Talk/Event Schedule


Friday


This Schedule is tentative and may be changed at any time. Check at an Info Booth for the latest.

 

Friday - 06:00


Return to Index  -  Locations Legend
Meetup - corner of W Flamingo and Las Vegas Blvd underneath the circular temple structure - Defcon 26 4X5K run -
Meetup - Local Bikeshop - 8th Defcon Bike Ride -

 

Friday - 09:00


Return to Index  -  Locations Legend
SKY - Flamingo 3rd Flr - Virginia City Rm - Story Time - Biggest ITSec fuck-ups I've seen over the past 25 years. - Uncle G.

 

Friday - 10:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - Opening Remarks - AI Village Organizers
AIV - Caesars Promenade Level - Florentine BR 3 - (10:20-10:40) - Adversarial Patches - Sven Cattell
AIV - Caesars Promenade Level - Florentine BR 3 - (10:40-11:20) - Stop and Step Away from the Data: Rapid Anomaly Detection via Ransom Note File Classification - Mark Mager
BCOS - Caesars Promenade Level - Pompeian BR 1 - Welcome to the BCOS Monero Village - To be announced
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - WELCOME TO BHV! - Staff
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (10:15-11:30) - Keynote Presentation: Avoiding Trauma, Drama and FUD in Medical Device Disclosure - Jen Ellis
BTV - Flamingo 3rd Flr- Savoy Rm - Automating DFIR: The Counter Future - @rainbow_tables
BTV - Flamingo 3rd Flr- Savoy Rm - (10:40-11:30) - Cloud Security Myths - Xavier Ashe
Contest - Contest Stage - GeekPwn -
CPV - Caesars Promenade Level - Milano BR 1,2 - (10:30-11:00) - "Won't Somebody Think of the Children?" Examining COPPA Compliance at Scale - Irwin Reyes, Amit Elazari Bar On
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Synfuzz: Building a Grammar Based Re-targetable Test Generation Framework - Joe Rozner
DC - Track 1 - Caesars Emperor's Level - Palace BR - Welcome To DEF CON & Badge Maker Talk - The Dark Tangent
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - De-anonymizing Programmers from Source Code and Binaries - Rachel Greenstadt, Dr. Aylin Caliskan
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Securing our Nation's Election Infrastructure - Jeanette Manfra
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - (10:30-10:50) - Please do not Duplicate: Attacking the Knox Box and Other Keyed Alike Systems - m010ch_
HHV - Caesars Pool Level - Forum 17-21 - Applied Physical Attacks on Embedded Systems, Introductory Version - Joe FitzPatriclk, @arinerron, and @pixieofchaos
ICS - Flamingo Lower Level - Red Rock Rm 6-8 - (10:40-11:10) - How can industrial IioT be protected from the great unwashed masses of IoT devices - Ken Keiser, Ben Barenz
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - (10:15-10:59) - Internet of Medicine : The ultimate key to Rooting the human being - Veronica Schmitt @Po1Zon_P1x13
PHV - Caesars Promenade Level - Neopolitan BR - Mallet: A Proxy for Arbitrary Traffic - Rogan Dawes
PPV - Flamingo Lower Level - Valley Of Fire Rms - (10:30-10:59) - How to Microdose Yourself - a nurse
Service - Caesars - Promenade Level - Anzio Rm past Registration - Ham Radio Exams -
SKY - Flamingo 3rd Flr - Virginia City Rm - Stalker In A Haystack - MasterChen
WS - Linq 4th Flr - Icon A - Bypassing Windows Driver Signature Enforcement - Csaba Fitzl
WS - Linq 4th Flr - Icon B - Reverse Engineering with OpenSCAD and 3D Printing - Nick Tait
WS - Linq 4th Flr - Icon C - Attacking Active Directory and Advanced Defense Methods in 2018 - Adam Steed, James Albany
WS - Linq 4th Flr - Icon D - ARM eXploitation 101 - Sneha Rajguru
WS - Linq 4th Flr - Icon E - Attacking & Auditing Docker Containers Using Open Source - Madhu Akula
WS - Linq 4th Flr - Icon F - Crypto Hero - Sam Bowne, Dylan James Smith, Elizabeth Biddlecome

 

Friday - 11:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - cont...(10:40-11:20) - Stop and Step Away from the Data: Rapid Anomaly Detection via Ransom Note File Classification - Mark Mager
AIV - Caesars Promenade Level - Florentine BR 3 - (11:20-11:59) - JMPgate: Accelerating reverse engineering into hyperspace using AI - Rob Brandon
BCOS - Caesars Promenade Level - Pompeian BR 1 - Keynote Speech: Inside Monero - Howard (hyc) Chu
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - cont...(10:15-11:30) - Keynote Presentation: Avoiding Trauma, Drama and FUD in Medical Device Disclosure - Jen Ellis
BTV - Flamingo 3rd Flr- Savoy Rm - cont...(10:40-11:30) - Cloud Security Myths - Xavier Ashe
BTV - Flamingo 3rd Flr- Savoy Rm - (11:50-12:10) - Effective Log & Events Management - Russell Mosley
Contest - Contest Stage - cont...(10:00-12:59) - GeekPwn -
CPV - Caesars Promenade Level - Milano BR 1,2 - Hamilton's Private Key: American Exceptionalism and the Right to Anonymity - Jeff Kosseff
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - An Attacker Looks at Docker: Approaching Multi-Container Applications - Wesley McGrew
DC - Track 1 - Caesars Emperor's Level - Palace BR - NSA Talks Cybersecurity - Rob Joyce
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - One-liners to Rule Them All - egypt, William Vu
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Lora Smart Water Meter Security Analysis - Yingtao Zeng, Lin Huang, Jun Li
HHV - Caesars Pool Level - Forum 17-21 - cont...(10:00-12:59) - Applied Physical Attacks on Embedded Systems, Introductory Version - Joe FitzPatriclk, @arinerron, and @pixieofchaos
ICS - Flamingo Lower Level - Red Rock Rm 6-8 - cont...(10:40-11:10) - How can industrial IioT be protected from the great unwashed masses of IoT devices - Ken Keiser, Ben Barenz
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - (11:30-11:59) - IoT Village Keynote - Tales of a SOHOpeful Journey: Where our Research Started and Where it's Going - Rick Ramgattie @RRamgattie and Jacob Holcomb @rootHak42
PHV - Caesars Promenade Level - Neopolitan BR - Rethinking Role-Based Security Education - Kat Sweet
PHW - Caesars Promenade Level - Neopolitan BR - Reverse Engineering Malware 101 - Malware Unicorn
PPV - Flamingo Lower Level - Valley Of Fire Rms - Weed Hacking: A Pragmatic Primer For Home Grows - Cristina Munoz
Service - Caesars - Promenade Level - Anzio Rm past Registration - cont...(10:00-15:59) - Ham Radio Exams -
SKY - Flamingo 3rd Flr - Virginia City Rm - Deconstructing DeFeNeStRaTe.C: The first public buffer overflow on a mainframe? - Soldier of FORTRAN
VMHV - Caesars Pool Level - Forum 14-16 - Lessons Learned: DEFCON Voting Village 2017 - Jake Braun, Hari Hursti, Matt Blaze
WLV - Caesars Promenade Level - Milano BR 5,6 - Goodwatch Update - Travis Goodspeed
WS - Linq 4th Flr - Icon A - cont...(10:00-13:59) - Bypassing Windows Driver Signature Enforcement - Csaba Fitzl
WS - Linq 4th Flr - Icon B - cont...(10:00-13:59) - Reverse Engineering with OpenSCAD and 3D Printing - Nick Tait
WS - Linq 4th Flr - Icon C - cont...(10:00-13:59) - Attacking Active Directory and Advanced Defense Methods in 2018 - Adam Steed, James Albany
WS - Linq 4th Flr - Icon D - cont...(10:00-13:59) - ARM eXploitation 101 - Sneha Rajguru
WS - Linq 4th Flr - Icon E - cont...(10:00-13:59) - Attacking & Auditing Docker Containers Using Open Source - Madhu Akula
WS - Linq 4th Flr - Icon F - cont...(10:00-13:59) - Crypto Hero - Sam Bowne, Dylan James Smith, Elizabeth Biddlecome

 

Friday - 12:00


Return to Index  -  Locations Legend
BCOS - Caesars Promenade Level - Pompeian BR 1 - Contests, Challenges, and free giveaways - MSvB and midipoet
BCOS - Caesars Promenade Level - Pompeian BR 1 - (12:30-12:59) - Open Source Hardware and the Monero Project - Parasew
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Just what the Doctor Ordered: 2nd Opinions on Medical Device Security - Christian "quaddi" Dameff MD
BTV - Flamingo 3rd Flr- Savoy Rm - cont...(11:50-12:10) - Effective Log & Events Management - Russell Mosley
BTV - Flamingo 3rd Flr- Savoy Rm - (12:30-13:20) - Evolving security operations to the year 2020 - @IrishMASMS
Contest - Contest Stage - cont...(10:00-12:59) - GeekPwn -
CPV - Caesars Promenade Level - Milano BR 1,2 - Cryptography, Codes, and Secret Writing: An Introduction to Secret Communications - Tess Schrodinger
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - It's Assembler, Jim, but not as we know it: (ab)using binaries from embedded devices for fun and profit - Morgan ``indrora'' Gangwere
DC - Track 1 - Caesars Emperor's Level - Palace BR - Vulnerable Out of the Box: An Evaluation of Android Carrier Devices - Ryan Johnson, Angelos Stavrou
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Breaking Parser Logic: Take Your Path Normalization Off and Pop 0days Out! - Orange Tsai
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Who Controls the Controllers—Hacking Crestron IoT Automation Systems - Ricky "HeadlessZeke" Lawshae
EHV - Caesars Promenade Level - Modena Rm - Asking for a Friend - Speaker TBA
HHV - Caesars Pool Level - Forum 17-21 - cont...(10:00-12:59) - Applied Physical Attacks on Embedded Systems, Introductory Version - Joe FitzPatriclk, @arinerron, and @pixieofchaos
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - (12:30-12:59) - NEST: Securing the Home - Matt Mahler and Kat Mansourimoaied
Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South - Friends of Bill W -
PHV - Caesars Promenade Level - Neopolitan BR - PacketWhisper: Stealthily Exfiltrating Data and Defeating Attribution Using DNS and Text-Based Steganography - TryCatchHCF
PHW - Caesars Promenade Level - Neopolitan BR - cont...(11:00-12:30) - Reverse Engineering Malware 101 - Malware Unicorn
RCV - Caesars Promenade Level - Florentine BR 1,2 - Opening Note - Shubham Mittal / Sudhanshu Chahuhan
RCV - Caesars Promenade Level - Florentine BR 1,2 - Keynote - From Breach to Bust: A short story of graphing and grey data - Andrew Macpherson
RCV - Caesars Promenade Level - Florentine BR 1,2 - (12:55-13:35) - Emergent Recon - fresh methodology and tools for hackers in 2018 - Jason Haddix
Service - Caesars - Promenade Level - Anzio Rm past Registration - cont...(10:00-15:59) - Ham Radio Exams -
Service - Vendors Area - No Starch Press Table - Book Signing - Craig Smith - The Car Hacker's Handbook - Craig Smith
SKY - Flamingo 3rd Flr - Virginia City Rm - When Incident Response Meets Reality - Magg
VMHV - Caesars Pool Level - Forum 14-16 - Lunch Keynote: State and Local Perspectives on Election Security - Jake Braun(moderator), Neal Kelley, Jeanette Manfra, Amber McReynolds, Alex Padilla, Noah Praetz
WLV - Caesars Promenade Level - Milano BR 5,6 - BSSI [Brain Signal Strength Indicator] - finding foxis with acoustic help (piClicker) - steve0
WLV - Caesars Promenade Level - Milano BR 5,6 - (12:30-12:55) - RFNoC: Accelerating the Spectrum with the FPGA - Neel Pandeya and Nate Temple
WS - Linq 4th Flr - Icon A - cont...(10:00-13:59) - Bypassing Windows Driver Signature Enforcement - Csaba Fitzl
WS - Linq 4th Flr - Icon B - cont...(10:00-13:59) - Reverse Engineering with OpenSCAD and 3D Printing - Nick Tait
WS - Linq 4th Flr - Icon C - cont...(10:00-13:59) - Attacking Active Directory and Advanced Defense Methods in 2018 - Adam Steed, James Albany
WS - Linq 4th Flr - Icon D - cont...(10:00-13:59) - ARM eXploitation 101 - Sneha Rajguru
WS - Linq 4th Flr - Icon E - cont...(10:00-13:59) - Attacking & Auditing Docker Containers Using Open Source - Madhu Akula
WS - Linq 4th Flr - Icon F - cont...(10:00-13:59) - Crypto Hero - Sam Bowne, Dylan James Smith, Elizabeth Biddlecome

 

Friday - 13:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - IntelliAV: Building an Effective On-Device Android Malware Detector - Mansour Ahmadi
AIV - Caesars Promenade Level - Florentine BR 3 - (13:20-13:59) - Identifying and correlating anomalies in Internet-wide scan traffic to newsworthy security events - Andrew Morris
BCOS - Caesars Promenade Level - Pompeian BR 1 - A Rundown of Security Issues in Crypto Software Wallets - Marko Bencun
BCOS - Caesars Promenade Level - Pompeian BR 1 - (13:30-13:59) - We Don't Need No Stinkin Badges - Michael Schloh
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (13:30-14:15) - Blue Team Bio: Using Kill-Chain Methodology to Stop Bioterrorism - Mr. Br!ml3y
BTV - Flamingo 3rd Flr- Savoy Rm - cont...(12:30-13:20) - Evolving security operations to the year 2020 - @IrishMASMS
BTV - Flamingo 3rd Flr- Savoy Rm - (13:40-14:30) - Hacking Your Dev Job to Save the World - Where Programming and Hacking Meet - @jtpereyda
CPV - Caesars Promenade Level - Milano BR 1,2 - cont...(12:00-13:30) - Cryptography, Codes, and Secret Writing: An Introduction to Secret Communications - Tess Schrodinger
CPV - Caesars Promenade Level - Milano BR 1,2 - (13:30-14:00) - Opportunistic Onion: More Protection Some of the Time - Mahrud Sayrafi
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Dissecting the Teddy Ruxpin: Reverse Engineering the Smart Bear - zenofex
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - (13:30-13:50) - You can run, but you can't hide. Reverse engineering using X-Ray. - George Tarnovsky
DC - Track 1 - Caesars Emperor's Level - Palace BR - Compromising online accounts by cracking voicemail systems - Martin Vigo
DC - Track 1 - Caesars Emperor's Level - Palace BR - (13:30-13:50) - Dragnet—Your Social Engineering Sidekick - Truman Kain
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Finding Xori: Malware Analysis Triage with Automated Disassembly - Amanda Rousseau, Rich Seymour
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - (13:30-13:50) - Hacking the Brain: Customize Evil Protocol to Pwn an SDN Controller - Feng Xiao, Jianwei Huang, Peng Liu
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - One-Click to OWA - William Martin
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - (13:30-13:50) - Fasten your seatbelts: We are escaping iOS 11 sandbox! - Min (Spark) Zheng, Xiaolong Bai
EHV - Caesars Promenade Level - Modena Rm - Ethics for Security Practitioners - Speaker TBA
ICS - Flamingo Lower Level - Red Rock Rm 6-8 - (13:50-14:20) - Behavior-Based Defense in ICS Environments: Leveraging Minor Incidents to Protect Against Major Attacks - Joe Slowik
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - (13:15-13:59) - Exploiting the IoT hub : What happened to my home? - Hwiwon Lee and Changhyun Park
PHV - Caesars Promenade Level - Neopolitan BR - Target-Based Security Model - Garett Montgomery
PHW - Caesars Promenade Level - Neopolitan BR - Advanced APT Hunting with Splunk - Ryan Kovar and John Stoner
PPV - Flamingo Lower Level - Valley Of Fire Rms - Cruising the Cannabis Highway: Major Breaches in Cannabis Software - Rex
RCV - Caesars Promenade Level - Florentine BR 1,2 - cont...(12:55-13:35) - Emergent Recon - fresh methodology and tools for hackers in 2018 - Jason Haddix
Service - Caesars - Promenade Level - Anzio Rm past Registration - cont...(10:00-15:59) - Ham Radio Exams -
Service - Vendors Area - No Starch Press Table - Book Signing - Travis Goodspeed - PoC || GTFO - Travis Goodspeed
SKY - Flamingo 3rd Flr - Virginia City Rm - Practical attack simulations in Critical National Infrastructure (CNI): Oh the perils, or oh the fun? - William Knowles and James Coote
SKY - Flamingo 3rd Flr - Virginia City Rm - (13:30-13:59) - penetration testing sex toys: "I've seen things you people wouldn't believe" - Renderman
VMHV - Caesars Pool Level - Forum 14-16 - Assessments of Election Infrastructure and Our Understanding and sometimes whY - Robert Karas, Jason Hill
WLV - Caesars Promenade Level - Milano BR 5,6 - Can you hear me now, DEF CON? - Wasabi
WS - Linq 4th Flr - Icon A - cont...(10:00-13:59) - Bypassing Windows Driver Signature Enforcement - Csaba Fitzl
WS - Linq 4th Flr - Icon B - cont...(10:00-13:59) - Reverse Engineering with OpenSCAD and 3D Printing - Nick Tait
WS - Linq 4th Flr - Icon C - cont...(10:00-13:59) - Attacking Active Directory and Advanced Defense Methods in 2018 - Adam Steed, James Albany
WS - Linq 4th Flr - Icon D - cont...(10:00-13:59) - ARM eXploitation 101 - Sneha Rajguru
WS - Linq 4th Flr - Icon E - cont...(10:00-13:59) - Attacking & Auditing Docker Containers Using Open Source - Madhu Akula
WS - Linq 4th Flr - Icon F - cont...(10:00-13:59) - Crypto Hero - Sam Bowne, Dylan James Smith, Elizabeth Biddlecome

 

Friday - 14:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - It’s a Beautiful Day in the Malware Neighborhood - Matt
AIV - Caesars Promenade Level - Florentine BR 3 - (14:30-15:20) - Malware Panel - @drhyrum, @gradient_janitor, @malwareunicorn, @rharang, @bwall (Moderator)
BCOS - Caesars Promenade Level - Pompeian BR 1 - Hack On The BitBox Hardware Wallet - Stephanie Stroka and Marko Bencun
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - cont...(13:30-14:15) - Blue Team Bio: Using Kill-Chain Methodology to Stop Bioterrorism - Mr. Br!ml3y
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (14:15-16:15) - Panel Discussion: The Internet of Bodies - Prof Andrea M. Matwyshyn, Professor of Law, NUSL
BTV - Flamingo 3rd Flr- Savoy Rm - cont...(13:40-14:30) - Hacking Your Dev Job to Save the World - Where Programming and Hacking Meet - @jtpereyda
BTV - Flamingo 3rd Flr- Savoy Rm - (14:50-15:40) - How not to suck at Vulnerability Management [at Scale] - @Plug and mwguy
CPV - Caesars Promenade Level - Milano BR 1,2 - "Probably": an Irreverent Overview of the GDPR - Brendan O’Connor
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - UEFI exploitation for the masses - Mickey Shkatov , Jesse Michael
DC - Track 1 - Caesars Emperor's Level - Palace BR - GOD MODE UNLOCKED: Hardware Backdoors in [redacted] x86 CPUs - Christopher Domas
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - 4G—Who is paying your cellular phone bill? - Dr. Silke Holtmanns, Isha Singh
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Revolting Radios - Michael Ossmann, Dominic Spill
EHV - Caesars Promenade Level - Modena Rm - Accountability without accountability: A censorship measurement case study - Speaker TBA
HHV - Caesars Pool Level - Forum 17-21 - Getting to Blinky: #badgelife begins with a single blink - Chris Gammell
ICS - Flamingo Lower Level - Red Rock Rm 6-8 - cont...(13:50-14:20) - Behavior-Based Defense in ICS Environments: Leveraging Minor Incidents to Protect Against Major Attacks - Joe Slowik
ICS - Flamingo Lower Level - Red Rock Rm 6-8 - (14:30-14:59) - How We Cost Our Client ÂŁ1.2M with 4 lines of code and less than 2 Hours ($2M) - Mike Godfrey
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - (14:30-15:15) - Internet of Laws: Navigating to IoT Hacking Legal Landscape - Amit Elazari @amitelazari & Jamie Williams @jamieleewi
PHV - Caesars Promenade Level - Neopolitan BR - Protecting Crypto Exchanges From a New Wave of Man-in-the-Browser Attacks - Pedro Fortuna
PHW - Caesars Promenade Level - Neopolitan BR - cont...(13:00-14:59) - Advanced APT Hunting with Splunk - Ryan Kovar and John Stoner
PPV - Flamingo Lower Level - Valley Of Fire Rms - The Real History of Marijuana Prohibition - Annie Rouse
RCV - Caesars Promenade Level - Florentine BR 1,2 - (14:40-15:10) - Prebellico - 100% Passive Pre-Engagement and Post Compromise Network Reconnaissance Tool - William Suthers
Service - Caesars - Promenade Level - Anzio Rm past Registration - cont...(10:00-15:59) - Ham Radio Exams -
Service - Vendors Area - No Starch Press Table - cont...(13:00-14:30) - Book Signing - Travis Goodspeed - PoC || GTFO - Travis Goodspeed
Service - Vendors Area - No Starch Press Table - (14:30-15:59) - Book Signing - Tarah Wheeler, with Keren Elazari - Women in Tech - Tarah Wheeler, Keren Elazari
Service - Vendors Area - No Starch Press Table - (14:30-15:59) - Book Signing - Violet Blue - The Smart Girls's Guide to Privacy - Violet Blue
Service - Vendors Area - No Starch Press Table - (14:30-15:59) - Book Signing - Georgia Weidman - Penetration Testing - Georgia Weidman
Service - Vendors Area - No Starch Press Table - (14:30-15:59) - Book Signing - Elissa Shevinsky - Lean Out - Elissa Shevinsky
SKY - Flamingo 3rd Flr - Virginia City Rm - From MormonLeaks to FaithLeaks - Ethan Gregory Dodge
VMHV - Caesars Pool Level - Forum 14-16 - Current Policy Responses to Election Security Concerns - J. Alex Halderman
VMHV - Caesars Pool Level - Forum 14-16 - (14:30-14:59) - A Comprehensive Forensic Analysis of WINVote Voting Machines - Carsten Schurmann
WS - Linq 4th Flr - Icon A - (14:30-18:30) - Hacking Thingz Powered By Machine Learning - Clarence Chio, Anto Joseph
WS - Linq 4th Flr - Icon B - (14:30-18:30) - Buzzing Smart Devices: Smart Band Hacking - Arun Magesh
WS - Linq 4th Flr - Icon C - (14:30-18:30) - Threat Hunting with ELK - Ben Hughes, Fred Mastrippolito, Jeff Magloire
WS - Linq 4th Flr - Icon D - (14:30-18:30) - JWAT...Attacking JSON Web Tokens - Louis Nyffenegger, Luke Jahnke
WS - Linq 4th Flr - Icon E - (14:30-18:30) - Penetration Testing Environments: Client & Test Security - Wesley McGrew, Kendall Blaylock
WS - Linq 4th Flr - Icon F - (14:30-18:30) - Deploying, Attacking, and Securing Software Defined Networks - Jon Medina

 

Friday - 15:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - cont...(14:30-15:20) - Malware Panel - @drhyrum, @gradient_janitor, @malwareunicorn, @rharang, @bwall (Moderator)
AIV - Caesars Promenade Level - Florentine BR 3 - (15:20-15:59) - Detecting Web Attacks with Recurrent Neural Networks - Fedor Sakharov
BCOS - Caesars Promenade Level - Pompeian BR 1 - cont...(14:00-15:59) - Hack On The BitBox Hardware Wallet - Stephanie Stroka and Marko Bencun
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - cont...(14:15-16:15) - Panel Discussion: The Internet of Bodies - Prof Andrea M. Matwyshyn, Professor of Law, NUSL
BTV - Flamingo 3rd Flr- Savoy Rm - cont...(14:50-15:40) - How not to suck at Vulnerability Management [at Scale] - @Plug and mwguy
CPV - Caesars Promenade Level - Milano BR 1,2 - Hiding in plain sight: Disguising HTTPS traffic with domain-fronting - Matt Urquhart
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Weaponizing Unicode: Homographs Beyond IDNs - The Tarquin
DC - Track 1 - Caesars Emperor's Level - Palace BR - Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010 - Gabriel Ryan
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Playback: a TLS 1.3 story - Alfonso GarcĂ­a Alguacil, Alejo Murillo Moya
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Privacy infrastructure, challenges and opportunities - yawnbox
EHV - Caesars Promenade Level - Modena Rm - Responsible Disclosure Panel - Speaker TBA
HHV - Caesars Pool Level - Forum 17-21 - cont...(14:00-17:59) - Getting to Blinky: #badgelife begins with a single blink - Chris Gammell
ICS - Flamingo Lower Level - Red Rock Rm 6-8 - A CTF That Teaches: Challenging the Next Generation of ICS Ethical Hackers - Brandon Workentin
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - cont...(14:30-15:15) - Internet of Laws: Navigating to IoT Hacking Legal Landscape - Amit Elazari @amitelazari & Jamie Williams @jamieleewi
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - (15:45-16:30) - The Sound of a Targeted Attack: Attacking IoT Speakers - Stephen Hilt @sjhilt
Meetup - Caesars - Palace Suites - Women, Wisdom, & Wine @ DEF CON 26 by IOActive -
PHV - Caesars Promenade Level - Neopolitan BR - Freedom of Information: Hacking the Human Black Box - Elliott Brink
PHW - Caesars Promenade Level - Neopolitan BR - (15:30-16:59) - Finding and Attacking Undocumented APIs with Python - Ryan Mitchell
PPV - Flamingo Lower Level - Valley Of Fire Rms - About the Open Cannabis Project - Beth Schechter
RCV - Caesars Promenade Level - Florentine BR 1,2 - cont...(14:40-15:10) - Prebellico - 100% Passive Pre-Engagement and Post Compromise Network Reconnaissance Tool - William Suthers
RCV - Caesars Promenade Level - Florentine BR 1,2 - (15:15-15:45) - Adventures in the dark web of government data - Marc DaCosta
RCV - Caesars Promenade Level - Florentine BR 1,2 - (15:50-16:10) - How WHOIS Data Uncovered $32 Billion Connected to the Mormon Church - Ethan Gregory Dodge
Service - Caesars - Promenade Level - Anzio Rm past Registration - cont...(10:00-15:59) - Ham Radio Exams -
Service - Vendors Area - No Starch Press Table - cont...(14:30-15:59) - Book Signing - Tarah Wheeler, with Keren Elazari - Women in Tech - Tarah Wheeler, Keren Elazari
Service - Vendors Area - No Starch Press Table - cont...(14:30-15:59) - Book Signing - Violet Blue - The Smart Girls's Guide to Privacy - Violet Blue
Service - Vendors Area - No Starch Press Table - cont...(14:30-15:59) - Book Signing - Georgia Weidman - Penetration Testing - Georgia Weidman
Service - Vendors Area - No Starch Press Table - cont...(14:30-15:59) - Book Signing - Elissa Shevinsky - Lean Out - Elissa Shevinsky
SEV - Caesars Promenade South - Octavius BR 3-8 - (15:30-15:59) - My Stripper Name is Bubbles - Hannah Silvers
SKY - Flamingo 3rd Flr - Virginia City Rm - OSINT IS FOR SOCCER MOMS - Laura H
VMHV - Caesars Pool Level - Forum 14-16 - Lightning Talks - A Crash Course on Election Security - Matthew Bernhard
VMHV - Caesars Pool Level - Forum 14-16 - (15:15-15:30) - Lightning Talks - Mechanics & Pitfalls of Auditing with Scanners - Margaret MacAlpine
VMHV - Caesars Pool Level - Forum 14-16 - (15:30-15:45) - Lightning Talks - The Return of Software Vulnerabilities in the Brazilian Voting Machine - Diego Aranha
WLV - Caesars Promenade Level - Milano BR 5,6 - WEP and WPA Cracking 101 - Zero_Chaos and Tay-Tay fanboi Wasabi
WS - Linq 4th Flr - Icon A - cont...(14:30-18:30) - Hacking Thingz Powered By Machine Learning - Clarence Chio, Anto Joseph
WS - Linq 4th Flr - Icon B - cont...(14:30-18:30) - Buzzing Smart Devices: Smart Band Hacking - Arun Magesh
WS - Linq 4th Flr - Icon C - cont...(14:30-18:30) - Threat Hunting with ELK - Ben Hughes, Fred Mastrippolito, Jeff Magloire
WS - Linq 4th Flr - Icon D - cont...(14:30-18:30) - JWAT...Attacking JSON Web Tokens - Louis Nyffenegger, Luke Jahnke
WS - Linq 4th Flr - Icon E - cont...(14:30-18:30) - Penetration Testing Environments: Client & Test Security - Wesley McGrew, Kendall Blaylock
WS - Linq 4th Flr - Icon F - cont...(14:30-18:30) - Deploying, Attacking, and Securing Software Defined Networks - Jon Medina

 

Friday - 16:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - Machine Learning for Network Security Hands-on Workshop: DIYML - Sebastian Garcia
AIV - Caesars Promenade Level - Florentine BR 3 - Using AI to Create Music - dj beep code
AIV - Caesars Promenade Level - Florentine BR 3 - Machine Learning as a Service in Your Pocket - Evan Yang
AIV - Caesars Promenade Level - Florentine BR 3 - Deep Exploit - Isao Takaesu
BCOS - Caesars Promenade Level - Pompeian BR 1 - Scaling and Economic Implications of the Adaptive Blocksize in Monero - Francisco "ArticMine" Cabañas
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - cont...(14:15-16:15) - Panel Discussion: The Internet of Bodies - Prof Andrea M. Matwyshyn, Professor of Law, NUSL
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (16:15-16:59) - Hey Bro, I Got Your Fitness Right Here (and your PHI). - Nick - GraphX
BTV - Flamingo 3rd Flr- Savoy Rm - SAEDAY: Subversion and Espionage Directed Against You - Judy Towers
Contest - Contest Stage - EFF Tech Trivia -
CPV - Caesars Promenade Level - Milano BR 1,2 - Cicada: What the Puzzles Can Teach Us About Cryptography and Privacy. - Nox
DDV - Caesars Promenade Level - Capri Rm - The Beginner’s Guide to the Musical Scales of Cyberwar - Jessica “Zhanna” Malekos Smith
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Automated Discovery of Deserialization Gadget Chains - Ian Haken
DC - Track 1 - Caesars Emperor's Level - Palace BR - Your Peripheral Has Planted Malware—An Exploit of NXP SOCs Vulnerability - Yuwei Zheng, Shaokun Cao, Yunding Jian, Mingchuang Qun
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Practical & Improved Wifi MitM with Mana - singe
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Your Voice is My Passport - _delta_zero, Azeem Aqil
EHV - Caesars Promenade Level - Modena Rm - Ethical Disclosure and the Reduction of Harm - Speaker TBA
HHV - Caesars Pool Level - Forum 17-21 - cont...(14:00-17:59) - Getting to Blinky: #badgelife begins with a single blink - Chris Gammell
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - cont...(15:45-16:30) - The Sound of a Targeted Attack: Attacking IoT Speakers - Stephen Hilt @sjhilt
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - (16:45-17:30) - I'm the One Who Doesn't Knock: Unlocking Doors from the Network - David Tomaschik @Matir
Meetup - Caesars - Palace Suites - cont...(15:00-16:59) - Women, Wisdom, & Wine @ DEF CON 26 by IOActive -
PHV - Caesars Promenade Level - Neopolitan BR - Car Infotainment Hacking Methodology and Attack Surface Scenarios - Jay Turla
PHW - Caesars Promenade Level - Neopolitan BR - cont...(15:30-16:59) - Finding and Attacking Undocumented APIs with Python - Ryan Mitchell
PPV - Flamingo Lower Level - Valley Of Fire Rms - Diagnosing Sick Plants with Computer Vision - Harry Moreno
RCV - Caesars Promenade Level - Florentine BR 1,2 - cont...(15:50-16:10) - How WHOIS Data Uncovered $32 Billion Connected to the Mormon Church - Ethan Gregory Dodge
RCV - Caesars Promenade Level - Florentine BR 1,2 - (16:15-16:45) - Hacking the international RFQ Process #killthebuzzwords - Dino Covotsos
RCV - Caesars Promenade Level - Florentine BR 1,2 - (16:50-17:20) - Introducing YOGA: Your OSINT Graphical Analyzer - Micah Hoffman
SEV - Caesars Promenade South - Octavius BR 3-8 - From Introvert to SE: The Journey - Ryan MacDougall
SEV - Caesars Promenade South - Octavius BR 3-8 - (16:55-17:45) - Mr. Sinatra Will Hack You Now - Neil Fallon
SKY - Flamingo 3rd Flr - Virginia City Rm - Robots and AI: What scares the experts? - Brittany "Straithe" Postnikoff, Sara-Jayne Terp
VMHV - Caesars Pool Level - Forum 14-16 - Trustworthy Elections - Joseph Kiniry
VMHV - Caesars Pool Level - Forum 14-16 - (16:30-16:59) - Keynote Address: Alejandro Mayorkas - Alejandro Mayorkas
WLV - Caesars Promenade Level - Milano BR 5,6 - SirenJack: Cracking a 'Secure' Emergency Waring Siren System - Balint Seeber
WS - Linq 4th Flr - Icon A - cont...(14:30-18:30) - Hacking Thingz Powered By Machine Learning - Clarence Chio, Anto Joseph
WS - Linq 4th Flr - Icon B - cont...(14:30-18:30) - Buzzing Smart Devices: Smart Band Hacking - Arun Magesh
WS - Linq 4th Flr - Icon C - cont...(14:30-18:30) - Threat Hunting with ELK - Ben Hughes, Fred Mastrippolito, Jeff Magloire
WS - Linq 4th Flr - Icon D - cont...(14:30-18:30) - JWAT...Attacking JSON Web Tokens - Louis Nyffenegger, Luke Jahnke
WS - Linq 4th Flr - Icon E - cont...(14:30-18:30) - Penetration Testing Environments: Client & Test Security - Wesley McGrew, Kendall Blaylock
WS - Linq 4th Flr - Icon F - cont...(14:30-18:30) - Deploying, Attacking, and Securing Software Defined Networks - Jon Medina

 

Friday - 17:00


Return to Index  -  Locations Legend
BCOS - Caesars Promenade Level - Pompeian BR 1 - Hacking a Crypto Payment Gateway - Devin "Bearded Warrior" Pearson and Felix "Crypto_Cat" Honigwachs
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Nature’s source code is vulnerable and cannot be patched - Jeffrey Ladish
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (17:45-18:30) - Remote Sensing, Distributed Computing, BigData and 3D Epidemiology: Today’s Public Health Opportunity - Debra Laefer
BTV - Flamingo 3rd Flr- Savoy Rm - Stop, Drop, and Assess your SOC - Andy Applebaum
Contest - Contest Stage - cont...(16:00-17:59) - EFF Tech Trivia -
CPV - Caesars Promenade Level - Milano BR 1,2 - Revolutionizing Authentication with Oblivious Cryptography - Dr Adam Everspaugh
DC - Track 101 - Flamingo 3rd Flr - Sunset BR - Your Bank's Digital Side Door - Steven Danneman
DC - Track 1 - Caesars Emperor's Level - Palace BR - I'll See Your Missile and Raise You A MIRV: An overview of the Genesis Scripting Engine - Alex Levinson, Dan Borges
DC - Track 2 - Caesars Promenade South - Octavius BR 12-24 - The L0pht Testimony, 20 Years Later (and Other Things You Were Afraid to Ask) - L0pht Heavy Industries, Elinor Mills, DilDog, Joe Grand, Kingpin, Space Rogue, Mudge, Silicosis , John Tan, Weld Pond
DC - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Reverse Engineering, hacking documentary series - Michael Lee Nirenberg, Dave Buchwald
EHV - Caesars Promenade Level - Modena Rm - (17:30-18:29) - Patching the CFAA: The New CIAA and “Ethical” Conduct in Security Research - Speaker TBA
HHV - Caesars Pool Level - Forum 17-21 - cont...(14:00-17:59) - Getting to Blinky: #badgelife begins with a single blink - Chris Gammell
IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - cont...(16:45-17:30) - I'm the One Who Doesn't Knock: Unlocking Doors from the Network - David Tomaschik @Matir
Meetup - Caesars - Circle Bar - DEFCON 909 Meet Up -
Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South - Friends of Bill W -
PHV - Caesars Promenade Level - Neopolitan BR - Swiss Cheese Holes in the Foundation of Modern Security - CERT VU#919801 - Chris Hanlon
PHW - Caesars Promenade Level - Neopolitan BR - (17:30-18:59) - Serious Intro to Python for Admins - Davin Potts
PPV - Flamingo Lower Level - Valley Of Fire Rms - THC Producing, Genetically Modified Yeast - Kevin Chen
PPV - Flamingo Lower Level - Valley Of Fire Rms - (17:30-18:15) - An Overview of Hydroponic Grow Techniques - Adrian, Alex
RCV - Caesars Promenade Level - Florentine BR 1,2 - cont...(16:50-17:20) - Introducing YOGA: Your OSINT Graphical Analyzer - Micah Hoffman
RCV - Caesars Promenade Level - Florentine BR 1,2 - (17:25-17:55) - Using Deep Learning to uncover darkweb malicious actors and their close circle - Rod Soto / Joseph Zadeh
SEV - Caesars Promenade South - Octavius BR 3-8 - cont...(16:55-17:45) - Mr. Sinatra Will Hack You Now - Neil Fallon
SEV - Caesars Promenade South - Octavius BR 3-8 - (17:50-18:40) - In-N-Out - That’s What It’s All About - Billy Boatright
SKY - Flamingo 3rd Flr - Virginia City Rm - The Least Common Denominator Strategy (AKA Don't make DevOps too easy) - Daniel Williams (fbus)
VMHV - Caesars Pool Level - Forum 14-16 - Keynote Address: TBA -
WLV - Caesars Promenade Level - Milano BR 5,6 - Hunting Rogue APs: Hard Lessons - toddpar0dy
WLV - Caesars Promenade Level - Milano BR 5,6 - (17:30-17:55) - Exploring the 802.15.4 Attack Surface - Faz
WS - Linq 4th Flr - Icon A - cont...(14:30-18:30) - Hacking Thingz Powered By Machine Learning - Clarence Chio, Anto Joseph
WS - Linq 4th Flr - Icon B - cont...(14:30-18:30) - Buzzing Smart Devices: Smart Band Hacking - Arun Magesh
WS - Linq 4th Flr - Icon C - cont...(14:30-18:30) - Threat Hunting with ELK - Ben Hughes, Fred Mastrippolito, Jeff Magloire
WS - Linq 4th Flr - Icon D - cont...(14:30-18:30) - JWAT...Attacking JSON Web Tokens - Louis Nyffenegger, Luke Jahnke
WS - Linq 4th Flr - Icon E - cont...(14:30-18:30) - Penetration Testing Environments: Client & Test Security - Wesley McGrew, Kendall Blaylock
WS - Linq 4th Flr - Icon F - cont...(14:30-18:30) - Deploying, Attacking, and Securing Software Defined Networks - Jon Medina

