joegrand), also known as Kingpin, is a computer engineer, hardware hacker, former DEF CON badge designer, teacher, advisor, runner, daddy, honorary doctor, TV host, member of legendary hacker group L0pht Heavy Industries, and the proprietor of Grand Idea Studio (grandideastudio.com). He has been creating, exploring, and manipulating electronic systems since the 1980s.

@joegrand


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Flamingo - 3rd Floor - Mesquite Rm - Saturday - 22:00-25:59


Title:
SecKC the World

A Tiki themed gathering of the people who make up seckc.org. Come get a taste of this slice of hacker culture as you Party the night away. The hotel won't let us have Tiki torches so grab some glow-sticks and bamboo and help the theme while live DJs keep your feet moving.
Brought to you by the people at seckc.org, DEFCON proudly presents the feature Midwestern party, SecKC the World. Come join us for an out of this world cosmic tiki event, where the rum is cold and the music is hot. Pair your VIP token with some glowsticks to get the top secret surprise at midnight.
When: Saturday, August 11, 2018 8:00 PM - 2:00 AM
DJs: @sysaaron 10:00 PM-12:00 AM / @archwisp 12:00 AM - 02:00 AM
Where: Mesquite Room | Flamingo Las Vegas Hotel and Casino

Order $5 VIP party token at: www.badgepirates.com
More Info: https://seckc.org/defcon-party

Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon F - Saturday - 14:30-18:30


Securing Big Data in Hadoop

Saturday, 1430-1830 in Icon F

Miguel Guirao

Big Data have been for quiet a good time the driving force for innovation in many markets around. Data is the current asset that companies from around the world look for to crunch and extract information and knowledge, get new insights in order to create new services and products to deliver to their customers and finally improve their profits.

Because of that, it is imperative to protect such an important asset. In this workshop we will look at Haddoop from the point of view of security. We will learn what the Hadoop ecosystem has to offer us to protect our data, starting with Kerberos, perimeter security with Apache Knox, Configuring authorization with Apache Ranger and enabling encryption of the HDFS (Hadoop File System).

1) Kerberos is used in Hadoop to provide an authentication system for users and other system interacting with the Hadoop cluster and it's services. Strongly authenticating and establishing a user's identity is the basis for secure access in Hadoop. Users need to be able to reliably "identify" themselves and then have that identity propagated throughout the Hadoop cluster. Hadoop uses Kerberos as the basis for strong authentication and identity propagation for both user and services. More info: https://web.mit.edu/kerberos/

2) The Apache Knox Gateway (Knox) is a system to extend the reach of Apache Hadoop services to users outside of a Hadoop cluster without reducing Hadoop Security. Knox also simplifies Hadoop security for users who access the cluster data and execute jobs. The Knox Gateway is designed as a reverse proxy. The Apache Knox Gateway is an Application Gateway for interacting with the REST APIs and UIs of Apache Hadoop deployments. The Knox Gateway provides a single access point for all REST and HTTP interactions with Apache Hadoop clusters. More info: https://knox.apache.org/

3) Apache Ranger is a framework to enable, monitor and manage comprehensive data security across the Hadoop platform. The vision with Ranger is to provide comprehensive security across the Apache Hadoop ecosystem

Prerequisites: In order to get out the most of this workshop, the student needs to be comfortable working in the command line, moving around the filesystem, editing files with vi or nano, visualizing and understanding processes and the top or htop command outputs. If you have been using the UNIX or UNIX-like command line for a time, you should be good and al set.

Materials: Since this is NOT a class of how to setup a Hadoop cluster, but instead on how to secure a Hadoop cluster, it is a must that students taking this workshop come with the Hortonworks Data Platform (HDP) Docker image (https://hortonworks.com/products/sandbox/) already installed! The Docker image image is very big and it will take you a considerable time to download it during the workshop. Warning!! DO NOT download Hortonworks Data Flow (HDF), it is NOT THE SAME!

Please read the Intall Guide for the the type of the HDP and OS you will be using!

The workshop is prepared using Ubuntu Linux 18.04 and Docker!

Max students: 84

Registration: -CLASS FULL- https://www.eventbrite.com/e/securing-big-data-in-hadoop-icon-f-tickets-47194514062
(Opens July 8, 2018 at 15:00 PDT)

Miguel Guirao
Miguel Guirao (aka Chicolinux), as been in the information security industry for around twelve years, he is a freelance consultant at Futura - Open Solutions, where he also has been training professionals about Linux Management, Information Security and Programming. He has been also a professor since 2009 for the Anahuac Mayab University where he teaches at the School of CS Engineering and at the School of Multimedia Design. He teaches Information Security in the Master of Information Technology Management. He is also VicePresident of Security & Internet for the National Chamber of the Electronics, Telecommunications and Information Technology in Mexico, where he helps to create awareness and infosec training in IT companies.

He is a Community Mentor for SANS Institute. He holds a GIAC GCIH Certification from the SANS Institute. Thechnical Reviewer for SANS Securing The Human Project, eForensics Magazine.

Since 2017 he got an interest in Big Data and DevOps, specially from the security perspective, and he currently runs the lab that test and research ways to to protect big data and devops systems, where he and his students have fun protecting and hacking this systems.

This is his second workshop at DEFCON!


Return to Index    -    Add to    -    ics Calendar file

 

ICS - Flamingo Lower Level - Red Rock Rm 6-8 - Saturday - 10:00-10:30


Securing Critical Infrastructure through Side-Channel Monitoring

August 11, 2018 10:00 AM

Coming soon.

Speaker Information

James Harris

PFP Cybersecurity

James Harris began his career as an Engineer/Scientist at IBM PC Company in the 1990s, and as a Senior Field Applications Engineer at Silicon Image in the early 2000’s. After the terrorist attacks of September 11, 2001, he joined the FBI as a Special Agent primarily focused on Cyber matters, where he remained for more than a decade. At the FBI, he served in a number of positions, including as the Senior Liaison Officer to DHS’s Cybersecurity and Communications Division, and as the Assistant Section Chief of the Counterterrorism Internet Operations Section. In 2014, he co-founded Eunomic, Inc., a Software Defined Network security start-up, which was acquired by Caveonix, Inc. in 2017. Today he is the Vice President of Engineering for PFP Cybersecurity, leading the company’s product development. PFP was recently named a Gartner “Cool Vendor” for using side channel analysis to protect endpoint devices.

Carlos Aguayo

PFP Cybersecurity

Carlos R. Aguayo Gonzalez, is one of the Founders and Chief Technology Officer of PFP Cybersecurity, which develops unique physics-based cyber security solutions for critical infrastructure, including industrial control systems and supply-chain risk management. He received his PhD and MS degrees from Virginia Tech both in Electrical Engineering. The PFP Cybersecurity approach has its foundation on Dr. Aguayo Gonzalez’s doctoral work. He has extensive research and development (R&D) experience in cyber security, critical infrastructure protection, side-channel analysis, machine learning, and signal processing. Dr. Aguayo Gonzalez has served as Principal Investigator in multiple R&D projects in cyber security protection of critical infrastructure. Key sponsors of this research include: National Science Foundation, Army, Air Force, the Defense Advanced Research Projects Agency, and the Department of Homeland Security


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Friday - 10:00-10:30


Securing our Nation's Election Infrastructure

Friday at 10:00 in Track 3
20 minutes |

Jeanette Manfra Assistant Secretary, Office of Cybersecurity and Communications, Department of Homeland Security

Fair elections are at the core of every democracy and are of paramount importance to our national security. The confidence in our electoral process is fundamental to ensuring that every vote- and therefore every voice- matters. In recent years, our Nation has become increasingly uneasy about the potential threats to our election infrastructure. The activities to undermine the confidence in the 2016 presidential election have been well documented and the United States (U.S.) Government has assessed that our adversaries will apply lessons learned from the 2016 election and will continue in their attempts to influence the U.S. and their allies' upcoming elections, including the 2018 mid-term elections. As the lead agency for securing the Nation's cyber infrastructure, the Department of Homeland Security (DHS) has a mission to maintain public trust and protect America's election systems. In January 2017, the DHS Secretary designated election systems as critical infrastructure. This designation means election infrastructure has become a priority in shaping our planning and policy initiatives, as well as how we allocate our resources. DHS is working directly with election officials across 8,000 election jurisdictions and throughout 55 States and territories, to help them safeguard their systems. As the threat environment evolves, DHS will continue to work with state and local partners to enhance our understanding of the threat, share timely and actionable threat information, and provide essential physical and cybersecurity tools and resources available to the public and private sectors to increase security and resiliency. DHS is committed to ensuring that our adversaries never succeed with their campaign to undermine our democracy.

Jeanette Manfra
Jeanette Manfra serves as the National Protection and Programs Directorate (NPPD) Assistant Secretary for the Office of Cybersecurity and Communications (CS&C). She is the chief cybersecurity official for the Department of Homeland Security (DHS) and supports its mission of strengthening the security and resilience of the nation's critical infrastructure. Prior to this position, Ms. Manfra served as Acting Deputy Under Secretary for Cybersecurity and Director for Strategy, Policy, and Plans for the NPPD.

Previously, Ms. Manfra served as Senior Counselor for Cybersecurity to the Secretary of Homeland Security and Director for Critical Infrastructure Cybersecurity on the National Security Council staff at the White House.

At DHS, she held multiple positions in the Office of Cybersecurity and Communications, including advisor for the Assistant Secretary for Cybersecurity and Communications and Deputy Director, Office of Emergency Communications, during which time she led the Department's efforts in establishing the Nationwide Public Safety Broadband Network. Before joining DHS, Jeanette served in the U.S. Army as a communications specialist and a Military Intelligence Officer.


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Sunday - 12:15-12:59


Title: Selfie or Mugshot?

Speaker: Anne Kim
About Anne:
Anne Kim is a researcher and graduate student specializing in Computer Science and Molecular Biology at MIT. Professor Alex "Sandy" Pentland, head of the Human Dynamics Group at the MIT Media Lab, is the advisor for her thesis focusing on blockchain solutions for clinical trial optimization. Outside of her thesis work, Anne has done a number of different projects in quantum chemistry simulations, genome-wide association studies, natural language processing for electronic health records, and a startup in secure data sharing. Anne sees accessibility to healthcare as a right, and believes that the interface between biology, healthcare policy, and technology is a promising way to achieve that mission
Abstract:
Thanks to the use of DNA in criminal investigations, hundreds of innocent people have been exonerated from crimes they did not commit. DNA has also been used to used to arrest suspects in cold cases! In my presentation I will give a primer on the techniques used for DNA profiling and the statistics for false positives. The bulk of my presentation will be looking into the vulnerabilities of
current DNA profiling methods and how a malicious actor could actually reconstruct enough genotypic information of any innocent person from just a picture of their face. This is based on recently published Nature Genetics research and extends the methods to suggest that it would only take ~50 million face:genotype samples to have a sufficient genotypic mapping that would allow someone to recreate your 23andMe profile (602,000 SNPs) from a selfie.

Return to Index    -    Add to    -    ics Calendar file

 

PHW - Caesars Promenade Level - Neopolitan BR - Friday - 17:30-18:59


Serious Intro to Python for Admins

Intended for an audience of IT managers and admins who are either responsible for systems with deployed Python apps and/or interested in the security implications of developing their own tools/scripts/apps in Python. This will be a hands-on exercise from start to finish designed to leave you with a sense of the mentality of Python and an ability to quickly look up what you need when expanding your knowledge of Python in the future. Prior programming experience not required. However it would be helpful if you've seen lots of Monty Python skits before.


Davin Potts is a Python Core Developer and lead dev for the multiprocessing module in the Python standard library. For a day job, Davin is a scientific software consultant working primarily on data science projects. Also refer to https://www.crunchbase.com/person/davin-potts.


Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Sunday - 11:00-11:59


Title:
Sex Work After SESTA

Maggie Mayhem

@MsMaggieMayhem

Sex Work After SESTA

"Surveillance had been a fact of life for sex workers wherever they have faced prohibition. Only two elements, communication and association, can differentiate between commercial and personal sex, criminal enforcement of prostitution laws have necessarily meant targeting the speech and affiliation of perceived sex workers. Enforcement of this nature is facilitated by profiling, institutional bias, and broad overreaching policies that fundamentally violate individual human rights. This has included condoms as evidence, non-consensual medical screenings, and targeted harassment of black transgender women as well as license plate recording projects and stings that focus disrupting immigration or migrant workers.

For all of its risks, screening potential clients is safer over email than it is in person during a street based negotiation often in an isolated part of town. SESTA (Stop Enabling Sex Traffickers Act) comes at a time when compelling research demonstrates that Craigslist resulted in a 17% drop in the female homicide rate. SESTA will also put victims at risk by delaying their identification and recovery by eliminating a digital paper trail. Additionally, Section 230 of the Communications Decency Act is a vital protection for a free internet. Subverting SESTA will create greater economic disparity between sex workers and ultimately empower pimps and agencies over independent providers. "


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Saturday - 14:30-14:50


Sex Work After SESTA/FOSTA

Saturday at 14:30 in Track 2
20 minutes |

Maggie Mayhem MaggieMayhem.Com

Surveillance had been a fact of life for sex workers wherever they have faced prohibition. Only two elements, communication and association, can differentiate between commercial and personal sex, criminal enforcement of prostitution laws have necessarily meant targeting the speech and affiliation of perceived sex workers. Enforcement of this nature is facilitated by profiling, institutional bias, and broad overreaching policies that fundamentally violate individual human rights. This has included condoms as evidence, non-consensual medical screenings, and targeted harassment of black transgender women as well as license plate recording projects and stings that focus disrupting immigration or migrant workers.

For all of its risks, screening potential clients is safer over email than it is in person during a street based negotiation often in an isolated part of town. SESTA (Stop Enabling Sex Traffickers Act) comes at a time when compelling research demonstrates that Craigslist resulted in a 17% drop in the female homicide rate. SESTA will also put victims at risk by delaying their identification and recovery by eliminating a digital paper trail. Additionally, Section 230 of the Communications Decency Act is a vital protection for a free internet. Subverting SESTA will create greater economic disparity between sex workers and ultimately empower pimps and agencies over independent providers.

Maggie Mayhem
Maggie Mayhem is a sex worker, birth worker, and death worker from San Francisco, CA. She has served on the Board of Directors for the Sex Worker Outreach Project-USA and founded the health, hygiene, and harm reduction project HarmReduxSF. She has been involved in public health since 2003 and is an international advocate for sex worker rights and reproductive justice. She has spoken about sexual biometrics at SxSW; debated pornography at Yale with Gail Dines; shared the history of pre-WWII porn at the University of Toronto; was artist-in-residence at the Museumsquartier in Vienna; talked about developing sex worker centered policy at DymaxiCon in Helsinki; presented her crack pipe distribution project at the Harm Reduction Coalition conference; shared statistics and research on sex workers and violence at the University of Winchester; and examined public mourning in human rights activism at the University of Southampton. Her independent adult website MeetTheMayhems was the recipient of a feminist porn award.

@MsMaggieMayhem // Insta @MaggieMayhem // Web MaggieMayhem.Com //


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 2 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 14:00-15:50


Sh00t—An open platform for manual security testers & bug hunters

Saturday 08/11/18 from 1400-1550 at Table Two
AppSec, Mobile and Offensive security

Pavan Mohan

An open platform for bug hunters emphasizing on manual security testing.

Sh00t is a dynamic task manager to replace simple text editors or task management tools that are NOT meant for security testing provides checklists for security testing helps in reporting with custom bug templates

Sh00t benefits best for pen testers, bug bounty hunters, security researchers and anybody who love bugs!

Written in Python and powered by Django web framework.

Pavan Mohan
Pavan aka pavanw3b is a Senior Security Engineer at ServiceNow. He is one of the core members of Null security community—Hyderabad chapter. He participates in bug bounty programs in his free time and made it to hall of fames of some companies.


Return to Index    -    Add to    -    ics Calendar file

 

WLV - Caesars Promenade Level - Milano BR 5,6 - Friday - 16:00-16:55


Balint Seeber

Bio

A software engineer by training, Balint is a perpetual hacker, the Director of Vulnerability Research at Bastille Networks, and guy behind spench.net. His passion is Software Defined Radio and discovering all that can be decoded from the ether, as well as extracting interesting information from lesser-known data sources and visualising them in novel ways. When not receiving electromagnetic radiation, he likes to develop interactive web apps for presenting spatial data. Originally from Australia, he moved to the United States in 2012 to pursue his love of SDR as the Applications Specialist and SDR Evangelist at Ettus Research.

@spenchdotnet

SirenJack: Cracking a ‘Secure’ Emergency Warning Siren System

Abstract

"SirenJack is a vulnerability that was found to affect radio-controlled emergency warning siren systems from ATI Systems. It allows a bad actor, with a $30 handheld radio and a laptop, to set off all sirens in a deployment. Hackers can trigger false alarms at will because the custom digital radio protocol does not implement encryption in vulnerable deployments. Emergency warning siren systems are public safety tools used to alert the population of incidents, such as weather and man-made threats. They are widely deployed in cities, industrial sites, military installations and educational institutions across the US and abroad. Sirens are often activated via a radio frequency (RF) communications system to provide coverage over a large area. Does the security of these RF-based systems match their status as critical infrastructure? The 2017 Dallas siren hack showed that many older siren systems are susceptible to replay attacks, but what about more modern ones? I studied San Francisco’s Outdoor Public Warning System, an ATI deployment, for two years to learn how it was controlled. After piecing together clues on siren poles, and searching the entire radio spectrum for one unknown signal, I found the system’s frequency and began passive analysis of the protocol. Monitoring the weekly siren tests, I made sense of patterns in the raw binary data and found the system was insecure and vulnerable to attack. This presentation will take you on the journey of the research, and detail the tools and techniques used, including leveraging Software Defined Radio and open source software to collect and analyse massive sets of RF data, and analyse a custom digital protocol. It will also cover the Responsible Disclosure process with the vendor, their response, and subsequent change to the protocol. A proof-of-concept will be shown for good measure."


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Saturday - 13:25-13:55


Skiptracer - Ghetto OSINT for broke hackers - illwill

Initial attack vectors for recon usually involve utilizing pay-for-data/API (Recon-NG), or paying to utilize transforms (Maltego) to get data mining results. Using some basic python webscraping of PII paywall sites to compile passive information on a target on a ramen noodle budget. The modules will allow queries for phone/email/screen names/real names/addresses/IP/Hostname/breach credentials etc..

This demo will go over the basic outline of using the script, the problems and pitfalls of dealing with scrapers, and how it will help you collect relevant information about a target to help expand your attack surface.


Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Friday - 22:00-25:59


Title:
skytalks (303) FRIDAY PARTY - Read the Details

2200-2300 303, Enforcer & Grunt Only
2300-2400 Open to all skytalks Associate + badge holders
0000-0200 Open to all DEF CON attendees

Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Saturday - 22:00-25:59


Title:
skytalks (303) PARTY - FLAMINGO POOL PARTY Open to All

Flamingo

Open to all DEF CON attendees!

Bands:
Loveshack
https://www.gigmasters.com/80's-hits/loveshack

Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Saturday - 13:00-13:30


Title:
Sluts, Bullies, and Best Selves: Rethinking Digital Privacy Education

1:00pm

Sluts, Bullies, and Best Selves: Rethinking Digital Privacy Education
When
Sat, August 11, 1:00pm 1:30pm
Description
Speakers
-------
Caroline D. Hardin
Jen Dalsen

Abstract
--------
You try to lock down your privacy on apps, but the settings are poorly thought out. You use a Signal and VPN, but all the best privacy technology in the world isnt going to save you from the gossipy neighbor who overshares your information. And when it comes to kids, well, we know better than anyone that theyll figure a way around netnanny, but they make horrible choices when they do. All these problems stem from the general public needing to be more sophisticated in the design and use of digital privacy. We took a hard look at the digital privacy curriculum most people are getting, and propose a new way forward which ditches slut shaming for celebrating identity, and trades silencing voices for negotiating boundaries.

Bio
-----------------
Caroline D. Hardin is a PhD student studying Computer Science Education. She is interested in digital privacy, e-textiles, hackathons, and the educational culture of hackers. Currently she is the Southern Wisconsin Regional Manager for Microsoft TEALS, which helps pair new high school CS teachers with industry mentors.

Jennifer Dalsen is a doctoral student in the Department of Curriculum & Instruction at UW-Madison. She looks at strategies students use to build scientific capacity and coordinate artifacts through gameplay. Her professional background includes user experience testing, qualitative analyses, quantitative analyses, data collecting, conducting interviews, focus groups, building surveys, and more.

Twitter handle of presenter(s)
------------------------------
@carolinescastle

Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Saturday - 14:00-14:45


SMBetray—Backdooring and breaking signatures

Saturday at 14:00 in Track 1
45 minutes | Demo, Tool

William Martin Security & Privacy Senior Associate

When it comes to taking advantage of SMB connections, most tools available to penetration testers aim for system enumeration or for performing relay attacks to gain RCE. If signatures are required, or if the victims relayed are not local admins anywhere, that can put a real stint in leveraging SMB to gain any serious footholds in a network. Fortunately, the mentioned attacks are only the tip of the iceberg of the ways to gain RCE with insecure SMB connections – and there’s a new tool to help take full advantage of these opportunities.

William Martin
William Martin is a penetration tester & information security researcher with more than five years of experience in the Information Security Industry. William became an Offensive Security Certified Professional(OSCP) in November of 2015, and is currently a senior associate at RSM US LLP in the Security and Privacy practice with a focus on penetration testing and social engineering.

@quickbreach
www.linkedin.com/in/william-martin-OSCP


Return to Index    -    Add to    -    ics Calendar file

 

SEV - Caesars Promenade South - Octavius BR 3-8 - Saturday - 18:40-19:30


Saturday August 11 2018 1840 50 mins
Social Engineering Course Projects for Undergraduate Students
The hard science disciplines (computer science, electrical and computer engineering) have already started investing heavily in cybersecurity education. Security experts, however, note that cybersecurity is a wider discipline than simply the [technical] fields, and professionals with backgrounds [in] the social sciences … will be needed in the cyber workforce of the future. The relevance of incorporating social sciences into the cybersecurity domain has been acknowledged by the National Academies of Sciences, Engineering, and Medicine and the Department of Homeland Security. Social science disciplines, such as sociology, criminology/criminal justice, anthropology, political science, and psychology are particularly adept at unpacking the complex facets of human behavior and should therefore be leveraged for their contributions to the area of cybersecurity. Yet, the social science arena remains weak in cybersecurity training and education of the future cyber workforce.

This talk shares an educator’s efforts to engage undergraduate students in a hands-on social engineering project across Fall 2017 and Spring 2018 semesters. It uses the experiential learning framework that promotes “learning by doing”. Specifically, this talk focuses on three sub-projects: (i) shoulder surfing where student teams competed against each other, (ii) laptop distraction, where student teams attempted to convince Temple University Computer Services employees to leave their laptops (designed for the class exercise) so that the students could remove a bogus ‘intellectual property’ file and place a fake ‘malware’ program on the employees’ machines, and (iii) convince individuals on Temple University campus to take a selfie with team members and a funny prop.

The talk also offers a comparative analysis of these projects over the two semesters, sharing the experiences and challenges of both the students and this educator. It also details the issues about designing projects that follow university ethics standards, training students in human subjects research ethics, generating relevant rubrics, and how to evaluate student engagement and learning. To conclude, the educator shares these cases discussed to initiate dialog in the area of hands-on learning for social science students. Audience feedback is welcomed as this educator is still exploring the experiential learning approach, especially in the area of social engineering.