 

Friday - 18:00


Return to Index  -  Locations Legend
AIV - Caesars Promenade Level - Florentine BR 3 - INTRO TO DATA MASTERCLASS: Graphs & Anomalies - Leo Meyerovich & Eugene Teo
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - cont...(17:45-18:30) - Remote Sensing, Distributed Computing, BigData and 3D Epidemiology: Today’s Public Health Opportunity - Debra Laefer
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (18:30-18:59) - Custodial Responsibilities in the Connected Age: Digital Specimens and Social Contracts - Andy Coravos
BTV - Flamingo 3rd Flr- Savoy Rm - (18:20-18:59) - Open Source Endpoint Monitoring - Rik van Duijn and Leandro Velasco
Contest - Contest Stage - DEF CON Beard and Moustache Contest -
CPV - Caesars Promenade Level - Milano BR 1,2 - Announcing the Underhanded Crypto Contest Winners - Adam Caudill, Taylor Hornby
EHV - Caesars Promenade Level - Modena Rm - cont...(17:30-18:29) - Patching the CFAA: The New CIAA and “Ethical” Conduct in Security Research - Speaker TBA
EHV - Caesars Promenade Level - Modena Rm - (18:30-19:29) - Discussion - Speaker TBA
Meetup - Caesars - Circle Bar - cont...(17:00-18:59) - DEFCON 909 Meet Up -
Meetup - Stage Door 4000 Linq Ln., Las Vegas (Right across the street from Caesars Palace) - /R/defcon redit Meetup -
Meetup - The Park on Las Vegas Blvd. by TMobile Arena - (18:30-20:30) - DEF CON Dinner Con -
PHV - Caesars Promenade Level - Neopolitan BR - Mapping Wi-Fi Networks and Triggering on Interesting Traffic Patterns - Caleb Madrigal
PHW - Caesars Promenade Level - Neopolitan BR - cont...(17:30-18:59) - Serious Intro to Python for Admins - Davin Potts
PPV - Flamingo Lower Level - Valley Of Fire Rms - cont...(17:30-18:15) - An Overview of Hydroponic Grow Techniques - Adrian, Alex
PPV - Flamingo Lower Level - Valley Of Fire Rms - (18:15-18:59) - Vulnerabilities in Cannabis Software - Project Nexus
RCV - Caesars Promenade Level - Florentine BR 1,2 - I fought the law and law lost - Mauro Caseres
SEV - Caesars Promenade South - Octavius BR 3-8 - cont...(17:50-18:40) - In-N-Out - That’s What It’s All About - Billy Boatright
SEV - Caesars Promenade South - Octavius BR 3-8 - (18:40-19:30) - The Art of Business Warfare - Wayne Ronaldson
SKY - Flamingo 3rd Flr - Virginia City Rm - Real Simple Blue Team Shit - @wornbt
WLV - Caesars Promenade Level - Milano BR 5,6 - Blue_Sonar - Zero_Chaos and Rick "Captain Marko Ramius" Mellendick
WS - Linq 4th Flr - Icon A - cont...(14:30-18:30) - Hacking Thingz Powered By Machine Learning - Clarence Chio, Anto Joseph
WS - Linq 4th Flr - Icon B - cont...(14:30-18:30) - Buzzing Smart Devices: Smart Band Hacking - Arun Magesh
WS - Linq 4th Flr - Icon C - cont...(14:30-18:30) - Threat Hunting with ELK - Ben Hughes, Fred Mastrippolito, Jeff Magloire
WS - Linq 4th Flr - Icon D - cont...(14:30-18:30) - JWAT...Attacking JSON Web Tokens - Louis Nyffenegger, Luke Jahnke
WS - Linq 4th Flr - Icon E - cont...(14:30-18:30) - Penetration Testing Environments: Client & Test Security - Wesley McGrew, Kendall Blaylock
WS - Linq 4th Flr - Icon F - cont...(14:30-18:30) - Deploying, Attacking, and Securing Software Defined Networks - Jon Medina

 

Friday - 19:00


Return to Index  -  Locations Legend
BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - (19:15-19:15) - Take two of these and syscall execve() in the morning: A retrospective and primer on medical device security research - Robert Portvliet
Contest - Contest Stage - cont...(18:00-19:59) - DEF CON Beard and Moustache Contest -
EHV - Caesars Promenade Level - Modena Rm - cont...(18:30-19:29) - Discussion - Speaker TBA
Meetup - Flamingo - 3rd Floor - Carson City Rm - Lawyer Meet -
Meetup - Stage Door 4000 Linq Ln., Las Vegas (Right across the street from Caesars Palace) - cont...(18:00-20:30) - /R/defcon redit Meetup -
Meetup - The Park on Las Vegas Blvd. by TMobile Arena - cont...(18:30-20:30) - DEF CON Dinner Con -
Night Life - Caesars - Location printed on badges - Cubcon 2018 -
SEV - Caesars Promenade South - Octavius BR 3-8 - cont...(18:40-19:30) - The Art of Business Warfare - Wayne Ronaldson
SEV - Caesars Promenade South - Octavius BR 3-8 - (19:35-20:10) - Swarm Intelligence and Augmented Reality Gaming - Nancy Eckert

 

Friday - 20:00


Return to Index  -  Locations Legend
Contest - Caesars - Track 3 - Pool Level - Forum BR 1-11,25 - Hacker Jeopardy -
Contest - Contest Stage - Whose Slide is it Anyway? -
DC - Octavius 13 - Disrupting the Digital Dystopia or What the hell is happening in computer law? - Nathan White, Nate Cardozo
DC - Octavius 9 - D0 N0 H4RM: A Healthcare Security Conversation - Christian"quaddi" Dameff MD, Jeff "r3plicant" Tully MD, Kirill Levchenko PhD, Beau Woods, Roberto Suarez, Jay Radcliffe, Joshua
DC - Roman Chillout - Oh Noes!—A Role Playing Incident Response Game - Bruce Potter, Robert Potter
Meetup - Caesars Palace Forum Tower Duplex Suite, Diana Initiative Suite Rm TBA - (20:30-23:45) - Loud Party -
Meetup - Flamingo - 3rd Floor - Chillout Rm - (20:30-23:59) - /R/defcon redit Meetup -
Meetup - Stage Door 4000 Linq Ln., Las Vegas (Right across the street from Caesars Palace) - cont...(18:00-20:30) - /R/defcon redit Meetup -
Meetup - The Park on Las Vegas Blvd. by TMobile Arena - cont...(18:30-20:30) - DEF CON Dinner Con -
Night Life - Caesars - Emperors Level - Chillout Rm - Hacker Karaoke -
Night Life - Caesars - Location printed on badges - cont...(19:00-23:59) - Cubcon 2018 -
Night Life - Caesars - Track 2 - Promenade South - Octavius BR 12-24 - Movie Night -
Night Life - Flamingo - 3rd Floor - Mesquite Rm - (20:30-25:59) - Arcade Party -
Night Life - Flamingo - 3rd floor - Track 101 Scenic BR - (20:30-23:59) - GeekPwn Party -
Night Life - Flamingo - 3rd Floor - Track 101 Twilight BR - (20:30-23:59) - House of Kenzo -
Night Life - Flamingo - Lower Level - Red Rock RM 6 - (20:30-25:59) - Vet Con -
Night Life - Forum Tower Duplex Hangover Suite - 503 Party 2018 -
SEV - Caesars Promenade South - Octavius BR 3-8 - cont...(19:35-20:10) - Swarm Intelligence and Augmented Reality Gaming - Nancy Eckert

 

Friday - 21:00


Return to Index  -  Locations Legend
Contest - Caesars - Track 3 - Pool Level - Forum BR 1-11,25 - cont...(20:00-21:59) - Hacker Jeopardy -
Contest - Contest Stage - cont...(20:00-21:59) - Whose Slide is it Anyway? -
Meetup - Caesars Palace Forum Tower Duplex Suite, Diana Initiative Suite Rm TBA - cont...(20:30-23:45) - Loud Party -
Meetup - Flamingo - 3rd Floor - Chillout Rm - cont...(20:30-23:59) - /R/defcon redit Meetup -
Night Life - Caesars - Emperors Level - Chillout Rm - cont...(20:00-25:59) - Hacker Karaoke -
Night Life - Caesars - Location printed on badges - cont...(19:00-23:59) - Cubcon 2018 -
Night Life - Caesars - Track 2 - Promenade South - Octavius BR 12-24 - cont...(20:00-23:59) - Movie Night -
Night Life - Caesars Emperor's Level - Track 1 Palace BR - Party Music - JG & The Robots -
Night Life - Flamingo - 3rd Floor - Mesquite Rm - cont...(20:30-25:59) - Arcade Party -
Night Life - Flamingo - 3rd floor - Track 101 Scenic BR - cont...(20:30-23:59) - GeekPwn Party -
Night Life - Flamingo - 3rd Floor - Track 101 Twilight BR - cont...(20:30-23:59) - House of Kenzo -
Night Life - Flamingo - 3rd Floor - Track 101 Vista BR - Live Band Karaoke -
Night Life - Flamingo - Lower Level - Red Rock RM 6 - cont...(20:30-25:59) - Vet Con -
Night Life - Forum Tower Duplex Hangover Suite - cont...(20:00-23:59) - 503 Party 2018 -

 

Friday - 22:00


Return to Index  -  Locations Legend
Meetup - Caesars Palace Forum Tower Duplex Suite, Diana Initiative Suite Rm TBA - cont...(20:30-23:45) - Loud Party -
Meetup - Flamingo - 3rd Floor - Chillout Rm - cont...(20:30-23:59) - /R/defcon redit Meetup -
Night Life - Caesars - Emperors Level - Chillout Rm - cont...(20:00-25:59) - Hacker Karaoke -
Night Life - Caesars - Location printed on badges - cont...(19:00-23:59) - Cubcon 2018 -
Night Life - Caesars - Track 2 - Promenade South - Octavius BR 12-24 - cont...(20:00-23:59) - Movie Night -
Night Life - Caesars Emperor's Level - Track 1 Palace BR - Party Music - YT Cracker -
Night Life - Caesars Emperor's Level - Track 1 Palace BR - (22:45-23:30) - Party Music - Dualcore -
Night Life - Flamingo - 3rd Floor - Mesquite Rm - cont...(20:30-25:59) - Arcade Party -
Night Life - Flamingo - 3rd floor - Track 101 Scenic BR - cont...(20:30-23:59) - GeekPwn Party -
Night Life - Flamingo - 3rd Floor - Track 101 Twilight BR - cont...(20:30-23:59) - House of Kenzo -
Night Life - Flamingo - 3rd Floor - Track 101 Vista BR - cont...(21:00-23:59) - Live Band Karaoke -
Night Life - Flamingo - Lower Level - Red Rock RM 6 - cont...(20:30-25:59) - Vet Con -
Night Life - Forum Tower Duplex Hangover Suite - cont...(20:00-23:59) - 503 Party 2018 -
SKY - Flamingo 3rd Flr - Virginia City Rm - skytalks (303) FRIDAY PARTY - Read the Details - @wornbt

 

Friday - 23:00


Return to Index  -  Locations Legend
Meetup - Caesars Palace Forum Tower Duplex Suite, Diana Initiative Suite Rm TBA - cont...(20:30-23:45) - Loud Party -
Meetup - Flamingo - 3rd Floor - Chillout Rm - cont...(20:30-23:59) - /R/defcon redit Meetup -
Night Life - Caesars - Emperors Level - Chillout Rm - cont...(20:00-25:59) - Hacker Karaoke -
Night Life - Caesars - Location printed on badges - cont...(19:00-23:59) - Cubcon 2018 -
Night Life - Caesars - Track 2 - Promenade South - Octavius BR 12-24 - cont...(20:00-23:59) - Movie Night -
Night Life - Caesars Emperor's Level - Track 1 Palace BR - cont...(22:45-23:30) - Party Music - Dualcore -
Night Life - Caesars Emperor's Level - Track 1 Palace BR - (23:30-24:15) - Party Music - MC Frontalot -
Night Life - Flamingo - 3rd Floor - Mesquite Rm - cont...(20:30-25:59) - Arcade Party -
Night Life - Flamingo - 3rd floor - Track 101 Scenic BR - cont...(20:30-23:59) - GeekPwn Party -
Night Life - Flamingo - 3rd Floor - Track 101 Twilight BR - cont...(20:30-23:59) - House of Kenzo -
Night Life - Flamingo - 3rd Floor - Track 101 Vista BR - cont...(21:00-23:59) - Live Band Karaoke -
Night Life - Flamingo - Lower Level - Red Rock RM 6 - cont...(20:30-25:59) - Vet Con -
Night Life - Forum Tower Duplex Hangover Suite - cont...(20:00-23:59) - 503 Party 2018 -
SKY - Flamingo 3rd Flr - Virginia City Rm - cont...(22:00-25:59) - skytalks (303) FRIDAY PARTY - Read the Details - @wornbt

 

Friday - 24:00


Return to Index  -  Locations Legend
Night Life - Caesars - Emperors Level - Chillout Rm - cont...(20:00-25:59) - Hacker Karaoke -
Night Life - Caesars Emperor's Level - Track 1 Palace BR - cont...(23:30-24:15) - Party Music - MC Frontalot -
Night Life - Caesars Emperor's Level - Track 1 Palace BR - (24:15-25:15) - Party Music - TBD -
Night Life - Flamingo - 3rd Floor - Mesquite Rm - cont...(20:30-25:59) - Arcade Party -
Night Life - Flamingo - Lower Level - Red Rock RM 6 - cont...(20:30-25:59) - Vet Con -
SKY - Flamingo 3rd Flr - Virginia City Rm - cont...(22:00-25:59) - skytalks (303) FRIDAY PARTY - Read the Details - @wornbt

 

Friday - 25:00


Return to Index  -  Locations Legend
Night Life - Caesars - Emperors Level - Chillout Rm - cont...(20:00-25:59) - Hacker Karaoke -
Night Life - Caesars Emperor's Level - Track 1 Palace BR - cont...(24:15-25:15) - Party Music - TBD -
Night Life - Caesars Emperor's Level - Track 1 Palace BR - (25:15-26:15) - Party Music - Scotch & Bubbles -
Night Life - Flamingo - 3rd Floor - Mesquite Rm - cont...(20:30-25:59) - Arcade Party -
Night Life - Flamingo - Lower Level - Red Rock RM 6 - cont...(20:30-25:59) - Vet Con -
SKY - Flamingo 3rd Flr - Virginia City Rm - cont...(22:00-25:59) - skytalks (303) FRIDAY PARTY - Read the Details - @wornbt

 

Friday - 26:00


Return to Index  -  Locations Legend
Night Life - Caesars Emperor's Level - Track 1 Palace BR - cont...(25:15-26:15) - Party Music - Scotch & Bubbles -
Night Life - Caesars Emperor's Level - Track 1 Palace BR - (26:15-26:59) - Party Music - Circuit Static -

Talk/Event Descriptions


 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon B - Friday - 10:00-13:59


Reverse Engineering with OpenSCAD and 3D Printing

Friday, 1000-1400 in Icon B

Nick Tait

The main focus of this class is a software tool and programming language OpenSCAD. Through a specific example we will learn to reproduce physical objects. We'll cover the entire workflow from measurement, sketching, modeling, and manufacturing. Additional hints for optimizing your design for 3D printing will enable rapid product iteration. All modeling in OpenSCAD is through writing commands which brings many powerful properties of software such as parameterization, version control, and reusable components to CAD modeling. Ultimately with the combination of these skills you'll be equipped to repair and improve your stuff.

Prerequisites: No previous programming experience required, but it will help you get more out of this workshop.

Materials: A laptop with an up to date:
* Operating system (Linux/OS X/Win)
* OpenSCAD (free and open source) http://www.openscad.org/
* Cura (free and open source) https://ultimaker.com/en/products/ultimaker-cura-software

Max students: 30

Registration: -CLASS FULL- https://www.eventbrite.com/e/digital-manufacturing-using-reverse-engineering-open-source-3d-printers-and-software-icon-b-tickets-47194008550
(Opens July 8, 2018 at 15:00 PDT)

Nick Tait
nickthetait (government name Nicholas Tait) is a software engineer and fixer of things currently living in Fort Collins, Colorado. His most recent job focused on producing numbers to coax 3D printers to do the user's bidding. Before that he helped route packages for a multinational corporation that rhymes with annex.

Lately he's been in training for his next job - attending any cyber security event physically (and sometimes digitally) possible, contributing to a bunch of open source projects, learning to pick locks and talking about encryption to anyone that will listen. Rock climbing and mountain biking are long time passions that keep the blood pumping and ideas flowing.


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Friday - 14:00-15:00


Title:
"Probably": an Irreverent Overview of the GDPR

2:00pm

"Probably": an Irreverent Overview of the GDPR
When
Fri, August 10, 2pm – 3pm
Description
Speaker
------
Brendan O’Connor

Abstract
--------
If you work in privacy, technology, marketing, or the law, or if you have an email account, you've heard of the GDPR. But what is it really? Why is your in-house lawyer grumpy all the time? Why is your marketing team walking around with stickers that say "legitimate business use of data" and trying to slap them on random objects to see if they stick? Why, legally, can't you remember anyone's names anymore? This presentation will attempt to take a look at the GDPR from the perspective of a confused outsider who can't quite believe what's going on (as opposed to a burned-out practitioner), without getting too worked up about it. We'll cover why the GDPR exists, what it does, why some people are freaked out about it, why to be concerned and/or unconcerned, and whether kittens or puppies make the better reference animal for GDPR compliance memes. Relax! It's all going to be fine! Probably.


Bio
-----------------
Described by coworkers as “not the lawyer we need, but the lawyer we deserve” (and he's pretty sure that wasn't meant as a compliment), Brendan O’Connor is a security researcher, consultant, and attorney based in Seattle. His day job is building security programs, but at night, he transforms into a person who spends too much time arguing with people who are wrong on the Internet. If caught, his companies will deny all knowledge of this presentation.

Twitter handle of presenter(s)
------------------------------
USSJoin

Website of presenter(s) or content
----------------------------------
https://ussjoin.com

Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Friday - 10:30-11:00


Title:
"Won't Somebody Think of the Children?" Examining COPPA Compliance at Scale

10:30am

"Won't Somebody Think of the Children?" Examining COPPA Compliance at Scale
When
Fri, August 10, 10:30am – 11:00am
Description

Speakers
-------
Irwin Reyes
Amit Elazari Bar On

Abstract
--------
We present a scalable dynamic analysis framework that allows for the automatic evaluation of the privacy behaviors of Android apps. We use our system to analyze mobile apps' compliance with the Children's Online Privacy Protection Act (COPPA), one of the few stringent privacy laws in the U.S. Based on our automated analysis of 5,855 of the most popular free children's apps, we found that a majority are potentially in violation of COPPA, mainly due to their use of third-party SDKs. While many of these SDKs offer configuration options to respect COPPA by disabling tracking and behavioral advertising, our data suggest that a majority of apps either do not make use of these options or incorrectly propagate them across mediation SDKs. Worse, we observed that 19% of children's apps collect identifiers or other personally identifiable information (PII) via SDKs whose terms of service outright prohibit their use in child-directed apps. Finally, we show that efforts by Google to limit tracking through the use of a resettable advertising ID have had little success: of the 3,454 apps that share the resettable ID with advertisers, 66% transmit other, non-resettable, persistent identifiers as well, negating any intended privacy-preserving properties of the advertising ID.

Bio
-----------------
Irwin is a researcher in the Usable Security and Privacy Group at the International Computer Science Institute (ICSI) affiliated with the University of California at Berkeley. He earned Bachelor's and Master's degrees from the University of Virginia in 2009 and 2011, respectively. Irwin has held positions developing ballistic missile defense systems at the Johns Hopkins University Applied Physics Laboratory and applying usable security concepts to commercial products at Dell. His research interests include measuring the privacy risks of everyday consumer products, user perceptions of security issues, and the online advertising ecosystem.

Amit is a doctoral law candidate at UC Berkeley School of Law and a Berkeley Center for Long-Term Cybersecurity Grantee. Her work has been published in leading technology law journals, presented in conferences such as RSA, USENIX Enigma, BsidesLV, BsidesSF, DEF CON-Skytalks and Black Hat, and featured in leading news sites such as the Wall Street Journal, Washington Post, The Guardian and the Verge. Additionally, Amit teaches at UC Berkeley’s School of Information Master of Information and Cybersecurity (MICS) program and serves as the submissions editor of BTLJ, the world’s leading Tech Law Journal. On 2018, Amit was granted a CLTC grant for her work on private ordering regulating information security

Twitter handle of presenter(s)
------------------------------
irwinreyescom

Website of presenter(s) or content
----------------------------------
https://appcensus.mobi

Return to Index    -    Add to    -    ics Calendar file

 

Meetup - Stage Door 4000 Linq Ln., Las Vegas (Right across the street from Caesars Palace) - Friday - 18:00-20:30


Title:
/R/defcon redit Meetup

Do you participate in the DEF CON subreddit? This Meetup is for you! A gathering of the denizens of /r/DEF CON while at DEF CON to mingle and meet face to face. Newcomers and veterans alike are welcome to meet and greet while sharing the DEF CON experience.
More Info: DEF CON 26 Meetup for /r/defcon

Return to Index    -    Add to    -    ics Calendar file

 

Meetup - Flamingo - 3rd Floor - Chillout Rm - Friday - 20:30-23:59


Title:
/R/defcon redit Meetup

Do you participate in the DEF CON subreddit? This Meetup is for you! A gathering of the denizens of /r/DEF CON while at DEF CON to mingle and meet face to face. Newcomers and veterans alike are welcome to meet and greet while sharing the DEF CON experience.
More Info: DEF CON 26 Meetup for /r/defcon

Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Friday - 14:00-14:45


4G—Who is paying your cellular phone bill?

Friday at 14:00 in Track 2
45 minutes | Demo, Exploit

Dr. Silke Holtmanns Distinguished Member of Technical Staff, Security Expert, Nokia Bell Labs

Isha Singh Master student, Aalto University in Helsinki (Finland

Cellular networks are connected with each other through a worldwide private, but not unaccessible network, called IPX network. Through this network user related information is exchanged for roaming purposes or for cross-network communication. This private network has been breached by criminals and nation states. Cellular networks are extremely complex and many attacks have been already been found e.g. DoS, location tracking, SMS interception, data interception. Many attacks have been seen in practice, but not all attack are understood and not all attack avenues using the IPX network have been explored. This presentation shows how a S9 interface in 4G networks, which is used for charging related user information exchange between operators can be exploited to perform fraud attacks. A demonstration with technical details will be given and guidance on practical countermeasures.

Dr. Silke Holtmanns
Silke is a security expert at Nokia Bell Labs (Research branch of Nokia). She holds a PhD in Mathematics and has 18 years of experience in mobile security research and standardization. In her current research she investigates new and existing mobile network security attacks using SS7, Diameter and GTP protocols via the interconnection network and how to counter those attacks in 4G/5G networks. She found many 4G related IPX attacks and countermeasures e.g. Location Tracking (NATO CyCon), DoS (Black Hat EU 2016), cellular data interception (34C3 Chaos Computer Congress). She drives in the operator association GSMA the security of cellular network and being responsible there for the Diameter Signaling Security Specification. She served as a special matter expert on cellular security to the US Federal Communication Commission and to the European Union Agency for Network and Information Security. She is rapporteur of ten 3GPP security specifications and has a long track record of security publications.

Currently, she is actively supporting the 5G Roaming security developments. For her the interesting part is fixing problems in world wide network without breaking it, not finding an issue.

@SHoltmanns

Isha Singh
Isha is a master student at Aalto University in Helsinki (Finland) and doing her Thesis research work at Nokia Bell Labs under supervision of Professor Raimo Kantola. She is completing her Master's in Wireless Communication as major subject and Machine Learning as minor. Her research covers smart city environmental perception from ambient cellular signals and 5G Ubiquitous sensing. She is passionate about IoT devices and their security in 5G scenario. She has experiences on embedded devices (Arduino, Raspberry Pi) for multiple projects like Analog to Digital converter used in optical communication. Presently she is exploring Cybersecurity, starting from the mobile communication core network security. Testing for vulnerabilities and loopholes and providing solutions using Machine Learning.


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Forum Tower Duplex Hangover Suite - Friday - 20:00-23:59


Title:
503 Party 2018

It's 2018, and it's time again for another 503 Party!

This year we'll be re-introducing the music, but keeping the drink focus on local microbrews. We've got the Hangover suite in Caesars Palace for the entire weekend, Thursday through Sunday, so we're going to be running the 503 Suite again this year like we did in 2016, which means we may have some random events during the day throughout the weekend. This also means we need to raise a bit more money, so I've set the goal this year to 15k. The room is already paid for, so it's happening even if the goal isn't reached. Top donors (100ish dollars?) will get fun prizes and early admission to the Friday night party. All funds raised will of course be going to the party/suite. Further details will be posted on https://503.party .
More Info: 503.party
More Info: gofundme

Return to Index    -    Add to    -    ics Calendar file

 

Meetup - Local Bikeshop - Friday - 06:00-06:59


Title:
8th Defcon Bike Ride

At 6am on Friday, the @cycle_override crew will be hosting the 8th Defcon Bikeride. We'll meet at a local bikeshop, get some rental bicycles, and about 7am will make the ride out to Red Rocks. It's about a 15 mile ride, all downhill on the return journey. So, if you are crazy enough to join us, get some water, and head over to cycleoverride.org for more info. See at 6am Friday! @jp_bourget @gdead @heidishmoo. Go to cycleoverride.org for more info.

More Info: @Cycle_Override    http://cycleoverride.org/

Return to Index    -    Add to    -    ics Calendar file

 

VMHV - Caesars Pool Level - Forum 14-16 - Friday - 14:30-14:59


Title:
A Comprehensive Forensic Analysis of WINVote Voting Machines

No description available
Return to Index    -    Add to    -    ics Calendar file

 

ICS - Flamingo Lower Level - Red Rock Rm 6-8 - Friday - 15:10-15:40


A CTF That Teaches: Challenging the Next Generation of ICS Ethical Hackers

August 10, 2018 3:10 PM

Today's evolving threat landscape makes training new talent to defend critical infrastructure networks more important than ever. One way to both help people build their technical skills and introduce new people to the world of ICS security is with Capture-the-Flag exercises (CTFs). This presentation will analyze the development of a real-life CTF, including some of the problems faced and how to solve them, to show how you can create challenging, yet educational, CTFs to train the next generation of ICS defenders.

Speaker Information

Brandon Workentin

SecurityMatters

Brandon Workentin joined SecurityMatters as an ICS Security Engineer in early 2017. Prior to that, Brandon worked for EnergySec, where he started as an intern in 2014 and finished as a Cybersecurity Analyst II. At EnergySec, Brandon focused on security regulations, including the NERC CIP cybersecurity standards, as well as threats, research, and news affecting the electric industry. He was also involved in the creation of the EnergySec Information Sharing and Analysis Organization (ISAO), as well as a member of multiple ISAO Standards Organization Working Groups. Prior to joining the cybersecurity field, Brandon spent several years teaching math and English in Idaho and Oregon. Brandon also enjoys public speaking, highlighted by having presented on ICS security at multiple BSides events. He has a BA in Mathematics and English Education from Northwest Nazarene University and an AS in Cybersecurity and Networking from Mt. Hood Community College.


Return to Index    -    Add to    -    ics Calendar file

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Friday - 13:00-13:30


Title: A Rundown of Security Issues in Crypto Software Wallets

Speakers: Marko Bencun

Description:
No description available



Return to Index    -    Add to    -    ics Calendar file

 

PPV - Flamingo Lower Level - Valley Of Fire Rms - Friday - 15:00-15:45


Title:
About the Open Cannabis Project

Open sourcing the full sequence of genomes of many strains
Return to Index    -    Add to    -    ics Calendar file

 

EHV - Caesars Promenade Level - Modena Rm - Friday - 14:00-14:59


Title: Accountability without accountability: A censorship measurement case study

Speakers: Speaker TBA

Description:

Protecting volunteers from retribution, and why the fear of unknown unknowns is paralyzing to the academic measurement community.


Return to Index    -    Add to    -    ics Calendar file

 

PHW - Caesars Promenade Level - Neopolitan BR - Friday - 13:00-14:59


Advanced APT Hunting with Splunk

You wanna learn how to hunt the APTs? This is the workshop for you. Using a real-worldish dataset, this workshop will teach you how to hunt the "fictional" APT group Taedonggang. We discuss the Diamond model, hypothesis building, LM Kill Chain, and Mitre Att&ck framework and how these concepts can frame your hunting. Then we look deep in the data using Splunk and OSINT to find the APT activity riddling a small startup's network. We walk you through detecting lateral movement, the P of APT, and even PowerShell Empire. Then at the end, we give you a similar dataset and tools to take home and try newly learned techniques yourself.

Ryan Kovar fought in the cyberwars and has been doing cybery things for almost 20 years. Now he is a Principal Security Strategist at Splunk building cool stuff, talking about security thingies, and helping other people fight their battles. He hates printers.

John Stoner is a Principal Security Strategist at Splunk. During his career he has worked in operations, consulting and solutions engineering. In his current role, he leverages his many years of experience in log management, SIEM, security operations and threat intelligence to provide solutions that drive greater situational awareness for organizations.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Friday - 15:15-15:45


Adventures in the dark web of government data - Marc DaCosta

Government bureaucracy is your friend. The US federal government alone produces tens of thousands of different forms that collect information on everything from the owner and location of every oil well in the country, to the VIN number of every car that’s imported, the location and height of every cell phone tower, and much more. While most of this data is locked behind clunky 1990s-era search forms, or in exports of antiquated database formats, the enterprising researcher will find a treasure trove that exists outside the indexes of Google and LexisNexis.

I have written scrapers and parsers for 100s of these databases and will share with you what I’ve learned about coaxing OSINT out of some of the messiest and hard to find data out there.

The talk will specifically feature a deep dive into the data produced by the US Federal Communications Commission. The FCC has issued over 20 million licenses for transmitting on regulated parts of the electromagnetic spectrum. The data residue of this process can be used for everything from geo-locating electronic border surveillance infrastructure to discovering the location and transmission frequency of every McDonald’s drive-thru radio. In the second portion of the talk, I will discuss how various protocols for data transmission can be decoded and joined with other contextual public data. For instance, every cargo ship emits an ““Automated Identification System”” signal that can be joined with shipping records to understand what the ship is carrying.

By the end of the talk, I hope attendees will develop new intuitions and techniques for finding and working with government data, and specifically have the tools to run their own investigations using FCC data.


Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Friday - 10:20-10:40


Adversarial Patches

Sven Cattell

Adversarial examples fooling machine learning field are a burgeoning field. We propose applications to fool self driving cars or facial recognition systems but most of the techniques are purely academic. They require minute manipulations to the bit values of the pixels entering a system. Adversarial patches are an attack that could actually work. This talk will cover how to make them and further applications

I got my Ph.D. in algebraic topology in 2016 and immediately moved into machine learning to work on something useful to people. I then completed a post-doc in mathematical machine learning where I worked on medical data. I now work at endgame.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Friday - 11:00-11:45


An Attacker Looks at Docker: Approaching Multi-Container Applications

Friday at 11:00 in 101 Track, Flamingo
45 minutes | Demo

Wesley McGrew Director of Cyber Operations, HORNE Cyber

Containerization, such as that provided by Docker, is becoming very popular among developers of large-scale applications. The good news: this is likely to make your life easier as an attacker.

While exploitation and manipulation of traditional monolithic applications might require specialized experience and training in the target languages and execution environment, applications made up of services distributed among multiple containers can be effectively explored and exploited "from within" using many of the system- and network-level techniques that attackers, such as penetration testers, already know.

The goal of this talk is to provide a hacker experienced in exploitation and post-exploitation of networks and systems with an exposure to containerization and the implications it has on offensive operations. Docker is used as a concrete example for the case study. A hacker can expect to leave this presentation with a practical exposure to multi-container application post-exploitation.

Wesley McGrew
Wesley currently oversees and participates in offense-oriented operations as Director of Cyber Operations for HORNE Cyber. He has presented on topics of penetration testing and and malware analysis at DEF CON and Black Hat USA. He teaches a self-designed course on reverse engineering to students at Mississippi State University, using real-world, high-profile malware samples. Wesley has a Ph.D. in Computer Science from Mississippi State University for his research in vulnerability analysis of SCADA HMI systens.


Return to Index    -    Add to    -    ics Calendar file

 

PPV - Flamingo Lower Level - Valley Of Fire Rms - Friday - 17:30-18:15


Title:
An Overview of Hydroponic Grow Techniques

No description available
Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Friday - 18:00-18:30


Title:
Announcing the Underhanded Crypto Contest Winners

6:00pm

Announcing the Underhanded Crypto Contest Winners
When
Fri, August 10, 6:00pm – 6:30pm
Description
Speakers
-------
Adam Caudill
Taylor Hornby

Abstract
--------
This session announces the winners of the 5th annual Underhanded Crypto Contest.

Bio
-----------------
Adam Caudill and Taylor Hornby are the founders and organizers of Underhanded Crypto Contest; a contest dedicated to research in how to undermine cryptography in unusual and hard to detect ways.

Twitter handle of presenter(s)
------------------------------
@adamcaudill @DefuseSec

Website of presenter(s) or content
----------------------------------
https://underhandedcrypto.com

Return to Index    -    Add to    -    ics Calendar file

 

HHV - Caesars Pool Level - Forum 17-21 - Friday - 10:00-12:59


Applied Physical Attacks on Embedded Systems, Introductory Version

Joe FitzPatriclk, @arinerron, and @pixieofchaos

Abstract

This workshop introduces several different relatively accessible interfaces on embedded systems. Attendees will get hands-on experience with UART, SPI, and JTAG interfaces on a MIPS-based wifi development board. After a brief architectural overview of each interface, hands-on labs will guide through the process understanding, observing, interacting with, and exploiting the interface to potentially access a root shell on the target.

What to Bring

No hardware or electrical background is required. Computer architecture knowledge, Linux internals, command-line familiarity, and low-level programming experience all very helpful but not actually required.

All equipment, including laptops, will be provided for use in the class. Students will be provided with a lab manual that includes an equipment list of all materials used for the class.

Max size: 24, first come first serve basis.

Bio

Joe (@securelyfitz) is an Instructor and Researcher at https://SecuringHardware.com (@securinghw). Joe has spent over a decade working on low-level silicon debug, security validation, and penetration testing of CPUS, SOCs, and microcontrollers. He has spent the past 5 years developing and leading hardware security related training, instructing hundreds of security researchers, pen testers, hardware validators worldwide. When not teaching Applied Physical Attacks training, Joe is busy developing new course content or working on contributions to the NSA Playset and other misdirected hardware projects, which he regularly presents at all sorts of fun conferences.

@arinerron is a student, security enthusiast, CTF player, bug bounty hunter, software developer, and ham radio operator (K1ARE). He’s interested in many aspects of security, though most of his experience is in web and binary exploitation.

Chaos Pixie (@pixieofchaos) works for the man doing embedded systems security.


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Flamingo - 3rd Floor - Mesquite Rm - Friday - 20:30-25:59


Title:
Arcade Party

Ever had the awesome experience of seeing the renowned @dualcoremusic or maybe you've heard the mad mixing skills of @KeithMyers - Well imagine BOTH of them, at one party! The EPIC #defcon26 @CarHackVillage and @ICS_Village Party will be Sat Night 10:30-2 Hope to see you there!

Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon D - Friday - 10:00-13:59


ARM eXploitation 101

Friday, 1000-1400 in Icon D

Sneha Rajguru Security Consultant, Payatu Software Labs LLP

ARM architecture based systems are on the rise and seen in almost every hand-held or embedded device. The increasing popularity and growth of the Internet of Things (IoT) have allowed widespread use of ARM architecture. As with any other thing in this world, increasing popularity and usage brings new security challenges and attacks. This workshop aims to provide an introduction to ARM architecture, assembly and explore intermediate level exploitation techniques on ARM along with hands-on examples and challenges.

This session is aimed at security professionals and personnel who possess general security knowledge and wish to enter the field of ARM exploitation.

The attendees will walk away with basic knowledge and skills of ARM Architecture, Assembly, and Exploitation techniques.

The workshop will provide a base for the attendees to develop exploit research expertise on the ARM based platforms

Topics Covered:

Introduction to ARM CPU Architecture
Registers
Modes of Operations
ARM Assembly Language Instruction Set
Introduction to ARM functions and working
Debugging on ARM
Stack Overflow on ARM
How to write a shellcode
How to reverse a shellcode

Prerequisites: The participants are not expected to have any prior knowledge about ARM architectures whereas familiarity with C and Linux Command line will be useful.

Materials: Hardware Requirements: Minimum 4GB RAM and more than 20 GB Free Hard Disk Space
Software Requirements:Windows 7/8, *Nix, Mac OS X 10.5, Administrative privileges on your machines, Virtualbox or VMPlayer, SSH Client

Max students: 33

Registration: -CLASS FULL- https://www.eventbrite.com/e/arm-exploitation-101-icon-d-tickets-47194115871
(Opens July 8, 2018 at 15:00 PDT)

Sneha Rajguru
Sneha works as Senior Security Consultant with Payatu Software Labs LLP. Her interests lies in web, mobile application security and fuzzing. She has discovered various security flaws within various open source applications such as PDFLite, Jobberbase, Lucidchart and more. She has spoken and provided trainings at various conferences such as DEFCON, BSides LV, BSidesVienna, OWASP AppSec USA, DeepSec, DefCamp, FUDCon, and Nullcon. Sneha is passionate about promoting and encouraging Women in Security and has founded an initiative called WINJA-CTF through which she hosts women-only CTFs and Workshops at conferences and other events. Sneha is also active in the local security community and hosts local security meet-ups in Pune. She leads the Pune chapter of null community.


Return to Index    -    Add to    -    ics Calendar file

 

EHV - Caesars Promenade Level - Modena Rm - Friday - 12:00-12:59


Title: Asking for a Friend

Speakers: Speaker TBA

Description:
No description available



Return to Index    -    Add to    -    ics Calendar file

 

VMHV - Caesars Pool Level - Forum 14-16 - Friday - 13:00-13:59


Title:
Assessments of Election Infrastructure and Our Understanding and sometimes whY

No description available
Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon E - Friday - 10:00-13:59


Attacking & Auditing Docker Containers Using Open Source

Friday, 1000-1400 in Icon E

Madhu Akula Security & DevOps Researcher, Appsecco

Developers and Operations teams (DevOps) have moved towards containers and modern technologies. Attackers are catching up with these technologies and finding security flaws in them. In this workshop, we will look at how we can test for security issues and vulnerabilities in Dockerised environments . Throughout the workshop we will learn how we can find security misconfigurations, insecure defaults and container escape techniques to gain access to host operating system (or) clusters. In the workshop, we will look at real world scenarios where attackers compromised containers to gain the access to applications, data and other assets.

By the end of workshop participants will be able to:

- Understand Docker security architecture
- Audit containerised environments
- Perform container escapes to get access to host environments

The participants will get the following:

- A Gitbook(pdf, epub, mobi) with complete workshop content
- Virtual machines to learn & practice
- Other references to learn more about topics covered in the workshop

Prerequisites: Basic familiarity with Linux and Docker

Materials: A laptop with administrator privileges
10 GB of free Hard Disk Space
Ideally 8 GB of RAM but minimum 4 GB
Laptop should support hardware-based virtualization
If your laptop can run a 64-bit virtual machine in Oracle VirtualBox it should work
Other virtualisation software might work but we will not be able to provide support for that.

Max students: 33

Registration: -CLASS FULL- https://www.eventbrite.com/e/attacking-auditing-docker-containers-using-open-source-icon-e-tickets-47194085781
(Opens July 8, 2018 at 15:00 PDT)

Madhu Akula
Madhu is a security ninja and published author, security and devops researcher with extensive experience in the industry ranging from client facing assignments building scalable and secure infrastructure, to publishing industry leading research to running training sessions for companies and governments alike.

Madhu's research papers are frequently selected for major security industry conferences including Defcon 24, Blackhat USA 2018, All Day DevOps (2016, 2017), DevSecCon (London, Singapore, Boston), DevOpsDays India, c0c0n, Serverless Summit, ToorCon, DefCamp, SkydogCon, NolaCon and null, etc. Madhu was a keynote speaker for the National Cyber Security conference at Dayananda Sagar College in Feb 2016.

When he's not working with Appsecco's clients or speaking at events he's actively involved in researching vulnerabilities in open source products/platforms such as WordPress, Ntop, Opendocman etc. and is also a contributing bug hunter with Code Vigilant (a project to Secure Open Source Software). His research has identified many vulnerabilities in over 200 organisations including US Department of Homeland Security, Google, Microsoft, Yahoo, Adobe, LinkedIn, Ebay, At&t, Blackberry, Cisco, Barracuda etc. He is also an active member with Bugcrowd, Hackerone, Synack etc.

Madhu has trained over 5000 people in information security for companies and organisations including the Indian Navy and the Ministry of e-services in a leading Gulf state. He is co-author of Security Automation with Ansible2 book published by Packt Publishing in December 2017, which is listed as a resource by the RedHat Ansible itself.


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon C - Friday - 10:00-13:59


Attacking Active Directory and Advanced Defense Methods in 2018

Friday, 1000-1400 in Icon C

Adam Steed Security Consultant, Protiviti

James Albany Senior Consultant, Protiviti

This hands-on workshop teaches you how to both attack and defend Active Directory. We will start by deploying an Active Directory environment using the typical security settings found in most medium to large organizations. Participants will then learn current common methods and tools used to exploit Active Directory against a lab environment. Participants will create a hardened Active Directory environment using advanced methods to secure domain controllers from attack and then try to compromise their hardened environments.

Prerequisites: Some basic background in Active Directory

Materials: Need a laptop running a hypervisor that would support the import and running of multiple prebuilt virtual images.

Max students: 66

Registration: -CLASS FULL- https://www.eventbrite.com/e/attacking-active-directory-and-advanced-defense-methods-in-2018-icon-c-tickets-47194199120
(Opens July 8, 2018 at 15:00 PDT)

Adam Steed
Adam Steed prides himself in not just being an Information Security professional, but has been part of the culture that has defined Defcon for the last two decades. He has over 20 years of experience in working for Financial, Websites and Healthcare organizations. Currently Adam is a Associate Director at Protiviti as part of the Security and Privacy practice, leading Active Directory assessments and remediation work for Protiviti's clients. He has also spoken at Defcon, Bsides and other events across the United States.

James Albany
James is a Senior Consultant in the Security and Privacy practice at Protiviti. He received a B.S. in Security and Risk Analysis with a specialization in Cyber Security from Penn State University. He currently provides information security services for a wide range of clients in various industries to identify and communicate business risks.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Friday - 16:00-16:45


Automated Discovery of Deserialization Gadget Chains

Friday at 16:00 in 101 Track, Flamingo
45 minutes | Tool

Ian Haken Senior Security Software Engineer, Netflix

Although vulnerabilities stemming from the deserialization of untrusted data have been understood for many years, unsafe deserialization continues to be a vulnerability class that isn't going away. Attention on Java deserialization vulnerabilities skyrocketed in 2015 when Frohoff and Lawrence published an RCE gadget chain in the Apache Commons library and as recently as last year's Black Hat, Muñoz and Miroshis presented a survey of dangerous JSON deserialization libraries. While much research and automated detection technology has so far focused on the discovery of vulnerable entry points (i.e. code that deserializes untrusted data), finding a "gadget chain" to actually make the vulnerability exploitable has thus far been a largely manual exercise. In this talk, I present a new technique for the automated discovery of deserialization gadget chains in Java, allowing defensive teams to quickly identify the significance of a deserialization vulnerability and allowing penetration testers to quickly develop working exploits. At the conclusion we will also be releasing a FOSS toolkit which utilizes this methodology and has been used to successfully develop many deserialization exploits in both internal applications and open source projects.

Ian Haken
Ian Haken is a senior security software engineer at Netflix where he works on the platform security team to develop tools and services that defend the Netflix platform. Before working at Netflix, he spent two years as security researcher at Coverity where he developed defensive application security tools and helped to develop automated discovery of security vulnerabilities through static software analysis. He received his Ph.D. in mathematics from the University of California, Berkeley in 2014 with a focus in computability theory and algorithmic information theory.


Return to Index    -    Add to    -    ics Calendar file

 

BTV - Flamingo 3rd Flr- Savoy Rm - Friday - 10:00-10:20


Automating DFIR: The Counter Future

Friday at 10:00-10:20
20 minutes

@rainbow_tables

Automation has been the forefront of almost every tool or talk in the recent years. The DFIR industry has been moving rapidly towards automating everything! With some great work being done in the area of integrating workflows and various toolsets to make things easier for analysts, automation has really taken off. While that sounds like a worthwhile solution to help SOC analysts weed out the run of the mill adware/PUPs or phishing expeditions, can we really automate a response to the more sophisticated or targeted attack on our company’s crown jewels?

The current argument being made, is that -- rather than building in house Incident Response teams, we should utilize automation to substitute analysts and use third party retainers for skilled analysis. Large investments in automation technologies, rather than resource development reflect this strategy. What does this mean for career progression for budding DFIR analysts? With security engineering taking the forefront, is analysis as a career in DFIR a dying star? Is automation moving us towards click forensics rather than intelligent analysis? I’d like to challenge groupthink, and debate where automation will lead the industry trends. Additionally, I will share some of my experiences in the changing face of DFIR.

@rainbow_tables
Rainbow_Tables is an experienced incident responder and forensic investigator. She enjoys her forays in various industries - media, telecom and software. She finds that her most intriguing experiences stem from the application of DFIR to those industries. Her passion lies within automating analysis methodologies to streamline the incident response process. She believes in innovating simple and innovative solutions to the challenges poised to incident responders by proliferation of advancing technologies.


Return to Index    -    Add to    -    ics Calendar file

 

ICS - Flamingo Lower Level - Red Rock Rm 6-8 - Friday - 13:50-14:20


Behavior-Based Defense in ICS Environments: Leveraging Minor Incidents to Protect Against Major Attacks

August 10, 2018 1:50 PM

Successful cyber-attacks against cyber-physical systems require expert knowledge about the dynamic behavior of the underlying physical process (yes, it is actually required). This information is a crucial part during the attack preparation. Previous work has shown manual acquisition of knowledge about process dynamics to be prohibitively laborious (we will show why). This talk will present first insights into automated process-aware system discovery that goes beyond IT-related trivia and focuses on the physical core of an industrial plant. We will share the results of 12 months’ worth of work, which approaches worked and which did not (and why). Notably, our work already had a follow up work at S4x2017, we will share the insights into that work too. Reverse engineering of the physical processes es is a novel topic for which we yet to find workable/standardized approaches. We encourage you to be a part of the process.

Speaker Information

Joe Slowik

Dragos

Joe Slowik currently hunts ICS adversaries for Dragos, pursuing threat activity groups through their malware, their communications, and any other data available. Prior to his time at Dragos, Joe ran the Incident Response team at Los Alamos National Laboratory, and served as an Information Warfare Officer in the US Navy. Throughout his career in network defense, Joe has consistently worked to 'take the fight to the adversary' by applying forward-looking, active defense measures to constantly keep threat actors off balance. An important part of this strategy is understanding adversary techniques and actions: good defense requires knowing (and at times practicing) offense.


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Friday - 13:30-14:15


Title: Blue Team Bio: Using Kill-Chain Methodology to Stop Bioterrorism

Speaker: Mr. Br!ml3y
Abstract:
Editing genes is getting easier as knowledge of various genomes and technology advance. Malicious actors creating novel or custom infectious agents are a growing concern. This presentation explores use of Cyber Kill Chain methodology
to detect and disrupt potential bioterrorist activities. Each link in the chain is defined and examined to identify potential attack indicators and countermeasures, discussing notable bottlenecks in each step. The goal is to
apply existing information security knowledge and paradigms to counter the would-be bioterrorist. This talk will include brief discussions of current gene editing methods (CRISPR-CAS9, ZINCFINGER) for the lay person. Familiarity with the Cyber Kill Chain would be useful.

Return to Index    -    Add to    -    ics Calendar file

 

WLV - Caesars Promenade Level - Milano BR 5,6 - Friday - 18:00-18:55


Blue_Sonar

Abstract

BlueTooth is everywhere, it is in all of our pockets and the only protection most use is not being in discoverable mode. This will be a talk on enumeration, tracking non-discoverable Bluetooth devices, as well as an operators perspective on some awesome use cases for Blue_Sonar. Of course it is already in Pentoo. This talk is imperative for those in the WCTF, because you will need this tool to find many of the BlueTooth foxes.


Return to Index    -    Add to    -    ics Calendar file

 

Service - Vendors Area - No Starch Press Table - Friday - 12:00-12:59


Title:
Book Signing - Craig Smith - The Car Hacker's Handbook

No description available
Return to Index    -    Add to    -    ics Calendar file

 

Service - Vendors Area - No Starch Press Table - Friday - 14:30-15:59


Title:
Book Signing - Elissa Shevinsky - Lean Out

No description available
Return to Index    -    Add to    -    ics Calendar file

 

Service - Vendors Area - No Starch Press Table - Friday - 14:30-15:59


Title:
Book Signing - Georgia Weidman - Penetration Testing

No description available
Return to Index    -    Add to    -    ics Calendar file

 

Service - Vendors Area - No Starch Press Table - Friday - 14:30-15:59


Title:
Book Signing - Tarah Wheeler, with Keren Elazari - Women in Tech

No description available
Return to Index    -    Add to    -    ics Calendar file

 

Service - Vendors Area - No Starch Press Table - Friday - 13:00-14:30


Title:
Book Signing - Travis Goodspeed - PoC || GTFO

Travis Goodspeed
Return to Index    -    Add to    -    ics Calendar file

 

Service - Vendors Area - No Starch Press Table - Friday - 14:30-15:59


Title:
Book Signing - Violet Blue - The Smart Girls's Guide to Privacy

No description available
Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Friday - 12:00-12:45


Breaking Parser Logic: Take Your Path Normalization Off and Pop 0days Out!

Friday at 12 in Track 2
45 minutes | Demo, Tool, Exploit

Orange Tsai Security Researcher from DEVCORE

We propose a new exploit technique that brings a whole-new attack surface to defeat path normalization, which is complicated in implementation due to many implicit properties and edge cases. This complication, being under-estimated or ignored by developers for a long time, has made our proposed attack vector possible, lethal, and general. Therefore, many 0days have been discovered via this approach in popular web frameworks written in trending programming languages, including Python, Ruby, Java, and JavaScript.

Being a very fundamental problem that exists in path normalization logic, sophisticated web frameworks can also suffer. For example, we've found various 0days on Java Spring Framework, Ruby on Rails, Next.js, and Python aiohttp, just to name a few. This general technique can also adapt to multi-layered web architecture, such as using Nginx or Apache as a proxy for Tomcat. In that case, reverse proxy protections can be bypassed. To make things worse, we're able to chain path normalization bugs to bypass authentication and achieve RCE in real world Bug Bounty Programs. Several scenarios will be demonstrated to illustrate how path normalization can be exploited to achieve sensitive information disclosure, SMB-Relay and RCE.

Understanding the basics of this technique, the audience won't be surprised to know that more than 10 vulnerabilities have been found in sophisticated frameworks and multi-layered web architectures aforementioned via this technique.

Orange Tsai
Cheng-Da Tsai, also as known as Orange Tsai, is member of DEVCORE and CHROOT from Taiwan. He has spoken at conferences such as Black Hat USA, Black Hat ASIA, DEF CON, HITCON, HITB, CODEBLUE and WooYun. He participates in numerous Capture-the-Flags (CTF), and won 2nd place in DEF CON 22/25 as team member of HITCON.

Currently, he is focusing on vulnerability research and web application security. Orange enjoys finding vulnerabilities and participating in Bug Bounty Programs. He is enthusiastic about Remote Code Execution (RCE), and uncovered RCEs in several vendors, such as Facebook, Uber, Apple, GitHub, Amazon, Yahoo and Imgur.

@orange_8361, Blog: http://blog.orange.tw/


Return to Index    -    Add to    -    ics Calendar file

 

WLV - Caesars Promenade Level - Milano BR 5,6 - Friday - 12:00-12:25


stev0

Bio

Ops guy and security hobbyist

@_stevo
piClicker Github

BSSI [Brain Signal Strength Indicator] - finding foxes with acoustic help (piClicker)

Abstract

Present, and (hopefully) Demo using a raspberry pi to detect wifi signal strength via audio click frequency.


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon B - Friday - 14:30-18:30


Buzzing Smart Devices: Smart Band Hacking

Friday, 1430-1830 in Icon B

Arun Magesh IoT Security Researcher, Payatu Software Labs, LLP

With the recent advancement in connected/smart device and availability of ready-made framework for both hardware and software development. Companies want to rapidly get into smart device market. it is necessary to look at the security feature of these smart device as our digital lives are connected with these devices.

Bluetooth has been around for almost a decade and with the need of low power wireless network and interoperability. Bluetooth has been used in vast majority of the device because of its low power footprint and interoperability as most of our smartphones have Bluetooth

In this workshop, we will be learning on how to fuzz the Bluetooth LE functionality of smart devices and exploit it. In the process, we will learn about how the Bluetooth low energy protocol works and various tools involved in reversing a smart band. We will also introduce a Bluetooth fuzzing framework called as Buzz and use it to crash or find other information in the smart band.

By the end of the class, we will also touch base on the hardware level exploits like accessing the serial port, debugging port and bypass Flash Read protection to extract the firmware from the smart band and demos on the same.

Prerequisites: Knowledge of Linux OS, Basic knowledge of programming (C, python) would be a plus

Materials: Laptop with at least 50 GB free space , 8+ GB minimum RAM (4+GB for the VM), External USB access (min. 2 USB ports)
Administrative privileges on the system
Virtualization software & Latest VirtualBox (5.2.X) (including Virtualbox extension pack)
Linux host machines should have exfat-utils and exfat-fuse installed (ex: sudo apt-get install exfat-utils exfat-fuse).
Virtualization (Vx-t) option enabled in the BIOS settings for VirtualBox to work
Tools will be provided by the instructor and to be returned.
You can also buy the hardware yourself.
SmartBand: https://www.banggood.com/No_1-F4-Blood-Pressure-Heart-Rate-Monitor-Pedometer-IP68-Waterproof-Smart-Wristband-For-iOS-Android-p-1182728.html
Bluetooth Dongle: https://www.amazon.com/DayKit-Bluetooth-Adapter-Windows-Raspberry/dp/B01IM8YKPW/

Max students: 30

Registration: -CLASS FULL- https://www.eventbrite.com/e/buzzing-smart-devices-smart-band-hacking-icon-b-tickets-47193534131
(Opens July 8, 2018 at 15:00 PDT)

Arun Magesh
Arun Magesh works as IoT Security Researcher at Payatu Software labs and has worked on numerous smart devices pentest in the past couple of years. With an electrical engineering academic background, he serves as a core committee member for several IoT local chapters and hackerspaces in India, where he regularly delivers talks and hands-on workshops. He has 5+ years hands-on experience in both building and breaking IoT devices and has been previously awarded for India's Top 25 under 25 technologists and Intel Software Innovator. He has delivered training to numerous governmental and private organizations around the world. He is also a speaker and trainer at several conferences like nullcon18, zer0con18, RISC17, Intel Devfest and EFY17 and His main focus area in IoT is embedded device and SDR security. He has also built and contributed to a number of projects such as Brain-Computer interfacing and Augment Reality solutions.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Friday - 15:00-15:45


Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010

Friday at 15:00 in Track 1
45 minutes | Demo, Tool

Gabriel Ryan Co-Founder / Principal Security Consultant @ Digital Silence

Existing techniques for bypassing wired port security are limited to attacking 802.1x-2004, which does not provide encryption or the ability to perform authentication on a packet-by-packet basis [1][2][3][4]. The development of 802.1x-2010 mitigates these issues by using MacSEC to provide Layer 2 encryption and packet integrity check to the protocol [5]. Since MacSEC encrypts data on a hop-by-hop basis, it successfully protects against the bridge-based attacks pioneered by the likes of Steve Riley, Abb, and Alva Duckwall [5][6].

In addition to the development of 802.1x-2010, improved 802.1x support by peripheral devices such as printers also poses a challenge to attackers. Gone are the days in which bypassing 802.1x was as simple as finding a printer and spoofing address, as hardware manufacturers have gotten smarter.

In this talk, we will introduce a novel technique for bypassing 802.1x-2010 by demonstrating how MacSEC fails when weak forms of EAP are used. Additionally, we will discuss how improved 802.1x support by peripheral devices does not necessarily translate to improved port-security due to the widespread use of weak EAP. Finally, we will consider how improvements to the Linux kernel have made bridge-based techniques easier to implement and demonstrate an alternative to using packet injection for network interaction. We have packaged each of these techniques and improvements into an open source tool called Silent Bridge, which we plan on releasing at the conference.

Gabriel Ryan
Gabriel Ryan is a penetration tester and researcher with a passion for wireless and infrastructure testing. He currently serves a co-founder and principal security consultant for Digital Silence, a Denver based consulting firm that specializes in impact driven penetration testing and red team engagements.

Prior to joining Digital Silence, Gabriel worked as a penetration tester and researcher for Gotham Digital Silence, contributing heavily to their wireless security practice and regularly performing large scale infrastructure assessments and red teams for Fortune 500 companies. Some of Gabriel's most recent work includes the development of EAPHammer, an 802.11ac focused tool for breaching WPA2-EAP networks. On the side, he serves as a member of the BSides Las Vegas senior staff, coordinating wireless security for the event. In his spare time, he enjoys producing music, exploring the outdoors, and riding motorcycles.

@s0lst1c3, https://digitalsilence.com, solstice.sh


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon A - Friday - 10:00-13:59


Bypassing Windows Driver Signature Enforcement

Friday, 1000-1400 in Icon A

Csaba Fitzl

Microsoft does a great effort to harden the Windows kernel and limit attackers to load their custom drivers (kernel rootkits) with the introduction of Driver Signature Enforcement in Win7x64. In this 4 hour workshop we will learn the limitation of this enforcement and practice how we can bypass it. We will explore 4 different methods (from very easy to difficult) on various versions of Windows, including Windows 10. We will see how and why they work, and which malware used them in the past. First we will see how we can use leaked certificates to overcome DSE as well as how we can turn it OFF by design, and what are its limitations. Then we will use WinDBG to look into the kernel and find the various flags used to control DSE and use the HackSysExtremeVulnerableDriver to do kernel exploitation for setting those to the value we require. We will use a simple dummy driver to demonstrate unsigned driver loading.

Prerequisites: Some experience with WinDBG, assembly or kernel exploitation can be helpful, but not required. Basic Python scripting knowledge will be needed.

Materials: For the full experience students will require 2 Windows virtual machines (Windows 7 and Windows 10) (optionally Windows 8) with WinDBG, Python installed on all of them, and one of them will require Visual Studio with Driver development tools. Guide for setting up VMs will be provided prior the workshop.

Max students: 24

Registration: -CLASS FULL- https://www.eventbrite.com/e/bypassing-windows-driver-signature-enforcement-icon-a-tickets-47194788884
(Opens July 8, 2018 at 15:00 PDT)

Csaba Fitzl
Csaba graduated in 2006 as a computer engineer. He worked for 6 years as a network engineer, troubleshooting and designing big Cisco networks. After that he started to work as a blue teamer, focusing on network forensics, malware analysis and kernel exploitation. Recently he joined a red team, where he spends most of his time simulating adversary techniques. He gave talks / workshops on various international IT security conferences, including Hacktivity, hack.lu, hek.si, SecurityFest and BSidesBUD. He currently holds OSWP / OSCP / OSCE / OSEE certifications. He is the author of the 'kex' kernel exploitation Python toolkit.


Return to Index    -    Add to    -    ics Calendar file

 

WLV - Caesars Promenade Level - Milano BR 5,6 - Friday - 13:00-13:55


wasabi

Bio

wasabi is a security researcher who loves to experiment with embedded devices, signals, and really anything electrical.

@spieceywasabi

Can you hear me now, DEF CON?

Abstract

Using cheap commodity RF hardware to act as secure or backchannel communications for security research and pen tests. Wireless communication is getting cheaper and hobby projects are integrating long range low powered communication to link devices in all sorts of unique ways. But what about in the world of information security? This talk will cover the acronym soup of current communication systems including LoRA, RFM, Satellite, ASK, and many others to identify what protocols make sense when you are trying to communicate either stealthily or in remote areas. In addition, this talk will cover how to improve reliability of wireless communication and the costs associated with making your super pen test box. Or perhaps even what evil things can be done with these and how to protect yourself. The aim for this talk is to be interactive, and allow people to share experiences.


Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Friday - 16:00-16:59


Car Infotainment Hacking Methodology and Attack Surface Scenarios

Jay Turla, Application Security Engineer at Bugcrowd

The battle for supremacy for the control of the dashboard display or infotainment systems has always been a race. Most of these systems run on Linux, Android, Windows (customized dashboards - perhaps Windows ME or CE) and Blackberry's QNX. In-Vehicle Infotainment (IVI) or In-car entertainment (ICE) Systems are indeed fun consoles where you can play media, movies, or work with your car's navigational system. But somehow it also comes with a risk of being hacked or attacked because they have also been plagued with vulnerabilities. In this talk, join Jay as he presents his own Car Hacker's Methodology in finding security bugs in order to pwn a car's infotainment system without having to do a drive by wire or CANbus hacking tools but will simply point out the common attack surfaces e.g WiFi, Bluetooth, USB Ports, etc. and some scenarios on how to exploit it just like how he popped a shell or issue an arbitrary command in his car which he tweeted in Twitter before.

Jay Turla (Twitter: @shipcod3) is an application security engineer at Bugcrowd Inc., and one of the goons of ROOTCON. He has been acknowledged and rewarded by Facebook, Adobe, Yahoo, Microsoft, Mozilla, etc. for his responsible disclosures. He has also contributed auxiliary and exploit modules to the Metasploit Framework and presented at ROOTCON, Nullcon, and TCON. He used to work for HP Fortify where he performs Vulnerability Assessment, Remediation and Advance Testing.


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Friday - 16:00-17:00


Title:
Cicada: What the Puzzles Can Teach Us About Cryptography and Privacy.

4:00pm

Cicada: What the Puzzles Can Teach Us About Cryptography and Privacy.
When
Fri, August 10, 4pm – 5pm
Description
Speaker
------
Nox

Abstract
--------
The online cryptography challenge that's been sometimes called by the mainstream "the hardest puzzle on the internet" and "one of the greatest online mysteries" certainly earned those titles. Though mostly completed now for some years, there's a number of valuable things to be learned from how they handled and presented cryptography for both the well-versed as well as the uninitiated. A staggering number of individuals found themselves trying to study cryptography for the first time because of the pull the puzzles had on anyone who came across them, and somehow despite a massive online undertaking to find the creators, the question of their identity remains unanswered now 6 years later. The strategies and the attitudes used in the creation of these challenges could teach us all something about how we approach cryptography teaching and study, as well as how modern approaches to privacy actually fare against interested threats.

Bio
-----------------
I've long had a love for online cryptography challenges and puzzles, even before being one of a small number to finish the 2013 Cicada puzzle. I run a series on YouTube explaining puzzle steps and solutions, as well as tutorials on the skills required to approach these problems for people that want to learn. I'm also a Canadian, a Computing Science student, and an obsessive fan of online privacy and the tools that allow for it.

Twitter handle of presenter(s)
------------------------------
@NoxPopuli3301

Website of presenter(s) or content
----------------------------------
youtube.com/c/noxpopuli

Return to Index    -    Add to    -    ics Calendar file

 

BTV - Flamingo 3rd Flr- Savoy Rm - Friday - 10:40-11:30


Cloud Security Myths

Friday at 10:40-11:30
50 minutes

Xavier Ashe@XavierAshe

Cloud Security is a magical world of as-a-service miracles. Just spin up your intrusion-detection- as-a-service, SOC-as-a-service, incident-response-as-a-service, and start feeding it security- intelligence-as-a-service. Come hear from this CISO-as-a-service unwrap the onion of cloud access security brokers (CASB), cloud workload protection platforms (CWPP), microsegmentation, cloud security posture management (CSPM), software-defined perimeters (SDP), and bunch of other cloud related topics. What do they do? Do they really work? What do you with all those security appliances you’ve accumulated?

Xavier Ashe
Xavier Ashe is a Georgia Institute of Technology alumnus and has 25 years of hands-on experience in information security. Working for various security vendors and consulting firms for the last 15 years, including IBM, Gartner, and Carbon Black, Xavier has been focused on helping secure companies of all sizes. Xavier was the first hire at the startup Drawbridge Networks, where he was instrumental in bringing the first microsegmentation solution for servers and workstations to market. Xavier served on the IBM Security Architecture Board and published several papers. Mr. Ashe holds many industry certifications, including CISM, CISSP, ITIL, SOA, and others. Xavier is currently running Xavier Enterprises, an information security consulting firm.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Friday - 13:00-13:30


Compromising online accounts by cracking voicemail systems

Friday at 13:00 in Track 1
20 minutes | Demo, Audience Participation, Tool

Martin Vigo Hacker

Voicemail systems have been with us since the 80s. They played a big role in the earlier hacking scene and re-reading those e-zines, articles and tutorials paints an interesting picture. Not much has changed. Not in the technology nor in the attack vectors. Can we leverage the last 30 years innovations to further compromise voicemail systems? And what is the real impact today of pwning these?

In this talk I will cover voicemail systems, it's security and how we can use oldskool techniques and new ones on top of current technology to compromise them. I will discuss the broader impact of gaining unauthorized access to voicemail systems today and introduce a new tool that automates the process.

Martin Vigo
Martin Vigo is a Lead Product Security Engineer and Researcher responsible for Mobile security, Identity and Authentication. He helps design secure systems and applications, conducts security reviews, penetration testing and generally helps keep "the cloud" secure. Martin is also involved in educating developers on security essentials and best practices.

Martin has presented several topics including breaking password managers, exploiting Apple's Facetime to create a spy program and mobile app development best practices. These were given at conferences such as Blackhat EU, Ekoparty, Kaspersky Security Analyst Summit and Shakacon.

Outside the office, Martin enjoys research, bug bounties, gin tonics and scuba diving.

@martin_vigo


Return to Index    -    Add to    -    ics Calendar file

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Friday - 12:00-12:30


Title: Contests, Challenges, and free giveaways

Speakers: MSvB and midipoet

Description:
No description available



Return to Index    -    Add to    -    ics Calendar file

 

PPV - Flamingo Lower Level - Valley Of Fire Rms - Friday - 13:00-13:45


Title:
Cruising the Cannabis Highway: Major Breaches in Cannabis Software

The context & implications of several breaches in 2017
Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon F - Friday - 10:00-13:59


Crypto Hero

Friday, 1000-1400 in Icon F

Sam Bowne Instructor, City College San Francisco

Dylan James Smith

Elizabeth Biddlecome Security Consultant

Protect data with strong cryptography (AES, RSA, SHA) and attack these systems (Existential Forgery, Padding Oracle, and more). Apply these techniques to blockchains including Bitcoin, Ethereum, and Multichain.

This is a hands-on workshop with a series of CTF-style challenges, beginning with simple data conversions and extending to advanced methods appropriate for experts. We will briefly explain and demonstrate the techniques, and trainers will help participants individually with the challenges.

Prerequisites: Prior experience with cryptography is helpful but not required.

Materials: A laptop capable of running VMware virtual machines

Max students: 84

Registration: -CLASS FULL- https://www.eventbrite.com/e/crypto-hero-icon-f-tickets-47194055691
(Opens July 8, 2018 at 15:00 PDT)

Sam Bowne
Sam Bowne is an instructor at City College San Francisco, and has been teaching hacking and security classes for ten years. He has presented talks and workshops at Defcon, HOPE, RSA, BSidesLV, BSidesSF, and many other conferences. He has a CISSP and a PhD and is like, really smart.

Dylan James Smith
Dylan James Smith has assisted Sam Bowne with classes as a tutor and TA and at hands-on workshops at DEF CON, RSA, B-Sides LV and other conferences. He has worked in and around the computer support and network administration industries since adolescence. Now he's old(er.) Currently tearing things apart and putting them back together and seeking opportunities to practice and teach "the cybers".

Elizabeth Biddlecome
Elizabeth Biddlecome is a consultant and instructor, delivering technical training and mentorship to students and professionals. She leverages her enthusiasm for architecture, security, and code to design and implement comprehensive information security solutions for business needs. Elizabeth enjoys wielding everything from soldering irons to scripting languages in cybersecurity competitions, hackathons, and CTFs.


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Friday - 12:00-13:30


Title:
Cryptography, Codes, and Secret Writing: An Introduction to Secret Communications

12:00pm

Cryptography, Codes, and Secret Writing: An Introduction to Secret Communications
When
Fri, August 10, 12:00pm – 1:30pm
Description
Speaker
------
Tess Schrodinger

Abstract
--------
What's the difference between a code and a cipher? What is the earliest known use of cryptography? Are there any codes that have never been solved? Whether you are new to the subject or a seasoned pro, this talk will have something for you. We will journey from the beginnings of secret writing to the future of secure communications in a post quantum world.

Bio
-----------------
Zero Point Field Operative and Cyber Shaman

Twitter handle of presenter(s)
------------------------------
@TessSchrodinger

Website of presenter(s) or content
----------------------------------
https://www.patreon.com/TessSchrodinger

Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Caesars - Location printed on badges - Friday - 19:00-23:59


Title:
Cubcon 2018

Welcome to Cubcon 2018

A one night event celebrating newcomers to DEFCON and the industry.
Creating a space where veterans and newcomers alike can meet, talk, and form personal and professional support networks.

Caesar's Palace
Friday August 10, 2018 at 7 pm

Exact location will be printed on our badges, which we will be handing out in person at DEFCON.
For more information, please reach out to us at @_cubcon.

More Info: https://cubcon.party/

Return to Index    -    Add to    -    ics Calendar file

 

VMHV - Caesars Pool Level - Forum 14-16 - Friday - 14:00-14:30


Title:
Current Policy Responses to Election Security Concerns

No description available
Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Friday - 18:30-18:59


Title: Custodial Responsibilities in the Connected Age: Digital Specimens and Social Contracts

Speaker: Andy Coravos
@andreacoravos
Abstract:
"Healthcare is enamored with data. We have more data than we know what to do with (e.g., constant flows of data from wearables, new and cheaper ways to sequence genomes, digital phenotypes expressed through social media interactions) and there is a rush to deploy this data in clinical research and care. As we combine this “data”, we start to build a digital replica of each human. Our healthcare data carries new weight, new responsibilities. The rise in data means that we are gaining a greater body of knowledge as we assemble a digital representation of a person. We are getting closer to full understanding of someone’s biology, brain structure, how and why they think and do what they do. We are entering into a world where precision medicine and “N of 1” studies is (finally) becoming possible. On the flipside, we are also entering into a period of unprecedented monitoring and surveillance. As a society, we have standards for how we handle human blood, tissue and other human specimens. It’s now time for us to talk more about how we are to handle our digital specimens. In the talk, we’ll discuss the proliferation of our biometric and psychographic data, use cases, and the new ethical and custodial responsibilities that arise for individuals, regulators and companies."

Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Octavius 9 - Friday - 20:00-19:59


D0 N0 H4RM: A Healthcare Security Conversation

Friday at 20:00 in Octavius 9
Fireside Hax

Christian"quaddi" Dameff MD Emergency physician, Clinical Informatics fellow at The University of California San Diego.

Jeff "r3plicant" Tully MD Pediatrician, Anesthesiologist, University of California Davis

Kirill Levchenko PhD Associate Professor of Computer Science, University of California San Diego

Beau Woods Hacker

Roberto Suarez Hacker

Jay Radcliffe Hacker

Joshua Corman Hacker

David Nathans Hacker

Healthcare cybersecurity is in critical condition. That's not FUD, that's the bottom line from the Congressionally mandated Health Care Industry Cybersecurity Task Force report released just last year, a year which also saw the twin specters of WannaCry and NotPetya take down entire hospital systems while over half a million implanted pacemakers were recalled in the fallout of one of the most (ir?)responsible disclosures in recent memory. It's enough to make any concerned white hat reach for a stiff drink. And that's where we come in. After an incredibly successful, near-fire-code-violating jam packed session at DC25 as an Evening Lounge, 'D0 N0 H4rm' is diving deeper and going longer as it transforms into a Fireside Hax, assembling an even larger and more distinguished panel of expert hackers, policymakers, wonks, and health care providers to continue discussing, dissecting, and most importantly, debating the ways to keep patients safe in an increasingly perilous space. Featuring continuous audience interaction and with the same loose and informal flow that characterized the initial, libation rich hotel room gatherings, moderators quaddi and r3plicant invite you to add your voice to this incredibly important conversation. Pin this one down quickly, pre-registration is going to go fast.