Aunsuhl Rege: @prof_rege
Aunshul Rege is a criminology professor at Temple University. Her National Science Foundation sponsored research and education projects examine the human element of cybercrimes, focusing on behavior, decision-making, adaptation, and group dynamics. She is passionate about educating the next generation workforce across the social and hard sciences about the relevance of the human factor in cybersecurity. She has published in the area of cybersecurity education in USENIX, American Society for Engineering Education, and International Symposium on Resilient Control Systems (IEEE). She has a BSc in Computer Science, a BA and MA in Criminology, and an MA and PhD in Criminal Justice.


Return to Index    -    Add to    -    ics Calendar file

 

SEV - Caesars Promenade South - Octavius BR 3-8 - Saturday - 15:30-15:59


Saturday August 11 2018 1530 30 Mins
Social Engineering from a CISO’s Perspective
Social Engineering is a powerful tool. With the weapons gathered through Open Source Intelligence (OSINT) gathering and well crafted vishing or phishing a Social Engineer wields incredible power to do good.

Unfortunately, for some the power of being a Social Engineer is one that they wield to show they are smarter than those around them and cause stress and fear doing damage to any potential relationship they or the department they represents.

This discussion will be about how to create meaningful, targeted phish and vish in an enterprise while strengthening information security from the real world perspective of a CISO as well as a few specifics to avoid. In conclusion this presentation will cover the importance of trust and how social engineering can help build or destroy trust.

Kathleen Mullin: @kate944032
Kate Mullin is an influential information security practitioner with more than 30 years of experience in various accounting, audit, risk, governance, and information security roles. She has been a CISO at various organizations including publicly traded, private, not-for-profit, and governmental entities. Kate established the role of CISO at Tampa Airport and at Healthplan Services.
Kate provides interim CISO and vCISO services, specifically executive and board consultation on governance, risk, compliance, and cyber security that includes stakeholder engagement, training and development, IT infrastructure management, social engineering, incident response, business continuity, and disaster recovery strategies.
Throughout her career, Kate has volunteered and participated in maturing information security as a profession. Kate is a former member of the ISACA CGEIT Certification and Credentials Committee and a past chapter president and CISA, CISM, CRISC, and CGEIT coordinator for West Florida ISACA. Kate has been a part of the CISO Coalition governing board.


Return to Index    -    Add to    -    ics Calendar file

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Saturday - 14:30-14:59


Title: Some Mining Related Attacks

Speakers: Zhiniang Peng

Description:
No description available



Return to Index    -    Add to    -    ics Calendar file

 

Contest - Contest Stage - Saturday - 15:00-16:59


Title:
Spell Check: The Hacker Spelling Bee

The year is 1983. Supplies and entertainment are both running low and the machines are closing in. Suddenly, a technical editor from the future appears with a security style guide from 2018 and challenges you to spell terms as they appear in the guide. Maybe this quaint ritual will warm the hearts of the robots and bring in a new era of understanding to this troubled world. Youre confident you can make it past asset and botnet, but you get a sinking feeling that in later rounds, capitalization is going to count too. The odds are against you, but its the end of the world you might as well go out in a blaze of glory.

More Info: https://www.bishopfox.com/news/2018/07/def-con-26-spellcheck-the-hacker-spelling-bee/

Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Sunday - 11:25-12:55


Stalker In A Haystack - MasterChen

In 2015, I did a Skytalk called “Automate Your Stalking”. In that talk, I used Twitter to follow my Target’s followers in an effort to monitor the target without following them directly and arousing suspicion. I’m the end, I felt like I released a method that may be dangerous in the hands of the wrong people. Now, “Stalker In A Haystack” is the antidote to my first talk.

I will be putting the power back into the hands of the people who need it. In this talk, I will demonstrate how you can determine if you are being monitored via Twitter, and by who. Isn’t it suspicious when that one handle is following everyone but you? What does that mean? Stalkers can hide in your sea of followers, and the aim of this talk is to uncover those who lie in the shadows.


Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Friday - 10:00-10:59


Title:
Stalker In A Haystack

MasterChen
@chenb0x
Stalker In A Haystack
In 2015, I did a Skytalk called "Automate Your Stalking". In that talk, I demonstrated how one can monitor a target by not following them directly, but by following their followers to and who they follow to get an idea of their social life without direct interaction. I felt bad for releasing a tool to enable potential stalkers, but not an antidote. This year's presentation IS that antidote. I will be discussing how we can uncover those stalkers that lie in the shadows.

Return to Index    -    Add to    -    ics Calendar file

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Sunday - 12:00-12:30


Title: Stealing Crypto 2 Factor Isn't a Factor

Speakers: Rod Soto and Jason Malley

Description:
No description available



Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Friday - 10:40-11:20


Stop and Step Away from the Data: Rapid Anomaly Detection via Ransom Note File Classification

Mark Mager

” The proliferation of ransomware has become a widespread problem culminating in numerous incidents that have affected users worldwide. Current ransomware detection approaches are limited in that they either take too long to determine if a process is truly malicious or tend to miss certain processes due to focusing solely on static analysis of executables. To address these shortcomings, we developed a machine learning model to classify forensic artifacts common to ransomware infections: ransom notes. Leveraging this model, we built a ransomware detection capability that is more efficient and effective than the status quo.

I will highlight the limitations to current ransomware detection technologies and how that instigated our new approach, including our research design, data collection, high value features, and how we performed testing to ensure acceptable detection rates while being resilient to false positives. I will also be conducting a live demonstration with ransomware samples to demonstrate our technology’s effectiveness. Additionally, we will be releasing all related source code and our model to the public, which will enable users to generate and test their own models, as we hope to further push innovative research on effective ransomware detection capabilities.”

Throughout his career in software engineering and computer security, Mark has served in prominent technical leadership roles in the research and development of advanced computer network operations tools and has provided malware analysis and reverse engineering subject matter expertise to a diverse range of government and commercial clients in the Washington, D.C. metropolitan area.


Return to Index    -    Add to    -    ics Calendar file

 

BTV - Flamingo 3rd Flr- Savoy Rm - Friday - 17:10-17:59


Stop, Drop, and Assess your SOC

Friday at 1710-18:00
50 minutes

Andy Applebaum

Traditionally SOCs look outward from their network perimeters, missing the adversaries already operating in their networks. As SOCs improve their capabilities by turning inwards, where should they start? What techniques should they be worried about? What tools will help them? Without knowing what your adversaries can do and what your current capabilities are, it’s hard to make improvements.

This talk will describe how to use the MITRE ATT&CK framework as a “scorecard” within the SOC to understand and tune defensive capabilities, making it easier to answer these hard questions. We’ll describe key use cases for how SOCs can use ATT&CK, covering hunting, threat intelligence, red teaming, and security engineering. To enable these use cases, we’ll present a non-invasive technique to construct a detective coverage map that highlights the SOC’s strengths and weaknesses, focusing on minimizing resource requirements while still providing usable results. To accompany this, we describe a process to create a remediation plan that provides the highest return on investment by orienting on the most relevant threats and prioritizing defensive improvements based on current coverage. Throughout the talk, we will provide real examples, making it easy for those in attendance to understand and replicate at home.

Andy Applebaum
Andy Applebaum is a Lead Cyber Security Engineer at MITRE where he works on applied and theoretical security research problems, primarily in the realms of cyber defense, security automation, and automated adversary emulation. Andy has contributed to MITRE’s ATT&CK framework and CALDERA adversary emulation platform, as well as other projects within MITRE’s internal research and development portfolio. Prior to working at MITRE, Andy received his PhD in computer science from the University of California Davis, where his dissertation topic was using argumentation logic for reasoning in cyber security. Andy’s work has been published in multiple conferences and workshops and has most recently spoken at Black Hat Europe. In addition to his PhD, Andy holds a BA in computer science from Grinnell College and the OSCP certification.


Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Friday - 09:00-09:59


Title:
Story Time - Biggest ITSec fuck-ups I've seen over the past 25 years.

Uncle G.
Story Time - Biggest ITSec fuck-ups I've seen over the past 25 years.


I'm old. Especially compared to most people here at DC26. I've been at this since before the OJ Simpson trial. I've worked on ARCNet networks! I've seen some shit, man.... Good shit, bad shit, you name it. It's finally time to get this shit off my chest and go over some of the mistakes I've seen (and allegedly caused), so you can be better.

In this talk I will go over IT and IT Security mistakes that the industry, businesses and individuals (including myself) have made over the past few decades. No holds barred, naming names, and having a laugh and breaking a few NDA's.

Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Saturday - 16:00-16:20


StuxNNet: Practical Live Memory Attacks on Machine Learning Systems

Raphael Norwitz

Like all software systems, the execution of machine learning models is dictated by logic represented as data in memory. Unlike traditional software, machine learning systems’ behavior is defined by the model’s weight and bias parameters, rather than precise machine opcodes. Thus patching network parameters can achieve the same ends as traditional attacks, which have proven brittle and prone to errors. Moreover, this attack provides powerful obfuscation as neural network weights are hard to interpret, making it difficult for security professionals to determine what a malicious patch does. We demonstrate that one can easily compute a trojan patch, which when applied causes a network to behave incorrectly only on inputs with a given trigger. An attacker looking to compromise an ML system can patch these values in live memory with minimal risk of system malfunctions or other detectable side-effects. In this presentation, we demonstrate proof of concept attacks on TensorFlow and a framework we wrote in C++ on both Linux and Windows systems. An attack of this type relies on limiting the amount of network communication to reduce to the likelyhood of detection. Accordingly, we attempt to minimize the size of the patch, in terms of number of changed parameters needed to introduce trojan behavior. On an MNIST handwritten digit classification network and on a malicious PDF detection network, we prove that the desired trojan behavior can be introduced with patches on the order of 1% of the total network size, using roughly 1% of the total training data, proving that the attack is realistic.

I am a recent graduate from Columbia Univserity with a BA in Computer Science and MS in Machine Learning, and an incoming engineer on the Acropolis Hypervisor team at Nutanix. I have experience with Linux Kernel development, data science and malware analysis. I have interned at Google, Drawbridge and Nimbledroid, and have published research with Columbia’s Wireless and Mobile Networking lab. For fun, I like to be outdoors and train Brazilian Ju-Jitsu.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Saturday - 18:05-18:35


Supercharge Your Web Recon With Commonspeak and Evolutionary Wordlists - Michael Gianarakis and Shubham Shah

When conducting a web application penetration test understanding and extending the attack surface is an exercise that is critical for success. Having a large wordlist of realistic directories, files and domains is assists immensely with this process.

Commonspeak is a wordlist generation tool that leverages public datasets from Google’s BigQuery platform. By performing queries on large datasets that are updated frequently, commonspeak is able to generate wordlists that are “evolutionary”, in the sense that they reflect the newest trends on the internet.

This presentation will discuss the concept of evolutionary wordlists and how Commonspeak parses URLs from various BigQuery datasets including HTTPArchive, Stack Overflow and HackerNews to build current, consistently evolving and realistic wordlists of directories, files, parameter names for specific technologies, and subdomains.

We will also introduce Commonspeak 2 and discuss the additions to the tool including scheduled wordlist creation, comprehensive GitHub queries a permutation engine for subdomain discovery and asynchronous wordlist generation.


Return to Index    -    Add to    -    ics Calendar file

 

SEV - Caesars Promenade South - Octavius BR 3-8 - Friday - 19:35-20:10


Friday August 10 2018 1935 30 mins

Swarm Intelligence and Augmented Reality Gaming
What do a flock of starlings, a colony of warrior ants, and a hundred-person flash mob all have in common with the red team? Swarm intelligence, the collective behavior of individuals acting autonomously, is a concept that we can apply to human systems to unlock their potential. Swarming methodologies teach a group of individuals what to do, where to go, and how to operate as a team.

Nancy Eckert (Pongolyn) explores swarm intelligence through augmented reality gaming, where
she leads teams of agents in capture-the-flag style competitions across the world. She shows how to apply social engineering strategies to groups of individuals, with the goal of achieving a collective intelligence that is greater than the sum of its parts.

Nancy Eckert: @Pongolyn
Nancy Eckert (Pongolyn) is a systems analyst and web developer in Seattle, Washington. In the augmented reality game of Ingress, Pongo is a champion strategist and team organizer for “roughly a thousand cats” across the northwestern United States. She leads competitive team-based operations across the world, where she coordinates hundreds of agents under cover of secrecy to walk, bike, drive, climb, snowshoe, boat, fly, hack, and engineer their way to remote locations in order to score points for the game. She builds neural networks in her spare time.


Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Friday - 17:00-17:59


Swiss Cheese Holes in the Foundation of Modern Security - CERT VU#919801

Chris Hanlon, Founder of SecurityAlliance.ca

In this talk we briefly introduce common SMTP/TLS implementation weaknesses explain how governments, criminals, and malicious insiders can exploit them to remotely reset account passwords, create/update/delete firewall rules, control windows desktops/laptops, access online backup systems, download full-disk Encryption Keys, watch security cameras, listen to security camera microphones, control social media accounts, and takeover AWS virtual machines.

Chris Hanlon (Twitter: @ChrisHanlonCA) has been maintaining Unix, Linux, and Windows Servers since 1998 and submitting vulnerability reports since 2000. Chris's submissions have resulted in security and privacy enhancements in Google Apps, the Linux Kernel, and Interac email transfers.


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 16:00-17:50


Swissduino—Stealthy USB HID Networking & Attack

Saturday 08/11/18 from 1600-1750 at Table Four
Offense

Mike Westmacott

The Swissduino is a set of tools on an Arduino Yun that allow for the upload of binaries to target systems remotely via USB HID Keyboard, and then provide TCP connectivity between the remote attacker system and the target purely through USB HID. The demonstration shows a Metasploit Meterpreter stub being uploaded, and then actively used without triggering anti-virus (Win 7 host…). New for 2018: (In development) Expanded toolset that allows for password extraction from login and automated installation of toolkit in Windows 10 with anti-malware/local firewall, also targeting of Linux.

Github: https://github.com/drwesty/swissduino

Mike Westmacott
Mike works for Thales Cyber & Consulting at the technical end of the cyber security practice and operates broadly on the same basis as an attacker. He has conducted over one hundred penetration tests and audits against a wide variety of systems and targets, combined with activities such as secure code review, reverse engineering and wireless assessment. Mike has worked as a CREST Certified Network Intrusion Analyst and has performed breach assessments in a number of different industry sectors including finance, engineering and government. He has managed and delivered a CVI (Cyber Vulnerability Investigation) for the UK MOD in the first of a series of industry-delivered assessments.

He has provided incident response training at board level in the form of desktop scenarios with red and blue teams engaged in a fictitious cyber-attack. This has proven to be an excellent tool for extracting tactics, forming future strategies, and educating participants.

Mike founded a volunteer group in BCS (The Chartered Institute for IT) to introduce IT practitioners to the information security industry and has presented at a government select committee and taken part in numerous senior panels at industry and government events. He has also written articles for well-known industry publications included ITnow, Computer Weekly, InfoSecurity Magazine.

Prior to working in information security Mike worked as an application support analyst on a financial trading platform and later an enterprise succession planning system. Before this Mike gained his PhD in Computer Vision at the University of Southampton.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Friday - 10:00-10:45


Synfuzz: Building a Grammar Based Re-targetable Test Generation Framework

Friday at 10:00 in 101 Track, Flamingo
45 minutes | Demo, Tool

Joe Rozner Hacker

Fuzzers have played an important role in the discovery of reliability and security flaws in software for decades. They have allowed for test case generation at a rate impossible by hand and the creation of test cases humans may never conceive of. While there are many excellent fuzzers available most are designed for mutating source files or input in random ways and attempting to discover edge cases in the handling of them. Some others are designed with structured input in mind and use grammars to more strategically generate and mutate possible inputs that adhere to the format defined. These specifically are the ones we care about for the goals of identifying differences between multiple implementations of a single language, finding bugs in parse tree generation/handling of tokens, and handling of the data at runtime once it has been successfully lexically and syntactically analyzed. We'll look at some of the shortcomings of existing fuzzers and discuss the implementation for a new platform designed to make fuzzer creation easier with the goal of being able utilize grammars from the implementations of the languages themselves.

Joe Rozner
Joe (@jrozner) is a software engineer at Prevoty where he has built semantic analysis tools, language runtimes, generalized solutions to common vulnerability classes, and designed novel integration technology leveraging runtime memory patching. He has a passion for reverse engineering, exploitation, teaching, and sharing research with others. He is the undisputed champion of the Brawndo and Booze competition from DEF CONs past with his Irish Car Mutilator winning in both the drink and dip categories.

@jrozner


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Friday - 19:15-19:15


Title: Take two of these and syscall execve() in the morning: A retrospective and primer on medical device security research

Speaker: Robert Portvliet
About Robert:
Robert Portvliet is the Director of Red Team services at Cylance, with a decade of experience in various disciplines of penetration testing. His focus is on embedded systems and wireless penetration testing and reverse engineering. Prior to joining Cylance, he was the network security service line lead for Foundstone and taught the ‘Ultimate Hacking: Wireless’ class at BlackHat 2011-2013.
Abstract:
To quote Bob Marley “If you know your history, then you would know where you coming from”. This talk is a retrospective on the last ten years or so of medical device security research, intended to bring hackers interested in this discipline up to speed on what has been accomplished to date, how it was done, why it matters and where we stand today.
This talk will timeline all the major events in medical device security research, describing in technical detail what was accomplished and how. This should make evident some of the systemic vulnerability classes present in medical devices and hopefully give the medical device security researchers of tomorrow a good idea of where to start looking.
It will also cover some of the basic tools and techniques needed to get started in this discipline, as well as some of the practicalities involved in obtaining devices, firmware and information on various classes of medical devices and how differences in attack surface may influence your choice of devices to target for research.

Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Friday - 13:00-13:59


Target-Based Security Model

Garett Montgomery, Principal Security Research Engineer at BreakingPoint (Ixia/KeySight)

Have you ever been asked 'what is the best way to protect against $ATTACK'? (usually shortly after $ATTACK makes headlines). Have you ever been challenged to provide the reasoning behind your suggestion? If you were in a room full of experts, would your reasoning hold up under scrutiny? When you discuss with your security-savvy peers, you're quickly come to a consensus on the 'best' control (!= device) to protect against $ATTACK. But do you know WHY it's the 'best'? The Target-Based Security Model is essentially a framework that breaks down attacks to their component level. This breakdown makes it easy to see what the 'best' security controls are - as well as alternative security controls that could also be applied. Its not so much something new, as it is a new way for the industry to communicate about security. In much the same way that the OSI model allows for developers to know they are talking about the same thing, a common security model allows security professionsals to communicate in a vendor-agnostic manner. Think of it as a translation tool for vendor-speak. In this talk we'll present the Target-Based Security model and discuss the following: how it came to be, what it is, and how to use it. And of course, we'll talk about how it can be used to make the world a better place - provided we all agree to use it.

Garett Montgomery (Twitter: @garett_monty) has been a Security Researcher at BreakingPoint (since acquired by Ixia; since acquired by KeySight) for the last 6+ years. Prior to joining BreakingPoint he had been employed as a Security Analyst at the Naval Postgraduate School and then an IPS Signature Developer. He holds an MS in Information Assurance and numerous (likely since-expired) security certifications. A self-described packet-monkey, he enjoys automating all the things.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Saturday - 13:00-13:20


Targeted User Analytics and Human Honeypotss - Mbis0n Shador (Not a Real name)

Many significant breaches have resulted from adversaries knowing who to target, how to target them and where to target them. Most corporations are not effectively using the largest collection of targeting data that is available on the public internet and fail to build and refine data driven threat models using the information that our adversaries are using against us. Targeted User Analytics and Human Honeypots is a research project I am working on to identify and model targeting methods with the hope of tipping the scales in our favor to defend our networks, users and critical systems.

LinkedIn is the largest collection of Business Social Networking data available to “unathenticated” persons on the public internet. With the right techniques this data can be mined to identify and enrich targets. The purpose of my talk is to present targeting techniques through a use case and to demonstrate the value of other enrichment methods involving data sets that are widely available or collected from corporate security tools. The end result is analytics that predict who will be targeted and why they are more likely to be compromised if they are targeted. This will allow for proactive action to be taken to defend users and our assets.


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Saturday - 11:15-11:59


Title: Technology Enabled Prosthetic Environments

Speaker: Gerry Scott
Abstract:
Even though employers are increasingly recruiting autistic employees, autistic adults have one of the highest unemployment rates in the United States. This paper presents ongoing research by the author: (a) providing a brief overview of current scientific and societal perspectives on autism; (b) describing an on-going qualitative study of autistic autobiographical writings to gain insight into the autistic ex-perience, challenges faced in society, and barriers to employment; and (c) proposing Technology-Enabled Prosthetic Environments (TEPE) as a design concept for the integration of assistive technology for workplace accommodation.

Return to Index    -    Add to    -    ics Calendar file

 

PPV - Flamingo Lower Level - Valley Of Fire Rms - Friday - 17:00-17:30


Title:
THC Producing, Genetically Modified Yeast

No description available
Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Saturday - 11:00-11:59


Title:
The Abyss is Waving Back

Sidragon
@sidragon1
The Abyss is Waving Back

The four paths that human evolution is charging down, and how we choose which ones right


Return to Index    -    Add to    -    ics Calendar file

 

SEV - Caesars Promenade South - Octavius BR 3-8 - Saturday - 16:00-16:50



Saturday August 11 2018 1600 50 Mins
The Abyss is Waving Back…

As humans we have four evolutionary paths:
Return to Index    -    Add to    -    ics Calendar file

 

SEV - Caesars Promenade South - Octavius BR 3-8 - Friday - 18:40-19:30



Friday August 10 2018 1840 50 mins

The Art of Business Warfare
Red Teams are designed to penetrate security in a real world test of effectiveness of security controls, policy, technology and infrastructure. Red Teams view security from an adversary perspective in order to simulate realistic attack scenarios that enable an organisation as a whole to prepare and protect against both simply and sophisticated threats. Red Teams build security culture and provide opportunities for staff to be trained using real world examples. During this presentation we will walk through a Red Team Assessment that simulates a state sponsored attack against Executives, and using their access to then test the entire security posture of the organisation from a digital, physical, social and supply chain.

Wayne Ronaldson:
Wayne has conducted security assessments for a range of leading Australian and international organisations. Wayne has unique expertise in Red Team Assessments, Physical, Digital and Social Engineering, and has presented to a number of organisations and government departments on the current and future state of the cyber security landscape in Australia and overseas.


Return to Index    -    Add to    -    ics Calendar file

 

DDV - Caesars Promenade Level - Capri Rm - Friday - 16:00-16:55


Speaker: Jessica “Zhanna” Malekos Smith

Whether you have a background in information security, law, or national security, this talk is a beginner’s guide to understanding the law of war in cyberspace. By juxtaposing the law of war with a keyboard, the process of how states evaluate the scale and effects of a cyber operation and determine a basis for resorting to a use of force under the Law of Armed Conflict, can be more readily conceptualized. For if music is indeed, the universal language of mankind, then by encouraging society to learn about this area we can collectively better strategize ways to mitigate cyber conflict.


Return to Index    -    Add to    -    ics Calendar file

 

HHV - Caesars Pool Level - Forum 17-21 - Saturday - 16:00-16:30


The Cactus: 6502 Blinkenlights 40 Years Late

Commodore Z

Abstract

While many machines prior to the microcomputer boom of 1977 were commonly found with front panel interfaces and blinkenlights, only a few obscure examples use a 6502 microprocessor. What seemed like a perfect blend of inexpensive computer technologies didn’t mix well in practice, thus kits and the majority of homebrew machines opted for other microprocessor/interface combinations. Building a computer from the ground up around a microprocessor was a process worth exploring, so why not approach it from a historical perspective? Enter the Cactus: a technological “what if” built with the goal of recreating the homebrew computer experience of the 1970s. This includes parts and construction techniques of the era, with only a few post-1980 concessions where appropriate. I will describe the process involved in making a 1970s homebrew computer ~40 years too late, as well as why such a machine never could have come to be in the era it was designed to mimic.

Bio

Commodore Z is vintage computer geek by night, and a broadcast engineer by day. He collects and restores vintage computers & robots, studies historical telephony, and peers into the past to better understand the future. He lives by the mantra “jack of all trades, master of none, but better than a master of one”, and doctors say there are traces of blood in his lead stream. When time permits, he volunteers for the Vintage Computer Federation.


Return to Index    -    Add to    -    ics Calendar file

 

PPV - Flamingo Lower Level - Valley Of Fire Rms - Saturday - 11:00-11:45


Title:
The Cantankerous Cannabis Cryptocurrency Kerfuffle

Cryptocurrency, Big Data & their efficacies re: security, economics, and operations
Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Saturday - 17:00-17:59


Title:
The challenge of building an secure and safe digital environment in the healthcare

@_j3lena_

The challenge of building an secure and safe digital environment in the healthcare

It is of utmost importance to keep healthcare data safe, secure and private. As security and healthcare professionals it is important to be aware of the many ways and reasons a criminal can bring harm to a patient. While a criminal may maliciously seek to cause harm to a patient, they are just as likely to impact a hospital or patient as an unintended consequence of a different attack. By making everything digital and connecting it online without making it safe and secure, we have made this possible.
The environment within the organization must enable infosec professionals to do the best possible job.
We, hospital staff, IT staff, and vendors, can work together to build safe and secure environment in the healthcare.


Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Saturday - 10:00-10:20


The current state of adversarial machine learning

infosecanon

Machine learning is quickly becoming a ubiquitous technology in the computer security space, but how secure is it exactly? This talk covers the research occurring in adversarial machine learning and includes a discussion of machine learning blind spots, adversarial examples and how they are generated, and current blackbox testing techniques.

Heather Lawrence is a cyber data scientist working with NARI. She earned her undergraduate and MS degrees in Computer Engineering from the University of Central Florida focusing on computer security. She is pursuing a PhD in Computer Engineering from the University of Nebraska Lincoln. Her previous experience in cyber threat intelligence modeling, darknet marketplace research, IT/OT testbed development, data mining, and machine learning has led to several awards from capture-the-flag competitions including the National Collegiate Cyber Defense Competition, CSI CyberSEED, and SANS Netwars Tournament. Her current research interests focus on the application of machine learning to cybersecurity problem sets.


Return to Index    -    Add to    -    ics Calendar file

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Sunday - 10:00-10:45


Title: The Good, the Bad, and the Private: Building and Breaking Safe Cryptocurrencies

Speakers: Sarang Noether

Description:
No description available



Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Saturday - 10:40-11:20


The great power of AI: Algorithmic mirrors of society

Aylin Caliskan

“Following the progress in computing and machine learning algorithms as well as the emergence of big data, artificial intelligence (AI) has become a reality impacting every fabric of our algorithmic society. Despite the explosive growth of machine learning, the common misconception that machines operate on zeros and ones, therefore they should be objective, still holds. But then, why does Google Translate convert these Turkish sentences with gender-neutral pronouns, “O bir doktor. O bir hemşire”, to these English sentences, “He is a doctor. She is a nurse”? As data-driven machine learning brings forth a plethora of challenges, I analyze what could go wrong when algorithms make decisions on behalf of individuals and society if they acquire statistical knowledge of language from historical human data.

In this talk, I show how we can repurpose machine learning as a scientific tool to discover facts about artificial and natural intelligence, and assess social constructs. I prove that machines trained on societal linguistic data inevitably inherit the biases of society. To do so, I derive a method that investigates the construct of language models trained on billions of sentences collected from the World Wide Web. I conclude the talk with future directions and open research questions in the field of ethics of machine learning.”

Aylin Caliskan is an assistant professor of computer science at George Washington University. Her research interests include the emerging science of bias in machine learning and fairness, AI ethics, data privacy, and security. Her work aims to characterize and quantify aspects of artificial and natural intelligence using a multitude of machine learning and language processing techniques. In her recent publication in Science, she demonstrated how semantics derived from language corpora contain human-like biases. Prior to that, she developed novel privacy attacks to de-anonymize programmers using code stylometry. Her presentations on both de-anonymization and bias in machine learning are the recipients of best talk awards. Her work on semi-automated anonymization of writing style furthermore received the Privacy Enhancing Technologies Symposium Best Paper Award. Her research has received extensive press coverage across the globe, contributing to public awareness on risks of AI. Aylin holds a PhD in Computer Science from Drexel University and a Master of Science in Robotics from the University of Pennsylvania. Before joining the department of computer science at GWU, Aylin was a postdoctoral researcher and a fellow at Princeton University’s Center for Information Technology Policy.


Return to Index    -    Add to    -    ics Calendar file

 

PPV - Flamingo Lower Level - Valley Of Fire Rms - Saturday - 15:00-15:59


Title:
The Invisible Hands Tending the Secret Greens

The macroeconomics of Big Cannabis
Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Friday - 17:00-17:45


The L0pht Testimony, 20 Years Later (and Other Things You Were Afraid to Ask)

Friday at 17:00 in Track 2
45 minutes | Audience Participation

L0pht Heavy Industries Hacker Collective

Elinor Mills Senior Vice President of Content and Media Strategy at Bateman Group

DilDog Hacker, Co-Founder, Veracode

Joe Grand, Kingpin Hacker

Space Rogue Global Strategy Lead for X-Force Red, IBM

Mudge Head of Security, Stripe.

Silicosis Hacker

John Tan Hacker

Weld Pond Hacker, Co-Founder, Veracode

2018 is the 20th anniversary of the hacker think-tank L0pht Heavy Industries testimony before the US Senate Homeland Security & Governmental Affairs Committee on the topic of weak computer security in government. The testimony made national news when the group announced they could take down the Internet in 30 minutes. It was also the first-time hackers using handles appeared before a US Legislative body.

Members of the L0pht have grown from their hacker roots to become distinguished leaders and contributors in the security community and beyond. They run multi-million dollar security-focused organizations, have lobbied the government for better security laws, work for some of the largest companies in the world, and continue to spread the message of the positive aspects of hacking.

With several of the L0pht's original members, this discussion will cover the original testimony and the changes that have happened over the last 20 years. Is the government any more secure? Have they provided enough influence to help protect its citizens' data? What steps should we take to ensure user security and privacy in the future? We are hoping for audience participation and also welcome questions about any other time in the L0pht's relatively short, but poignant, existence.

L0pht Heavy Industries
L0pht Heavy Industries was a hacker collective active between 1992 and 2000 and located in the Boston, Massachusetts area. The L0pht was one of the first viable hackerspaces in the US, and a pioneer of coordinated disclosure. In May, 1998, the group testified in front of a US Senate committee on weak computer security in government where they famously exclaimed they could take down the Internet in 30 minutes.

Elinor Mills
Elinor Mills has been intrigued by hackers since she covered DEF CON III as a journalist in 1995. Following four years reporting for the Associated Press, she joined IDG News Service and for an early travel assignment headed off to the Las Vegas desert for the annual hacker pilgrimage (a trek she's taken more than a dozen times since). There she learned about the nuances of hacking, delighted in the Spot-the-Fed contests and met youth who would one day be leaders in securing the internet today. She went on to reporting jobs at The Industry Standard, Reuters and CNET over the next two decades covering a variety of tech topics, but her main interest remained security and the passion and intellectual drive of the people looking for the flaws that threaten our digital lives. Today, she helps hackers and security entrepreneurs spread the gospel as Senior Vice President of Content and Media Strategy at Bateman Group. Software may be eating the world, but hackers are keeping it safe.

@elinormills

DilDog
DilDog joined the L0pht shortly after graduating from MIT, leaving his job at a major bank to work on a password cracker in a warehouse with a bunch of hacker misfits. Thankfully, that wasn't as ridiculous as it sounded, and it turned out that L0phtCrack would be kind of a big deal. He's still the primary maintainer of the codebase today, 20 years later. Also at L0pht and @stake, he developed AntiSniff, a promiscuous-mode device detection system, wrote a bunch of security advisories, and developed a fine cDc-brand remote administration tool named Back Orifice 2000. Also at L0pht and throughout the @stake acquisition, he developed an automated software decompilation system that would become the core of the static analysis technology for the startup he and Chris Wysopal would found in 2006, Veracode.

Joe Grand, Kingpin
Joe Grand, also known as Kingpin, is a computer engineer, hardware hacker, former DEF CON badge designer, and proprietor of Grand Idea Studio (grandideastudio.com). He joined the L0pht as a 16-year-old in 1992. The youngest member and technological juvenile delinquent, the L0pht kept him out of trouble and helped redirect his passion towards good. Kingpin worked on the POCSAG Pager Decoder Kit, AMPS-based cellular phone hacking, and Palm OS application development, among other things. He was also a t-shirt shipper, food picker-upper, MIT Flea Market hawker, and terrified speaker at the US Senate Testimony in 1998. Kingpin was responsible for getting everyone sick in his attempt at making the infamous L0pht R00t B33r. He still hasn't apologized.

@joegrand

Space Rogue
Space Rogue (Cris Thomas) joined the L0pht in 1992. While there he created one of the first Macintosh hacking sites, The Whacked Mac Archives and released an early MacOS exploit for FWB Hard Disk ToolKit. Later, while still at the L0pht he created and ran the Hacker News Network. He was part of the L0pht's US Senate Testimony in 1998. After the L0pht Space Rogue went on to work at security companies such as @Stake, Guardent, Trustwave and Tenable. He currently works as the Global Strategy Lead for X-Force Red at IBM.

@spacerog

Mudge
Mudge was responsible for early research into a type of security vulnerability known as the buffer overflow. He also published some of the first security advisories and research demonstrating early vulnerabilities such as code injection, side-channel attacks, and information leaks. In addition to these advisories he has had numerous technical papers published in peer reviewed journals.

Mudge has testified to the US Congress multiple times in addition to having a long history of teaching and lecturing at universities, military academies, and government agencies. He was the initial author of L0phtCrack and the author of early BGP attacks made famous in testimony to the US Senate referencing how to 'take down the Internet in 30 minutes.'

In 2010 he took an appointed position as a Department of Defense official within the Defense Advanced Research Projects Agency (DARPA), where he was responsible for redirecting the DoD's cyber research efforts. After his tenure at DARPA he was corporate VP of engineering at Motorola, and then the Deputy Director of Google's Advanced Technology and Projects group, before starting the 501(c)3 organization Cyber-ITL at the behest of the White House. He is presently Head of Security at Stripe.

@dotmudge

Silicosis
Silicosis (Paul Nash) joined the l0pht in 1998 and contributed to vulnerability research, with a focus on network protocols. In 1999, along with Mudge, he consulted with Marcus Ranum's new startup—Network Flight Recorder. Paul wrote a series of hybrid protocol analysis & anomaly detectors for the common protocols of the time. They successfully identified both known and unknown attacks. He continued on as a founder of @stake and continued research on network protocols—including fiber channel and 3G cellular networking. Paul was the last member of the L0pht to remain at Symantec after the acquisition.

John Tan
John Tan joined the L0pht in 1996 contributing to the Full Disclosure movement with an advisory on Novell Netware 3.x. He was part of the L0pht's 1998 US Senate Testimony and published a widely cited essay called CyberUL which pointed out the conflict of interest that exists with the still current model of security certifications for people and products. He has over 20 years experience within the Financial industry and most recently shifted his focus to Health Insurance.

Weld Pond
When Weld Pond (Chris Wysopal) joined the L0pht in 1993 there was no internet connection. He then built the l0pht.com gateway machine using Slackware 1.0 on 24 floppies. Weld was the webmaster of the l0pht.com website where all those hacker t-files from the BBS era could be found. Weld worked on the software side of L0pht researching vulnerabilities, writing advisories, building Netcat for Windows, and making L0phtCrack the first password cracker with a GUI. Weld was part of the 7 person group that testified at the US Senate in 1998 where he spoke about software transparency and liability. He joined @stake with the L0pht acquisition and worked there managing the research team and consulting at top customers like Microsoft until @stake was purchased by Symantec. Weld and Dildog then spun out the @stake static binary analysis technology to create Veracode, where he is co-founder and CTO.

@weldpond


Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Friday - 17:00-17:59


Title:
The Least Common Denominator Strategy (AKA Don't make DevOps too easy)

Daniel Williams (fbus)
@thefbus
The Least Common Denominator Strategy (AKA Don't make DevOps too easy)

"Today, much time and effort is spent on making development and deployment easier for the application developer. Simplification and automation are wonderful efforts to pursue, but with great power comes great responsibility. Deployments can grow to be a support and technical-debt nightmare if the automation and simplification efforts are not closely managed.

This talk will walk through a number of case studies, both in software development & deployment and in the greater wild world in an attempt to provide a lens to help judge when automation and simplification are going too far."


Return to Index    -    Add to    -    ics Calendar file

 

DDV - Caesars Promenade Level - Capri Rm - Saturday - 14:00-14:55


Speaker: Lior Kolnik

Full disk images introduce large amounts of data into a forensic investigation. Still, certain evidence exists only in memory, especially when dealing with malware or fileless attacks designed to stay completely in memory and avoid hitting the disk, exactly for the purposes of avoiding detection and analysis by forensic examiners. Memory forensics is a rapidly growing field, offering many free tools for RAM analysis to uncover important evidence and further the case quickly. As it turns out, these tools can also be applied to a cold drive. Due to OS features such as hibernation, paging and swap space, data from memory ends up being written to disk and survives even when the machine is powered down. In this session, the presenter will introduce the challenges faced when investigations rely solely on disk images, in cases where live memory had not been captured. The audience will then learn how investigators can still benefit from memory forensics in such cases. The presenter will give a full walkthrough of applying techniques, discuss their benefits and limitations, and show examples of results.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Sunday - 10:00-10:45


The Mouse is Mightier than the Sword

Sunday at 10:00 in 101 Track, Flamingo
45 minutes | Demo, Exploit

Patrick Wardle Chief Research Officer, Digita Security

In today's digital world the mouse, not the pen is arguably mightier than the sword. Via a single click, countless security mechanisms may be completely bypassed. Run untrusted app? click ...allowed. Authorize keychain access? click ...allowed. Load 3rd-party kernel extension? click ...allowed. Authorize outgoing network connection? click ...allowed. Luckily security-conscious users will (hopefully) heed such warning dialogues—stopping malicious code in its tracks. But what if such clicks can be synthetically generated and interact with such prompts in a completely invisible way? Well, then everything pretty much goes to hell.

Of course OS vendors such as Apple are keenly aware of this 'attack' vector, and thus strive to design their UI in a manner that is resistant against synthetic events. Unfortunately they failed.

In this talk we'll discuss a vulnerability (CVE-2017-7150) found in all recent versions of macOS that allowed unprivileged code to interact with any UI component including 'protected' security dialogues. Armed with the bug, it was trivial to programmatically bypass Apple's touted 'User-Approved Kext' security feature, dump all passwords from the keychain, bypass 3rd-party security tools, and much more! And as Apple's patch was incomplete (surprise surprise) we'll drop an 0day that (still) allows unprivileged code to post synthetic events and bypass various security mechanisms on a fully patched macOS box!

And while it may seem that such synthetic interactions with the UI will be visible to the user, we'll discuss an elegant way to ensure they happen completely invisibly!

Patrick Wardle
Patrick Wardle is the Chief Research Officer at Digita Security and founder of Objective-See. Having worked at NASA and the NSA, as well as presented at countless security conferences, he is intimately familiar with aliens, spies, and talking nerdy. Patrick is passionate about all things related to macOS security and thus spends his days finding Apple 0days, analyzing macOS malware and writing free open-source security tools to protect Mac users.

@patrickwardle


Return to Index    -    Add to    -    ics Calendar file

 

PPV - Flamingo Lower Level - Valley Of Fire Rms - Saturday - 16:00-16:59


Title:
The Ongoing Federal Lawsuit Against Jeff Sessions

No description available
Return to Index    -    Add to    -    ics Calendar file

 

PPV - Flamingo Lower Level - Valley Of Fire Rms - Friday - 14:00-14:45


Title:
The Real History of Marijuana Prohibition

podcaster
Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Saturday - 13:30-13:50


The ring 0 façade: awakening the processor's inner demons

Saturday at 13:30 in Track 1
20 minutes | Demo, Tool

Christopher Domas

Your computer is not yours. You may have shelled out thousands of dollars for it. It may be sitting right there on your desk. You may have carved your name deep into its side with a blowtorch and chisel. But it's still not yours. Some vendors are building secret processor registers into your system's hardware, only accessible by shadowy third parties with trusted keys. We as the end users are being intentionally locked out and left in the dark, unable to access the heart of our own processors, while select organizations are granted full control of the internals of our CPUs. In this talk, we'll demonstrate our work on how to probe for and unlock these previously invisible secret registers, to break into all-powerful features buried deep within the processor core, to finally take back our own computers.

Christopher Domas
Christopher Domas is a security researcher and embedded systems engineer, currently investigating scalable IoT security. He is best known for releasing impractical solutions to non-existent problems, including the world's first single instruction C compiler (M/o/Vfuscator), toolchains for generating images in program control flow graphs (REpsych), showing that all programs can be reduced to the same instruction stream (reductio), and the branchless DOOM meltdown mitigations. His more relevant work includes the sandsifter processor fuzzer, the binary visualization tool ..cantor.dust.., and the memory sinkhole x86 privilege escalation exploit.

@xoreaxeaxeax


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Saturday - 17:00-17:45


The Road to Resilience: How Real Hacking Redeems this Damnable Profession

Saturday at 17:00 in Track 1
45 minutes |

Richard Thieme, a.k.a. neural cowboy Author and professional speaker, ThiemeWorks

Two years ago Richard Thieme spoke on “Playing Through the Pain: The Impact of Dark Knowledge on Security and Intelligence Professionals” for Def Con 24. He relied on dozens of experiences provided by colleagues over a quarter-century, colleagues from NSA, CIA, corporate, and military. Responses to the presentation have often been emotional and have corroborated his thesis. The real impact of this work on people over the long term has to be mitigated by counter-measures and strategies so scars can be endured or,even better,incorporated and put to use.

In this presentation, Thieme elaborates those strategies and counter-measures. In what is likely his final speech at Def Con, he speaks directly to the “human in the machine” AS a human being. It’s not about leaving the profession: it’s about what we can do to thrive and transcend the challenges. It‘s about “saving this space,” this play space of hacking, work and life, and knowing the cost of being fully human while encountering dehumanizing impacts.

It is easier to focus on exploits, cool tools, zero days, and the games we play in the space that “makes us smile.” It is not so easy to know how to play through the pain successfully. The damage to us does not show up in brain scans. It shows up in our families, our relationships, and our lives.

Thieme is not preaching, he is sharing insights based on what he too has had to transcend in his own life. They call a lot of us “supernormals,” which means we discovered resilient responses to deprivation, abuse, profound loss … or the daily challenges of work that makes clear that evil is real. We are driven, we never quit, we fight through adversity, we create and recreate personas that work, we do what has to be done. It pays to know how we do that and know THAT we know so we can recreate resilience in the face of whatever comes our way.

A contractor for NSA suggested that everyone inside the agency should see the video of “Playing Through the Pain.” A long-time Def Con attendee asks all new hires to watch “Staring into the Abyss,” a talk Thieme did a few years before. This subject matter is seldom discussed aloud “out here” and by all accounts is not taken seriously “inside,” which is perhaps why there have been half a dozen suicides lately at NSA and a CIA veteran said, “I have 23 suicides on my mind, the most recent senior people who could not live with what they knew.”

The assumption baked into this talk: real hacking, its ethos and its execution, provides the tools we need to do this damn thing right.

This talk is in honor of Perry Barlow and the EFF.

Richard Thieme
Richard Thieme (www.thiemeworks.com) is an author and professional speaker focused on the deeper implications of technology, religion, and science for twenty-first century life. He speaks professionally about the challenges posed by new technologies and the future, how to redesign ourselves to meet these challenges, and creativity in response to radical change. His speaking generally addresses “the human in the machine,” technology-related security and intelligence issues as they come home to our humanity.

Thieme has published hundreds of articles, dozens of short stories, five books with more coming, and has delivered hundreds of speeches. His pre-blog column, "Islands in the Clickstream," was distributed to thousands of subscribers in sixty countries before collection as a book in 2004. When a friend at the NSA told him, "The only way you can tell the truth [that we discuss} is through fiction," he returned to writing short stories, one result of which is "Mind Games," a collection of nineteen stories about anomalies, infosec, professional intelligence and edgy realities. More edgy realities are illuminated in the recently published and critically extolled “UFOs and Government: A Historical Inquiry” to which he contributed, a 5-year research project using material from inside the military and intelligence communities to document government responses to the phenomena from WW2 to the present. It is in the collections of 100+ libraries. He is primary editor for a sequel which is in the works.

Many speeches address technology-related security and intelligence issues. Richard keynoted the first two Black Hats and has keynoted conferences around the world. Clients range from GE, Microsoft and Medtronic to the National Security Agency, the Pentagon, FBI, US Dept of the Treasury, and the US Secret Service. His work has been taught at universities in Europe, Australia, Canada, and the United States, and he has guest lectured at numerous universities.


Return to Index    -    Add to    -    ics Calendar file

 

IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - Friday - 15:45-16:30



Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon F - Thursday - 14:30-18:30


The Truth is in the Network: Reverse Engineering Application-Layer Protocols Via PCAP

Thursday, 1430-1830 in Icon F

David Pearson Principal Threat Researcher, Awake Security

Reverse engineering has become an increasingly important element of network security. The ability to break a system down in order to understand its base components and how they interact is critical to understanding not just how the system works, but the ways it can leave your network vulnerable. This is especially true at the application level, where insecure or poorly managed applications can leak sensitive data. In this hands-on workshop, attendees will learn how to reverse engineer real application-layer protocols. During our time together, we'll start at the surface and do a deep technical dive into the network traffic of a common remote access application. Along the way, we'll:

1. Introduce protocol reverse engineering and explain its importance
2. Learn how to discover structured data
3. Determine if data is encoded or encrypted
4. Understand how various protocols interact
5. Uncover secondary communications and information leaks in a hands-on fashion

All materials and content are freely available at https://dl.awakesecurity.com/defcon/nw_re_tools/resources.html and will remain so.

Prerequisites: Familiarity with a network packet capture and analysis tool -such as Wireshark - will provide a solid foundation on which to build. In addition, a basic understanding of lua scripts will be beneficial.

Materials: Students will need a laptop with Wireshark installed and access to the Internet. An IDE of choice is also recommended.

Max students: 84

Registration: -CLASS FULL- https://www.eventbrite.com/e/the-truth-is-in-the-network-reverse-engineering-application-layer-protocols-via-pcap-icon-f-tickets-47086494974
(Opens July 8, 2018 at 15:00 PDT)

David Pearson
Having used Wireshark ever since it was Ethereal, David has been analyzing network traffic for well over a decade. He has spent the majority of his professional career understanding how networks and applications work, currently as Principal Threat Researcher for Awake Security. David holds computer security degrees from the Rochester Institute of Technology (BS) and Carnegie Mellon University (MS).


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Thursday - 10:00-10:45


ThinSIM-based Attacks on Mobile Money Systems

Thursday at 10:00 in 101 Track, Flamingo
45 minutes | Demo, Exploit

Rowan Phipps Undergraduate researcher, University of Washington

Phone-based mobile money is becoming the dominant paradigm for financial services in the developing world processing more than a billion dollars per day for over 690 million users. For example, mPesa has an annual cash flow of over thirty billion USD, equivalent to nearly half of Kenya's GDP. Numerous other products exist inside of nearly every other market, including GCash in the Philippines and easyPaisa in Pakistan. As a part of this growth, competitors have appeared who leverage ThinSIMS, small SIM card add ons, to provide alternative mobile money implementations without operating their own mobile networks. However, the security implications of ThinSIMs are not well understood.