Christian "quaddi" Dameff MD
Christian (quaddi) Dameff MD is an emergency medicine doctor, former open capture the flag champion, prior DEF CON speaker, and researcher. Published works include topics such as therapeutic hypothermia after cardiac arrest, novel drug targets for myocardial infarction patients, and other Emergency Medicine related works with an emphasis on CPR optimization. Security research topics including hacking critical healthcare infrastructure, medical devices and the effects of malware on patient care. This is his fourteenth DEF CON.

@cdameffmd

Jeff "r3plicant" Tully MD
Jeff (r3plicant) Tully MD is an anesthesiologist, pediatrician, and researcher with an interest in understanding the ever-growing intersections between healthcare and technology. Prior to medical school he worked on"hacking" the genetic code of Salmonella bacteria to create anti-cancer tools, and throughout medical training has remained involved in the conversations and projects that will secure healthcare and protect our patients as we face a brave new world of remote care, implantable medical devices, and biohacking.

@jefftullymd

Kirill Levchenko PhD

Beau Woods
Beau Woods is a leader with the I Am The Cavalry grassroots initiative, an Entrepreneur in Residence at the US Food and Drug Administration, a Cyber Safety Innovation Fellow with the Atlantic Council, and Founder/CEO of Stratigos Security. Beau has consulted with Global 100 corporations, the White House, members of Congress, foreign governments, and NGOs on some of the most critical cybersecurity issues of our time. Beau's focus is on Internet of Things (IoT) technologies where cybersecurity intersects public safety and human life issues, including healthcare, automotive, energy, oil and gas, aviation, transportation, and other sectors. Beau is a published author, frequent public speaker, often quoted in media, and is often engaged for public or private speaking venues.

Roberto Suarez
Roberto Suarez is a product security and privacy professional in the medical device and healthcare IT industry. At BD, Roberto is responsible for developing a Product Security Center of Excellence that drives process, capability and maturity to build products that are secure by design with transparency and control in mind. Giving product teams exposure to cyber security training and events, building their in-house expertise and promoting a company-wide community for product security is what Roberto is passionate about.

Jay Radcliffe
Jay Radcliffe is a Senior Security Consultant and Researcher. He is an offensive penetration tester with a knack for hardware hacking and embedded device security. He has given dozens of presentations at conferences around the world including DEF CON and Blackhat including several on the security of insulin pumps.

Joshua Corman
Joshua Corman is a Founder of I am The Cavalry (dot org) and CSO for PTC. Corman previously served as Director of the Cyber Statecraft Initiative for the Atlantic Council, CTO for Sonatype, Director of Security Intelligence for Akamai, and in senior research & strategy roles for The 451 Group and IBM Internet Security Systems. He co-founded RuggedSoftware and IamTheCavalry to encourage new security approaches in response to the world's increasing dependence on digital infrastructure. Josh's unique approach to security in the context of human factors, adversary motivations and social impact has helped position him as one of the most trusted names in security. He also serves as an adjunct faculty for Carnegie Mellon's Heinz College and on the 2016 HHS Cybersecurity Task Force.

David Nathans
David Nathans currently serves as a Product Security Manager for Siemens Healthcare, where he specializes in building cybersecurity programs and Security Operation Centers. Having previously held prominent positions in the defense, retail, managed security and healthcare industries, Nathans has a wealth of cybersecurity knowledge which he shares to help protect companies from this growing threat. His experiences and lessons learned also stem from his time building security programs at one of the largest breached retail companies in history as well as working all over the world as a cyber-operations officer for the U.S. Air Force


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Friday - 10:00-10:45


De-anonymizing Programmers from Source Code and Binaries

Friday at 10:00 in Track 2
45 minutes |

Rachel Greenstadt Associate Professor, Drexel University

Dr. Aylin Caliskan Assistant professor of Computer Science, George Washington University

Many hackers like to contribute code, binaries, and exploits under pseudonyms, but how anonymous are these contributions really? In this talk, we will discuss our work on programmer de-anonymization from the standpoint of machine learning. We will show how abstract syntax trees contain stylistic fingerprints and how these can be used to potentially identify programmers from code and binaries. We perform programmer de-anonymization using both obfuscated binaries, and real-world code found in single-author GitHub repositories and the leaked Nulled.IO hacker forum.

Rachel Greenstadt
Dr. Rachel Greenstadt (PI) is an Associate Professor of Computer Science at Drexel University where she teaches graduate-level courses in computer security, privacy, and machine learning. She founded the Privacy, Security, and Automation Laboratory at Drexel University in 2008. Dr. Greenstadt was among the first to explore the effect of adversarial attacks on stylometric methods, and the first to demonstrate empirically how stylometric methods can fail in adversarial settings while succeeding in non-adversarial settings.

She has a history of speaking at hacker conferences including DEF CON 14, ShmooCon 2009, 31C3, and 32C3.

Dr. Greenstadt's scholarship has been recognized by the privacy research community. She is an alum of the DARPA Computer Science Study Group and a recipient of the NSF CAREER Award. Her work has received the PET Award for Outstanding Research in Privacy Enhancing Technologies and the Andreas Pfitzmann Best Student Paper Award. She currently serves as co-editor-in-chief of the journal Proceedings on Privacy Enhancing Technologies (PoPETs). Her research has been featured in the New York Times, the New Republic, Der Spiegel, and other local and international media outlets.

@ragreens

Dr. Aylin Caliskan
Aylin Caliskan is an assistant professor of computer science at George Washington University. Her research interests include the emerging science of bias in machine learning, fairness in artificial intelligence, data privacy, and security. Her work aims to characterize and quantify aspects of natural and artificial intelligence using a multitude of machine learning and language processing techniques. In her recent publication in Science, she demonstrated how semantics derived from language corpora contain human-like biases. In addition, she developed novel privacy attacks to de-anonymize programmers using code stylometry. Her presentations on both de-anonymization and bias in machine learning are the recipients of best talk awards. Her work on semi-automated anonymization of writing style furthermore received the Privacy Enhancing Technologies Symposium Best Paper Award. Her research has received extensive press coverage across the globe. Aylin holds a PhD in Computer Science from Drexel University and a Master of Science in Robotics from the University of Pennsylvania. She has previously spoken at 29C3, 31C3, 32C3, and 33C3.

@aylin_cim


Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Friday - 11:00-11:59


Title:
Deconstructing DeFeNeStRaTe.C: The first public buffer overflow on a mainframe?

Soldier of FORTRAN
@mainframed767
Deconstructing DeFeNeStRaTe.C: The first public buffer overflow on a mainframe?

In 2012 hackers were running rampant in Swedens federal mainframes. During the course of the investigation it was thought it might be a good idea to release *ALL* the investigation documentation to the public. Included in these public files were snippets (or full programs) of the tools the hackers developed to work on an IBM z/OS mainframe (see: https://wikileaks.org/gottfrid-docs/). But not every tool developed were included in those papers. Shortly after the documents were released, your speaker was sent a DM out of the blue with a link to a pastebin (https://pastebin.com/Apk5zWDj) and two simple questions: "was this an exploit? how did it work?" Why did they contact the speaker? Because it was thought he originally was the one who did the breach. This talk will go over the breach in a high level before diving DEEP in to the unix part of a mainframe, looking at exactly what this C program was doing (or attempting to do) and how it accomplished it. This talks got it all when it comes to mainframe privilege escalation, APF authorized unix programs (a special attribute on z/OS), buffer overflows, hijacking return addresses, debugging C programs and changing ACEEs. All of these will be peppered with demos to show how it worked. After this talk you'll be able to know exactly what DeFeNeStRaTe.C was (trying?) to do and see it in action!


Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Friday - 16:00-16:59


Deep Exploit

Isao Takaesu

DeepExploit is fully automated penetration tool linked with Metasploit. It identifies the status of all opened ports on the target server and executes the exploit at pinpoint using Machine Learning.

Isao Takaesu is CISSP. He is working in Mitsui Bussan Secure Directions, Inc. as security engineer and researcher. He found many vulnerabilities in client’s server and proposed countermeasures to client. He thinks that there’s more and wants to find vulnerabilities. Therefore, he is focused on artificial intelligence technology for cyber security. Now, he is developing the penetration test tool using machine learning.


Return to Index    -    Add to    -    ics Calendar file

 

Contest - Contest Stage - Friday - 18:00-19:59


Title:
DEF CON Beard and Moustache Contest

Held every year since DEF CON 19 in 2011 (R.I.P. Riviera), the DEF CON Beard and Moustache Contest highlights the intersection of facial hair and hacker culture.

More Info: http://www.dcbeard.com/    @DCBeardContest

Return to Index    -    Add to    -    ics Calendar file

 

Meetup - The Park on Las Vegas Blvd. by TMobile Arena - Friday - 18:30-20:30


Title:
DEF CON Dinner Con

Who's ready for @defcon ? Rumors going around that it's been cancelled once again. Even if it is, you gotta eat so come to @DEFCONDinner on Friday, August 10th 2018 at The Park 3782 S Las Vegas Blvd. by @TMobile Arena. 6:30 pm until about 8:00 pm. Then off to your parties!
Return to Index    -    Add to    -    ics Calendar file

 

Meetup - corner of W Flamingo and Las Vegas Blvd underneath the circular temple structure - Friday - 06:00-06:59


Title:
Defcon 26 4X5K run

"Good Livin" is returning to DefCon 26, because maybe you want a little more! Maybe you feel like getting up at 5:30 in Vegas. Maybe you didn't stop the night before. Maybe because 6 AM is the coolest time for a run in Vegas (It's only 80!) Who cares let's go for a run!
We hit all the hot spots on the 4x5K @defcon with @whereiskurt ! Details here. https://www.reddit.com/r/Defcon/comments/8rcc5m/defcon_26_4_x_5k_is_on_again/ . . .
Also don't forget a World Run by Hackers https://www.eventbrite.com/e/world-run-by-hackers-5th-edition-registration-47811111321 . . . for even more running.
More info: @Agent__X__ tweet

Return to Index    -    Add to    -    ics Calendar file

 

Meetup - Caesars - Circle Bar - Friday - 17:00-18:59


Title:
DEFCON 909 Meet Up

More Info: https://twitter.com/defcon909/status/1026524118164750336?s=03

Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon F - Friday - 14:30-18:30


Deploying, Attacking, and Securing Software Defined Networks

Friday, 1430-1830 in Icon F

Jon Medina Security Architect, Protiviti
Megha Kalsi Security Manager, Protiviti

Let's get our hands dirty in Software Defined Networking! Whether you're a network engineer or just a netsec enthusiast, this workshop will provide you with tools and guidance to set up, attack, and secure a software defined network from scratch using open-source tools and cloud-based switching software. Each attendee will be given access to a lab environment where they can deploy, test, configure, break, and secure a software defined network. All scripts and deployment instructions will be provided at the end, so you can continue your testing and research back home, or use it to make friends and win bets at the pub.

Prerequisites: Basic networking, knowledge of the OSI model, and basic *nix shell familiarity.

Materials: Laptop with internet access, web browser with HTML5 capability

Max students: 84

Registration: -CLASS FULL- https://www.eventbrite.com/e/deploying-attacking-and-securing-software-defined-networks-icon-f-tickets-47193792905
(Opens July 8, 2018 at 15:00 PDT)

Jon Medina
Jon is a security nerd who has worked in networking and security capacities for everything from the Department of Defense, to the Fortune 500, to state and local government. He currently works for Protiviti providing security consulting for a wide variety of clients and industries. His interests outside of security include traveling, hockey, strange beers, and his bulldog. He's spoken at Shmoocon, BSides, and many other security events and conferences.

Megha Kelsi
Megha is an Orlando-based security geek who’s worked in consulting across a wide variety of industries and solutions. She works extensively in security architecture, network security, vulnerability assessments, social engineering (Ferris Bueller style), incident response, and security operations. She enjoys spending time with her family, dancing, boxing / kickboxing (beating the crap out of punching bags is a hobby right?), and keeping up with the latest security news.


Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Friday - 15:20-15:59


Detecting Web Attacks with Recurrent Neural Networks

Fedor Sakharov

“Classic Web Application Firewalls (WAFs) mostly use rule-based approach for attack detection. This approach is known to have its pros and cons. Despite offering decent protection from automated attacks and predictable detection results rule-based approach has and always will have certain disadvantages. We all know that it’s useless against 0-day attacks or that even the most sophisticated rules are easily evaded by skilled professionals. That is why a more effective approach should involve some kind of heuristics. Let’s give a chance to artificial intelligence to find something non-obvious for human perception in raw data and try to explain its results.

To this day AI has been more often used for cat classification rather than for detecting application-level attacks on HTTP applications. Our team decided to test the hypothesis that Deep Learning is able to detect web-based attacks effectively. We started with very simple neural network architectures and tried to use them for classification. After some experiments it became clear that we needed more complex networks so we abandoned our attempts to use classification shifting to anomaly detection. Eventually, we ended up using seq2seq model with attention mechanisms which is able to detect zero-day web attacks with minimal number of false positives.”

Irina Stepanyuk is a data scientist from Moscow, Russia. For some time Irina is a researcher in Positive Technologies. She develops data analysis algorithms in relation to information security. Moreover, Irina is a Master’s student in the Faculty of Computer Science at the Higher School of Economics, where she also participates in data science projects and research.

Arseny Reutov is a web application security researcher from Moscow, Russia. Arseny is the Head of Application Security Research at Positive Technologies Ltd where he specializes in penetration testing, the analysis of web applications, and application security research. He is the author of research papers and blog posts on web security published in such magazines as Hacker (Xakep) and HITB Magazine as well as in his blog raz0r.name. He was a speaker at ZeroNights, CONFidence, PHDays and OWASP conferences. Arseny loves making web security challenges (#wafbypass on Twitter) as well as solving them. His passion are modern web technologies and finding vulnerabilities in them.

Fedor is a software developer from Moscow, Russia. He takes interest in various aspects of low-level programming and information security. For some time he has contributed to opensource reverse-engineering framework radare2, his diploma thesis is about transparent application CFG control in runtime and he has a solid experience with Linux kernel programming, drivers as well as kernel subsystems. That’s not all, since recently he leads the security-focused machine learning research at Positive Technologies.”


Return to Index    -    Add to    -    ics Calendar file

 

PPV - Flamingo Lower Level - Valley Of Fire Rms - Friday - 16:00-16:30


Title:
Diagnosing Sick Plants with Computer Vision

Machine Learning + webcam = auto-diagnosing of Cannabis
Return to Index    -    Add to    -    ics Calendar file

 

EHV - Caesars Promenade Level - Modena Rm - Friday - 18:30-19:29


Title: Discussion

Speakers: Speaker TBA

Description:




Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Octavius 13 - Friday - 20:00-19:59


Disrupting the Digital Dystopia or What the hell is happening in computer law?

Friday at 20:00 in Octavius 13
Fireside Hax | Audience Participation

Nathan White Senior Legislative Manager, Access Now

Nate Cardozo Senior Staff Attorney, EFF

1984 didn't just happen because of a calendar. The world of 1984 was built by politicians who used the rule of law to change society into an oppressive surveillance state. In Washington D.C., politicians today are making decisions about what technologies we're permitted to use and how they'll be used in society. In this talk we'll break down 4-5 bills currently under discussion in Congress and explain who they'll impact the DEF CON community.

Nathan White
Nathan White spent five years working for the U.S. congress before starting a political consulting firm as a registered lobbyist. He now serves as the Senior Legislative Manager for Access Now, where he works to defend our digital rights. He has run political and issue campaigns from Maui to Maryland to Melbourne. He helped advocacy campaigns including the fight to save Net Neutrality at the FCC (2015) and the USA FREEDOM Act in Congress. At Access Now he co-organized the Crypto Summit and Crypto Summit 2.0. He worked to build the SaveCrypto.org campaign and helped create the international coalition to Secure The Internet (securetheinternet.org). He works everyday to educate Washington D.C. beltway types about our community.

@NathanielDWhite

Nate Cardozo
Nate Cardozo is a Senior Staff Attorney on EFF's civil liberties team where he focuses on cybersecurity policy and defending coders' rights. Nate has litigated cases involving electronic surveillance, freedom of information, digital anonymity, online free expression, and government hacking. His other projects include defending encryption, fighting software export controls, preserving automotive privacy, and assisting surveillance law reform efforts. As an expert in technology law and civil liberties, Nate works on EFF's Who Has Your Back report and regularly assists companies in crafting rights-preserving policies and advising on compliance with legal process. When he's not brewing beer with his EFF colleagues, Nate serves on the boards of directors of the First Amendment Coalition and the South Asian Film Preservation Society. Nate has a B.A. in Anthropology and Politics from U.C. Santa Cruz and a J.D. from U.C. Hastings where he has taught first-year legal writing and moot court.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Friday - 13:00-13:30


Dissecting the Teddy Ruxpin: Reverse Engineering the Smart Bear

Friday at 13:00 in 101 Track, Flamingo
20 minutes | Demo, Audience Participation, Tool

zenofex Hacker

The Teddy Ruxpin is an iconic toy from the 1980's featuring an animatronic teddy bear that reads stories from cassette tapes to children. In late 2017, a new model of the toy was released with improvements including Bluetooth connectivity, LCD eyes, and a companion mobile application. While the new bear features a number of improvements, the Teddy Ruxpin's original ability to add new stories by replacing the included cassettes is no longer applicable, and it requires users to supply files to the bear in a proprietary format.

This presentation aims to show how the new Teddy Ruxpin was reverse engineered down to a very low level in order to create new content. I will reveal the inner workings of the hardware and software within the bear and document the process used to reverse engineer it. I will then examine the communication between the mobile application and Teddy Ruxpin as well as the custom structure of the digital books read by the bear. I will end the presentation by releasing a toolset that allows users to create their own stories followed by a demo showcasing the Teddy Ruxpin greeting the DEF CON audience.

zenofex
Zenofex (@zenofex) is a senior research scientist at Cylance. Zenofex founded the Exploitee.rs which is a public research group that has released exploits for over 65 devices including the Amazon FireTV, Roku Media Player and the Google Chromecast. Zenofex is also a member of Austin Hackers (AHA) and has spoken at a number of security conferences including BlackHat and DEF CON.

@zenofex


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Friday - 13:30-13:50


Dragnet—Your Social Engineering Sidekick

Friday at 13:30 in Track 1
20 minutes | Demo, Tool

Truman Kain Security Associate, Tevora

First, Dragnet collects dozens of OSINT data points on past and present social engineering targets. Then, using conversion data from previous engagements, Dragnet provides recommendations for use on your current targets: phishing templates, vishing scripts and physical pretexts- all to increase conversions with minimal effort. Finally, features like landing page cloning and domain registration (alongside your standard infrastructure deployment, call scheduling and email delivery) make Dragnet one hell of a catch.

Truman Kain
Truman Kain has taken everything he has learned as a web designer, internet marketer and mobile developer, and applied these insights directly into the development and experience of Dragnet. Why shouldn't your go-to social-engineering tool be as smooth and intuitive as your favorite mobile app?


Return to Index    -    Add to    -    ics Calendar file

 

Contest - Contest Stage - Friday - 16:00-17:59


Title:
EFF Tech Trivia

EFF's team of technology experts have crafted challenging trivia about the fascinating, obscure, and trivial aspects of digital security, online rights, and Internet culture. Competing teams will plumb the unfathomable depths of their knowledge, but only the champion hive mind will claim the First Place Tech Trivia Cup and EFF swag pack. The second and third place teams will also win great EFF gear.
Judged by Jack Adniel, Alex Stamos, Noise, and Gritty Grease

More Info: @EFF   https://eff.org/

Return to Index    -    Add to    -    ics Calendar file

 

BTV - Flamingo 3rd Flr- Savoy Rm - Friday - 11:50-12:10


Effective Log & Events Management

Friday at 11:50-12:10
20 minutes

Russell Mosley@sm0kem

Logs, right? Do you run an expensive SIEM? If not, this talk is for you. An effective process for managing logs and security events with built-in and open-source tools will be detailed. I'll share reports and tickets from our organization and describe how we analyze them to improve IT operations, situational awareness, security posture, and pass audits.

Russell Mosley
Russell is an IT Infrastructure & Security Director for a DC-area software services company and an organizer with BSides Charm. Russell has seventeen years' experience in IT operations and Enterprise Defense and is responsible for the organization's compliance with SOC and FISMA requirements. He holds degrees from UMBC, UMUC, and Towson University as well as CISSP and several vendor certifications.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Friday - 12:55-13:35


Emergent Recon - fresh methodology and tools for hackers in 2018 - Jason Haddix

Recon is an art AND an science. The landscape for methods of finding hosts to attack is constantly changing. Whether you call it “Asset Discovery” or something else, it remains a core part of bounty hunter and red teaming life. Join Jason as he expands on his ever changing recon methodology.

This talk will focus on what tools to incorporate (and which tools not to). It will outline new methods coined in 2018, plus frameworks to automate and document your workflow. Topics include: brand/TLD discovery, host enumeration, application threat modeling, and more!


Return to Index    -    Add to    -    ics Calendar file

 

EHV - Caesars Promenade Level - Modena Rm - Friday - 16:00-16:59


Title: Ethical Disclosure and the Reduction of Harm

Speakers: Speaker TBA

Description:

How does a researcher become empowered to influence business and marketing leaders to balance coordinated disclosure, opsec protection, and tradecraft protection, with corporate interests? This talk examines use cases gone wrong, and opportunities for all groups to work together to make it right.




Return to Index    -    Add to    -    ics Calendar file

 

EHV - Caesars Promenade Level - Modena Rm - Friday - 13:00-13:59


Title: Ethics for Security Practitioners

Speakers: Speaker TBA

Description:

While at the first glance infosec might seem to be a mainly technical domain you might encounter ethical dilemmas very soon once you start working in the field (namely when you do offensive stuff). In this talk I'll provide an introduction how to tackle such situations in a structured way and on the basis of common approaches and values.




Return to Index    -    Add to    -    ics Calendar file

 

BTV - Flamingo 3rd Flr- Savoy Rm - Friday - 12:30-13:20


Evolving security operations to the year 2020

Friday at 12:30-13:20
50 minutes

@IrishMASMS

The security operations aspect of your Information Security risk management program is where the “rubber meets the road” — the tools and people you have to implement the process and procedures you put together to find the badness and put out the fires. How has the concept of security operations evolved, and where are we headed? There is plenty of buzzword bingo: UBA, UEBA, machine learning and artificial intelligence, network abnormality detection, the marketing conversations of evolving to that SOC of 2020 — what do all these really mean to you and your operations and which can be useful in your efforts to find the badness?

@IrishMASMS
IrishMASMS is an old school hacker, fighting the good fight in Computer Network Defense (CND)/blue team efforts for more than 18 years. He has been lurking about since DEFCON 10, a panel member at HOPE 5, a presenter at a couple of Notacons, and a few other conferences where it may be hard to remember what really occurred. Having progressed through the ranks from a Security Operations Center (SOC) analyst to manager and director of Information Security risk management programs, he has experienced the wide opportunities for pain in our industry — and desires to help improve rather than perpetuate, nurture rather than exclude.


Return to Index    -    Add to    -    ics Calendar file

 

IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - Friday - 13:15-13:59



Return to Index    -    Add to    -    ics Calendar file

 

WLV - Caesars Promenade Level - Milano BR 5,6 - Friday - 17:30-17:55


Faz

Bio

Edward Farrell (AKA Faz) runs his own cybersecurity practice in Sydney (Australia) & lectures at UNSW Canberra in wireless security.

Exploring the 802.15.4 attack surface

Abstract

Whilst 802.15.4 technologies such as Zigbee have been around for some time, our understanding of threats and risks associated with it have been lacking. As new use cases evolve, so have the opportunities for attack and exploitation. The purpose of this talk is to provide a real world exploration of where I've been finding zigbee devices with a purpose built war driving kit, some of the live collection I've done as well as an exploration of risks and what can be done. By the end of this talk, audience members will have an appreciation for cool technologies floating around their environments, an appreciation the issues associated with the 802.15.4 protocol, and how to plan and prepare from a security standpoint.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Friday - 13:30-13:50


Fasten your seatbelts: We are escaping iOS 11 sandbox!

Friday at 13:30 in Track 3
20 minutes | Demo, Exploit

Min (Spark) Zheng Security Expert, Alibaba Inc.

Xiaolong Bai Security Engineer, Alibaba Inc.

Apple's sandbox was introduced as "SeatBelt" in macOS 10.5 which provided the first full-fledged implementation of the MACF policy. After a successful trial on macOS, Apple applied sandbox mechanism to iOS 6. In its implementation, the policy hooked dozens of operations. The number of hooks has been growing steadily when new system calls or newly discovered threats appeared. In the beginning, Apple's sandbox used a black list approach which means Apple originally concentrated on the known dangerous APIs and blocked them, allowing all others by default. However, with the evolution of Apple's sandbox, it applies a white list approach that denies all APIs and only allows secure ones that Apple trusts.

In this talk, we will first introduce Apple's sandbox mechanism and profiles in the latest iOS. Then, we discuss iOS IPC mechanism and review several old classic sandbox escape bugs. Most importantly, we show two new zero-day sandbox escape vulnerabilities we recently discovered in the latest iOS 11.4. Besides, we share our experience of exploiting vulnerabilities in system services through OOL msg heap spray and ROP (Return-oriented programming). In addition, we discuss a task port exploit technique which can be used to control the whole remote process through Mach messages. By using these techniques, security researchers could find and exploit sandbox escape bugs to control iOS user mode system services and further attack the kernel.

Min (Spark) Zheng
Min (Spark) Zheng (twitter@SparkZheng, github@zhengmin1989) is a security expert in Alibaba Orion Security Lab. He received his Ph.D. degree in the CSE department of the CUHK. His research focuses on malware analysis, smartphone (Android & iOS) security, system design and implementation. Before receiving Alibaba A-Star offer award in 2015, he worked in FireEye, Baidu and Tencent. He was the champion of GeekPwn 2014 and AliCTF 2015. He won the"best security researcher" award in FIT 2016 for detecting the iOS/macOS vulnerabilities, XcodeGhost virus and WormHole RCE vulnerability. He is a member of the OverSky team for private jailbreaking development. He presented his research in DEF CON, HITB, BlackHat, RUXCON, etc.

@SparkZheng

Xiaolong Bai
Xiaolong Bai (twitter@bxl1989, github@bxl1989) is a security engineer in Alibaba Orion Security Lab. Before joining Alibaba, he received his Ph.D. degree in Tsinghua University. He has published several research papers on top conferences including IEEE S&P, Usenix Security, CCS, NDSS, and presented his research in Black Hat USA and Hack In The Box. He has been acknowledged by famous vendors, including Apple, Google, Facebook, Evernote, and Tencent for his contribution in discovering the vulnerabilities in their systems and improving the security of their products. He is a member of the OverSky team for private jailbreaking development.

@bxl1989


Return to Index    -    Add to    -    ics Calendar file

 

PHW - Caesars Promenade Level - Neopolitan BR - Friday - 15:30-16:59


Finding and Attacking Undocumented APIs with Python

Write Python web bots using Selenium and BrowserMob Proxy to crawl the Internet looking for non-public APIs. We will look at several ways to identify vulnerabilities in discovered APIs as a means for penetration testing and large scale data gathering. Participants should have some Python experience, as well as a familiarity with HTTP requests.

Ryan Mitchell is a senior software engineer at HedgeServ in Boston, where she develops APIs and data analytics tools for hedge fund managers. She is a graduate of Olin College of Engineering and Harvard University Extension School with a master's in software engineering and certificate in data science. Since 2012 she has regularly consulted, lectured, and run workshops around the country on the topics of web scraping, Python automation tools, and data science.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Friday - 13:00-13:30


Finding Xori: Malware Analysis Triage with Automated Disassembly

Friday at 13:00 in Track 2
20 minutes | Demo, Tool

Amanda Rousseau Senior Malware Researcher at Endgame Inc.

Rich Seymour Senior Data Scientist at Endgame Inc

In a world of high volume malware and limited researchers we need a dramatic improvement in our ability to process and analyze new and old malware at scale. Unfortunately what is currently available to the community is incredibly cost prohibitive or does not rise to the challenge. As malware authors and distributors share code and prepackaged tool kits, the corporate sponsored research community is dominated by solutions aimed at profit as opposed to augmenting capabilities available to the broader community. With that in mind, we are introducing our library for malware disassembly called Xori as an open source project. Xori is focused on helping reverse engineers analyze binaries, optimizing for time and effort spent per sample.

Xori is an automation-ready disassembly and static analysis library that consumes shellcode or PE binaries and provides triage analysis data. This Rust library emulates the stack, register states, and reference tables to identify suspicious functionality for manual analysis. Xori extracts structured data from binaries to use in machine learning and data science pipelines.

We will go over the pain-points of conventional open source disassemblers that Xori solves, examples of identifying suspicious functionality, and some of the interesting things we've done with the library. We invite everyone in the community to use it, help contribute and make it an increasingly valuable tool for researchers alike.

Amanda Rousseau
Amanda Rousseau absolutely loves malware. She works as a Senior Malware Researcher at Endgame who focuses on dynamic behavior detection both on Windows and OSX platforms. She worked as a malware researcher at FireEye before joining Endgame. She previously worked a reverse engineer and computer forensic examiner working for DoD forensic investigations and commercial incident response engagements. She received her MS in Information Systems Engineering from Johns Hopkins University. Research interests include malware evasion techniques, dynamic behavior classification, and developing runtime detections.

@malwareunicorn

Rich Seymour
Rich Seymour is a senior data scientist at Endgame, where he works on integrating R&D successes into the company's platform and experimenting with new techniques to make security sensible. He's currently working on improving natural language understanding in the Artemis chatbot in the Endgame platform and understanding how to catch adversary tradecraft. He holds a PhD in materials science and an MS in computer science, both from the University of Southern California, where he worked on high-performance computing simulations of nanoscale materials under stress. He has spoken at USENIX SOUPS, Shmoocon and O'Reilly Security.

@rseymour


Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Friday - 15:00-15:59


Freedom of Information - Hacking the Human Black Box

Elliott Brink, Senior Penetration Tester at RSM US LLP

FOIA (otherwise known as the Freedom of Information Act or FOI/Freedom of Information in Australia) are government-based initiatives to permit the public to request information on various government records. In practice, these acts enable transparency of the operations of government to the masses with relative ease. In reality, submitting FOI requests can be a cumbersome and frustrating process for citizens.

For two years now I have been hacking this human black box - finding out what you can/cannot ask for and more importantly how to ask for information and get it! Have you ever asked the government for a log file, Cisco IOS running config or Active Directory group policies? Do you ever wonder if a government employee would provide you with such information if you asked really really nicely? Let's find out together! For the past couple of years I have been performing various technology-focused FOI requests in an attempt to answer one simple argument: Can you utilize freedom of information to enumerate technical information from government agencies? I present my research, findings and results of multiple years of submitting FOIA requests to various USA and Australian government institutions including multiple intelligence agencies. We will discover the fun times and challenges when performing such requests.

Attendees will gain practical knowledge about: what FOIA is, the caveats of FOIA, how you can utilize FOIA on red team engagements and other open source intelligence gathering activities and finally the results of my research in multiple requests to intelligence agencies.

Elliott Brink (Twitter: @ebrinkster) is an information security consultant based out of NYC. He specializes in internal/external pentesting, security architecture and social engineering. He loves computer history, tracking bad guys, honeypots, an expertly crafted bloody mary, and traveling the globe.


Return to Index    -    Add to    -    ics Calendar file

 

Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South - Friday - 12:00-12:59


Title:
Friends of Bill W

For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon &5pm Thurs-Sat, Noon Sun. The location is Office 4 Behind the @dcib.

Stop by, refresh yourself.

We\x92ll be here.

Return to Index    -    Add to    -    ics Calendar file

 

Meetup - Caesars - Promenade Level - Office 4 behind Info Booth near Promenade South - Friday - 17:00-17:59


Title:
Friends of Bill W

For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon &5pm Thurs-Sat, Noon Sun. The location is Office 4 Behind the @dcib.

Stop by, refresh yourself.

We\x92ll be here.

Return to Index    -    Add to    -    ics Calendar file

 

SEV - Caesars Promenade South - Octavius BR 3-8 - Friday - 16:00-16:50


Friday August 10 1600 50 Mins

From Introvert to SE: The Journey

In 20 years I learned how to step outside my introverted personality to explore the world in a more successful way, but not without bumps and bruises which taught me valuable lessons.

This is my story of that journey which I hope to convey to those listening that being a deep introvert should not prevent them from trying and achieving goals in life up to and including being a professional social engineer and beyond. I wrap up with the specific lessons I learned over the course of that time, so others can reap the benefits of those lessons in a much shorter time frame.

Ryan MacDougall: @joemontmania

Ryan MacDougall is a Senior Social Engineer Pentester for Social-Engineer LLC, who has over 20 years’ experience in the information technology world and 5 years in the security space specifically. Naturally a deep introvert, he has achieved goals and experienced life that early on did not seem possible or even imaginable. With the help of professionals and experts in the field of psychology, he amassed techniques to navigate the social world to achieve goals he wanted and some he never knew he wanted.


Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Friday - 14:00-14:59


Title:
From MormonLeaks to FaithLeaks

Ethan Gregory Dodge
@Mormon_Leaks @FaithLeaks @egd_io
From MormonLeaks to FaithLeaks

Last year Ethan spoke as Privacy P. Pratt, the anonymous technical mind behind the whistle-blowing organization MormonLeaks and chronicled its history and impact up to that point. Since then, he has abandoned the pseudonym, FaithLeaks has been born, and MormonLeaks has uncovered a great deal more. Join Ethan in this sequel to last year and hear about Skytalks-2017-inspired FaithLeaks, exposed sexual and ecclesiastical abuse, financial information the Mormon Church went through great lengths to hide, mistakes made along the way, and how this model is promoting increased transparency in a part of society that desperately needs it.


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Flamingo - 3rd floor - Track 101 Scenic BR - Friday - 20:30-23:59


Title:
GeekPwn Party

Part contest, part open discussion of security, part talent show and 100% fun! Join the folks from GEEKPWN for a evening of entertainment with a focus on information security from China. Expect contests, serious discussion, music, and an enviroment open to your ideas.

Return to Index    -    Add to    -    ics Calendar file

 

Contest - Contest Stage - Friday - 10:00-12:59


Title:
GeekPwn

Started by KEEN - and the first in 2014, GeekPwn enables security geeks around the world to exchange their thoughts and research findings. As the international intelligence security community, GeekPwn tries to create secure life with secure techniques. In GeekPwn, YOU are encouraged to exploit unknown vulnerabilities of the cyber world. And together, WE aim to help manufacturers develop their security systems and create a better world.

The most unique and extraordinary character of a GeekPwn attendee is his/her open-minding and rich variety of PWN.

Security researchers are welcomed to GeekPwn if they are able to take control or obtain data without authorization under reasonable, realistic conditions (without tampering, pre-implanted Trojans or certain pre-granted privileges), and target software and protocols of mobile phones, smart devices, Internet of Things, new I/O modules (gesture capture, VR, AR, etc.), AI-featured modules and services (robots, visual recognition and voice recognition), etc.

More Info: http://www.geekpwn.org/

Return to Index    -    Add to    -    ics Calendar file

 

HHV - Caesars Pool Level - Forum 17-21 - Friday - 14:00-17:59


Chris Gammell

Abstract

This is an in-person, hands-on version of “Getting To Blinky”, an online course series that has taught thousands to use the free and open source electronics CAD program, KiCad. This would be a “DEFCON badge” version of that course which showcases how to add a blinking circuit, get acquainted with the tool and also add customizable artwork to a Printed Circuit Board (PCB). By the end, attendees will be able to actually order a low cost PCB from online sources.

What to Bring

Please come to this session with a computer with KiCad set up and running. Course is aimed at KiCad 4.0.7, slightly earlier is fine but 5.0.0 is not advised. Install assistance can be given during the beginning of the presentation if needed.

Max size: 24, first come first serve basis.

Bio

Chris Gammell is the host of The Amp Hour Electronics podcast and the owner of Contextual Electronics, an online apprenticeship program. He has been teaching people to design and build electronics online for 8 years, including 5 as an online instructor. His interests are in hands on education and making the electronics learning process easier. He also focuses on low cost and no cost tools, like the open source CAD program KiCad. Prior to teaching online, Chris was an electronics designer for 15 years in various industrial settings.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Friday - 14:00-14:45


GOD MODE UNLOCKED: Hardware Backdoors in [redacted] x86 CPUs

Friday at 14:00 in Track 1
45 minutes | Demo, Tool, Exploit

Christopher Domas

Complexity is increasing. Trust eroding. In the wake of Spectre and Meltdown, when it seems that things cannot get any darker for processor security, the last light goes out. This talk will demonstrate what everyone has long feared but never proven: there are hardware backdoors in some x86 processors, and they're buried deeper than we ever imagined possible. While this research specifically examines a third-party processor, we use this as a stepping stone to explore the feasibility of more widespread hardware backdoors.