This talk dives into decade old telecom standards to explore how ThinSIMs work and what attackers of mobile money systems can do when they control the interface between the SIM card and the phone. We will also demo two proof of concept exploits that use ThinSIMs to steal money from mobile money platforms and detail the difficulties of defense.

Rowan Phipps
Rowan is an undergraduate at the University of Washington where he studies Computer Science. He's a member of Batman's Kitchen and has participated in CTF and CCDC competitions. Last summer he worked in the Digital Financial Services Research Group looking into the security of mobile money. In his spare time he likes to dabble with hardware design.

@RowanPhipps


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon C - Friday - 14:30-18:30


Threat Hunting with ELK

Friday, 1430-1830 in Icon C

Ben Hughes

Fred Mastrippolito

Jeff Magloire

This hands-on training will walk attendees through leveraging the open source ELK (Elastic) stack to proactively identify malicious activity. The basic tools and techniques taught during this class can be used to investigate isolated security incidents or implemented at scale for continuous monitoring and hunting. Attendees will be provided with access to a preconfigured ELK cluster and extensive sample logs containing diverse malicious events waiting to be discovered. The training will conclude with a friendly CTF to give attendees an opportunity to collaborate on teams and put their learning into practice in a simulated network environment.

Prerequisites: Past blue team experience (SOC, NSM, threat hunting, IR, forensics, etc.) is helpful, but not required.

Materials: Students will need to bring their own Windows/Linux/macOS laptop with 8+ GB RAM, WiFi, and VirtualBox or VMware installed. A VM will be made available to attendees for download before class, as well as available on USB flash drives at the start of class.

Max students: 66

Registration: -CLASS FULL- https://www.eventbrite.com/e/threat-hunting-with-elk-icon-c-tickets-47193887187
(Opens July 8, 2018 at 15:00 PDT)

Ben Hughes
Ben (@CyberPraesidium) brings over 12 years of diverse experience in cyber security, IT, and law. He leads Polito's commercial services including vulnerability assessments, penetration testing, incident response, forensics, and threat hunting. Prior to joining Polito, Ben worked on APT hunt teams at federal and commercial clients, sharpening his skills in network security monitoring, IR, forensics, malware analysis, security configuration, and cyber threat intelligence. He holds CISSP, GCFA, GWAPT, and Splunk Power User certifications. Ben is also a member of the Maryland bar and volunteers at a pro bono legal clinic.

Fred Mastrippolito
With over 15 years of experience in cybersecurity, Fred (@politoinc) was a founding member of an elite group of computer forensics and intrusion analysts for a major defense contractor. He has performed numerous web application assessments and penetration tests for financial services, federal government, and retail clients. He has managed SOCs, responded to incidents, and analyzed malware. Jeff is a highly skilled cleared professional with extensive knowledge working with information security and incident response cases in both the corporate and federal sector.

Jeff Magloire
Jeff has 9 years of expertise in the field of Endpoint and Mobile based Intrusion Detection and Protection, Network security, e-Discovery, Mobile Application Security, and Information security. His experience includes providing Subject Matter Expertise in the area of forensics and cyber security for some of America's essential government entities such as the White House, FBI, DOJ, SEC to name a few. Jeffrey currently holds a Masters of Science in Digital Forensics from George Mason University along with a Bachelors in Business Information Technology from St Johns University. Jeffrey also has industry recognized certifications such as GIAC Certified Forensic Analyst, Encase Examiner and Encase E-Discovery, Xways, and Cellebrite Certifications.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Saturday - 10:00-10:45


Through the Eyes of the Attacker: Designing Embedded Systems Exploits for Industrial Control Systems

Saturday at 10:00 in 101 Track, Flamingo
45 minutes | Demo

Jos Wetzels Security Researcher, Midnight Blue Labs

Marina Krotofil ICS/SCADA Security Professional

In 2017 a malware framework dubbed TRITON (also referred to as TRISIS or HatMan) was discovered targeting a petrochemical plant in Saudi Arabia. TRITON was designed to compromise the Schneider Electric Triconex line of Safety Instrumented Systems (SIS), potentially in order to cause physical damage. TRITON is the most complex publicly known ICS attack framework to date and the first publicly known one to target safety controllers. While the functionality of the malware is understood, little is known about the complexity of developing such an implant. The goal of this talk is to provide the audience with a “through the eyes of the attacker” experience in designing advanced embedded systems exploits & implants for Industrial Control Systems (ICS). Attendees will learn about the background of the TRITON incident, the process of reverse-engineering and exploiting ICS devices and developing implants and OT payloads as part of a cyber-physical attack and will be provided with details on real-world ICS vulnerabilities and implant strategies.

In the first part of the talk we will provide an introduction to ICS attacks in general and the TRITON incident in particular. We will outline the danger of TRITON being repurposed by copycats and estimate the complexity and development cost of such offensive ICS capabilities.

In the second and third parts of the talk we will discuss the process of exploiting ICS devices to achieve code execution and developing ICS implants and OT payloads. We will discuss real-world ICS vulnerabilities and present several implant scenarios such as arbitrary code execution backdoors (as used in TRITON), pin configuration attacks, protocol handler hooking to spoof monitored signal values, suppressing interrupts & alarm functionality, preventing implant removal and control logic restoration and achieving cross-boot persistence. We will discuss several possible OT payload scenarios and how these could be implemented on ICS devices such as the Triconex safety controllers.

In the final part of the talk we'll wrap up our assessment of the complexity & cost of developing offensive ICS capabilities such as the TRITON attack and offer recommendations to defenders and ICS vendors.

Jos Wetzels
Jos Wetzels is an independent security researcher with Midnight Blue specializing in embedded systems security across various domains ranging from industrial and automotive systems to IoT and networking equipment. He previously worked as a researcher at the Distributed and Embedded Security group (DIES) at the University of Twente (UT) where he developed exploit mitigation solutions for constrained Industrial Control Systems (ICS) used in critical infrastructure, performed various security analyses of state-of-the-art network and host-based intrusion detection systems and has been involved in the AVATAR research project regarding on-the-fly detection and containment of unknown malware and Advanced Persistent Threats. He has assisted teaching hands-on offensive security classes for graduate students at the Dutch Kerckhoffs Institute for several years.

@s4mvartaka

Marina Krotofil
Marina Krotofil is an experienced ICS/SCADA professional. She previously worked as a Principal Analyst in Cyber-Physical group at FireEye (USA), Lead Cyber Security Researcher at Honeywell (USA) and as a Senior Security Consultant at the European Network for Cyber Security (Netherlands). She spent seven years researching on offensive Industrial Control Systems (ICS) security: discovering and weaponizing unique attack vectors, engineering damage scenarios and understanding attacker techniques when exploiting ICS. Marina offensive security skills serves her well during Incident Responses, ICS malware analysis and when engineering defenses. She authored more than 20 academic and white papers on ICS security and is a frequent speaker at the leading security events around the world. She holds MBA in Technology Management, MSc in Telecommunication and MSc in Information and Communication Systems.

@marmusha


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Saturday - 12:00-12:45


Tineola: Taking a Bite Out of Enterprise Blockchain

Saturday at 12:00 in Track 1
45 minutes | Demo, Tool

Stark Riedesel Synopsys, Senior Consultant

Parsia Hakimian Synopsys, Senior Consultant

Blockchain adaptation has reached a fever pitch, andthe community is late to the game of securing these platforms against attack. With the open source community enamored with the success of Ethereum, the enterprise community has been quietly building the next generation of distributed trustless applications on permissioned blockchain technologies. As of early 2018, an estimated half of these blockchain projects relied on the Hyperledger Fabric platform.

In this talk we will discuss tools and techniques attackers can use to target Fabric. To this end we are demoing and releasing a new attack suite, Tineola, capable of performing network reconnaissance of a Hyperledger deployment, adding evil network peers to this deployment, using existing trusted peers for lateral network movement with reverse shells, and fuzzing application code deployed on Fabric.

As George Orwell said: "Who controls the past controls the future. Who controls the present controls the past." This talk will demonstrate how a sufficiently armed red team can modify the blockchain past to control our digital future.

Stark Riedesel
Stark Riedesel is a senior consultant at Synopsys with six years of security industry experience. He has filled a variety of roles, including penetration tester, researcher, lecturer, and security architect. Stark’s active areas of research are public and private blockchain platforms, NoSQL-based exploitation techniques, and container orchestration. Outside work,Stark speaks and hosts CTF events at the Dallas, Texas, OWASP chapter and local universities.

Parsia Hakimian
Parsia Hakimian is a senior consultant at Synopsys with seven years of security industry experience. He has worked on enterprise blockchains, online multiplayer games, stock exchange platforms, mobile device management suites, and IoT devices. On a different continent, he was a C developer, university instructor, and single-player game cheater. Parsia is currently evangelizing Golang to the security community and practicing in-memory fuzzing.


Return to Index    -    Add to    -    ics Calendar file

 

ICS - Flamingo Lower Level - Red Rock Rm 6-8 - Saturday - 13:55-14:25


TOR for The IOT aka TORT Reform

August 11, 2018 1:55 PM

Exploitation is a given. Unwanted parties will gain access eventually whether it is through technical, physical, or social means. The only other certainty is they will continue to come up with new ways to innovate. They have to blend in to succeed so how do they balance those two competing influences? More than just the inconvenience, at worst, of taking over simple I/IOT or the creepiness of your home webcam. We will begin by analyzing the attacks that have happened and how they worked. Then, we will build our own. I will walk through how an attacker doesn’t just attack you, but can easily build a mass attack campaign to take over thousands. Once they do, I show how instead of that inconvenience, they can laterally take over the house and hop to steal interesting things like embarrassing photos, social security numbers, bank account information, intellectual property, and tax returns for profit. If you cannot keep them out what can you do? For starters, let’s understand how they communicate including some unique ideas for protocols (Google Suite) and infrastructure (traditional smokescreen for non-attribution to re-purposing I/IoT devices). This is the attacker’s vulnerability: They have to use your connectivity. Finding them on endpoints is fairly difficult because they have numerous ways to evade. But, on the wire… the options are limited to just blending in. This talk is aimed to provide something to both offense and defense. For offense, demonstration of basic (orientation of concepts) to novel approaches for traffic protocols and infrastructure. For defense, awareness of traffic patterns along with protocol analysis with experiential detail (wireshark) helps them learn to fish (no pun intended) for a lifetime instead of just eating for a day since none of this is static in real life.

Speaker Information

Bryson Bort

SCYTHE

Bryson is the Founder and CEO of SCYTHE, Founder of GRIMM, and Founding Member of the ICS Village, a non-profit advancing education and awareness of security for industrial control systems. Prior to launching SCYTHE and GRIMM, Bryson led an elite research & development (R&D) division that directly contributed towards National Security priorities and interest. Prior to that he developed an enterprise R&D program and supported creation of a cybersecurity strategy as a Deputy CTO and Program Director focused on supporting technology research and global infrastructure for the DoD and the Intelligence Community. As a U.S. Army Officer, Bryson led a tactical communications platoon in support of Operation Bright Star in September 2001. He served as a Battle Captain and as a Brigade Engineering Officer in support of Operation Iraqi Freedom before leaving the Army at the rank of Captain. Bryson received his Bachelor of Science in Computer Science with honors from the United States Military Academy at West Point and completed numerous U.S. Army professional education courses in tactical communications and information assurance. He holds a Master’s Degree in Telecommunications Management from the University of Maryland and a Master’s in Business Administration from the University of Florida in addition to completing graduate studies in Electrical Engineering and Computer Science at the University of Texas.


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Saturday - 15:00-14:59


Title: Torrent More Pharmaceutical Drugs. File Sharing Still Saves Lives.

Speaker: Mixæl Laufer
About Mixæl:
Chief spokesman for the Four Thieves Vinegar Collective, Mixæl Laufer worked in mathematics and high energy physics until he decided to use his background in science to tackle problems of global health and other social issues. Perpetually disruptive, his most recent project makes it possible for people to manufacture their own medications at home. Open-source, and made from off-the-shelf parts, the Apothecary MicroLab puts many medications within the reach of those who would otherwise not have them.
Abstract:
Two years ago, the Four Thieves Vinegar Collective became public at HOPE XI after almost a decade of working underground, and debuted the first generation of the Apothecary Microlab, the open-source automated chemical reactor designed to synthesize the active ingredients of pharmaceutical drugs. We synthesized Daraprim onstage, and called Martin Shkreli's cell phone from stage. It was a good time. Since then, the reactor has developed, and we have worked on more complicated syntheses, and hacking medical hardware. Most notably, we released plans for a DIY version of the EpiPen anyone can make for $30US. Come see the new releases we have planned and the new beta unit. Learn how to make medicine from poison, how to use the shrouding of information about medicine to make custom-tailored treatment programs for rare diseases, and how to use public data to find new, more efficient synthesis pathways for drugs. Hack your health. We can torrent medicine. File sharing saves lives.

Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Saturday - 15:20-15:59


Towards a framework to quantitatively assess AI safety – challenges, open questions and opportunities.

Ram Shankar Siva Kumar

While the papers are piling in arxiv on adversarial machine learning, and companies are committed to AI safety, what would a system that assess the safety of ML system look like in practice? Compare a ML system to a bridge under construction. Engineers along with regulatory authorities routinely and comprehensively assess the safety of the structure to attest the bridge’s reliability and ability to function under duress before opening it to the public. Can we as security data scientists provide similar guarantees for ML systems? This talk lays the challenges, open questions in creating a framework to quantitatively assess safety of ML systems. The opportunities, when such a framework is put to effect, are plentiful – for a start, we can gain trust with the population at large that ML systems aren’t brittle; that they just come in varying, quantifiable degrees of safety.

Ram Shankar is a Data Cowboy on the Azure Security Data Science team at Microsoft, where his primary focus is modeling massive amounts of security logs to surface malicious activity. His work has appeared in industry conferences like BlueHat, DerbyCon, MIRCon, Strata+Hadoop World Practice of Machine Learning as well as academic conferences like NIPS, IEEE Usenix, ACM - CCS. Ram graduated from Carnegie Mellon University with a Masters in Electrical and Computer Engineering. If you work in the intersection of Machine Learning and Security, he wants to learn about your work!


Return to Index    -    Add to    -    ics Calendar file

 

Meetup - (off Site)Sunset Park, Pavilion F, (36.0636, -115.1178) - Thursday - 16:00-21:59


Title:
Toxic BBQ

The humans of Vegas invite everyone to sear their meat in the searing heat! Kick off the con at Sunset Park, Pavilion F on Thursday afternoon with meat, beer, and conversation at this unofficial welcome party. Burgers and dogs are provided; contribute the rest as you can (more food, drinks, grilling, donations, and rides). This event is off-site, so watch the Info Booth @dcib for carpool times and event updates.

Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 12:00-13:50


trackerjacker

Saturday 08/11/18 from 1200-1350 at Table One
Offensive and Defensive Wireless Hackers

Caleb Madrigal

trackerjacker is a new wifi tool that allows you to (a) see all wifi devices and which wifi networks they're connected to, along with how much data they've sent, how close by they are, etc, and (b) look for interesting traffic patterns and trigger arbitrary actions based on those patterns. The "mapping" functionality is sort of like nmap for wifi—it lists all wifi networks nearby, and under each network it lists all the clients connected to that network. The "trigger" functionality allows users to do things like "if this device sends more than 10000 bytes in 30 seconds, do something". It also includes a powerful Python plugin system that makes it simple to write plugins to do things like "if I see an Apple device with a power level greater than -40dBm, deauth it". If you want to do any sort of wifi recon/monitoring/hacking, trackerjacker will almost certainly make the job easier!

https://github.com/calebmadrigal/trackerjacker

Caleb Madrigal
Caleb is a programmer who enjoys hacking and mathing. He is a member of the Mandiant/FireEye applied research team, where he researches and builds sweet incident response software. Recently, he's mostly been hacking with Python, Jupyter, C, and Machine Learning. Though only recently getting into the security space professionally, Caleb has been into security for a while—in high school, he wrote his own (bad) cryptography and steganography software. In college, he did a good bit of "informal pen testing". These days, he has fun doing a lot of Radio/Wireless hacking, and using Machine Learning/Math to do cool security-related things.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Sunday - 13:00-13:45


Trouble in the tubes: How internet routing security breaks down and how you can do it at home

Sunday at 13:00 in 101 Track, Flamingo
45 minutes | Demo, Tool

Lane Broadbent Security Engineer, Vivint

We all protect our home networks, but how safe is your data once it leaves on its journey to the latest cat pictures? How does your traffic make it to its destination and what threats does it face on its way? What is BGP and why should you care?

In this talk, I'll explain the basic structure of the network that is the Internet and the trust relationships on which it is built. We'll explore several types of attacks that you may have seen in the news that exploit this relationship to bring down websites, steal cryptocurrency, and monitor dissidents.

Because talking about bringing down the Internet isn't as much fun as doing, I'll show how to create a mini Internet using Mininet and demonstrate the attacks without the need for a BGP router or a lawyer. Finally, because nation states shouldn't get to have all the fun, I'll use Scapy and some novel techniques to demonstrate how a compromised router can be used to prevent attribution, frame a friend, or create a covert communication channel.

Lane Broadbent
Lane Broadbent is a Security Engineer performing threat hunting and full stack security engineering for Vivint, a tech company focused on IoT and home security. With over a decade of experience in research, pen testing, and jack of all trades systems administration, Lane now works to secure IoT devices and the systems that interact with them. In his free time, Lane tries to best the corporate NTP pool with parts salvaged from thrift stores.


Return to Index    -    Add to    -    ics Calendar file

 

VMHV - Caesars Pool Level - Forum 14-16 - Friday - 16:00-16:30


Title:
Trustworthy Elections

No description available
Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Saturday - 13:00-13:30


Turning Deception Outside-In: Tricking Attackers with OSINT

Hadar Yudovich, Security Researcher at Illusive Networks
Tom Sela, Head of Security Research at Illusive Networks
Tom Kahana, Security Researcher at Illusive Networks

Deceptions use attackers' own tactics to force them to reveal themselves. Deception techniques are typically used inside the network once attackers have broken in. Once inside, attackers use credentials to move laterally. But before penetrating their target, attackers often study publicly available data to plan their attack. Can we assume that attackers continue to use public information once they've broken in? Could externally-planted deceptions expand our range of visibility on the adversary's activity? In this session, we will present research we conducted to answer these questions, and introduce a tool you can use to "try it at home." We first took a deeper look at various OSINT resources-social media, paste sites, public code repositories, etc.-to refine our picture of the types of publicly-available data, attackers might use to further an attack. Then we planted various deceptive information. For example, on PasteBin we created a fake "paste" page containing a dump of fake credentials. On GitHub we created a fake repository of code containing "accidental" commits (git commit -am 'removed password'). Next, we paired these deceptions with relevant data and user objects within a simulated network environment. We then started monitoring and waited for an attacker to bite.

Hadar (Twitter: @hadar0x) is a Security Researcher at Illusive Networks. He has eight years of experience in cyber security, with six of those years focused on digital forensics and incident response (DFIR), both in the Israeli Air Force and in the private sector. Before joining Illusive Networks, he was a malware researcher for IBM Security where he hunted for new malware families and researched new techniques for malware detection. Hadar holds a Bachelor's degree in Computer Science from the Holon Institute of Technology, and several certifications, including the GIAC Certified Forensic Analyst (GCFA). In his free time he likes to develop open source forensic tools and solve forensic challenges.

Tom Sela (Twitter: @4x6hw) is Head of Security Research at Illusive Networks. He specializes in reverse engineering, malware research, deception development and OS internals. Prior to joining Illusive, Tom headed the Malware Research team at Trusteer (acquired by IBM), where he was responsible for Trusteer's anti-fraud endpoint product. At Trusteer he also led a team of reverse-engineers, researching the internals of advanced malware. As an active contributor to the security research community, Tom has spoken at DefCon and IEEE events. He attended the Israeli Naval Academy at the University of Haifa and holds a B.Sc. from Ben-Gurion University.

Tom Kahana (Twitter: @tomkahana1) is a Security Researcher at Illusive Networks, with over nine years in cybersecurity. He specializes in Windows internals. Prior to Illusive Networks, Tom worked for Trusteer, where he specialized in exploitation techniques. Among other accomplishments, he is credited with discovery of ASLR security bypass vulnerability CVE-2016-0012. Tom served five years in an elite unit of the Israel Defense Force (IDF), specializing in Cyber Security Research and Development. Tom is studying for his Bachelor's of Computer Science degree at the Open University of Israel.


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Sunday - 11:00-12:00


Title:
Two-Steps to Owning MFA

11:00am

Two-Steps to Owning MFA
When
Sun, August 12, 11am 12pm
Description
Speakers
-------
Sherrie Cowley
Dennis Taggart

Abstract
--------
Authentication is not a companys silver bullet. We will walk through common methods used in MFA including SMS, TOTP (i.e. Google Authenticator), Push Notifications, and U2F Security Keys. We will show how each method works in simple terms and the weaknesses of all of them. You will be able to generate your own TOTP six digit code and learn how to break each MFA method. You will also learn additional controls to protect your environments. This presentation will appeal to both red and blue teams.

Bio
-----------------
Sherrie Cowley has a Masters in Information Systems with an emphasis on software engineering and cyber security. She has managed help desk, software engineering, and identity and access management teams and is currently an Information Security Manager for a large organization. She has presented at SaintCon, HackWest, and multiple universities, was a keynote for Splunk Live, and acts as a liaison for InfraGard members and the FBI Cyber Task Force.

Dennis Taggart is the Sr. Penetration Tester for a large organization. He holds over five years of information security experience and has diverse interests. He earned a B.A. in Middle Eastern Studies (Arabic), an M.A. in Political Science, holds seven GIAC certs, winner of a hardware hacking village and NetWars, and is currently pursuing the MSISE from SANS.

Twitter handle of presenter(s)
------------------------------
@SherrieCowley @dennisdt3

Website of presenter(s) or content
----------------------------------
Breakingmfa.com

Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Friday - 14:00-14:45


UEFI exploitation for the masses

Friday at 14:00 in 101 Track, Flamingo
45 minutes | Demo

Mickey Shkatov Hacker

Jesse Michael Hacker

So how do you debug bios and triage a vulnerability for exploitability with no stack trace or error log? How do BIOS developers do it? Do not worry! We will explain how anyone can have debug capabilities on modern Intel platforms and show you how this massively simplifies exploit dev. Developing an exploit for a BIOS vulnerability is a different experience than other types of exploit dev. Your available code base to draw from is unlike what you would expect when running at the operating system level and you have no gdb you can use.

In this talk we will summarize BIOS exploitation techniques and dive deeper into the specifics of an exploit we developed to provide reliable arbitrary code execution for an"over-the-internet" bios update vulnerability we found and responsibly disclosed. We will explain the relevant parts of UEFI and talk more about the exploit mitigations that exist there. We will also explain how to explore System Management Mode (SMM) in an Intel based platform, utilizing Intel hardware debug capabilities on an Intel 8th gen platform to obtain SMRAM content, analyze its contents, and search for vulnerable code.

Mickey Shkatov
Mickey Shkatov, a principal researcher at Eclypsium, has been performing security research and product security validation since 2010, He has also presented multiple times at DEF CON A and BlackHat, PacSec, CanSecWest, BruCon, Hackito Ergo Sum, and BSides Portland.

@HackingThings

Jesse Michael
Jesse Michael is an experienced security researcher focused on vulnerability detection and mitigation who has worked at all layers of modern computing environments from exploiting worldwide corporate network infrastructure down to hunting vulnerabilities inside processors at the hardware design level. His primary areas of expertise include reverse engineering embedded firmware and exploit development. He has also presented multiple times at DEF CON, PacSec, Hackito Ergo Sum, and BSides Portland.

@JesseMichael


Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Friday - 16:00-16:59


Using AI to Create Music

dj beep code

Creativity has traditional been a purely human pursuit. However, with recent developments in computational creativity, it has become apparent that the generation of art can now be accelerated with artificial intelligence. Come prepared to learn about reinforcement learning, deep belief networks, and be entertained by music composed in mere seconds, right in front of your eyes.

“With a BS in Applied Mathematics, and a MS in computer science, dj launched her career in engineering in working on the Thirty Meter Telescope project. Over the next 12 years, she specialized in remote sensing algorithms, culminating as the principle investigator in an Office of Naval Research contract on the classification of signals. In 2014 she took her breadth of machine learning knowledge in applied research to the IBM Watson group. Within IBM Watson she leads teams that create AI applications for business, and on the side hacks on The Watson Beat code base. She also plays bass guitar in a bad cover band.”


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Friday - 17:25-17:55


Using Deep Learning to uncover darkweb malicious actors and their close circle - Rod Soto and josephzadeh

This presentation shows how data driven techniques can be used to provide vision and establish relationships between users and participants of DarkWeb forums. These relationships can provide clues to uncover and reveal tracks of malicious actors. Things such as chat room transcripts and forum data are used can be used to build graphical relationships.

This provides a context where it is possible to use machine learning algorithms to unmask relationships and profile users of these dark forums. Some of the methods used include Machine Learning Algorithms such as Googles PageRank. Once this users are profiled it is possible to predict behaviors, gaining further understanding of actors using these forums to obfuscate and evade attribution.

Live Demo


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Flamingo - Lower Level - Red Rock RM 6 - Friday - 20:30-25:59


Title:
Vet Con

A Party thrown by Veterans for everyone! Come join in as veterans from all branches come together to celebrate and take on challenges that you only hear about in movies. Space force recruiting? Airmen in a chair race? Military drill displays? All this and more. It's time to raise hell the way our people in uniform are famous for.
More Info: @VetConActual

Return to Index    -    Add to    -    ics Calendar file

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Sunday - 13:00-13:59


Title: Village summary

Speakers: Diego "rehrar" Salazar

Description:
No description available



Return to Index    -    Add to    -    ics Calendar file

 

PPV - Flamingo Lower Level - Valley Of Fire Rms - Friday - 18:15-18:59


Title:
Vulnerabilities in Cannabis Software

No description available
Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Friday - 12:00-12:45


Vulnerable Out of the Box: An Evaluation of Android Carrier Devices

Friday at 12:00 in Track 1
45 minutes | Audience Participation, Exploit

Ryan Johnson Director of Research at Kryptowire

Angelos Stavrou CEO at Kryptowire

Pre-installed apps and firmware pose a risk due to vulnerabilities that can be pre-positioned on a device, rendering the device vulnerable on purchase. This means that the vulnerabilities are present even before the user enables wireless communications and starts installing third-party apps. To quantify the exposure of the Android end-users to vulnerabilities residing within pre-installed apps and firmware, we analyzed a wide range of Android vendors and carriers using devices spanning from low-end to flagship. Our primary focus was exposing pre-positioned threats on Android devices sold by United States (US) carriers, although our results affect devices worldwide. We will provide details of vulnerabilities in devices from all four major US carriers, as well two smaller US carriers, among others. The vulnerabilities we discovered on devices offered by the major US carriers are the following: arbitrary command execution as the system user, obtaining the modem logs and logcat logs, wiping all user data from a device (i.e., factory reset), obtaining and modifying a user’s text messages, sending arbitrary text messages, and getting the phone numbers of the user’s contacts, and more. All of the aforementioned capabilities are obtained outside of the normal Android permission model. Including both locked and unlocked devices, we provide details for 37 unique vulnerabilities affecting 25 Android devices with 11 of them being sold by US carriers. In this talk, we will present our framework that is capable of discovering 0-day vulnerabilities from binary firmware images and applications at scale allowing us to continuously monitor devices across different manufacturers and firmware versions. During the talk, we plan to perform a live demo of how our system works.

Ryan Johnson
Ryan Johnson is a PhD student at George Mason University in Fairfax, VA. His research interests are static and dynamic analysis of Android apps and reverse engineering. He is a co-founder of Kryptowire LLC.

Angelos Stavrou
Dr. Angelos Stavrou founded Kryptowire LLC, and he is an Associate Professor at George Mason University (GMU) and the Director of the Center for Assurance Research and Engineering (CARE) at GMU.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Thursday - 14:00-14:45


WAGGING THE TAIL—COVERT PASSIVE SURVEILLANCE AND HOW TO MAKE THEIR LIFE DIFFICULT

Thursday at 14:00 in 101 Track, Flamingo
45 minutes |

Si Independent Security Consultant

Agent X Hacker

In this modern digital age of technically competent adversaries we forget that there may still be a need to conduct old school physical surveillance against a target. Many organisations utilise surveillance teams and these may be in-house in the case of government agencies or third-party teams contracted for a specific task and their targets range from suspected terrorists to people accused of bogus insurance claims.

Whilst most people think that they may never be placed under surveillance some professions increase this probability. For example, if you are a member of the press with sources that you only meet face to face you could be a target especially if the source is a whistleblower or has information that their employer would rather they didn't give to you. Would it seem far-fetched to think that a hacker, security researcher or a member of the EFF could be placed under surveillance? Maybe even some current and former DEF CON speakers and attendees?

These teams are not the lone Private Investigator sat in their car at the bottom of your street but are highly trained individuals whose job is to remain undetected. Their mission is to observe and identify interactions and document everything they see. They aim to be "The Grey Man", that person, when asked to describe, you are unable to. Their techniques have changed very little over decades because they work.

This talk will focus on mobile and foot surveillance techniques used by surveillance teams. It will also include tips on identifying if you are under surveillance and how to make their life difficult.

Si
Si previously served 22 years in the British Army and is now an independent security consultant with over 25 years of combined experience in various security fields. He always tries to follow the mantra "security must make sense".

@SecuritySense

Agent X
Agent X is a hacker, interested in offensive security, espionage, and operational security. He's been a DEF CON goon for the last twenty years and spent a majority of that time as head of speaker operations. A loud-mouth, he's spoken at DEF CON, Notacon, Shmoocon, Hackcon, Pumpcon, and Hushcon. He travels internationally more than most but not as much as he'd like. He lives in a van down by the river.


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 5 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 14:00-15:50


Walrus

Saturday 08/11/18 from 1400-1550 at Table Five
Offense (physical security assessors), Defense (contactless access control system users)

Daniel Underhay

Matthew Daley

Walrus is an open-source Android app for contactless card cloning devices such as the Proxmark3 and Chameleon Mini. Using a simple interface in the style of Google Pay, access control cards can be read into a wallet to be written or emulated later.

Designed for physical security assessors during red team engagements, Walrus supports basic tasks such as card reading, writing and emulation, as well as device-specific functionality such as antenna tuning and device configuration. More advanced functionality such as location tagging makes handling multiple targets easy, while bulk reading allows the stealthy capture of multiple cards while “war-walking” a target.

We’ll be demoing Walrus live with multiple short- and long-range card cloning devices, as well as giving a sneak peek of future plans for the app.

https://walrus.app/

Daniel Underhay
Daniel Underhay is a Security Consultant working at Aura Information Security. He has presented at Troopers, Black Hat Asia Arsenal, ChCon, OzSecCon, and BSides Wellington. He enjoys all aspects of penetration testing, red teaming and phishing engagements.

Matthew Daley
Matthew Daley is a Senior Security Consultant at Aura Information Security. He has presented at Black Hat Asia Arsenal, BSides Wellington, OzSecCon, and OWASP New Zealand. He enjoys vulnerability discovery and exploitation, developing tools to help pentesters in their work, and writing long mailing list disclosures.


Return to Index    -    Add to    -    ics Calendar file

 

WLV - Caesars Promenade Level - Milano BR 5,6 - Saturday - 13:00-13:55


elkentaro

Bio

Kentaro is the guy who builds funky wifi gadgets for fun. Kentaro is known as "that guy in Tokyo who build crazy hacker gadgets." Creations include the HackChip, Kismet Mobile Dashboard, Wifi Centipede.

@elkentaro

Aadvark

Bio

Aadvark has a personal connection with his wifi adaptors, he names every single one of them and refers to them as humans.

@aadvark

Darkmatter

Bio

Darkmatter has a very mobile capturing rig known as the #wifiCactus.

@Darkmatter

Wardrivers Anonymous

Abstract

For some us wardriving is a way of life, its what we do for fun and sometimes for work. Wardriving is seeing a resurgence in importance with all devices connecting to the network. Truly we are in a wardriving renaissance, we are seeing more and more devices and protocols being used. The tools we use have adopted to the changing landscape as well , no longer are we wardriving with 3 alfa cards to our laptop in our car, some of us have build wifi wardriving devices that fit in our pocket, some of us have build rigs that can capture all dem waves. This talk will be a panel discussion between panelists covering the wardriving scene of today. It will cover all aspects of wardriving from the why and how and anecdotal stories of wardriving in different situations. It will cover topics as “SDR: The ultimate tool? or the nuclear option?”,“How do you travel (internationally) with your wifi gear?” , “Isn’t wardriving wiretapping?” , “The bestest wifi adaptor eva” , “Do you even Wigle, bro?” and others. The talk aims to be a supportive dialogue for wardrivers.


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Saturday - 10:15-10:15


Title: WaterBot - Hackable Scientific Plant Bot

Speaker: BiaSciLab
About BiaSciLab:
BiaSciLab is an 11 yr old girl who loves hacking, science, technology, and learning. She is constantly inventing new things, researching interesting unexplored topics, teaching kids and adults electronics and programming. She was the youngest speaker ever at H.O.P.E. with her talk "Inspiring The Next Next Generation Of Hackers". When she's not working on talks, hacking, or inventing new things, she enjoys fencing, archery, singing and acting.
Abstract:
The WaterBot is designed to dispense liquid (water, plant food, MS Media) and report how much and when it was administered. Designed, engineered and programed by 11 yr. old BiaSciLab, the WaterBot is open source and scaleable.
Come see how you can hack it to help hack your plants!

Return to Index    -    Add to    -    ics Calendar file

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Friday - 13:30-13:59


Title: We Don't Need No Stinkin Badges

Speakers: Michael Schloh

Description:
No description available



Return to Index    -    Add to    -    ics Calendar file

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Saturday - 12:00-13:59


Title: We Program Our Stinkin Badges!

Speakers: Michael Schloh

Description:
No description available



Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Friday - 15:00-15:45


Weaponizing Unicode: Homographs Beyond IDNs

Friday at 15:00 in 101 Track, Flamingo
45 minutes | Demo, Tool

The Tarquin Senior Security Engineer, Amazon.com

Most people are familiar with homograph attacks due to phishing or other attack campaigns using Internationalized Domain Names with look-alike characters. But homograph attacks exist against wide variety of systems that have gotten far less attention. This talk discusses the use of homographs to attack machine learning systems, to submit malicious software patches, and to craft cryptographic canary traps and leak repudiation mechanisms. It then introduces a generalized defense strategy that should work against homograph attacks in any context.

The Tarquin
The Tarquin is a security engineer at Amazon.com. His security background is in browser development and application security. His hacking background is mainly in attempting to maximize the absurdity content of systems. He also studied philosophy, specializing in the Phenomenology of Technology and seeks to understand the ways in which our systems help the human brain lie to itself. His years as a dev have given him a bad habit of needling red teamers. His years in philosophy have given him a bad habit of switching sides in an argument seemingly at random.


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon B - Saturday - 14:30-18:30


Weapons Training for the Empire

Saturday, 1430-1830 in Icon B

Jeremy Johnson

Dive into the world of using the PowerShell Empire Remote Access Tool (RAT). The students will learn to use Empire. They will build command & control, evade some defensive controls, and other red team tips and tricks. Additionally, students will gain insight on how to build more complex infrastructure for Red Team operations, automate common tasks, and extract engagement data for reporting.

Prerequisites: Students should have exposure to the PowerShell Empire framework. We will be working with the latest version of this tool and its features. Students should have some understanding or experience with penetration testing, though it's not strictly necessary.

Materials: Laptop, Kali Linux VM and one or two Windows Virtual Machines. Lab configuration specifics for the course will be broadcast prior to the class.

Max students: 30

Registration: -CLASS FULL- https://www.eventbrite.com/e/weapons-training-for-the-empire-icon-b-tickets-47194311456
(Opens July 8, 2018 at 15:00 PDT)

Jeremy Johnson
bneg has been hacking in one way or another for the past twenty years. He worked in IT operations, development, databases, and network administration before finally escaping to his true calling in offensive security. He now finds immense joy breaking into hospitals, governments, utilities, and corporations. bneg is a contributor to the Empire project, and member of the BloodHound Slack group where he helps to answer questions and hunt bugs in Empire. When he's not making admins cry, he's running, climbing, skiing, or biking on some mountain somewhere year-round. He also volunteers with Mountain Rescue and has two kids. Clearly, he's figured out how to slow space-time.


Return to Index    -    Add to    -    ics Calendar file

 

PPV - Flamingo Lower Level - Valley Of Fire Rms - Friday - 11:00-11:45


Title:
Weed Hacking: A Pragmatic Primer For Home Grows

A general intro to Cannabis, with an eye towards setting up closet grows
Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Friday - 10:00-10:15


Title: WELCOME TO BHV!

Speaker: Staff

Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Saturday - 10:00-11:15


Title: WELCOME TO DAY 2 of BHV!

Speaker: Staff

Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Friday - 10:00-10:45


Welcome To DEF CON & Badge Maker Talk

Friday at 10:00 in Track 1
45 minutes | Demo

The Dark Tangent

The Dark Tangent


Return to Index    -    Add to    -    ics Calendar file

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Friday - 10:00-10:59


Title: Welcome to the BCOS Monero Village

Speakers: To be announced

Description:
No description available



Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Sunday - 10:00-10:15


Title: WELCOME TO THE LAST DAY OF BHV!

Speaker: Staff

Return to Index    -    Add to    -    ics Calendar file

 

WLV - Caesars Promenade Level - Milano BR 5,6 - Friday - 15:00-15:55


WEP and WPA Cracking 101

No description available


Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Sunday - 13:00-13:59


What Do You Want to be When You Grow Up?

Damon "ch3f" Small, Technical Director at NCC Group North America

Many industries have well-defined points of entry and well-understood education and training requirements. Information Security is not one of those industries. Successful infosec pros often have wildly diverse backgrounds so it is difficult to know which is the "correct" way to enter this field. As our industry has evolved and matured, what do organizations now look for in a candidate? What combination of skills, experience, and education will get you in your "dream job?" SPOILER - there are many predictors of success, and organizations have different priorities, so there is no single answer.

The speaker will describe his experiences as a 22-year veteran of IT and infosec, both from the perspective of working for internal support teams and as a client-facing consultant. In addition to direct observations, this presentation will include the perspectives of other infosec pros that currently work in various capacities in our industry. The goal is not to answer the question of how to successfully develop one's career, as such, but rather to continue the dialogue of what is important to us as we develop our future experts and leaders.

Damon Small (Twitter: @damonsmall) began his career studying music at Louisiana State University. Pursuing the changing job market, he took advantage of computer skills learned in the LSU recording studio to become a systems administrator in the mid 1990s. Over the past 18 years as a security professional he has supported infosec initiatives in the healthcare, defense, aerospace, and oil and gas industries. In addition to his Bachelor of Arts in Music, Small completed the Master of Science in Information Assurance degree from Norwich University in 2005. His role as Technical Director includes working closely with NCC Group consultants and clients in delivering complex security assessments that meet varied business requirements.


Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Saturday - 09:00-09:30


Title:
What happened behind the closed doors at MS

Dimitri
@DimitriNL

What happened behind the closed doors at MS

In the year 2000 several Microsoft sites have been hacked by a Dutch Hacker named Dimitri. Several subdomain servers, such as windowsupdate.microsoft.com, 128download.microsoft.com, events.microsoft.com and so on has been hacked. Not even once but twice in a short period of time. A secret meeting was planned by Microsoft with Dimitri. Why was it secretly? What actually happened behind the closed doors at MS? And why even after 18 years it is still a secret? This presentation includes some Mystery, Drama, Action & NSFW.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Sunday - 15:00-15:45


What the Fax!?

Sunday at 15:00 in Track 2
45 minutes | Demo, Tool, Exploit, Audience Participation

Yaniv Balmas Security Researcher, Check Point Software Technologies

Eyal Itkin Security Researcher, Check Point Software Technologies

Unless you've been living under a rock for the past 30 years or so, you probably know what a fax machine is. For decades, fax machines were used worldwide as the main way of electronic document delivery. But this happened in the 1980s. Humanity has since developed far more advanced ways to send digital content, and fax machines are all in the past, right? After all, they should now be nothing more than a glorified museum item. Who on earth is still using fax machines?

The answer, to our great horror, is EVERYONE. State authorities, banks, service providers and many others are still using fax machines, despite their debatable quality and almost non-existent security. In fact, using fax machines is often mandatory and considered a solid and trustworthy method of delivering information.

What the Fax?! We embarked on a journey with the singular goal of disrupting this insane state of affairs. We went to work, determined to show that the common fax machine could be compromised via mere access to its fully exposed and unprotected telephone line -- thus completely bypassing all perimeter security protections and shattering to pieces all modern-day security concepts.

Join us as we take you through the strange world of embedded operating systems, 30-year-old protocols, museum grade compression algorithms, weird extensions and undebuggable environments. See for yourself first-hand as we give a live demonstration of the first ever full fax exploitation, leading to complete control over the entire device as well as the network, using nothing but a standard telephone line.

This talk is intended to be the canary in the coal mine. The technology community cannot sit idly by while this ongoing madness is allowed to continue. The world must stop using FAX!

Yaniv Balmas
Yaniv Balmas is a software engineer and a seasoned professional in the security field. He wrote his very first piece of code in BASIC on the new Commodore-64 he got for his 8th birthday. As a teenager, he spent his time looking for ways to hack computer games and break BBS software. This soon led to diving into more serious programming, and ultimately, the security field where he has been ever since. Yaniv is currently leading the security research group at Check Point Software Technologies where he deals mainly with analyzing malware and vulnerability research.

@ynvb

Eyal Itkin
Eyal Itkin is a vulnerability researcher in the Malware and Vulnerability Research group at Check Point Software Technologies. Eyal has an extensive background in security research, that includes years of experience in embedded network devices and protocols, bug bounties from all popular interpreter languages, and an award by Microsoft for his CFG enhancement white paper. When not breaking PTP or I2P, he loves bouldering, swimming, and thinking about the next target for his research.

@EyalItkin


Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Friday - 12:00-12:59


Title:
When Incident Response Meets Reality

Magg
@mysticalthng
When Incident Response Meets Reality

Incident Response is a topic that gets major marketing and educational time but what does it actually look like for an average company.

This talk is an overview of a real incident response at an average organization. Full of the mistakes and stumbling blocks and a few wins. What does it look like when you have an organization without genius technical resources or unlimited pockets.


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon C - Thursday - 10:00-13:59


Where's My Browser? Learn Hacking iOS and Android WebViews

Thursday, 1000-1400 in Icon C

David Turco Senior Security Consultant, Context Information Security

Jon Overgaard Christiansen Principal Security Consultant, Context Information Security

WebViews allow developers to embed HTML pages into mobile applications and their use is widespread, from merely displaying a simple help page to wrapping an entire website inside a mobile app. Developers now "control the browser" and things can go very wrong: a cross site scripting vulnerability can be catastrophic for a mobile application and result in the exfiltration of user's data stored on the device or in someone listening to user conversations. The "Where's My Browser?" vulnerable-by-design mobile applications for Android and iOS have been written by the presenter as a teaching tool for hacking WebViews. The workshop covers the attack surface of Android and iOS WebViews and presents techniques and tools for identifying and exploiting those vulnerabilities. Attendees will practice their skills against the "Where's My Browser?" mobile apps. The source code of the applications will help students in recognizing common coding mistakes.

Prerequisites: The workshop is aimed at an audience with an intermediate skill level. It is expected a basic knowledge of mobile and web application security testing (can you tell the difference between XSS and CSRF?) and a basic understanding of JavaScript and common programming concepts.

Materials: The best setup to cover all exercises is a Mac OS X laptop with Android Studio, Apple Xcode and Google Chrome installed. All exercises can be done using the Android and iOS simulators. A physical mobile device is not necessary. Alternatively a Linux or Windows laptop with Android Studio and Google Chrome installed plus an iPhone (preferably jailbroken) are sufficient. An Apple ID is required to deploy the iOS application to a physical device.

Max students: 66

Registration: -CLASS FULL- https://www.eventbrite.com/e/wheres-my-browser-learn-hacking-ios-and-android-webviews-icon-c-tickets-47086190062
(Opens July 8, 2018 at 15:00 PDT)

David Turco
David (endless) works as a Senior Security Consultant at Context Information Security. He started his professional career as a Linux administrator and then moved to information security about 5 years ago. He has a wide skill set but has developed a specific interest in web and mobile technologies. In the past he provided training on a variety of topics, including advanced web application training to developers and pentesters. Recently he's done some research work on XSLT injection attacks. He also developed BHFS, a write-only filesystem based on PGP.

Personal site: https://www.authenticationfailure.com/

Jon Overgaard Christiansen
Jon is a Principal Security Consultant at Context Information Security. After working as an enterprise dev for a few years he moved into security, spending the last 7 years breaking code instead of writing it. Mobile security has been a key topic for him since back when there was still something called the Windows Phone and he has delivered training on this topic, and others like web app hacking and scripting attacks, over the last 5 years. Most of his time these days are spent on random red teams or reverse engineer mobile applications, but other interests do include the writing of rootkits and remote access tools... just for fun... as well as the occasional dabble in game design!


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 4 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 12:00-13:50


WHID Injector: Hot To Bring HID Attacks to the Next Level

Saturday 08/11/18 from 1200-1350 at Table Four
Red Teams, Blue Teams and Hardware Hackers.

Luca Bongiorni

Nowadays, security threats and cyber-attacks against ICS assets, became a topic of public interest worldwide. Within this demo, will be presented how HID attacks can still be used by threat actors to compromise industrial air-gapped environments. WHID Injector was born from the need for a cheap and dedicated hardware that could be remotely controlled in order to conduct HID attacks. WHID's core is mainly an Atmega 32u4 (commonly used in many Arduino boards) and an ESP-12s (which provides the WiFi capabilities and is commonly used in IoT projects). Nontheless, during the last months, a new hardware was under R&D (i.e. WHID-Elite). It replaces the Wi-Fi capabilities with a 2G baseband, which gives unlimited operational range.

This cute piece of hardware is perfect to be concealed into USB gadgets and used during engagements to get remote shell over an air-gapped environment. In practice, is the "wet dream" of any ICS Red Teamer out there.

During the demo we will see in depth how WHID and WHID-Elite were designed and their functionalities. We will also look at which tools and techniques Blue Teams can use to detect and mitigate this kind of attacks.

https://github.com/whid-injector/WHID

Luca Bongiorni
Luca is working as Principal Offensive Security Specialist and also actively involved in InfoSec where the main fields of research are: Radio Networks, Reverse Engineering, Hardware Hacking, Antani, Internet of Things and Physical Security. Since 2012 is keeping a closer eye on FSB operations in Baltics, while trying to avoid being poisoned with Polonium or Nervin GAS. His favorite hobbies are Pasta, Grappa and ARP-Spoofing.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Saturday - 16:05-16:35


WhiteRabbit: Combining Threat Intelligence Public Blockchain Data and Machine Learning to go Down the “Dirty Money Rabbit Hole” - Olivia Thet and Nicolas Kseib

In this presentation, we will demonstrate how to build a machine learning model that uses a merged dataset combining cyber related contextual information with Bitcoin (BTC) transaction data. The model can be used by both private and public sectors security professionals, working in the cryptocurrency field, to deny business for certain BTC addresses or, build legal cases to return illegally stolen coins.