Christopher Domas
Christopher Domas is a security researcher and embedded systems engineer, currently investigating scalable IoT security. He is best known for releasing impractical solutions to non-existent problems, including the world's first single instruction C compiler (M/o/Vfuscator), toolchains for generating images in program control flow graphs (REpsych), showing that all programs can be reduced to the same instruction stream (reductio), and the branchless DOOM meltdown mitigations. His more relevant work includes the sandsifter processor fuzzer, the binary visualization tool ..cantor.dust.., and the memory sinkhole x86 privilege escalation exploit.

@xoreaxeaxeax


Return to Index    -    Add to    -    ics Calendar file

 

WLV - Caesars Promenade Level - Milano BR 5,6 - Friday - 11:00-11:55


Travis Goodspeed

Bio

The REAL Travis Goodspeed

@travisgoodspeed

Goodwatch Update

Abstract

Goodwatch


Return to Index    -    Add to    -    ics Calendar file

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Friday - 14:00-15:59


Title: Hack On The BitBox Hardware Wallet

Speakers: Stephanie Stroka and Marko Bencun

Description:
No description available



Return to Index    -    Add to    -    ics Calendar file

 

Contest - Caesars - Track 3 - Pool Level - Forum BR 1-11,25 - Friday - 20:00-21:59


Title:
Hacker Jeopardy

Hacker Jeopardy is back for its 24th unbelievable year! Three teams of three battle each round to face last year's champion in the final. 100 points for every beer consumed makes the answers, well, less predictable as the game goes on. Antics, swag, and audience participation -- how can you go wrong? WARNING: 18+ only due to adult language and innuendo. We're offended if you're not offended.

More Info: http://www.hackerjeopardy.org

Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Caesars - Emperors Level - Chillout Rm - Friday - 20:00-25:59


Title:
Hacker Karaoke

Do you like to sing? Do you want to perform? Ever wanted to sing in front of others? Come on down to the 10th Annual Hacker Karaoke, DEFCON's on-site karaoke experience. You can be a star, or if you don't want to be a star, you can also take pride in making an utter fool of yourself.

More Info: https://hackerkaraoke.org/   @HackerKaraoke

Return to Index    -    Add to    -    ics Calendar file

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Friday - 17:00-17:59


Title: Hacking a Crypto Payment Gateway

Speakers: Devin "Bearded Warrior" Pearson and Felix "Crypto_Cat" Honigwachs

Description:
No description available



Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Friday - 13:30-13:50


Hacking the Brain: Customize Evil Protocol to Pwn an SDN Controller

Friday at 13:30 in Track 2
20 minutes | Demo, Exploit

Feng Xiao Hacker

Jianwei Huang Hacker

Peng LiuRaymond G. Tronzo, M.D. Professor of Cybersecurity

Software-Defined Networking (SDN) is now widely deployed in production environments with an ever-growing community. Though SDN's software-based architecture enables network programmability, it also introduces dangerous code vulnerabilities into SDN controllers. However, the decoupled SDN control plane and data plane only communicate with each other with pre-defined protocol interactions, which largely increases the difficulty of exploiting such security weaknesses from the data plane.

In this talk, we extend the attack surface and introduce Custom Attack, a novel attack against SDN controllers that leverages legitimate SDN protocol messages (i.e., the custom protocol field) to facilitate Java code vulnerability exploitation. Our research shows that it was possible for a weak adversary to execute arbitrary command or manipulate data in the SDN controller without accessing the SDN controller or any applications, but only controlling a host or a switch.

To the best of our knowledge, Custom Attack is the first attack that can remotely compromise SDN software stack to simultaneously cause multiple kinds of attack effects in SDN controllers. Till now we have tested 5 most popular SDN controllers and their applications and found all of them are vulnerable to Custom Attack in some degree. 14 serious vulnerabilities are discovered, all of which can be exploited remotely to launch advanced attacks against controllers (e.g., executing arbitrary commands, exfiltrating confidential files, crashing SDN service, etc.).

This presentation will include:

Feng Xiao
Feng Xiao will be a Ph.D. student at The Pennsylvania State University soon. He enjoys hacking all kinds of systems as well as finding vulnerabilities. He received his B.S. in Computer Science from Wuhan University in 2018.

He has published three papers (including posters) in well-known security conferences like CCS, MobiCom, ICICS etc. He was also the recipient of First Prize in 2016 China Undergraduate Security Contest, First Prize of 2015 BCTF, and Third Prize of 2015 0CTF.

http://fxiao.me

Jianwei Huang
Jianwei Huang is a researcher at Wuhan University. He is interested in finding and solving security related problems.

Peng Liu
Dr. Liu is a professor at The Pennsylvania State University. His research interests are in computer security. He has published a monograph and over 270 refereed technical papers.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Friday - 16:15-16:45


Hacking the international RFQ Process #killthebuzzwords - Dino Covotsos

Thanks to the “boom” in the information security industry combined with the latest buzzwords, more and more large corporate companies are looking for the latest “next gen” anti-haxor services and technologies. In doing so they often go out publicly on tender and / or issue an RFP/RFQ in order to obtain the best possible solution to meet their requirements and budget (usually cost wins).

Due to this and a lack of maturity in the field, companies issue public RFQs / RFPs that contain classified and confidential / secret information such as network diagrams, architectural designs, software versions etc. This type of information would usually require that an attacker spend an extensive amount of time performing enumeration and / or gaining access to the internal network first and taking a significant amount of time to learn about that environment. Targeting the procurement process of an organisation exposes a largely unexplored attack surface.

This new research and presentation aims to demystify the above and give practical examples of large international organisations, which unfortunately fail at the RFP/RFQ process badly. This opens a “free and easy” attack vector for attackers to exploit without even conducting extensive enumeration and fingerprinting, or anything close to intrusive attacks. As a result, an attacker often has access to an extensive amount confidential information about the organisation, which could be utilised to launch more targeted attacks. Depending on the type of information gathered, such attacks, could be likened to an attacker that has insider knowledge.

I will also be demonstrating, via real world examples, the dangers of going out blindly and looking for specific services and products in the information security industry, with real life networks being shown on stage.

A short breakdown of what will be presented is as follows:


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon A - Friday - 14:30-18:30


Hacking Thingz Powered By Machine Learning

Friday, 1430-1830 in Icon A

Clarence Chio Security Researcher

Anto Joseph Security Engineer, Tindr

"HACKING THINGZ POWERED BY MACHINE LEARNING" is a hands-on workshop that gives attendees a crash course in performing practical adversarial attacks on modern technology powered by machine learning. This will NOT be an intro to ML class - do that on your own time online before or after the class - deep ML knowledge is definitely *not* required. We will perform mischief on ML systems that most tech-savvy people interact with on a daily basis: face recognition, (smartphone authentication) speech recognition, (home assistants) and web application firewalls (need we say more?) ;) We won't just be explaining the theory and tomfoolery behind these attacks - we'll walk you through each step of each attack and show you how *absolutely anyone* can hack systems like these with just a little bit* of background in ML hacking.

* This is an intermediate technical class suitable for attendees with some ability to read and write basic Python code. To get the most out of this workshop, surface-level understanding of machine learning is good. (i.e. be able to give a one-line answer to the question "What is machine learning?")

Prerequisites: Basic familiarity with Linux Python scripting knowledge is a plus, but not essential

Materials:
No fee required
Latest version of virtualbox Installed
Administrative access on your laptop with external USB allowed
At least 20 GB free hard disk space
At least 4 GB RAM (the more the merrier)

Max students: 24

Registration: -CLASS FULL- https://www.eventbrite.com/e/hacking-thingz-powered-by-machine-learning-icon-a-tickets-47194541143
(Opens July 8, 2018 at 15:00 PDT)

Clarence Chio
Clarence Chio has shared his research on ML and security at hacking events around the world. He has taught dozens of training classes and workshops to conference attendees and security teams at large tech companies. He wrote the new O'Reilly Book "Machine Learning & Security: Protecting Systems with Data and Algorithms", and organizes the AI Village at DEF CON. Clarence has a B.S. and M.S. in Computer Science from Stanford, specializing in data mining and artificial intelligence.

Anto Joseph
Anto Joseph is a Security Engineer for Tinder. He is involved in developing and advocating security in Machine Learning Systems & Application Security Research. Previously, he has worked at Intel, Citrix, and E&Y in multiple information security roles. He is very passionate about exploring new ideas in these areas and has been a presenter and trainer at various security conferences including BH USA, Defcon, BruCon, HackInParis, HITB Amsterdam, HackLu, Hacktivity, PHdays, X33fCon, NullCon, c0c0n and more. He is an active contributor to many open-source projects and some of his work is available at https://github.com/antojoseph.


Return to Index    -    Add to    -    ics Calendar file

 

BTV - Flamingo 3rd Flr- Savoy Rm - Friday - 13:40-14:30


Hacking Your Dev Job to Save the World - Where Programming and Hacking Meet

Friday at 13:40-14:30
50 minutes

@jtpereyda

Have you wondered whether developers can play any significant role in the security world? Come hear from a diehard programmer and hacker who loves to break and loves to build, and learn how a regular programmer can make major contributions to security from the trenches. This presentation will dive into the intersection between development and security. You will learn about the SDL -- Secure Development Lifecycle, and why in the world a hacker would care about processes and procedures. You will learn how "processes" and "lifecycles" can be useful -- and how they can be a complete waste of time. Included are real world success stories of organizational hacking -- getting other engineers to change their practices -- and real world fail stories. Attendees will come away with knowledge of how development and security intersect, and how they can use their programming day job to save the world. If you are a developer who cares deeply about security, enjoys exploits, and wants to make the world a better place, this is for you.

@jtpereyda
Joshua is a software engineer specializing in information and network security. He has worked in the critical infrastructure and cloud computing industries with employers heavily invested in software and hardware security. While he currently hunts vulnerabilities full time, his roles have evolved from programmer to hacker to organizational hacker to regular hacker again. Not only has Joshua found vulnerabilities in safety critical software, he has started long term security programs, changing the way an entire business works. Joshua has written software, hacked software, and hacked companies. In his free time, Joshua enjoys improving open source software, teaching kids to program, attending orchestral concerts with his wife, and figuring out how he can get paid to do it all... legally.


Return to Index    -    Add to    -    ics Calendar file

 

Service - Caesars - Promenade Level - Anzio Rm past Registration - Friday - 10:00-15:59


Title:
Ham Radio Exams

Take HAM Radio Exams at DEF CON 26!
Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Friday - 11:00-12:00


Title:
Hamilton's Private Key: American Exceptionalism and the Right to Anonymity

11:00am

Hamilton's Private Key: American Exceptionalism and the Right to Anonymity
When
Fri, August 10, 11am – 12pm
Description
Speaker
------
Jeff Kosseff

Abstract
--------
In the Sixteenth Century, English Puritan preacher John Udal published a series of pamphlets criticizing the Anglican Church. He signed the pamphlets under a pseudonym, Martin Marprelate. The Bishops soon determined his identity, and Udal was sent to prison, where he died. Such prosecutions for political views were common throughout in England throughout the Sixteenth, Seventeenth, and Eighteenth centuries.

So it was not surprising that once the British colonies in America had achieved independence and were determining the future of their government, much of the debate occurred without real names. When Alexander Hamilton, James Madison, and John Jay published the Federalist Papers, they did so under a single pseudonym, Publius.

Although the First Amendment does not explicitly require anonymity, U.S. courts repeatedly have held that that its free speech protections guarantee a strong (but not absolute) right to speak anonymously. In 1960, the Supreme Court struck down a Los Angeles ordinance that prohibited the distribution of anonymous handbills, and it invalidated a similar Ohio law in 1995. Since the mid ’90s, state and federal courts have relied on this right to anonymity in rejecting defamation plaintiffs’ attempts to use the court discovery process to unmask the identities of anonymous Internet posters. Although the United States is not the only nation to protect anonymity, its anonymity protections are among the strongest in the world, and have helped establish the robust online debate that we know today.

Legal and policy debates surrounding encryption often focus on privacy rights and the Fourth Amendment. While these discussions are vital, that they too often overlook the free speech-based anonymity rights that have been fundamental to the United States since its founding. In this presentation, I present the research conducted to date for my book-in-progress, United States of Anonymity, tracing the history of this First Amendment-based right to speak anonymously. I explain how this strong history of ensuring the right to speak anonymously applies to the current encryption debates, as well as the distinct but related issue of anonymity tools such as Tor. I argue that encryption and anonymity are essential for Twenty-First Century free speech, and explain how the legal protection of pamphleteers extends to encryption and anonymity.

To be sure, some efforts to weaken encryption may not necessarily threaten an individual’s anonymity. And encryption is not the only protection for anonymity. However, there is significant overlap between the values underlying the First Amendment anonymity opinions and some justifications for encryption. Moreover, encryption has been an essential component of many of the most innovative anonymity tools (such as the techniques that newsrooms have adopted to receive anonymous tips).


Bio
-----------------
Jeff Kosseff is an assistant professor of cybersecurity law at the U.S. Naval Academy. He is the author of Cybersecurity Law, a textbook, and his latest book, The Twenty-Six Words That Created the Internet, a history of Section 230 of the Communications Decency Act, will be published early next year by Cornell University Press. He previously practiced cybersecurity law at Covington & Burling, and clerked for Judges Milan Smith on the Ninth Circuit and Leonie Brinkema in the Eastern District of Virginia. Before becoming a lawyer, he was a technology journalist for The Oregonian and finalist for the Pulitzer Prize.

Twitter handle of presenter(s)
------------------------------
@jkosseff

Website of presenter(s) or content
----------------------------------
www.jeffkosseff.com

Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Friday - 16:15-16:59


Title: Hey Bro, I Got Your Fitness Right Here (and your PHI).

Speakers: Nick - GraphX
Abstract:
This is a journey into fitness. My fitness and more importantly your fitness. Or rather the information that I've been collecting every day at the gym while getting ready for bikini season. This a look at my journey to become the sexy stud muffin you see before you (google image search "sexy stud muffin" for reference) and my quest to do bad things through various means, up to and including compromising cardio equipment, fitness apps, and changing delivery addresses for fitness equipment to my house instead of your gym. No zero days and nothing overly technical provided here, but the intended takeaway is awareness of who is collecting your PHI and from where. Just like on Maury, the results will shock and amaze. Or maybe you'll just get a good laugh at my journey to lose 100 pounds.

Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Friday - 15:00-16:00


Title:
Hiding in plain sight: Disguising HTTPS traffic with domain-fronting

3:00pm

Hiding in plain sight: Disguising HTTPS traffic with domain-fronting
When
Fri, August 10, 3pm – 4pm
Description
Speaker
------
Matt Urquhart

Abstract
--------
Domain-fronting is a technique used to disguise HTTPS traffic as being destined for one service, but actually communicating with a different service. It relies on an implementation detail of HTTPS stacks which share infrastructure between customers. Recently, there has been a large amount of media attention surrounding a popular instant-messaging app using this technique to evade censorship. What is domain fronting and how does it work? This talk aims to give you everything you need to fully understand domain fronting, try it yourself, and understand how domain-fronting can also open a path to DoS and IP spoofing attacks.

Bio
-----------------
Matt is a software developer from Australia who first became interested in Infosec after hearing of hilarious pranks played during the early days of the Internet. In his spare time he enjoys playing the drums.

Twitter handle of presenter(s)
------------------------------
@arrtchiu

Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Flamingo - 3rd Floor - Track 101 Twilight BR - Friday - 20:30-23:59


Title:
House of Kenzo

Come celebrate teh culture of DIY or die! The future has not been written yet so come and mingle with the authors of the time to come and celebrate creating a culture of global communication and culture. Live music and open minds will meet your ideas and help you trailblazer the next century.

Return to Index    -    Add to    -    ics Calendar file

 

ICS - Flamingo Lower Level - Red Rock Rm 6-8 - Friday - 10:40-11:10


How can industrial IioT be protected from the great unwashed masses of IoT devices

August 10, 2018 10:40 AM

IoT and IIot devices are more prevalent in homes and industry. When these two areas share the same space, malware could move from one domain to another. For example, smart meters used by an electric utility could be compromised by other smart devices in the home. How can an electric utility protect their industrial equipment and ensure that home based IoT devices stay in their place? Join us in a demonstration of techniques that could be used to cloak an electric meter from the wild west of commercial-off-the-shelf IoT devices

Speaker Information

Ken Keiser

Parsons

Ken Keiser is the Director of Operational Technology Cybersecurity at Parsons Corporation, focusing on critical infrastructure protection risk analysis, and mitigation in the transportation, oil & Gas, water, steel, automotive, and chemical industries. He has over 30 years of industrial control system experience in distributed control systems with Bailey Controls, ABB, and Siemens. Most recently, Ken was the interim Chief Information Security Officer for Amtrak as part of a Parsons project. He holds a Certified Information Systems Security Professional certification as well as a Payment Card Industry Qualified Security Assessor certification. Ken holds a Bachelor of Science in Electrical Engineering from Drexel University, and a Bachelor of Business Administration from Temple University.

Ben Barenz

Parsons

Ben Barenz is a Systems Engineer at Parsons Corporation, focusing on critical asset protection and critical infrastructure protection. He has over 8 years of industry experience in critical asset protection under DoD contracts and has recently moved under critical infrastructure protection. Ben holds a Bachelors of Science in Electrical Engineering from the University of Nebraska and numerous industry related certifications. ​


Return to Index    -    Add to    -    ics Calendar file

 

BTV - Flamingo 3rd Flr- Savoy Rm - Friday - 14:50-15:40


How not to suck at Vulnerability Management [at Scale]

Friday at 14:50-15:40
50 minutes

@Plug and mwguy

In the current cyber landscape several vulnerabilities are discovered every day. The volume of information and multiple sources to consume this information create interesting challenges for any security team. In the recent months several organizations have been prey of bad actors, exposing private data of millions of users, many times from month old vulnerabilities.

Vulnerability management is often disregarded, improperly staffed and rarely discuss in the infosec community, yet is one of the single point of failures allowing for breaches to take place. Under this circumstance, are you prepared to deal with vulnerabilities accordingly?

In this talk, we’ll share our experiences dealing vulnerabilities at scale. What works, what does not and why. More importantly, what actions you should consider improving or build your Vulnerability program. In the process, we’ll introduce some of the custom tools created internally to automate and enhance the program.

Unlike most Vulnerability Management talks, this talk is about the hands-on portion and day-to- day activities that must take place. Whether you are a seasoned infosec professional or new to the field, there is something for you to take away, especially at scale.

@Plug
Plug is currently a Senior Security Analyst at Verizon Digital Media Services. He started his journey in computer security back in 1996 when he discovered a 2600 magazine that eventually that lead him to his first LA2600 meeting in 1998. From that point forward, he has been involved in computer security. With over 16 years of IT experience, he has worked as Systems Administrator, Security Analyst and Security Engineer in the Finance and Telecom sector. In his free time, he enjoys building Legos, playing with synthesizers and modular systems, when possible he volunteers his time to computer security events.

mwguy
Chris is currently a Senior Security Engineer at Verizon Digital Media Services (formerly EdgeCast). Started working with computers in High School, and having older slower computers quickly made the move to Linux and BSD's to improve performance. From then on, he's worked with *nix systems almost exclusively, and a couple of years ago made the switch from being a Systems Administrator to working exclusively in Security. When not working, Chris enjoys crypto-currencies, his dogs, and putting wacky stuff on various Raspberry Pis.


Return to Index    -    Add to    -    ics Calendar file

 

PPV - Flamingo Lower Level - Valley Of Fire Rms - Friday - 10:30-10:59


Title:
How to Microdose Yourself

primer on microdosing yourself for fun and performance, from a nurse (though not medical advice)
Return to Index    -    Add to    -    ics Calendar file

 

ICS - Flamingo Lower Level - Red Rock Rm 6-8 - Friday - 14:30-14:59


How We Cost Our Client ÂŁ1.2M with 4 lines of code and less than 2 Hours ($2M)

August 10, 2018 2:30 PM

Hacking SCADA, or more commonly ICS is serious business - unlike other areas of offensive security one mistake can cost lives. Mike and Matt will present their ICS research which was carried out at one of the UKs top Industrial training facilities, walk through caveats, protocols and show some demos. They will also show how one can start researching industrial systems safely and cover what one needs to know to not get someone killed. They will also share the story and method behind how they cost a company £1.2M+ ($2M+) in lost earnings in under 5 seconds with only 4 lines of code. We will not be showing exploit code as we believe given what's at stake, it's highly irresponsible, but what we will do is give responsible researchers the knowledge they need to get involved and start helping to secure critical infrastructure. We’ll also show process, insight and what exploiting this kit actually means.

Speaker Information

Mike Godfrey

INSINIA

Mike Godfrey is a Network Specialist and Ethical Hacker with over 20 years experience in building and breaking computers. He has enjoyed a successful career in Information Technology, having qualified in Cisco CCNA (Network Associate) over 10 years ago and going on to work on some of the countries largest technological infrastructure. Mike is qualified and experienced in IT but is also a qualified Electro-technical / Electro-mechanical Engineer, specialising in hardware exploitation. Mike’s qualifications and experience have led to INSINIA becoming the only Gas Safe Registered Cyber Security Company in the UK, allowing it to test industrial process and building infrastructure in a unique way. Mike’s skills have also led to the design and production of a range of new products and services, including securing the hardware and fabric of buildings and identifying key vulnerabilities within the buildings “PowerLine” (230V circuit), which can allow an attacker to exfiltrate information undetected, as well as discovering vulnerabilities in key industrial gas systems and controls. Mike was the first ethical hacker to successfully hack Trend’s 963 BMS system back in 2006, the Sentry Safe with a magnet and a sock in 2014, the Philips Hue smart home system in 2017 and many more.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Friday - 15:50-16:10


How WHOIS Data Uncovered $32 Billion Connected to the Mormon Church - Ethan Dodge

It’s always been suspected that the Mormon Church is worth billions of dollars and has a sizable amount of investments in the United States stock market. However their finances are almost entirely opaque. In May 2018, MormonLeaks released a compilation of information connecting the dots between the Mormon Church and $32 billion.

It all started with WHOIS data and was further verified with almost entirely publicly available and open sources. Come hear the entire story in lightning style fashion.


Return to Index    -    Add to    -    ics Calendar file

 

WLV - Caesars Promenade Level - Milano BR 5,6 - Friday - 17:00-17:25


t0ddpar0dy

Bio

WiFi hobbyist, member of last year's 4th place team, former fed, curious engineer

@t0ddpar0dy

Hunting Rogue APs: Hard Lessons

Abstract

Given the challenge of locating a static Access Point this presentation highlights our strategy, pitfalls, and success.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Friday - 18:00-18:35


I fought the law and law lost - Mauro Caseres

“I fought the law and the law lost” is a series of talks that aims to collect vulnerabilities in the field of Argentine Security forces. This chapter focuses on both Federal and Buenos Aires City Police, which according to the Head of Government Horacio Rodrâšâ‰ guez Larreta, has the ““most modern technology in the world””.

We will analyze four particular cases (two on the lightning talk version), all of them ending in national scandals:

But we’ll do it having in mind a special requirement: passive action. We’ll use Recon & OSINT at it’s best in order to reconstruct how the leaks were carried from start to end. A police chief using his daughter’s name as a password? A Police CIO using his own National ID Number as recovery question? Public databases exposing too much information? Reused passwords across every site on the internet? Sure, but it’s not the worst. We’ll use hand crafted DIY tools and without compromising a single system, reveal a lot of bugs and vulns. This talk is heavily focused on obtaining OSINT from public sources (specially in countries with weak or ambiguous laws, like Argentina)

This talk aims to demonstrate various flaws with a critical, technical and impartial approach to bring to the public a prevailing reality: First, argentine law allows a lot of compromising data to be used as ““public”” (thus leaving the place for OSINT based attacks to occur), and second… we are not safe against computer threats, and those who take care of us, neither are.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Friday - 17:00-17:45


I'll See Your Missile and Raise You A MIRV: An overview of the Genesis Scripting Engine

Friday at 17:00 in Track 1
45 minutes | Demo, Audience Participation, Tool

Alex Levinson Senior Security Engineer

Dan Borges Hacker

Typically, the activities of a malware attack occur on an execution timeline that generally consists of 3 segments—the vector, the stage, and the persistence. First, a vector, or method of exploitation is identified. This could be anything from logging in over a credentialed method like RDP or SSH and running a malicious payload directly, to exploiting a memory corruption vulnerability remotely. Second, that access is leveraged into running malicious code that prepares the victim for the deployment of persistence (commonly "implant"). While segments one and three have been extensively automated, a effective automated utility for deploying persistence in a dynamic and unified context has yet to present itself.

Enter the Genesis Scripting Engine.

The Genesis Scripting Engine, or Gscript for short, is a framework for building multi-tenant executors for several implants in a stager. The engine works by embedding runtime logic (powered by the V8 Javascript Virtual Machine) for each persistence technique. This logic gets run at deploy time on the victim machine, in parallel for every implant contained with the stager. The Gscript engine leverages the multi-platform support of Golang to produce final stage one binaries for Windows, Mac, and Linux.

This talk will consist of an overview of the origins of the project, a technical deep dive into the inner workings including the modified Javascript VM, a walk through of the CLI utility, and examples of how we've leveraged Gscript in the real world.

Multiple demos involving practical application scenarios will be presented, as well as an opportunity for audience members to submit their own implants and have them built into a hydra on stage in a matter of minutes.

Alex Levinson
Alex Levinson is a Senior Security Engineer at Uber with experience in red teaming, software engineering, and incident response. Outside of Uber, he is a core member of the red team for the National Collegiate Cyber Defense Competition (CCDC), as well as the Competition Director for the Collegiate Penetration Testing Competition (CPTC). Previously, Alex worked as a Senior Consultant and Development Manager at Lares Consulting.

@alexlevinson, github.com/gen0cide, alexlevinson.wordpress.com

Dan Borges
Dan Borges is an information security professional with over 15 years in computer science. Dan participates in a number of cyber security competitions each year, from being on the National CCDC Red Team, to leading a Blue Team in Pros Versus Joes, and helping run the Collegiate Penetration Testing Competition (CPTC). He has been publishing a blog on infosec education for more than 10 years.

@1jection


Return to Index    -    Add to    -    ics Calendar file

 

IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - Friday - 16:45-17:30



Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Friday - 13:20-13:59


Identifying and correlating anomalies in Internet-wide scan traffic to newsworthy security events

Andrew Morris

In this presentation, we will discuss using GreyNoise, a geographically and logically distributed system of passive Internet scan traffic collector nodes, to identify statistical anomalies in global opportunistic Internet scan traffic and correlate these anomalies with publicly disclosed vulnerabilities, large-scale DDoS attacks, and other newsworthy events. We will discuss establishing (and identifying any deviations away from) a “standard” baseline of Internet scan traffic. We will discuss successes and failures of different methods employed over the past six months. We will explore open questions and future work on automated anomaly detection of Internet scan traffic. Finally, we will provide raw data and a challenge as an exercise to the attendees.

Andrew Morris is the founder and CEO of GreyNoise Intelligence, a DC-based cyber security company, and likely holds the world record for amount of time staring at Internet-wide scan traffic. Prior to founding GreyNoise, Andrew worked as a researcher, red team operator, and consultant for several large cyber security firms including Endgame, NCC group, and KCG. Outside of work, Andrew enjoys playing fingerstyle acoustic guitar and tries to figure out what his dreams mean.


Return to Index    -    Add to    -    ics Calendar file

 

SEV - Caesars Promenade South - Octavius BR 3-8 - Friday - 17:50-18:40



Friday August 10 2018 1750 50 mins

In-N-Out – That’s What It’s All About
Without the right tools the engagement can be over before it begins, as upfront resistance can prevent you from entering with your tools. Billy Boatright demonstrates and discusses how to use social engineering tactics to get in without any difficulty. While most think outside of the box, Billy shows us how to think inside the box and embrace your own handicaps to arm yourself with advanced tactics and unfair advantages. Billy shows us how handicaps and familiar objects can be used to covertly carry your toolbox into an engagement, increasing your success. Rather than dealing with a perceived disadvantage, use it to exploit the world around you.

Billy Boatright: @fuzzy_l0gic
Billy began his social engineering career without even knowing it. He was a bartender on the Las Vegas Strip for the better part of a decade. He won numerous awards from all over the world as a Top-ranked Flair Bartender. He has taken the skills he learned behind the bar to the Information Security world. Billy has been a Judge for the Social Engineering Capture the Flag event at Def Con. He is also the namesake for the BSides Las Vegas Social Engineering Capture the Flag Championship Belt. Billy also volunteers time and expertise to the Las Vegas ISSA Chapter as a Board Member. He is also a member of the BSides Las Vegas Senior Staff.

Billy has multiple degrees and numerous certifications. However, when asked about them he will gladly quote George Moriarty, “The shining trophies on our shelves can never win tomorrow’s game.”


Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Friday - 13:00-13:20


IntelliAV: Building an Effective On-Device Android Malware Detector

Mansour Ahmadi

“ The importance of employing machine learning for malware detection has become explicit to the security community. Several anti-malware vendors have claimed and advertised the application of machine learning in their products in which the inference phase is performed on servers and high-performance machines, but the feasibility of such approaches on mobile devices with limited computational resources has not yet been assessed by the research community, vendors still being skeptical. In this presentation, we aim to show the practicality of devising a learning-based anti-malware on Android mobile devices, first. Furthermore, we aim to demonstrate the significance of such a tool to cease new and evasive malware that can not easily be caught by signature-based or offline learning-based security tools. To this end, we first propose the extraction of a set of lightweight yet powerful features from Android applications. Then, we embed these features in a vector space to build an effective as well as efficient model. Hence, the model can perform the inference on the device for detecting potentially harmful applications. We show that without resorting to any signatures and relying only on a training phase involving a reasonable set of samples, the proposed system, named IntelliAV, provides more satisfying performances than the popular major anti-malware products. Moreover, we evaluate the robustness of IntelliAV against common obfuscation techniques where most of the anti-malware solutions get affected.”

I am a postdoctoral Research Associate at the Northeastern University. I achieved my Ph.D. from the University of Cagliari. I am co-author of more than 10 research papers mostly about the application of machine learning for malware classification. Two of my works received awards from Kaspersky, and the Anti-Virus I developed received media coverage.


Return to Index    -    Add to    -    ics Calendar file

 

IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - Friday - 14:30-15:15



Return to Index    -    Add to    -    ics Calendar file

 

IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - Friday - 10:15-10:59



Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Friday - 18:00-18:59


INTRO TO DATA MASTERCLASS: Graphs & Anomalies

No description available


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Friday - 16:50-17:20


Introducing YOGA: Your OSINT Graphical Analyzer - Micah Hoffman

“If you have ever performed reconnaissance on a target or conducted an OSINT investigation you know that there are a huge number of places to gather OSINT data. One of the biggest challenges is in taking the next steps with that data once you have it. How do you take what you have and transform use it to get more? For instance, if you found email addresses, where do you search to find other data about those accounts? We have excellent resources such as [http://osintframework.com)[http://osintframework.com] and https://bit.ly/technisette that are huge lists of well-organized bookmarks which can be overwhelming. That is why I created YOGA.

Your OSINT Graphical Analyzer (YOGA) seeks to answer that most-common of data-gathering questions, “What do I do now?” It is designed to help when you have one type of data and need to know different actions you can take to get more data. Come to this session and learn how you and your team can use and extend this online tool in your work.”


Return to Index    -    Add to    -    ics Calendar file

 

IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - Friday - 11:30-11:59



Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Friday - 12:00-12:45


It's Assembler, Jim, but not as we know it: (ab)using binaries from embedded devices for fun and profit

Friday at 12:00 in 101 Track, Flamingo
45 minutes | Demo

Morgan ``indrora'' Gangwere Hacker

With the proliferation of Linux-based SoCs -- you've likely got one or two in your house, on your person or in your pocket -- it is often useful to look "under the hood" at what is running; Additionally, in-situ debugging may be unavailable due to read-only filesystems, memory is often limited, and other factors keep us from attacking a live device. This talk looks at attacking binaries outside their native environment using QEMU, the Quick Emulator, as well as techniques for extracting relevant content from devices and exploring them.

Morgan ``indrora'' Gangwere
Morgan is a student at the University of New Mexico where he studies an unrelated topic entirely, but does network security because it's interesting. Previously, he's spoken on subjects such as web proxies, community engagement, and typesetting. He started working with computers when he was a young child and hasn't given them up since, even if his wrists seem to disagree.


Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Friday - 14:00-14:30


It’s a Beautiful Day in the Malware Neighborhood

Matt

“Malware similarity analysis compares and identifies samples with shared static or behavioral characteristics. Identification of similar malware samples provides analysts with more context during triage and malware analysis. Most domain approaches to malware similarity have focused on fuzzy hashing, locality sensitivity hashing, and other approximate matching methods that index a malware corpus on structural features and raw bytes. Ssdeep or sdhash are often utilized for similarity comparison despite known weaknesses and limitations. Signatures and IOCs are generated from static and dynamic analysis to capture features and matched against unknown samples. Incident management systems (RTIR, FIR) store contextual features, e.g. environment, device, and user metadata, which are used to catalog specific sample groups observed.

In the data mining and machine learning communities, the nearest neighbor search (NN) task takes an input query represented as a feature vector and returns the k nearest neighbors in an index according to some distance metric. Feature engineering is used to extract, represent, and select the most distinguishing features of malware samples as a feature vector. Similarity between samples is defined as the inverse of a distance metric and used to find the neighborhood of a query vector. Historically, tree-based approaches have worked for splitting dense vectors into partitions but are limited to problems with low dimensionality. Locality sensitivity hashing attempts to map similar vectors into the same hash bucket. More recent advances make the use of k-nearest neighbor graphs that iteratively navigate between neighboring vertexes representing the samples.

The NN methods reviewed in this talk are evaluated using standard performance metrics and several malware datasets. Optimized ssdeep and selected NN methods are implemented in Rogers, an open source malware similarity tool, that allows analysts to process local samples and run queries for comparison of NN methods. “

Matt Maisel is a data scientist passionate about the intersection of machine learning, software engineering, and computer security domains. He’s currently the manager of Security Data Science at Cylance. Matt recently architected a scalable malware analysis and modeling service used to process customer malware detections. He’s worked in several organization within Cylance including research engineering as a software architect and consulting as the technical director of the incident response practice. Matt holds a M.S. in Computer Science with a focus in machine learning and distributed systems from Johns Hopkins University.


Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Friday - 11:20-11:59


JMPgate: Accelerating reverse engineering into hyperspace using AI

Rob Brandon

“One of the most exciting potential applications for artificial intelligence and machine learning is cognitive augmentation of humans. At its best, AI allows humans to handle more information, react faster to complex events, and potentially even sense features of the world that we are currently incapable of perceiving. This has many applications in the security field, such as aiding humans in the task of binary reverse engineering. Reverse engineering binary code is one of the most challenging skill sets in the security field to learn. The ability to look at a block of raw machine code and understand what it does, as well as recognize similarities to code previously seen, often requires years spent doing tedious analysis of large amounts of code.
In this talk I show how we can use machine learning to handle the tedious parts of this process for us. If we show a generative neural network a wide variety of machine code, the network will learn the most relevant features needed to reproduce and describe that code. Once the network is trained, we can show it a new segment of code and capture the state of the neurons at the end of the segment. This neural state is effectively a summary of the entire sequence summarized into a vector.
Comparing these vectors allows easy measurement of the similarity of several code sequences by simply measuring the Euclidean distance between them. These vectors can also be used as inputs to other machine learning models that can perform a variety of tasks, such as identifying compiler settings used to generate the code. As part of the presentation, I will also be releasing a tool, the JMPgate framework, which can be used to accomplish tasks like identifying library code within an executable binary. “

Rob is a threat hunter and data scientist with Booz Allen Hamilton’s Dark Labs group. He has over 20 years of experience in the tech industry and holds a PhD in computer science from the University of Maryland, Baltimore County. His hobbies include studying the ways that complex systems fall apart and building machines that do his thinking for him so that he can spend more time brewing beer and playing bass.


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Friday - 12:00-11:59


Title: Just what the Doctor Ordered: 2nd Opinions on Medical Device Security

Moderator: Christian "quaddi" Dameff MD
About Christian:
Christian (quaddi) Dameff MD is an emergency medicine doctor, former open capture the flag champion, prior DEF CON speaker, and researcher. Published works include topics such as therapeutic hypothermia after cardiac arrest, novel drug targets for myocardial infarction patients, and other Emergency Medicine related works with an emphasis on CPR optimization. Security research topics including hacking critical healthcare infrastructure, medical devices and the effects of malware on patient care. This is his fourteenth DEF CON.
Panelist:Beau Woods
About Beau:
Beau Woods is a leader with the I Am The Cavalry grassroots initiative, a Cyber Safety Innovation Fellow with the Atlantic Council, Entrepreneur in Residence at the US Food and Drug Administration, and Founder/CEO of Stratigos Security. Beau has consulted with Global 100 corporations, the White House, members of Congress, foreign governments, and NGOs on some of the most critical cybersecurity issues of our time. Beau's focus is on Internet of Things (IoT) technologies where cybersecurity intersects public safety and human life issues, including healthcare, automotive, energy, oil and gas, aviation, transportation, and other sectors. Beau is a published author, frequent public speaker, often quoted in media, and is often engaged for public or private speaking venues.
Panelist:Dr. Leslie Saxon
About Leslie:
Dr. Leslie Saxon is a Professor of Medicine, Clinical Scholar, at the Keck School of Medicine of USC. Dr. Saxon specializes in the diagnosis and treatment of cardiac arrhythmias and preventing sudden cardiac death. Dr. Saxon received her medical degree from the Ross University School of Medicine. She completed her internship and residency at St. Luke’s Hospital Washington University, and fellowships in cardiology at Rush-Presbyterian-St. Luke’s Medical Center in Chicago and UCLA. Dr. Saxon has completed over 100 publications in various medical journals and is an active member of a multitude of organizations, including the American Heart Association, and the Heart Failure Society of America. She is also a fellow of the American College of Cardiology and the Heart Rhythm Society.
Abstract:
As medical and recreational devices shift from outside to inside the body, challenges arise not only for builders and breakers of these devices, but also for regulators. This panel will introduce the progress of the Internet of Things into the "Internet of Bodies" and explain how existing legal and policy frameworks of
consumer protection and security fit with this next generation of body-attached and body-embedded devices (and how they don't).

Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon D - Friday - 14:30-18:30


JWAT...Attacking JSON Web Tokens

Friday, 1430-1830 in Icon D

Louis Nyffenegger Security Engineer, Pentester Lab

Luke Jahnke Security Researcher, Elttam

Nowadays, JSON Web Tokens are everywhere. They are used as session tokens, Oauth tokens or just to pass information between applications or microservices. By design, JWT contains a high number of security and cryptography pitfalls that creates interesting vulnerabilities. In this workshop, we are going to learn how to exploit some of those issues: the none algorithm, guessing the hmac secret, using a public key as a hmac secret... and finally CVE-2018-0114: a bug in the Cisco's Node JOSE.

Prerequisites: The students should be able to use Burp and write some basic scripts in the language of their choice. They will also need to be familiar with VMWare or the virtualization software of their choice.

Materials: A laptop with 4Gb of RAM and the virtualization software of their choice. Internet access during the class.

Max students: 33

Registration: -CLASS FULL- https://www.eventbrite.com/e/jwatattacking-json-web-tokens-icon-d-tickets-47193664521
(Opens July 8, 2018 at 15:00 PDT)

Louis Nyffenegger
Louis Nyffenegger is a security engineer and entrepreneur based in Melbourne, Australia. He performs pentest, architecture and code review on a daily basis. Louis is the founder of PentesterLab, a learning platform for web penetration testing.

Luke Jahnke
Luke Jahnke is a Security Researcher at Elttam. He has extensive experience performing security assessments and running training. He enjoys working on interest vulnerabilities and runs the biennial BitcoinCTF competition.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Friday - 12:10-12:50


Keynote - From Breach to Bust: A short story of graphing and grey data

No description available


Return to Index    -    Add to    -    ics Calendar file

 

VMHV - Caesars Pool Level - Forum 14-16 - Friday - 16:30-16:59


Title:
Keynote Address: Alejandro Mayorkas

No description available
Return to Index    -    Add to    -    ics Calendar file

 

VMHV - Caesars Pool Level - Forum 14-16 - Friday - 17:00-17:59


Title:
Keynote Address: TBA

No description available
Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Friday - 10:15-11:30


Title: Keynote Presentation: Avoiding Trauma, Drama and FUD in Medical Device Disclosure

Speaker: Jen Ellis
About Jen:
Jen Ellis is the vice president of community and public policy at Rapid7, a leading provider of analytics and automation for security and IT operations. Jen’s primary focus is on building productive collaboration between those in the security community and those operating outside it. She works extensively with security researchers, technology providers and operators, and various government entities to help them understand and address cybersecurity challenges. She believes effective collaboration is our only path forward to reducing cybercrime and protecting consumers and businesses. She has testified before Congress and spoken at a number of security industry events including SXSW, RSA, Derbycon, Shmoocon, SOURCE, UNITED, and various BSides.
Abstract:
As medical devices increasingly embrace connected technologies, there's a growing opportunity for malicious actors to interfere with devices for profit or to cause harm. The good news is that many security researchers are working to investigate the security of medical devices. However, for this effort to have a positive impact, researchers and vendors must work together to understand the true risk, address the issues, and educate physicians and patients.
In many cases, the risk may be low and should not outweigh the benefits of the device; however, mismanaged disclosures can cause panic and confusion. In other cases, researchers may struggle to engage vendors on the issue and patients may never hear of it, or they do, but no mitigation is offered. With the stakes so much higher in the healthcare arena, it's essential that we learn lessons from medical device disclosures that have gone well, and those that have not. This talk will investigate a number of public disclosures, and provide actionable guidance on how to disclose security concerns for the best possible outcomes.

Return to Index    -    Add to    -    ics Calendar file

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Friday - 11:00-11:59


Title: Keynote Speech: Inside Monero

Speakers: Howard (hyc) Chu

Description:
No description available



Return to Index    -    Add to    -    ics Calendar file

 

Meetup - Flamingo - 3rd Floor - Carson City Rm - Friday - 19:00-19:59


Title:
Lawyer Meet

If you're a lawyer (recently unfrozen or otherwise), a judge or a law student please make a note to join your host Jeff McNamara at 19:00 on Friday, August 10th, for a friendly get-together, followed by dinner/drinks and conversation.

Return to Index    -    Add to    -    ics Calendar file

 

VMHV - Caesars Pool Level - Forum 14-16 - Friday - 11:00-11:59


Title:
Lessons Learned: DEFCON Voting Village 2017

No description available
Return to Index    -    Add to    -    ics Calendar file

 

VMHV - Caesars Pool Level - Forum 14-16 - Friday - 15:00-15:15


Title:
Lightning Talks - A Crash Course on Election Security

No description available
Return to Index    -    Add to    -    ics Calendar file

 

VMHV - Caesars Pool Level - Forum 14-16 - Friday - 15:15-15:30


Title:
Lightning Talks - Mechanics & Pitfalls of Auditing with Scanners

No description available
Return to Index    -    Add to    -    ics Calendar file

 

VMHV - Caesars Pool Level - Forum 14-16 - Friday - 15:30-15:45


Title:
Lightning Talks - The Return of Software Vulnerabilities in the Brazilian Voting Machine

No description available
Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Flamingo - 3rd Floor - Track 101 Vista BR - Friday - 21:00-23:59


Title:
Live Band Karaoke

Think you have karaoke chops? Kick it up to the next level by performing your favorite songs with a live band! The band with the best name ever , DON'T PANIC provides the music and you provide the vocal talent. You won't need an electronic thumb or the help of the Dentrasi to get into this Party, just bring yourself and your towel. Come early for free swag (towel included!)!

Event info and singer sign up:
ibm.biz/dontpanic

Facebook: https://www.facebook.com/DontPanicReally/
Twitter: @DontPanicReally

Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Friday - 11:00-11:45


Lora Smart Water Meter Security Analysis

Friday at 11:00 in Track 3
45 minutes | Tool

Yingtao Zeng Security Researcher at UnicornTeam, Radio Security Research Department of 360 Security Technology

Lin Huang Senior Wireless Security Researcher and SDR technology expert, 360 Security Technology

Jun Li Senior Security Researcher, Radio Security Department of 360 Security Technology

To avoid the tedious task of collecting water usage data by go user's home _ water meters that are equipped with wireless communication modules are now being put into use, in this talk we will take a water meter _which is using Lora wireless protocol_ as an example to analyze the security and privacy risks of this kind of meters_we will explain how to reverse engineer and analyze both the firmware and the hardware of a water meter system, we will be talking about its security risks from multiple perspectives , physical, data link, and sensors. Do notice that LORA is not only used in water meter ,it is being used in a lot of IoT scenarios_so the methods we employed to analyze LORA in this talk are also useful when you do tests of other LORA based systems .

Yingtao Zeng
Yingtao Zeng is a security researcher at UnicornTeam in the Radio Security Research Department of 360 Technology. He mainly focus on the security of Internet of things, car remote control systems and automotive radar safety research. He has found vulnerabilities in a variety of automobile manufacturers including Tesla, Buick, Volvo, Chevrolet, Toyota, Nissan, BYD and more. He has presented his researches at conferences like HITB, DEF CON Car Hacking Village, Black Hat Arsenal etc.

Lin Huang
Lin HUANG is a senior wireless security researcher and the manager of UnicornTeam in 360 Technology. She is also the 360 Technology's 3GPP standard SA3 delegate and a research supervisor for master students in BUPT. Her interests include security issues in wireless communication, especially cellular network security. She was a speaker at BlackHat, DEF CON, and HITB security conferences.

Jun Li
Jun Li is a senior security researcher at the UnicornTeam, Qihoo 360. He is the POC of DEF CON Group 010, and member of the DEF CON Group Global Advisory Board. His researches have been presented at conferences such as Blackhat, DEF CON, HITB, KCon, SyScan360, ISC, etc. His is interested in IoT security and connected car security. Along with his colleagues, has previously found several automobile vulnerabilities in Tesla, GM cars, Volvo, BMW, Audi, Mercedes Benz and BYD. He is the author of <<_________>> ("Connected Car Security Demystified"). He is also the co-author of "Inside Radio: An Attack & Defense Guide".


Return to Index    -    Add to    -    ics Calendar file

 

Meetup - Caesars Palace Forum Tower Duplex Suite, Diana Initiative Suite Rm TBA - Friday - 20:30-23:45


Title:
Loud Party

Come dance the night away to some sweet beats dropped by our DJ Tineh Nimjeh
More Info: The Diana Initiative

Return to Index    -    Add to    -    ics Calendar file

 

VMHV - Caesars Pool Level - Forum 14-16 - Friday - 12:00-12:59


Title:
Lunch Keynote: State and Local Perspectives on Election Security

No description available
Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Friday - 16:00-16:59


Machine Learning as a Service in Your Pocket

Evan Yang

“If you struggle with building a machine learning (ML) classifier for the data, this Machine Learning as a Service (MLaaS) is a quick and handy solution for you. Originally designed for security researcher, now this feature packed service was open sourced to public. This service can take time-series data, such as API log etc., to generate ML models with few mouse clicks. The graphic user interface could guide you through the ML pipeline steps, visualize the performance and help to optimize the ML model. The unique feature analysis tool allow to drill down individual samples and to tune the ML model in a security perspective way.”

Evan Yang is a security researcher in Intel Privacy & Security Lab. He had worked on Windows and Android security related topics for past few years. His latest focus is around the deep learning application on Windows ransomware. He also had been a database architect and software developer to provide solutions and build applications in production.


Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Friday - 16:00-16:59


Machine Learning for Network Security Hands-on Workshop: DIYML

Sebastian Garcia

Creating new Machine Learning algorithms with the new frameworks its easier than ever. However, our models still need designing, evaluation, tuning and specially good datasets. In this workshop we will share high-quality and real datasets of normal users working in their computers while being attacked and infected with malware. The goal is to learn to understand the problem, label data, identify features, create your own ML model and finally test it against all the other models in the room! A fast-paced workshop going from traffic understanding to working python ML models in 2hs. Learn why ML is so difficult and so useful. Work in teams to obtain the highest detection performance and improve your knowledge. Python/NetFlows/Bro/SciKit/pandas/TensorFlow, use what you need!

Sebastian is a malware researcher and security teacher that has extensive experience in machine learning applied on network traffic. He created the Stratosphere IPS project, the first machine learning-based, free-software IPS. Its goal its to protect the civil society. As a researcher in the Artificial Intelligence group of the Czech Technical University in Prague, he believes that free software and machine learning tools can help better protect users from the abuse of their digital rights. He has been teaching in several countries and Universities and working on penetration testing for both corporations and governments. He was lucky enough to talk and give workshops in CCC, BSides Budapest, Ekoparty, DeepSec, Hacktivity, Botconf, Hacklu, InBot, SecuritySessions, ECAI, CitizenLab, ArgenCor, Free Software Foundation Europe, VirusBulletin, BSides Vienna, HITB Singapore, CACIC, etc. As a co-founder of the MatesLab hackspace he worked on honeypots, malware detection, distributed scanning (creator of dnmap) keystroke dynamics, Bluetooth analysis, privacy protection, intruder detection, robotics, microphone detection with SDR (Salamandra) and biohacking. He is also a proud co-founder of the Independent Fund for Women in Tech.


Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Friday - 10:00-10:59


Mallet: A Proxy for Arbitrary Traffic

Rogan Dawes, Senior Researcher at SensePost

Mallet is an intercepting proxy for arbitrary protocols. More accurately, it is a framework for building proxies for arbitrary protocols. Mallet provides the basics required of all proxies: A way to receive the data, a way to send the data, and a user interface to intercept and edit the data. It builds on the Netty project, and as such has access to a large, well-tested suite of protocol implementations that can be used to transform a stream of bytes into useful, high-level protocol objects. This workshop will introduce attendees to Mallet, and show how to construct pipelines of arbitrary complexity, to successfully decode and intercept messages in various protocols, as well as automating modifications of the various messages. A basic familiarity with Java will enhance the delegate's understanding of what they are taught, but is not a requirement.

Rogan Dawes (Twitter: @RoganDawes) is a Senior Researcher at SensePost and has been hacking since 1998, which, coincidentally, is also the time he settled on a final wardrobe. He used the time he saved on choosing outfits to live up to his colleague's frequent joke that he has an offline copy of the Internet in his head. Rogan spent many years building web application assessment tools, and is credited as having built one of the first and most widely used intercepting proxies, WebScarab.


Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Friday - 14:30-15:20


Malware Panel

No description available


Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Friday - 18:00-18:30


Mapping Wi-Fi Networks and Triggering on Interesting Traffic Patterns

Caleb Madrigal, Applied Researcher at Mandiant/FireEye

Sure, WiFi hacking has been around for a while, and everyone knows about tools like airmon-ng, kismet, et al. But what if you just want to view a list of all networks in your area along with all devices connected to them? Or maybe you want to know who's hogging all the bandwidth? Or, what if you want to know when a certain someone's cell phone is nearby. Or perhaps you'd like to know if your Airbnb host's IP Camera is uploading video to the cloud?

For all these use-cases, I've developed a new tool called "trackerjacker". In this talk, we'll use this tool to explore some of the surprisingly-informative data floating around in the radio space, and you'll come away with a new skill point or two in your radio hacking skill tree, as well as a new magical weapon... I mean tool.

Caleb Madrigal (Twitter: @caleb_madrigal) is an Applied Researcher at Mandiant/FireEye.


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Caesars - Track 2 - Promenade South - Octavius BR 12-24 - Friday - 20:00-23:59


Title:
Movie Night


Return to Index    -    Add to    -    ics Calendar file

 

SEV - Caesars Promenade South - Octavius BR 3-8 - Friday - 16:55-17:45



Friday August 10 2018 1655 50 mins

Mr. Sinatra Will Hack You Now
Across the globe for millennia upon millennia, a cabal of social engineers have been working to manipulate realities, collective and singular.  They influence decision making processes in a matter of minutes and leave no evidence of their presence.  They’ve made camp in your computers, your cars, your places of worship, and your schools.  They may be doing it right now as you read this. They are everywhere.  They are musicians.

Neil Fallon @npfallon
Neil Fallon is the lyricist, singer, and rhythm guitar player of the rock band Clutch. Since forming in 1991, Clutch has released 11 full length records and has performed numerous times in North America, Europe, South America, Australia, and Japan.

In 2009, Neil, along with his bandmates and manager, created Weathermaker Music, a completely independent record label. To date, Weathermaker Music has had 58 world wide releases. The most recent release, “Psychic Warfare,” reached #11 on the Billboard Top 100 and #1 on Hard Rock & Rock Billboard chart.


Return to Index    -    Add to    -    ics Calendar file

 

SEV - Caesars Promenade South - Octavius BR 3-8 - Friday - 15:30-15:59


Friday August 10 2018 1530 30 Mins

My Stripper Name is Bubbles Sunset: What SEO Meme Marketing Means for Social Engineering
You’re mindlessly scrolling through Facebook when you see your friend share a post and comment, “Mine is Bubbles Sunset!”

You click. It’s a meme that reads: “What’s your stripper name? It’s the name of your first pet and the first street you lived on! Comment with your answers, and share with your friends!”

Are alarm bells going off in your head yet?

Security-savvy internet browsers know to be on the lookout for the digital version of a mustached man in a trench coat, like emails selling discounted Viagra. But as you’ve gotten smarter about avoiding these obvious bids for information, attackers and online marketers have gotten subtler to persuade you to divulge personal information. Every second, users willingly divulge sensitive information in comments on social media memes like the stripper name post because they don’t see them as a threat.

In this talk, Hannah Silvers — social engineer and SEO marketing content strategist —brings the two worlds together. Using (hilarious) real-life examples, she will illustrate how social media memes are hotbeds of valuable PII for marketers and attackers alike, how these memes encourage users to engage with and share them, and the ways attackers can make use of them as an attack vector.

Of course, the talk won’t stop at the doom and gloom. The presenter will discuss implications to the work of security educators and what users can do to mitigate the risk these memes present once they understand how they work.

Hannah Silvers: @hannah_silvers
Hannah Silvers is a writer, editor, and content strategist based in Atlanta, GA. During the day, she writes and presents SEO content marketing strategy for nonprofit service providers. But after the ride home, she moonlights as the director of outreach for CG Silvers Consulting and a lexicographic content contributor for Dictionary.com, charting the course of the English language through definitions of slang, politics, pop culture, and emoji. Hannah is also a veteran of Social-Engineer, LLC, holding corporate technical writing and vishing experience as well as the current record of youngest contestant to enter the SECTF booth at DEF CON.


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Friday - 17:00-17:45


Title: Nature’s source code is vulnerable and cannot be patched

Speaker: Jeffrey Ladish
Abstract:
"Natural selection can produce marvelous functional systems, but constraints in the evolutionary process can be exploited. By leveraging humanity’s relative advantage in design foresight, we may be able to create synthetic organisms that can out-compete their natural counterparts.
In this talk, I will explore the design limitations of evolved organisms that leave ecosystems permanently vulnerable to attack. In order to protect the natural world and human health, I will advocate we adopt the “biosecurity mindset” and improve our ecological security posture."

Return to Index    -    Add to    -    ics Calendar file

 

IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - Friday - 12:30-12:59



Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Friday - 11:00-11:45


NSA Talks Cybersecurity

Friday at 11:00 in Track 1
45 minutes |

Rob Joyce

The National Security Agency (NSA) has authorities for both foreign intelligence and cyber security.  This unique position gives NSA insights into the ways networks are exploited and the methods that are effective in defending against threats.  Over time, NSA has adapted the focus of its security efforts and continues to evolve with technologies and the adversaries we face.  The talk will look back at some of the inflection points that have influenced NSA and US Government cybersecurity efforts and look at what is necessary to stay safe in the new environment.

Rob Joyce
Rob Joyce (@RGB_Lights) has been with the Nation Security Agency (NSA) for 29 years and has led organizations doing both foreign intelligence and cybersecurity work.  He is the Senior Advisor for Cybersecurity, having recently returned from the White House as the Cybersecurity Coordinator where he worked national policy, synchronizing activity across the government and partners.  His previous assignment was leading Tailored Access Operations (TAO), the organization developing tools, techniques and capabilities to exploit computers for NSA's foreign intelligence mission.  Prior to that, he was the Deputy Director for Information Assurance, overseeing the protection of national security systems, which includes the nation's cryptographic key material, classified networks and warfighting networks.  In his spare time, Rob builds a computerized Christmas light show.  His most recent display was likely visible from the International Space Station. In addition to an infatuation with Christmas light displays, he helped a Boy Scout troop built catapults for the annual Punkin Chunkin competition until lawyers ruined it for all of us.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Roman Chillout - Friday - 20:00-19:59


Oh Noes!—A Role Playing Incident Response Game

Friday at 20:00 in Roman Chillout
Fireside Hax | Demo, Audience Participation, Tool

Bruce Potter Founder, The Shmoo Group

Robert Potter Hacker

The term"incident response exercise" can strike fear in the hearts of even the mostly steely-eyed professional. The idea of sitting around a table, talking through a catastrophic security event can be both simultaneously exhausting and incredibly boring. However, what instead of an participating in an"incident response exercise," you instead got to plan an"incident response role playing game?"

Enter our IR roleplaying game,"Oh Noes! An Adventure Through the Cybers and Shit." As part of our day job, we do quarterly IR exercises. In order to make these exercises more engaging, more fun, and more useful, we turned these exercises into a role playing game. We found it so useful and fun, we're releasing it at DEF CON along with numerous scenarios for your dungeon master to take you through.

At this talk, we will talk about gamifying IR exercises and the rules of Oh Noes! We will equip you with dice and your own character sheet and we will walk you through the character creating process. That's right, in Oh Noes! you create your own character with specific skills and abilities that you level up as you play. A group of us will play through a short scenario so you can see how the game works. We will provide several sample scenarios, some ripped from the headlines (and some cribbed from @badthingsdaily) as well as provide guidance on what makes successful scenarios as you transition to be your own dungeon master.

Bruce Potter
Bruce Potter is the founder of The Shmoo Group, CISO at Expel, and helps run ShmooCon each year in Washington DC. Bruce has over 20 years (yikes!) of experience in hacking and cyber security including working with DoD an Intelligence Community clients as well as numerous finance, healthcare, and transportation companies. Bruce used to do a lot of wireless and network attack and defense work but lately focuses on risk management, threat categorization, and building more secure systems. Bruce has never played D&D but has a son who plays extensively.

@gdead

Robert Potter
Robert Potter is a 16 year old 10th grader who wears Invisalign. He is the son of Mr.Bow-To-My-Firewall and Mrs.Heidi"clever name" Potter. He likes things that begin with M, including but not limited to Math, Music, and his Mother (my mom told me to put that there).

@TauManiac


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Friday - 13:00-13:30


One-Click to OWA

Friday at 13:00 in Track 3
20 minutes | Demo, Tool

William Martin Security & Privacy Senior Associate

With the presense of 2FA/MFA solutions growing, the attack surface for external attackers that have successfully phished/captured/cracked credentials is shrinking. However, many 2FA/MFA solutions leave gaps in their coverage which can allow attackers to leverage those credentials. For example, while OWA may be protected with 2FA, the Exchange Web Services Management API (EWS) offers many of the same features and functionalities without the same protections.

In this talk, I will introduce ExchangeRelayX, an NTLM relay tool that provides attackers with access to an interface that resembles a victim's OWA UI and has many of its functionalities - without ever cracking the relayed credentials.  ExchangeRelayX takes advantage of the gap in some 2FA/MFA solutions protecting Exchange, potentially resulting in a single-click phishing scheme enabling an attacker to exfiltrate sensitive data, perform limited active-directory enumeration, and execute further internal phishing attacks.

William Martin
William Martin is a penetration tester & information security researcher with more than five years of experience in the Information Security Industry. William became an Offensive Security Certified Professional(OSCP) in November of 2015 and is currently a senior associate at RSM US LLP in the Security and Privacy practice with a focus on penetration testing and social engineering. www.linkedin.com/in/william-martin-OSCP

@quickbreach
www.linkedin.com/in/william-martin-OSCP


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Friday - 11:00-11:45


One-liners to Rule Them All

Friday at 11:00 in Track 2
45 minutes | Demo

egypt Security Analyst, Black Hills Information Security

William Vu Security Researcher, Rapid7

It began with the forging of the command line. And some things that should not have been forgotten, were lost. History became legend, legend became myth.

Sometimes you just need to pull out the third column of a CSV file. Sometimes you just need to sort IP addresses. Sometimes you have to pull out IP addresses from the third column and sort them, but only if the first column is a particular string and for some reason the case is random.

In this DEF CON 101 talk, we'll cover a ton of bash one-liners that we use to speed up our hacking. Along the way, we'll talk about the concepts behind each of them and how we apply various strategies to accomplish whatever weird data processing task comes up while testing exploits and attacking a network.

egypt
egypt is a penetration tester for Black Hills Information Security and a contributor to the Metasploit Project. He is not a country.

@egyp7

William Vu
William Vu is a security researcher at Rapid7 who works on the Metasploit Project.


Return to Index    -    Add to    -    ics Calendar file

 

BTV - Flamingo 3rd Flr- Savoy Rm - Friday - 18:20-18:59


Open Source Endpoint Monitoring

Friday at 18:20-19:00
40 minutes

Rik van Duijn and Leandro Velasco

There is a rising trend within Threat actors to find newer, more effective and stealthy ways to attack and gain persistence in a network. One way to achieve this is by abusing legitimate software such as Windows Management Instrumentation and PowerShell. This is the case for Living Off the Land and Fileless threats. By using these techniques, attackers can distribute their malicious code bypassing software whitelisting and avoid antivirus detection. A method to detect these threats is by monitoring endpoints activity. However, this option comes with many challenges that range from getting enough system’s activity information to handle hundreds of events per second.

In our research, we analyze this monitoring method and the design challenges involved in it. Furthermore, we propose a solution that aims to detect and alert when advance threats are identified in a system. In order to provide an endpoint monitoring system free of any vendor lock-in, this solution combines the capabilities of different open source projects as well as free tools. These include, Sysmon for monitoring system activity, Elastic Stack (ELK) to store and search the collected data, ElastAlert to trigger alarms and the Sigma Project to define the rules for the alarms. This highly customizable solution would enable organizations to hunt for threats inside their network or create rules that would automatically detect specific threats upfront.

Rik van Duijn
Rik van Duijn, has over 5 years of experience as a penetration tester. His first job was auditing web application source code for a Dutch bank. Rik holds the OSCP, OSCE certifications, and is currently practicing for the OSEE certification. Rik has spoken at SHA2017, Tweakers Security/DEV Meetups and #whiskyleaks.

Leandro Velasco Leandro Velasco has over 4 years of experience in IT security. After his initial introduction managing SIEM systems Leandro completed the OS3 master. In his current role Leandro is a member of the security research team, analyzing threats and designing detection or mitigating solutions.


Return to Index    -    Add to    -    ics Calendar file

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Friday - 12:30-12:59


Title: Open Source Hardware and the Monero Project

Speakers: Parasew

Description:
No description available



Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Friday - 12:00-12:10


Opening Note

No description available


Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Friday - 10:00-10:20


Opening Remarks

No description available


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Friday - 13:30-14:00


Title:
Opportunistic Onion: More Protection Some of the Time

1:30pm

Opportunistic Onion: More Protection Some of the Time
When
Fri, August 10, 1:30pm – 2:00pm
Description
Speaker
------
Mahrud Sayrafi

Abstract
--------
I will present results of a collaboration between the Tor Project, Mozilla, and Cloudflare to deploy onion services in Cloudflare's infrastructure in order to protect the security and privacy of Tor user connections terminating in our network. Leveraging the HTTP Alternative Services, we demonstrate how to defend against passive attacks by malicious Exit Nodes. As a secondary feature, this method enables distinguishing individual Tor circuits, which allows Cloudflare to assign reputation to circuits rather than IP addresses, therefore showing less CAPTCHA to humans.
Additionally, I will introduce an open-source plugin for the Caddy Web Server which allows website admins to enable Opportunistic Onion using an existing HTTPS certificate with a simple configuration, nullifying the need to purchase Extended Validation certificates. Moreover, this plugin enables load balancing for the onion service.

Bio
-----------------
Full-time mathematics student and part-time hacker.

Twitter handle of presenter(s)
------------------------------
mahrudsay

Website of presenter(s) or content
----------------------------------
perfectoid.space

Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Friday - 15:00-15:59


Title:
OSINT IS FOR SOCCER MOMS

Laura H
@h0tdish

OSINT IS FOR SOCCER MOMS

A brief but riveting mini-history of why and how most soccer mom's can out OSINT your collective information security asses any day of the week using actual case studies of two unbelievable unsolved, in real time, homicide investigations, turned SOLVED. This introductory and fast paced talk will take a look at the history of OSINT from "web-sleuthing" to "crowdsourcing" and illustrate how, from the experience of the presenter, OSINT is utilized within modern homicide investigations from & via the internet. We will discover along the way the very real consequences and benefits that can occur when policing entities ignore or include OSINT gathered by well meaning public tipsters. Afterall, the large majority of criminal events are solved by the public sending in information. Finally, we will touch on the truth that OSINT is not actually a career path or even a subset skill specific to information security but rather is a set of ever evolving tools, that was born from curiosity and caring about communities and continues to evolve to this day.


Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Friday - 12:00-12:59


PacketWhisper: Stealthily Exfiltrating Data and Defeating Attribution Using DNS and Text-Based Steganography

TryCatchHCF

Data exfiltration through DNS typically relies on the use of DNS query fields to exfiltrate data via the attacker's DNS server. This approach has several shortcomings. The first is attribution, since attackers end up creating a trail back to their own infrastructure. The second is awareness, as DFIR analysts have made careful study of DNS fields as exfiltration vectors. The third is access, since companies are increasingly using DNS server whitelisting to prevent or alert on outgoing DNS queries to servers controlled by attackers. But what if data could be transferred using the target's own whitelisted DNS servers, without the communicating systems ever directly connecting to each other or a common endpoint? Even if the network boundary employed data whitelisting to block data exfiltration?

Through a combination of DNS queries and text-based steganography, we'll cover the methods used to transfer data across a network, hidden in plain sight, without direct connectivity between systems, while employing multiple levels of deception to avoid generating alerts as well as to mislead analysis attempts. The presentation will include a demonstration of PacketWhisper, a new tool written in Python, that automates all of these steps for you. PacketWhisper will be made available on GitHub to coincide with this session (https://github.com/TryCatchHCF).

TryCatchHCF (Twitter: @TryCatchHCF) is Red Team Lead at a Fortune 500 company, and creator of the Cloakify Exfiltration and DumpsterFire Incident Automation Toolsets (https://github.com/TryCatchHCF). Previous roles have included Lead Pentester and AppSec Team Lead. He hacked into his first systems in 1981 and wrote his first malware the following year, all while nearly being eaten by a grue. He has 25+ years of security and software engineering experience, and served as an Intelligence Analyst and Counterintelligence Specialist in the United States Marine Corps. Education includes a bachelors degree in Cognitive Science, a masters degree in Information Assurance, and the collective HiveMind of the global hacking community.


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Friday - 14:15-16:15


Title: Panel Discussion: The Internet of Bodies

Moderator: Prof Andrea M. Matwyshyn, Professor of Law, NUSL
About Andrea M. Matwyshyn:
Andrea Matwyshyn is an academic and author whose work focuses on technology and innovation policy, particularly information security and consumer privacy. She is a (tenured full) professor of law / professor of computer science (by courtesy) at Northeastern University, where she is the co-director of
the Center for Law, Innovation, and Creativity (CLIC). Andrea is also a faculty affiliate of the Center for Internet and Society at Stanford Law School. She is a Senior Fellow of the Cyber Statecraft Initiative at the Atlantic Council's Brent Scowcroft Center on International Security and a US-UK Fulbright
Commission Cyber Security Scholar award recipient in 2016-2017. In 2014, she served as the Senior Policy Advisor/ Academic in Residence at the U.S. Federal Trade Commission. Prior to entering academia, she was a corporate attorney in private practice. She is the legal specialty reviewer for the DEFCON CFP board.
Panelist:Prof Stephanie Pell, West Point
About Stephanie Pell:
Stephanie Pell is an Assistant Professor and Cyber Ethics Fellow at West Point’s Army Cyber Institute (ACI). She writes about privacy, surveillance and security law and policy, and is particularly interested in the tensions inherent in enabling traditional law enforcement efforts and making our
communications networks more secure. Prior to joining the ACI faculty, Stephanie served as Counsel to the House Judiciary Committee, where she was lead counsel on Electronic Communications Privacy Act (ECPA) reform and PATRIOT Act reauthorization during the 111th Congress. Stephanie was also a
federal prosecutor for over fourteen years, working as a Senior Counsel to the Deputy Attorney General, as a Counsel to the Assistant Attorney General of the National Security Division, and as an Assistant U.S. Attorney in the U.S. Attorney’s Office for the Southern District of Florida. She was a
lead prosecutor in U.S. v. Jose Padilla (American Citizen detained as an enemy combatant prior to criminal indictment and trial), for which she received the Attorney General’s Exceptional Service Award, and in U.S. v. Conor Claxton (IRA operatives who purchased weapons in South Florida and smuggled
them into Belfast, Northern Ireland during peace process negotiations). Stephanie received her undergraduate, master’s and law degrees from the University of North Carolina at Chapel Hill.
Panelist:Dr. Suzanne Schwartz, U.S. Federal Drug Administration
About Dr. Suzanne Schwartz:
Dr. Suzanne Schwartz is the Associate Director for Science & Strategic Partnerships at FDA’s Center for Devices & Radiological Health (CDRH). In this role, she assists the CDRH Director and Deputy Director for Science in the development, execution and evaluation of the Center’s biomedical science and
engineering programs. Suzanne is passionate about cultivating critical dialogue across sectors and across entities towards advancing innovation in the biomedical space and within healthcare, where complex multifaceted problems exist. Suzanne joined FDA in October 2010. Initially recruited as a Commissioner’s
Fellow, she became a Medical Officer in the Office of Device Evaluation, transitioning in September 2012 to become the Director of CDRH’s Emergency Preparedness/Operations and Medical Countermeasures (EMCM) Program in the Office of the Center Director for the past 4 years. Among other public health concerns,
her portfolio has most notably included medical device cybersecurity, for which she chairs CDRH’s Cybersecurity Working Group. She also co-chairs the Government Coordinating Council for Healthcare & Public Health critical infrastructure sector. Before FDA, Suzanne was a full time surgical faculty member at Weill
Cornell Medical College, New York. Suzanne’s career has spanned the private sector as well, having served as Medical Director & Tissue Bank Director of Ortec International, a development stage medical device company focused on tissue engineering therapeutic approaches to burns and chronic wounds. Suzanne earned
an MD from Albert Einstein College of Medicine, trained in General Surgery & Burn Trauma at the New York Presbyterian Hospital - Weill Cornell Medical Center; an executive MBA from NYU Stern School of Business, and completed the National Preparedness Leadership Initiative – Harvard School of Public Health & Kennedy School of Government.
Panelist:Rebecca Slaughter, U.S. Federal Trade Commission
About Rebecca Slaughter:
Prior to joining the Commission, she served as Chief Counsel to Senator Charles Schumer of New York, the Democratic Leader. A native New Yorker, she advised Leader Schumer on legal, competition, telecom, privacy, consumer protection, and intellectual property matters, among other issues. Prior to joining Senator Schumer's office, Ms.
Slaughter was an associate in the D.C. office of Sidley Austin LLP. Ms. Slaughter received her B.A. in Anthropology magna cum laude from Yale University. She received her J.D. from Yale Law School, where she served as an editor on the Yale Law Journal.
Abstract:
As medical and recreational devices shift from outside to inside the body, challenges arise not only for builders and breakers of these devices, but also for regulators. This panel will introduce the progress of the Internet of Things into the "Internet of Bodies" and explain how existing legal and policy frameworks of
consumer protection and security fit with this next generation of body-attached and body-embedded devices (and how they don't).

Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Caesars Emperor's Level - Track 1 Palace BR - Friday - 26:15-26:59


Title:
Party Music - Circuit Static


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Caesars Emperor's Level - Track 1 Palace BR - Friday - 22:45-23:30


Title:
Party Music - Dualcore


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Caesars Emperor's Level - Track 1 Palace BR - Friday - 21:00-21:59


Title:
Party Music - JG & The Robots


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Caesars Emperor's Level - Track 1 Palace BR - Friday - 23:30-24:15


Title:
Party Music - MC Frontalot


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Caesars Emperor's Level - Track 1 Palace BR - Friday - 25:15-26:15


Title:
Party Music - Scotch & Bubbles


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Caesars Emperor's Level - Track 1 Palace BR - Friday - 24:15-25:15


Title:
Party Music - TBD


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Caesars Emperor's Level - Track 1 Palace BR - Friday - 22:00-22:45


Title:
Party Music - YT Cracker


Return to Index    -    Add to    -    ics Calendar file

 

EHV - Caesars Promenade Level - Modena Rm - Friday - 17:30-18:29


Title: Patching the CFAA: The New CIAA and “Ethical” Conduct in Security Research

Speakers: Speaker TBA

Description:

Care about fixing the CFAA? Hear about a new proposal to better protect security research: the Computer Intrusion and Abuse Act. Because the proposal relies on norms/ethics in the security research community, we will debate the hard cases - situations where researcher norms vary.




Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon E - Friday - 14:30-18:30


Penetration Testing Environments: Client & Test Security

Friday, 1430-1830 in Icon E

Wesley McGrew Director of Cyber Operations, HORNE Cyber Solutions

Kendall Blaylock Director of Cyber Intelligence, HORNE Cyber

Penetration testers can have the tables turned on them by attackers, to the detriment of client and tester security. Vulnerabilities exist in widely-used penetration testing tools and procedures. Testing often takes place in hostile environments: across the public Internet, over wireless, and on client networks where attackers may already have a foothold.

In these environments, common penetration testing practices can be targeted by third-party attackers. This can compromise testing teams in the style of "ihuntpineapples", or worse: quietly and over a long period of time. The confidentiality, integrity, and availability of client networks is also put at risk by "sloppy" testing techniques.

In this workshop, we present a comprehensive set of recommendations that can be used to build secure penetration testing operations. This includes technical recommendations, policies, procedures, and guidance on how to communicate and work with client organizations about the risks and mitigations. The goal is to develop testing practices that:

- ...are more professionally sound
- ...protect client organizations
- ...protect penetration testers' infrastructure, and
- ...avoid a negative impact on speed, agility, and creativity of testers

The recommendations are illustrated with entertaining and informative hands-on exercises. For the DEF CON 26 version of this class, the exercises have been updated to take place within Docker containers, and a portion of the class will involve introducing penetration testers to the use (and abuse) of containers.

Exercises include:
- Vulnerability analysis of a penetration testing device's firmware
- Quick and dirty code audits of high-risk testing tools
- Monitoring and hijacking post-exploitation command and control
- Layering security around otherwise insecure tools.

After this workshop, you will walk away with actionable recommendations for improving the maturity and security of your penetration testing operations, as well as an exposure to the technical aspects of protecting the confidentiality of sensitive client data. You will participate in hands-on exercises that illustrate the importance of analyzing your own tools for vulnerabilities, and learn how to think like an attacker that hunts attackers. You'll hear about the challenges that are inherent in performing penetration tests on sensitive client networks, and learn how to layer security around your practices to reduce the risks.

Prerequisites: To get the most out of this class, students should have the ability to read/follow code in many programming languages (C/C++, Python, PHP, etc.). Students should also be familiar with navigation and use of the Linux command line. Experience with penetration testing will be useful, but those new to penetration testing should not be discouraged. The entire point is to pick up good operational security habits.

Materials: Students who wish to participate in the hands-on exercises should bring a laptop with at least 8GB of RAM, and a working installation of Docker (to the point of being able to run "docker run hello-world"). The instructor will be teaching and demonstrating with Linux, and it is recommended as your host operating system, but a Docker installation on Windows should also be able to complete the exercises (16GB RAM recommended for Windows host operating systems). Materials will be provided on USB drives at the workshop.

Max students: 33

Registration: -CLASS FULL- https://www.eventbrite.com/e/penetration-testing-environments-client-test-security-icon-e-tickets-47193713668
(Opens July 8, 2018 at 15:00 PDT)

Wesley McGrew
Wesley McGrew oversees and participates in penetration testing in his role as Director of Cyber Operations for HORNE Cyber Solutions. He has presented on topics of penetration testing, vulnerabilities, and malware analysis at DEF CON and Black Hat USA. He teaches a self-designed course on reverse engineering to students at Mississippi State University, using real-world, high-profile malware samples. Wesley graduated from Mississippi State University's Department of Computer Science and Engineering and previously worked at the Distributed Analytics and Security Institute. He holds a Ph.D. in computer science for his research in vulnerability analysis of SCADA HMI systems.

Kendall Blaylock
Kendall serves as Director of Cyber Intelligence for HORNE Cyber, where his specialty is digital forensics and incident response. Prior to his role at HORNE Cyber, Kendall co-founded the National Forensics Training Center where he served as lead instructor providing training to law enforcement and U.S. military veterans in a wide range of digital forensic skills.


Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Friday - 13:30-13:59


Title:
penetration testing sex toys: "I've seen things you people wouldn't believe"

Renderman
@internetofdongs @ihackedwhat


The Internet of Dongs project took on the branch of IoT that no one wanted to touch; Internet connected sex toys and intimate wearables. Helping vendors and the public understand the unique challenges associated with privacy and security of these devices has had some "interesting" discoveries and revelations along the way. This talk will cover some of the wierd, bizarre, and sometimes intriguing discoveries that have been made along the way that may or may not have required mindbleach afterwards.



Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Friday - 15:00-15:45


Playback: a TLS 1.3 story

Friday at 15:00 in Track 2
45 minutes | Demo

Alfonso GarcĂ­a Alguacil Senior Penetration Tester, Cisco

Alejo Murillo Moya Red Team Lead EMEAR, Cisco

TLS 1.3 is the new secure communication protocol that should be already with us. One of its new features is 0-RTT (Zero Round Trip Time Resumption) that could potentially allow replay attacks. This is a known issue acknowledged by the TLS 1.3 specification, as the protocol does not provide replay protections for 0-RTT data, but proposed countermeasures that would need to be implemented on other layers, not at the protocol level. Therefore, the applications deployed with TLS 1.3 support could end up exposed to replay attacks depending on the implementation of those protections.

This talk will describe the technical details regarding the TLS 1.3 0-RTT feature and its associated risks. It will include Proof of Concepts (PoC) showing real-world replay attacks against TLS 1.3 libraries and browsers. Finally, potential solutions or mitigation controls would be discussed that will help to prevent those attacks when deploying software using a library with TLS 1.3 support.

Alfonso GarcĂ­a Alguacil
Alfonso Garcia Alguacil is a penetration tester and security consultant with 7 years of experience. Words like exploit, code or binary would quickly catch his attention. He currently works at Cisco as a senior security consultant.

Alejo Murillo Moya
Alejo Murillo Moya has been always passionate about security with 10+ years of experience as a penetration tester and security consultant, achieving during that journey important technical certifications like CREST and GIAC GSE. He is currently working at Cisco as a red teaming lead and managing security consultant.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Friday - 10:30-10:50


Please do not Duplicate: Attacking the Knox Box and Other Keyed Alike Systems

Friday at 10:30 in Track 3
20 minutes | Demo, Tool

m010ch_ Hacker

Knox Boxes, along with other rapid entry systems are increasing in popularity, as they allow first responders such as police, fire, and paramedics to quickly gain access to a building in the event of an emergency without having to force entry. These devices rely on the security and key control provided by various locks to prevent unauthorized access to buildings. In this talk, I will focus on vulnerabilities of the widely used Knox Box and Medeco cam lock to key duplication attacks. I will demonstrate how a sufficiently skilled attacker could obtain a key that would grant them access to thousands of residential and commercial buildings throughout America, as well as show off new tools designed to streamline the process of duplicating physical keys using CAD and 3D printing. What could possibly go wrong when someone tries to backdoor an entire city?

m010ch_
m010ch_ is a physical security enthusiast and computer science student who spends most of his free time doing terrible things to locks. He enjoys participating in locksport competitions, and can often be found hunched over his desk, poking at small pieces of metal until he gets frustrated.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Friday - 16:00-16:45


Practical & Improved Wifi MitM with Mana

Friday at 16:00 in Track 2
45 minutes | Demo, Audience Participation, Tool

singe CTO @ SensePost

In 2014, we released the mana rogue AP toolkit at DEF CON 22. This fixed KARMA attacks which no longer worked against modern devices, added new capabilities such as KARMA against some EAP networks and provided an easy to use toolkit for conducting MitM attacks once associated.

Since then, several changes in wifi client devices, including MAC randomisation, significant use of the 5GHz spectrum and an increased variety of configurations has made these attacks harder to conduct. Just firing up a vanilla script gets fewer credentials than it used to.

To address this mana will be re-released in this talk with several significant improvements to make it easier to conduct rogue AP MitM attacks against modern devices and networks.

After years of using mana in many security assessments, we've realised rogue AP'ing and MitM'ing is no simple affair. This extended talk will provide an overview of mana, the new capabilities and features, and walk attendees through three scenarios and their nuances:

As a bonus, you'll be able to download a training environment to practise all of this without requiring any wifi hardware (or breaking any laws).

singe
singe has been hacking for 14 years, the last 8 of them at SensePost. He is the primary author of mana-toolkit and has developed wifi hacking training for places like BlackHat.

@singe


Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Friday - 13:00-13:30


Title:
Practical attack simulations in Critical National Infrastructure (CNI): Oh the perils, or oh the fun?

William Knowles and James Coote
@william_knows
Practical attack simulations in Critical National Infrastructure (CNI): Oh the perils, or oh the fun?

"There are two commonly held perceptions when it comes to CNI security: that they are under constant threat, and that any form of practical security testing is a bad idea. So how can we provide demonstrable assurance that these environments are secure?

This talk intends to challenge the perception that practical security testing should be avoided, and will discuss MWR's successes, failures, and lessons learned when conducting goal-oriented CNI attack simulations.

The key topics of discussion will focus on:

- Ignoring theory, what are the technologies being used in real-world CNI environments? Where does IT end and Operational Technology (OT) begin when it comes to assets that a targeted attacker would realistically look to compromise? In particular for affecting the availability and integrity of data sources, or gaining the capability to control physical processes (hint: it is more IT than you would think).

- How can we apply red team methodologies in environments with high stability requirements, while minimising operational risk and testing time?

- Want to know how to turn off the water, stop the gas, or simply control the control room? Commonly found ways of elevating privileges will be discussed, along with paths for moving towards key asset compromise. "


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Friday - 14:40-15:10


Prebellico - 100% Passive Pre-Engagement and Post Compromise Network Reconnaissance Tool - William Suthers

When attacking modern internal networks, intelligence is everything. Understanding the environment you are operating in can be the difference between successfully penetrating your target environment or missing targets of opportunity due to lack of understand about the target environment.

While true, obtaining information about the environment in a stealthy manner, when required, can be difficult within a mature environment. Even during overt engagements, obtaining the information you need within a limited time window can be difficult, especially during engagement delays.

Further complicating things, often testing scope is based off of poor assumptions about the target environment, often leading unrealistic scope reductions a real-world attacker would not operate out of.

Over the years internal testing engagements have been operating on various assumptions within switched networks, often driving engagement execution methods, but what if these assumptions were wrong? What if we could utilize the wasted time, even weeks in advance, between deployment and engagement execution, to take the time to understand the network? What if we could leverage the realities of modern networks and the things customers do to ‚Äòprepare’ for an engagement (backups, security scans, etc.) through 100% passive methods, challenging your assumptions about the network?

Prebellico is pre-engagement and post compromise intelligence gathering mechanism designed to gather as much information about the target environment through 100% passive methods. Utilizing very few resources, Prebellico permits an attacker the ability to understand the target environment by providing information such as the intent of internal systems, internal network address space, hostnames, egress filtering, TCP trust relationships, as well as map open TCP/UDP ports through reverse port scanning using 100% passive techniques.”


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Friday - 15:00-15:45


Privacy infrastructure, challenges and opportunities

Friday at 15:00 in Track 3
45 minutes |

yawnbox Executive Director, Emerald Onion

We started our own transit Internet Service Provider (ISP) to safely route anonymized packets across the globe, and you can too. Emerald Onion is a Seattle-based 501(c)3 not-for-profit and we want to help other hacker collectives start their own. Getting your own Autonomous System Number (ASN), managing Internet Protocol (IP) scopes, using Border Gateway Protocol (BGP) in Internet Exchange Points (IXPs), dealing with abuse complaints or government requests for user data -- this is all stuff that you can do. Not every technologist is comfortable with launching and managing a nonprofit organization let alone has all of the technical knowhow to run an ISP. We didn't either when we started. We had a goal, and that was to route unfiltered Tor exit traffic in the Seattle Internet Exchange despite National Security Agency (NSA) wiretaps in the Westin Exchange Building. This talk will cover high level challenges and opportunities surrounding privacy infrastructure in the United States.

yawnbox
yawnbox is the co-founder and executive director for Emerald Onion and has a background in network administration, datacenter operations, and security engineering. He has been running Tor guard and middle relays since 2010 and exit relays since 2012. Being a victim of domestic violence at a young age, yawnbox has been acutely aware of physical location metadata since the age of 8 and has been researching, publishing, and training at-risk communities about threat modeling and operational security since becoming a part of the Tor community. In 2013, yawnbox got involved with political activism through the Seattle Privacy Coalition, and in 2015 performed an internship with the ACLU of Washington where he helped roll out the first instance of SecureDrop in a non-journalist organization. In 2016, yawnbox was brought on as Tor Project's first full time Grant Writer but left shortly after.


Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Friday - 14:00-14:59


Protecting Crypto Exchanges from a New Wave of Man-in-the-Browser Attacks

Pedro Fortuna, CTO and Co-Founder of Jscrambler

In the last year or so, we have seen a massive increase in the value of cryptocurrencies and the emergence of hundreds of new coins and ICOs, getting millions of people into an investment frenzy. A lot of them being non-technical regular consumers that rushed to create new accounts in the most popular crypto exchanges like Coinbase or Bitstamp. Crypto exchanges are naturally appealing for attackers and have been targeted since as long as we can remember. However, since last year, they are also being targeted by Man-in-the-Browser (MITB) attacks. Malware families such as Zeus Panda, Ramnit and Trickbot are already aiming at websites such as Coinbase.com or Blockchain.info. In this talk, we will detail how these attacks work, from account takeover to moving out the coins to attacker-controlled wallets. We'll discuss current defenses e.g. multi-factor authentication or strong SSL encryption and why they are failing to mitigate this type of attacks.

Pedro Fortuna (Twitter: @pedrofortuna) is CTO and Co-Founder of Jscrambler where he leads the technical vision for the product suite and contributes with his cybersecurity knowledge for R&D. Pedro holds a degree in Computing Engineering and a MSc in Computer Networks and Services, having more than a decade of experience researching and working in the application security area. He is a regular speaker at OWASP AppSec events and other cybersecurity conferences but also contributes to web development events. His research interests lie in the fields of Application Security, Reverse Engineering and Malware and Software Engineering. Author of several patents in application security.


Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Friday - 18:00-18:59


Title:
Real Simple Blue Team Shit

@wornbt
Real Simple Blue Team Shit

"N00b friendly! While the vuln of the week club keeps finding new and fascinating technical exploits all the time, malicious actors keep using old and surprisingly uncomplicated methods; old and simple stuff still works. This talk, we’ll explore real shit aimed at a financial institution and what’s been effective at mitigating these old and simple attacks. If you’re starting out in blue team defense, you’ll come away real simple shit you can do to raise the cost to attackers doing the same old credential stuffing, phishing, and script-kiddie RCE attempts.

While new technical vulnerabilities are found continuously, malicious actors often rely on tried and true methods to exploit. These exploits are surprisingly uncomplicated. In this talk, we’ll share attempts we’ve seen from malicious actors. We’ll break down actual attacks and share what’s been most effective in mitigating credential stuffing, phishing, and common RCE attempts. At the end of this talk, you’ll walk away with simple takeaways to raise the cost to attackers for these simple attacks."


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Friday - 17:45-18:30


Title: Remote Sensing, Distributed Computing, BigData and 3D Epidemiology: Today’s Public Health Opportunity

Speaker: Debra Laefer
Abstract:
Recent advances in remote sensing, drones, distributed computing, bigdata, and environmental DNA offer an unprecedented opportunity to push epidemiology beyond its traditional, two-dimensional (i.e. map-based) approach and harness the full availability and power of three-dimensional data and novel investigation methods to explore such data. This talk will present an extremely technology-specific vision for achieving this.
Examples of the potential usefulness of this approach will be demonstrated with respect to three scenarios: (1) avian flu, (2) asthma, and post-flooding fecal contamination. The current state of the art of the component technologies will be presented as well as the remaining challenges for their seamless integration.

Return to Index    -    Add to    -    ics Calendar file

 

EHV - Caesars Promenade Level - Modena Rm - Friday - 15:00-15:59


Title: Responsible Disclosure Panel

Speakers: Speaker TBA

Description:

In today's climate of data breaches and information leaks, how do we in the infosec community disclose the vulnerabilities we discover responsibly? Who are we responsible to? Can we set a standard practice that is ethical, fair and effective? These and other questions will be discussed by some familiar faces on our Responsible Disclosure Panel.




Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Friday - 11:00-11:59


Rethinking Role-Based Security Education

Kat Sweet, Duo Security

How do we scale a deeper level of security awareness training without sacrificing efficacy? This talk will explore strategies and tactics for developing security education based on employees' roles, access, and attack surface while designing not only for efficiency but also for effectiveness. By prioritizing the highest-risk teams, pooling teams to collaboratively threat-model, and contextualizing universal truths of security hygiene to those threat models, we can deliver training that leverages employees' roles, fosters retention via active participation, and eases the burden on trainers within the security team. Attendees will walk away with a roadmap for building scalable, contextual, and collaborative role-based employee security education within their organizations.

Kat Sweet (Twitter: @TheSweetKat) works for Duo Security's corporate security team as an information security analyst (and senior pun architect). A passionate security educator, she is heavily involved in building her team's employee security awareness and engagement program, and is frequently the first security team member that new Duo employees meet. She also serves as the lockpick village coordinator for BSides Las Vegas, a mentor for the SANS Women's Immersion Academy, and a teaching assistant for the Ann Arbor chapter of Girl Develop It. When she's not in security mode, you can often find her bursting into song or picking unsuspecting locks.


Return to Index    -    Add to    -    ics Calendar file

 

PHW - Caesars Promenade Level - Neopolitan BR - Friday - 11:00-12:30


Reverse Engineering Malware 101

This workshop provides the fundamentals of reversing engineering (RE) Windows malware using a hands-on experience with RE tools and techniques. Attendees will be introduced to RE terms and processes, followed by basic x86 assembly, and reviewing RE tools and malware techniques. It will conclude by attendees performing a hands-on malware analysis that consists of Triage, Static, and Dynamic analysis.
 Prerequisites: Basic understanding of programming C/C++, Python, or Java
. Provided: A virtual machine and tools will be provided.
 Features: 5 Sections in 1.5 hours:

Amanda (Twitter: @malwareunicorn) absolutely loves malware. She works as a Senior Malware Researcher at Endgame who focuses on threat research focusing in dynamic behavior detection both on Windows and OSX platforms.



Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Friday - 17:00-17:45


Reverse Engineering, hacking documentary series

Friday at 17:00 in Track 3
45 minutes | Demo

Michael Lee Nirenberg Director, Restraining Order, Ltd

Dave Buchwald Producer

We will present a sample scene and panel talk on our documentary series Reverse Engineering to the hacking community, which has been in the works for 4 years. We have dozens of interviews spanning the first 3 decades of computer hacking, ultimately there will be hundreds. It's a big story, but for the purposes of DEF CON, we've put together a 17 min. Scene covering the 80s WarGames/Legion of Doom-era of computer hacking in the US.

We've spoken to great people, but there are other viewpoints—this is a history that needs to be told by 1st person accounts. The accuracy and strength of our completed series is tantamount to the quality of who we interview and the questions that get asked. Accuracy is particularly important, there's been no shortage of media hype and lies regarding hacking since the 1980s.

Our vision for this film series is inclusive and collaborative. We'd like to hear from attendees how to best tell the origin story of hacking to new generations, and more so the outside world who've been fed a lot of myths by the media. Those are the lawmakers and citizens of tomorrow that we need to reach. Little attention has been paid to the pioneering hacker spirit that has literally changed every aspect of life. We want to address and correct that.

Michael Lee Nirenberg
Michael Lee Nirenberg—documentary director (Back Issues: The Hustler Magazine Story), writer, blogger, commercial artist for movies and TV

Dave Buchwald
Dave Buchwald—former hacker in the mid-80s ("Bill from RNOC"), film editor (Love Simple, Urchin), film consultant (Hackers) and 2600 Magazine cover artist


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Friday - 14:00-14:45


Revolting Radios

Friday at 14:00 in Track 3
45 minutes | Demo, Tool

Michael Ossmann Great Scott Gadgets

Dominic Spill Great Scott Gadgets

There are many Software Defined Radios (SDRs) available, with a great deal of time and effort having gone in to their design. These are not those radios. We present four radios that we have designed using crude, novel, and sometimes ridiculous methods for transmitting and receiving signals.

The arrival of SDR allowed more hackers than ever to experiment with radio protocols, but we're still using hardware built by other people. In the time honored hacker tradition of rolling our own tools, we'll demonstrate four simple radios that can be home-built using commonly available parts for little to no cost.

Michael Ossmann
Michael is a wireless security researcher who makes hardware for hackers. Best known for the open source HackRF, Ubertooth, and GreatFET projects, he founded Great Scott Gadgets in an effort to put open source hardware into the hands of innovative people.

@michaelossmann

Dominic Spill
Dominic is a senior security researcher at Great Scott Gadgets, where he builds tools and investigates communications protocols.

@dominicgs


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Caesars Promenade Level - Milano BR 1,2 - Friday - 17:00-18:00


Title:
Revolutionizing Authentication with Oblivious Cryptography

5:00pm

Revolutionizing Authentication with Oblivious Cryptography
When
Fri, August 10, 5pm – 6pm
Description
Speaker
------
Dr Adam Everspaugh

Abstract
--------
Current schemes to protect user passwords like bcrypt, scrypt, and iterative hashing are insufficient to resist offline dictionary attacks when password databases are stolen. We present a modern cloud service, called Pythia, which protects passwords using a cryptographically keyed pseudorandom function (PRF). Unlike existing schemes like HMAC, Pythia permits key updates as a response to compromises. Key updates nullify stolen password digests, enable digests to be updated to the new key, and don't require users to change their passwords. The keystone of is a new cryptographic construction called a partially-oblivious PRF that provides these new features.

Pythia was originally unveiled at Usenix Security 2015. In 2018, a production implementation of Pythia was created and open sourced via GitHub by Virgil Security. In addition to a presenting the Pythia construction, and demonstrating it's unique security features and performance advantage over the state of the art, we will provide a live demonstration of Virgil Security's Pythia client tool from installation through protecting and checking passwords.


Bio
-----------------
Dr Adam Everspaugh is a principal engineer and cryptographer for Uptake Technologies, an industrial predictive analytics company in Chicago. He holds a PhD in computer science from the University of Wisconsin where he researched applied cryptography for internet-scale systems.

Website of presenter(s) or content
----------------------------------
http://pages.cs.wisc.edu/~ace/

Return to Index    -    Add to    -    ics Calendar file

 

WLV - Caesars Promenade Level - Milano BR 5,6 - Friday - 12:30-12:55


Neel Pandeya

Bio

Neel Pandeya is a Senior Software Engineer and Manager of the Technical Support Group at Ettus Research, a National Instruments Company, in Santa Clara, California, USA. His background and interests are in open-source software development, kernel and embedded software development, wireless and cellular communications, DSP and signal processing, and software-defined radio (SDR). Prior to joining Ettus Research in 2014, he worked at several start-up and mid-sized companies, such as Envoy Networks, Range Networks, Draper Laboratory, and Texas Instruments. He is a co-founder and co-organizer of the New England Workshop for SDR (NEWSDR), and is a co-organizer of the GNU Radio Conference. He holds a Bachelor's Degree in electrical engineering (BSEE) from Worcester Polytechnic Institute (WPI), and a Master's Degree in electrical engineering (MSEE) from Northeastern University. He has an Amateur Radio License, and is aspiring to obtain a private pilot license.

Nate Temple

Bio

Nate Temple is a Software Engineer at Ettus Research, a National Instruments Company, in Santa Clara, California, USA, working in the areas of product support and software development. His background is in Embedded Linux Development, Micro-controller Development, Web Application Development and Security. He is passionate about SDR technology and is an Officer of the free and open-source software development toolkit, GNU Radio. His general interests are programming, wireless security, amateur radio, radio direction finding, and SATCOM hunting/hacking. He has contributed to many open-source SDR software projects over the years.

RFNoC: Accelerating The Spectrum with the FPGA

Abstract

This presentation will introduce RFNoC (RF Network-On-Chip), a network-distributed heterogeneous processing framework that enables FPGA processing for USRP software-defined radios (SDR). It provides a way to leverage FPGA processing capabilities and IP in your SDR application. RFNoC and FPGA-based systems provide low latencies and deterministic throughput for large bandwidths. A demonstration of RFNoC running the Fosphor real-time spectrum monitoring application will be presented.


Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Friday - 16:00-16:59


Title:
Robots and AI: What scares the experts?

Brittany "Straithe" Postnikoff, Sara-Jayne Terp
@straithe, @bodaceacat

Robots and AI: What scares the experts?

The potential for robots and AI to shake up our lives has scared people for generations, just look at the scenarios put out by sci-fi. A number of these issues, plus many others, have made it to the real world. Cambridge Analytica anyone? How about surveillance robots such as Knight? Our researchers have been investigating and preparing defenses to combat against these artificial beings, but it is a continuous battle. Come participate in a discussion of the concerns, efforts, and gaps that are present in this space.


Return to Index    -    Add to    -    ics Calendar file

 

BTV - Flamingo 3rd Flr- Savoy Rm - Friday - 16:00-16:40


SAEDAY: Subversion and Espionage Directed Against You

Friday at 16:00-16:40
40 minutes

Judy Towers@LadyRed_6

Industrial espionage is the practice of secretly gathering information about competing corporation or business interest, with the objective of placing one’s own organization at a strategic or financial advantage. A common practice to achieve this advantage is to elicit information from unwitting individuals through what today is called social engineering (SE). We all hear the term SE so often that we become desensitized to it, thereby INCREASING the effectiveness of it against ourselves and organizations. Thus, will call it what it is - Human Intelligence, also known as HUMINT.

Presenting personal experiences as an Army counterintelligence agent with examples of military and industrial espionage, will examine tradecraft employed against individuals every day. We will apply lessons learned from the US military and the intelligence community by using two acronyms taught to Army counterintelligence agents: SAEDA (Subversion and Espionage Directed against the Army) and MICE (Money, Ideology, Coercion, Ego). By presenting different aspects of HUMINT collection efforts will enable individuals to possibly detect, deflect, and protect oneself from such actions.

Judy Towers
As an active duty US Army Counterintelligence Agent (6 yrs), Judy provided weekly SAEDAY briefings for new incoming unit soldiers and for yearly awareness training requirements. Judy received an Army award for the presentation’s effectiveness in engaging the audience, thereby enhancing self-awareness of the threat. Her experiences include training in traditional espionage tradecraft, along with supervising and conducting counterintelligence investigations of individuals, organizations, installations and activities in order to detect, assess and counter threats to national security. After leaving the Army, Judy started a civilian career in information security as: domain admin for a global company, an IT manager implementing incident response system, Fraud department investigating people stealing company services, and now a Cyber Threat Intelligence Analyst, augmented by a 2nd Master’s Degree in Cybersecurity and Computer Forensics.


Return to Index    -    Add to    -    ics Calendar file

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Friday - 16:00-16:59


Title: Scaling and Economic Implications of the Adaptive Blocksize in Monero

Speakers: Francisco "ArticMine" Cabañas

Description:
No description available



Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Friday - 10:00-10:30


Securing our Nation's Election Infrastructure

Friday at 10:00 in Track 3
20 minutes |

Jeanette Manfra Assistant Secretary, Office of Cybersecurity and Communications, Department of Homeland Security

Fair elections are at the core of every democracy and are of paramount importance to our national security. The confidence in our electoral process is fundamental to ensuring that every vote- and therefore every voice- matters. In recent years, our Nation has become increasingly uneasy about the potential threats to our election infrastructure. The activities to undermine the confidence in the 2016 presidential election have been well documented and the United States (U.S.) Government has assessed that our adversaries will apply lessons learned from the 2016 election and will continue in their attempts to influence the U.S. and their allies' upcoming elections, including the 2018 mid-term elections. As the lead agency for securing the Nation's cyber infrastructure, the Department of Homeland Security (DHS) has a mission to maintain public trust and protect America's election systems. In January 2017, the DHS Secretary designated election systems as critical infrastructure. This designation means election infrastructure has become a priority in shaping our planning and policy initiatives, as well as how we allocate our resources. DHS is working directly with election officials across 8,000 election jurisdictions and throughout 55 States and territories, to help them safeguard their systems. As the threat environment evolves, DHS will continue to work with state and local partners to enhance our understanding of the threat, share timely and actionable threat information, and provide essential physical and cybersecurity tools and resources available to the public and private sectors to increase security and resiliency. DHS is committed to ensuring that our adversaries never succeed with their campaign to undermine our democracy.

Jeanette Manfra
Jeanette Manfra serves as the National Protection and Programs Directorate (NPPD) Assistant Secretary for the Office of Cybersecurity and Communications (CS&C). She is the chief cybersecurity official for the Department of Homeland Security (DHS) and supports its mission of strengthening the security and resilience of the nation's critical infrastructure. Prior to this position, Ms. Manfra served as Acting Deputy Under Secretary for Cybersecurity and Director for Strategy, Policy, and Plans for the NPPD.

Previously, Ms. Manfra served as Senior Counselor for Cybersecurity to the Secretary of Homeland Security and Director for Critical Infrastructure Cybersecurity on the National Security Council staff at the White House.

At DHS, she held multiple positions in the Office of Cybersecurity and Communications, including advisor for the Assistant Secretary for Cybersecurity and Communications and Deputy Director, Office of Emergency Communications, during which time she led the Department's efforts in establishing the Nationwide Public Safety Broadband Network. Before joining DHS, Jeanette served in the U.S. Army as a communications specialist and a Military Intelligence Officer.


Return to Index    -    Add to    -    ics Calendar file

 

PHW - Caesars Promenade Level - Neopolitan BR - Friday - 17:30-18:59


Serious Intro to Python for Admins

Intended for an audience of IT managers and admins who are either responsible for systems with deployed Python apps and/or interested in the security implications of developing their own tools/scripts/apps in Python. This will be a hands-on exercise from start to finish designed to leave you with a sense of the mentality of Python and an ability to quickly look up what you need when expanding your knowledge of Python in the future. Prior programming experience not required. However it would be helpful if you've seen lots of Monty Python skits before.


Davin Potts is a Python Core Developer and lead dev for the multiprocessing module in the Python standard library. For a day job, Davin is a scientific software consultant working primarily on data science projects. Also refer to https://www.crunchbase.com/person/davin-potts.


Return to Index    -    Add to    -    ics Calendar file

 

WLV - Caesars Promenade Level - Milano BR 5,6 - Friday - 16:00-16:55


Balint Seeber

Bio

A software engineer by training, Balint is a perpetual hacker, the Director of Vulnerability Research at Bastille Networks, and guy behind spench.net. His passion is Software Defined Radio and discovering all that can be decoded from the ether, as well as extracting interesting information from lesser-known data sources and visualising them in novel ways. When not receiving electromagnetic radiation, he likes to develop interactive web apps for presenting spatial data. Originally from Australia, he moved to the United States in 2012 to pursue his love of SDR as the Applications Specialist and SDR Evangelist at Ettus Research.

@spenchdotnet

SirenJack: Cracking a â€Secure’ Emergency Warning Siren System

Abstract

"SirenJack is a vulnerability that was found to affect radio-controlled emergency warning siren systems from ATI Systems. It allows a bad actor, with a $30 handheld radio and a laptop, to set off all sirens in a deployment. Hackers can trigger false alarms at will because the custom digital radio protocol does not implement encryption in vulnerable deployments. Emergency warning siren systems are public safety tools used to alert the population of incidents, such as weather and man-made threats. They are widely deployed in cities, industrial sites, military installations and educational institutions across the US and abroad. Sirens are often activated via a radio frequency (RF) communications system to provide coverage over a large area. Does the security of these RF-based systems match their status as critical infrastructure? The 2017 Dallas siren hack showed that many older siren systems are susceptible to replay attacks, but what about more modern ones? I studied San Francisco’s Outdoor Public Warning System, an ATI deployment, for two years to learn how it was controlled. After piecing together clues on siren poles, and searching the entire radio spectrum for one unknown signal, I found the system’s frequency and began passive analysis of the protocol. Monitoring the weekly siren tests, I made sense of patterns in the raw binary data and found the system was insecure and vulnerable to attack. This presentation will take you on the journey of the research, and detail the tools and techniques used, including leveraging Software Defined Radio and open source software to collect and analyse massive sets of RF data, and analyse a custom digital protocol. It will also cover the Responsible Disclosure process with the vendor, their response, and subsequent change to the protocol. A proof-of-concept will be shown for good measure."


Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Friday - 22:00-25:59


Title:
skytalks (303) FRIDAY PARTY - Read the Details

2200-2300 303, Enforcer & Grunt Only
2300-2400 Open to all skytalks Associate + badge holders
0000-0200 Open to all DEF CON attendees

Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Friday - 10:00-10:59


Title:
Stalker In A Haystack

MasterChen
@chenb0x
Stalker In A Haystack
In 2015, I did a Skytalk called "Automate Your Stalking". In that talk, I demonstrated how one can monitor a target by not following them directly, but by following their followers to and who they follow to get an idea of their social life without direct interaction. I felt bad for releasing a tool to enable potential stalkers, but not an antidote. This year's presentation IS that antidote. I will be discussing how we can uncover those stalkers that lie in the shadows.

Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Friday - 10:40-11:20


Stop and Step Away from the Data: Rapid Anomaly Detection via Ransom Note File Classification

Mark Mager

” The proliferation of ransomware has become a widespread problem culminating in numerous incidents that have affected users worldwide. Current ransomware detection approaches are limited in that they either take too long to determine if a process is truly malicious or tend to miss certain processes due to focusing solely on static analysis of executables. To address these shortcomings, we developed a machine learning model to classify forensic artifacts common to ransomware infections: ransom notes. Leveraging this model, we built a ransomware detection capability that is more efficient and effective than the status quo.

I will highlight the limitations to current ransomware detection technologies and how that instigated our new approach, including our research design, data collection, high value features, and how we performed testing to ensure acceptable detection rates while being resilient to false positives. I will also be conducting a live demonstration with ransomware samples to demonstrate our technology’s effectiveness. Additionally, we will be releasing all related source code and our model to the public, which will enable users to generate and test their own models, as we hope to further push innovative research on effective ransomware detection capabilities.”

Throughout his career in software engineering and computer security, Mark has served in prominent technical leadership roles in the research and development of advanced computer network operations tools and has provided malware analysis and reverse engineering subject matter expertise to a diverse range of government and commercial clients in the Washington, D.C. metropolitan area.


Return to Index    -    Add to    -    ics Calendar file

 

BTV - Flamingo 3rd Flr- Savoy Rm - Friday - 17:10-17:59


Stop, Drop, and Assess your SOC

Friday at 1710-18:00
50 minutes

Andy Applebaum

Traditionally SOCs look outward from their network perimeters, missing the adversaries already operating in their networks. As SOCs improve their capabilities by turning inwards, where should they start? What techniques should they be worried about? What tools will help them? Without knowing what your adversaries can do and what your current capabilities are, it’s hard to make improvements.

This talk will describe how to use the MITRE ATT&CK framework as a “scorecard” within the SOC to understand and tune defensive capabilities, making it easier to answer these hard questions. We’ll describe key use cases for how SOCs can use ATT&CK, covering hunting, threat intelligence, red teaming, and security engineering. To enable these use cases, we’ll present a non-invasive technique to construct a detective coverage map that highlights the SOC’s strengths and weaknesses, focusing on minimizing resource requirements while still providing usable results. To accompany this, we describe a process to create a remediation plan that provides the highest return on investment by orienting on the most relevant threats and prioritizing defensive improvements based on current coverage. Throughout the talk, we will provide real examples, making it easy for those in attendance to understand and replicate at home.

Andy Applebaum
Andy Applebaum is a Lead Cyber Security Engineer at MITRE where he works on applied and theoretical security research problems, primarily in the realms of cyber defense, security automation, and automated adversary emulation. Andy has contributed to MITRE’s ATT&CK framework and CALDERA adversary emulation platform, as well as other projects within MITRE’s internal research and development portfolio. Prior to working at MITRE, Andy received his PhD in computer science from the University of California Davis, where his dissertation topic was using argumentation logic for reasoning in cyber security. Andy’s work has been published in multiple conferences and workshops and has most recently spoken at Black Hat Europe. In addition to his PhD, Andy holds a BA in computer science from Grinnell College and the OSCP certification.


Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Friday - 09:00-09:59


Title:
Story Time - Biggest ITSec fuck-ups I've seen over the past 25 years.

Uncle G.
Story Time - Biggest ITSec fuck-ups I've seen over the past 25 years.


I'm old. Especially compared to most people here at DC26. I've been at this since before the OJ Simpson trial. I've worked on ARCNet networks! I've seen some shit, man.... Good shit, bad shit, you name it. It's finally time to get this shit off my chest and go over some of the mistakes I've seen (and allegedly caused), so you can be better.

In this talk I will go over IT and IT Security mistakes that the industry, businesses and individuals (including myself) have made over the past few decades. No holds barred, naming names, and having a laugh and breaking a few NDA's.

Return to Index    -    Add to    -    ics Calendar file

 

SEV - Caesars Promenade South - Octavius BR 3-8 - Friday - 19:35-20:10


Friday August 10 2018 1935 30 mins

Swarm Intelligence and Augmented Reality Gaming
What do a flock of starlings, a colony of warrior ants, and a hundred-person flash mob all have in common with the red team? Swarm intelligence, the collective behavior of individuals acting autonomously, is a concept that we can apply to human systems to unlock their potential. Swarming methodologies teach a group of individuals what to do, where to go, and how to operate as a team.

Nancy Eckert (Pongolyn) explores swarm intelligence through augmented reality gaming, where
she leads teams of agents in capture-the-flag style competitions across the world. She shows how to apply social engineering strategies to groups of individuals, with the goal of achieving a collective intelligence that is greater than the sum of its parts.

Nancy Eckert: @Pongolyn
Nancy Eckert (Pongolyn) is a systems analyst and web developer in Seattle, Washington. In the augmented reality game of Ingress, Pongo is a champion strategist and team organizer for “roughly a thousand cats” across the northwestern United States. She leads competitive team-based operations across the world, where she coordinates hundreds of agents under cover of secrecy to walk, bike, drive, climb, snowshoe, boat, fly, hack, and engineer their way to remote locations in order to score points for the game. She builds neural networks in her spare time.


Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Friday - 17:00-17:59


Swiss Cheese Holes in the Foundation of Modern Security - CERT VU#919801

Chris Hanlon, Founder of SecurityAlliance.ca

In this talk we briefly introduce common SMTP/TLS implementation weaknesses explain how governments, criminals, and malicious insiders can exploit them to remotely reset account passwords, create/update/delete firewall rules, control windows desktops/laptops, access online backup systems, download full-disk Encryption Keys, watch security cameras, listen to security camera microphones, control social media accounts, and takeover AWS virtual machines.