To build the dataset, we collected a list of BTC addresses involved in illegal activities. Using these addresses as a starting point, we navigated along the chain, and reconstructructed a cluster of connected “dirty” addresses. We used rules such as First-In-First-Out (FIFO) to label them. These labeling techniques can be used to tag certain BTC addresses that fall within this path as “dirty” addresses because they handled money acquired through illegal activities. We can then take this a step further and analyze the characteristic behavioral elements of these addresses. This behavioral analysis will allow us to determine the features representing this malicious behavior and use them within a machine learning model classifying new BTC addresses.

Our model-building approach is based on a three part framework: The first part is to collect a set of BTC addresses and classify them as “clean” or “dirty” to use them as our ground truth. The second part is to test the classification models using this dataset and propose decision metrics to optimally pick a model. In this part, we will also discuss ideas about how to compute expensive, but important features obtained from transaction data. In the third part, we will show how to use the obtained optimal model to predict if an address is “dirty”. Finally, we will discuss our challenges when solving this problem and propose solutions to overcome them.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Friday - 12:00-12:45


Who Controls the Controllers—Hacking Crestron IoT Automation Systems

Friday at 12:00 in Track 3
45 minutes | Demo, Exploit

Ricky "HeadlessZeke" Lawshae Security Researcher, Trend Micro

While you may not always be aware of them or even have heard of them, Crestron devices are everywhere. They can be found in universities, modern office buildings, sports arenas, and even high-end Las Vegas hotel rooms. If an environment has a lot of audio/video infrastructure, needs to interconnect or automate different IoT and building systems, or just wants the shades to close when the TV is turned on, chances are high that a Crestron device is controlling things from behind the scenes. And as these types of environments become the norm and grow ever more complex, the number of systems that Crestron devices are connected to grows as well. But it is in large part because of this complexity that installing and programming these devices is difficult enough without considering adding security. Instead of being a necessity, it's an extra headache that almost always gets entirely passed over. In this talk, I will take a look at different Crestron devices from a security perspective and discuss the many vulnerabilities and opportunities for fun to be found within. I will demonstrate both documented and undocumented features that can be used to achieve full system compromise and show the need to make securing these systems a priority, instead of an afterthought, in every deployment. In short, hijinx will ensue.

Ricky "HeadlessZeke" Lawshae
Ricky "HeadlessZeke" Lawshae is an offensive security researcher for the Advanced Security Research team at Trend Micro. He spends his days breaking interesting things in interesting ways with his focus mainly centered on IoT research. His work has been featured in Forbes, Wired, Ars Technica, Hackaday, and more. He tries his best to be responsible with the vulnerabilities he finds, but despite that his work has also been featured in the likes of Satori, BrickerBot, and JenX. This will be his fourth time speaking at DEF CON, and he has also spoken at Recon, Ruxcon, Insomnihack, and many more. He spends his off-hours reading (mostly comics), drinking (mostly dark beers), and gaming (mostly PS4).

@HeadlessZeke


Return to Index    -    Add to    -    ics Calendar file

 

Contest - Contest Stage - Friday - 20:00-21:59


Title:
Whose Slide is it Anyway?

'Whose Slide Is It Anyway?' is an unholy union of improv comedy, hacking and slide deck sado-masochism.

Our team of slide monkeys will create a stupid amount of short slide decks on whatever nonsense tickles our abnormal fancies. Slides are not exclusive to technology, they can and will be about anything. Contestants will take the stage and choose a random number corresponding to a specific slide deck. They will then improvise a minimum 5 minute / maximum 10 minute lightning talk, becoming instant subject matter experts on whatever topic/stream of consciousness appears on the screen.

What you playing for? Awesome prize packs from our generous sponsors Red Canary, TrustedSec, Binary Defense, Toool, Dragos, CoreGroup and more! Players are chosen on a first come, first served basis so get there early.

Whether you delight in the chaos of watching your fellow hackers squirm or would like to sacrifice yourself to the Contest Gods, its a night of schadenfreude for the whole family.

More Info: @ImprovHacker, https://www.ImprovHacker.com

Return to Index    -    Add to    -    ics Calendar file

 

HHV - Caesars Pool Level - Forum 17-21 - Saturday - 17:00-17:20


WiFi Beacons will give you up

John Aho

Abstract

A quick and dirty intro to making wifi beacons with esp8266 modules. A new small tool to help you generate your own beacon and unveiling of a fun multi-beacon setup.

Bio

John is a programmer who makes gloriously useless things and occasionally useful ones by accident.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Sunday - 10:50-11:20


Winning a SANS 504 CTF without winning a SANS CTF - Wbbigdave

When a security professional who is running a SANS training course challenges you to ‘Socially engineer the answer to the CTF’ out of him, you have a choice: choose something to make him laugh and garner clues to aid you in owning the network and walking away with a CTF coin, or, take it as a personal challenge and a call to own your instructor. Against better judgement, the advice of his peers (‘you shouldn’t attack a SANS instructor’) and with the threat of an ex Navy Seal above him, wbbigdave took the second path.

Learn how good reconnaissance, modern technology which is billed as an aid to connectivity and convenience, can be used to fully draw even then most switched on and vigilant of security professionals down the rabbit hole. Including but not limited to Facebook and Google who lost significant sums of money to similar techniques. Learn how to walk away with a challenge coin without winning the CTF.


Lightening Talks


Return to Index    -    Add to    -    ics Calendar file

 

Demolabs - Table 1 - Caesars Promenade Emperor's Level - Outside Track 1 - Saturday - 16:00-17:50


WiPi-Hunter—It Strikes against Illegal Wireless Network Activities (Detect and active response)

Saturday 08/11/18 from 1600-1750 at Table One
Offense, Defense

Besim Altinok

Mehmet Kutlay Kocer

M.Can KURNAZ

WiPi Hunter is developed for detecting illegal wireless network activities. But, it shouldn't be seen only as a piece of code. Instead, actually, it is a philosophy. You can infere from this project new wireless network illegal activity detection methods. New methods new ideas and different point of views can be obtained from this project.

Example: WiFi Pineapple attacks, Fruitywifi, mana-toolkit

WiPi-Hunter Modules:

PiSavar: Detects activities of PineAP module and starts deauthentication attack (for fake access points - WiFi Pineapple Activities Detection)

PiFinger: Searches for illegal wireless activities in networks you are connected and calculate wireless network security score (detect wifi pineapple and other fakeAPs)

PiDense: Monitor illegal wireless network activities. (Fake Access Points)

PiKarma: Detects wireless network attacks performed by KARMA module (fake AP). Starts deauthentication attack (for fake access points)

PiNokyo: If threats like wifi pineapple attacks or karma attacks are active around, users will be informed about these threats.Like proxy (New)

https://github.com/WiPi-Hunter

Besim Altinok
Besim ALTINOK (@AltnokBesim) is a security enginner at BARIKAT Internet Security. He performs penetration tests on a wide area like web, network and mobile pentesting. His main interests are IoT Pentest and WiFi Security. He wrote a book about WiFi networks: "Wireless Network Security". Besim also member of Octosec and Canyoupwnme teams and he supports community thru that teams. Besim was speaker at Blackhat Europe 2017 Arsenal and Blackhat Asia 2018 Arsenal.

Mehmet Kutlay Kocer
Mehmet Kutlay KOCER (@kutlaykocer) was graduated from TOBB University of Economics and Technology B.S. Computer Engineering in 2016. His Senior Design Project was about VOIP systems in the name "SIP DDoS Attacks Detection and Prevention" with the cooperation of TOBB University and NETAS. Currently, he is working as a Penetration Tester in BARIKAT Internet Security for 2 years. He played a major role in conducting Barikat SOC in 2016. Finally Mehmet Kutlay KOCER spoke at Blackhat ASIA 2018 Arsenal

M.Can KURNAZ
M. Can Kurnaz (@0x43414e) is a penetration tester and currently works at European Network for Cyber Security in Netherlands.

He is conducting penetration tests over internet, internal networks, web-based applications and Operational Technology infrastructures such as smart meters, RTUs, data concentrators, telecontrol gateways, electric vehicle charging points and various ICS/SCADA systems and components, conducting robustness tests for OT devices and working on physical and wireless security assessments of IT/OT devices.

At the same time, he is also contributing as an instructor to "Red Team – Blue Team Training for Industrial Control Systems and Smart Grid Cyber Security" training of ENCS.


Return to Index    -    Add to    -    ics Calendar file

 

Meetup - Caesars - Palace Suites - Friday - 15:00-16:59


Title:
Women, Wisdom, & Wine @ DEF CON 26 by IOActive

IOActive is once again hosting our popular Women, Wisdom, & Wine event in Las Vegas during DEFCON 26 - a chance to escape from the conference, relax, share our experiences, and catch up. It's the perfect chance to see your security sector friends and acquaintances and meet new ones.

Food and wine (of course!) will be provided for your enjoyment. Please share this with other women who might be interested. Its a great way for all of our to expand our collective network.

**Based on feedback from last year's attendees, this event will be exclusively for women and non-binary individuals.**
More Info: https://www.eventbrite.com/e/women-wisdom-wine-def-con-26-tickets-47877418648

Return to Index    -    Add to    -    ics Calendar file

 

IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - Saturday - 13:15-13:59



Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Saturday - 11:00-11:30


wpa-sec: The Largest Online WPA Handshake Database

Alex Stanev, CTO of Information Services at JSC

Started as pet project in 2011, wpa-sec collects WPA handshake captures from all over the world. Contributors use client script to download handshakes and special crafted dictionaries to initiate attack against PSKs. With more than 115 GB captures from 240 000 submissions, collected samples represent invaluable source for wireless security research. This includes:

During the talk I will explain how wpa-sec works, provide statistics and a lot internals on optimization and how to use the database as OSINT source during pentests and red team actions.

wpa-sec is opensource project available at https://github.com/RealEnder/dwpa.

Live installation at https://wpa-sec.stanev.org.

Alex Stanev (Twitter: @RealEnderSec) started as a software developer in late 90s working on a wide range of projects - from specialized hardware drivers to large scale information systems for private and public sectors, including e-government services, elections management and smart cities. Going through virtually all mainstream enterprise platforms, Alex also took some time to explore various niche technologies and did a lot of low level stuff.

As a security consultant, Alex led penetration test audits in Europe, America and Africa for financial and government institutions.

Currently Alex serves as CTO in largest Bulgarian systems integrator Information Services JSC.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Friday - 13:30-13:50


You can run, but you can't hide. Reverse engineering using X-Ray.

Friday at 13:30 in 101 Track, Flamingo
20 minutes |

George Tarnovsky Engineer, Cisco Systems

Most of us have knowledge of PCB construction. In the past reversing someone's design was an easy task due to the simplicity of the PCB design. Now with BGA's( Ball Grid Array's), manufacturers using several plane layers cover the entire PCB design and obscuring the details of the PCB from view. Thru the use of X-Ray, we are able to reverse engineer virtually anything. Slides will be presented show several PCB designs and how easy it was to reverse engineer the PCB. Also presenting videos of live views and dynamic zoom; this will demonstrate the true power of the X-Ray and its ability to see sub-micron features within the PCB structure and devices while manipulating the PCB.

George Tarnovsky
George Tarnovsky has been working a Design Engineer since the 80's. His designs for industries such as: Industrial process control instrumentation, Visible light spectroscopy, Semiconductor FAB instrumentation, Smart card security & countermeasures, Automotive systems vulnerability. George holds several patents, has given papers at many internal conferences, and currently continues to expand FPGA designs vulnerability and hardening.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Saturday - 10:00-10:45


You may have paid more than you imagine—Replay Attacks on Ethereum Smart Contracts

Saturday at 10:00 in Track 3
45 minutes | Demo, Exploit

Zhenxuan Bai Freelance Security Researcher

Yuwei Zheng Senior Security Researcher, Unicorn Team, 360 Technology

Senhua Wang Freelance Security Researcher

Kunzhe Chai Leader of PegasusTeam at 360 Radio Security Research Department, 360 Technology

In this paper, a new replay attack based on Ethereum smart contracts is presented. In the token transfer, the risk of replay attack cannot be completely avoided when the sender's signatures are abused, which can bring the loss to users. And the reason is that the applying scope of the signatures is not properly designed in the smart contracts. To test and verify this loophole, we selected two similar smart contracts for our experiment, at the same time, we used our own accounts in these two contracts to carry out the experiment. Because the same signatures of the two contracts were used in the experiment, we got a double income from sender successfully. The experiment verified that the replay attack is really exist. Besides, the replay attack may exist in multiple smart contracts. We calculated the number of smart contracts with this loophole, as well as the corresponding transaction activities, which find some Ethereum smart contracts are risked for this loophole. According to the vulnerability of the contract signature, the risk level is calibrated and depicted. Furthermore, the replay attack pattern is extended to within contract, cross contract and cross chain, which provide the pertinence and well reference for protection. Finally, the countermeasures are proposed to fix this vulnerability.

Zhenxuan Bai
Zhenxuan Bai is a freelance Security Researcher interests in smart contract and blockchain, consultant of UnicornTeam. He is a co-researcher of the decryption blackberry project, which manage to decrypt Blackberry BBM, PIN message and BIS secure mail without keys.

Yuwei Zheng
Yuwei Zheng is a senior security researcher at Radio Security Department of 360 Technology, core member of UnicornTeam. He cracked the protocols of Blackberry BBM, PIN message, BIS secure mail, and successfully decrypted the messages without keys. He is currently focusing on the security research of cellular network, IoT system, and mobile baseband. He had presented his research works at top level security conferences like BlackHat, DEF CON, HITB etc.

Senhua Wang
Senhua Wang is a freelance Security Researcher interested in smart contract and blockchain, consultant of UnicornTeam

Kunzhe Chai
Leader of PegasusTeam at 360 Radio Security Research Department in 360 Technology. He focuses on wireless security, including attack-defense research. He is the person in charge of the attack and defense technology of Skyscan Wireless Intrusion and Prevention System, One of the authors of the well-known wireless security tool MDK4. He leads his team to share the research results at HITB, HITCON, Blackhat, China ISC etc.

twitter@swe3per


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Saturday - 12:00-12:45


You'd better secure your BLE devices or we'll kick your butts !

Saturday at 12:00 in Track 2
45 minutes | Demo, Tool, Exploit

Damien "virtualabs" Cauquil Head of Research & Development, Digital Security

Sniffing and attacking Bluetooth Low Energy devices has always been a real pain. Proprietary tools do the job but cannot be tuned to fit our offensive needs, while opensource tools work sometimes, but are not reliable and efficient. Even the recently released Man-in-the-Middle BLE attack tools have their limits, like their complexity and lack of features to analyze encrypted or short connections.

Furthermore, as vendors do not seem inclined to improve the security of their devices by following the best practices, we decided to create a tool to lower the ticket: BtleJack. BtleJack not only provides an affordable and reliable way to sniff and analyze Bluetooth Low Energy devices and their protocol stacks, but also implements a brand new attack dubbed "BtleJacking" that provides a way to take control of any already connected BLE device.

We will demonstrate how this attack works on various devices, how to protect them and avoid hijacking and of course release the source code of the tool.

Vendors, be warned: BLE hijacking is real and should be considered in your threat model.

Damien "virtualabs" Cauquil
Damien is a senior security researcher who joined Digital Security in 2015 as the head of research and development. He discovered how wireless protocols can be fun to hack and quickly developed BtleJuice, one of the first Bluetooth Low Energy MitM framework.

Damien presented at various security conferences including DEF CON, Hack In Paris, Chaos Communication Camp, Chaos Communication Congress, and a dozen times at Nuit du Hack, one of the oldest security conference.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Saturday - 10:00-10:45


You're just complaining because you're guilty: A DEF CON Guide to Adversarial Testing of Software Used In the Criminal Justice System

Saturday at 10:00 in Track 2
45 minutes | Demo

Dr. Jeanna N. Matthews: Associate Professor, Clarkson University and Fellow, Data and Society

Nathan Adams Systems Engineer, Forensic Bioinformatic Services

Jerome Greco Digital Forensics Staff Attorney, Legal Aid Society

Software is increasingly used to make huge decisions about people's lives and often these decisions are made with little transparency or accountability to individuals. If there is any place where transparency, third-party review, adversarial testing and true accountability is essential, it is the criminal justice system. Nevertheless, proprietary software is used throughout the system, and the trade secrets of software vendors are regularly deemed more important than the rights of the accused to understand and challenge decisions made by these complex systems. In this talk, we will lay out the map of software in this space from DNA testing to facial recognition to estimating the likelihood that someone will commit a future crime. We will detail the substantial hurdles that prevent oversight and stunning examples of real problems found when hard won third-party review is finally achieved. Finally, we will outline what you as a concerned citizen/hacker can do. Nathan Adams will demo his findings from reviewing NYC's FST source code, which was finally made public by a federal judge after years of the city's lab fighting disclosure or even review. Jerome Greco will provide his insight into the wider world of software used in the criminal justice system—from technology that law enforcement admits to using but expects the public to trust without question to technology that law enforcement denies when the evidence says otherwise. Jeanna Matthews will talk about the wider space of algorithmic accountability and transparency and why even open source software is not enough.

Dr. Jeanna N. Matthews:
Dr. Matthews is an associate professor of Computer Science at Clarkson University and a 2017-18 fellow at Data and Society. She is member of the Executive Committee of US-ACM, the U.S. Public Policy Committee of ACM and a founding co-chair of their subcommittee on algorithmic transparency and accountability. She was a speaker and DEF CON 23 and 24, both times on the topic of vulnerabilities in virtual networks. Her broader research interests include virtualization, cloud computing, computer security, computer networks and operating systems. Jeanna received her Ph.D. in Computer Science from the University of California at Berkeley and is an ACM Distinguished Speaker.

@jeanna_matthews

Nathan Adams
Nathan Adams works as a Systems Engineer in Ohio at the forensic DNA consulting firm Forensic Bioinformatic Services. He reviews DNA analyses performed in criminal cases in the US, the UK, and Australia. His focus includes DNA mixture interpretation, statistical weightings of evidence, probabilistic genotyping, and software development. When its disclosure was ordered by a federal judge in 2016, Nathan was part of the first team to independently examine FST, NYC's DNA mixture interpretation program. He helped identify and evaluate previously undisclosed behaviors of the software. Following the team's review and a motion filed by Yale's Media Freedom center and ProPublica, the judge recently ordered the release of the FST source code, which allowed open discourse for the first time since FST was brought online in 2011. He has a BS in Computer Science and is working on an MS in the same, both at Wright State University in Dayton, Ohio.

Jerome Greco
Jerome Greco is a public defender in the Digital Forensics Unit of the Legal Aid Society in New York City. Along with four analysts, he works with attorneys and investigators in all five boroughs on issues involving historical cell-site location information, cell phone extraction, electronic surveillance technology, social media, and hard drive analysis, among other fields. He is currently engaged in challenging the NYPD's use of cell-site simulators, facial recognition, and the execution of overbroad search warrants for electronic devices. Prior to his work with the Digital Forensics Unit, he was a trial attorney in the Legal Aid Society's Manhattan and Staten Island criminal defense offices. He graduated magna cum laude from New York Law School in 2011 and received his B.A. from Columbia University in 2008.

@JeromeDGreco


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Friday - 17:00-17:45


Your Bank's Digital Side Door

Friday at 17:00 in 101 Track, Flamingo
45 minutes | Demo, Tool

Steven Danneman Security Engineer, Security Innovation

Why does my bank's website require my MFA token but Quicken sync does not? How is using Quicken or any personal financial software different from using my bank's website? How are they communicating with my bank? These questions ran through my head when balancing the family checkbook every month.

Answering these questions led me to deeply explore the 20 year old Open Financial Exchange (OFX) protocol and the over 3000 North American banks that support it. They led me to the over 30 different implementations running in the wild and to a broad and inviting attack surface presented by these banks' digital side doors.

Now I'd like to guide you through how your Quicken, QuickBooks, Mint.com, or even GnuCash applications are gathering your checking account transactions, credit card purchases, stock portfolio, and tax documents. We'll watch them flow over the wire and learn about the jumble of software your bank's IT department deploys to provide them. We'll discuss how secure these systems are, that keep track of your money, and we'll send a few simple packets at several banks and count the number of security WTFs along the way.

Lastly, I'll demo and release a tool that fingerprints an OFX service, describes its capabilities, and assesses its security.

Steven Danneman
Steven Danneman is a Security Engineer at Security Innovation in Seattle, WA, making software more secure through targeted penetration testing. Previously, he lead the development team responsible for all authentication and identity management within the OneFS operating system. Steven is also a finance geek, who opens bank accounts as a hobby and loves a debate about the efficient-market hypothesis.

@sdanndev, https://www.linkedin.com/in/sdanneman/, sdann-dev.blogspot.com


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Friday - 16:00-16:45


Your Peripheral Has Planted Malware—An Exploit of NXP SOCs Vulnerability

Friday at 16:00 in Track 1
45 minutes | Demo, Exploit

Yuwei Zheng Senior Security Researcher, Unicorn Team, 360 Technology

Shaokun Cao Freelance Security Researcher

Yunding Jian Senior Security Researcher, Unicorn Team, 360 Technology

Mingchuang Qun Senior security researcher at the Radio Security Research Department of 360 Technology,

There are billions of ARM Cortex M based SOC being deployed in embedded systems. Most of these devices are Internet ready and definitely security is always the main concern. Vendors would always apply security measurements into the ARM Cortex M product for few major reasons: 1) People will not be able to copy and replicate the product; 2) License control for the hardware and software; 3) Prevent malicious code injection in to the firmware. Vendors normally rely on the security measurements built within the chip (unique ID number/signature) or security measurements built around the chip (secure boot).

In this talk, we will share the ARM Cortex M SOC vulnerability that we discovered and it will be two parts:

The first is security measurement build within the SOC and how we break it. We could gain control of changing the SOC unique ID and write the firmware or even turn the device into a trojan or bot.

The second is security measure built around the SOC and how we break the Secure Boot elements and write into the firmware.

Yuwei Zheng
Yuwei Zheng is a senior security researcher at Radio Security Department of 360 Technology, core member of UnicornTeam. He is the core researcher of decryption blackberry project, which manage to decrypt Blackberry BBM, PIN message, and BIS secure mail without keys. He is currently focusing on the security research of cellular network, IoT system, and mobile baseband. He had presented his research works at top level security conferences like BlackHat, DEF CON, HITB etc.

Shaokun Cao
Shaokun Cao is a freelance Security researcher, a consultant of UnicornTeam. He is currently focusing on the chip-level security issues, such as microcode, ROM, bootloader, and firmware.

Yunding Jian
Yunding Jian is the co-founder of UnicornTeam. He is the leader of RocTeam in the Radio Security Research Department of 360 Technology. He is the designer of all pervious SyScan360 Conference badges. He also made serial presentations on Blackhat USA, Blackhat Europe & Asia (Arsenal) ,HITB about his hardware security research and design experience.

Mingchuang Qun
Mingchuang Qin is a senior security researcher at the Radio Security Research Department of 360 Technology,the core developer of Skyscan Wireless Intrusion and Prevention System,specializing in IoT and wireless device security. With rich experience in embedded system development, he is proficient in with WiFi and Bluetooth protocol analysis and vulnerability discovery.


Return to Index    -    Add to    -    ics Calendar file

 

IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - Saturday - 11:15-11:59



Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Friday - 16:00-16:45


Your Voice is My Passport

Friday at 16:00 in Track 3
45 minutes | Demo, Exploit

_delta_zero Senior Data Scientist, Salesforce

Azeem Aqil Senior Security Software Engineer, Salesforce

Financial institutions, home automation products, and offices near universal cryptographic decoders have increasingly used voice fingerprinting as a method for authentication. Recent advances in machine learning and text-to-speech have shown that synthetic, high-quality audio of subjects can be generated using transcripted speech from the target. Are current techniques for audio generation enough to spoof voice authentication algorithms? We demonstrate, using freely available machine learning models and limited budget, that standard speaker recognition and voice authentication systems are indeed fooled by targeted text-to-speech attacks. We further show a method which reduces data required to perform such an attack, demonstrating that more people are at risk for voice impersonation than previously thought.

_delta_zero
_delta_zero performs machine learning on log data by day, and writes his dissertation on malware datasets by night. He was voted"most likely to create Skynet" by @alexcpsec, and he toys with offensive uses for machine learning in his free time. He has spoken at BlackHat USA, DEF CON, SecTor, BSidesLV/Charm, and the NIPS workshop on Machine Deception.

@_delta_zero

Azeem Aqil
Azeem Aqil is a security engineer at Salesforce. He works on building and maintaining the detection and response infrastructure that powers Salesforce security. Azeem is an academic turned hacker who has published and spoken at various academic security conferences.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Sunday - 14:00-14:45


Your Watch Can Watch You! Gear Up for the Broken Privilege Pitfalls in the Samsung Gear Smartwatch

Sunday at 14:00 in Track 1
45 minutes | Demo, Tool, Exploit

Dongsung Kim Graduate Student, Sungkyunkwan University

Hyoung-Kee Choi Professor, Sungkyunkwan University

You buy a brand-new smartwatch. You receive emails and send messages, right on your wrist. How convenient, this mighty power! But great power always comes with great responsibility. Smartwatches hold precious information just like smartphones, so do they actually fulfill their responsibilities?

In this talk, we will investigate if the Samsung Gear smartwatch series properly screens unauthorized access to user information. More specifically, we will focus on a communication channel between applications and system services, and how each internal Tizen OS components play the parts in access control.

Based on the analysis, we have developed a new simple tool to discover privilege violations in Tizen-based products. We will present an analysis on the Gear smartwatch which turns out to include a number of vulnerabilities in system services.

We will disclose several previously unknown exploits in this presentation. They enable an unprivileged application to take over the wireless services, the user’s email account, and more. Further discussions will center on the distribution of those exploits through a registered application in the market, and the causes of the vulnerabilities in detail.

Dongsung Kim
Dongsung Kim is a graduate student at Sungkyunkwan University, South Korea. After developing software as a profession for several years, his interests have shifted to Internet security. He participated in bug bounty programs like Jet, The New York Times, United Airlines, and at his own university. His research interests span from reverse engineering to web security.

@kid1ng

Hyoung-Kee Choi
Prof. Hyoung-Kee Choi received his Ph.D. in electrical and computer engineering from Georgia Institute of Technology in 2001. He is a professor at Sungkyunkwan University, South Korea. He joined Lancope in 2001 until his leave in 2004, where he guided and contributed to research in Internet security. His research interests span network security and vulnerability assessment.


Return to Index    -    Add to    -    ics Calendar file

DEF CON News


DEF CON 26 Torrents!

DEF CON torrent image

Ready to ingest some more DEF CON 26 media? Go ahead and unhinge your cyber-jaws and fire up our new torrent and magnet links. We’ve got the DEF CON 26 Original Soundtrack, the DEF CON 26 Presentations and the additional material from the Workshops.

Grab a link, guzzle the content and enjoy it at your leisure.

DEF CON 26 Music Soundtrack
magnet:?xt=urn:btih:beedc5c36e8ba3981edfc946fac8c84e304ece9f&dn=DEF%20CON%2026%20music&tr=https://tracker.defcon.org/announce

DEF CON 26 Presentations
magnet:?xt=urn:btih:aafec09a5fa1c9fe75d062a1a39c5fa030a83f39&dn=DEF%20CON%2026%20presentations&tr=https://tracker.infocon.org/announce

DEF CON 26 Workshops
magnet:?xt=urn:btih:1d78f8158a4a505fbfc25e62c390e50358026aa7&dn=DEF%20CON%2026%20workshops&tr=https://tracker.defcon.org/announce

The regular, non-magnetic links are under DEF CON 26 on media.defcon.org.

We now return you to your regularly scheduled programming.

DEF CON 26 CD!

DEF CON 26 album art image

Let’s set the mood, people. Head over to the DEF CON media server for the whole OST Soundtrack to DEF CON 26 in several delicious digital flavors for your downloading pleasure. If you’re BT inclined, there’s a torrent file in there too.

Here’s the stellar lineup of future favorite jams we’ve assembled for you.

Skittish & Bus - OTP
Dual Core - Apex Predator (featuring Tribe One)
T-4-2 - Digital Boyz
ISHI - Diamond Door (Left-Right Remix)
The TroubleShooters - This World
Haaj - Reactor Containment
FWLR & JELO - Even The Noble Shall Fall
MC Frontalot - Colonel, Panic!
MODERNS - Figuratives (DEF CON Edit)
Ascendant - Source Transmission
Mikal kHill - Mouser's Back
Icommitfelonies - Hashdump
Haaj - Gamma Rays

If you run through all of this and it’s still not Thursday morning, please continue pregaming with the DEF CON channel at SOMAFM. http://somafm.com/defcon/.

It’s almost here, luminous humans of the DEF CONiverse. Our reunion is at hand.

DEF CON 26 WiFi Reg is Live!

DEF CON 26 wifi registration image

The DEF CON 26 WiFi Reg page is live, with all the info you need to securely log in to the wireless network on the DEF CON conference areas.

Please read carefully - there's new cert information and there are pretty explicit instructions for your specific OS.

It's not a trap.

DEF CON 26 ATTENDEE REPORTED INCIDENT POLICY

DEF CON 26 goon image

As a followup to my last post we realized that if we were hoping people would emulate our policies at other conferences we may as well release our attendee incident reporting policy as well. The version given to all the DEF CON Goons is the same as below but also includes confidential reporting phone numbers.

ATTENDEE REPORTED INCIDENT POLICY

DEF CON does not tolerate harassment of any kind, be it racial, sexual, physical, political, intellectual, or emotional. Every Goon shall take each report by an attendee seriously, and not dismiss any of them. Never turn an attendee away. It is not a Goon’s duty to judge anything that an attendee says, regardless of opinions of the attendee, the person they’re reporting, or the reported issue itself.

Reported/Observed Harassment or Assault
When an attendee reports harassment or assault to any Goon follow this procedure:

1. Get a second Goon to be with you to listen to the report.
2. Have one goon contact a SOC goon via the SOC Contact Procedures
3. Make a warm hand off with the attendee to the SOC Department.
4. Let the SOC conduct their investigation and handle the incident from there.
5. Be available to answer any questions from the SOC or venue security.

Interaction with Social and Traditional Media
DO NOT SHARE photos or videos. Please let the responding SOC GOONS know if you have any video or pictures, they may end up being evidence, but out of context could cause problems.

During or after an incident, you may be asked to comment on the situation. DO NOT make any comments to reporters, and do not post about the incident on social media. As a Goon, the media will treat anything you say as an official statement from DEF CON. Commenting prematurely before we understand the situation could cause more confusion or reveal identities that should remain confidential so please refrain from speculating and work with SOC / PRESS to help them understand what happened.

Refer all media inquiries to the DEF CON Press Department (press@defcon.org or send them to the press room)

DEF CON 26 Support Resources!

DEF CON 26 hotline image

In my last post about the DEF CON Code of Conduct, I mentioned that I wanted to make sure that the community had all the tools necessary to get involved and report problems when they arise.

In this post, my last before the con, I'll talk about some of the new efforts we are deploying for DEF CON 26. It will be our first year for some of these, so we are looking for feedback. You will notice a theme of transparency, appropriate given the theme of this year's con!

NEW WAYS TO REPORT ISSUES: The DEF CON Support Hotline

You can reach DEF CON staff during normal hours of operation (8am to 4am) to anonymously report any behavior violating our code of conduct or to find an empathic ear by calling +1 (725) 867-7255. Trained community volunteers will be standing by to help any attendees.

You can still report issues by going to any Info Booth or talking to any SOC Goon, but sometimes you may not want to be walking around in person with a problem, and so this year we have added a phone option.

NEW SUPPORT RESOURCES:

We are collaborating with several organizations including Kick at Darkness, The Rape Crisis Center Las Vegas, and the Nevada Coalition to End Domestic and Sexual Violence to provide expert resources for survivors, including dedicated support for LGBTQ+. When you call the Hotline you will reach DEF CON community Goons trained to help in these areas.

NEW WAYS TO IDENTIFY GOONS:

In the past there has been some confusion by attendees with what Goon they were actually talking with.

New for DEF CON 26 Goons should all have visible patches with their nickname on them so it is easier to remember who you talk to about what. The name patches should be attached to the front of the Goon's lanyards and be more visible than the back of a shirt that might be covered by a backpack.

Please use the name on the patch if you have any feedback on Goons, good or bad. Feedback can be sent to feedback@defcon.org, written and dropped off at registration, or if serious enough called into the Hotline.

MORE DETAILED TRANSPARENCY REPORT:

Based on the positive community response to our closing ceremony transparency report, we plan to do this every year and hope other conferences do as well.

As people get comfortable reporting issues I expect the numbers to increase, and only by facing these issues head on can we hope to prevent them. It requires courage to speak truth to power, or to report something that is unpleasant in your community, but together we can make things better.

See everyone soon!

The Dark Tangent

DEF CON 26 Hacker Tracker!

DEF CON 26 hacker tracker image
A must have for your burner phone - the DEF CON Hacker Tracker puts all the talks, contests, events and parties all in one easy-to-navigate package. It’s available in both android and Apple flavors and it’s free.

Media Treats for DEF CON 26!

DEF CON 26 video image

Less than 2 weeks to DEF CON 26 - how about a little treat to get you in the mood? Head over to the DEF CON Media Server for a sweet video and a single from DEF CON favorites Skittish and Bus, straight from the DC26 Soundtrack.

Get hyped, fam. We're in the home stretch.

DEF CON Code of Conduct

DEF CON Policy image

When I designed the updated DEF CON Code of Conduct in 2015, I had a few goals in mind. Make it simple to understand, express in broad strokes what kind of behavior is not acceptable, and don't be too specific.

I wanted it to act as a template for other conferences, if they chose to do so. It was legally reviewed by our outside law firm and a specialist. In 2018, it's looking like it may get seriously crash tested.

The Code of Conduct assumes people are acting in good faith and not creating intentionally elaborate, dishonest or disingenuous claims of harm. "Ah ha! This is where the bad actors will attack the CoC" you may be thinking.

As a conference of hackers, our CoC is intentionally flexible: like a spoon in the matrix. We describe generally what is not acceptable as opposed to trying to enumerate 42 different bad behaviors.

Besides the CoC, DEF CON has several structural factors that are to our advantage when dealing with people intent on disruption. This is not our first conference, and as such we have a department dedicated to dealing with this problem. We have also had time to plan with hotel and casino security should we need their involvement. We take this issue very seriously and choose to err on the side of removing people, rather than allow them to spoil the conference for those who just want to contribute in a positive way.

Finally, I have always said that DEF CON is what you make of it. I want to make sure our community has all the tools necessary to identify and report unacceptable behavior. Together, we will have all the pieces in place to act quickly and professionally, no matter what the issue is.

The Dark Tangent

Party at DEF CON 26!

DEF CON Parties image

Many people love parties. Facts.

If you are one of those party-loving people, this update will fill up your smile tank. The Parties and Meetups Page is LIVE! Use it to learn all about the DC 26 party/meetup scene. Then, when the time is right, party with other partiers. Or meet up with people who share your interests.

Go get your life. It's all the best.

Friends of Bill W at DEF CON 26

DEF CON cFriends of Bill W. image

For all those Friends of Bill W. looking for a meeting, or just a quiet moment to regroup from the Vegas of it all, we have you covered. There are meetings throughout DEF CON - Noon and five pm Thursday through Saturday and Noon on Sunday. The location is the same as last year, in Office 4 Behind the DEF CON Info Booth.

Stop by and refresh yourself. We'll be here.

Contests and Events at DEF CON 26 posted!

DEF CON contests and events image

Now that you’ve had a whole day to absorb the epic Village list, we’ve got some more goodies for you. The Contests and Events page is now LIVE, and it’s also quite a bit to take in. Ranging from the straightforward elegance of the Tin Foil Hat Challenge to the complexity of an Industrial Control Systems CTF competition, there’s contests here for just about any hacker discipline, and every level of skill or experience. Contests are also a great way for the shyer among us to beat the icebreaker blues and get right into some fun with a bunch of likeminded strangers.

The more extroverted attendees can still opt for a Charity Mohawk or the cringetastic glory of Hacker Karaoke.

Block off a little time for pre-con recon and make a plan to make sure you get to sample widely from the smorgasbord of C&E offerings.

Our reunion draws ever closer, fam. Get amped.

So Many Villages!

DEF CON villages image

DEF CON 26 is less than a month away, and the DC26 Villages page is live and ready for your attention! Bring a snack, though - there’s a lot of villages this year. Twenty-eight (28!) villages, covering a pretty staggering array content.

Internet of Things
Crypto and Privacy
Wireless
Biohacking
R00tz Asylum
Hardware Hacking
Lockpicking
Social Engineering
Tamper Evident
Data Duplication
DEAF CON
Voting Machine Hacking
Recon
AI
Soldering Skills
DroneWarz
VX (Chip-Off)
Mobile Museum of Vintage Technology
Ethics
Laser Cutting
Cannabis
CAAD (Competition on Adversarial Attacks and Defenses)
Blue Team
Car Hacking
Packet Hacking
Industrial Control Systems
Skytalks
Monero/BCOS


Chances are there’s a few things in that list you want to level up on.

As always, the Villages are generated by the interest and effort of DEF CON Community members looking to share their interests and obsessions with you. Come through and show them some love and learn something new. If your obsession isn’t represented, maybe it’s time to write up a proposal for DEF CON 27!

Demo Labs for DEF CON 26 Posted!

DEF CON demolabs image

More DEF CON 26 goodies for your perusal – Demo Labs are Live! You should take a moment to check out the lineup, and set aside some time to visit when you’re at the Con. In addition to being a cool way to see what your fellow hackers are working on, it’s an opportunity to offer your expertise, meet potential collaborators and help push the community forward.

Demo Labs are interactive, so, you know, interact.

Just over a month, people!

DEF CON 26 Workshops!

DEF CON Speaker List image

Another milestone on the Road to DEF CON 26! The workshops page is live on the DEF CON site. Registration is still a ways off - July 8, to be precise, but now is the perfect time to get yourself familiar with the offerings. The spots traditionally fill up pretty quick, so be ready to claim your seat when the light turns green next month, maybe even consider a few backups.

It’s officially summertime in our host hemisphere - the season of DEF CON has begun!

The Entire lineup of DEF CON 26 Talks is Live!

DEF CON Speaker List image

DEF CON family, the time of our reunion approaches. In just a few days, summer arrives in the Northern Hemisphere. The pages of the calendar turn, ever closer to August. Today comes the surest sign - the DEF CON 26 speaker list is live on DEFCON.org.

The wait is over - dig into the list to start your conference planning! We’re proud of the lineup we’ve created this year, and we think whatever your particular itch you’ll find some talks and panels that scratch it for you.

We’d also like to take a moment to thank the undersung heroes of the Selection Committee. They devote crazy amounts of time and energy to working through hundreds and hundreds of proposals to make sure the best ones make it to the top of the pile. They work hard, they make us great and they deserve your appreciation.

It’s almost here, hacker fam. Can you feel it?

DEF CON 26 Link Roundup!

DEF CON 26 link roundup image

The Recon Village is hosting a hackathon at DEF CON 26! If you like the idea of working on an OSINT/Recon tool with fun strangers and copious energy drink consumption, get your info/signup on at the link.

Friendly reminder that the Data Duplication Village has a CFP that's open until June 15th. Which is super soon, so if you're looking to speak there we suggest haste and focus.

The Social Engineering Village has its speaker schedule posted already! The season of the Con is most assuredly on. Check out who's gonna be dropping science on the hacking of humans, and make your plans accordingly.

For those of you who like a little 'pew-pew-pew' in your Vegas adventures, good news! The DEF CON shoot returns for DC26 - and registration is open. You can get the rules, schedule and location over at deviating.net.

Stay tuned as DEF CON 26 continues to coalesce.

DEF CON 26 Entertainment Announcement: Juno Reactor!

DEF CON 26 Juno Reactor image

DEF CON believes in balance. For all the forebrain overstimulation we provide by day, we provide an antidote at night - a carefully curated beat menu to work out your funky lizard underbrain.

To that end, we are so proud to announce that some of those healing beats will be provided to you by the mighty, mighty Juno Reactor! You know Juno (government name: Ben Watkins) from decades of sonic bad-assery that includes the high-energy proto-trance of his debut ‘Transmissions’, the beat science of 2004’s ‘Labyrinth' and wildly cinematic soundscapes that adorn projects like ‘The Matrix Trilogy’, ‘2017 Gran Tourismo’ and ‘Drive’.

This performance will be hot on the heels of the June release of ‘The Mutant Theater’ - expect serious rhythm and highly interactive stage show that’s been described as ‘Labyrinth meets Barbarella’.

Check out Juno Reactor’s work. Get excited. This is gonna be special.

DEF CON 26 CTF Quals Write Ups!

DEF CON 26 CTF Update image

Now that the DEF CON 26 CTF Quals are complete, here's a roundup of some of the first challenge write-ups to appear in the wild. Please read them, learn from them, and share them. If you don't participate in the CTF yet, let them inspire you to throw your hat into the ring.

"It's a Me" Challenge:
https://raywang.tech/2018/05/14/DEF-CON-Quals-2018-It-s-a-Me/

iPwn Kit:
https://gist.github.com/ChiChou/e3a50f00853b2fbfb1debad46e501121
https://gist.github.com/saelo/0a85f22c8a02f3a314661edd715900d3

Mario and Racewars:
https://github.com/toomanybananas/ctf_solutions/tree/master/defcon/2018

PoW as a Service:
https://github.com/kpcyrd/defcon26-pow

sbva:
https://github.com/…/20…/DEF_CON_Quals_2018/sbva/sbva_web.md

Signature Dishes:
https://hackmd.io/s/B1An6UL0M

smcauth:
https://blog.vero.site/post/shellql

DEF CON 26 Homework: Critical Thinking Edition!

DEF CON you are being lied to image DEF CON undercover economist image DEF CON public opinion image

More Reading Homework for DEF CON 26!

Another way to keep dystopia at bay: question everything. Widen your information funnel. Examine the framing. Check your sources.

In the spirit of DEF CON 26’s theme “1983: The View from Dystopia’s Edge”, we offer some homework reading with a focus on critical thinking.

First up, the delightful “You are Being Lied To”. It’s compiled by the redoubtable Russ Kick of the legendary first version of disinfo.com, and it’s a sage, provocative collection of bite-size think pieces from all over the cognitive map. The only through line is that many of your assumptions are garbage. Start anywhere, and let it shift your paradigm.

https://archive.org/details/media_You_Are_Being_Lied_To

“The Undercover Economist” is Tim Harford’s wry take on the basics of economic theory, with a special emphasis on the strange and counterintuitive ways the tangled forces of the economy affect your daily reality.

The final assignment for today is Walter Lippmann’s ‘Public Opinion’. Written almost a century ago, “Public Opinion” is an eerily incisive and prescient take on the way your opinions are crafted and slipped into your head while your attention is elsewhere. Less dated than you think, and packed with meaty insights for the ‘post-truth’ era. Prepare to question how (and why) you know everything you think you know.

http://www.gutenberg.org/ebooks/6456

Happy reading! Stay tuned for more assignments in the coming days.

Roundup of DEF CON Updates!

DEF CON CTF image

Early bird reg for DEF CON China [beta] has now closed. Online reg remains open for those who prefer it, but please be aware that the standard DEF CON method of paying at the door works just fine.

The passing of one major deadline doesn’t mean you have no reason to stay up all night sweating over a presentation idea. Many of the DEF CON 26 open calls closed May 1, but there are still  villages and events still wide  open for submissions. For example:

The brand-new Ethics Village (ethicsvillage.org) is accepting talk submissions until June 22.

Car Hacking Village (carhackingvillage.com) is still open.

Hardware hacking village is looking for talks, art and demos. Check their forum thread for more info.

Crypto and Privacy Village is open until June 15 (Cryptovillage.org)

AI Village CFP closes June 15 (https://goo.gl/forms/g50hhGITiOWEbo002)

Follow @defcon for village announcements as we get them!

Got a clever youngling you’re thinking of bringing along to DEF CON 26? Social Engineering Village has SE Capture the Flag contests for kids and teens - Find all the details at social-engineer.com!

New Soldering Skills Village at DEF CON 26!

DEF CON ssv image

Announcing new for DEF CON 26, the Soldering Skills Village! The SSV will focus purely on soldering and making at DEF CON while the HHV will focus on bringing more hardware hacking resources than ever before!

The change-up is beneficial for everyone, it means both villages can get quiet and well-lit spaces. It also means the two volunteer groups can better support the DEF CON community in their own ways. Both villages will maintain an open share of knowledge and volunteers between them. The SSV and HHV will coexist at DEF CON and provide the most that they can to all DEF CON attendees!

Also: Got something you want to show off, teach, or blab on about? Let us know about it! Shoot an email to [email]l33tbunni@dchhv.org[/email] Now accepting submissions for demos, talks, art, anything hardware you want to show off!

More info at https://www.dchhv.org

Space Announcement for DEF CON 26!

DEF CON Flamingo image

DEF CON 26 is getting close and now is the time to let everyone in on some big changes we've got in store. We've accepted a record number of villages and are growing the number of workshops from last year. To hold all this goodness we are growing to include the Flamingo hotel.

TL/DR

- DEF CON has has accepted more villages than ever before and needs to grow.
- DEF CON is spreading to two hotels, Caesars Palace and the Flamingo.
- This lets us do more stuff + evening pool parties.

The PLAN:
For DEF CON 26 we will try something we have never done - Split the con between two hotels! No, not like Paris + Ballys, they are connected. I'm talking Caesars Palace and the Flamingo across the street.

"That's Crazy!" you say. "Why do we need that much space?" you say. Check this out: The number of villages will almost double from last year to about 25. Parties should increase. More contests are under development. DEF CON needs space to support all the awesome projects from the community and I'd really like to throw some pool parties. That is all now possible.

In the next month you will hear more specifics but I want to answer some questions here:

- How will the space be split? The Flamingo will hold some of the "destination" events to relieve pressure off of Caesars Palace. Current planning includes Workshops, DEF CON 101 track, some villages and contests, a chill out space, pool parties, and more once we finish planning.

- Will there be DC TV at the Flamingo? Yes DC TV will be in the Flamingo and as many other hotels as we can wire. A more definitive list soon, but we are building on what we did last year.

- If you ran a village or contest last year you should count on the same or more space you got last year. If you are running a first time event we will work to meet all of your needs. If you want even more space or a dedicated spot at the Flamingo we can work on making that happen.


Return to Index

DEF CON 26 FAQ


This FAQ was created to help answer some questions you may have about this years DEF CON. If you need more info or questions regarding DEF CON please check out the general DEF CON FAQ list. Available here: https://www.defcon.org/html/links/dc-faq/dc-faq.html


When and where is DEF CON 26?