Chris Hanlon (Twitter: @ChrisHanlonCA) has been maintaining Unix, Linux, and Windows Servers since 1998 and submitting vulnerability reports since 2000. Chris's submissions have resulted in security and privacy enhancements in Google Apps, the Linux Kernel, and Interac email transfers.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Friday - 10:00-10:45


Synfuzz: Building a Grammar Based Re-targetable Test Generation Framework

Friday at 10:00 in 101 Track, Flamingo
45 minutes | Demo, Tool

Joe Rozner Hacker

Fuzzers have played an important role in the discovery of reliability and security flaws in software for decades. They have allowed for test case generation at a rate impossible by hand and the creation of test cases humans may never conceive of. While there are many excellent fuzzers available most are designed for mutating source files or input in random ways and attempting to discover edge cases in the handling of them. Some others are designed with structured input in mind and use grammars to more strategically generate and mutate possible inputs that adhere to the format defined. These specifically are the ones we care about for the goals of identifying differences between multiple implementations of a single language, finding bugs in parse tree generation/handling of tokens, and handling of the data at runtime once it has been successfully lexically and syntactically analyzed. We'll look at some of the shortcomings of existing fuzzers and discuss the implementation for a new platform designed to make fuzzer creation easier with the goal of being able utilize grammars from the implementations of the languages themselves.

Joe Rozner
Joe (@jrozner) is a software engineer at Prevoty where he has built semantic analysis tools, language runtimes, generalized solutions to common vulnerability classes, and designed novel integration technology leveraging runtime memory patching. He has a passion for reverse engineering, exploitation, teaching, and sharing research with others. He is the undisputed champion of the Brawndo and Booze competition from DEF CONs past with his Irish Car Mutilator winning in both the drink and dip categories.

@jrozner


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Friday - 19:15-19:15


Title: Take two of these and syscall execve() in the morning: A retrospective and primer on medical device security research

Speaker: Robert Portvliet
About Robert:
Robert Portvliet is the Director of Red Team services at Cylance, with a decade of experience in various disciplines of penetration testing. His focus is on embedded systems and wireless penetration testing and reverse engineering. Prior to joining Cylance, he was the network security service line lead for Foundstone and taught the â€Ultimate Hacking: Wireless’ class at BlackHat 2011-2013.
Abstract:
To quote Bob Marley “If you know your history, then you would know where you coming from”. This talk is a retrospective on the last ten years or so of medical device security research, intended to bring hackers interested in this discipline up to speed on what has been accomplished to date, how it was done, why it matters and where we stand today.
This talk will timeline all the major events in medical device security research, describing in technical detail what was accomplished and how. This should make evident some of the systemic vulnerability classes present in medical devices and hopefully give the medical device security researchers of tomorrow a good idea of where to start looking.
It will also cover some of the basic tools and techniques needed to get started in this discipline, as well as some of the practicalities involved in obtaining devices, firmware and information on various classes of medical devices and how differences in attack surface may influence your choice of devices to target for research.

Return to Index    -    Add to    -    ics Calendar file

 

PHV - Caesars Promenade Level - Neopolitan BR - Friday - 13:00-13:59


Target-Based Security Model

Garett Montgomery, Principal Security Research Engineer at BreakingPoint (Ixia/KeySight)

Have you ever been asked 'what is the best way to protect against $ATTACK'? (usually shortly after $ATTACK makes headlines). Have you ever been challenged to provide the reasoning behind your suggestion? If you were in a room full of experts, would your reasoning hold up under scrutiny? When you discuss with your security-savvy peers, you're quickly come to a consensus on the 'best' control (!= device) to protect against $ATTACK. But do you know WHY it's the 'best'? The Target-Based Security Model is essentially a framework that breaks down attacks to their component level. This breakdown makes it easy to see what the 'best' security controls are - as well as alternative security controls that could also be applied. Its not so much something new, as it is a new way for the industry to communicate about security. In much the same way that the OSI model allows for developers to know they are talking about the same thing, a common security model allows security professionsals to communicate in a vendor-agnostic manner. Think of it as a translation tool for vendor-speak. In this talk we'll present the Target-Based Security model and discuss the following: how it came to be, what it is, and how to use it. And of course, we'll talk about how it can be used to make the world a better place - provided we all agree to use it.

Garett Montgomery (Twitter: @garett_monty) has been a Security Researcher at BreakingPoint (since acquired by Ixia; since acquired by KeySight) for the last 6+ years. Prior to joining BreakingPoint he had been employed as a Security Analyst at the Naval Postgraduate School and then an IPS Signature Developer. He holds an MS in Information Assurance and numerous (likely since-expired) security certifications. A self-described packet-monkey, he enjoys automating all the things.


Return to Index    -    Add to    -    ics Calendar file

 

PPV - Flamingo Lower Level - Valley Of Fire Rms - Friday - 17:00-17:30


Title:
THC Producing, Genetically Modified Yeast

No description available
Return to Index    -    Add to    -    ics Calendar file

 

SEV - Caesars Promenade South - Octavius BR 3-8 - Friday - 18:40-19:30



Friday August 10 2018 1840 50 mins

The Art of Business Warfare
Red Teams are designed to penetrate security in a real world test of effectiveness of security controls, policy, technology and infrastructure. Red Teams view security from an adversary perspective in order to simulate realistic attack scenarios that enable an organisation as a whole to prepare and protect against both simply and sophisticated threats. Red Teams build security culture and provide opportunities for staff to be trained using real world examples. During this presentation we will walk through a Red Team Assessment that simulates a state sponsored attack against Executives, and using their access to then test the entire security posture of the organisation from a digital, physical, social and supply chain.

Wayne Ronaldson:
Wayne has conducted security assessments for a range of leading Australian and international organisations. Wayne has unique expertise in Red Team Assessments, Physical, Digital and Social Engineering, and has presented to a number of organisations and government departments on the current and future state of the cyber security landscape in Australia and overseas.


Return to Index    -    Add to    -    ics Calendar file

 

DDV - Caesars Promenade Level - Capri Rm - Friday - 16:00-16:55


Speaker: Jessica “Zhanna” Malekos Smith

Whether you have a background in information security, law, or national security, this talk is a beginner’s guide to understanding the law of war in cyberspace. By juxtaposing the law of war with a keyboard, the process of how states evaluate the scale and effects of a cyber operation and determine a basis for resorting to a use of force under the Law of Armed Conflict, can be more readily conceptualized. For if music is indeed, the universal language of mankind, then by encouraging society to learn about this area we can collectively better strategize ways to mitigate cyber conflict.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 2 - Caesars Promenade South - Octavius BR 12-24 - Friday - 17:00-17:45


The L0pht Testimony, 20 Years Later (and Other Things You Were Afraid to Ask)

Friday at 17:00 in Track 2
45 minutes | Audience Participation

L0pht Heavy Industries Hacker Collective

Elinor Mills Senior Vice President of Content and Media Strategy at Bateman Group

DilDog Hacker, Co-Founder, Veracode

Joe Grand, Kingpin Hacker

Space Rogue Global Strategy Lead for X-Force Red, IBM

Mudge Head of Security, Stripe.

Silicosis Hacker

John Tan Hacker

Weld Pond Hacker, Co-Founder, Veracode

2018 is the 20th anniversary of the hacker think-tank L0pht Heavy Industries testimony before the US Senate Homeland Security & Governmental Affairs Committee on the topic of weak computer security in government. The testimony made national news when the group announced they could take down the Internet in 30 minutes. It was also the first-time hackers using handles appeared before a US Legislative body.

Members of the L0pht have grown from their hacker roots to become distinguished leaders and contributors in the security community and beyond. They run multi-million dollar security-focused organizations, have lobbied the government for better security laws, work for some of the largest companies in the world, and continue to spread the message of the positive aspects of hacking.

With several of the L0pht's original members, this discussion will cover the original testimony and the changes that have happened over the last 20 years. Is the government any more secure? Have they provided enough influence to help protect its citizens' data? What steps should we take to ensure user security and privacy in the future? We are hoping for audience participation and also welcome questions about any other time in the L0pht's relatively short, but poignant, existence.

L0pht Heavy Industries
L0pht Heavy Industries was a hacker collective active between 1992 and 2000 and located in the Boston, Massachusetts area. The L0pht was one of the first viable hackerspaces in the US, and a pioneer of coordinated disclosure. In May, 1998, the group testified in front of a US Senate committee on weak computer security in government where they famously exclaimed they could take down the Internet in 30 minutes.

Elinor Mills
Elinor Mills has been intrigued by hackers since she covered DEF CON III as a journalist in 1995. Following four years reporting for the Associated Press, she joined IDG News Service and for an early travel assignment headed off to the Las Vegas desert for the annual hacker pilgrimage (a trek she's taken more than a dozen times since). There she learned about the nuances of hacking, delighted in the Spot-the-Fed contests and met youth who would one day be leaders in securing the internet today. She went on to reporting jobs at The Industry Standard, Reuters and CNET over the next two decades covering a variety of tech topics, but her main interest remained security and the passion and intellectual drive of the people looking for the flaws that threaten our digital lives. Today, she helps hackers and security entrepreneurs spread the gospel as Senior Vice President of Content and Media Strategy at Bateman Group. Software may be eating the world, but hackers are keeping it safe.

@elinormills

DilDog
DilDog joined the L0pht shortly after graduating from MIT, leaving his job at a major bank to work on a password cracker in a warehouse with a bunch of hacker misfits. Thankfully, that wasn't as ridiculous as it sounded, and it turned out that L0phtCrack would be kind of a big deal. He's still the primary maintainer of the codebase today, 20 years later. Also at L0pht and @stake, he developed AntiSniff, a promiscuous-mode device detection system, wrote a bunch of security advisories, and developed a fine cDc-brand remote administration tool named Back Orifice 2000. Also at L0pht and throughout the @stake acquisition, he developed an automated software decompilation system that would become the core of the static analysis technology for the startup he and Chris Wysopal would found in 2006, Veracode.

Joe Grand, Kingpin
Joe Grand, also known as Kingpin, is a computer engineer, hardware hacker, former DEF CON badge designer, and proprietor of Grand Idea Studio (grandideastudio.com). He joined the L0pht as a 16-year-old in 1992. The youngest member and technological juvenile delinquent, the L0pht kept him out of trouble and helped redirect his passion towards good. Kingpin worked on the POCSAG Pager Decoder Kit, AMPS-based cellular phone hacking, and Palm OS application development, among other things. He was also a t-shirt shipper, food picker-upper, MIT Flea Market hawker, and terrified speaker at the US Senate Testimony in 1998. Kingpin was responsible for getting everyone sick in his attempt at making the infamous L0pht R00t B33r. He still hasn't apologized.

@joegrand

Space Rogue
Space Rogue (Cris Thomas) joined the L0pht in 1992. While there he created one of the first Macintosh hacking sites, The Whacked Mac Archives and released an early MacOS exploit for FWB Hard Disk ToolKit. Later, while still at the L0pht he created and ran the Hacker News Network. He was part of the L0pht's US Senate Testimony in 1998. After the L0pht Space Rogue went on to work at security companies such as @Stake, Guardent, Trustwave and Tenable. He currently works as the Global Strategy Lead for X-Force Red at IBM.

@spacerog

Mudge
Mudge was responsible for early research into a type of security vulnerability known as the buffer overflow. He also published some of the first security advisories and research demonstrating early vulnerabilities such as code injection, side-channel attacks, and information leaks. In addition to these advisories he has had numerous technical papers published in peer reviewed journals.

Mudge has testified to the US Congress multiple times in addition to having a long history of teaching and lecturing at universities, military academies, and government agencies. He was the initial author of L0phtCrack and the author of early BGP attacks made famous in testimony to the US Senate referencing how to 'take down the Internet in 30 minutes.'

In 2010 he took an appointed position as a Department of Defense official within the Defense Advanced Research Projects Agency (DARPA), where he was responsible for redirecting the DoD's cyber research efforts. After his tenure at DARPA he was corporate VP of engineering at Motorola, and then the Deputy Director of Google's Advanced Technology and Projects group, before starting the 501(c)3 organization Cyber-ITL at the behest of the White House. He is presently Head of Security at Stripe.

@dotmudge

Silicosis
Silicosis (Paul Nash) joined the l0pht in 1998 and contributed to vulnerability research, with a focus on network protocols. In 1999, along with Mudge, he consulted with Marcus Ranum's new startup—Network Flight Recorder. Paul wrote a series of hybrid protocol analysis & anomaly detectors for the common protocols of the time. They successfully identified both known and unknown attacks. He continued on as a founder of @stake and continued research on network protocols—including fiber channel and 3G cellular networking. Paul was the last member of the L0pht to remain at Symantec after the acquisition.

John Tan
John Tan joined the L0pht in 1996 contributing to the Full Disclosure movement with an advisory on Novell Netware 3.x. He was part of the L0pht's 1998 US Senate Testimony and published a widely cited essay called CyberUL which pointed out the conflict of interest that exists with the still current model of security certifications for people and products. He has over 20 years experience within the Financial industry and most recently shifted his focus to Health Insurance.

Weld Pond
When Weld Pond (Chris Wysopal) joined the L0pht in 1993 there was no internet connection. He then built the l0pht.com gateway machine using Slackware 1.0 on 24 floppies. Weld was the webmaster of the l0pht.com website where all those hacker t-files from the BBS era could be found. Weld worked on the software side of L0pht researching vulnerabilities, writing advisories, building Netcat for Windows, and making L0phtCrack the first password cracker with a GUI. Weld was part of the 7 person group that testified at the US Senate in 1998 where he spoke about software transparency and liability. He joined @stake with the L0pht acquisition and worked there managing the research team and consulting at top customers like Microsoft until @stake was purchased by Symantec. Weld and Dildog then spun out the @stake static binary analysis technology to create Veracode, where he is co-founder and CTO.

@weldpond


Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Friday - 17:00-17:59


Title:
The Least Common Denominator Strategy (AKA Don't make DevOps too easy)

Daniel Williams (fbus)
@thefbus
The Least Common Denominator Strategy (AKA Don't make DevOps too easy)

"Today, much time and effort is spent on making development and deployment easier for the application developer. Simplification and automation are wonderful efforts to pursue, but with great power comes great responsibility. Deployments can grow to be a support and technical-debt nightmare if the automation and simplification efforts are not closely managed.

This talk will walk through a number of case studies, both in software development & deployment and in the greater wild world in an attempt to provide a lens to help judge when automation and simplification are going too far."


Return to Index    -    Add to    -    ics Calendar file

 

PPV - Flamingo Lower Level - Valley Of Fire Rms - Friday - 14:00-14:45


Title:
The Real History of Marijuana Prohibition

podcaster
Return to Index    -    Add to    -    ics Calendar file

 

IOT - Caesars Promenade Level - Turin/Verona/Trevi Rms - Friday - 15:45-16:30



Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Linq 4th Flr - Icon C - Friday - 14:30-18:30


Threat Hunting with ELK

Friday, 1430-1830 in Icon C

Ben Hughes

Fred Mastrippolito

Jeff Magloire

This hands-on training will walk attendees through leveraging the open source ELK (Elastic) stack to proactively identify malicious activity. The basic tools and techniques taught during this class can be used to investigate isolated security incidents or implemented at scale for continuous monitoring and hunting. Attendees will be provided with access to a preconfigured ELK cluster and extensive sample logs containing diverse malicious events waiting to be discovered. The training will conclude with a friendly CTF to give attendees an opportunity to collaborate on teams and put their learning into practice in a simulated network environment.

Prerequisites: Past blue team experience (SOC, NSM, threat hunting, IR, forensics, etc.) is helpful, but not required.

Materials: Students will need to bring their own Windows/Linux/macOS laptop with 8+ GB RAM, WiFi, and VirtualBox or VMware installed. A VM will be made available to attendees for download before class, as well as available on USB flash drives at the start of class.

Max students: 66

Registration: -CLASS FULL- https://www.eventbrite.com/e/threat-hunting-with-elk-icon-c-tickets-47193887187
(Opens July 8, 2018 at 15:00 PDT)

Ben Hughes
Ben (@CyberPraesidium) brings over 12 years of diverse experience in cyber security, IT, and law. He leads Polito's commercial services including vulnerability assessments, penetration testing, incident response, forensics, and threat hunting. Prior to joining Polito, Ben worked on APT hunt teams at federal and commercial clients, sharpening his skills in network security monitoring, IR, forensics, malware analysis, security configuration, and cyber threat intelligence. He holds CISSP, GCFA, GWAPT, and Splunk Power User certifications. Ben is also a member of the Maryland bar and volunteers at a pro bono legal clinic.

Fred Mastrippolito
With over 15 years of experience in cybersecurity, Fred (@politoinc) was a founding member of an elite group of computer forensics and intrusion analysts for a major defense contractor. He has performed numerous web application assessments and penetration tests for financial services, federal government, and retail clients. He has managed SOCs, responded to incidents, and analyzed malware. Jeff is a highly skilled cleared professional with extensive knowledge working with information security and incident response cases in both the corporate and federal sector.

Jeff Magloire
Jeff has 9 years of expertise in the field of Endpoint and Mobile based Intrusion Detection and Protection, Network security, e-Discovery, Mobile Application Security, and Information security. His experience includes providing Subject Matter Expertise in the area of forensics and cyber security for some of America's essential government entities such as the White House, FBI, DOJ, SEC to name a few. Jeffrey currently holds a Masters of Science in Digital Forensics from George Mason University along with a Bachelors in Business Information Technology from St Johns University. Jeffrey also has industry recognized certifications such as GIAC Certified Forensic Analyst, Encase Examiner and Encase E-Discovery, Xways, and Cellebrite Certifications.


Return to Index    -    Add to    -    ics Calendar file

 

VMHV - Caesars Pool Level - Forum 14-16 - Friday - 16:00-16:30


Title:
Trustworthy Elections

No description available
Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Friday - 14:00-14:45


UEFI exploitation for the masses

Friday at 14:00 in 101 Track, Flamingo
45 minutes | Demo

Mickey Shkatov Hacker

Jesse Michael Hacker

So how do you debug bios and triage a vulnerability for exploitability with no stack trace or error log? How do BIOS developers do it? Do not worry! We will explain how anyone can have debug capabilities on modern Intel platforms and show you how this massively simplifies exploit dev. Developing an exploit for a BIOS vulnerability is a different experience than other types of exploit dev. Your available code base to draw from is unlike what you would expect when running at the operating system level and you have no gdb you can use.

In this talk we will summarize BIOS exploitation techniques and dive deeper into the specifics of an exploit we developed to provide reliable arbitrary code execution for an"over-the-internet" bios update vulnerability we found and responsibly disclosed. We will explain the relevant parts of UEFI and talk more about the exploit mitigations that exist there. We will also explain how to explore System Management Mode (SMM) in an Intel based platform, utilizing Intel hardware debug capabilities on an Intel 8th gen platform to obtain SMRAM content, analyze its contents, and search for vulnerable code.

Mickey Shkatov
Mickey Shkatov, a principal researcher at Eclypsium, has been performing security research and product security validation since 2010, He has also presented multiple times at DEF CON A and BlackHat, PacSec, CanSecWest, BruCon, Hackito Ergo Sum, and BSides Portland.

@HackingThings

Jesse Michael
Jesse Michael is an experienced security researcher focused on vulnerability detection and mitigation who has worked at all layers of modern computing environments from exploiting worldwide corporate network infrastructure down to hunting vulnerabilities inside processors at the hardware design level. His primary areas of expertise include reverse engineering embedded firmware and exploit development. He has also presented multiple times at DEF CON, PacSec, Hackito Ergo Sum, and BSides Portland.

@JesseMichael


Return to Index    -    Add to    -    ics Calendar file

 

AIV - Caesars Promenade Level - Florentine BR 3 - Friday - 16:00-16:59


Using AI to Create Music

dj beep code

Creativity has traditional been a purely human pursuit. However, with recent developments in computational creativity, it has become apparent that the generation of art can now be accelerated with artificial intelligence. Come prepared to learn about reinforcement learning, deep belief networks, and be entertained by music composed in mere seconds, right in front of your eyes.

“With a BS in Applied Mathematics, and a MS in computer science, dj launched her career in engineering in working on the Thirty Meter Telescope project. Over the next 12 years, she specialized in remote sensing algorithms, culminating as the principle investigator in an Office of Naval Research contract on the classification of signals. In 2014 she took her breadth of machine learning knowledge in applied research to the IBM Watson group. Within IBM Watson she leads teams that create AI applications for business, and on the side hacks on The Watson Beat code base. She also plays bass guitar in a bad cover band.”


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Caesars Promenade Level - Florentine BR 1,2 - Friday - 17:25-17:55


Using Deep Learning to uncover darkweb malicious actors and their close circle - Rod Soto and josephzadeh

This presentation shows how data driven techniques can be used to provide vision and establish relationships between users and participants of DarkWeb forums. These relationships can provide clues to uncover and reveal tracks of malicious actors. Things such as chat room transcripts and forum data are used can be used to build graphical relationships.

This provides a context where it is possible to use machine learning algorithms to unmask relationships and profile users of these dark forums. Some of the methods used include Machine Learning Algorithms such as Googles PageRank. Once this users are profiled it is possible to predict behaviors, gaining further understanding of actors using these forums to obfuscate and evade attribution.

Live Demo


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Flamingo - Lower Level - Red Rock RM 6 - Friday - 20:30-25:59


Title:
Vet Con

A Party thrown by Veterans for everyone! Come join in as veterans from all branches come together to celebrate and take on challenges that you only hear about in movies. Space force recruiting? Airmen in a chair race? Military drill displays? All this and more. It's time to raise hell the way our people in uniform are famous for.
More Info: @VetConActual

Return to Index    -    Add to    -    ics Calendar file

 

PPV - Flamingo Lower Level - Valley Of Fire Rms - Friday - 18:15-18:59


Title:
Vulnerabilities in Cannabis Software

No description available
Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Friday - 12:00-12:45


Vulnerable Out of the Box: An Evaluation of Android Carrier Devices

Friday at 12:00 in Track 1
45 minutes | Audience Participation, Exploit

Ryan Johnson Director of Research at Kryptowire

Angelos Stavrou CEO at Kryptowire

Pre-installed apps and firmware pose a risk due to vulnerabilities that can be pre-positioned on a device, rendering the device vulnerable on purchase. This means that the vulnerabilities are present even before the user enables wireless communications and starts installing third-party apps. To quantify the exposure of the Android end-users to vulnerabilities residing within pre-installed apps and firmware, we analyzed a wide range of Android vendors and carriers using devices spanning from low-end to flagship. Our primary focus was exposing pre-positioned threats on Android devices sold by United States (US) carriers, although our results affect devices worldwide. We will provide details of vulnerabilities in devices from all four major US carriers, as well two smaller US carriers, among others. The vulnerabilities we discovered on devices offered by the major US carriers are the following: arbitrary command execution as the system user, obtaining the modem logs and logcat logs, wiping all user data from a device (i.e., factory reset), obtaining and modifying a user’s text messages, sending arbitrary text messages, and getting the phone numbers of the user’s contacts, and more. All of the aforementioned capabilities are obtained outside of the normal Android permission model. Including both locked and unlocked devices, we provide details for 37 unique vulnerabilities affecting 25 Android devices with 11 of them being sold by US carriers. In this talk, we will present our framework that is capable of discovering 0-day vulnerabilities from binary firmware images and applications at scale allowing us to continuously monitor devices across different manufacturers and firmware versions. During the talk, we plan to perform a live demo of how our system works.

Ryan Johnson
Ryan Johnson is a PhD student at George Mason University in Fairfax, VA. His research interests are static and dynamic analysis of Android apps and reverse engineering. He is a co-founder of Kryptowire LLC.

Angelos Stavrou
Dr. Angelos Stavrou founded Kryptowire LLC, and he is an Associate Professor at George Mason University (GMU) and the Director of the Center for Assurance Research and Engineering (CARE) at GMU.


Return to Index    -    Add to    -    ics Calendar file

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Friday - 13:30-13:59


Title: We Don't Need No Stinkin Badges

Speakers: Michael Schloh

Description:
No description available



Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Friday - 15:00-15:45


Weaponizing Unicode: Homographs Beyond IDNs

Friday at 15:00 in 101 Track, Flamingo
45 minutes | Demo, Tool

The Tarquin Senior Security Engineer, Amazon.com

Most people are familiar with homograph attacks due to phishing or other attack campaigns using Internationalized Domain Names with look-alike characters. But homograph attacks exist against wide variety of systems that have gotten far less attention. This talk discusses the use of homographs to attack machine learning systems, to submit malicious software patches, and to craft cryptographic canary traps and leak repudiation mechanisms. It then introduces a generalized defense strategy that should work against homograph attacks in any context.

The Tarquin
The Tarquin is a security engineer at Amazon.com. His security background is in browser development and application security. His hacking background is mainly in attempting to maximize the absurdity content of systems. He also studied philosophy, specializing in the Phenomenology of Technology and seeks to understand the ways in which our systems help the human brain lie to itself. His years as a dev have given him a bad habit of needling red teamers. His years in philosophy have given him a bad habit of switching sides in an argument seemingly at random.


Return to Index    -    Add to    -    ics Calendar file

 

PPV - Flamingo Lower Level - Valley Of Fire Rms - Friday - 11:00-11:45


Title:
Weed Hacking: A Pragmatic Primer For Home Grows

A general intro to Cannabis, with an eye towards setting up closet grows
Return to Index    -    Add to    -    ics Calendar file

 

BHV - Caesars Promenade Level - Pisa/Palermo/Siena Rms - Friday - 10:00-10:15


Title: WELCOME TO BHV!

Speaker: Staff

Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Friday - 10:00-10:45


Welcome To DEF CON & Badge Maker Talk

Friday at 10:00 in Track 1
45 minutes | Demo

The Dark Tangent

The Dark Tangent


Return to Index    -    Add to    -    ics Calendar file

 

BCOS - Caesars Promenade Level - Pompeian BR 1 - Friday - 10:00-10:59


Title: Welcome to the BCOS Monero Village

Speakers: To be announced

Description:
No description available



Return to Index    -    Add to    -    ics Calendar file

 

WLV - Caesars Promenade Level - Milano BR 5,6 - Friday - 15:00-15:55


WEP and WPA Cracking 101

No description available


Return to Index    -    Add to    -    ics Calendar file

 

SKY - Flamingo 3rd Flr - Virginia City Rm - Friday - 12:00-12:59


Title:
When Incident Response Meets Reality

Magg
@mysticalthng
When Incident Response Meets Reality

Incident Response is a topic that gets major marketing and educational time but what does it actually look like for an average company.

This talk is an overview of a real incident response at an average organization. Full of the mistakes and stumbling blocks and a few wins. What does it look like when you have an organization without genius technical resources or unlimited pockets.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Friday - 12:00-12:45


Who Controls the Controllers—Hacking Crestron IoT Automation Systems

Friday at 12:00 in Track 3
45 minutes | Demo, Exploit

Ricky "HeadlessZeke" Lawshae Security Researcher, Trend Micro

While you may not always be aware of them or even have heard of them, Crestron devices are everywhere. They can be found in universities, modern office buildings, sports arenas, and even high-end Las Vegas hotel rooms. If an environment has a lot of audio/video infrastructure, needs to interconnect or automate different IoT and building systems, or just wants the shades to close when the TV is turned on, chances are high that a Crestron device is controlling things from behind the scenes. And as these types of environments become the norm and grow ever more complex, the number of systems that Crestron devices are connected to grows as well. But it is in large part because of this complexity that installing and programming these devices is difficult enough without considering adding security. Instead of being a necessity, it's an extra headache that almost always gets entirely passed over. In this talk, I will take a look at different Crestron devices from a security perspective and discuss the many vulnerabilities and opportunities for fun to be found within. I will demonstrate both documented and undocumented features that can be used to achieve full system compromise and show the need to make securing these systems a priority, instead of an afterthought, in every deployment. In short, hijinx will ensue.

Ricky "HeadlessZeke" Lawshae
Ricky "HeadlessZeke" Lawshae is an offensive security researcher for the Advanced Security Research team at Trend Micro. He spends his days breaking interesting things in interesting ways with his focus mainly centered on IoT research. His work has been featured in Forbes, Wired, Ars Technica, Hackaday, and more. He tries his best to be responsible with the vulnerabilities he finds, but despite that his work has also been featured in the likes of Satori, BrickerBot, and JenX. This will be his fourth time speaking at DEF CON, and he has also spoken at Recon, Ruxcon, Insomnihack, and many more. He spends his off-hours reading (mostly comics), drinking (mostly dark beers), and gaming (mostly PS4).

@HeadlessZeke


Return to Index    -    Add to    -    ics Calendar file

 

Contest - Contest Stage - Friday - 20:00-21:59


Title:
Whose Slide is it Anyway?

'Whose Slide Is It Anyway?' is an unholy union of improv comedy, hacking and slide deck sado-masochism.

Our team of slide monkeys will create a stupid amount of short slide decks on whatever nonsense tickles our abnormal fancies. Slides are not exclusive to technology, they can and will be about anything. Contestants will take the stage and choose a random number corresponding to a specific slide deck. They will then improvise a minimum 5 minute / maximum 10 minute lightning talk, becoming instant subject matter experts on whatever topic/stream of consciousness appears on the screen.

What you playing for? Awesome prize packs from our generous sponsors Red Canary, TrustedSec, Binary Defense, Toool, Dragos, CoreGroup and more! Players are chosen on a first come, first served basis so get there early.

Whether you delight in the chaos of watching your fellow hackers squirm or would like to sacrifice yourself to the Contest Gods, it’s a night of schadenfreude for the whole family.

More Info: @ImprovHacker, https://www.ImprovHacker.com

Return to Index    -    Add to    -    ics Calendar file

 

Meetup - Caesars - Palace Suites - Friday - 15:00-16:59


Title:
Women, Wisdom, & Wine @ DEF CON 26 by IOActive

IOActive is once again hosting our popular Women, Wisdom, & Wine event in Las Vegas during DEFCON 26 - a chance to escape from the conference, relax, share our experiences, and catch up. It's the perfect chance to see your security sector friends and acquaintances – and meet new ones.

Food and wine (of course!) will be provided for your enjoyment. Please share this with other women who might be interested. It’s a great way for all of our to expand our collective network.

**Based on feedback from last year's attendees, this event will be exclusively for women and non-binary individuals.**
More Info: https://www.eventbrite.com/e/women-wisdom-wine-def-con-26-tickets-47877418648

Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Friday - 13:30-13:50


You can run, but you can't hide. Reverse engineering using X-Ray.

Friday at 13:30 in 101 Track, Flamingo
20 minutes |

George Tarnovsky Engineer, Cisco Systems

Most of us have knowledge of PCB construction. In the past reversing someone's design was an easy task due to the simplicity of the PCB design. Now with BGA's( Ball Grid Array's), manufacturers using several plane layers cover the entire PCB design and obscuring the details of the PCB from view. Thru the use of X-Ray, we are able to reverse engineer virtually anything. Slides will be presented show several PCB designs and how easy it was to reverse engineer the PCB. Also presenting videos of live views and dynamic zoom; this will demonstrate the true power of the X-Ray and its ability to see sub-micron features within the PCB structure and devices while manipulating the PCB.

George Tarnovsky
George Tarnovsky has been working a Design Engineer since the 80's. His designs for industries such as: Industrial process control instrumentation, Visible light spectroscopy, Semiconductor FAB instrumentation, Smart card security & countermeasures, Automotive systems vulnerability. George holds several patents, has given papers at many internal conferences, and currently continues to expand FPGA designs vulnerability and hardening.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 101 - Flamingo 3rd Flr - Sunset BR - Friday - 17:00-17:45


Your Bank's Digital Side Door

Friday at 17:00 in 101 Track, Flamingo
45 minutes | Demo, Tool

Steven Danneman Security Engineer, Security Innovation

Why does my bank's website require my MFA token but Quicken sync does not? How is using Quicken or any personal financial software different from using my bank's website? How are they communicating with my bank? These questions ran through my head when balancing the family checkbook every month.

Answering these questions led me to deeply explore the 20 year old Open Financial Exchange (OFX) protocol and the over 3000 North American banks that support it. They led me to the over 30 different implementations running in the wild and to a broad and inviting attack surface presented by these banks' digital side doors.

Now I'd like to guide you through how your Quicken, QuickBooks, Mint.com, or even GnuCash applications are gathering your checking account transactions, credit card purchases, stock portfolio, and tax documents. We'll watch them flow over the wire and learn about the jumble of software your bank's IT department deploys to provide them. We'll discuss how secure these systems are, that keep track of your money, and we'll send a few simple packets at several banks and count the number of security WTFs along the way.

Lastly, I'll demo and release a tool that fingerprints an OFX service, describes its capabilities, and assesses its security.

Steven Danneman
Steven Danneman is a Security Engineer at Security Innovation in Seattle, WA, making software more secure through targeted penetration testing. Previously, he lead the development team responsible for all authentication and identity management within the OneFS operating system. Steven is also a finance geek, who opens bank accounts as a hobby and loves a debate about the efficient-market hypothesis.

@sdanndev, https://www.linkedin.com/in/sdanneman/, sdann-dev.blogspot.com


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 1 - Caesars Emperor's Level - Palace BR - Friday - 16:00-16:45


Your Peripheral Has Planted Malware—An Exploit of NXP SOCs Vulnerability

Friday at 16:00 in Track 1
45 minutes | Demo, Exploit

Yuwei Zheng Senior Security Researcher, Unicorn Team, 360 Technology

Shaokun Cao Freelance Security Researcher

Yunding Jian Senior Security Researcher, Unicorn Team, 360 Technology

Mingchuang Qun Senior security researcher at the Radio Security Research Department of 360 Technology,

There are billions of ARM Cortex M based SOC being deployed in embedded systems. Most of these devices are Internet ready and definitely security is always the main concern. Vendors would always apply security measurements into the ARM Cortex M product for few major reasons: 1) People will not be able to copy and replicate the product; 2) License control for the hardware and software; 3) Prevent malicious code injection in to the firmware. Vendors normally rely on the security measurements built within the chip (unique ID number/signature) or security measurements built around the chip (secure boot).

In this talk, we will share the ARM Cortex M SOC vulnerability that we discovered and it will be two parts:

The first is security measurement build within the SOC and how we break it. We could gain control of changing the SOC unique ID and write the firmware or even turn the device into a trojan or bot.

The second is security measure built around the SOC and how we break the Secure Boot elements and write into the firmware.

Yuwei Zheng
Yuwei Zheng is a senior security researcher at Radio Security Department of 360 Technology, core member of UnicornTeam. He is the core researcher of decryption blackberry project, which manage to decrypt Blackberry BBM, PIN message, and BIS secure mail without keys. He is currently focusing on the security research of cellular network, IoT system, and mobile baseband. He had presented his research works at top level security conferences like BlackHat, DEF CON, HITB etc.

Shaokun Cao
Shaokun Cao is a freelance Security researcher, a consultant of UnicornTeam. He is currently focusing on the chip-level security issues, such as microcode, ROM, bootloader, and firmware.

Yunding Jian
Yunding Jian is the co-founder of UnicornTeam. He is the leader of RocTeam in the Radio Security Research Department of 360 Technology. He is the designer of all pervious SyScan360 Conference badges. He also made serial presentations on Blackhat USA, Blackhat Europe & Asia (Arsenal) ,HITB about his hardware security research and design experience.

Mingchuang Qun
Mingchuang Qin is a senior security researcher at the Radio Security Research Department of 360 Technology,the core developer of Skyscan Wireless Intrusion and Prevention System,specializing in IoT and wireless device security. With rich experience in embedded system development, he is proficient in with WiFi and Bluetooth protocol analysis and vulnerability discovery.


Return to Index    -    Add to    -    ics Calendar file

 

DEFCON - Track 3 - Caesars Pool Level - Forum BR 1-11,25 - Friday - 16:00-16:45


Your Voice is My Passport

Friday at 16:00 in Track 3
45 minutes | Demo, Exploit

_delta_zero Senior Data Scientist, Salesforce

Azeem Aqil Senior Security Software Engineer, Salesforce

Financial institutions, home automation products, and offices near universal cryptographic decoders have increasingly used voice fingerprinting as a method for authentication. Recent advances in machine learning and text-to-speech have shown that synthetic, high-quality audio of subjects can be generated using transcripted speech from the target. Are current techniques for audio generation enough to spoof voice authentication algorithms? We demonstrate, using freely available machine learning models and limited budget, that standard speaker recognition and voice authentication systems are indeed fooled by targeted text-to-speech attacks. We further show a method which reduces data required to perform such an attack, demonstrating that more people are at risk for voice impersonation than previously thought.

_delta_zero
_delta_zero performs machine learning on log data by day, and writes his dissertation on malware datasets by night. He was voted"most likely to create Skynet" by @alexcpsec, and he toys with offensive uses for machine learning in his free time. He has spoken at BlackHat USA, DEF CON, SecTor, BSidesLV/Charm, and the NIPS workshop on Machine Deception.

@_delta_zero

Azeem Aqil
Azeem Aqil is a security engineer at Salesforce. He works on building and maintaining the detection and response infrastructure that powers Salesforce security. Azeem is an academic turned hacker who has published and spoken at various academic security conferences.


Return to Index    -    Add to    -    ics Calendar file