DEF CON is generally in the last week of July or first week of August in Las Vegas. DEF CON 26 will be held August 9-12, 2018, at Caesars Palace in Las Vegas. Many people arrive a day early, and many stay a day later. Again this year we will have some things running on Thursday.


Is DEF CON 26 canceled?

No.


How much is admission?

$280.00 USD, Cash for all four days. Everyone pays the same: The government, the media, the ‘well known hackers’, the unknown script kiddies. The only discount is for Goons and speakers, who get to work without paying for the privilege. We only accept cash - no checks, no money orders, no travelers checks. We don't want to be a target of any State or Federal fishing expeditions.


Can I pre-register for DEF CON?

No.


How many people will be there?

Last year we had more than 22,000 people at DEF CON! The last few years, attendence has been in the 18-20k range.


How much do rooms at Caesars Palace cost, and how do I reserve a room?

The DEF CON rate is available at the following hotels: Caesars Palace, Paris, Bally's, Flamingo and Quad. Check out the DEF CON 26 Venue page for all the details!


I can't afford that.

Try the Ride and Room sharing threads on the Forums.

You may also want to visit your Local DEF CON Groups meeting and see who you might want to bunk up with. It's important to mention you should use good judgment when sharing a room and consider who is sleeping next to you and who has access to your belongings. That said, there are a lot of great people looking to save a buck or pinch a penny, good luck.


Can I get a discount on DEF CON badges?

DEF CON charges one price regardless of your social status or affiliation. Please know that we depend on attendee income to pay the costs of the conference and don't have sponsors to help defray the expenses.

We sometimes get requests for discounts [students, veterans, children], unfortunately we don't want to try and validate if you are a current student, look at your ID to determine your age, decode military discharge papers, etc.

If you really want to attend DEF CON for free then do something for the con.

You could:
Submit a CFP and be an accepted speaker or workshop instructor.
Work on a contest, event, or village.
Qualify for CTF/Contests that include entry.
Find a team to become a Goon newbie.
Contribute to content, or perform some entertainment.


I need a letter of invite for my visa application, how do I get that?

In most cases, DEF CON can send a signed letter of invite, usually within a few short business days once we have all the info. If you also require verification of housing, we can put you in touch with someone to help you get your hotel stay organized, let us know if you need that.

Along with your request, please email us the following to info(at)defcon(.)org

Name as is on passport:
Passport number:
Country of issue:
Date of issue:
Date of expiration:
Country of origin:


How much is internet access in the rooms of Caesars Palace?

We'll let you know soon. Internet access is available for free in the convention area.


Is there a free network at DEF CON?

Why yes, DEF CON is FULLY network-enabled. Now that we've perfected the art of a stable hacker con network, we're ascending to a higher level - we're providing you a network that you feel SAFE in using! Since DEF CON 18 we're WPA2 encrypted over-the-air, with a direct trunk out to the Internet. No peer-to-peer, no sniffing, just straight to the net (and internal servers). We'll provide login credentials at Registration. We know the 3G airwaves will be saturated so we're putting our own cred on the line to give you a net that even we would put our own mobile phones on.

If you're feeling frisky, we'll still have the traditional "open" network for you - bring your laptop (we'd recommend a clean OS, fully patched--you know the procedure) because we don't police what happens on that net. Share & enjoy!


What about the smoking policy?

Due to the Clean Air Act in Las Vegas, the Vendor Area, Speaking rooms, and Hallways will be completely non-smoking in order to comply with the law. The Hotel will have designated smoking areas clearly posted.


What is the age limit?

People have brought children to DEF CON - it is not recommended to do this unless you are going to constantly supervise them. It is generally an ‘adult’ atmosphere (language, booze, et cetera). If you've never been to DEF CON, you may want to refrain from bringing your children (unless they are demanding that you bring them). While there are no age limits, we have consistently cooperated with parents and/or private investigators who are looking for children that ‘ran away from home’ to go to DEF CON. You must be 18 years of age or older to reserve a hotel room and to check-in. A valid ID is required upon check-in. DEF CON 26 will have enforcement of the 21 or older rule in certain "private" parties with possible bouncers at the doors checking IDs. This is generally the rule in all areas where alcohol is being served. However, DEF CON does not take responsibility for anything potentially indecent or offensive your minor may witness or participate in. The underage attendee is the responsibility of his or her guardian or themselves.

The presentations are open to all ages. Observation of contests as they take place on the contest floor is open to all ages.

Competition in some contests may have age restrictions due to laws. There is plenty fun to be had without booze and gambling! There is a discussion regarding fun for those under 21 on the forums. https://forum.defcon.org/showthread.php?t=8232


I want to speak, how do I give a talk?

GREAT! We are looking for and give preference to: unique research, new tool releases, Ø-day attacks (with responsible disclosure), highly technical material, social commentaries, and ground breaking material of any kind. Want to screen a new hacking documentary or release research? Consider DEF CON. To submit a speech, read the Announcement and complete the DEF CON 26 Call for Papers Form: https://www.defcon.org/html/defcon-26/dc-26-cfp-form.html CFP forms and questions should get mailed to: talks/at/defcon.org


When does the CFP Close? Can I get an Extension?

DEF CON 26 Call For Papers will close on May 1, 2018.


How can I help or participate?

DEF CON is not a spectator sport! Before the con, during, and after there are chances for you to get involved. Below is a list of this years contests and events. This list may not be complete so check the forums to see what people are up to.

Go to the forums for more info on Contests and Events: https://forum.defcon.org/forum/defcon/dc26-parties-socialgatherings-events-contests


How do I become a Vendor?

If you want a space in our vendor area, you need read the FAQ and apply. Because of limited space and our attempt to have a diversity of vendors, you may not be able to get a booth. It is wise to think of staffing issues - if you are one person do you want to spend your entire time behind a vendors booth?


I'm press, how do I sign up, why can't I get in for free (I'm just doing my job)?

Please check out the DEF CON 26 Press Registration page if you wish press credentials. Lots of people come to DEF CON and are doing their job; security professionals, federal agents, and the press. It wouldn't be fair to DEF CON attendees if we exempted one group from paying. If you are a major network and plan on doing a two minute piece showing all the people with blue hair, you probably shouldn't bother applying for a press pass - you won't get one. If you are a security writer or from a real publication please submit, and someone will respond with an answer.


What should I bring to DEF CON?

It depends on what you're going to do at DEF CON. This is discussed in quite some depth on the unofficial DC FAQ, as well as a thread in the DC Forums. You may want to bring fancy (or outrageously silly) clothes for the Black and White Balls, annual Friday and Saturday night events where everyone shows off nifty attire. SWAG is Always recommended, people LOVE to trade! You never know when or where a t-shirt with your .org will come in handy. Government SWAG is a hot commodity, however, DT wishes to pillage those goods first! Its generally a good idea if you are a pale geek to have some sunscreen at the top of your list. Other honorable mentions are: Blister preventions, Band-aids, Gel shoe inserts, Personal cooling devices, Pain relievers and antacids, Bottle openers, Personal voice recorders, water filters, and last but not least an Alibi.


This FAQ didn't answer my questions, or was unclear, how can I get further information?

Please visit: https://www.defcon.org for previous conference archives, information, and speeches. Updated announcements will be posted to news groups, security mailing lists and this web site.

https://forum.defcon.org/ for a look at all the events and contests being planned for DEF CON 26. Join in on the action.

https://www.defcon.org/defconrss.xml for news and announcements surrounding DEF CON. Also check out our Twitter, Facebook, and G+ accounts for up to the minute news.


Return to Index

DEF CON FAQ


Frequently asked questions about DEF CON



What is DEF CON?

DEF CON is one of the oldest continuously running hacker conventions around, and also one of the largest.



How did DEF CON start?

Originally started in 1993, it was a meant to be a party for member of "Platinum Net", a Fido protocol based hacking network out of Canada. As the main U.S. hub I was helping the Platinum Net organizer (I forget his name) plan a closing party for all the member BBS systems and their users. He was going to shut down the network when his dad took a new job and had to move away. We talking about where we might hold it, when all of a sudden he left early and disappeared. I was just planning a party for a network that was shut down, except for my U.S. nodes. I decided what the hell, I'll invite the members of all the other networks my BBS (A Dark Tangent System) system was a part of including Cyber Crime International (CCI), Hit Net, Tired of Protection (ToP), and like 8 others I can't remember. Why not invite everyone on #hack? Good idea!



Where did the name come from?

The short answer is a combination of places. There as a SummerCon in the summer, a HoHoCon in the winter, a PumpCon during Halloween, etc. I didn't want any association with a time of year. If you are a Phreak, or just use your phone a lot you'll notes "DEF" is #3 on the phone. If you are into military lingo DEF CON is short for "Defense Condition." Now being a fan of the movie War Games I took note that the main character, David Lightman, lived in Seattle, as I do, and chose to nuke Las Vegas with W.O.P.R. when given the chance. Well I knew I was doing a con in Vegas, so it all just sort of worked out.

There are several resources that will give you an idea of what DEF CON is all about.

DEF CON Press: through the prism of the media
DEF CON Pics: visual evidence, thousands of pictures, some NSFW
DEF CON Groups: Local groups that meet
DEF CON Media archives: Speeches from DC 1 to the present, captured
Google: always a good research starting point
Just remember, DEF CON is what you make of it.



When and where is DEF CON?

DEF CON is generally in the last week of July or first week of August in Las Vegas. DEF CON 26 will be held August 9th through August 12th at Caesars Palace in Las Vegas. Many people arrive a day early, and many stay a day later.

New in 2018, we are doing a DEF CON [Beta] Event in Beijing, China May 11-13! Check out the Call for Papers!


Isn't there a DEF CON FAQ already?

Yes, an unofficial one. It's quite humorous, sometimes informative, and DEF CON takes no responsibility for its content. It can be found at http://defcon.stotan.org/faq/



What are the rules of DEF CON?

Physical violence is prohibited. We don't support illegal drug use. Minors should be accompanied by their parent(s) or guardian(s). Please refrain from doing anything that might jeopardize the conference or attendees such as lighting your hair on fire or throwing lit road flares in elevators. DEF CON Goons are there to answer your questions and keep everything moving. Hotel security is there to watch over their property. Each has a different mission, and it is wise to not anger the hotel people. Please be aware that if you engage in illegal activities there is a large contingency of feds that attend DEF CON. Talking about how you are going to bomb the RNC convention in front of an FBI agent is a Career Limiting Move!



Is DEF CON cancelled?

No.



What is there to do at DEF CON?

DEF CON is a unique experience for each con-goer. If you google around you'll find dozens of write-ups that will give you an idea of what people have experienced at DEF CON. Trust write-ups more than media articles about the con. Some people play capture the flag 24x7, while many people never touch a computer at DEF CON. Some people see every speech they can, while others miss all speeches. Other activities include contests, movie marathons, scavenger hunts, sleep deprivation, lock picking, warez trading, drunken parties, spot the fed contest, the official music events. Because DEF CON is what the attendees make of it, there are more events than even we are aware of. Half the fun is learning what happened at DEF CON after the fact!



I'm not a hacker, should I go to DEF CON?

Many people have different definitions of what is a ‘hacker’. I would recommend looking at previous years speeches, and write-ups from past attendees - this should give you a good idea if DEF CON is for you. This hacker FAQ might give you some insight into the matter as well. If you do not have any technical interests, DEF CON is probably not for you. Sure there is a lot of socializing you can do, but technology and hacking is the core of the con.



Do criminals go to DEF CON?

Yes. They also go to high school, college, work in your workplace, and the government. There are also lawyers, law enforcement agents, civil libertarians, cryptographers, and hackers in attendance. Ssshhh. Don't tell anyone.



What are Goons?

They are the staff at DEF CON. They have many roles including safety, speaker coordination, vendor room coordination, network operations, et cetera... Please try to be helpful to them if they make requests of you. If any goon tells you to move, please do so immediately as there may be safety issues they are attempting to address.



How can I help out or become a Goon?

The staff at DEF CON has grown organically. All positions have some degree of trust associated with them, so typically new goons are ‘inducted’ by friends of existing goons. There are many random points when goons need help and may ask people for help, generally for helping move stuff or other tasks that don't require high amounts of trust or unsupervised work. Just because you help out doesn't make you a goon. If you really want to be a goon, talk with one and see how much work they actually do (Hint: you may want to enjoy being at DEF CON, not working full-time at it). One year the network group got a new Goon when a networking engineer was needed, and he came to the rescue. The intent behind the goons is not to be elitist, but to have a network of trusted people who can help run the conference - please do not feel upset if you are not chosen to be a goon.



How can I help or participate?

DEF CON is not a spectator sport! Before the con, during, and after there are chances for you to get involved. Before the con you can read about the contests and maybe sign up for one like Capture the Flag. There are artwork contests for shirts and posters. You can practice your lock pick skills, or just get your laptop all locked down and ready to do battle. Organize your .mp3s. Check out the DEF CON Forums to see what other people are up to. If you want to create your own event, you can do that as well - you will not get official space or sanctions, but virtually every official event at DEF CON started out as an unofficial event.



I would love to see XYZ event, how do I make this happen?

Virtually all events at DEF CON were conceived by the attendees. The DEF CON forums are a great place for recruiting help for an event you want to put on, and making sure your efforts aren't being duplicated. If it doesn't require resources from DEF CON (space, namely) you generally don't have to ask anyone’s permission. Most events are unofficial until they've been going on for a couple of years. Please let us know if you have an idea for an event, we may help facilitate or promote it. Email [suggestions at DEF CON dot org] to keep us in the loop.



How can I speak at DEF CON?

You can submit a response to our CFP (call for papers). All entries are read and evaluated by a selection committee. We would love to have your submission. The call for papers usually opens in March and closes mid-May.



I'm press, how do I sign up, why can't I get in for free (I'm just doing my job)?

Please email press[at]defcon[d0t]org if you wish press credentials. Lots of people come to DEF CON and are doing their job; security professionals, federal agents, and the press. It wouldn't be fair to DEF CON attendees if we exempted one group from paying. If you are a major network and plan on doing a two minute piece showing all the people with blue hair, you probably shouldn't bother applying for a press pass - you won't get one. If you are a security writer or from a real publication please submit, and someone will respond with an answer.



I want to sell stuff, how do I do this?

If you want a space in our vendor area, you need to apply. Because of limited space and our attempt to have a diversity of vendors, you may not be able to get a booth. It is wise to think of staffing issues - if you are one person do you want to spend your entire time behind a vendors booth?



What are the different price rates?

Everyone pays the same: The government, the media, the ‘well known hackers’, the unknown script kiddies. The only discount is for Goons and speakers, who get to work without paying for the privilege.



How much is admission DEF CON, and do you take credit cards?

DEF CON 26 will cost $280 USD Cash for all four days. Do we take credit cards? Are you JOKING? No, we only accept cash - no checks, no money orders, no travelers checks. We don't want to be a target of any State or Federal fishing expeditions.



Can I pre-register for DEF CON?

No. We used to do this a long time ago, but found that managing the registration list, and preventing one 'Dr. Evil' from impersonating another 'Dr. Ev1l' too much of a hassle. Seeing how we would only take cash in the first place, and things becomes time consuming and easy to abuse. Cash at the door works every time.



Can I get a discount on DEF CON badges?

DEF CON charges one price regardless of your social status or affiliation. Please know that we depend on attendee income to pay the costs of the conference and don't have sponsors to help defray the expenses.

We sometimes get requests for discounts [students, veterans, children], unfortunately we don't want to try and validate if you are a current student, look at your ID to determine your age, decode military discharge papers, etc.

If you really want to attend DEF CON for free then do something for the con.

You could:
Submit a CFP and be an accepted speaker or workshop instructor.
Work on a contest, event, or village.
Qualify for CTF/Contests that include entry.
Find a team to become a Goon newbie.
Contribute to content, or perform some entertainment.


I need a letter of invite for my visa application, how do I get that?

In most cases, DEF CON can send a signed letter of invite, usually within a few short business days once we have all the info. If you also require verification of housing, we can put you in touch with someone to help you get your hotel stay organized, let us know if you need that.

Along with your request, please email us the following to info(at)defcon(.)org

Name as is on passport:
Passport number:
Country of issue:
Date of issue:
Date of expiration:
Country of origin:


DEF CON is too expensive, how can I afford it?

DEF CON is cheaper than many concerts, and certainly cheaper than many shows in Vegas. Many people have made an art and science out of coming to DEF CON very cheaply. Here are a couple of tips.

Travel: Buy airfare in advance, go Greyhound, Carpool, hitch-hike. (Note: this may be dangerous and/or illegal.)
Lodging: Share rooms - some people have up to 10 people they share a room with, find a hotel cheaper than the one that the conference is scheduled at, stay up for three days, etc. (note: this can be hazardous to your health.)
Food: Pack food for your trip, go off site to find food, eat in your hotel rooms, and look for cheap Vegas food at Casinos. (Look for deals and specials that are trying to get you in the door to gamble.) Booze: You don't need to drink. Brew your own and bring it. (It's been done.)
Entrance: $280 can be saved, mow some lawns. Try to go to another 3 day event for cheaper than this that offers so much. We have increased the fees slowly over the years, but also the amount and quality of events have increased.

Inevitably people will try to do some math and pretend that DT gets rich each DEF CON - they seem to lack the ability to subtract.



How many people typically attend DEF CON?

There have been roughly 18,000-22,000 attendees in the last few years of DEF CON. DEF CON 25 had a record showing with well over 23,000.



Is there a network at DEF CON?

Why yes, DEF CON is FULLY network-enabled. Now that we've perfected the art of a stable hacker con network, we're ascending to a higher level - we're providing you a network that you feel SAFE in using! Since DEF CON 18 we're WPA2 encrypted over-the-air, with a direct trunk out to the Internet. No peer-to-peer, no sniffing, just straight to the net (and internal servers). We'll provide login credentials at Registration. We know the LTE airwaves will be saturated so we're putting our own cred on the line to give you a net that even we would put our own mobile phones on.

If you're feeling frisky, we'll still have the traditional "open" network for you - bring your laptop (we'd recommend a clean OS, fully patched--you know the procedure) because we don't police what happens on that net. Share & enjoy!



What is the age limit?

People have brought children to DEF CON - it is not recommended to do this unless you are going to constantly supervise them. It is generally an ‘adult’ atmosphere (language, booze, et cetera). If you've never been to DEF CON, you may want to refrain from bringing your children (unless they are demanding that you bring them). While there are no age limits, we have consistently cooperated with parents and/or private investigators who are looking for children that ‘ran away from home’ to go to DEF CON. You will have to be 18 to reserve a room.



What is a DEF CON "Black Badge"?

The Black Badge is the highest award DEF CON gives to contest winners of certain events. CTF winners sometimes earn these, as well as Hacker Jeopardy winners. The contests that are awarded Black Badges vary from year to year, and a Black Badge allows free entrance to DEF CON for life, potentially a value of thousands of dollars.



How can I get a hold of DT? I tried to mail him and haven't seen a response yet.

DT doesn't dislike you, isn't trying to hurt your feelings, and bears you no ill will. The fact is he gets an unmanageable load of mail continually. Mailing him again may elicit a response. Try mailing FAQ (at) DEFCON.ORG if you have a general question that isn't answered here or in the forums.



Is it hot in Vegas?

Yes. Bring sunscreen (high SPF), do not fall asleep near the pool (lest you wake up to sunburn), and do not walk far in the sun unless you are experienced in dealing with extreme heat. The sun is dangerous in Las Vegas. Sleeping in lawn chairs is a sure way to wake up to severe burns in the morning when that bright yellow thing scorches your skin. Drink plenty of water and liquids - remember that alcohol will dehydrate you.



What should I bring?

It depends on what you're going to do at DEF CON. This is discussed in quite some depth on the unofficial DC FAQ, as well as a thread in the DC Forums. You may want to bring fancy (or outrageously silly) clothes for the official Music events, on Friday and Saturday nights, where everyone shows off nifty attire.



How much do rooms at Caesars Palace cost, and how do I reserve a room?

The DEF CON 26 group room registration is now live! We have room rates at six hotels, until they run out of rooms in our block.

You may either follow this link: https://resweb.passkey.com/go/SCDEF7

Do not worry if the form doesn't immediately show the discounted rate. To verify that you're getting our price you can mouse over the dates you've selected or begin the checkout process.


How much is internet access in the rooms of Caesars Palace?

We are looking into this. Free (and possibly more dangerous) internet access is available in the convention area.



Will Caesars Palace broadcast the speeches on their cable system?

More info as to the content will be available as planning ensues.



Will we have DEF CON branded poker chips?

You will have to attend DEF CON to find out.



Will conference attendees have entire floors of hotel rooms to themselves?

Probably not. The hotel is very cooperative in attempting to centralize the DEF CON attendees, for their convenience and ours, but there will be non-DEF CON attendees in hotel rooms next to us.



This FAQ didn't answer my questions, or was unclear, how can I get further information?

There is a forum discussion thread in which you can ask follow up questions.


Return to Index

Links to DEF CON 26 related pages


Links

DEF CON . org

Main DEFCON site
DEFCON 26
DEFCON 26 Planning Forums
DEFCON 26 [Official / Unofficial] [Parties / Social Gatherings / Events / Contests] Forums
DEFCON 26 FAQ
DEFCON      FAQ
DEFCON 26 Recent News
DEFCON 26 Schedule and Speakers pages
DEFCON 26 Villages
DEFCON 26 Vendors
DEFCON 26 Parties & Meetups
DEFCON 26 Contest & Events
DEFCON 26 DemoLabs Schedule
DEFCON 26 Workshops Schedule
DEFCON 26 Entertainment

Villages with talks

AI Village   -  T  @AIvillage_DC
BioHacking Village   -  T  @DC_BHV
BlockChain Open Security Village   -  T  @BCOSvillage
Blue Team Village   -  T  @BlueTeamVillage
Car Hacking Village   -  T  @CarHackVillage
Crypto and Privacy Village   -  T  @CryptoVillage
Data Duplication Village   -  T  @DDV_DC
Ethics Village   -  T  @EthicsVillage
Hardware Hacking Village   -  T  @DC_HHV
ICS Village   -  T  @ICS_Village
IoT Village   -  T  @ISEsecurity   -  T  @IOTvillage
Puff Hack Village   -  T  @puffhackvillage
Recon Village   -  T  @ReConVillage   -  FB  @ReConVillage
303 SkyTalks Home   -  T  @DCSkyTalks   -  FB  @DCSkyTalks
Social Engineering Village   -  T  @HumanHacker
Voting Machine Hacking Village   -  T  @VotingVillageDC
Packet Hacking Village/Wall of Sheep   -  T  @WallOfSheep   -  FB  @WallOfSheep
Wireless Village   -  T  @WiFi_Village

Villages without known talks

Badge Makers Community Area - part of the Hardware Hacking Village
CAAD Village   -  T  @GeekPwn
Deaf Con   -  T  @_DEAFCON_
Drone Warz VIllage   -  T  @Drone_Warz
Laser Cutting Village
DEFCON Law Village   -  T  @DefConLaw
Lockpick Village   -  T  @toool
Mobile Museum
Soldering Skills Village
Tamper Evident Village
VX Chip-Off Village   -  T  @vxresearch
Vet Con   -  T  @VetConActual

Other Interesting Links

The Diana Initiative - Celebrating diversity, women in InfoSec, and how to pursue a career in information security and technology
defconparties Google calendar
Chris Magistrado's Party list - Twitter Announcement
Blackhat, BSidesLV and DEF CON Parties 2018
List of unofficial DEF CON badges and SAOs
DEF CON Media Server thumbnails

Guides/Tips/FAQs

JK-47 - BSidesLV & DEFCON Conference Tips
Unofficial Defcon FAQvt4
DEF CON for N00bs [non-fiction]
Just another DEF CON guide
HACKER SUMMER CAMP 2018 GUIDE

calibre ebook managment